CVE-2025-10585

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.185 Microsoft Edge (Chromium-based) versions prior to 140.0.7339.185 Opera versions prior to 122.0.5643.51 Opera GX versions prior to 122.0.5643.52 Opera Air versions prior to 121.0.5600.92 Opera for Android versions prior to 91.5

Description Google Chrome, and other Chromium-based browsers, are affected by a high-severity zero-day vulnerability (CVE-2025-10585). This is a type confusion flaw within the V8 JavaScript and WebAssembly engine. Attackers are actively exploiting this vulnerability in the wild. The flaw allows for remote code execution (RCE) via a crafted HTML page, potentially leading to complete system compromise. Exploitation does not require user interaction. This is the sixth zero-day vulnerability patched in Chrome this year. The vulnerability impacts systems running on Windows, macOS, and Linux. It is reported that the vulnerability primarily affects arm64 architecture. Attackers are leveraging this flaw to target cryptocurrency wallets, potentially draining funds and stealing private keys.

Recommendations Update Google Chrome to version 140.0.7339.185 or later. Update Microsoft Edge (Chromium-based) to version 140.0.7339.185 or later. Update Opera to version 122.0.5643.51 or later. Update Opera GX to version 122.0.5643.52 or later. Update Opera Air to version 121.0.5600.92 or later. Update Opera for Android to version 91.5 or later. Restart your browser after applying the update to ensure the changes take effect.