Google has issued an out-of-band update to patch a high-severity zero-day vulnerability—CVE-2025-5419, currently being exploited in the wild. This flaw affects the V8 JavaScript and WebAssembly engine in Google Chrome, potentially allowing remote attackers to trigger heap corruption through crafted HTML pages.
Vulnerability Details
- CVE: 2025-5419
- Severity: High (CVSS 8.8)
- Impact: Out-of-bounds read/write leading to potential arbitrary code execution
- Affected Component: V8 engine in Google Chrome
- Discovered by: Google TAG (Threat Analysis Group)
- Status: Exploit confirmed in the wild
Recommended Action
We strongly urge all users and organizations to immediately upgrade to Chrome version 137.0.7151.68/.69 on Windows/macOS and 137.0.7151.68 on Linux. Users of Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply patches as soon as they are available.
Accorian remains your trusted partner for continuous threat intelligence, rapid vulnerability response, and expert guidance on patch management.
For further assistance, contact us at info@accorian.com or schedule an appointment via our Calendly link.
Threat Advisory
Team Accorian
