Dangerous zero-day vulnerability on Google Chrome, users pay attention

Google has just released an emergency update for its Chrome browser to fix two serious security vulnerabilities, including a zero-day vulnerability that is being actively exploited by hackers.

Cybersecurity experts warn that billions of users worldwide may be at risk of having sensitive data leaked, including session tokens, cookies and login credentials.

Two Critical Vulnerabilities: Real-World Exploitation and Data Leakage

The first vulnerability, identified as CVE-2025-5419 , exists in the V8 Engine - Chrome's JavaScript and WebAssembly processor.

According to an official announcement from Google, this vulnerability allows attackers to perform read and write operations beyond the allocated memory area, opening up the possibility of remote execution of malicious code.

In fact, a user simply had to visit a website containing the exploit code for an attacker to take control of their browser or device. Google confirmed that the vulnerability was being exploited before it was publicly disclosed, making it one of the most worrying cybersecurity threats of the first half of this year.

The second vulnerability, CVE-2025-4664 , involves the way the browser handles HTTP headers and referrer-policy when loading sub-resources. According to the researchers, an attacker could exploit this weakness to collect sensitive information via the URL, including OAuth access tokens, session IDs, and parameters containing private data.

More dangerously, this attack mechanism can happen silently, without requiring any action from the user other than visiting an infected website.

Global alert and response from Google

Shortly after the vulnerabilities were discovered, Google released corresponding security updates: versions 137.0.7151.68/.69 for Windows, Linux, and macOS to patch CVE-2025-5419, and versions 136.0.7103.113/.114 to fix CVE-2025-4664.

Cybersecurity agencies like the US CISA and India's CERT-In have simultaneously issued urgent warnings, asking users and organizations to update their Chrome browser immediately to avoid falling victim to the ongoing attacks.

Risks to Individual and Business Users

Security experts say both vulnerabilities can be exploited to steal personal information, take control of browsers, and even pave the way for larger-scale attacks such as installing malware, spying, or encrypting data for ransom.

As the time it takes to exploit a vulnerability is shortening from days to just hours after the information is published, timely software updates are vital.

Even with the exploitation time almost immediately after the vulnerability is discovered , attackers can launch malicious code within just a few hours, creating huge pressure on systems that have not had time to update.

How to prevent and protect data

For individual users, the advice is to visit the "About Google Chrome" section in the help section to check the version and update the browser immediately (Go to Menu > Help > About Google Chrome). After updating, restart the browser to ensure the patch is applied.

At the same time, users should avoid clicking on suspicious links, especially from emails, social networks or untrusted websites.

Using security software, URL filters, or safe browsing extensions is also recommended to reduce risk.

For businesses and organizations that need to automatically update Chrome across all devices on their network, monitor network traffic for anomalies, and internally alert employees to potential data breaches.

Automated security monitoring tools like Wazuh or sandbox solutions can also be used to detect exploits being used.