"The vuln, tracked as CVE-2025-10585, is a type confusion flaw in the V8 JavaScript and WebAssembly engine. This kind of vulnerability exists when the engine misinterprets a block of memory as one type of object when it's actually something else, and can lead to system crashes, arbitrary code execution, and when chained with other bugs, potentially a full system compromise via a malicious HTML page."
""Google is aware that an exploit for CVE-2025-10585 exists in the wild," the Chocolate Factory warned. Google Threat Analysis Group (TAG) discovered and reported the vulnerability. Considering the criminal crews that TAG tracks — these include nation-state spies and commercial spyware vendors — it's likely that this CVE was abused as a zero-day to steal sensitive information and snoop on high-value targets."
CVE-2025-10585 is a type confusion flaw in the V8 JavaScript and WebAssembly engine. Type confusion causes the engine to misinterpret a block of memory as the wrong object type, enabling crashes, arbitrary code execution, and potential full system compromise via a malicious HTML page. Google Threat Analysis Group (TAG) discovered and reported the vulnerability and confirmed an exploit exists in the wild. TAG tracks criminal crews including nation-state spies and spyware vendors, making it likely the CVE was abused as a zero-day to steal sensitive information and target high-value individuals. Update Chrome to 140.0.7339.185/.186 (Windows/macOS) or 140.0.7339.185 (Linux); relaunch to complete the update or force via chrome://settings/help. This is the sixth Chrome zero-day patched this year.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]