Zero-Day Exploit in Google Chrome’s V8 JavaScript and WebAssembly Engine (CVE-2025-10585)
September 23rd, 2025
High
Our Cyber Threat Intelligence Unit has identified an actively exploited zero-day vulnerability in Google Chrome’s V8 JavaScript and WebAssembly engine, tracked as CVE-2025-10585. Google released emergency Stable Channel updates to patch the vulnerability and advised users to update Chrome immediately to the fixed builds (140.0.7339.185/.186 for Windows/macOS and 140.0.7339.185 for Linux). The vulnerability is a type-confusion bug in V8 that leads to memory corruption. Google’s Threat Analysis Group (TAG) confirmed active exploitation. Full technical details are being withheld until a majority of users have updated to the patched versions.
Technical Details
CVE ID: CVE-2025-10585
Attack Type: Remote Code Execution (via V8 memory corruption).
Severity: High.
Vulnerability Type: Type confusion in V8 (mismatched type handling → memory corruption).
Delivery Method: Visiting a specially crafted web page containing malicious JavaScript or WebAssembly code.
Affected Products: Google Chrome prior to 140.0.7339.185/.186 (Windows/macOS) and 140.0.7339.185 (Linux). Other Chromium-based browsers may also be affected until they adopt the fix.
Exploit Status: Google confirmed active exploitation in the wild. Technical details remain restricted.
Impact
Successful exploitation could enable arbitrary code execution within the browser process.
Exploitation increases the risk of further compromise if chained with additional vulnerabilities.
Given Chrome’s wide adoption, unpatched systems are high-risk targets until updates are applied.
This marks the sixth actively exploited Chrome zero-day patched in 2025, underscoring the elevated targeting of Chromium-based browsers.
Detection Method
Monitor for abnormal browser crashes or instability when rendering JavaScript / WebAssembly content.
Inventory Chrome installations and flag versions earlier than 140.0.7339.185/.186.
Leverage EDR tools to detect exploit behavior, such as memory corruption or suspicious child process spawns (e.g., PowerShell, cmd, mshta from Chrome).
Audit web traffic for attempts to load JavaScript/WASM from unfamiliar or suspicious domains.
Indicators of Compromise
There are no Indicators of Compromise (IOCs) for this Advisory.
Recommendations
Update Chrome immediately to versions 140.0.7339.185/.186 (Windows/macOS) or 140.0.7339.185 (Linux).
Ensure auto-update is enabled and remind users to restart Chrome so updates are applied.
Apply equivalent patches for other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) as they become available.
Increase monitoring of browser crashes and suspicious script loads.
In high-risk environments, consider temporary restrictions on untrusted JavaScript/WebAssembly execution until patching is confirmed.
Conclusion
CVE-2025-10585 is an actively exploited type-confusion vulnerability in Chrome’s V8 engine. While Google has confirmed exploitation in the wild, technical details remain restricted. Due to Chrome’s widespread usage and the frequency of zero-day exploits in 2025, organizations must prioritize repairing unpatched systems, and continue to monitor official Google TAG and trusted vendor feeds for any released exploit indicators to enhance detections.