Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its Threat Analysis Group (TAG) on Tuesday.
“Google is aware that an exploit for CVE-2025-10585 exists in the wild,” the company announced.
About CVE-2025-10585
Like CVE-2025-6554, which was fixed earlier this year, CVE-2025-10585 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly engine.
Unfortunately, that’s the only information Google has shared about it. As per the company’s usual practice, they have refrained from sharing details about the attacks in which the flaw is being exploited.
Google TAG’s involvement in the discovery, though, points to the vulnerability being used by state-sponsored threat actors in targeted attacks.
Google has fixed CVE-2025-10585 in Chrome v140.0.7339.185/.186 for Windows/Mac and v140.0.7339.185 for Linux, along with three other high-severity vulnerabilities, one of which has been reported by Google Big Sleep, its AI-based bug hunter agent.
Users who haven’t switched on automatic updates for the browser are advised to manually upgrade to a fixed version and relaunch the application.
Developers of other popular Chromium-based browsers – Edge, Brave, Opera and Vivaldi – will likely fix CVE-2025-10585 very soon, so those users should update their browsers when they do.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Source link
