Advisory 86: Google Chrome Vulnerability CVE-2025-5419
Release Date: 02nd of June 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
Out-of-bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
What are the Systems affected?
Google Chrome version prior to version 137.0.7151.68 or later
What this means?
- Allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- An Attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Mitigation process
- For Windows users, please upgrade to Google Chrome Version 137.0.7151.68/.69 or later.
- For Mac users, please upgrade to Google Chrome Version 137.0.7151.68.
- Contact CERTVU if you need further assistance
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-5419
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
- https://cwe.mitre.org/data/definitions/125.html
- Download advisory (English): Google Chrome Vulnerability CVE-2025-5419