It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome.
It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers.
In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.'
This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks.
Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
10 minutes ago
- Yahoo
Google agrees new small modular nuclear reactor deal to power data centers
An energy provider in Tennessee became the first US utility to reach an electricity deal with a small modular nuclear reactor company. The three-way agreement between the Tennessee Valley Authority, the nuclear firm Kairos, and Google will cover a 50-megawatt reactor built to provide power to Google's data centers in the state and neighboring Alabama. SMRs are expected in time to be much faster and cheaper to build than traditional large reactors, while still providing significant power: The Kairos plant could power 50,000 homes. Tech firms are increasingly turning to nuclear as a reliable source of clean energy as their demand for power goes up: Amazon, Meta, and Microsoft have also struck deals with nuclear companies. Solve the daily Crossword
Engadget
12 minutes ago
- Engadget
The Morning After: What to expect at Google's Pixel 10 event tomorrow
After focusing its big Google I/O 2025 on AI tech and Gemini's latest features, Google has new hardware. The next Made by Google event kicks off tomorrow, and Google has already confirmed how at least one of its new phones will look . Expect a little more fanfare than usual. The company dropped a video on X, teasing 'special guests,' including Jimmy Fallon, Stephen Curry, Lando Norris and the Jonas Brothers. Surely, they'll make you buy a Pixel! Leaks suggest Google is giving all of its Pixel 10 phones telephoto cameras in 2025, though it's still possible the phone teased earlier is a Pixel 10 Pro. We're expecting to see four phones in total: Pixel 10, 10 Pro, 10 Pro XL and 10 Pro Fold. Then, if you can maintain focus, there's likely to be a new Pixel Watch with smaller bezels and a brighter screen, and maybe even new entry-level Pixel buds. The Pixel 10 launch event kicks off on August 20, tomorrow, at 1PM ET / 10AM PT. We'll be reporting live from the event. Here's a full breakdown of what we're expecting to see. — Mat Smith Get Engadget's newsletter delivered direct to your inbox. Subscribe right here! The news you might have missed It's not as crazy as it sounds. NASA is considering a small nuclear reactor for the Moon, to power a possibly permanent lunar presence. Other power sources have their drawbacks: Solar power is limited by the long two-week lunar nights and sunless craters, making nuclear energy a more reliable and constant power source. A nuclear reactor would also provide a significant amount of energy from a small mass, which is crucial for space travel. Challenges remain, including the system's weight, recent cuts at NASA and the lack of a US company to produce the microreactor itself. Continue reading. Can-Am's first electric ATV can haul more than its gas models It offers 50 miles of range, 47 hp and 'whisper-quiet operation.' Can-Am, part of the motorsports group BRP that recently introduced electric snowmobiles , has just launched its first electric all-terrain vehicle (ATV). The Outlander Electric is designed to be 'whisper quiet' for tasks like herding or hunting, but it can still tow more than its gas-powered counterparts, thanks to the high level of torque. The 8.9 kWh battery will offer around 50 miles (80km) of range, which is half that of a gasoline ATV, depending on the model. The Can-Am Outlander Electric ATV is now available from dealers and Can-Am's website, starting at $12,999. Continue reading. How to use (or turn off) your Instagram Map Instagram Map, a new Instagram feature copying Snapchat's Snap Map, makes it simple to share your location with friends. So simple you might not even realize who you're sharing it with, unless you dig into your settings. We lay out how it works — and how to stop sharing your location. Continue reading. If you buy something through a link in this article, we may earn commission.
Tom's Guide
12 minutes ago
- Tom's Guide
Samsung's latest robot vacuum can clean and monitor your home at the same time
Samsung has announced the launch of its latest robot vacuum ahead of IFA 2025 expo next month. What's more, apart from cleaning your floors, the Bespoke Jet Bot series floor cleaner includes a security camera to monitor your home. And it's not just a gimmick. The security camera has gained the top 'Diamond' security rating based on Underwriters Laboratories' independent evaluation. Samsung's Bespoke AI Jet Bot Steam Ultra follows the Bespoke AI Jet Bot, launched at the start of 2024. And just like its predecessor, the latest model uses AI to clean and mop your floor while avoiding all obstacles. Not to mention the fact the mop sanitised with steam to guarantee a hygienic clean. The robot vacuum also uses AI Object Recognition, capturing images for a bespoke clean, while also using pre-specified perimeters to tell it where to go and what to clean. This premium model also features a built-in camera to ensure the ultimate cleanup, plus support for Samsung's SmartThings app — allowing the appliance to be controlled remotely. There's even features that let you monitor other home appliances and store user information in the web browser. To ensure a high standard of protection, Samsung has various security measures courtesy of Samsung Knox — including Knox Vault, and Knox Matrix Trust Chain. Thanks to Knox, the security status of connected appliances will be monitored in real time. Knox Vault, which has been added to home appliances for the first time this year is here for that added level of security. It stores particularly sensitive user information, such as passwords and authentication information, in a separate secure hardware chip. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. And for user peace of mind, Samsung notes that the IoT security marketing claims are verified by Underwriters Laboratories' Solutions, gaining the highest 'Diamond' rating. The top rating only includes products that can successfully detect and block malicious software, prevent unauthorized access and anonymize user data. 'As the smart home environment expands and concerns around data privacy grow, consumers are looking for more secure products they can trust,' said Jeong Seung Moon, EVP and Head of the R&D Team for Digital Appliances Business at Samsung Electronics. 'Samsung remains committed to providing the best possible experience for users by building a powerful security foundation that protects their data across our AI-powered appliances.' Samsung is yet to release details about the cost of the Bespoke AI Jet Bot Steam, but we expect it will be a fair bit pricier than the Bespoke AI Jet Bot Combo, which currently retails for $1,699. When can we expect to see the Bespoke AL Jet Bot Ultra? It will make its first appearance at IFA 2025 in Berlin during the first week in September. The Tom's Guide team will be on the ground, ready to report back on the launch. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
