Google patches new Chrome zero-day bug exploited in attacks www.bleepingcomputer.com/news/secu…

Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year.

“Google is aware that an exploit for CVE-2025-5419 exists in the wild,” the company warned in a security advisory published on Monday.

This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group. Google says the issue was mitigated one day later by a configuration change the company pushed to the Stable channel across all Chrome platforms.