![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![[DEALS] FileJump 2TB Cloud Storage: Lifetime Subscription (85% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Apple Shares Official Trailer for 'The Wild Ones' [Video]](https://www.iclarified.com/images/news/97515/97515/97515-640.jpg)
Google quietly released a security fix for a worrying Chrome zero-day flaw, so patch now
The Google Chrome flaw is apparently being abused in the wild, so update now or face the risks.
- Google Chrome fixes out-of-bounds read and write vulnerability in V8
- It's being exploited in the wild, so be on your guard
- Chrome usually updates automatically, but it wouldn't hurt to check
Google has patched a zero-day vulnerability recently discovered in its Chrome desktop browser which it says is being actively exploited in the wild, so users should apply the fix as soon as possible.
The bug is described as an out-of-bounds read and write vulnerability present in V8, tracked as CVE-2025-5419, and has been given a severity score of 8.8 (high).
V8 is an open source JavaScript engine used primarily in Chrome and Node.js. It was developed by Google, and powers many of today’s key productivity apps, such as Google Docs, or Gmail.
Forcing the update
In theory, a threat actor could create a malicious website which would execute arbitrary code on the victim’s system while visiting. That could potentially lead to full system compromise, data theft, or additional malware deployment.
The bug is fixed in version 137.0.7151.68, and users are advised to upgrade immediately. Patches are out for Windows, macOS, and Linux.
Usually, Chrome updates automatically upon a new launch. However, users can do it manually by navigating to the Chrome menu > Help > About Google Chrome, checking for updates, and clicking the “Relaunch” button.
The company said the vulnerability is being abused in the wild, but did not want to share additional details before the majority of Chrome browsers are updated, adding it was, “aware that an exploit for CVE-2025-5419 exists in the wild.”
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
This is the third Chrome zero-day vulnerability fixed in 2025, as two more were patched in March and May. In 2024, the company fixed a total of 10 zero-day flaws.
Via BleepingComputer
You might also like
- New Chrome flaw leaks sensitive information across websites - your data could already be in the wrong hands
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
