Particle.news
Download on the App Store
11 ARTICLES
·
3h ago

Google Rushes Chrome 140 Update to Fix Actively Exploited V8 Zero-Day

An in-the-wild exploit targeting Chrome’s V8 engine triggered an out-of-cycle fix now rolling out to desktops.

Image
Image
Google Chrome
blank

Overview

  • The patched flaw, tracked as CVE-2025-10585, is a type confusion bug in the V8 JavaScript/WebAssembly engine reported by Google’s Threat Analysis Group on September 16.
  • Google released Chrome versions 140.0.7339.185/.186 for Windows and macOS and 140.0.7339.185 for Linux, with updates delivered via the Stable channel.
  • Three additional high-severity issues were fixed: CVE-2025-10500 (Dawn), CVE-2025-10501 (WebRTC), and CVE-2025-10502 (ANGLE), the last credited to Google’s Big Sleep AI bug hunter.
  • Users are advised to install the update promptly and relaunch the browser, or check manually via Menu > Help > About Google Chrome to complete the upgrade.
  • This is the sixth Chrome zero-day addressed in 2025, and Google is withholding technical details until most users receive the fix, with other Chromium-based browsers expected to issue corresponding patches.