- Google Chrome fixes out of bounds read and write vulnerability in V8
- It is utilized in nature so be on your guard
- Chrome is usually updated automatically but it would not hurt to check
Google has patched a zero-day vulnerability recently discovered in its Chrome Desktop browser, as it says they are actively utilized in nature so users need to use the correction as soon as possible.
The error is described as an undeveloped read and write vulnerability present in the V8, tracked as CVE-2025-5419, and has received a severity of 8.8 (high).
V8 is an open source javascript engine used primarily in Chrome and Node.js. It was developed by Google and manages many of the most important productivity apps of the day, such as Google Docs or Gmail.
Forcing the update
In theory, a threat actor could create a malicious website that would perform arbitrary code on the victim’s system while visiting. It could potentially lead to full system comrais, data theft or additional malware implementation.
The error is fixed in version 137.0.7151.68 and users are advised to upgrade immediately. Patches are out for Windows, MacOS and Linux.
Usually, Chrome automatically updates a new launch. However, users can do it manually by navigating to Chrome -Menu> Help> About Google ChromeCheck for updates and click the “Relaunch” button.
The company said the vulnerability is being abused in nature, but did not want to share further details until the majority of Chrome browsers are updated, adding it was: “It is aware that there is an exploitation for CVE-2010-5419 in nature.”
“Access to bug details and links can be kept limited until a majority of users are up to date with a solution,” Google said. “We will also retain restrictions if the error is found in a third -party library that other projects similarly depend on, but have not yet resolved.”
This is the third chrome zero-day vulnerability determined by 2025, when two more were patched in March and May. By 2024, the company got a total of 10 zero-day deficiencies.
Via Bleeping computer
