Google released an urgent Chrome security update for a critical Chrome zero-day flaw, CVE-2025-10585, that is already being actively exploited by hackers. This marks the sixth such vulnerability addressed by the company this year.
V8 JavaScript Engine Vulnerability Details
The high-severity flaw is a type confusion weakness within Chrome’s V8 JavaScript engine. Google’s own Threat Analysis Group (TAG) discovered and reported the bug on a Tuesday, with the company shipping a fix the following day.
This is the sixth zero-day vulnerability Google has patched in its browser in 2025. The frequency highlights the increasing sophistication of threat actors targeting widely used software.
Exploitation of the Chrome Zero-Day Flaw
Google has confirmed that an active CVE-2025-10585 Chrome exploit exists in the wild. However, the company has not shared technical details or identified the attackers behind the campaign.
This approach is standard practice to prevent wider exploitation before a majority of users have installed the protective update. Zero-day threats are particularly dangerous because they are used by attackers before developers can release a patch.
A Pattern of Recent Security Issues
This year has seen a series of critical vulnerabilities in Chrome. In March, Google addressed CVE-2025-2783, a sandbox escape bug, while a May update fixed CVE-2025-4664, which allowed attackers to hijack user accounts.
More recently, a June patch fixed another V8 engine flaw, CVE-2025-5419. In July, the company fixed CVE-2025-6558, which allowed malicious actors to bypass Chrome’s sandbox protection.
How to Update Google Chrome
Users should update their browser immediately to protect against this threat. The fix is included in Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux.
While the update will roll out automatically, users can manually apply the patch by navigating to the ‘About Google Chrome’ section in their browser settings. The browser will then check for and install the latest version.
Recommended Security Measures
Beyond this update, users should avoid clicking unknown links or downloading files from unverified sources. It is also advised to use strong antivirus software and keep all operating systems and applications updated.
For enhanced security, enable Two-Factor Authentication (2FA) using an authenticator app rather than SMS. Using a password manager to create and store complex, unique passwords for different accounts is also a recommended best practice.
