Google on Wednesday rushed out a Chrome replace that resolves a vulnerability exploited in assaults, the sixth zero-day addressed within the browser this 12 months.
Tracked as CVE-2025-10585 and reported by Google’s Risk Evaluation Group (TAG) on September 16, the flaw is described as a kind confusion within the V8 JavaScript and WebAssembly engine.
Sort confusion bugs are reminiscence issues of safety that may set off sudden software program conduct, which may result in crashes, distant code execution, and different sorts of assaults.
Utilizing crafted HTML pages, risk actors may exploit kind confusion defects in V8 to carry out arbitrary learn/write operations remotely.
“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” the web large notes in its advisory. No particulars had been launched on the vulnerability or its exploitation.
The truth that it was reported by Google TAG implies {that a} spyware and adware vendor might need exploited it. TAG researchers have uncovered quite a few safety holes exploited by industrial spyware and adware, together with bugs in Chrome.
The newest browser replace additionally resolves two use-after-free flaws in Daybreak (CVE-2025-10500) and WebRTC (CVE-2025-10501), for which Google handed out rewards of $15,000 and $10,000, respectively.
Moreover, the replace accommodates fixes for a heap buffer overflow within the ANGLE graphics engine (CVE-2025-10502) found by the Large Sleep AI agent, which Google says can discover safety defects that attackers already find out about and plan on exploiting.Commercial. Scroll to proceed studying.
The web large has but to reveal the bug bounty quantity to be paid for the ANGLE flaw. No reward shall be handed out for the exploited vulnerability as a result of it was found internally.
The newest Chrome iteration is now rolling out as variations 140.0.7339.185/.186 for Home windows and macOS, and as model 140.0.7339.185 for Linux.
Associated: Chrome Replace Patches Fifth Zero-Day of 2025
Associated: Important Chrome Vulnerability Earns Researcher $43,000
Associated: ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
Associated: DELMIA Manufacturing unit Software program Vulnerability Exploited in Assaults
