Google on Wednesday launched security updates for the Chrome net browser to handle 4 vulnerabilities, together with one which it mentioned has been exploited within the wild.
The zero-day vulnerability in query is CVE-2025-10585, which has been described as a sort confusion problem within the V8 JavaScript and WebAssembly engine.
Sort confusion vulnerabilities can have extreme penalties as they are often weaponized by dangerous actors to set off surprising software program conduct, ensuing within the execution of arbitrary code and program crashes.
Google’s Menace Evaluation Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025.
As is often the case, the corporate didn’t share any further specifics about how the vulnerability is being abused in real-world assaults, by whom, or the size of such efforts. That is accomplished to stop different risk actors from exploiting the problem earlier than customers can apply a repair.
“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” it acknowledged in a terse advisory.
CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been both actively exploited or demonstrated as a proof-of-concept (PoC) for the reason that begin of the yr. This contains: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
To safeguard in opposition to potential threats, it is suggested to replace their Chrome browser to variations 140.0.7339.185/.186 for Home windows and Apple macOS, and 140.0.7339.185 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, corresponding to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they develop into obtainable.
