CVE-2025-10585
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-10585. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Available Exploits
Related News
Chrome faces its sixth zero-day attack in 2025 as Google patches critical V8 engine flaw CVE-2025-10585 discovered by Threat Analysis Group.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium flaw, tracked as CVE-2025-10585, to i…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-10585 Google Chromium V8 Type Confusion Vulnerability This type of vulnerability is a frequent at…
Affected Products
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Malicious code in bioql (PyPI)
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: September 24, 2025, Modified: September 24, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Action1 and the Opera browser We are quite new to Action1 and I like it a lot but I cant understand the following My company develops websites so we are using most major browsers for testing. Our users of Opera always ends up with vulnerability warning even do they have …
Major Cybersecurity Alerts: Chrome 0-Day, Record DDoS Attack and More **This week's cybersecurity landscape saw critical vulnerabilities and unprecedented attack volumes, emphasizing the urgent need for robust defenses.** **Key Points:** - Google issued an urgent patch for a high-severity zero-day flaw in Chrome, exploited by attackers. - A record DDoS …
Major Cybersecurity Alerts: Chrome 0-Day, Record DDoS Attack and More **This week's cybersecurity landscape saw critical vulnerabilities and unprecedented attack volumes, emphasizing the urgent need for robust defenses.** **Key Points:** - Google issued an urgent patch for a high-severity zero-day flaw in Chrome, exploited by attackers. - A record DDoS …
🔥 Top 10 Trending CVEs (26/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-20333](https://nvd.nist.gov/vuln/detail/CVE-2025-20333)** - 📝 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, …
🔥 Top 10 Trending CVEs (25/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-51591](https://nvd.nist.gov/vuln/detail/CVE-2025-51591)** - 📝 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. - 📅 **Published:** …
CVE Alert: CVE-2025-10585 – Google – Chrome
CISA Alerts on Active Exploitation of Google Chrome 0-Day Vulnerability **A serious zero-day vulnerability in Google Chrome is being actively exploited, prompting urgent action for users and organizations.** **Key Points:** - CISA has added Google Chrome's CVE-2025-10585 to its Known Exploited Vulnerabilities catalog. - The vulnerability is a type confusion …