Google has issued a security update for the stable version of Chrome to address a zero-day vulnerability identified as CVE-2025-10585. This flaw, discovered by Google’s Threat Analysis Group, is a type confusion vulnerability in Chrome’s V8 JavaScript and WebAssembly engine. The company has acknowledged the presence of an exploit for this vulnerability in the wild, but has not disclosed details about the attacks leveraging it. The involvement of Google’s Threat Analysis Group suggests that state-sponsored actors may be exploiting this vulnerability in targeted attacks. The fix is included in Chrome version 140.0.7339.185/.186 for Windows and Mac, and version 140.0.7339.185 for Linux, which also addresses three other high-severity vulnerabilities. Users are encouraged to update their browsers manually if automatic updates are not enabled. Developers of other Chromium-based browsers like Edge, Brave, Opera, and Vivaldi are expected to release updates soon. Users should ensure their browsers are up to date to protect against these vulnerabilities.
Has Google patched the latest Chrome zero-day vulnerability?
