Update all browsers now.
Google has suddenly released an emergency Chrome update, warning that a vulnerability discovered by its Threat Analysis Group has been used in attacks. Such is the severity of the risk, that Google also confirmed that ahead of this update, the issue “was mitigated on 2025-05-28 by a configuration change” pushed out to all platforms.
Google says it “is aware that an exploit for CVE-2025-5419 exists in the wild,” and that full access to details on the vulnerability will “be be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
ForbesFBI And Police Warn Smartphone Users—Stop These CallsBy Zak Doffman
CVE-2025-5419 is an out of bounds read and write in V8, the type of dangerous memory flaw typically found and fixed on the world’s most popular browser. While it’s only marked as high-severity, the fact attacks are underway means applying the fix is critical.
There is already a U.S. government mandate for federal staff to update Chrome by Thursday or stop using the browser, after a separate attack warning. And there has been another release since then, with two high-severity fixes. It is inevitable that this latest warning and update will also prompt CISA to issue a 21-day update mandate.
There is a second fix included in this emergency update — CVE-2025-5068 is another memory issue, a “use after free in Blink,” that was disclosed by an external researcher.
ForbesMicrosoft Confirms Password Deletion—Now Just 8 Weeks AwayBy Zak Doffman
NIST warns that CVE-2025-5419 “allows a remote attacker to potentially exploit heap corruption via a crafted HTML page,” and that it applies across Chromium, suggesting other browsers will also issue emergency patches.
As usual, you should see a flag on your browser that the update has downloaded. You need to restart Chrome to ensure it takes full effect. All your normal tabs will then reopen — unless you elect not to do that. But your Incognito tabs will not reopen, so make sure you save any work or copy down any URLs you want to revisit.
