Overview

• Discovered by Google’s Threat Analysis Group, CVE-2025-5419 is a high-risk memory error in the V8 JavaScript engine that allows out-of-bounds read/write access and is already exploited in the wild.
• Google deployed a temporary configuration-based mitigation on May 28 and released the complete code-level patch for the zero-day on June 3.
• The update also fixes a medium-risk use-after-free vulnerability in the Blink rendering engine (CVE-2025-5068).
• Chrome 137.0.7151.68/.69 is now available for Windows, macOS and Linux with automated rollout and manual installation via the “About Google Chrome” menu.
• Chromium-based browsers such as Microsoft Edge and Brave are expected to deliver corresponding security updates in the coming days.