If you haven’t updated Chrome yet, now’s the time to run

Google has released an urgent update for its Chrome browser to fix a high-severity zero-day vulnerability that is currently being exploited in real-world attacks. The flaw, tracked as CVE-2025-5419, is linked to an out-of-bounds read and write issue in V8, Chrome’s JavaScript engine. With a severity score of 8.8 out of 10, this vulnerability could allow attackers to take control of affected systems just by visiting a malicious website.

What’s at stake with this vulnerability

According to Google, a threat actor could craft a website that triggers remote code execution, potentially resulting in data theft, malware installation, or full system compromise. While details are being withheld until most users have updated, the company confirmed that “an exploit for CVE-2025-5419 exists in the wild,” making this a critical security concern for all Chrome users.

How to protect your device right now

Although Chrome typically updates automatically, users should manually confirm they’re running version 137.0.7151.68 or later. This version includes the patch for the vulnerability and is available on Windows, macOS, and Linux. To check for updates, go to the Chrome menu, then Help > About Google Chrome, and click “Relaunch” if prompted. Taking this extra step ensures your system isn’t exposed while waiting for the automatic update.

A growing pattern of critical fixes

This marks the third zero-day Chrome flaw fixed in 2025, following two previous patches issued in March and May. Last year alone, Google addressed 10 zero-day bugs, highlighting the ongoing threat landscape facing browser users. As Google delays full disclosure until updates are widely applied, staying current with patches is the best way to stay secure.