Google has released emergency security updates to patch another actively exploited Chrome zero-day vulnerability—the sixth so far in 2025.
The flaw, tracked as CVE-2025-10585, is a high-severity type confusion weakness in Chrome’s V8 JavaScript engine. It was reported by Google’s Threat Analysis Group (TAG) on Tuesday and patched within 24 hours.
“Google is aware that an exploit for CVE-2025-10585 exists in the wild,” the company warned in a security advisory published Wednesday. While it did not confirm if attacks are still ongoing, the existence of a public exploit strongly suggests active exploitation.
Google TAG often uncovers zero-days leveraged by state-sponsored hackers in targeted spyware campaigns against high-risk groups, such as journalists, dissidents, and opposition politicians.
The security fix is included in Chrome version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for Linux. These updates are now rolling out to the Stable Desktop channel and will reach all users in the coming weeks.
Since Chrome updates automatically, users are urged to restart the browser to apply the patch. To update manually, go to Chrome menu > Help > About Google Chrome, let the update finish, and click Relaunch.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
