Google has pushed out an emergency fix for a zero-day high-severity vulnerability in its Chrome browser (CVE-2025-5419). Another critical flaw with a CVSS score of 8.8 was reported in the V8 JavaScript and WebAssembly engine. This vulnerability leads to an out-of-bounds read/write primitive. These vulnerabilities, in turn, can result in critical security threats, including the possibility of heap corruption and the ability for evilcharz to gain access to users’ devices.
Microsoft additionally published out-of-band fixes on Monday to help protect against the potential dangers posed by CVE-2025-5419. Their announcement follows news that the vulnerability is already being exploited in the wild. Google confirmed their awareness of active exploits targeting this flaw, emphasizing the urgent need for users to update their browsers promptly.
CVE-2025-5419 is part of a larger set of security fixes. Providing better and safer defaults Google made these updates to help make its Chrome browser a safer choice. The National Vulnerability Database (NVD) monitors this vulnerability. Denial of Service Remote attackers can cause a DoS condition via improper processing of HTML memory operations by enticing a user to open specially crafted HTML pages.
“Out-of-bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” – NIST’s National Vulnerability Database (NVD)
The very high CVSS score indicates how critically serious that issue is. It’s a wake-up call to all users and enterprises that you need to start protecting yourself while browsing on Chrome today. In the meantime, Google has been encouraging all users to update their systems immediately to protect against this and other vulnerabilities.
The NVD has provided a comprehensive CVE-2025-5419 with a technical description of the vulnerabilities, their impact, and guidance on how to mitigate them. We recommend users to view the respective entry on the NVD for more complete information about this vulnerability and additional security best practices.