[Vulnerability Alert] Heap Overflow Vulnerability in Chromium-based Browsers (CVE-2025-5419) – Immediate Action Recommended
publish date :
2025-06-19
update date :
2025-06-19
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025061809065454 | Publication Time | 2025/06/18 09:44 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/06/18 09:44 |
| Impact Level | Medium | ||
| [Subject] [Vulnerability Alert] Heap Overflow Vulnerability in Chromium-based Browsers (CVE-2025-5419) – Immediate Action Recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202506-00000061 A heap overflow vulnerability (CVE-2025-5419) has been identified in multiple Chromium-based browsers, including Google Chrome, Microsoft Edge, Vivaldi, Brave, and Opera. Remote attackers can exploit this flaw through malicious HTML webpages to corrupt memory and potentially achieve remote code execution or sandbox escape. This vulnerability has been actively exploited in the wild. Prompt patching is strongly advised. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Google Chrome versions prior to 137.0.7151.68 Microsoft Edge (Chromium-based) versions prior to 137.0.3296.62 Vivaldi versions prior to 7.4.3684.50 Brave versions prior to 1.79.119 Opera versions prior to 119.0.5497.70 |
|||
| [Recommended Actions] Update Google Chrome to version 137.0.7151.68 or later https://support.google.com/chrome/answer/95414?hl=zh-Hant Update Microsoft Edge to version 137.0.3296.62 or later https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 Update Vivaldi to version 7.4.3684.50 or later https://help.vivaldi.com/desktop/install-update/update-vivaldi/ Update Brave to version 1.79.119 or later https://community.brave.com/t/how-to-update-brave/384780 Update Opera to version 119.0.5497.70 or later https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-5419 2. https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.htm 3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419 4. https://vivaldi.com/blog/desktop/minor-update-two-7-4/ |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center