Скачать или смотреть Google Patches Actively Exploited Chrome Zero-Day

…
Google has issued an urgent update for Chrome to fix a zero-day vulnerability (CVE-2025-10585) exploited in the wild, marking the sixth such case of the year.

The flaw, a type confusion issue in the V8 JavaScript and WebAssembly engine, enables attackers to craft malicious HTML pages that can perform arbitrary memory operations remotely. While Google has not released detailed technical information, the involvement of its Threat Analysis Group (TAG) hints at possible links to spyware vendors.

Other vulnerabilities patched include two use-after-free bugs in Dawn and WebRTC (CVE-2025-10500 and CVE-2025-10501), as well as a heap buffer overflow in ANGLE (CVE-2025-10502), which was identified by Google’s Big Sleep AI agent.

The zero-day vulnerability was found internally, so no bounty was paid, unlike the other flaws that earned rewards of up to $15,000. Updated Chrome versions 140.0.7339.185/.186 for Windows and macOS and 140.0.7339.185 for Linux are now available.


RECOMMENDATIONS:

1. Ensure all endpoints running Chrome are updated to the latest version to reduce the risk from CVE-2025-10585 and related vulnerabilities.

2. Configure Chrome to automatically update in managed environments to minimize exposure to actively exploited vulnerabilities.

…

Visit our blog for more daily Intel ➜ https://cyderes.com/blog

See our newsletter for deeper monthly insights ➜ https://cyderes.com/newsletter

Catch our podcast for brief cyber updates ➜    / @beeverydayready  

Follow our story ➜   / cyderes  

…

#beeverydayready #cybersecurity #cyderes