Particle.news
Download on the App Store
6 ARTICLES
·
3w ago

Emergency Chrome Update Fixes Actively Exploited Zero-Day Bug

Federal agencies must install the update by Thursday or cease using Chrome under an existing government directive.

Image
Image
Image
Google Chrome

Overview

  • Google’s June 3 emergency update patches CVE-2025-5419, an out-of-bounds read/write flaw in Chrome’s V8 engine that is under active attack.
  • A server-side configuration change deployed May 28 mitigated the vulnerability ahead of the desktop patch.
  • The update also addresses CVE-2025-5068, a use-after-free bug in Chrome’s Blink renderer disclosed by an external researcher.
  • Federal agencies face a Thursday deadline to update Chrome or halt its use under a U.S. government mandate and CISA is poised to enforce a 21-day compliance timeframe.
  • Users should restart Chrome to install version 137.0.7151.68/.69, and Google will withhold detailed exploit data until most installations are secured.