The flaw has been used in real-world attacks

3B Google Chrome users at risk. Update now!

By Mudit Dube

Jun 03, 2025

05:25 pm

---

What's the story

Google has released an emergency update for its Chrome browser after a major flaw was exploited by hackers.

The vulnerability, identified as CVE-2025-5419, is related to the V8 engine of Chrome and has reportedly been used in real-world attacks.

The tech giant only acknowledged the threat after it was already being exploited, prompting concerns over its transparency and responsiveness when user safety of nearly 3 billion Chrome users is at stake.

Vulnerability details

What is CVE-2025-5419?

CVE-2025-5419 is an "out-of-bounds read and write" vulnerability in Chrome's V8 JavaScript engine.

Such bugs let attackers manipulate memory, possibly giving them unauthorized access to sensitive data.

Although it is rated as "high severity" instead of "critical," the fact that hackers are already exploiting it makes the issue more dangerous than Google initially indicated.

Government response

Fix mandated for federal agencies

The urgency of this issue has caught the attention of US cybersecurity authorities.

Federal agencies have been ordered to update Chrome by Thursday or stop using it altogether.

The Cybersecurity and Infrastructure Security Agency (CISA) is also likely to impose a 21-day update mandate, indicating that this isn't just another routine fix but something more serious.

Additional fix

Another 'high severity' vulnerability addressed in the update

The emergency update also addresses another dangerous vulnerability, CVE-2025-5068.

This one is a "use-after-free" flaw in Chrome's Blink rendering engine and was reported by an external researcher.

The inclusion of this bug fix further highlights concerns over Google's internal safeguards possibly falling short against such threats.

User action

How to apply the patch

To activate the patch, users are advised to restart Chrome as soon as possible.

An update prompt should appear in the browser. After restarting, regular tabs will automatically reopen but Incognito tabs won't—so save any important work before proceeding with the update process.