Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users.
New warnings have been issued for Chrome’s 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away.
More critically, an ongoing update mandate deadline in now just 7 days away. America’s cyber defense agency warns Chrome “contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.” CISA says update before June 26 or stop using Chrome.
The formal mandate applies just to federal employees, but CISA operates “for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.” That means all organizations should take note of this deadline and adhere if possible.
That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered “a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser.”
Now, Positive Technologies says its Threat Intelligence Department “analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)” dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate.
The current CISA update mandate is for CVE-2025-5419, which is also an “out-of-bounds read and write in V8,” a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We’re two weeks into CISA’s mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads.
While home users should adhere to CISA warnings, it’s more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it’s a race against time for attackers to use it or lose it when browsers are patched. Do that right away.