By Sead Fadilpašić

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

Google has patched another urgent security flaw in Chrome – so update now or be at risk

Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update

Google urgently patches major Qualcomm security flaw hitting Android phones – so make sure you update now

Citrix patches a trio of high-severity security bugs, so be on your guard

CitrixBleed 2 exploits are now in the wild, so patch now

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

CISA warns hackers are actively exploiting critical CitrixBleed 2

Microsoft’s latest major patch fixes a serious zero-day flaw, and a host of other issues – so update now

CitrixBleed 2 flaws are officially here – so get patching or leave your systems at risk

Zoom patches worrying security Windows flaw – make sure you’re protected, update now

Google Pixel Phones
Google’s latest security patch finally fixes a months-old bug, and a ‘critical’ security flaw

Update Apple devices now – new security patch fixes potentially serious zero-day flaw

Google says it will start disclosing security issues much quicker than before

Malicious Google Chrome and Edge extensions downloaded more than 2 million times – here’s how to stay safe from being tracked online

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

Google patches another worrying Chrome security flaw – so update now, or be at risk

Sead Fadilpašić

18 September 2025

A newly found Chrome zero-day is being exploited in the wild

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Tada Images / Shutterstock)

Google patches four Chrome bugs, including actively exploited zero-day CVE-2025-10585
The zero-day is a type confusion flaw in V8 allowing potential arbitrary code execution
Chrome’s popularity makes it a prime target for cybercriminals exploiting browser vulnerabilities

Google has fixed four bugs found in its Chrome browser, including a zero-day that’s apparently being exploited in the wild.

In a security advisory, Google said it patched a heap buffer overflow in ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and a separate use-after-free in Dawn (CVE-2025-10500). The fourth bug, the one being exploited as a zero-day, is a type confusion bug in V8.
A Type Confusion bug in Chrome’s V8 JavaScript engine is a memory safety issue which happens when the engine treats a variable or object as a different type than it actually is. This misidentification can lead to serious issues, including heap corruption and arbitrary code execution.

You may like

Google has patched another urgent security flaw in Chrome – so update now or be at risk

Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update

Google urgently patches major Qualcomm security flaw hitting Android phones – so make sure you update now

Abusing zero-days
This is the sixth zero-day vulnerability that Google patched in Chrome in 2025 alone.

In this case, Google said it didn’t want to share too many details before everyone patches up, to protect against further attacks.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the advisory reads. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The flaw is now tracked as CVE-2025-10585, and is yet to receive a severity score. It is only described as a “high-severity” bug.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Google fixed it with versions 140.0.7339.185/.186 for Windows/Mac, and 140.0.7339.185 for Linux which will roll out over the coming days and weeks.
Chrome is the most popular browser in the world, with a market share of almost 70%, making it a popular target for cybercriminals.
Miscreants can use browser bugs to gain unauthorized access to sensitive data, compromise user accounts, and even take control of entire systems. These vulnerabilities often allow attackers to bypass security mechanisms like sandboxing or authentication, enabling them to steal credentials, session tokens, or personal information stored in the browser.
Via BleepingComputer
You might also like

Google warns Salesloft Drift attack may have compromised Workspace accounts and Salesforce instances
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers

Sead Fadilpašić

Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Google has patched another urgent security flaw in Chrome – so update now or be at risk

Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update

Google urgently patches major Qualcomm security flaw hitting Android phones – so make sure you update now

Citrix patches a trio of high-severity security bugs, so be on your guard

CitrixBleed 2 exploits are now in the wild, so patch now

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

Latest in Security

CrowdStrike snaps up Pangea to boost AI security

Top VC firm is warning thousands their data may have been hacked – here’s how to stay safe

Scattered Spider hackers return to hit more victims – despite retirement claims

1Password and Perplexity partner on Comet AI browser – a full time personal assistant with security by default

Hackers claim they stole 1.5 billion Salesforce records from hundreds of companies in major hack – but are they telling the truth?

Microsoft and Cloudflare jointly take down phishing network that stole thousands of Microsoft 365 credentials

Latest in News

Nvidia x Intel press conference: as it happened

The Tor Project quietly launches a beta Android VPN – and looks for testers

AI > Crypto – Bitcoin mining spinoff gets $700 million investment from Nvidia to build hyperscale AI infrastructure using, you’ve guessed it, thousands of Blackwell GPUs

Disappear online – Windscribe’s Chrome and Edge VPN extensions get a privacy upgrade

ExpressVPN launches free VPN service to combat the dangers of low-quality freebies

You can now toggle GPT-5’s thinking time for faster or smarter answers – here’s how to do it

LATEST ARTICLES

I ran with Oakley Meta Vanguard AI sports glasses and realized I need more action in my life

Nvidia x Intel press conference: as it happened

After seeing Logitech’s AI-powered game streaming assistant in action, I think it’s one of the best uses of the tech yet

The Tor Project quietly launches a beta Android VPN – and looks for testers

Google patches another worrying Chrome security flaw – so update now, or be at risk

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…