Google has rolled out an important security update for Chrome to fix four vulnerabilities, including a serious zero-day flaw that is already being exploited. The issue, tracked as CVE-2025-10585, affects the V8 JavaScript and WebAssembly engine, which powers Chrome’s core functions.
The flaw is described as a type confusion vulnerability. These bugs can be dangerous because attackers can use them to force software to behave in unexpected ways. In the worst case, this allows hackers to execute malicious code or crash the program.
Google’s Threat Analysis Group (TAG) discovered and reported the issue on September 16, 2025. The company confirmed that the exploit is being used in real-world attacks but has not shared specific details about how or by whom. This is a common practice to prevent other attackers from copying the exploit before users update their browsers.
This is already the sixth zero-day vulnerability in Chrome discovered in 2025. The list also includes CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
Zero-day flaws are especially risky because they are exploited before a fix is available, putting millions of users at risk.
How to Stay Safe
Google recommends all Chrome users update immediately to the latest versions:
- Windows and macOS: 140.0.7339.185/.186
- Linux: 140.0.7339.185
To check if your browser is updated. Open Chrome and go to More > Help > About Google Chrome. If an update is available, install it and hit Relaunch.
Users of other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also watch for updates, since they share the same engine as Chrome.
