Urgent Chrome Update: Zero-Day Flaw Under Attack
Google has released a new security update for the Chrome browser, addressing four vulnerabilities at once. Particular emphasis was placed on a zero-day flaw already observed in active exploitation: CVE-2025-10585, a type confusion error in the V8 engine, which powers JavaScript and WebAssembly execution. Such breakdowns in type enforcement can lead to unpredictable program behavior, including arbitrary code execution and process crashes. It is precisely because of these scenarios that such bugs are deemed highly dangerous, and exploits leveraging them become prized weapons in the hands of attackers.
The issue was reported by Google’s internal Threat Analysis Group (TAG), which detected and documented it on September 16, 2025. The company confirmed that an exploit is circulating in the wild but withheld further details—such as who is exploiting it, what targets are being pursued, and the scope of the attacks—in order to give users time to update their systems and mitigate the risk of further incidents.
In the same update, Google credited external researchers whose findings contributed to fixing three additional critical vulnerabilities: two use-after-free flaws in the Dawn and WebRTC components, and a heap buffer overflow in ANGLE.
To reduce exposure, Google urges users to upgrade Chrome to version 140.0.7339.185 or 140.0.7339.186 on Windows and macOS, and to 140.0.7339.185 on Linux. Users can verify their update status via Help → About Google Chrome, after which a simple restart applies the patch.
It is important to note that other Chromium-based browsers—including Microsoft Edge, Brave, Opera, and Vivaldi—are also at risk. Their developers are preparing corresponding updates, and users are strongly advised to apply them without delay.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
