Google Issues Emergency Security Update For Chrome, Including Patch For Actively Exploited Zero-Day - LinkedIn

Google has rolled out emergency security updates for the Chrome web browser to address four newly discovered vulnerabilities, one of which—CVE-2025-10585—is a zero-day flaw already being exploited in real-world attacks. The company issued a security advisory confirming that it is “aware that an exploit for CVE-2025-10585 exists in the wild.” This disclosure highlights the urgency for users to update their browsers immediately to prevent potential compromise. Details of the Zero-Day Vulnerability: CVE-2025-10585 The critical flaw, CVE-2025-10585, is classified as a type confusion issue in the V8 JavaScript and WebAssembly engine—the powerful component responsible for executing JavaScript code in Chrome and other Chromium-based browsers such as Microsoft Edge, Brave, and Opera. Type Confusion Explained: A type confusion vulnerability occurs when software incorrectly interprets a memory object as a different data type than intended. For example, a memory location meant to store simple data might be mistakenly processed as executable code. Google's Threat Analysis Group (TAG), known for tracking sophisticated cyberattacks by nation-state actors and commercial spyware vendors, identified the flaw on September 16, 2025. While the company has not disclosed detailed information about the exploitation or the attackers behind it, the nature of TAG’s work suggests that a highly skilled threat actor likely weaponized the vulnerability in targeted attacks. Other Zero-Day Vulnerabilities Patched in 2025 With this latest discovery, CVE-2025-10585 becomes the sixth actively exploited Chrome zero-day vulnerability in 2025. Earlier this year, Google addressed several critical flaws, including: CVE-2025-5419: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2025-4664: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) CVE-2025-6554: Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) CVE-2025-6558: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Recommended by LinkedIn Update Chrome right now! Veronica Rose, CISA, CDPSE 3 months ago Google Fixes Critical Chrome Security Issue Dan Duran 1 year ago Multiple Chrome Flaws Could Let Hackers Take Control… Febin Sani 9 months ago Patch and Update Recommendations To mitigate these risks, Google urges all users to update their Chrome installations to the latest versions: Windows & macOS: Version 140.0.7339.185 or 140.0.7339.186 Linux: Version 140.0.7339.185 Users can check for updates by navigating to: Menu → Help → About Google Chrome Chrome will automatically download the latest security patches and apply them after restarting the browser. Why These Updates Are Critical Zero-day vulnerabilities are particularly dangerous because they are exploited before developers have a chance to patch them. Threat actors often use these flaws for high-value espionage, ransomware attacks, or targeted intrusions against government agencies, enterprises, and individuals handling sensitive data. Given the pattern of sophisticated exploitation linked to nation-state groups and commercial spyware vendors, staying on the latest Chrome version is essential to protect against potential data theft, surveillance, and other malicious activities. 🔥 Download The FREE Report Now | Picus Security & Mastercard