Google releases emergency Chrome update to patch actively exploited flaw
Take action: One more urgent patch for Chrome - Google patched an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Patch all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi). Updating the browser is easy, all your tabs reopen after the patch.
Learn More
Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild.
Vulnerability summary:
- CVE-2025-5419 (CVSS score: 8.8) - Out-of-bounds read and write vulnerability in Chrome's V8 JavaScript and WebAssembly engine. This flaw allows remote attackers to potentially exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution or complete system compromise.
- CVE-2025-5068 (CVSS score: 8.8) - Use-after-free vulnerability in Blink rendering engine that can lead to memory corruption and potential code execution.
Google is aware that an exploit for CVE-2025-5419 exists in the wild. Given the active exploitation and the critical nature of the vulnerability, Google implemented emergency mitigation measures on May 28, 2025, pushing a configuration change across all Chrome platforms.
Google has patched this vulnerability in Chrome version 137.0.7151.68/.69 for Windows and Mac users, and version 137.0.7151.68 for Linux systems.
Chrome users should immediately update their browsers by navigating to Settings > About Chrome, which will automatically download and install the latest version.
