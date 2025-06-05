ETV Bharat / technology

3 Billion Chrome Users At Risk: Google Issues Emergency Update To Fix Vulnerability

Hyderabad: The Mountain View-based tech giant, Google, has released an emergency update for Chrome after its Threat Analysis Group discovered a zero-day vulnerability in the web browser used by 3 billion people in the world. The vulnerability, coded as CVE-2025-5419, involves a flaw in Chrome’s V8 engine and is known to be exploited in real-world attacks.

The vulnerability, reported as an “out-of-bounds read and write” in Chrome's V8 engine, could allow hackers to manipulate device memory and gain unauthorised access to sensitive data. The issue was labelled “high severity” rather than “critical,” and its active exploitation makes this cyber threat more dangerous.

The vulnerability was reported by Google’s Threat Analysis Group on May 27, 2025, and Google mitigated it the next day. It conducted a silent server-side configuration change, pushed on May 28 across all Chrome platforms, before officially alerting users or releasing a patch for the vulnerability. The company released Chrome version 137.0.7151.68 for Windows and Linux, and 137.0.7151.69 for Mac systems.

US cybersecurity authorities acted quickly once the issue came to their attention. Federal agencies were instructed to apply the Chrome update within a specified timeframe, typically 21 days, as mandated by CISA. The Cybersecurity and Infrastructure Security Agency (CISA) is expected to impose a 21-day mandatory update deadline.

What should users do