Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html

ONE SENTENCE SUMMARY:

Google released Chrome updates to fix four vulnerabilities, including the actively exploited zero-day CVE-2025-10585 in the V8 engine.

MAIN POINTS:

1. Google released security updates for Chrome targeting four vulnerabilities.
2. The zero-day vulnerability CVE-2025-10585 is actively exploited.
3. CVE-2025-10585 involves type confusion in the V8 JavaScript engine.
4. Type confusion can lead to arbitrary code execution and program crashes.
5. Google’s Threat Analysis Group discovered the flaw on September 16, 2025.
6. Details of real-world exploitation are kept private to prevent further abuse.
7. CVE-2025-10585 is the sixth actively exploited zero-day this year.
8. Other affected zero-days in 2025 include CVE-2025-2783 and CVE-2025-6558.
9. Users should update Chrome to versions 140.0.7339.185/.186 or later.
10. Updates should also be applied to other Chromium-based browsers.

TAKEAWAYS:

1. Stay updated with the latest Chrome version to prevent exploitation.
2. Type confusion vulnerabilities pose significant security risks.
3. Regularly check for browser updates, especially in Chromium-based browsers.
4. Zero-day exploits are actively targeted; vigilance is crucial.
5. Google prioritizes user security by quickly addressing and disclosing vulnerabilities.