[Re-posting EN TOTO] Urgent Google Chrome ASAP To Fix Critical Vulnerability

Re-posting EN TOTO from lifehacker.comn 06.03.2025 Urgent Google Chrome ASAP-Fix Critical Vulnerability [by Emily Long]:  If you use Google Chrome, you need to update your browser right now. Google just released an emergency patch for a three security vulnerabilities, one of which is a zero-day that has been actively exploited.  Zero-days are high-severity flaws that are either actively exploited in the wild or publicly disclosed before the developer pushes an update to fix the vulnerability

The latest Chrome zero-day—labeled CVE-2025-5419—is an out-of-bounds read-and-write vulnerability that affects the V8 JavaScript engine, which would allow a remote attacker to "exploit heap corruption via a crafted HTML page."

The flaw was discovered and reported on May 27 by Clement Lecigne and Benoît Sevens from the Google Threat Analysis Group. While Google has acknowledged that the zero-day has been actively exploited, it hasn't disclosed any additional details as to how or by whom to prevent other bad actors from leveraging the bug until more Chrome users have applied the patch.

Google has confirmed that it pushed a configuration change to the Stable version of Chrome to address the vulnerability the day after it was discovered. On Monday, the company released a Stable channel update with patches for the zero-day and two additional security issues

Users should ensure they are on Chrome version 137.0.7151.68/.69 for Windows and macOS, and version 137.0.7151.68 for Linux. Check your version by opening the Chrome menu and selecting About Google Chrome. If an update is available, allow it to complete and relaunch your browser to install it.