Zero-day gap in Google Chrome is actively exploited
The BSI warns of dangerous security gaps in the Google Chrome browser. One of the weak points is already being actively used by hackers. Users should act immediately to protect their systems from possible attacks.
BSI publishes new chrome security warning
The Federal Office of Information Technology (BSI) has another urgent Warning to security gaps Published in Google Chrome and recommends all users to update the browser immediately. Google has already published a security update for Chrome to close the three serious weaknesses. It is particularly alarming that one of the vulnerabilities is already being actively exploited by hackers, like the company in its Blog communicated. It is the zero-day gap registered as CVE-2025-5419, which has a high threat level.
Possibility to carry out malice code
The security gap is located in the V8 JavaScript and webassembly engine of the browser and enables attackers through faulty memory management (out-of-bound-reading and write) potentially the execution of malice code. The weak point was discovered by security experts from the Google Threat Analysis Group, which reported the error a week ago. According to BSI, distant, anonymous attackers can take advantage of such weak points to carry out any program code on affected systems or to carry out other non -specific attacks. As with similar security gaps in the past, the BSI has classified the risk as high.
All Chromium browsers affected
The security gap affects all non-updated chrome variants. Users are certainly only from the following versions:
- Google Chrome for Windows: version 137.0.7151.68/.69
- Google Chrome for Mac: version 137.0.7151.68/.69
- Google Chrome for Linux: version 137.0.7151.68
Other browsers based on Chromium such as Microsoft Edge, Brave, Opera and Vivaldi are potentially affected and should be updated as soon as the respective manufacturers provide the patches. It has already been the third actively exploited security gap in Chrome since the beginning of the year. Similar weaknesses were previously closed by emergency updates in March and later in May. The Lücke (CVE-2025-2783) discovered in March was used, according to Kaspersky reports against Russian government organizations and media companies. Infographic Browsermarkt: The steep climb of Google Chrome
Background to Zero-Day attacks
Zero-day weak spots are particularly dangerous because they refer to security gaps that are still unknown to manufacturers or for which no patches are yet available. The term “zero-day” refers to the fact that developers had zero days to develop a solution after the weak point became known. Cybercriminals use this period to carry out attacks before protective measures can be implemented.
The V8 engine, in which the current weak point was found, is the heart of Chrome and processes JavaScript code as well as webassembly programs. This engine was originally developed by Google and is also used in Node.js. Due to their central role in the execution of web content, security gaps in V8 are particularly critical because they can enable attackers to access the system.
This is how Chrome is updated
Chrome usually updates automatically when new security patches are available. To ensure that the update has been installed, users in the Chrome menu can check under “Help”> “About Google Chrome”. It shows whether the browser is up to date. After completing the update, the browser should be restarted using the “Restart” button so that the changes become effective. Google consciously relates to further details about the weak point.
This is a usual procedure for active threats to prevent other attackers from being able to take advantage of the weak point before the majority of users updated their browsers. Only when a sufficient number of users have installed the update will usually be published more detailed technical information.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
