Google has issued version 137.0.7151.68/.69 of Chrome for Windows and macOS, along with version 137.0.7151.68 for Linux. These updates are being rolled out gradually over the coming days and weeks. They address two high-severity security flaws within Chrome’s V8 JavaScript engine.
The first, identified as CVE-2025-5419, has a CVSSv3 score of 8.8. It is an ‘out of bounds read and write’ vulnerability in V8 which could allow a remote attacker to corrupt memory on the heap by luring users to visit a specially crafted HTML page. The second, CVE-2025-5068, also carries a CVSSv3 score of 8.8. This flaw is a ‘use after free’ vulnerability in Blink, Chrome’s rendering engine, which could likewise be exploited through a malicious HTML page to trigger heap corruption. Google has confirmed that an exploit for CVE-2025-5419 is currently being used in the wild.
Google has released security updates addressing multiple vulnerabilities in the Android operating system, including CVE-2025-26443, a critical remote code execution (RCE) flaw within the System component. Several serious vulnerabilities found in Qualcomm components have also been resolved as part of the most recent Android security updates.
Roundcube has issued updates for its Webmail application, releasing versions 1.6.11 and 1.5.10. These updates resolve a critically rated security flaw affecting the platform. Roundcube is an open-source, browser-based email client designed to manage emailsThe vulnerability, identified as CVE-2025-49113, holds a CVSSv3 score of 9.9 and involves the deserialisation of untrusted data. A remote attacker with valid authentication could exploit this flaw to execute arbitrary code on the server.
Cisco has rolled out software updates for its Identity Service Engine (ISE), addressing a critical vulnerability within the product. The Cisco Identity Services Engine (ISE) is a policy service that provides context-aware control over access and threats across wired, wireless, and VPN networks.
The vulnerability, identified as CVE-2025-20286, carries a CVSSv3 score of 9.9 and involves the use of a hard-coded password. Exploiting this flaw could enable an attacker to gain access to sensitive information, perform certain administrative actions, change system settings, or disrupt services in the affected systems.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Google – Chrome Releases
Google (Android) – Android Security Bulletin
Roundcube – Security Updates
Cisco – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.