Chrome 140 Update Patches Sixth Zero-Day of 2025

Posted on By CWS

Google on Wednesday rushed out a Chrome replace that resolves a vulnerability exploited in assaults, the sixth zero-day addressed within the browser this 12 months.

Tracked as CVE-2025-10585 and reported by Google’s Risk Evaluation Group (TAG) on September 16, the flaw is described as a kind confusion within the V8 JavaScript and WebAssembly engine.

Sort confusion bugs are reminiscence issues of safety that may set off sudden software program conduct, which may result in crashes, distant code execution, and different sorts of assaults.

Utilizing crafted HTML pages, risk actors may exploit kind confusion defects in V8 to carry out arbitrary learn/write operations remotely.

“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” the web large notes in its advisory. No particulars had been launched on the vulnerability or its exploitation.

The truth that it was reported by Google TAG implies {that a} spyware and adware vendor might need exploited it. TAG researchers have uncovered quite a few safety holes exploited by industrial spyware and adware, together with bugs in Chrome.

The newest browser replace additionally resolves two use-after-free flaws in Daybreak (CVE-2025-10500) and WebRTC (CVE-2025-10501), for which Google handed out rewards of $15,000 and $10,000, respectively.

Moreover, the replace accommodates fixes for a heap buffer overflow within the ANGLE graphics engine (CVE-2025-10502) found by the Large Sleep AI agent, which Google says can discover safety defects that attackers already find out about and plan on exploiting.Commercial. Scroll to proceed studying.

The web large has but to reveal the bug bounty quantity to be paid for the ANGLE flaw. No reward shall be handed out for the exploited vulnerability as a result of it was found internally.

The newest Chrome iteration is now rolling out as variations 140.0.7339.185/.186 for Home windows and macOS, and as model 140.0.7339.185 for Linux.

Associated: Chrome Replace Patches Fifth Zero-Day of 2025

Associated: Important Chrome Vulnerability Earns Researcher $43,000

Associated: ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails

Associated: DELMIA Manufacturing unit Software program Vulnerability Exploited in Assaults

Security Week News Tags:, , , ,

Related Posts

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime Security Week News
In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research Security Week News
Webinar Today: Breaking AI – Inside the Art of LLM Pen Testing Security Week News
XWiki Vulnerability Exploited in Cryptocurrency Mining Operation Security Week News
Casie Antalis Named Executive Director of CISA Security Week News
Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet Security Week News