Techradar - All the latest technology news

Google quietly released a security fix for a worrying Chrome zero-day flaw, so patch now

The Google Chrome flaw is apparently being abused in the wild, so update now or face the risks.

Jun 4, 2025 - 17:30
 0
Google quietly released a security fix for a worrying Chrome zero-day flaw, so patch now
  • Google Chrome fixes out-of-bounds read and write vulnerability in V8
  • It's being exploited in the wild, so be on your guard
  • Chrome usually updates automatically, but it wouldn't hurt to check

Google has patched a zero-day vulnerability recently discovered in its Chrome desktop browser which it says is being actively exploited in the wild, so users should apply the fix as soon as possible.

The bug is described as an out-of-bounds read and write vulnerability present in V8, tracked as CVE-2025-5419, and has been given a severity score of 8.8 (high).

V8 is an open source JavaScript engine used primarily in Chrome and Node.js. It was developed by Google, and powers many of today’s key productivity apps, such as Google Docs, or Gmail.

Forcing the update

In theory, a threat actor could create a malicious website which would execute arbitrary code on the victim’s system while visiting. That could potentially lead to full system compromise, data theft, or additional malware deployment.

The bug is fixed in version 137.0.7151.68, and users are advised to upgrade immediately. Patches are out for Windows, macOS, and Linux.

Usually, Chrome updates automatically upon a new launch. However, users can do it manually by navigating to the Chrome menu > Help > About Google Chrome, checking for updates, and clicking the “Relaunch” button.

The company said the vulnerability is being abused in the wild, but did not want to share additional details before the majority of Chrome browsers are updated, adding it was, “aware that an exploit for CVE-2025-5419 exists in the wild.”

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

This is the third Chrome zero-day vulnerability fixed in 2025, as two more were patched in March and May. In 2024, the company fixed a total of 10 zero-day flaws.

Via BleepingComputer

You might also like

Read More

Tags:

Previous Article

Cathie Wood on Bitcoins supply demand "Imbalance"

Next Article

Trump tariff turmoil hurting global smartphone market, but hitting US hardest

Related Posts

Nintendo now says it can disable your Switch or potentially even your new Switch 2 if you don't follow its user agreement

Nintendo now says it can disable your Switch or potenti...

May 12, 2025  0

Nintendo is sending 'Out of Stock' signs to retailers ahead of the Switch 2 release

Nintendo is sending 'Out of Stock' signs to retailers a...

Jun 3, 2025  0

Google teases a refresh for the Pixel's always-on display in Android 16 – and it's about time it caught up to Apple and Samsung

Google teases a refresh for the Pixel's always-on displ...

May 14, 2025  0