CVE Tools

Home/Vulnerability/CVE-2025-5419

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jun 2, 2025Updated: Oct 24, 2025 Sources: CVE List NVD BDU

NVD MITRE

8.8CVSS

HIGH

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score

3.8%

Top 11.6%

CISA KEV

Active Exploitation

Since Jun 5, 2025

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Weaknesses

CWE-125 CWE-787

Affected Products

Chrome

Google

chrome

google

edge chromium

microsoft

РЕД ОС

ООО «Ред Софт»

Astra Linux Special Edition

ООО «РусБИТех-Астра»

and 4 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

CISA Known Exploited Vulnerability

Added to KEV:Jun 5, 2025

Remediation due:Jun 26, 2025

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Official Patch Available