Google has released an urgent security update for Chrome browser users worldwide, addressing four critical vulnerabilities, including one zero-day exploit that is currently being actively exploited in the wild.
The company is urging all users to update their browsers immediately to protect against potential attacks.
Critical Zero-Day Vulnerability Discovered
The most concerning vulnerability in this security update is CVE-2025-10585, a high-severity type confusion flaw in Chrome’s V8 JavaScript engine.
This vulnerability was discovered and reported by Google’s Threat Analysis Group on September 16, 2025, and the company has confirmed that attackers are already exploiting this weakness in real-world attacks.
| CVE | Severity | Vulnerability Type |
| CVE-2025-10585 | High | Type Confusion in V8 |
| CVE-2025-10500 | High | Use After Free in Dawn |
| CVE-2025-10501 | High | Use After Free in WebRTC |
| CVE-2025-10502 | High | Heap Buffer Overflow in ANGLE |
The V8 engine vulnerability allows attackers to execute malicious code on victims’ computers simply by tricking users into visiting a compromised website containing specially crafted JavaScript.
This type of attack requires no user interaction beyond loading a webpage, making it particularly dangerous for widespread exploitation campaigns.
Beyond the actively exploited zero-day, Google’s latest Chrome update addresses three other high-severity vulnerabilities that could potentially lead to system compromise.
These include a use-after-free vulnerability in Dawn WebGPU implementation (CVE-2025-10500), discovered by security researcher Giunash and earning a $15,000 bounty reward.
The update also patches a use-after-free flaw in WebRTC components (CVE-2025-10501), reported by researcher “sherkito” for a $10,000 reward, and a heap buffer overflow in the ANGLE graphics layer (CVE-2025-10502), identified by Google’s automated Big Sleep system.
Chrome version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux is now rolling out globally.
Users should update their browsers immediately by navigating to Chrome’s settings menu and selecting “About Google Chrome” to trigger an automatic update check.
Google has implemented a gradual rollout schedule for the update, meaning it may take several days or weeks for all users to receive the patch automatically.
However, users can manually check for updates to ensure immediate protection against these serious security threats.
Security experts recommend that organizations prioritize Chrome updates across their networks and consider implementing additional security measures until all systems are properly patched against these vulnerabilities.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
