Google Chrome Active Exploitation - 20250603001

Overview

Google has released updates to address multiple vulnerabilities, including a zero-day vulnerability in V8, Chrome’s JavaScript engine.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Chrome Browser	all versios prior to 137.0.7151.68/.69	CVE-2025-5419	8.8	High

What has been observed?

Google is aware that an exploit for CVE-2025-5419 exists in the wild. CISA has added the vulnerability to their Known Exploited Vulnerabilities catalog. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• Google: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

Additional Resources

• SecurityOnline: https://securityonline.info/chrome-zero-day-alert-cve-2025-5419-actively-exploited-in-the-wild/
• CISA: https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog

Change Log

• 2025-06-03: Initial WA SOC advisory publication.
• 2025-06-06: CISA adds to KEV.