Google patches Chrome zero‑day CVE‑2025‑10585 — active V8 exploit; update now
Published: • Last updated: (IST)
Admin action: Push Chrome 140.0.7339.185/.186 (Windows/Mac) and 140.0.7339.185 (Linux) to all endpoints and relaunch browsers to apply. Google confirms an exploit exists in the wild.
Summary (TL;DR)
Google shipped emergency Chrome updates to fix CVE‑2025‑10585, a type‑confusion bug in the V8 JavaScript/WebAssembly engine. The Stable channel now reads 140.0.7339.185/.186 for Windows/Mac and 140.0.7339.185 for Linux; Google states an exploit exists in the wild.
What happened
- Vulnerability: Type‑confusion in V8 can lead to memory corruption and arbitrary code execution.
- Discovery & status: Reported by Google Threat Analysis Group (TAG) on ; Google acknowledges exploitation in the wild.
- Other fixes in the same release: CVE‑2025‑10500 (Dawn, UAF), CVE‑2025‑10501 (WebRTC, UAF), CVE‑2025‑10502 (ANGLE, heap overflow).
Why it matters
V8 processes untrusted JavaScript/WASM from the web at massive scale. A remote exploit triggered by a page view can grant an attacker read/write primitives in the renderer and, with an additional escape, code execution. That’s a high‑impact path on enterprise endpoints.
Affected products / versions
| Platform | Patched Stable | Notes |
|---|---|---|
| Windows / macOS | 140.0.7339.185/.186 | Update + relaunch Chrome to finish patching. |
| Linux | 140.0.7339.185 | Rolling out over days/weeks (force manual check to accelerate). |
| Chromium‑based browsers | Vendor dependent | Edge/Brave/Opera/Vivaldi will ingest upstream security fixes—apply as released. |
Actionable guidance for Windows / AD administrators
- Patch & relaunch: Users → ⋮ → Help → About Google Chrome to fetch the update and relaunch.
- Enterprise rollout: Push the latest MSI via SCCM/Intune; ensure auto‑update policies (
AutoUpdateCheckPeriodMinutes,UpdatePolicy) are enabled. - Hygiene: Enable Chrome Site Isolation; remove local admin from users; segment high‑value networks.
- Monitoring: Hunt for unusual child processes from
chrome.exe(rundll32,powershell.exe,cmd.exe) and suspicious outbound traffic following page visits.
Verification: quick PowerShell inventory
Run from an admin workstation with PSRemoting permissions. Provide a computers.txt list of hostnames.
# Get Chrome version from remote Windows machines via registry
$computers = Get-Content -Path .\computers.txt # list of hostnames
$results = foreach ($c in $computers) {
try {
$chrome = Invoke-Command -ComputerName $c -ScriptBlock {
$paths = @(
'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall',
'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
)
foreach ($p in $paths) {
Get-ChildItem -Path $p -ErrorAction SilentlyContinue |
ForEach-Object {
$props = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
if ($props.DisplayName -like "Google Chrome*") {
[PSCustomObject]@{
Computer = $env:COMPUTERNAME
DisplayName = $props.DisplayName
DisplayVersion = $props.DisplayVersion
}
}
}
}
} -ErrorAction Stop
$chrome
} catch {
[PSCustomObject]@{ Computer = $c; Error = $_.Exception.Message }
}
}
$results | Format-Table -AutoSizeTip: target machines reporting versions < 140.0.7339.185 (Linux/Windows) or < 140.0.7339.186 (some Windows/macOS builds) for immediate remediation.
SOC hints: what to look for
- Renderer crashes followed by unusual child processes from
chrome.exe. - Spikes in browser‑originating connections to unfamiliar domains right after page visits.
- New persistence or code‑injection telemetry on user workstations.
References (primary sources)
- Chrome Releases — Stable Channel Update for Desktop (Sept 17, 2025)
- BleepingComputer — Sixth Chrome zero‑day exploited in attacks this year
- SecurityWeek — Chrome 140 update patches sixth zero‑day of 2025
- NHS Cyber Alert — Google Releases Security Update for Chrome
- The Hacker News — Google Patches Chrome Zero‑Day CVE‑2025‑10585
