For those utilizing Google Chrome, an urgent update is necessary. Recently, Google issued an emergency update to tackle three significant security flaws, including a zero-day vulnerability that is currently being exploited.

A zero-day vulnerability refers to critical security issues that are either actively manipulated by attackers or made public before a fix is deployed by the developers.

Details of the Google Chrome Update

The troubling zero-day vulnerability, identified as CVE-2025-5419, is categorized as an out-of-bounds read-and-write flaw affecting the V8 JavaScript engine. This flaw could enable remote attackers to instigate “heap corruption through specifically crafted HTML content.”

This vulnerability was discovered and reported by Clement Lecigne and Benoît Sevens of the Google Threat Analysis Group on May 27. While Google has acknowledged the ongoing exploitation of this zero-day, they have refrained from revealing extensive details regarding the methods or the perpetrators to mitigate the risk of further exploitation until more users apply the patch.

It’s noteworthy that this isn’t the first zero-day issue to impact Chrome this year. Google released more emergency patches in March and May: one flaw permitted malware deployment in espionage operations, while the other enabled account takeovers.

Essential Steps for Chrome Users

Google has confirmed that a configuration adjustment was made to the Stable version of Chrome to address the vulnerability the day after its discovery. A Stable channel update was rolled out on Monday, incorporating fixes for the zero-day and two other security issues.

Users are advised to ensure they are running Chrome version 137.0.7151.68/.69 on Windows and macOS, and version 137.0.7151.68 for Linux. To verify your version, navigate to the Chrome menu and select About Google Chrome. If there is an available update, please allow it to finish and restart the browser to install the latest version.