Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

What’s new: Google has released security updates for Chrome to address four vulnerabilities, including a zero-day vulnerability identified as CVE-2025-10585. This vulnerability is a type confusion issue in the V8 JavaScript and WebAssembly engine and is actively being exploited in the wild. It is the sixth zero-day vulnerability in Chrome reported this year.

Who’s affected

All users of Google Chrome, particularly those using versions prior to 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux, are at risk. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, may also be affected once patches are released.

What to do

• Update Chrome to version 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Navigate to More > Help > About Google Chrome and select Relaunch to ensure the latest updates are installed.

Sources

• The Hacker News