![\"Google](\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/google-addresses-critical-zero-day-vulnerability-in-chrome-exploited-by-cyber-attacks.jpg\")
<\/p>\n<\/p>\n
Google has issued an urgent security patch addressing the third Chrome zero-day vulnerability that has been under active exploitation since early 2025.<\/p>\n
The company acknowledges the existence of an exploit for CVE-2025-5419 in the wild, as detailed in a security advisory released recently.<\/p>\n
This vulnerability, classified as high-severity, is attributed to an out-of-bounds read and write issue within Chrome’s V8 JavaScript engine. It was reported just a week prior by members of Google’s Threat Analysis Group.<\/p>\n
Shortly after the vulnerability was identified, Google implemented a configuration adjustment to mitigate the risk across all platforms in the Stable channel.<\/p>\n
The release of versions 137.0.7151.68\/.69 for Windows and macOS, and 137.0.7151.68 for Linux, provides the necessary fix. These updates are being deployed to users in the Stable Desktop channel over the coming weeks.<\/p>\n
Users are advised that while Chrome generally updates automatically, the update process can be expedited by navigating to the Chrome menu > Help > About Google Chrome, completing the update, and clicking the ‘Relaunch’ button.<\/p>\n
0<\/em>7151_69.png” width=”700″><\/p>\n
Despite confirmation from Google that CVE-2025-5419 is being actively exploited, the company has opted to withhold further details regarding the attacks until a majority of users have applied the necessary patches.<\/p>\n
Google emphasized that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” The company will also impose restrictions if the vulnerability is found in a third-party library that is used by other projects and has not yet been rectified.<\/p>\n
This marks Google’s third response to a zero-day vulnerability in Chrome this year, following the resolution of two similar issues in March and May.<\/p>\n
The initial vulnerability, a high-severity sandbox escape flaw (CVE-2025-2783), was identified by researchers from Kaspersky and had been exploited to deploy malware in espionage attacks aimed at Russian government entities and media outlets.<\/p>\n
In May, Google released another critical update addressing a zero-day vulnerability that could potentially allow attackers to take control of user accounts upon successful exploitation.<\/p>\n
In the previous year, Google addressed ten zero-day vulnerabilities either demonstrated during the Pwn2Own competition or exploited in real-world attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"
Google has issued an urgent security patch addressing the third Chrome zero-day vulnerability that has been under active exploitation since…<\/p>\n","protected":false},"author":1,"featured_media":1758,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[79,130,108],"class_list":["post-1757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-security","tag-update","tag-vulnerability"],"acf":[],"yoast_head":"\n