Vulnerability within the JavaScript engine
The Chrome group described the vulnerability as an out of bounds reminiscence learn and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is utilized in different initiatives as properly, together with the Node.js runtime. As a result of the engine is designed to interpret and execute JavaScript and WebAssembly code, the vulnerability can seemingly be triggered remotely by customers merely visiting internet pages that load maliciously crafted code.
“Entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair,” Google stated in its advisory. “We will even retain restrictions if the bug exists in a third-party library that different initiatives equally depend upon, however haven’t but mounted.”
Other than CVE-2025-5419, the brand new Chrome replace additionally fixes a medium-severity use-after-free reminiscence bug in Blink, the browser’s rendering engine. This vulnerability was privately reported by a researcher who obtained a $1,000 bounty for it.
