- Google corrects four chrome bugs, including actively exploited CVE-2025-10585 actively
- The zero day is a v8 type confusion flaw allowing a potential execution of arbitrary code
- The popularity of Chrome makes it a main target for cybercriminals exploiting browser vulnerabilities
Google has corrected four bugs found in its Chrome browser, including a zero day which is apparently exploited in the wild.
In a security notice, Google said it had corrected a TAS buffer overflow in angle (CVE-201025-10502), a user bug after unrelated to webrtc (CVE-2025-10501) and separate use after DAWN (CVE-2025-10500). The fourth bug, the one that is exploited as zero-day, is a V8-type confusion bug.
A type confusion bug in the JavaScript V8 engine from Chrome is a memory safety problem that occurs when the engine treats a variable or an object as a different type from what it really is. This identification error can lead to serious problems, in particular the corruption of heaps and the execution of arbitrary code.
Abuse zero days
This is the sixth zero day vulnerability that Google corrected in Chrome in 2025 only.
In this case, Google said he didn’t want to share too much details before everyone repaired, to protect themselves from other attacks.
“Access to the details of bugs and links can be restricted until a majority of users are updated with a fix,” says the opinion. “We will also keep restrictions if the bug exists in a third -party library on which other projects also depend, but have not yet corrected.”
The defect is now followed as CVE-2025-10585 and has not yet received a gravity score. It is only described as a “high severity” bug.
Google corrected it with versions 140.0.7339.185/.186 for Windows / Mac, and 140.0.7339.185 for Linux which will take place in the coming days and weeks.
Chrome is the most popular browser in the world, with a market share of almost 70%, making it a popular target for cybercriminals.
The disbelievers can use browser bugs to obtain unauthorized access to sensitive data, compromise user accounts and even take control of whole systems. These vulnerabilities often allow attackers to bypass safety mechanisms such as sand or authentication, allowing them to steal identification information, session tokens or personal information stored in the browser.
Via Bleeping Compompute
