Google has released an immediate security update for its Chrome browser to patch a newly identified zero-day vulnerability actively exploited by cybercriminals. This marks the sixth zero-day flaw addressed in Chrome this year, underscoring the rapid pace at which attackers are discovering and weaponizing hidden vulnerabilities within the popular browser.

Critical Vulnerability CVE-2025-10585 Discovered and Patched

The vulnerability, designated as CVE-2025-10585, stems from a type confusion issue in Chrome’s V8 JavaScript engine. Discovered by Google’s Threat Analysis Group (TAG), the flaw was reported on Tuesday, with a fix deployed the very next day. The flaw’s exploitation in the wild was confirmed by Google, although specific details and the identity of the hacking groups involved remain undisclosed. TAG’s investigations have historically linked similar zero-day exploits to nation-state espionage campaigns targeting journalists, opposition leaders, and dissidents.

Update Details and How to Apply It Immediately

The security patch is available in Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux. Users are encouraged to update their browsers promptly by navigating to the ‘About Google Chrome’ section, where the update can be applied manually. Google is withholding comprehensive technical details temporarily to prevent malicious actors from exploiting systems that haven’t yet installed the fix.

Other Zero-Day Flaws Addressed in 2025

This latest patch adds to a growing list of critical vulnerabilities patched this year. In March, Google fixed CVE-2025-2783, a flaw exploited in espionage campaigns against Russian entities. May saw an emergency update for CVE-2025-4664, which allowed account hijacking. June’s patch addressed CVE-2025-5419, a V8 engine flaw, while July’s update fixed CVE-2025-6558, which enabled sandbox bypasses. These incidents highlight the persistent and evolving threat landscape targeting Chrome and its underlying components.

Enhancing Your Security Beyond Browser Updates

While keeping Chrome up to date is crucial, users should adopt additional security practices. Avoid clicking on suspicious links or downloading files from untrusted sources, especially those prompting you to disable security features. Employ reputable antivirus software to detect malicious activity early, and consider using two-factor authentication (2FA) with authenticator apps instead of SMS codes for stronger account protection. Password managers can generate and store complex, unique passwords, reducing the risk of credential reuse across multiple sites.

Stay Informed and Prepared

Regularly check if your email or passwords have been compromised using trusted breach detection tools. If you find your credentials in a breach, change them immediately and enable 2FA wherever possible. Be cautious with browser extensions, only installing those from trusted sources and reviewing permissions carefully. Additionally, keep your operating system and all software up to date, as vulnerabilities in Windows, macOS, Android, and iOS can also be exploited through browser vulnerabilities.

The frequency of zero-day exploits illustrates the ongoing need for vigilance and proactive security measures. Despite updates and safeguards, no software is completely invulnerable. Staying informed and cautious remains essential in defending your digital presence against sophisticated threat actors, including nation-sponsored groups targeting high-profile individuals.

Ethan Cole

I'm Ethan Cole, a tech journalist with a passion for uncovering the stories behind innovation. I write about emerging technologies, startups, and the digital trends shaping our future. Read me on x.com