Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May.
As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome.
It was initially reported on a week ago by members of Google’s Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers.
In the security advisory published on Monday, the company is quoted as stating: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks.
Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome.
Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
More from Tom's Guide
- Hackers are using this to spread dangerous malware just in time for summer travel season
- Microsoft Authenticator will shut off the password autofill feature in July — here’s how to save them
- It’s time to stop believing these lies about antivirus software
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
