Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
What’s new: Google has released security updates for the Chrome web browser to address four vulnerabilities, including a zero-day vulnerability identified as CVE-2025-10585. This type confusion issue in the V8 JavaScript and WebAssembly engine is actively exploited in the wild, allowing attackers to execute arbitrary code and cause program crashes. This is the sixth zero-day vulnerability in Chrome reported this year.
Who’s affected
All users of Google Chrome, including those on Windows, macOS, and Linux, are affected by CVE-2025-10585. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, may also be impacted once patches are released for those platforms.
What to do
- Update Chrome to version 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Users can check for updates by navigating to More > Help > About Google Chrome and selecting Relaunch.
