News Details

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google has released an urgent security update for the Chrome web browser, addressing four newly discovered vulnerabilities—including one zero-day that is actively being exploited.

The Zero-Day: CVE-2025-10585

The most serious flaw, CVE-2025-10585, is a type confusion vulnerability in Chrome’s V8 JavaScript and WebAssembly engine. Type confusion bugs occur when a program misinterprets the type of an object in memory, leading to unexpected behavior that attackers can abuse to execute arbitrary code or crash applications.

This flaw was reported on September 16, 2025 by Google’s Threat Analysis Group (TAG). While Google confirmed exploitation in the wild, it withheld technical details to prevent wider abuse until users have patched their systems.

Sixth Chrome Zero-Day This Year

CVE-2025-10585 marks the sixth Chrome zero-day in 2025, following earlier critical flaws:

• CVE-2025-2783
• CVE-2025-4664
• CVE-2025-5419
• CVE-2025-6554
• CVE-2025-6558

This trend highlights Chrome’s continued exposure as a high-value target for threat actors.

Security Updates Available

Google advises all users to update immediately:

• Windows & macOS: 140.0.7339.185/.186
• Linux: 140.0.7339.185

To verify, go to: Menu > Help > About Google Chrome, then select Relaunch to apply updates.

Users of Chromium-based browsers (Microsoft Edge, Brave, Opera, Vivaldi) should also apply fixes as soon as vendors release patches.

• Update Chrome to the latest version.
• Monitor security advisories for Chromium-based browsers.
• Treat this as a high-priority patch cycle given confirmed active exploitation.

Bottom line: CVE-2025-10585 is under active attack. Updating your browser is the only way to stay protected.