CVE-2025-10585

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.185

Description A type confusion issue exists in the V8 JavaScript and WebAssembly engine. This flaw allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which can lead to memory reading/writing outside of intended boundaries and the execution of arbitrary code. This issue has been actively exploited in the wild, with specific reports indicating it has been used to target cryptocurrency wallet extensions to steal private keys and drain funds. Type confusion is a software error where a program accesses a resource using a type that is different from the type it was originally allocated.

Recommendations Update to version 140.0.7339.185 or higher.