Out of Bounds Read and Write Vulnerability in Google Chrome
CVE-2025-5419

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
3 June 2025

Badges

🔥 Trending now📈 Trended📈 Score: 1,360👾 Exploit Exists📰 News Worthy

What is CVE-2025-5419?

CVE-2025-5419 is a high-severity vulnerability identified in Google Chrome, specifically affecting the V8 JavaScript engine prior to version 137.0.7151.68. This vulnerability relates to out-of-bounds read and write operations, which can lead to heap corruption when a maliciously crafted HTML page is rendered by the browser. The existence of this vulnerability poses serious risks to organizations utilizing Google Chrome, as it can potentially allow remote attackers to execute arbitrary code on affected systems. The repercussions can extend beyond individual devices, as compromised systems can be exploited for broader attacks within an organization’s network and impact the confidentiality, integrity, and availability of sensitive data and resources.

Potential impact of CVE-2025-5419

  1. Unauthorized Access and Control: An attacker exploiting this vulnerability may gain unauthorized control over an affected system, allowing them to execute malicious operations without the user’s consent. This can lead to unauthorized data access and compromise sensitive information.

  2. Data Breaches: The ability to manipulate heap memory could enable attackers to exfiltrate confidential data, potentially leading to significant data breaches. Organizations might face reputational damage, legal consequences, and financial liabilities as a result.

  3. Widespread Network Compromise: Given that Google Chrome is extensively used across organizations, exploitation of this vulnerability can facilitate lateral movement within a network. Once an attacker breaches one machine, they may easily propagate their attack across connected devices, increasing the severity and scale of the incident.

Affected Version(s)

Chrome 137.0.7151.68

News Articles

favicon imageHelp Net Security

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) - Help Net Security

Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit.

12 hours ago

favicon imageThe Register

Google pushes emergency fix for high-severity Chrome 0-day

Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day. Google Threat Analysis Group (TAG) team members Clement Lecigne and...

1 day ago

favicon imageNewsBytes

3B Google Chrome users at risk. Update now!

Google has issued an emergency update for Chrome, addressing a severe vulnerability discovered by its Threat Analysis Group and used in cyber attacks.

1 day ago

References

https://chromereleases.googleblog.com/2025/06/stable-chan...
https://issues.chromium.org/issues/420636529

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5419 : Out of Bounds Read and Write Vulnerability in Google Chrome