Back to KEVs

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 01, 2025
Published Date
June 02, 2025
Last Updated
June 05, 2025
Vendor
Google
Product
Chrome
Description
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Tags
cisa

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Score
4.23% (Percentile: 88.23%) as of 2025-06-14

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-06-03 04:30:47 UTC) Source

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/420636529

Known Exploited Vulnerability Information

Source Added Date
TheHackerNews 2025-06-03 04:30:40 UTC

Recent Mentions

CISA Adds One Known Exploited Vulnerability to Catalog

Source: All CISA Advisories • Published: 2025-06-05 12:00:00 UTC

 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-5419 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.  Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Source: TheHackerNews • Published: 2025-06-03 04:22:00 UTC

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out of bounds read and write in V8 in Google

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel