Google on Wednesday launched safety updates for the Chrome net browser to handle 4 vulnerabilities, together with one which it stated has been exploited within the wild.
The zero-day vulnerability in query is CVE-2025-10585, which has been described as a kind confusion situation within the V8 JavaScript and WebAssembly engine.
Sort confusion vulnerabilities can have extreme penalties as they are often weaponized by unhealthy actors to set off surprising software program conduct, ensuing within the execution of arbitrary code and program crashes.
Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025.
As is often the case, the corporate didn’t share any further specifics about how the vulnerability is being abused in real-world assaults, by whom, or the dimensions of such efforts. That is performed to forestall different risk actors from exploiting the difficulty earlier than customers can apply a repair.
“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” it acknowledged in a terse advisory.
CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been both actively exploited or demonstrated as a proof-of-concept (PoC) for the reason that begin of the yr. This consists of: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
To safeguard towards potential threats, it is suggested to replace their Chrome browser to variations 140.0.7339.185/.186 for Home windows and Apple macOS, and 140.0.7339.185 for Linux. To ensure the newest updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, corresponding to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and after they grow to be obtainable.
