CVE-2025-10585

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.185 Microsoft Edge versions prior to 140.0.7339.185 Opera versions prior to 122.0.5643.51 Opera GX versions prior to 122.0.5643.52 Opera Air versions prior to 121.0.5600.92 Opera for Android versions prior to 91.5

Description Google Chrome, and other Chromium-based browsers, are affected by a high-severity zero-day vulnerability (CVE-2025-10585) in the V8 JavaScript engine. This is a type confusion flaw that allows for remote code execution via a crafted HTML page. The vulnerability is actively exploited in the wild, with reports indicating it has been used to target cryptocurrency wallets and potentially other sensitive data. The vulnerability allows attackers to bypass browser sandboxing and potentially gain control of the affected system. This is the sixth zero-day vulnerability patched in Chrome this year. The vulnerability affects versions prior to 140.0.7339.185 for Chrome and Microsoft Edge, and prior versions for Opera and Opera-based browsers.

Recommendations Update Google Chrome to version 140.0.7339.185 or later. Update Microsoft Edge to version 140.0.7339.185 or later. Update Opera to version 122.0.5643.51 or later. Update Opera GX to version 122.0.5643.52 or later. Update Opera Air to version 121.0.5600.92 or later. Update Opera for Android to version 91.5 or later.