Security advisory : Google has issued a Stable Channel Update for Chrome to address 4 high-severity vulnerabilities, including one zero-day vulnerability (CVE-2025-10585) actively exploited in the wild.

OEM	Google
Severity	High
CVSS Score	N/A
CVEs	CVE-2025-10585, CVE-2025-10500, CVE-2025-10501, CVE-2025-10502
POC Available	No
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 

This flaw, a Type Confusion in the V8 JavaScript and WebAssembly engine, can allow remote attackers to execute arbitrary code outside of Chrome’s security sandbox when users visit maliciously crafted web pages. Users and administrators are urged to update to the latest Chrome version immediately to mitigate potential exploitation 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​ Type Confusion in V8 Engine	CVE-2025-10585	Chrome (Windows, Mac, Linux)	High	140.0.7339.185/.186

Technical Summary 

The zero-day vulnerability in Chrome’s V8 engine arises from a type of confusion flaw, where object types are misinterpreted, leading to logical errors and memory corruption.

Attackers can exploit this issue when users visit maliciously crafted websites, enabling arbitrary code execution and possible sandbox escape.

This flaw has been confirmed as actively exploited in the wild. In addition to this zero-day, the update also fixes three other high-severity issues, a use-after-free in the Dawn graphics abstraction layer that could lead to memory corruption, a use-after-free in WebRTC that may enable remote code execution, and a heap buffer overflow in ANGLE that could result in program crashes or arbitrary code execution. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-10585	Google Chrome (Windows, Mac, Linux)	Type confusion in the V8 JavaScript engine could allow memory corruption, arbitrary code execution, and potential sandbox escape	Remote Code Execution / Sandbox Escape

Other Vulnerabilities  

In addition to the zero-day, Google patched three other high-severity vulnerabilities in the same stable channel release. 

Vulnerability Name	CVE ID	Affected Component	Severity
​Use-after-free in Dawn	CVE-2025-10500	Chrome GPU Renderer Component (Dawn)	High
Use-after-free in WebRTC	CVE-2025-10501	Chrome WebRTC Audio/Video Communication Module	High
Heap Buffer Overflow in ANGLE	CVE-2025-10502	Chrome Graphics Translation Engine (ANGLE)	High

Recommendations: 

Update Chrome immediately to the following versions: 

• Windows/Mac: Chrome 140.0.7339.185/.186 

• Linux: Chrome 140.0.7339.185 

Here are some Recommendations below 

• Manual Update Check: Navigate to “Settings → Help → About Google Chrome” to trigger the update. 

• Patch Management: Ensure enterprise update policies enforce Chrome auto-updates. 

• Threat Monitoring: Keep monitoring logs for any signs of exploitation 

Conclusion: 
There are high vulnerabilities in Google Chrome, including an actively exploited zero-day flaw in the V8 JavaScript engine that poses a significant risk of remote code execution and sandbox escape.

Given the severity and confirmed exploitation in the wild, it is imperative that all users and administrators promptly update to the latest Chrome versions to mitigate potential attacks. Immediate action is essential to safeguard systems, data, and user privacy in light of these emerging threats. 

References: 

• https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html 

• https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/