- Google Patches Fire Krombugs, including actively utilized zero-day CVE-2025-10585
- The zero-day is a type of confusion defect in V8 that allows potentially arbitrary code execution
- Chromes Popularity makes it a primary target for cyber criminals who utilize the vulnerabilities of the browser
Google has fixed four bugs found in its Chrome browser, including a zero day that is apparently utilized in the wild.
In a security counseling, Google said it patched a heap-buffer overflow at angle (CVE-2025-10502), a user-after-free error in the WebrTC (CVE-2025-10501) and a separate use-free in dawn (CVE-20125-10500). The fourth error, the one utilized as a zero day, is a type of confusion error in the V8.
One type of confusion defect in Chrome’s V8 JavaScript engine is a memory security problem that happens when the engine treats a variable or object as a different type than it actually is. This incorrect identification can lead to serious problems, including dynch corruption and arbitrary code execution.
Abuses zero days
This is the vulnerability of the sixth zero-day, which Google patched in Chrome alone in 2025.
In this case, Google said it didn’t want to share too many details before everyone patches up to protect against additional attacks.
“Access to abdominal details and links can be kept limited until a majority of users are updated with a solution,” the advisory reads. “We will also retain restrictions if the error is found in a third -party library that other projects similarly depend on, but have not yet resolved.”
The error is now traced as CVE-2025-10585 and has not yet been received a difficulty. It is only described as a “high-swarming” error.
Google fixed it with versions 140.0.7339.185/.186 for Windows/Mac and 140.0.7339.185 for Linux, which will be rolled out in the coming days and weeks.
Chrome is the most popular browser in the world with a market share of almost 70%, making it a popular target for cyber criminals.
MISCREANTS can use browser bugs to gain unauthorized access to sensitive data, compromise user accounts and even take control of entire systems. These vulnerabilities often allow attackers to bypass security mechanisms such as sandbox or approval, allowing them to steal credentials, sessions or personal information stored in the browser.
Via Bleeping computer
