Google fixes another actively exploited vulnerability in Chrome, so update now! – Malwarebytes

/in , /by

Activate Subscription >
Add devices or upgrade >
Renew Subscription >
Billing >
Don’t have an account?
Sign up >

< Products
Have a current computer infection?
Try our antivirus with a free, full-featured 14-day trial
Get your free digital security toolkit
Find the right cyberprotection for you

< Business
< Pricing
Protect your personal devices and data
Protect your team’s devices and data – no IT skills needed
Explore award-winning endpoint security for your business
< Resources

< Support
Malwarebytes and Teams Customers
Nebula and Oneview Customers
Google has released an update for the Chrome browser to patch an actively exploited flaw.
The update brings the Stable channel to versions 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux.
The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.
To manually get the update, click the “more menu” (three stacked dots) >  Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from the vulnerability.
This update is crucial since it addresses an actively exploited vulnerability which could allow an attacker to exploit a specially crafted HTML page (website).
The vulnerability tracked as CVE-2025-5419 is an out-of-bounds read and write in Google Chrome’s “V8,” which is the engine that Google developed for processing JavaScript. Prior to Google Chrome version 137.0.7151.68, this vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
V8 has been a significant source of security problems in the past.
An out-of-bounds read and write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.
Google knows that attackers currently exploit CVE-2025-5419 in the wild, but released no details yet on who exploits the flaw, how they do it in real-world attacks, or who the targets are in those attacks. However, the Google Threat Analysis Group (TAG) team, which discovered the exploit, focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.
This Chrome update also patches a medium-severity, use-after-free flaw (CVE-2025-5068) in the open-source rendering engine Blink and one internally discovered vulnerability.
We don’t just report on browser vulnerabilities. Malwarebytes’ Browser Guard protects your browser against malicious websites and credit card skimmers, blocks unwanted ads, and warns you about relevant data breaches and scams.

SHARE THIS ARTICLE
July 18, 2025 – Meta executives settled a shareholders' lawsuit alleging continuous disregard of privacy regulations for the price of $8 billion.
July 17, 2025 – The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
July 17, 2025 – A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.
July 17, 2025 – Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.
July 16, 2025 – A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.
ABOUT THE AUTHOR
Pieter Arntz
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
COMPUTER SECURITY
MOBILE SECURITY
PRIVACY PROTECTION
IDENTITY PROTECTION
LEARN ABOUT CYBERSECURITY
PARTNER WITH MALWAREBYTES
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
2445 Augustine Drive
Suite 550
Santa Clara, CA
USA, 95054
ABOUT MALWAREBYTES
WHY US
GET HELP
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
© 2025 All Rights Reserved

source

You might also like
Keeping up with Google Home app updates could soon be a lot simpler – Android Police
SMBs Turn to AI to Supercharge Social Media Marketing and Content Creation – Influencer Marketing Hub
AI Integration in Search Statistics And Facts (2025) – Coolest Gadgets
L’Oreal Partners With Google on Gen AI-Accelerated Content Generation – Consumer Goods Technology
How Smart Marketers Use AI Search Ads to Beat Competitors & Boost Revenue – Techpoint Africa
10+ Best Surfer SEO Alternatives of 2025 (Reviewed) – DemandSage
15 Must-Attend SEO & SEM Conferences in 2025 – DesignRush
The latest AI-powered martech news and releases – MarTech