Out of Bounds Read and Write Vulnerability in Google Chrome
CVE-2025-5419
Key Information:
Badges
What is CVE-2025-5419?
CVE-2025-5419 is a high-severity vulnerability identified in Google Chrome, specifically affecting the V8 JavaScript engine prior to version 137.0.7151.68. This vulnerability relates to out-of-bounds read and write operations, which can lead to heap corruption when a maliciously crafted HTML page is rendered by the browser. The existence of this vulnerability poses serious risks to organizations utilizing Google Chrome, as it can potentially allow remote attackers to execute arbitrary code on affected systems. The repercussions can extend beyond individual devices, as compromised systems can be exploited for broader attacks within an organization’s network and impact the confidentiality, integrity, and availability of sensitive data and resources.
Potential impact of CVE-2025-5419
-
Unauthorized Access and Control: An attacker exploiting this vulnerability may gain unauthorized control over an affected system, allowing them to execute malicious operations without the user’s consent. This can lead to unauthorized data access and compromise sensitive information.
-
Data Breaches: The ability to manipulate heap memory could enable attackers to exfiltrate confidential data, potentially leading to significant data breaches. Organizations might face reputational damage, legal consequences, and financial liabilities as a result.
-
Widespread Network Compromise: Given that Google Chrome is extensively used across organizations, exploitation of this vulnerability can facilitate lateral movement within a network. Once an attacker breaches one machine, they may easily propagate their attack across connected devices, increasing the severity and scale of the incident.
Affected Version(s)
Chrome 137.0.7151.68
News Articles
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) - Help Net Security
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit.
12 hours ago
Google pushes emergency fix for high-severity Chrome 0-day
Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day. Google Threat Analysis Group (TAG) team members Clement Lecigne and...
1 day ago

3B Google Chrome users at risk. Update now!
Google has issued an emergency update for Chrome, addressing a severe vulnerability discovered by its Threat Analysis Group and used in cyber attacks.
1 day ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved