Google has swiftly addressed four critical vulnerabilities in the Chrome browser, including a zero-day flaw that is actively being exploited. Users are urged to update their browsers immediately to prevent cyberattacks. The most alarming issue is a type confusion flaw in Chrome’s V8 JavaScript engine, labeled CVE-2025-10585, discovered on September 16, 2025, by Google’s Threat Analysis Group. This flaw allows attackers to execute malicious code on victims’ computers by simply visiting a compromised website. The recent Chrome update not only fixes this zero-day vulnerability but also addresses three other high-severity flaws: a use-after-free issue in the Dawn WebGPU implementation (CVE-2025-10500), a use-after-free flaw in WebRTC components (CVE-2025-10501), and a heap buffer overflow in the ANGLE graphics layer (CVE-2025-10502). Users should update to versions 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux, by navigating to the “About Google Chrome” section in settings to ensure automatic update checks. Security experts advise organizations to prioritize these updates and consider additional protective measures to safeguard their systems.
Is your Chrome browser protected against the latest critical vulnerabilities?
