CVE-2025-5419

CVSS 8.8 HIGHEPSS 6.5%● KEVCWE-125 CWE-787

In short

Google Chrome had a bug in its V8 engine that allowed attackers to read and write data outside intended memory boundaries through a specially crafted webpage, potentially crashing the browser or executing malicious code.

Technical detail

Out-of-bounds read/write vulnerability in V8 engine (CWE-125, CWE-787) exploitable via crafted HTML; requires user to visit malicious page; impacts heap integrity and may lead to arbitrary code execution or denial of service.

Summary generated and translated by AI from the official description.

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

public PoCs found — 4

githubgithub.com/mistymntncop/CVE-2025-5419★ 95 githubgithub.com/bjrjk/CVE-2025-5419★ 30 githubgithub.com/itsShotgun/chrome_v8_cve_checker★ 2 githubgithub.com/riemannj/CVE-2025-5419★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/420636529 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419