Summary
| Vulnerability Name | Out-of-Bounds Read/Write Vulnerability in V8 in Google Chrome (CVE-2025-5419) |
|---|---|
| Released on | June 3, 2025 |
| Affected Component | Google Chrome |
| Affected Version | Chrome < 137.0.7151.68 |
| Vulnerability Type | Code execution |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. Unauthorized attackers can exploit this vulnerability to execute arbitrary code or escape from the browser sandbox. Severity: high-risk. This vulnerability may lead to arbitrary code execution or sandbox escapes. |
Official Solution
| Available |
About the Vulnerability
Component Introduction
Google Chrome is a web browser developed by Google based on other open source software, including WebKit. It is designed to improve the browsing stability, speed, and security, aiming to create a simple but efficient user interface.
Vulnerability Description
On June 3, 2025, Sangfor FarSight Labs received notification of the out-of-bounds read/write vulnerability in V8 in Google Chrome (CVE-2025-5419), classified as high-risk in threat level.
Specifically, Chrome's V8 engine contains an out-of-bounds read/write vulnerability that allows attackers to manipulate memory in unintended ways, potentially leading to arbitrary code execution or browser sandbox escapes. This vulnerability has been reportedly exploited in the wild.
Affected Versions
The following Google Chrome versions are affected:
Chrome < 137.0.7151.68
Solutions
Remediation Solution
The latest version has been officially released to fix the vulnerability. Affected users are advised to update Google Chrome to one of the following versions as needed:
Google Chrome on Windows and macOS: 137.0.7151.68/.69
Google Chrome on Linux: 137.0.7151.68
Download link: https://www.google.cn/intl/zh-CN/chrome/
References
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
