Tag :
Cyber Security

Summary

Vulnerability Name Out-of-Bounds Read/Write Vulnerability in V8 in Google Chrome (CVE-2025-5419)
Released on June 3, 2025
Affected Component Google Chrome
Affected Version Chrome < 137.0.7151.68
Vulnerability Type Code execution
Exploitation Condition
  1. User authentication: not required.
  2. Precondition: default configurations.
  3. Trigger mode: remote.
Impact

Exploitation difficulty: easy. Unauthorized attackers can exploit this vulnerability to execute arbitrary code or escape from the browser sandbox.

Severity: high-risk. This vulnerability may lead to arbitrary code execution or sandbox escapes.

Official Solution

 

 Available

About the Vulnerability

Component Introduction

Google Chrome is a web browser developed by Google based on other open source software, including WebKit. It is designed to improve the browsing stability, speed, and security, aiming to create a simple but efficient user interface.

Vulnerability Description

On June 3, 2025, Sangfor FarSight Labs received notification of the out-of-bounds read/write vulnerability in V8 in Google Chrome (CVE-2025-5419), classified as high-risk in threat level.

Specifically, Chrome's V8 engine contains an out-of-bounds read/write vulnerability that allows attackers to manipulate memory in unintended ways, potentially leading to arbitrary code execution or browser sandbox escapes. This vulnerability has been reportedly exploited in the wild.

Affected Versions

The following Google Chrome versions are affected:

Chrome < 137.0.7151.68

Solutions

Remediation Solution

The latest version has been officially released to fix the vulnerability. Affected users are advised to update Google Chrome to one of the following versions as needed:

Google Chrome on Windows and macOS: 137.0.7151.68/.69

Google Chrome on Linux: 137.0.7151.68

Download link: https://www.google.cn/intl/zh-CN/chrome/

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Linux Cryptojacking Could be Secretly Draining Your Server Resources

Date : 26 May 2026
Read Now

GoldFactory Targets Vietnam and Thailand with Mobile Banking Fraud

Date : 12 May 2026
Read Now

LiteLLM SQL Injection (CVE-2026-42208)

Date : 29 Apr 2026
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR - Extended Detection and Response
Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail