Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in Google Chrome
Alerts

Active Exploitation of Zero-Day Vulnerability in Google Chrome

19 September 2025

Google has released security updates to address a zero-day vulnerability in its Chrome browser. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Google has released security updates addressing a zero-day vulnerability (CVE-2025-10585) in their Chrome browser. 

Impact

Successful exploitation of the type confusion weakness in Google Chrome's V8 JavaScript could allow an attacker to perform arbitrary code execution or crash the browser.

Affected Products

This vulnerability affects versions of Google Chrome prior to 140.0.7339.185/.186 on Windows and macOS, and 140.0.7339.185 on Linux.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Mitigation

Users of Chrome browsers are advised to upgrade their browser to the latest versions.

Users are also encouraged to enable automatic updates in Chrome browser to ensure that their software is updated promptly.

References 

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html?m=1

https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/

https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/

https://securityaffairs.com/182322/uncategorized/cve-2025-10585-is-the-sixth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html


Back to top