Google has released an emergency security update for Chrome after discovering that a critical zero-day vulnerability is being actively exploited by attackers in the wild.
The company released Chrome version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux on September 17, 2025, addressing four high-severity security flaws, including the actively exploited CVE-2025-10585.
Type Confusion Vulnerability (CVE-2025-10585)
The critical vulnerability, tracked as CVE-2025-10585, is a type confusion flaw in Chrome’s V8 JavaScript engine that was reported by Google’s Threat Analysis Group on September 16, 2025.
Type confusion vulnerabilities occur when code accesses a memory location using an incorrect data type, potentially allowing attackers to corrupt memory and achieve remote code execution.
This particular flaw poses significant risks as the V8 engine processes JavaScript code from websites, making it a prime target for web-based attacks.
Google has confirmed that “an exploit for CVE-2025-10585 exists in the wild,” indicating that threat actors are already leveraging this vulnerability to compromise user systems.
The company has not disclosed technical details about the exploitation methods to prevent further abuse while users update their browsers.
High-Severity Vulnerabilities Patched
Beyond the actively exploited zero-day, Chrome’s latest update addresses three other critical security issues that demonstrate the ongoing security challenges facing modern web browsers.
CVE-2025-10500, discovered by security researcher Giunash (Gyujeong Jin), is a use-after-free vulnerability in Dawn that earned a $15,000 bug bounty reward.
Use-after-free flaws occur when programs continue referencing memory after it has been freed, potentially leading to arbitrary code execution.
The update also fixes CVE-2025-10501, a use-after-free vulnerability in WebRTC reported by researcher “sherkito” for a $10,000 bounty, and CVE-2025-10502, a heap buffer overflow in ANGLE discovered by Google’s Big Sleep AI system.
These vulnerabilities highlight the complex attack surface of modern browsers, spanning JavaScript engines, graphics processing, and real-time communication protocols.
Chrome users should immediately update to the latest version by navigating to Settings > About Chrome or waiting for the automatic update rollout over the coming days.
Organizations should prioritize this update given the active exploitation of CVE-2025-10585 and implement network monitoring to detect potential compromise attempts targeting the V8 engine vulnerability.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
