Vulnerability cyber

Google

Jun 6, 2025 1 min read
Google

A critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine, identified as CVE-2025-5419, has been actively exploited by cybercriminals. This flaw allows remote attackers to execute arbitrary code on victims’ systems through specially crafted HTML pages. The vulnerability, acknowledged by CISA, affects Google Chrome versions prior to 137.0.7151.68 and poses significant risks to millions of users worldwide. The flaw was discovered and reported by security researchers from Google’s Threat Analysis Group on May 27, 2025. Google responded swiftly, implementing an initial mitigation and releasing emergency security updates on June 3, 2025.

Source: https://cybersecuritynews.com/cisa-chrome-0-day-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/google

"id": "goo611060625",
"linkid": "google",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Google Chrome',
                        'type': 'Web Browser'}],
 'attack_vector': 'Out-of-bounds read and write in V8 JavaScript and '
                  'WebAssembly engine',
 'date_detected': '2025-05-27',
 'date_publicly_disclosed': '2025-06-05',
 'date_resolved': '2025-06-03',
 'description': 'CISA issued an urgent warning about a critical zero-day '
                'vulnerability in Google Chrome’s V8 JavaScript engine that is '
                'being actively exploited by cybercriminals to execute '
                'arbitrary code on victims’ systems.',
 'impact': {'systems_affected': ['Google Chrome',
                                 'Microsoft Edge',
                                 'Opera',
                                 'Brave',
                                 'Vivaldi']},
 'motivation': 'Arbitrary code execution, browser sandbox escapes',
 'post_incident_analysis': {'corrective_actions': 'Emergency security updates',
                            'root_causes': 'Out-of-bounds read and write '
                                           'weakness in Chrome’s V8 JavaScript '
                                           'and WebAssembly engine'},
 'recommendations': 'Prioritize updating browsers as part of essential '
                    'vulnerability management practices',
 'references': [{'source': 'CISA'},
                {'source': "Google's Threat Analysis Group"},
                {'source': 'National Vulnerability Database'}],
 'regulatory_compliance': {'regulatory_notifications': 'CISA’s Binding '
                                                       'Operational Directive'},
 'response': {'containment_measures': 'Initial mitigation through a '
                                      'configuration change',
              'remediation_measures': 'Emergency security updates'},
 'title': 'Critical Zero-Day Vulnerability in Google Chrome’s V8 JavaScript '
          'Engine',
 'type': 'Zero-Day Vulnerability',
 'vulnerability_exploited': 'CVE-2025-5419'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

HPE

public 1 min read
Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.