SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 140 Update Patches Sixth Zero-Day of 2025

An exploited type confusion in the V8 JavaScript engine tracked as CVE-2025-10585 was found by Google Threat Analysis Group this week.
Chrome security

Google on Wednesday rushed out a Chrome update that resolves a vulnerability exploited in attacks, the sixth zero-day addressed in the browser this year.

Tracked as CVE-2025-10585 and reported by Google’s Threat Analysis Group (TAG) on September 16, the flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine.

Type confusion bugs are memory safety issues that can trigger unexpected software behavior, which could lead to crashes, remote code execution, and other types of attacks.

Using crafted HTML pages, threat actors could exploit type confusion defects in V8 to perform arbitrary read/write operations remotely.

“Google is aware that an exploit for CVE-2025-10585 exists in the wild,” the internet giant notes in its advisory. No details were released on the vulnerability or its exploitation.

The fact that it was reported by Google TAG implies that a spyware vendor might have exploited it. TAG researchers have uncovered numerous security holes exploited by commercial spyware, including bugs in Chrome.

Advertisement. Scroll to continue reading.

The latest browser update also resolves two use-after-free flaws in Dawn (CVE-2025-10500) and WebRTC (CVE-2025-10501), for which Google handed out rewards of $15,000 and $10,000, respectively.

Additionally, the update contains fixes for a heap buffer overflow in the ANGLE graphics engine (CVE-2025-10502) discovered by the Big Sleep AI agent, which Google says can find security defects that attackers already know about and plan on exploiting.

The internet giant has yet to disclose the bug bounty amount to be paid for the ANGLE flaw. No reward will be handed out for the exploited vulnerability because it was discovered internally.

The latest Chrome iteration is now rolling out as versions 140.0.7339.185/.186 for Windows and macOS, and as version 140.0.7339.185 for Linux.

Related: Chrome Update Patches Fifth Zero-Day of 2025

Related: Critical Chrome Vulnerability Earns Researcher $43,000

Related: ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails

Related: DELMIA Factory Software Vulnerability Exploited in Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.