On 17 Sept, Google released urgent security updates for Chrome 140, patching 4 high-severity vulnerabilities. The most critical, CVE-2025-10585, is a zero-day already exploited in the wild. It’s a type confusion flaw in the V8 JavaScript engine that could lead to crashes or even arbitrary code execution. Other patched vulnerabilities:
- CVE-2025-10500: Use after free in Dawn
- CVE-2025-10501: Use after free in WebRTC
- CVE-2025-10502: Heap buffer overflow in ANGLE
We’ve published an updated Chrome audit to help you find vulnerable installations in your environment
