Google has just released a critical security update for Chrome following the discovery of a serious vulnerability that is already being exploited in real-world attacks. The flaw, identified as CVE-2025-10585, directly affects the V8 engine, the component responsible for executing JavaScript and WebAssembly—in other words, the core that powers much of the browser’s functionality.
At TecnetOne, we understand how important it is to act quickly in the face of these kinds of threats. That’s why, if you use Google Chrome or any Chromium-based browser (such as Microsoft Edge, Brave, or Opera), this is an update you can’t afford to ignore.
It’s a zero-day vulnerability—meaning it’s a flaw that attackers discovered and began exploiting before a patch was available. In this case, it stems from a type confusion issue in the V8 engine, which could allow an attacker to:
Crash your browser, or worse…
Execute malicious code on your device without you knowing.
Google has marked this vulnerability as high severity and confirmed that it is already being actively exploited online.
The flaw was reported by Google’s Threat Analysis Group (TAG) on September 16, just one day before the security update was released. For now, the company has chosen not to disclose technical details to prevent widespread exploitation—at least until more users have updated their browsers.
In addition to CVE-2025-10585, Google used the same stable channel update for Chrome (September 17) to fix three other vulnerabilities also classified as high severity:
CVE-2025-10500: A use-after-free bug in the Dawn component
CVE-2025-10501: Another use-after-free, this time in WebRTC, which is essential for browser-based video calls
CVE-2025-10502: A stack buffer overflow in ANGLE, affecting graphics performance
Although there’s no confirmation that these three vulnerabilities are being actively exploited, their severity level means they should also be taken seriously.
Read more: Microsoft and Cloudflare Shut Down RaccoonO365 Phishing Hub
Vulnerabilities in V8 are especially critical because they directly impact the browser’s code execution engine. In the wrong hands, a flaw like this can be used to:
Install malware without the user knowing
Steal passwords, cookies, or personal data
Hijack web sessions (such as your email or social media)
Take control of the system, especially if it’s not well protected
And since this is a zero-day vulnerability, attackers usually move fast before users update their systems.
If you want to stay protected against the latest threats, the first thing you should do is make sure your browser is up to date. Keeping Chrome (or any Chromium-based browser like Edge, Brave, or Opera) current is essential, as updates include critical security patches like this one.
The versions that already include the fix are:
140.0.7339.185 / .186 for Windows and macOS
140.0.7339.185 for Linux
We recommend checking the version you’re currently using and updating as soon as possible if you don’t have the latest one yet. For more technical details, you can refer to Google’s official advisory.
While updating your browser is the most urgent step, there are other best practices that will help keep you protected against threats like CVE-2025-10585:
Don’t click on suspicious links or open emails from unknown senders.
Keep your operating system and all other software up to date.
Use a reliable antivirus with real-time protection.
Review your browser extensions and remove any you don’t use or recognize.
Consider enabling Chrome’s Site Isolation feature for an extra layer of security.
And if you manage multiple devices or work in a business environment, implementing a patch management solution like TecnetProtect Backup can make a big difference.
This tool not only lets you automate and monitor the deployment of security updates across all devices (preventing critical vulnerabilities like CVE-2025-10585 from going unpatched), but it also includes advanced automated backup functionality.
Thanks to this, you can quickly restore key systems or files in case of an attack, human error, or data loss—adding another layer of protection to your digital environment.
In short, TecnetProtect Backup combines device management, patching, and backup in a single solution, helping you keep your infrastructure always up to date, secure, and resilient against threats.