Google has issued an urgent update for the Chrome browser to address a zero-day security vulnerability that hackers are actively exploiting. This marks the sixth instance of such a threat in Chrome this year, illustrating how swiftly attackers move to capitalize on these vulnerabilities.
A zero-day threat can exploit weaknesses before developers have the chance to roll out fixes. Therefore, if you use Chrome, it’s crucial to update your browser right away to protect your personal data and browsing habits.
Critical flaws in Chrome’s V8 engine
The vulnerability, labeled CVE-2025-10585, originates from a type confusion issue within Chrome’s V8 JavaScript engine. The Google Threat Analysis Group (TAG) identified this flaw and shared their findings on Tuesday, with Google quickly deploying a fix the next day, as reported by Bleeping Computer.
While Google confirmed that the weakness was being exploited, they kept technical specifics and the hacker group’s identity undisclosed. TAG has previously linked zero-days to state-sponsored spyware targeting vulnerable individuals, such as dissenters and journalists.
This latest patch applies to Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux. Updates will progressively reach all users on stable desktop channels over the coming weeks.
Typically, Chrome updates automatically, but users can manually check for updates by navigating to the About Google Chrome section. Google is careful not to disclose technical details until after users have installed the update, as a safeguard against potential exploitations.
Previous zero-day vulnerabilities fixed
This is the sixth zero-day vulnerability resolved in Chrome this year. Earlier in March, Google addressed CVE-2025-2783, a sandbox escape flaw exploited in attacks against Russian entities. An emergency fix was then issued in May for CVE-2025-4664, which enabled account takeovers.
In June, another issue within the V8 engine—CVE-2025-5419—was patched, followed in July by a fix for CVE-2025-6558 that allowed attackers to bypass Chrome’s sandbox protections. With this most recent solution, Google continues its vigilance in securing its browser against the relentless emergence of new threats.
How to update Google Chrome on your desktop
Updating Chrome just takes a minute or so:
- Open Chrome.
- Click the three dots in the top right corner.
- Select Help > About Google Chrome.
- Wait for Chrome to check for updates.
- Once it’s done, click Relaunch.
How to update Chrome on iPhone
- Open the App Store on your iPhone.
- Tap the profile icon in the top right corner.
- Scroll down to find Pending Updates.
- Look for Google Chrome in the list.
- Tap Update next to it or Update All if you want to update everything.
How to update Chrome on Android
Settings may vary based on the manufacturer of your Android device.
- Open the Google Play Store on your Android device.
- Tap the profile icon in the top right corner.
- Select Manage apps and devices.
- Under “Available Updates,” find Google Chrome.
Tap Update to install the latest version.
5 Ways to Stay Safe from Chrome Zero-Day Attacks
Updating Chrome is crucial, but you can also take extra steps to safeguard against attacks.
1) Be cautious with links and downloads, and use strong antivirus software
Many zero-day attacks come through malicious websites or email attachments. Avoid clicking on unfamiliar links or downloading files from unverified sources, especially those that ask you to disable safety settings. Employ robust antivirus software as an extra layer of protection to spot any malicious activities before they can affect your system.
2) Enable two-factor authentication (2FA)
If an attacker manages to steal your login details, having 2FA adds a significant hurdle to accessing your accounts. It’s best to opt for an Authenticator app instead of SMS, whenever possible.
3) Use a password manager
Password managers can secure your credentials and generate strong, unique passwords. This is important since if one account is compromised, it can prevent a cascade of other accounts from falling victim.
4) Limit browser extensions
Some extensions might actually increase your vulnerability. Stick with trusted developers, check permissions actively, and remove any extensions you no longer use.
5) Keep your operating system updated
While updating Chrome is vital, vulnerabilities can also exist in your OS—be it Windows, macOS, Android, or iOS. Regular updates to the operating system can patch these security gaps and help prevent further browser exploits.
Final thoughts
This sixth zero-day flaw in Chrome this year underscores the relentless nature of cyber threats. Even popular software can harbor significant vulnerabilities. These flaws aren’t just mere bugs; they’re chances for hackers to exploit thousands of users before fixes are implemented. This trend also points to increasingly sophisticated attackers, including those backed by state resources, who target vulnerable individuals. The ongoing battle to secure widely used software remains crucial.
Do you believe Google is responding quickly enough to protect your data? Feel free to share your thoughts in the comments.
