Google Addresses Critical Zero-Day Vulnerability in Chrome Exploited by Cyber Attacks
Google has issued an urgent security patch addressing the third Chrome zero-day vulnerability that has been under active exploitation since early 2025.
The company acknowledges the existence of an exploit for CVE-2025-5419 in the wild, as detailed in a security advisory released recently.
This vulnerability, classified as high-severity, is attributed to an out-of-bounds read and write issue within Chrome’s V8 JavaScript engine. It was reported just a week prior by members of Google’s Threat Analysis Group.
Shortly after the vulnerability was identified, Google implemented a configuration adjustment to mitigate the risk across all platforms in the Stable channel.
The release of versions 137.0.7151.68/.69 for Windows and macOS, and 137.0.7151.68 for Linux, provides the necessary fix. These updates are being deployed to users in the Stable Desktop channel over the coming weeks.
Users are advised that while Chrome generally updates automatically, the update process can be expedited by navigating to the Chrome menu > Help > About Google Chrome, completing the update, and clicking the ‘Relaunch’ button.
, was identified by researchers from Kaspersky and had been exploited to deploy malware in espionage attacks aimed at Russian government entities and media outlets.</p>
<p>In May, Google released another critical update addressing a zero-day vulnerability that could potentially allow attackers to take control of user accounts upon successful exploitation.</p>
<p>In the previous year, Google addressed ten zero-day vulnerabilities either demonstrated during the Pwn2Own competition or exploited in real-world attacks.</p>
</div>
</div>
<div class=)
Cisco has released critical security patches to address a significant vulnerability in the Identity Services Engine (ISE). If exploited, this…
Cybersecurity researchers have identified multiple popular Google Chrome extensions that transmit data using HTTP and contain hard-coded secrets within their…
Endpoint devices, including PCs, mobile phones, and connected IoT equipment, continue to present significant security risks. This challenge persists as…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…
An international law enforcement operation has successfully dismantled AVCheck, a service utilized by cybercriminals for testing the detection capabilities of…
Cybersecurity researchers have identified a new cryptojacking campaign targeting publicly accessible DevOps web servers associated with technologies such as Docker,…
Anthropic is reportedly advancing its efforts with new AI models labeled Claude Sonnet 4 and Opus 4, following recent clues…
The recent breach at Coinbase has had significant implications, affecting approximately 70,000 customers. This alarming development was officially reported by…
Ransomware groups are increasingly leveraging a sophisticated malware known as Skitnet, also referred to as “Bossnet,” to conduct stealthy post-exploitation…