Google has released emergency updates to patch a Chrome zero-day vulnerability, CVE-2025-10585, which is actively exploited in attacks. The vulnerability stems from a type confusion weakness in the V8 JavaScript engine and has been targeted by government-sponsored threat actors. #CVE-2025-10585 #V8JavaScriptEngine
Keypoints
- Google released critical security updates for Chrome to fix a zero-day vulnerability.
- The vulnerability is caused by a type confusion flaw in the V8 JavaScript engine.
- Active exploits of CVE-2025-10585 have been reported in the wild, with a public exploit available.
- Recent patches include updates for Windows, Mac, and Linux versions of Chrome.
- Google routinely tracks zero-day exploits, especially those used in targeted spyware campaigns by threat actors.