Ddos 
Google has rolled out a critical security update for the Chrome browser in its Stable channel, bumping the version to 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux. This patch addresses multiple vulnerabilities, including a zero-day that is already under active exploitation.
The most serious issue patched in this release is CVE-2025-5419, a high-severity out-of-bounds read and write vulnerability in V8, Chrome’s JavaScript engine. This flaw was reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025. “Google is aware that an exploit for CVE-2025-5419 exists in the wild,” The company confirmed.
Out-of-bounds read/write vulnerabilities typically allow attackers to manipulate memory in unintended ways, potentially leading to arbitrary code execution or browser sandbox escapes. The bug was quickly mitigated via a configuration change pushed to Stable on May 28, 2025, just a day after it was reported. As this flaw could be used in targeted attacks, possibly by state-sponsored actors, updating Chrome is not optional—it’s essential.
Also addressed in this update is CVE-2025-5068, a medium-severity use-after-free vulnerability in Blink, Chrome’s rendering engine. The issue was discovered by an external researcher known as Walkman and reported on April 7, 2025. Google awarded a $1,000 bounty for the disclosure.
Use-after-free bugs occur when a program continues to use a memory location after it has been freed, which can lead to heap corruption, data leaks, or even remote code execution, depending on the context.
Given the active exploitation of CVE-2025-5419, users should not delay updating Chrome. Enterprise administrators should prioritize this patch in managed environments. To ensure you’re protected, navigate to Settings > About Chrome, and verify that your browser is updated to version 137.0.7151.68 or later.
Donate