CVE-2025-10585: The Sixth Actively Exploited Chrome Zero-Day Patched by Google in 2025
Google has taken action against a new zero-day vulnerability, CVE-2025-10585, which has already been actively exploited in the wild. This is the sixth zero-day flaw that Google has patched this year alone, highlighting the ongoing threat landscape for Chrome users.
The vulnerability, classified as a type confusion issue in the V8 JavaScript and WebAssembly engine, was discovered by Google's Threat Analysis Group (TAG) on September 16, 2025. According to an advisory published by Google, "Google is aware that an exploit for CVE-2025-10585 exists in the wild."
A type confusion issue occurs when software misinterprets a piece of memory as the wrong type of object. This can lead to serious consequences, including corrupting memory, crashing the program, or executing malicious code. Given its weak memory safety features, browsers like Chrome are particularly susceptible to such exploits.
Google's TAG team investigates attacks by nation-state actors and commercial spyware vendors, suggesting that one of these threat actors was responsible for exploiting CVE-2025-10585 in the wild. While Google did not share technical details about the attack, it is clear that this vulnerability poses a significant risk to Chrome users.
CVE-2025-10585 marks the sixth zero-day flaw addressed by Google this year, underscoring the need for timely and proactive security updates. To stay protected, users are advised to update their Chrome browser to version 140.0.7339.185/.186 on Windows and macOS, and 140.0.7339.185 on Linux.
As the threat landscape continues to evolve, it is essential for users to prioritize security and stay informed about emerging vulnerabilities like CVE-2025-10585. Stay vigilant and keep your browser up-to-date to avoid falling prey to these sophisticated attacks.
Update Your Chrome Browser Now
To ensure your safety online, please update your Chrome browser to the latest version: 140.0.7339.185/.186 on Windows and macOS, and 140.0.7339.185 on Linux.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest security news and updates.