🚨Google Chrome Hit by Third Zero-Day of 2025: Patch Now🚨

Google has issued a high-priority security update to patch a newly discovered zero-day vulnerability in the Chrome browser, which has already been exploited in the wild.

The flaw, now tracked as CVE-2025–5419, is the third actively exploited Chrome zero-day identified in 2025. Security experts are urging users to update immediately to avoid potential compromise.

What Is CVE-2025–5419 and Why It Matters

CVE-2025–5419 is classified as a high-severity vulnerability stemming from an out-of-bounds read and write issue in the Chrome V8 JavaScript engine, which handles execution of code inside the browser.

Such vulnerabilities can be extremely dangerous because they open the door to arbitrary code execution, data theft, or system crashes, all without requiring user interaction beyond visiting a malicious website.

The flaw was discovered by members of Google’s internal security team and mitigated quickly through a configuration change. However, due to its active exploitation, a full browser update is necessary for complete protection.

What Versions Are Affected?

• Google addressed the issue in the following browser versions released on June 3rd:
• Windows & macOS: Chrome version 137.0.7151.68/.69
• Linux: Chrome version 137.0.7151.68
• These updates are currently being rolled out via the Stable Desktop channel and will reach most users automatically. However, Chrome users are advised not to wait.

How to Update Chrome Manually

• To immediately protect against CVE-2025–5419, users should follow these steps:
• Open Chrome.
• Click the three-dot menu in the top right.
• Navigate to Help > About Google Chrome.
• Allow Chrome to check for updates and apply them.
• Click ‘Relaunch’ when prompted.
• If your Chrome version is 137.0.7151.68 or later, you’re safe. Otherwise, patching should be done immediately.

Google Holds Back Full Details for Now

While Google confirmed that CVE-2025–5419 is being actively exploited, no further technical details about the attack or threat actors have been released.

According to Google’s advisory:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”

This approach helps minimize the risk of copycat attacks while users are still updating their systems.

A Growing Trend in 2025

This marks the third zero-day vulnerability in Chrome this year:

March 2025: CVE-2025–2783 was used to escape Chrome’s sandbox and deliver malware in espionage campaigns, notably targeting Russian government agencies and media organizations.

May 2025: An unlisted zero-day was patched that could allow account takeovers by exploiting Chrome’s rendering engine.

Zero-day vulnerabilities are flaws that are exploited by attackers before developers are even aware they exist. They’re among the most valuable tools in the arsenal of both nation-state hackers and cybercriminal groups.

In 2024, Google patched ten such Chrome vulnerabilities, several of which were showcased at the Pwn2Own hacking competition, while others were found in active malware campaigns.

Why Users and Businesses Should Take This Seriously

Although Google’s Chrome browser updates automatically in most cases, the reality is that many users delay restarts, leaving their systems vulnerable to known exploits.

Even a short delay can expose users to targeted malware, phishing redirects, or worse. For businesses, especially those with customer-facing web applications or browser-heavy workflows, one unpatched machine could become a gateway for attackers.

Proactive Security Is Key

Modern cyber threats evolve faster than ever, and waiting for a patch after public disclosure is often too late. This incident reinforces the importance of:

• Routine patch management
• Browser hardening
• Zero-day threat simulation
• Employee awareness on update hygiene

While CVE-2025–5419 has now been addressed, the window of exposure was real and exploited.

WireTor Can Help You Stay Ahead

WireTor, a global leader in penetration testing and cybersecurity assessments, helps companies proactively identify browser-based vulnerabilities before attackers do. Our team offers:

• Zero-day exploit simulation
• Real-time vulnerability scans
• Browser and endpoint hardening
• Emergency patch advisory
• Enterprise security audits

If your business depends on secure browser use, reach out to WireTor for a free consultation and ensure your systems are protected against the next threat — before it makes headlines. +1–332–267–8457 or [email protected]