Headline
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be
Vulnerability / Browser Security
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild.
The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine.
Type confusion vulnerabilities can have severe consequences as they can be weaponized by bad actors to trigger unexpected software behavior, resulting in the execution of arbitrary code and program crashes.
Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025.
As is typically the case, the company did not share any additional specifics about how the vulnerability is being abused in real-world attacks, by whom, or the scale of such efforts. This is done to prevent other threat actors from exploiting the issue before users can apply a fix.
“Google is aware that an exploit for CVE-2025-10585 exists in the wild,” it acknowledged in a terse advisory.
CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. This includes: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
To safeguard against potential threats, it’s advised to update their Chrome browser to versions 140.0.7339.185/.186 for Windows and Apple macOS, and 140.0.7339.185 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Related news
July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV): 🔻 SFB – Chromium (CVE-2025-6554) There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to […]
Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.
July Microsoft Patch Tuesday. A total of 152 vulnerabilities – twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: 🔻 Memory Corruption – Chromium (CVE-2025-6554) One vulnerability has an exploit available on GitHub: 🔸 EoP – Windows Update Service […]
Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.
June Linux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities (CISA KEV). 🔻 SFB – Chromium (CVE-2025-2783)🔻 MemCor – Chromium (CVE-2025-5419)🔻 CodeInj – Hibernate Validator (CVE-2025-35036). This vulnerability is […]
June Linux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities (CISA KEV). 🔻 SFB – Chromium (CVE-2025-2783)🔻 MemCor – Chromium (CVE-2025-5419)🔻 CodeInj – Hibernate Validator (CVE-2025-35036). This vulnerability is […]
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild: 🔻 RCE – WEBDAV (CVE-2025-33053). The vulnerability is related to Internet Explorer mode in Microsoft Edge and […]
June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild: 🔻 RCE – WEBDAV (CVE-2025-33053). The vulnerability is related to Internet Explorer mode in Microsoft Edge and […]
In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.
Google has released an important update for Chrome, patching one actively exploited zero-day and two other security flaws
May Linux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 🤯 5 vulnerabilities are exploited in the wild: 🔻 RCE – PHP CSS Parser (CVE-2020-13756). In AttackerKB, an exploit exists.🔻 DoS – Apache ActiveMQ (CVE-2025-27533). In AttackerKB, an exploit exists.🔻 SFB – Chromium (CVE-2025-4664). In CISA KEV.🔻 PathTrav – […]
A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately.
April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild: 🔻 EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.🔻 […]
A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system