Chrome 140 Update Patches Sixth Zero-Day of 2025

Chrome 140 Update Patches Sixth Zero-Day of 2025

Posted on By CWS

Google on Wednesday rushed out a Chrome replace that resolves a vulnerability exploited in assaults, the sixth zero-day addressed within the browser this 12 months.

Tracked as CVE-2025-10585 and reported by Google’s Risk Evaluation Group (TAG) on September 16, the flaw is described as a kind confusion within the V8 JavaScript and WebAssembly engine.

Sort confusion bugs are reminiscence issues of safety that may set off sudden software program conduct, which may result in crashes, distant code execution, and different sorts of assaults.

Utilizing crafted HTML pages, risk actors may exploit kind confusion defects in V8 to carry out arbitrary learn/write operations remotely.

“Google is conscious that an exploit for CVE-2025-10585 exists within the wild,” the web large notes in its advisory. No particulars had been launched on the vulnerability or its exploitation.

The truth that it was reported by Google TAG implies {that a} spyware and adware vendor might need exploited it. TAG researchers have uncovered quite a few safety holes exploited by industrial spyware and adware, together with bugs in Chrome.

The newest browser replace additionally resolves two use-after-free flaws in Daybreak (CVE-2025-10500) and WebRTC (CVE-2025-10501), for which Google handed out rewards of $15,000 and $10,000, respectively.

Moreover, the replace accommodates fixes for a heap buffer overflow within the ANGLE graphics engine (CVE-2025-10502) found by the Large Sleep AI agent, which Google says can discover safety defects that attackers already find out about and plan on exploiting.Commercial. Scroll to proceed studying.

The web large has but to reveal the bug bounty quantity to be paid for the ANGLE flaw. No reward shall be handed out for the exploited vulnerability as a result of it was found internally.

The newest Chrome iteration is now rolling out as variations 140.0.7339.185/.186 for Home windows and macOS, and as model 140.0.7339.185 for Linux.

Associated: Chrome Replace Patches Fifth Zero-Day of 2025

Associated: Important Chrome Vulnerability Earns Researcher $43,000

Associated: ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails

Associated: DELMIA Manufacturing unit Software program Vulnerability Exploited in Assaults

Security Week News Tags:, , , ,

Related Posts

Casie Antalis Named Executive Director of CISA Casie Antalis Named Executive Director of CISA Security Week News
Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 Security Week News
‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks Security Week News
The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore Security Week News
CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over Security Week News
Adobe Patches Big Batch of Critical-Severity Software Flaws Adobe Patches Big Batch of Critical-Severity Software Flaws Security Week News