Google Fixes Chrome Zero-Day CVE-2025-10585 as Millions Are at Risk from an Active V8 Exploit
Google Fixes Chrome Zero-Day CVE-2025-10585 as Millions Are at Risk from an Active V8 Exploit
Google fixed four vulnerabilities in the Chrome web browser on Wednesday, including one that it said has been exploited in the wild.
The V8 JavaScript and WebAssembly engine includes a zero-day vulnerability known as CVE-2025-10585, which has been characterized as a type-misunderstanding problem.
Type confusion flaws can have serious repercussions because malicious actors can use them to cause unexpected software behavior, such as arbitrary code execution and program failures.
The vulnerability was found and reported by Google’s Threat Analysis Group (TAG) on September 16, 2025.
As is customary, the business provided no further details regarding the extent of the attempts, who is using the vulnerability, or how it is being used in actual assaults. This keeps additional threat actors from taking advantage of the problem before consumers have a chance to install a solution.
“Google is aware that an exploit for CVE-2025-10585 exists in the wild,” the company said in a brief alert.
Since the beginning of the year, CVE-2025-10585 has been the sixth Chrome zero-day vulnerability to be actively exploited or proven to be a proof-of-concept (PoC). CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558 are among them.
It is recommended that users update their Chrome browser to versions 140.0.7339.185/.186 for Windows and Apple macOS, and 140.0.7339.185 for Linux, in order to protect against any dangers. Users can go to More > Help > About Google Chrome and choose Relaunch to ensure the most recent updates are installed.
It is also recommended that users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, install the updates as soon as they are made available.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
New Techniques, Old File Types: Attackers Use Common Files as Weapons
About Author
English