Google patches another worrying Chrome security flaw - so update now, or be at risk

News
By published

A newly found Chrome zero-day is being exploited in the wild

Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.
(Image credit: Tada Images / Shutterstock)
  • Google patches four Chrome bugs, including actively exploited zero-day CVE-2025-10585
  • The zero-day is a type confusion flaw in V8 allowing potential arbitrary code execution
  • Chrome’s popularity makes it a prime target for cybercriminals exploiting browser vulnerabilities

Google has fixed four bugs found in its Chrome browser, including a zero-day that’s apparently being exploited in the wild.

In a security advisory, Google said it patched a heap buffer overflow in ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and a separate use-after-free in Dawn (CVE-2025-10500). The fourth bug, the one being exploited as a zero-day, is a type confusion bug in V8.

A Type Confusion bug in Chrome’s V8 JavaScript engine is a memory safety issue which happens when the engine treats a variable or object as a different type than it actually is. This misidentification can lead to serious issues, including heap corruption and arbitrary code execution.

Abusing zero-days

This is the sixth zero-day vulnerability that Google patched in Chrome in 2025 alone.

In this case, Google said it didn’t want to share too many details before everyone patches up, to protect against further attacks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the advisory reads. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The flaw is now tracked as CVE-2025-10585, and is yet to receive a severity score. It is only described as a “high-severity” bug.

Google fixed it with versions 140.0.7339.185/.186 for Windows/Mac, and 140.0.7339.185 for Linux which will roll out over the coming days and weeks.

Chrome is the most popular browser in the world, with a market share of almost 70%, making it a popular target for cybercriminals.

Miscreants can use browser bugs to gain unauthorized access to sensitive data, compromise user accounts, and even take control of entire systems. These vulnerabilities often allow attackers to bypass security mechanisms like sandboxing or authentication, enabling them to steal credentials, session tokens, or personal information stored in the browser.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.