In the event you use Google Chrome, you’ll want to replace your browser proper now. Google just released an emergency patch for a 3 safety vulnerabilities, certainly one of which is a zero-day that has been actively exploited.
Zero-days are high-severity flaws which can be both actively exploited within the wild or publicly disclosed earlier than the developer pushes an replace to repair the vulnerability.
What the Google Chrome patch fixes
The most recent Chrome zero-day—labeled CVE-2025-5419—is an out-of-bounds read-and-write vulnerability that impacts the V8 JavaScript engine, which might enable a distant attacker to “exploit heap corruption by way of a crafted HTML web page.”
The flaw was found and reported on Could 27 by Clement Lecigne and Benoît Sevens from the Google Risk Evaluation Group. Whereas Google has acknowledged that the zero-day has been actively exploited, it hasn’t disclosed any further particulars as to how or by whom to stop different dangerous actors from leveraging the bug till extra Chrome customers have utilized the patch.
This is not the primary zero-day vulnerability affecting Chrome this yr. Google released additional emergency patches in March and May: The primary flaw allowed the deployment of malware in espionage assaults, whereas the second permitted account takeover.
What do you suppose to this point?
What Chrome customers must do
Google has confirmed that it pushed a configuration change to the Secure model of Chrome to handle the vulnerability the day after it was found. On Monday, the corporate released a Stable channel update with patches for the zero-day and two further safety points.
Customers ought to guarantee they’re on Chrome model 137.0.7151.68/.69 for Home windows and macOS, and model 137.0.7151.68 for Linux. Test your model by opening the Chrome menu and choosing About Google Chrome. If an replace is obtainable, enable it to finish and relaunch your browser to put in it.
Trending Merchandise
