Google Chrome Fixes High-Severity Zero-Day Vulnerability in Out-of-Band Update

⚡ TL;DR | Go Straight to the Google Chrome 137 Vulnerability Audit Report

Google has released an urgent out-of-band security update for Chrome 137 fixing 2 security issues, one of which is already actively exploited in the wild. We have added a new report to Lansweeper to help you locate vulnerable Chrome installations.

Google Chrome 137 Vulnerability CVE-2025-5419

The update for Google Chrome 137 addresses a high-severity vulnerability tracked as CVE-2025-5419, an out of bounds read and write vulnerability in V8. According to the NIST National Vulnerability Database (NVD), the issue could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Google’s advisory confirms that the vulnerability is under active exploitation in the wild, but as usual, they haven’t revealed any further details about the nature of any known exploits, to avoid further exploitation.

Update Vulnerable Chrome Installations

This zero-day has been fixed in the new update for Chrome 137, that is version 137.0.7151.68/.69 for Windows and Mac or 137.0.7151.68 for Linux. As always, Google is holding off on releasing further details until a majority of users has had a chance to update their installations. That way malicious actors won’t be able to leverage the additional information for further attacks.

Discover Vulnerable Chrome Installs

We have added an updated Google Chrome audit report to your Lansweeper installation to help you locate any vulnerable instances of Google Chrome in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.