Chrome Update: Fixing Critical Zero-Day Vulnerability
The critical zero-day vulnerability affects multiple web browsers that utilize the Chromium engine, and users are advised to update their browsers immediately to prevent remote attackers from executing arbitrary code on their systems, with Google's update fixing the issue and providing protection against active threats.
A critical zero-day vulnerability in Google Chrome's V8 JavaScript engine is being actively exploited by cybercriminals, prompting CISA to issue a warning and Google to release emergency security updates to patch the issue, affecting Chrome versions prior to 137.0.7151.68.
The vulnerability, which has a CVSS score of 8.8, classifying it as high severity, allows remote attackers to execute arbitrary code on victims' systems. Google's Threat Analysis Group discovered the issue, and the US government has issued a 21-day deadline for federal staff to update or stop using Chrome. The update also fixes another memory issue, CVE-2025-5068, a "use after free in Blink" problem.
Other browsers that use Chromium, such as Microsoft Edge and Opera, may also be affected and will need to issue emergency patches. Google has released an urgent update for Chrome, version 137.0.7151.68/69 for Windows and Mac, and 137.0.7151.68 for Linux, to fix the zero-day bug, CVE-2025-5419. Users are advised to restart their browser to ensure they have the latest update.
CISA is urging all organizations and individual users to prioritize updating their browsers to protect against active threats. With the vulnerability already being used in attacks, it is essential to take immediate action to prevent potential harm. Google's emergency update is a crucial step in mitigating the issue, and users should take advantage of it as soon as possible.