Google Patches Actively Exploited Chrome Zero-Day (CVE-2025-10585)

Google Patches Actively Exploited Chrome Zero-Day (CVE-2025-10585)

Google has issued a critical security update for the Chrome browser, addressing four vulnerabilities, including a zero-day vulnerability that is actively being exploited in real-world attacks.

🔍 About CVE-2025-10585

• Type: Type confusion in the V8 JavaScript & WebAssembly engine
• Risks: Can be weaponized for arbitrary code execution or crashes
• Discovery: Reported by Google TAG on Sept 16, 2025
• Status: Confirmed active exploit in the wild

📌 Why it matters
Type confusion vulnerabilities are dangerous because attackers can manipulate memory states, bypass security checks, and execute malicious code directly on a victim’s machine.

⚠️ This is already the sixth Chrome zero-day exploited in 2025, following CVE-2025-2783, -4664, -5419, -6554, and -6558.

🛡 How to stay protected
Update Chrome to:

• 140.0.7339.185/.186 on Windows & macOS
• 140.0.7339.185 on Linux

To update: Go to Menu > Help > About Google Chrome → Relaunch.

✅ Users of Edge, Brave, Opera, and Vivaldi should apply patches as they become available, since they also rely on Chromium.

📢 Takeaway
The speed at which these zero-days are being discovered highlights the importance of timely patching. End-users and enterprises alike must ensure that updates are applied immediately to reduce exposure.

At Alcaeus Services, we help organizations monitor vulnerabilities, deploy emergency updates, and harden endpoint security against zero-day threats.