Google on Wednesday launched safety updates for the Chrome internet browser to handle 4 vulnerabilities, together with one which it stated has been exploited within the wild.
The zero-day vulnerability in query is CVE-2025-10585, which has been described as a kind confusion problem within the V8 JavaScript and WebAssembly engine.
Sort confusion vulnerabilities can have extreme penalties as they are often weaponized by unhealthy actors to set off sudden software program habits, ensuing within the execution of arbitrary code and program crashes.
Google’s Risk Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025.
As is often the case, the corporate didn’t share any extra specifics about how the vulnerability is being abused in real-world assaults, by whom, or the size of such efforts. That is achieved to forestall different risk actors from exploiting the problem earlier than customers can apply a repair.
“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” it acknowledged in a terse advisory.
CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been both actively exploited or demonstrated as a proof-of-concept (PoC) for the reason that begin of the yr. This contains: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
To safeguard in opposition to potential threats, it is suggested to replace their Chrome browser to variations 140.0.7339.185/.186 for Home windows and Apple macOS, and 140.0.7339.185 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they change into out there.
