A new and critical zero-day vulnerability, identified as CVE-2025-10585, has been uncovered in Google Chrome's V8 JavaScript engine, and it is reportedly under active exploitation. The flaw is particularly severe, allowing attackers to execute malicious code on user systems simply by convincing them to visit compromised websites.
"This type confusion flaw allows remote attackers to execute arbitrary code, which poses a substantial risk to users," said Edward Zhou, CEO and Co-Founder of Quantum Safe. "It is imperative for users to stay informed and updated on these threats."
"This type confusion flaw allows remote attackers to execute arbitrary code, which poses a substantial risk to users,"
Race Results
CVE-2025-10585 is categorized as a type confusion vulnerability, which indicates that the V8 engine misinterprets data it processes, resulting in potential memory corruption. This issue was first identified by Google's Threat Analysis Group on September 16, 2025. To prevent further exploitation of this vulnerability, Google has opted to withhold specific technical details until users can implement the necessary updates.
"Our primary concern is the safety of users, which is why we’ve decided to keep certain exploitation details confidential," Zhou stated. "In the past, we’ve seen type confusion vulnerabilities exploited through specially crafted JavaScript on malicious websites."
"Our primary concern is the safety of users, which is why we’ve decided to keep certain exploitation details confidential,"
Impact and Legacy
Impact and Legacy
Impact and Legacy
The impact of CVE-2025-10585 is significant. The flaw enables malicious actors to execute code remotely by tricking users into engaging with harmful websites. Once a user visits such a site, the V8 engine’s misinterpretation of data can lead to memory corruption and unauthorized control of the browser. Google confirmed that an exploit for CVE-2025-10585 has been observed in the wild, marking it as the sixth zero-day vulnerability affecting Chrome this year.
The vulnerability affects Google Chrome versions earlier than: - Chrome 140.0.7339.185 on Linux - Chrome 140.0.7339.185/.186 on Windows and macOS
As such, users are urged to promptly update their browsers to the latest version to safeguard against this risk. This recent update not only addresses CVE-2025-10585 but also resolves three additional high-severity vulnerabilities, including CVE-2025-10500, which is a use-after-free issue in the Dawn WebGPU implementation.
"Users of other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also ensure they are running the latest versions to mitigate these risks," emphasized Zhou.
"Users of other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also ensure they are running the latest versions to mitigate these risks,"
To effectively manage the threats related to CVE-2025-10585, the following strategies are advised: 1. Update Chrome to the most recent version, 2. Prioritize patching within organizational settings, 3. Implement additional safeguards until all systems are fully updated.
Specific detection methods recommended include conducting regular technical assessments such as reviewing system and application logs for error messages pertinent to the V8 engine, employing Endpoint Detection and Response (EDR) solutions to track abnormal behavior, and monitoring for unusual outbound connections originating from Chrome processes.
Moreover, this vulnerability is part of a worrying trend; CVE-2025-10585 marks the sixth zero-day vulnerability introduced in Chrome in 2025 alone. Other recent security flaws such as CVE-2025-5419 and CVE-2025-6558 further emphasize the importance of user vigilance.
Zhou cautioned users about potential threats: "It’s crucial to avoid clicking on unknown links in emails or websites, and to use dedicated security solutions across all devices." Maintaining a proactive approach to cybersecurity can help mitigate risks from such vulnerabilities and empower users to navigate the digital landscape more securely.
