CVE Catalog

Actively exploited in the wild

Google Chromium V8 Type Confusion Vulnerability

Google - Chromium V8 · Listed in the CISA KEV since 2025-09-23. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-10585

CriticalCVSS 9.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
5.42%

92th percentile - higher than 92% of all known CVEs

Summary

A type confusion vulnerability in the V8 engine in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as high severity.

Risk Assessment

An attacker could remotely trigger heap memory corruption, potentially leading to arbitrary code execution or browser crash, compromising user data confidentiality and integrity.

Recommendation

Immediately update Google Chrome to version 140.0.7339.185 or later and notify users to apply the update.

Original NVD description (English source)

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS