Latest news with #CVE-2025-5419
Tom's Guide
3 days ago
- Business
- Tom's Guide
It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May. As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome. It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers. In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks. Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Daily Mirror
3 days ago
- Business
- Daily Mirror
Everyone who uses Chrome urged to quit their browser and restart it immediately
All Chrome user should check their settings without delay and make sure they are running the very latest version. If your chosen web browser happens to be Google's Chrome application, you are advised to restart it without delay. The US technology giant has just confirmed the release of an update that fixes a bug found within this popular internet searching software. That might not sound all that important, but this latest release is urgent and has been given the dreaded "zero-day" rating. For those not up to speed with the latest tech jargon, a zero-day threat means hackers are aware of it and are actively exploiting it in the wild. " Google is aware that an exploit for CVE-2025-5419 exists in the wild," Google said in an update posted on its security pages. It's now vital that you head to the settings and make sure things are fully up to date. If not, you'll need to relaunch the browsers without delay. If you own a Mac or Windows PC, the Chrome version you should be running is 137.0.7151.68/.69. "The Stable channel has been updated to 137.0.7151.68/.69 for Windows, Mac and 137.0.7151.68 for Linux which will roll out over the coming days/weeks," Google added. According to Google's latest update, the CVE-2025-5419 issue is caused by "out of bounds read and write in V8". It was reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group. As long as you restart your browser, you won't be affected, so now is a good time to check and make sure everything is up to date.
