For those who use Google Chrome, it is advisable to replace your browser proper now. Google simply launched an emergency patch for a 3 safety vulnerabilities, one among which is a zero-day that has been actively exploited.
Zero-days are high-severity flaws which might be both actively exploited within the wild or publicly disclosed earlier than the developer pushes an replace to repair the vulnerability.
What the Google Chrome patch fixes
The most recent Chrome zero-day—labeled CVE-2025-5419—is an out-of-bounds read-and-write vulnerability that impacts the V8 JavaScript engine, which might enable a distant attacker to “exploit heap corruption by way of a crafted HTML web page.”
The flaw was found and reported on Could 27 by Clement Lecigne and Benoît Sevens from the Google Risk Evaluation Group. Whereas Google has acknowledged that the zero-day has been actively exploited, it hasn’t disclosed any further particulars as to how or by whom to forestall different dangerous actors from leveraging the bug till extra Chrome customers have utilized the patch.
This is not the primary zero-day vulnerability affecting Chrome this 12 months. Google launched further emergency patches in March and Could: The primary flaw allowed the deployment of malware in espionage assaults, whereas the second permitted account takeover.
What do you suppose to this point?
What Chrome customers must do
Google has confirmed that it pushed a configuration change to the Secure model of Chrome to handle the vulnerability the day after it was found. On Monday, the corporate launched a Secure channel replace with patches for the zero-day and two further safety points.
Customers ought to guarantee they’re on Chrome model 137.0.7151.68/.69 for Home windows and macOS, and model 137.0.7151.68 for Linux. Verify your model by opening the Chrome menu and choosing About Google Chrome. If an replace is accessible, enable it to finish and relaunch your browser to put in it.
