Google released Chrome 137 to fix three security vulnerabilities, including a high-severity zero-day actively exploited in the wild. The most critical flaw, CVE-2025-5419, involves an out-of-bounds read/write in the V8 engine, potentially leading to remote code execution. #CVE-2025-5419 #V8Engine #GoogleThreatAnalysisGroup
Keypoints
- Chrome 137 addresses three security vulnerabilities, including a zero-day actively exploited by attackers.
- The critical zero-day (CVE-2025-5419) affects the V8 JavaScript engine and can lead to arbitrary code execution.
- Google Threat Analysis Group researchers credited with reporting the zero-day and other bugs.
- The update also patches a medium-severity use-after-free flaw in Blink (CVE-2025-5068).
- Exploits for similar vulnerabilities have previously caused sandbox escapes and targeted state-sponsored groups.
Read More: https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/