Unchecked Chrome Zero-Day Exploit Being Used in Real-world Attacks - Swiftly Apply Patch Solutions
In a significant move to secure its web browser, Google has released an emergency security update for Chrome to address multiple high-severity zero-day vulnerabilities. The update comes following the discovery of these flaws by Google's Threat Analysis Group (TAG) on September 16, 2025.
One of the vulnerabilities, CVE-2025-10585, is a use-after-free vulnerability in Dawn, a graphics abstraction layer. Another, CVE-2025-10500, is a Type Confusion flaw in the V8 JavaScript and WebAssembly engine. CVE-2025-10501 is another use-after-free flaw found in the WebRTC component, while CVE-2025-10502 is a heap buffer overflow in ANGLE, a graphics engine translation layer.
Google is currently restricting access to the bug details and links related to these vulnerabilities to prevent further abuse. However, the company has awarded a bug bounty payment of $15,000 for one of the discovered flaws.
The vulnerabilities are being actively exploited in the wild, making it crucial for all Chrome users to update their browsers immediately. To stay informed about instant updates, users are advised to follow Google News, LinkedIn, and X.
To check your Chrome version and apply the update, navigate to the 'Help' menu and select 'About Google Chrome.' The new stable channel version for Windows and Mac is 140.0.7339.185/.186, and for Linux, it is 140.0.7339.185. The update will be rolling out to all users over the coming days and weeks.
It's worth noting that this security update for Google Chrome addresses three additional high-severity vulnerabilities, making it the latest in a series of zero-days discovered and patched in Chrome this year. A successful exploit could allow a remote attacker to escape the browser's security sandbox, posing a significant threat to user security.
To mitigate the immediate threat, users should manually trigger the update process. All Google Chrome users on Windows, macOS, and Linux are strongly urged to update their browsers immediately to protect against potential attacks.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
- Dynamic interplay of power and communication channels set the course for the network's new era
