CVE-2025-5419

Google patches new Chrome zero-day bug exploited in attacks By Sergiu Gatlan June 3, 2025 06:22 AM 0 Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. "Google is aware that an exploit for CVE-2025-5419 exists in the wild," the company warned in a security advisory published on Monday. This high-severity vulnerability is caused by an out-of-bounds read and write weakn...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Stealthy Falcon swoops on WebDAV and Redmond's even patching IE!

Patch Tuesday It's Patch Tuesday time again, and Microsoft is warning that there are a bunch of critical fixes to sort out - and two actively exploited bugs. Redmond reported 66 flaws to be fixed in its monthly patch bundle, including one that was a zero-day until 1000 Pacific Time today. There are ten critical patches, but two of the important ones are under active exploitation, and Microsoft has taken the unusual step of issuing patches for one bug all the way back to out-of-support platforms ...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind

Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day. Google Threat Analysis Group (TAG) team members Clement Lecigne and Benoît Sevens spotted the high-severity bug, tracked as CVE-2025-5419, on May 27. It's an out-of-bounds read and write vulnerability in Chrome's V8 JavaScript engine that could allow a remote attacker to corrupt memory and potentially hijack execution via a booby-trapped HTML page. Attackers co...