Google has released an emergency security update for all 3 billion Chrome users worldwide after discovering a dangerous vulnerability that is already being used in real-world attacks.
The issue, labeled CVE-2025-5419, affects Chrome’s V8 JavaScript engine and involves a memory flaw that allows hackers to read and write data they shouldn’t access. Though marked as “high-severity,” Google confirmed the vulnerability “is being exploited in the wild.”
Google’s Threat Analysis Group discovered the issue and pushed out a temporary fix on May 28. Now, the full patch is available through a browser update.
Another security flaw, CVE-2025-5068, was also fixed in this update. It was discovered by an external researcher and involves a “use-after-free” bug in the Blink rendering engine.
The U.S. government has already told federal staff to update Chrome immediately or stop using it. More emergency directives from CISA are expected in the coming days.
Google and cybersecurity experts are urging all users to:
- Update Chrome immediately
- Restart the browser after updating to activate the fix
- Save work in Incognito Mode before restarting, as those tabs will not reopen
Until most users are updated, Google will keep full technical details restricted to prevent further attacks.
Leave a comment