CVE-2025-10585

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.185 Microsoft Edge (affected versions not specified) Chromium (affected versions not specified) Brave (affected versions not specified) Opera (affected versions not specified) Vivaldi (affected versions not specified)

Description A type confusion issue exists in the V8 JavaScript and WebAssembly engine. This flaw allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which can lead to the execution of arbitrary code, denial of service, or information disclosure. Type confusion occurs when the software incorrectly identifies the data type of an object, potentially allowing memory reads or writes outside of intended boundaries. This issue has been actively exploited in the wild, with specific reports indicating it has been used to target cryptocurrency wallets by bypassing browser sandboxing to access private keys stored in memory or extensions.

Recommendations Update to version 140.0.7339.185 or higher. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Microsoft Edge, Chromium, Brave, Opera, and Vivaldi.