CVE-2025-5419

Published Jun 3, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

Description
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Exploit added on
Jun 5, 2025
Exploit action due
Jun 26, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score
Not currently trending
  1. CVE-2025-5419 no Chrome permitia drive-by downloads via type confusion no V8

    @hashtagsec

    12 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #VulnerabilityReport #Browsers Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild https://t.co/BUSd8v6Sjd

    @Komodosec

    10 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    9 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. No carrossel de updates também teve Chrome e Firefox fechando zero-days (CVE-2025-5419 e CVE-2025-4664)

    @hashtagsec

    7 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    6 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine (CVE-2025-5419), actively exploited to execute arbitrary code on victims’ systems. Users must update Chrome. https://t.co/g6MFmQul1L

    @WalkureARCH

    5 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    4 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    2 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Google has released a security update for Chrome to address a zero-day vulnerability, CVE-2025-5419, which is reportedly being actively exploited. This vulnerability affects all Chrome versions prior to 137.0. Update Now.

    @Chatelobenna

    1 Jul 2025

    73 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 ¡CVE-2025-5419 ya está parchada en V8! Si sigues sin reiniciar tu Chrome, estás jugando con fuego. ¿Vas a esperar al exploit o actualizarás ahora? 🔥🔄 #Ciberseguridad #ChromeUpdate #ZeroDay https://t.co/kWUrKn7a7r

    @gorkaelbochi

    29 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    28 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 1️⃣ Chrome zero-day (CVE-2025-5419) is being actively exploited right now. If your Chrome isn’t updated - you're vulnerable. 2️⃣ The flaw affects the V8 JavaScript engine - hackers can hijack your browser just by getting you to visit a malicious site. Google patched

    @vpnunlimited

    27 Jun 2025

    137 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    24 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  14. CISA added a new actively exploited vulnerability—CVE-2025-5419, affecting Google Chromium V8—to its Known Exploited Vulnerabilities Catalog. This out-of-bounds read/write flaw is a frequent target for attackers and poses serious risks. #cybersecurity https://t.co/PcJagwktbj

    @MainNerve

    22 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️ Urgent: Microsoft patches 66 flaws! CVE-2025-33053 (WebDAV) is exploited—clicking malicious links can hack your PC. 1️⃣Update Windows NOW to stay safe! Also, 2️⃣Update Edge/Chrome for CVE-2025-4664, CVE-2025-5419 fixes. #PatchTuesday #Cybersecurity https://t.c

    @CyberWolfGuard

    21 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. A zero-day vulnerability, codenamed CVE-2025-5419, has a CVSS Score of 8.8. The vulnerability resides in the V8 JavaScript Engine in Chrome web browser versions prior to 137.0.7151.68. Google recommends updating to patch the vulnerability as soon as possible.

    @freedomhack101

    13 Jun 2025

    59 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #infosec #hacking #CSO #cybersecurity #pentesting #informationsecurity #redteam #DataSecurity #CyberSec #HackerNews Google chrome V8 JavaScript引擎越界读写漏洞(CVE-2025-5419) https://t.co/h3g4LjfGVZ https://t.co/MHbLMDeECn

    @cncsocom

    13 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    10 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. 🔴 Google Chrome Zero-Day Under Active Exploitation! Google has issued an urgent security patch for CVE-2025-5419, a critical flaw (CVSS 8.8) in the V8 JavaScript engine. This vulnerability, already exploited in the wild, allows attackers to corrupt memory via a crafted HTML h

    @_viepaix

    10 Jun 2025

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    10 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. A new Chrome zero-day is being actively exploited; Google has released an out-of-band emergency patch to address the vulnerability CVE-2025-5419, which carries a CVSS score of 8.8. https://t.co/nH4CrcMCOW #UrgentUpdate https://t.co/quqMq1C6wa

    @JadenJohnsNews

    9 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Chrome Zero-Day Alert (CVE-2025-5419) 🚨 A critical V8 engine flaw is being actively exploited in the wild, allowing remote code execution via malicious sites. 🔴 Severity: High (CVSS 8.8) ⚠️ Impact: Full browser compromise possible ✅ Fix: Update Chrome

    @ZBounty18591

    9 Jun 2025

    9 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🚨 Google confirms exploit for CVE-2025-5419 (V8 out-of-bounds read/write) in the wild. Chrome Stable updated to 137.0.7151.68/.69 with fix. Update now https://t.co/R7DCA68xBg

    @andy_empirical

    9 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. RE: CVE-2025-5419 - vuln allows you to read uninitialized memory by removing an initializing store.

    @mistymntncop

    9 Jun 2025

    2796 Impressions

    1 Retweet

    21 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  25. 👏 AdsPower Now Supports Chrome 137 Kernel! This update also optimizes the V8 engine for faster response times and enhanced stability, while patching critical vulnerabilities (e.g., CVE-2025-5419) recently fixed by Chrome. How to upgrade❓ 1. Open AdsPower 2. Go to Profiles &

    @AdsPowerBrowser

    9 Jun 2025

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🔒 Masz Chrome? Kliknij “Zaktualizuj” i zrestartuj – Google załatał groźną lukę CVE-2025-5419 już wykorzystywaną przez hakerów. 60 sekund i po stresie. #BezpiecznaFirma #SME #cyberbezpieczenstwo https://t.co/qUAltzYacA

    @PointZeroPL

    9 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🆕 #AdsPower 現已支持 Chrome 137 內核! 爲提供更安全、流暢的使用體驗,我們已完成瀏覽器內核昇級,現全麵支持 Chrome 137。 本次更新同步優化了 V8 引擎,響應更快,穩定性更強,同時也覆蓋了近期 Chrome 官方修

    @adspowercn

    9 Jun 2025

    470 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. Chrome緊急修正: V8エンジンのゼロデイ脆弱性CVE-2025-5419が悪用中、今すぐアップデートを https://t.co/7O40inWPs5 Chromeユーザーは、ブラウザが最新版(Windows/Mac: 137.0.7151.68/.69、Linux: 137.0.7151.68)になっているか確認し

    @innovaTopia_JP

    8 Jun 2025

    124 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Chrome緊急修正: V8エンジンのゼロデイ脆弱性CVE-2025-5419が悪用中、今すぐアップデートを https://t.co/0r9NjDeIUl

    @pen_senpai

    8 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    8 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. CVE-2025-5419 (CVSS:8.8, HIGH) is Analyzed. Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl..https://t.co/p8xXDrZLue #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 今週、Chrome(クローム)ブラウザーに関する警告が再び報じられている。グーグルは攻撃が進行中であることを認め、約30 億人のユーザーに緊急アップデートを配信した(「CVE-2025-5419:深刻度 High」への対

    @acchonvurike

    8 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 今週、Chrome(クローム)ブラウザーに関する警告が再び報じられている。グーグルは攻撃が進行中であることを認め、約30 億人のユーザーに緊急アップデートを配信した(「CVE-2025-5419:深 ソース: Yahoo!ニュ

    @nyaoki3396

    7 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    7 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. Google Chromium V8, Exécution de code arbitraire, atteinte à la confidentialité et à l’intégrité du système. 🛡️ Alerte CISA : Exploitation active de la vulnérabilité CVE-2025-5419 affectant le noyau Chromium V8. https://t.co/8yhtDvg14t

    @NicolasCoolman

    7 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    7 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. 🚨Update Chrome ASAP! Google patched a critical vulnerability (CVE-2025-5419) actively exploited in the wild. Protect your data by going to **Settings > About Chrome** & relaunching after the update. Stay safe online! #CyberSecurity #ChromeUpdate #TechNews https://t.co/2

    @Empist

    6 Jun 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 Zero-day alert! Google Chrome's CVE-2025-5419 is under active attack. Update ASAP to v137.0.7151.68+ to patch memory corruption exploit via malicious HTML. Share this crucial info! 🛡️ #Cybersecurity #ZeroDay #Chrome https://t.co/1nKJbyFwt8

    @fernandokarl

    6 Jun 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Content: Google Fixes Chrome Zero-Day with In-The-Wild Exploit (CVE-2025-5419) In a recent development, Google has mitigated two serious vulnerabil https://t.co/O5UHagHi1m https://t.co/pswoqHrnZv

    @AegisLens

    6 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨Google opravuje již třetí zero-day zranitelnost tento rok. Zranitelnost CVE-2025-5419 (CVSS skóre 8.8) v prohlížeči Google Chrome je podle společnosti hojně zneužívána. Chyba je způsobena out-of-bounds čtením a zápisem v prohlížečovém V8 JavaScript enginu

    @AlefSecurity

    6 Jun 2025

    83 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🔴🚨 جوجل تطلق تحديث طارئ لمتصفح كروم عشان تحمي 3 مليار مستخدم! 🚀 جوجل اكتشفت ثغرة خطيرة (CVE-2025-5419) ممكن يستغلها المهاجمين للهجوم على الأجهزة عن بعد. التحد

    @TekTrndz

    6 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Security Alert A Chrome zero-day vulnerability (CVE-2025-5419) is actively being exploited via malicious web pages. For your safety and to protect your assets, please update your browser immediately to: Chrome 137.0.7151.68/.69 (Windows/macOS) Chrome

    @Cascade1679624

    6 Jun 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    6 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. 🛡️ We added Google Chromium V8 out-of-bounds read and write vulnerability CVE-2025-5419 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/1xiWOtty4r

    @CISACyber

    5 Jun 2025

    6197 Impressions

    17 Retweets

    52 Likes

    9 Bookmarks

    4 Replies

    2 Quotes

  45. 🔴 #Google #Chrome, Heap Corruption, #CVE-2025-5419 (High) https://t.co/EIEK3cacdb

    @dailycve

    5 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Google fixed the second actively exploited Chrome zero-day since the start of the year Google patches third Chrome zero-day vulnerability this year, CVE-2025-5419, actively exploited in the wild. Experts urge immediate updates to mitig... Read more: https://t.co/h2sgypiBPh http

    @dailynews_ai_25

    5 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Important security update: @opera, @operagxofficial, Opera Air, and Opera for Android have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-5419 Update now to the latest versions: - Opera version 119.0.5497.70 - Opera GX version 119.0.5497.68 -

    @Opera_Security

    5 Jun 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 📢 GÜVENLİK DUYURUSU – Google Chrome Kritik Sıfır-Gün Açığı (CVE-2025-5419) Google, tarayıcısındaki “V8” JavaScript motorunda aktive olarak istismar edilen bir “out-of-bounds read/write” zafiyetini (CVE-2025-5419) kapatmak için acil bir güncelleme yayı

    @GMDestekMerkezi

    5 Jun 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Actively exploited CVE : CVE-2025-5419

    @transilienceai

    5 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. 停下手头的所有任务,马上更新浏览器 旧版Chrome已爆出严重漏洞: CVE-2025-5419,可被黑客远程执行任意代码,已有攻击案例! 💡更新方法:点击右上角【…】 > 设置 > 关于 Chrome > 自动更新 最新版本:

    @xiaxiaoyubing

    5 Jun 2025

    475 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations