- Google Chrome corrects a vulnerability of reading and writing outside the limits in V8
- He is being exploited in nature, so he is on guard
- Chrome is generally updated automatically, but does not hurt to verify
Google has paved zero day vulnerability recently discovered in its Chrome desktop browser that says it is actively exploited in nature, so users must apply the solution as soon as possible.
The error is described as a vulnerability of reading and writing outside the limits present in V8, tracked as CVE-2025-5419, and has been given a gravity score of 8.8 (high).
V8 is an open source javascript engine mainly used in Chrome and Node.JS. It was developed by Google and feeds many of today’s key productivity applications, such as Google Docs or Gmail.
Forcing the update
In theory, a threat actor could create a malicious website that would execute arbitrary code on the victim’s system while visiting it. That could lead to a complete system commitment, data theft or additional malware implementation.
The error is solved in version 137.0.7151.68, and users are recommended immediately. The patches are available for Windows, Macos and Linux.
In general, Chrome updates automatically in a new release. However, users can do it manually sailing to Chrome Menu> Help> About Google ChromeCheck the updates and click on the “Rejoice” button.
The company said that vulnerability is being abused in nature, but did not want to share additional details before most Chrome browsers are updated, and added that “aware that an exploit for CVE-2025-5419 exists in nature.”
“Access to error details and links can be kept restricted until most users update with a solution,” said Google. “We will also reset restrictions if the error exists in a third -party library on which other projects depend in a similar way, but have not yet solved.”
This is the third zero -day vulnerability Chrome set at 2025, since two more were repaired in March and May. In 2024, the company set a total of 10 zero day failures.
Through Bleepingcomputer
