Overview
- Google deployed its emergency Chrome update on June 3 after mitigating the flaw with a configuration change on May 28
- Microsoft released a corresponding Edge patch to address CVE-2025-5419 following Google’s advisory
- CVE-2025-5419 is an out-of-bounds read/write in V8 that can enable remote heap-corruption exploits via crafted HTML pages
- The emergency release also corrects CVE-2025-5068, a use-after-free memory bug in Blink disclosed by an external researcher
- CISA has ordered all federal staff to install Chromium browser updates or stop using the software by June 26 to counter active exploits