Overview

• The flaw, tracked as CVE-2025-10585, is a type confusion bug in Chrome’s V8 engine reported by Google’s Threat Analysis Group on September 16.
• Patched builds are 140.0.7339.185/.186 for Windows and macOS and 140.0.7339.185 for Linux, and users must relaunch Chrome after updating.
• Google confirmed an exploit exists in the wild and says disclosure will remain restricted until patch adoption is widespread.
• The release also fixes three high-severity issues in Dawn (CVE-2025-10500), WebRTC (CVE-2025-10501), and ANGLE (CVE-2025-10502), with the ANGLE bug credited to the Big Sleep AI agent.
• This marks the sixth Chrome zero-day reported as exploited in 2025, and users of other Chromium-based browsers such as Edge, Brave, Opera, and Vivaldi are advised to apply their vendors’ updates when available.