CVE-2025-5419

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 137.0.7151.68 Microsoft Edge versions prior to 137.0.7151.68 Opera versions prior to 119.0.5497.70 Opera GX versions prior to 119.0.5497.68 Chromium versions prior to 137.0.7151.68

Description Google Chrome, Microsoft Edge, Opera, and Opera GX are affected by a high-severity zero-day vulnerability (CVE-2025-5419) in the V8 JavaScript engine. This vulnerability is an out-of-bounds read and write flaw that allows a remote attacker to potentially execute arbitrary code, leading to heap corruption via a crafted HTML page. The vulnerability is actively exploited in the wild. Attackers can exploit this flaw by luring victims to malicious websites. The vulnerability affects the V8 JavaScript and WebAssembly engine.

Recommendations Google Chrome versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later. Microsoft Edge versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later. Opera versions prior to 119.0.5497.70: Update to version 119.0.5497.70 or later. Opera GX versions prior to 119.0.5497.68: Update to version 119.0.5497.68 or later. Chromium versions prior to 137.0.7151.68: Update to version 137.0.7151.68 or later.