Google on Monday released an out-off-band fix to address three security issues in its Chrome browser, including it that it is said that it is under active exploitation in the wild.
The defect of high-seriousness is being tracked Cve-2025-5419And V8 has been marked as an out-of-bounds reading and writing in the JavaScript and webassembly engine.
The nist’s national vulnerability reads the bug details on the database (NVD), “read and write in the V8 in Google Chrome before 137.0.7151.68.
Google credited the Clement Lesigne and Benoit Sevance of the Google Danger analysis group (TAG) with the discovery and reporting of defects on May 27, 2025. It was also noted that the issue was addressed by extending a configuration change for a stable version of the browser on all platforms the next day.
As is customary, the advisory highlights the details about the nature of the attacks, which take advantage of vulnerability or harass the identity of danger actors. This is done to ensure that most of the users are updated with a fix and other bad actors to prevent joining the exploitation bandwagan.
“Google knows that an exploitation for the CVE-2025-5419 is present in the wild,” the tech veteran accepted.
After the CVE-2025-5419 CVE-2015-2783 (CVSS score: 8.3), this year is the second actively exploited zero-day packed by Google, identified by the Ksperski as a weapon in the targeting organizations of attacks in Russia.
Users are recommended to upgrade the Chrome version 137.0.7151.68/69 for Windows and McOS, and the version for Linux 137.0.7151.68 to protect against potential hazards for Linux. Users of chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to be available and when they become available.
