A serious new zero-day vulnerability has been discovered in Google Chrome, and it’s already being actively exploited in the wild. First identified by Google’s Threat Analysis Group on May 27th, the flaw—now officially catalogued as CVE-2025-5419—affects Chrome’s V8 JavaScript engine across all major desktop platforms, including Windows, macOS, and Linux. This particular bug enables out-of-bounds memory access, allowing malicious actors to run unauthorized code and potentially take control of affected systems. Because of the nature of the vulnerability, it’s considered a high-severity threat.
Google released a patch for the issue on May 28th, but the rollout has not reached every user yet. That means many Chrome installations are still vulnerable as of early June—potentially including yours. If you haven’t seen an update notification recently, you could still be exposed. Even after the official announcement on June 2nd, many users have found their Chrome browsers still lagging behind the fixed version number. On one work PC, for instance, Chrome remained at version 137.0.7151.56 several days after the fix was available, and only updated after a manual check was performed.
To verify your own browser’s protection status, open Chrome and click the three-dot menu in the top right corner, then navigate to Help > About Google Chrome. Alternatively, typing chrome://settings/help into the address bar will take you directly to the version check screen. If your Chrome version is 137.0.7151.68 or higher, you’re safe. If not, Chrome should automatically begin updating once that screen is opened, followed by a restart prompt to complete installation.
While Google has not yet released the full technical details of the exploit—as is typical for active threats—users are strongly urged to update their browsers immediately. The delay in sharing specifics gives IT admins and end users alike time to patch their systems before attackers can widely replicate the vulnerability. The discovery of CVE-2025-5419 comes courtesy of Clément Lecigne and Benoît Sevens, both of whom have long track records identifying Chrome security issues. In the meantime, consider this a timely reminder of how critical it is to stay on top of software updates, especially for applications as frequently targeted as web browsers.
