Update Google Chrome ASAP to Fix Critical Vulnerability
If you use Google Chrome, you need to update your browser right now. Google has just released an emergency patch for three security vulnerabilities, one of which is a zero-day vulnerability that has been actively exploited.
Zero-day vulnerabilities are high-severity vulnerabilities that are either actively exploited or become publicly known before the developer releases an update to fix the vulnerability.
What does the Google Chrome patch fix?
Chrome’s latest zero-day vulnerability, designated CVE-2025-5419 , is an out-of-bounds read/write vulnerability that affects the V8 JavaScript engine and allows a remote attacker to “exploit heap corruption via a specially crafted HTML page.”
The vulnerability was discovered and reported on May 27 by Clement Lessin and Benoit Sevens of the Google Threat Analysis Group. While Google acknowledged that the zero-day vulnerability was being actively exploited, it did not provide any additional details about how or by whom other attackers could be prevented from exploiting the vulnerability until more Chrome users applied the fix.
This isn’t the first zero-day vulnerability to hit Chrome this year. Google released additional emergency fixes in March and May : the first vulnerability allowed malware to be deployed in spyware attacks, and the second allowed account takeovers.
What Chrome users need to do
Google confirmed that it had made configuration changes to the stable version of Chrome to address the vulnerability the day after it was discovered. On Monday, the company released a stable channel update with fixes for the zero-day vulnerability and two additional security issues.
Users should ensure they are running Chrome version 137.0.7151.68/.69 for Windows and macOS, and version 137.0.7151.68 for Linux. Check your version by opening the Chrome menu and selecting About Google Chrome . If an update is available, wait for it to complete and restart the browser to install it.