Google is rolling out a patch for a zero-day vulnerability in the V8 JavaScript engine that is believed to have been actively exploited.
Google has released an update for a newly discovered zero-day vulnerability in Chrome. With this, the tech giant has already resolved six exploits this year. The vulnerability in question is CVE-2025-10585, a serious security flaw in the browser’s V8 JavaScript engine. In a security advisory, Google acknowledges that the vulnerability has been exploited.
Exploited in Attacks
The vulnerability was reported on Tuesday by Google’s Threat Analysis Group (TAG). A day later, the emergency patch was released in version 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux.
Google has not yet shared details on how the bug is being exploited, but confirms that attacks are already taking place. Information will remain limited until most users have installed the update.
How to Install the Update Immediately
Chrome usually updates automatically, but you can speed this up via Menu > Help > About Google Chrome. Install the update and then click ‘Restart’ to activate the patch immediately.
This is already the sixth actively exploited Chrome zero-day that Google has patched this year, according to BleepingComputer. Previous vulnerabilities, such as the previous “use after free” vulnerability in May, led to account takeovers among other issues. In 2024, ten similar zero-days were resolved.