Actively exploited Google Chrome zero-day addressed

Out-of-band updates have been issued by Google to resolve a trio of security flaws impacting its Chrome browser, including the actively exploited high-severity zero-day out-of-bounds read and write vulnerability, tracked as CVE-2025-5419, The Hacker News reports.

The security issue, which was discovered by Google Threat Analysis Group researchers Clement Lecigne and Benot Sevens within the browser's V8 JavaScript and WebAssembly engine, "allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the bug's description on the National Institute of Standards and Technology's National Vulnerability Database. Additional details regarding the defect were not provided in a bid to ensure that the released updates have been implemented by Windows, macOS, and Linux users of the browser before exploitation by other malicious actors. Other Chromium-based browsers, including Microsoft Edge and Opera, are also having their users told to adopt fixes for the flaws once released. Google has previously addressed another actively exploited Chrome zero-day, tracked as CVE-2025-2783, earlier this year.