Post

CISA Adds Critical Google Chromium V8 Flaw to Known Exploited Vulnerabilities Catalog

Posted
By Tom Grant
2 min read
CISA Adds Critical Google Chromium V8 Flaw to Known Exploited Vulnerabilities Catalog

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, actively exploited in the wild, underscores the importance of prompt updates and vigilant security measures.

Main Content

CISA Adds Google Chromium V8 Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419, to its Known Exploited Vulnerabilities (KEV) catalog.

Google Releases Emergency Updates

This week, Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including CVE-2025-5419, which is actively being exploited in the wild. This vulnerability allows an attacker to trigger heap corruption via a crafted HTML page, posing a significant risk to users.

Vulnerability Details

The flaw resides in the V8 JavaScript engine in Google Chrome. It was reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on May 27, 2025. Google promptly addressed the issue with a configuration update applied to all Chrome Stable platforms on May 28, 2025.

“Google is aware that an exploit for CVE-2025-5419 exists in the wild.” 1

Chrome Update Information

Chrome Stable has been updated to version 137.0.7151.68/.69 for Windows and Mac, and 137.0.7151.68 for Linux. The update is rolling out in the coming days, and users are advised to apply it immediately.

CISA Directives and Recommendations

According to the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must address the identified vulnerabilities by the due date to protect their networks. CISA has set a deadline of June 26, 2025, for federal agencies to fix the vulnerabilities.

Private organizations are also urged to review the Catalog and address the vulnerabilities in their infrastructure to mitigate risks.

Follow for More Updates

Follow Pierluigi Paganini on Twitter, Facebook, and Mastodon for more updates.

For more details, visit the full article: source

Conclusion

The addition of the Google Chromium V8 vulnerability to CISA’s KEV catalog highlights the ongoing threat of actively exploited vulnerabilities. Prompt updates and adherence to security directives are crucial for both federal agencies and private organizations to safeguard against such threats.

References

  1. Pierluigi Paganini (2025). “U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog”. Security Affairs. Retrieved 2025-06-05. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence cisa
This post is licensed under CC BY 4.0 by the author.