On Wednesday, Google will release a security update for its Chrome web browser to address four vulnerabilities.
The zero-day vulnerability in question is CVE-2025-10585, which is described as a confusion problem with the type of V8 JavaScript and WebAssembly engine.
Type confusion vulnerabilities can have serious consequences as they can be weaponized by bad actors and cause unexpected software behavior, resulting in arbitrary code and program crashes.
Google’s Threat Analysis Group (TAG) is acknowledged that it discovered and reported the defect on September 16, 2025.
Typically, we did not share any additional details about how vulnerabilities are being abused in real-world attacks or the scale of such efforts, or how vulnerabilities are being abused. This is done to prevent other threat actors from exploiting the issue before the user applies the fix.
“Google acknowledges that the CVE-2025-10585 exploit exists in the wild,” admitted with concise advice.
CVE-2025-10585 is a 6th zero-day vulnerability in Chrome that has been proven, whether actively used since the beginning of the year or as a proof of concept (POC). These include CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
To protect against potential threats, we recommend updating the version to Chrome browser 140.0.7339.185/.186 for Windows and Apple Macos and 140.0.73339.185 for Linux. To ensure that the latest updates are installed, users can use Google Chrome >[ヘルプ]>[ヘルプ]You can navigate to and select Renewal.
It is also recommended that users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, apply the fix when it becomes available.
Source link
