Google Chrome Issues Critical Security Update for Zero-Day Exploit

Emergency Security Patch Deployed

Google has released an urgent security update for Chrome addressing four high-severity vulnerabilities, including a zero-day exploit actively being used in attacks. The stable channel update version 140.0.7339.185/.186 for Windows/Mac and 140.0.7339.185 for Linux contains critical fixes that users should install immediately.

Zero-Day Vulnerability Details

The most critical vulnerability, CVE-2025-10585, is a type confusion flaw in Chrome's V8 JavaScript engine that attackers are actively exploiting. This high-severity issue allows remote code execution and could enable attackers to take control of affected systems. Google's Threat Analysis Group discovered the vulnerability on September 16, 2025, and the company is offering a $15,000 bounty for the discovery.

'We are aware that an exploit for CVE-2025-10585 exists in the wild and recommend users update immediately,' stated Srinivas Sista from Google Chrome's security team.

Additional Security Fixes

The update addresses three other high-severity vulnerabilities: CVE-2025-10500 (use-after-free in Dawn graphics framework), CVE-2025-10501 (use-after-free in WebRTC), and CVE-2025-10502 (heap buffer overflow in ANGLE graphics layer). These vulnerabilities were reported by external security researchers between August 3-23, 2025.

Update Process and Recommendations

Chrome will automatically update for most users. To manually check for updates, navigate to Chrome's menu > Help > About Google Chrome. The browser will check for and install any available updates. Enterprise administrators should deploy the update across their organizations promptly.

Google utilizes advanced security tools including AddressSanitizer, MemorySanitizer, and Control Flow Integrity to detect and prevent such vulnerabilities during development. The company maintains a robust security program with bug bounty rewards reaching up to $15,000 for critical findings.