Google on Wednesday rolled out security updates for its Chrome web browser to fix four vulnerabilities, including a zero-day that has been exploited in the wild. The update addresses CVE-2025-10585, described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Google’s Chrome advisory notes the active exploitation.
The flaw was discovered by Google’s Threat Analysis Group (TAG) and reported on September 16, 2025, according to the advisory. TAG credited with identifying the issue and providing early warning to users while officials withheld further details to prevent exploitation.
With CVE-2025-10585, Google said it has addressed the sixth Chrome zero-day either actively exploited or demonstrated as a PoC since the start of the year. Further context on the ongoing vulnerability landscape is provided in the official update post, which can be found here: official Chrome blog post.
Updated versions include Chrome 140.0.7339.185 and 140.0.7339.186 for Windows and macOS, and 140.0.7339.185 for Linux. Users should navigate to More > Help > About Google Chrome and click Relaunch to apply the fixes. The updates also apply to other Chromium-based browsers, such as Microsoft Edge, Brave, Opera and Vivaldi, when vendors release patches.