Subj : Google patches another worrying Chrome security flaw - so update
To   : All
From : TechnologyDaily
Date : Thu Sep 18 2025 18:00:12

Google patches another worrying Chrome security flaw - so update now, or be 
at risk

Date:
Thu, 18 Sep 2025 16:49:00 +0000

Description:
A newly found Google Chrome zero-day is being exploited in the wild, so skip 
patching at your own risk.

FULL STORY
======================================================================Google 
patches four Chrome bugs, including actively exploited zero-day 
CVE-2025-10585 The zero-day is a type confusion flaw in V8 allowing potential 
arbitrary code execution Chromes popularity makes it a prime target for 
cybercriminals exploiting browser vulnerabilities 

Google has fixed four bugs found in its Chrome browser , including a zero-day 
thats apparently being exploited in the wild. 

In a security advisory, Google said it patched a heap buffer overflow in 
ANGLE (CVE-2025-10502), a user-after-free bug in WebRTC (CVE-2025-10501), and 
a separate use-after-free in Dawn (CVE-2025-10500). The fourth bug, the one 
being exploited as a zero-day, is a type confusion bug in V8. 

A Type Confusion bug in Chromes V8 JavaScript engine is a memory safety issue 
which happens when the engine treats a variable or object as a different type 
than it actually is. This misidentification can lead to serious issues, 
including heap corruption and arbitrary code execution . Abusing zero-days 

This is the sixth zero-day vulnerability that Google patched in Chrome in 
2025 alone. 

In this case, Google said it didnt want to share too many details before 
everyone patches up, to protect against further attacks. 

Access to bug details and links may be kept restricted until a majority of 
users are updated with a fix, the advisory reads. We will also retain 
restrictions if the bug exists in a third party library that other projects 
similarly depend on, but havent yet fixed. 

The flaw is now tracked as CVE-2025-10585, and is yet to receive a severity 
score. It is only described as a high-severity bug. 

Google fixed it with versions 140.0.7339.185/.186 for Windows/Mac, and 
140.0.7339.185 for Linux which will roll out over the coming days and weeks. 

Chrome is the most popular browser in the world, with a market share of 
almost 70%, making it a popular target for cybercriminals. 

Miscreants can use browser bugs to gain unauthorized access to sensitive 
data, compromise user accounts, and even take control of entire systems. 
These vulnerabilities often allow attackers to bypass security mechanisms 
like sandboxing or authentication, enabling them to steal credentials, 
session tokens, or personal information stored in the browser. 

 Via BleepingComputer You might also like Google warns Salesloft Drift attack 
may have compromised Workspace accounts and Salesforce instances Take a look 
at our guide to the best authenticator app We've rounded up the best password 
managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/google-patches-another-worrying-chrome-
security-flaw-patch-now-or-be-at-risk


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.