September 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
TP-Link 0-Day RCE Exploited with ASLR Bypass, PoC Published
September 18, 2025
TP-Link 0-Day RCE Exploited with ASLR Bypass, PoC Published
September 18, 2025
Severity
High
Analysis Summary
Google has released a new round of security updates for its Chrome browser, addressing four vulnerabilities, including a zero-day flaw actively exploited in the wild. Tracked as CVE-2025-10585, the issue is a type confusion bug in Chrome’s V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can be particularly dangerous as they allow attackers to trigger unexpected program behavior, potentially enabling arbitrary code execution, crashes, or full compromise of a system.
The flaw was reported on September 16, 2025, by Google’s Threat Analysis Group (TAG), which investigates targeted attacks. In line with standard practice, Google has not released detailed information about the exploit, threat actors, or attack campaigns leveraging the bug, in order to reduce the risk of broader exploitation before patches are widely applied. The company confirmed, however, that active exploitation of the flaw has already been observed.
CVE-2025-10585 is the sixth Chrome zero-day vulnerability disclosed in 2025 so far. Other zero-days patched this year include CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, CVE-2025-6554, and CVE-2025-6558, highlighting the persistent targeting of Chrome’s widely used browser engine by attackers.
To mitigate risks, users are strongly advised to update Chrome immediately. The patched versions are 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux. Updates can be confirmed by navigating to More > Help > About Google Chrome and clicking Relaunch.
Since many popular browsers are based on the Chromium engine, including Microsoft Edge, Brave, Opera, and Vivaldi, users of these platforms are also urged to monitor for and apply corresponding security updates as soon as they become available.
This latest incident underscores the critical importance of prompt patching and the continued appeal of Chrome as a high-value target for attackers in 2025.
Impact
- Unauthorized Access
- System Compromise
- Arbitrary Code Execution
Indicators of Compromise
CVE
CVE-2025-10585
Affected Vendors
Google Chrome
Remediation
- Update Chrome to version 140.0.7339.185/.186 on Windows and macOS, and 140.0.7339.185 on Linux to patch the flaw
- Restart the browser after updating to ensure the fix is applied
- Regularly check the “About Google Chrome” section to verify updates are installed
- Apply available security fixes for other Chromium-based browsers like Edge, Brave, Opera, and Vivaldi
- Enable automatic updates to minimize exposure to zero-day exploits
- Stay alert to advisories from Google TAG and related security teams for emerging threats