a day ago
New Chrome, Edge Deadline—Update And Restart All Browsers Now
Don't leave it too late.
Google made headlines this week, releasing an emergency Chrome update and confirming it had quietly stopped attacks by pushing out changes to all browsers. This is not just a Chrome issue. Microsoft has also updated Edge to mitigate the same threat.
With Chrome so dominant on Windows desktops, it's easy to overlook that Edge runs on the same Chromium platform and is often vulnerable to the same vulnerabilities. That's certainly the case here, and it means all users need to take note.
CISA has now mandated federal staff update os stop using all Chromium browsers by June 26. 'This vulnerability could affect multiple web browsers that utilize Chromium,' it says, 'including, but not limited to, Chrome, Microsoft Edge, and Opera.' This is only mandatory for federal staff, but all users should do the same.
Microsoft warns Edge users that its latest update 'contains a fix for CVE-2025-5419 which has been reported by the Chromium team as having an exploit in the wild.' This echoes Google's initial warning from June 2, which with its own emergency update.
For its part, America's cyber defense agency warns this is a 'Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page."
While browser vulnerabilities affect mobile platforms and Macs, the primary risk is with Windows PCs. Chrome dominates with a 65% market to Edge's 14%, albeit that is slowly growing. Other browsers remain also-rans outside Apple's ecosystem and Safari.
Given Google's and CISA's warnings, updating immediately is critical. As Qualys points out, 'currently, no publicly available information exists regarding exploiting this Google Chrome vulnerability by any specific threat actors. The absence of reports does not necessarily mean the vulnerability is not being exploited.'
As ever with such threats, the maximum risk is the period between public disclosure and the majority of users applying updates. Attackers know they're on the clock. That's why Google and others do not issue any further detail at this early stage.
