In an unusual out-of-band release, Google has issued an urgent update to its Chrome browser to patch three security vulnerabilities, including one that is currently being exploited in real-world attacks.
Critical Vulnerability in Chrome’s V8 Engine
The most serious of the trio, tracked as CVE-2025-5419, carries a CVSS severity score of 8.8. This high-risk flaw exists in Chrome’s V8 engine, which powers JavaScript and WebAssembly operations. The vulnerability allows for out-of-bounds read and write operations, making it possible for attackers to corrupt memory and potentially take control of the affected system.
According to the National Vulnerability Database (NVD), a remote attacker could exploit this issue by tricking a user into visiting a maliciously crafted web page. This form of attack opens the door to serious consequences, including data theft or broader system compromise.
Discovered by Google’s Own Security Experts
The flaw was reported on May 27, 2025, by Clement Lecigne and Benoît Sevens from Google’s Threat Analysis Group (TAG), a team renowned for tracking state-sponsored cyber threats. Google responded rapidly, pushing out a configuration fix to the Stable channel of Chrome just one day later, on May 28.
Active Exploitation of CVE-2025-5419 Confirmed
Google has confirmed that CVE-2025-5419 is already being used in active attacks. However, details surrounding the nature of these attacks or the identity of the threat actors remain under wraps. This is a deliberate move by Google to prevent copycat activity while users apply the necessary updates.
This marks the second zero-day vulnerability Chrome has faced in 2025. The previous one, CVE-2025-2783, was exploited in targeted attacks against organizations in Russia and was discovered by cybersecurity firm Kaspersky.
User Guidance: Update Immediately
To mitigate the risk, users should update to the latest version of Chrome:
- Windows and macOS: Version
137.0.7151.68or.69 - Linux: Version
137.0.7151.68
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also be on alert and apply updates as they become available from their respective developers.
Final Thoughts
While technical details remain scarce for now, the urgency of Google’s patch highlights the potential severity of this threat. Users and organizations must act quickly to secure their systems. Remember, timely updates remain one of the most effective lines of defense.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: