Chrome addresses actively exploited zero-day flaw (CVE-2025-10585), providing a patch
Google has released a security update for the stable channel of Chrome to address a zero-day vulnerability, CVE-2025-10585. This update comes following a report from Google's Threat Analysis Group (TAG) on Tuesday.
The vulnerability is found in V8, Chrome's JavaScript and WebAssembly engine. According to Google, an exploit for CVE-2025-10585 exists in the wild, although the company has not disclosed details about the attacks in which the flaw is being exploited.
CVE-2025-10585 is a type confusion vulnerability, similar to CVE-2025-6554, which was fixed earlier this year. Google's TAG's involvement suggests that CVE-2025-10585 is being utilised by state-sponsored threat actors in targeted attacks. However, currently, there are no publicly confirmed state-sponsored threat groups proven to exploit this Chrome browser vulnerability.
Users who have not enabled automatic updates are advised to manually upgrade to a fixed version and relaunch the browser. The update, v140.0.7339.185/.186 for Windows/Mac and v140.0.7339.185 for Linux, also addresses three other high-severity vulnerabilities.
Other Chromium-based browsers, including Edge, Brave, Opera, and Vivaldi, are expected to fix CVE-2025-10585 soon. Subscription to a breaking news email alert can help users stay informed about the latest breaches, vulnerabilities, and cybersecurity threats.
It is essential for users of these browsers to update when the fixed versions become available to ensure their online safety. Google encourages users to keep their browsers updated to protect against potential threats.
Read also:
- Advancement in Biometric Acceptance Paves Way for Challenges in Countering AI-Driven Digital Fraud
- Unidentified cybercriminals suspected in mobile banking fraud in Kenya, as insiders potentially implicated in the scheme
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
%2C%20providing%20a%20patch){kind=link}