- Google Patch Four Chrome Bugs, including actively exploited CVE-2025-10585 actively exploited
- Zero day is a V8 type confusion failure that allows the potential arbitrary code execution
- Chrome’s popularity makes it a main objective for the vulnerabilities of exploitation of cybercriminals.
Google has solved four errors found in its Chrome browser, including a zero day that is apparently exploited in nature.
In a security notice, Google said it poured an overflow of the pile buffer in Angle (CVE-2025-10502), an error without user without user on Webrtc (CVE-2025-10501) and a useless use in dawn (CVE-2025-10500). The fourth error, which is exploited as a zero day, is a type of confusion confusion in V8.
A type of confusion error in Chrome’s JavaScript V8 engine is a memory security problem that occurs when the engine treats a variable or object as a different type than it really is. This erroneous identification can lead to serious problems, including the corruption of the pile and the execution of arbitrary code.
Abusing zero days
This is the sixth vulnerability of zero day that Google patched in Chrome only in 2025.
In this case, Google said he did not want to share too many details before everyone recovers, to protect against other attacks.
“Access to error details and links can be maintained restricted until most users are updated with a solution,” says the warning. “We will also reset restrictions if the error exists in a third -party library on which other projects depend in a similar way, but have not yet solved.”
The defect is now tracking as CVE-2025-10585, and has not yet received a gravity score. It is only described as a “high severity” error.
Google fixed it with versions 140.0.7339.185/.186 for Windows/Mac, and 140.0.7339.185 for Linux that will be implemented in the next few days and weeks.
Chrome is the most popular browser in the world, with a market share of almost 70%, which makes it a popular objective for cybercriminals.
Criminals can use browser errors for unauthorized access to confidential data, compromise user accounts and even take control of complete systems. These vulnerabilities often allow attackers to avoid safety mechanisms such as sandboxing or authentication, allowing them to steal credentials, session tokens or personal information stored in the browser.
Through Bleepingcomputer
