Google successfully mitigated a high-severity Chrome zero-day vulnerability, CVE-2025-5419, reported by the Threat Analysis Group. This out-of-bounds vulnerability in the V8 JavaScript engine poses risks of memory corruption and execution hijacking via malicious HTML. In response, Google implemented a configuration change across all Chrome platforms, with an official patch included in the latest update. The article details the ongoing threats from zero-days, noting past incidents involving espionage by state actors and the increasing frequency of such vulnerabilities.
Google is aware that an exploit for CVE-2025-5419 exists in the wild, adding that the issue was mitigated by a configuration change.
The Monday Chrome update also patches a medium-severity, use-after-free flaw in the open-source rendering engine Blink.
Collection
[
|
...
]