Sixth Chrome Zero-Day of 2025 Patched After Active Exploitation

by | Sep 19, 2025 | News

Sixth Chrome Zero-Day of 2025 Patched After Active Exploitation

Post Views: 26




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Sixth Chrome Zero-Day in 2025

Google has released an emergency security update for Chrome to fix CVE-2025-10585, a high-severity type confusion vulnerability in the browser’s V8 JavaScript engine.

The flaw marks the sixth Chrome zero-day exploited in attacks this year, continuing a rapid cadence of vulnerabilities under active exploitation.

Google confirmed awareness of a public exploit but did not provide details on the scope of in-the-wild use.

Discovery and Reporting

The vulnerability was discovered by Google’s Threat Analysis Group (TAG) on Tuesday. TAG frequently identifies zero-days linked to government-backed threat actors, often targeting:

  • Journalists
  • Political dissidents
  • Opposition figures
  • High-risk individuals in spyware campaigns

Google released the patch just one day later, underscoring the urgency of the threat.

Chrome 140.0.7339.186

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses



Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Patch Details

The fix is included in Chrome versions:

  • 140.0.7339.185/.186 for Windows and macOS
  • 140.0.7339.185 for Linux

Updates are rolling out now across the Stable Desktop channel and will reach all users over the coming weeks.

Users can manually trigger the update by navigating to:

Menu → Help → About Google Chrome → Relaunch.

Ongoing Exploitation Concerns

Although confirmed as exploited, Google has not disclosed full technical details, citing user safety:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the advisory stated.

The company may continue restrictions if the vulnerability exists in third-party libraries that depend on the same flawed code.

Timeline of Chrome Zero-Days in 2025

CVE-2025-10585 is the sixth exploited zero-day patched this year, following five earlier cases:

  • CVE-2025-2783 (March): Sandbox escape used in espionage against Russian entities (reported by Kaspersky).
  • CVE-2025-4664 (May): Account hijacking zero-day patched via emergency update.
  • CVE-2025-5419 (June): Out-of-bounds read/write in V8, discovered by Google TAG.
  • CVE-2025-6558 (July): Sandbox escape flaw actively exploited.
  • Unnamed March Zero-Day: Additional Chrome flaw addressed earlier this year.

In 2024, Google patched 10 Chrome zero-days, including several demonstrated during Pwn2Own competitions.

Trending: Critical FortiGate 100F SSL-VPN Vulnerability Exploited




Trending: Offensive Security Tool: FaceDancer

User Guidance

With Chrome being one of the most targeted browsers, security experts recommend:

  • Updating immediately to the latest version.
  • Enabling automatic updates where possible.
  • Avoiding delays, since public exploits are known to exist for CVE-2025-10585.

Trending: Salty2FA Bypasses Multi-Factor Authentication in Advanced Phishing Campaign

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This