Out of Bounds Read and Write Vulnerability in Google Chrome
CVE-2025-5419

8.8HIGH

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
3 June 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 16,900💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-5419?

CVE-2025-5419 is a high-severity vulnerability identified in Google Chrome, specifically affecting the V8 JavaScript engine prior to version 137.0.7151.68. This vulnerability relates to out-of-bounds read and write operations, which can lead to heap corruption when a maliciously crafted HTML page is rendered by the browser. The existence of this vulnerability poses serious risks to organizations utilizing Google Chrome, as it can potentially allow remote attackers to execute arbitrary code on affected systems. The repercussions can extend beyond individual devices, as compromised systems can be exploited for broader attacks within an organization’s network and impact the confidentiality, integrity, and availability of sensitive data and resources.

Potential impact of CVE-2025-5419

  1. Unauthorized Access and Control: An attacker exploiting this vulnerability may gain unauthorized control over an affected system, allowing them to execute malicious operations without the user’s consent. This can lead to unauthorized data access and compromise sensitive information.

  2. Data Breaches: The ability to manipulate heap memory could enable attackers to exfiltrate confidential data, potentially leading to significant data breaches. Organizations might face reputational damage, legal consequences, and financial liabilities as a result.

  3. Widespread Network Compromise: Given that Google Chrome is extensively used across organizations, exploitation of this vulnerability can facilitate lateral movement within a network. Once an attacker breaches one machine, they may easily propagate their attack across connected devices, increasing the severity and scale of the incident.

CISA has reported CVE-2025-5419

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-5419 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome 137.0.7151.68

News Articles

Google Issues Emergency Update For All 3 Billion Chrome Users

Update now warning for all users, with attacks confirmed underway.

3 weeks ago

Emergency Chrome Update! One Click Could Save Your Personal Data

A newly discovered critical vulnerability in Google Chrome—CVE-2025-5419—has put an estimated 3 billion users at significant risk of cyberattacks. Google has issued an emergency update to fix the flaw, but experts warn that threat actors have already begun exploiting it in the wild. Another severe b...

3 weeks ago

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) - Help Net Security

Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit.

3 weeks ago

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5419 : Out of Bounds Read and Write Vulnerability in Google Chrome