Summary

Vulnerability NameOut-of-Bounds Read/Write Vulnerability in V8 in Google Chrome (CVE-2025-5419)
Released onJune 3, 2025
Affected ComponentGoogle Chrome
Affected VersionChrome < 137.0.7151.68
Vulnerability TypeCode execution
Exploitation Condition
  1. User authentication: not required.
  2. Precondition: default configurations.
  3. Trigger mode: remote.
Impact

Exploitation difficulty: easy. Unauthorized attackers can exploit this vulnerability to execute arbitrary code or escape from the browser sandbox.

Severity: high-risk. This vulnerability may lead to arbitrary code execution or sandbox escapes.

Official Solution

 

Available

About the Vulnerability

Component Introduction

Google Chrome is a web browser developed by Google based on other open source software, including WebKit. It is designed to improve the browsing stability, speed, and security, aiming to create a simple but efficient user interface.

Vulnerability Description

On June 3, 2025, Sangfor FarSight Labs received notification of the out-of-bounds read/write vulnerability in V8 in Google Chrome (CVE-2025-5419), classified as high-risk in threat level.

Specifically, Chrome's V8 engine contains an out-of-bounds read/write vulnerability that allows attackers to manipulate memory in unintended ways, potentially leading to arbitrary code execution or browser sandbox escapes. This vulnerability has been reportedly exploited in the wild.

Affected Versions

The following Google Chrome versions are affected:

Chrome < 137.0.7151.68

Solutions

Remediation Solution

The latest version has been officially released to fix the vulnerability. Affected users are advised to update Google Chrome to one of the following versions as needed:

Google Chrome on Windows and macOS: 137.0.7151.68/.69

Google Chrome on Linux: 137.0.7151.68

Download link: https://www.google.cn/intl/zh-CN/chrome/

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

Roundup of Microsoft Patch Tuesday (May 2025)

Date : 15 May 2025
Read Now

CVE-2025-31644: Command Injection in Appliance Mode in F5 BIG-IP

Date : 14 May 2025
Read Now

CVE-2025-32432: Craft CMS Remote Code Execution

Date : 28 Apr 2025
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure - A SASE Solution