Skip to main content

Google Releases Security Updates for Chrome

Security update addresses an exploited high severity vulnerability in Google Chrome for Windows

Threat ID:
CC-4662
Threat Severity:
Medium
Published:
3 June 2025 2:42 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses an exploited high severity vulnerability in Google Chrome for Windows

Threat details

Exploitation of CVE-2025-5419

Google is aware that an exploit for CVE-2025-5419 exists in the wild

Introduction

Google has released version 137.0.7151.68/.69 for Chrome for Windows and Mac and 137.0.7151.68 for Chrome for Linux which will roll out over the coming days/weeks. The updates address two high severity vulnerabilities in the V8 JavaScript engine.

  • CVE-2025-5419 has a CVSSv3 score of 8.8 and is an "out of bounds read and write" vulnerability in V8 in Google Chrome. A remote attacker could exploit this vulnerability to perform heap corruption via a crafted HTML page.
  • CVE-2025-5068 has a CVSSv3 score of 8.8 and is a "use after free" vulnerability in Blink in Google Chrome. A remote attacker could exploit this vulnerability to perform heap corruption via a crafted HTML page.

Google is aware that an exploit for CVE-2025-5419 exists in the wild.

Remediation advice

Affected organisations are encouraged to review the Chrome Release 137.0.7151.68/.69 Stable Channel advisory and apply the update for the latest release.

Last edited: 3 June 2025 2:42 pm