On Wednesday, Google issued security updates for the Chrome web browser to fix four vulnerabilities, one of which is currently being exploited. The critical flaw, CVE-2025-10585, is identified as a type confusion issue within the V8 JavaScript and WebAssembly engine. Such vulnerabilities can be dangerous, allowing attackers to execute arbitrary code or cause program crashes. Google’s Threat Analysis Group discovered this flaw on September 16, 2025. While specific details about the exploitation are not disclosed to prevent further abuse, Google has confirmed the vulnerability is being actively exploited. This marks the sixth zero-day vulnerability in Chrome this year. Users are urged to update their browsers to the latest versions—140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux—to protect against potential threats. Those using other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply updates as they become available.
Has Google patched the critical Chrome zero-day CVE-2025-10585?
