Google Releases a Patch to Fix the Third Zero-Day Bug in Chrome This Year
In a security advisory, Google confirms that it is aware of the exploit for CVE-2025-5419. It is caused by a read and write error in the V8 JavaScript engine of Google Chrome.
Update Rollout Already in Progress
The flaw was reported last week by researchers from Google itself and was immediately resolved through a configuration change. Google confirms that the bug has been exploited but is withholding further details for now.
The update (137.0.7151.68/.69) is being automatically rolled out to users on Windows, Mac, and Linux. If you want to update manually, you can go to About Google Chrome via the Chrome menu, wait for the update to complete, and then restart the browser. This will install the patch immediately.
Third Zero-Day in Chrome this Year
Google Chrome has already dealt with three zero-day vulnerabilities this year, according to BleepingComputer. Two more were patched in March and May. The first was used to spread malware in espionage attacks on Russian media. By exploiting the vulnerability in May, malicious actors could take over corporate accounts.
Additionally, several companies are interested in acquiring Google Chrome, should the opportunity ever arise. Both OpenAI and Yahoo would reportedly be willing to pay at least fifty billion dollars for the popular browser.