Vulnerability within the JavaScript engine
The Chrome staff described the vulnerability as an out of bounds reminiscence learn and write in V8, which is Chrome’s JavaScript and WebAssembly engine. The open-source V8 engine is utilized in different tasks as nicely, together with the Node.js runtime. As a result of the engine is designed to interpret and execute JavaScript and WebAssembly code, the vulnerability can probably be triggered remotely by customers merely visiting internet pages that load maliciously crafted code.
“Entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair,” Google stated in its advisory. “We may even retain restrictions if the bug exists in a third-party library that different tasks equally depend upon, however haven’t but mounted.”
Apart from CVE-2025-5419, the brand new Chrome replace additionally fixes a medium-severity use-after-free reminiscence bug in Blink, the browser’s rendering engine. This vulnerability was privately reported by a researcher who acquired a $1,000 bounty for it.
