Google Patches Another Critical Chrome Zero-Day — Update Now! ⚠️🌐

Actively exploited vulnerability in Chrome’s JavaScript engine puts millions at risk

Google has released an emergency security update for Chrome, patching several high-severity vulnerabilities — including a zero-day flaw already being exploited in the wild. Security experts are urging users to update their browsers immediately.

🔎 What Happened?

On September 16, 2025, Google confirmed that attackers were exploiting a flaw in Chrome’s V8 JavaScript engine. Identified as CVE-2025-10585, the vulnerability could allow attackers to execute arbitrary code by luring users to malicious websites.

In simple terms, visiting a compromised webpage could be enough to let hackers gain control of your system.

Google also patched additional issues affecting:

• ANGLE (graphics layer)
• WebRTC (real-time communications)
• Media components

📊 Why It Matters

• Chrome powers over 3.5 billion devices worldwide, making it one of the most targeted applications.
• This is the fifth Chrome zero-day patched in 2025.
• Attackers often weaponize such exploits quickly, using them in drive-by download attacks and malicious ads.

💬 Expert Opinions

Dr. Laura Chen, Senior Security Researcher at SafeNet Labs:
“Browser zero-days are among the most dangerous because they require no user interaction beyond visiting a webpage. The attack surface is enormous.”

Rajiv Menon, CISO at a fintech startup:
“The frequency of Chrome zero-days shows attackers are aggressively targeting browser engines. Delaying updates can be catastrophic.”

🔒 How to Stay Safe

Google is rolling out the fixed version of Chrome:

• Windows/Mac/Linux: Version 129.0.6668.70
• Android/iOS: Update via Play Store or App Store

Steps to update manually:

1. Open Chrome.
2. Go to Settings > Help > About Google Chrome.
3. Chrome will check for updates and restart.

🚨 The Bigger Picture

Zero-day attacks against browsers are no longer rare — they are the new normal. As attackers exploit web technologies used by billions daily, timely patching and layered defenses are critical for both businesses and individuals.

🔍 Full Advisory on CVE-2025-10585 (Chrome Zero-Day)

• This zero-day is a type confusion vulnerability in the V8 JavaScript (and WebAssembly) engine of Chrome. Chrome Releases+3TechRadar+3The Hacker News+3
• It was discovered by Google’s Threat Analysis Group (TAG) on September 16, 2025. The Hacker News+2Chrome Releases+2
• It is being actively exploited in the wild — Google confirms that exploits for CVE-2025-10585 exist already. The Hacker News+2Chrome Releases+2

🛠️ What Versions Are Affected & Patched

• Chrome versions before 140.0.7339.185/.186 for Windows and macOS are vulnerable. TechRadar+2Help Net Security+2
• For Linux, version 140.0.7339.185 and earlier are affected. TechRadar+2Help Net Security+2
• The patched (fixed) versions are:
  • Windows / macOS → 140.0.7339.185 / 140.0.7339.186 TechRadar+2Chrome Releases+2
  • Linux → 140.0.7339.185 TechRadar+2Chrome Releases+2

⚠️ Additional Issues Fixed Alongside

Along with CVE-2025-10585, Google’s update also fixes several other high-severity bugs:

• CVE-2025-10500: Use-after-free in Dawn TechRadar+1
• CVE-2025-10501: Use-after-free in WebRTC TechRadar+1
• CVE-2025-10502: Heap buffer overflow in ANGLE TechRadar+1

✅ Advice from Google & What Users Should Do

• Users should update Chrome immediately to the versions above. Chrome Releases+1
• If auto-updates are off, go to Chrome menu → Help → About Google Chrome → let it update and restart. Help Net Security+1
• Users of Chromium-based browsers (like Edge, Brave, Opera) should watch for their vendors to push similar fixes. The Hacker News+1
• Detail disclosure is restricted for now to prevent malicious actors from exploiting unpatched versions.

👉 Full advisory: Google Chrome Releases Security Update (CVE-2025-10585)