Google has confirmed that another critical Chrome zero-day vulnerability is under active attack, and if your browser hasn’t been updated recently, your system could still be at risk. Discovered by Google’s own Threat Analysis Group on May 27th and officially listed as CVE-2025-5419, this vulnerability resides in Chrome’s V8 JavaScript engine and permits out-of-bounds read and write operations—meaning attackers can bypass normal protections to execute malicious code. The flaw affects Chrome users on Windows, macOS, and Linux and poses a serious threat due to its active exploitation before a fix could be widely deployed.
Google released an update to patch the bug on May 28th, but the announcement wasn’t made until June 2nd—giving users nearly a week in which their systems may have remained unprotected without their knowledge. Even now, many users have not seen the patch automatically applied, which means your system may still be exposed. Those who have received the update should see a notification near the top right of the Chrome window prompting a restart to finalize the patch. However, if you haven’t spotted that prompt—or if you can’t recall when your browser last updated—it’s time to take action manually.
To check your browser version and force the update if needed, click the three vertical dots in the upper-right corner of Chrome, then go to Help > About Google Chrome, or simply enter chrome://settings/help into the address bar. Chrome will display your current version and automatically check for updates. Look for version 137.0.7151.68 or higher—that’s the version with the patched code. If you’re running an earlier version, Chrome should immediately begin downloading the update and will require a restart to complete installation.
The exploit’s discoverers, Clément Lecigne and Benoît Sevens, are both veterans in uncovering serious Chrome vulnerabilities, and Google has so far withheld detailed technical information about CVE-2025-5419 to prevent widespread misuse. This delay is common practice for zero-day bugs and is meant to give users and organizations time to secure their systems. Given Chrome’s ubiquity and frequent targeting by cybercriminals, users are strongly encouraged to stay vigilant and check for updates right away—even if automatic updates are typically enabled. In this case, waiting could leave you exposed to a very real and already active threat.