CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Active exploitation of type confusion in Chrome's V8 engine

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Google has patched a zero-day vulnerability in Chrome (CVE-2025-10585), a type confusion issue in the V8 JavaScript and WebAssembly engine. The flaw is actively exploited in the wild, posing a risk to millions of users. The patch is available in Chrome versions 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Users of other Chromium-based browsers should also apply the fixes. The vulnerability can lead to unexpected software behavior, arbitrary code execution, and program crashes. Google's Threat Analysis Group (TAG) discovered and reported the flaw on September 16, 2025. This is the sixth zero-day vulnerability in Chrome exploited or demonstrated in 2025.

Timeline

  1. 18.09.2025 08:49 πŸ“° 1 articles Β· ⏱ 1d ago

    Google patches actively exploited zero-day in Chrome's V8 engine

    Google has released security updates for Chrome to address a zero-day vulnerability (CVE-2025-10585) in the V8 JavaScript and WebAssembly engine. The flaw is actively exploited in the wild and can lead to arbitrary code execution and program crashes. The patch is available in Chrome versions 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Users of other Chromium-based browsers should also apply the fixes as they become available.

    Show sources
    Open in new tab

Information Snippets