Actively exploited in the wild
Google Chromium V8 Type Confusion Vulnerability
Google - Chromium V8 · Listed in the CISA KEV since 2025-09-23. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-10585
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Very high risk92th percentile - higher than 92% of all known CVEs
Summary
A type confusion vulnerability in the V8 engine in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as high severity.
Risk Assessment
An attacker could remotely trigger heap memory corruption, potentially leading to arbitrary code execution or browser crash, compromising user data confidentiality and integrity.
Recommendation
Immediately update Google Chrome to version 140.0.7339.185 or later and notify users to apply the update.
Original NVD description (English source)
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

