Google released a critical security update for its Chrome web browser to address four vulnerabilities, including a high-severity zero-day flaw that is already being exploited in the wild.
The zero-day vulnerability, tracked as CVE-2025-10585, is described as a type confusion issue in Chrome's V8 JavaScript and WebAssembly engine.
Google confirmed real-world exploitation but, in line with its usual policy, withheld technical details to prevent further abuse.
CVE-2025-10585 marks the sixth zero-day vulnerability in Chrome this year, following CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558.
Users are strongly advised to update to Chrome version 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Users can check for updates by navigating to More > Help > About Google Chrome, and relaunching the browser.