Dangerous zero-day vulnerability in Google Chrome; users should be aware.

Google has just released an emergency update for the Chrome browser to fix two critical security vulnerabilities, including a zero-day vulnerability that is being actively exploited by hackers.

Cybersecurity experts warn that billions of users worldwide may be at risk of sensitive data leaks, including session tokens, cookies, and login information.

Two serious vulnerabilities: Actual exploitation and data leakage.

The first vulnerability, identified as CVE-2025-5419 , appeared in the V8 Engine – Chrome's JavaScript and WebAssembly processor.

According to an official announcement from Google, this vulnerability allows attackers to perform read and write operations beyond the allocated memory area, opening the door to remote code execution.

In fact, simply by accessing a website containing the exploit code, hackers can gain control of their browser or device. Google confirmed that this vulnerability had been exploited before it was publicly disclosed, making it one of the most concerning cybersecurity threats in the first half of this year.

The second vulnerability, CVE-2025-4664 , relates to how browsers handle HTTP headers and referrer-policy when loading auxiliary resources. According to researchers, hackers could exploit this weakness to collect sensitive information via URLs, including OAuth access tokens, session IDs, and parameters containing private data.

More dangerously, this attack mechanism can occur silently, requiring no action from the user other than accessing a website infected with malware.

Global alert and Google's response

Immediately after the vulnerabilities were discovered, Google released corresponding security updates: version 137.0.7151.68/.69 for Windows, Linux, and macOS to patch CVE-2025-5419, and version 136.0.7103.113/.114 to fix CVE-2025-4664.

Cybersecurity agencies such as the US's CISA and India's CERT-In have issued urgent warnings, urging users and organizations to update their Chrome browsers immediately to avoid becoming victims of ongoing attacks.

Risks for individual users and businesses

Security experts believe both vulnerabilities could be exploited to steal personal information, gain control of browsers, and even pave the way for larger-scale attacks such as malware installation, espionage, or ransomware encryption.

With the time it takes to exploit vulnerabilities shrinking, from days to just hours after information is released, timely software updates are crucial.

Furthermore, with the vulnerability being exploited almost immediately after discovery , attackers can release malware within hours, putting immense pressure on systems that haven't had time to update.

Ways to prevent and protect data

For individual users, the advice is to access the "About Google Chrome" section in the help menu to check the version and update the browser immediately (Go to Menu > Help > About Google Chrome). After updating, you need to restart the browser to ensure the patch is applied.

At the same time, users should avoid clicking on suspicious links, especially from emails, social media, or untrustworthy websites.

Using security software, URL filters, or other safe browsing tools is also recommended to minimize risks.

For businesses and organizations that need to deploy automatic Chrome updates across all devices on their network, monitor network access activity to detect anomalies, and internally alert employees about potential data leaks.

Automated security monitoring tools like Wazuh or sandbox solutions can also be used to detect exploits being used to exploit vulnerabilities.