The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Google
Chrome vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2025-5419, is an out-of-bounds read and write issue in the V8 JavaScript engine used in Google Chrome.
Google confirmed that the vulnerability is actively being exploited in the wild. Discovered by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group, it was reported on May 27, 2025, and patched the following day through a configuration update for all Chrome Stable platforms.
The vulnerability can be exploited via a specially crafted HTML page, potentially leading to heap corruption and further compromise. Although Google did not release detailed technical information, the company has updated Chrome to version 137.0.7151.68/.69 for Windows and Mac, and 137.0.7151.68 for Linux. The patch is being rolled out in the coming days.
Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch (FCEB) agencies are required to remediate the vulnerability by June 26, 2025. CISA also strongly urges private-sector organizations to consult the KEV catalog and address the issue to strengthen their cybersecurity posture.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
