Update Chrome now: Google patches new zero-day threat

Google has patched its sixth actively exploited Chrome zero-day this year, highlighting the ongoing threat to users.

  Science/Technology   Oct 1, 2025   0   10  Add to Reading List

Google has released an urgent update for its Chrome browser to fix a newly discovered zero-day security flaw that hackers are already exploiting. This is the sixth zero-day Chrome has faced this year, highlighting just how quickly attackers move to take advantage of these hidden weaknesses. Because zero-day threats strike before developers can patch them, your personal data and browsing activity could be at risk if you don’t update right away. If you use Chrome, now is the time to upgrade.

 

 

A person is using the Google search engine on a laptop

 

A critical flaw in Chrome’s V8 engine

The newly patched vulnerability, tracked as CVE-2025-10585, stems from a type confusion weakness in Chrome’s V8 JavaScript engine. Google’s Threat Analysis Group (TAG) discovered and reported the bug on Tuesday, and the company shipped a fix the following day (via Bleeping Computer).

Google confirmed that the flaw was being exploited in the wild, though it did not share technical details or name the groups behind the attacks. TAG has a history of uncovering zero-days tied to government-sponsored spyware campaigns aimed at high-risk individuals such as opposition leaders, journalists, and dissidents.

The fix was delivered through Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux. These updates will gradually reach all users in the Stable Desktop channel over the coming weeks.

While Chrome typically updates automatically, you can apply the patch immediately by navigating to the About Google Chrome section (more on this later). Google stated that it is withholding full technical details until most users have installed the update, a precaution meant to prevent attackers from exploiting lagging systems.

A person is using a computer

 

A growing list of zero-day attacks in 2025

This marks the sixth zero-day flaw patched in Chrome this year. In March, Google addressed CVE-2025-2783, a sandbox escape bug exploited in espionage attacks against Russian organizations. In May, it pushed emergency updates for CVE-2025-4664, which let attackers hijack user accounts.

Then in June, another flaw in the V8 engine, CVE-2025-5419, was patched after being spotted by TAG. July saw the release of a fix for CVE-2025-6558, which allowed attackers to bypass Chrome’s sandbox protection. With this latest patch, Google continues a busy year of racing to secure its browser against rapidly emerging threats.

 

How to update Google Chrome on a desktop

Updating Chrome only takes a minute, whether you’re on Mac or Windows. Here are the steps.

  • Open Chrome.
  • Click the three dots in the top-right corner.
  • Go to Help > About Google Chrome.
  • Wait while Chrome checks for updates.
  • Click Relaunch when the update finishes.

How to update Chrome on iPhone

  • Open the App Store on your iPhone.
  • Tap your profile icon in the top-right corner.
  • Scroll down to see pending updates.
  • Find Google Chrome in the list.
  • Tap Update next to it (or Update All if you want to update everything).

 

How to update Chrome on Android

Settings may vary depending on your Android phone’s manufacturer

  • Open the Google Play Store on your Android device.
  • Tap your profile icon in the top-right corner.
  • Select Manage apps & device.
  • Under “Updates available,” look for Google Chrome.
  • Tap Update to install the latest version.

A person is using a laptop

 

5 ways to stay safe from Chrome zero-day attacks

Updating Chrome is essential, but there are additional steps you can take to stay safe from attacks.

 

1) Be cautious with links and downloads and use strong antivirus software

Many zero-day attacks are delivered through malicious websites or email attachments. Avoid clicking unknown links or downloading files from unverified sources, especially if they prompt you to disable security settings. Also, use strong antivirus software to add another layer of defense to detect malicious code that tries to run through compromised browsers. A strong antivirus can spot suspicious activity before it takes hold. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

 

2) Enable two-factor authentication (2FA)

Even if attackers manage to steal your login details through a browser exploit, 2FA makes it much harder for them to break into your accounts. Use an authenticator app instead of SMS when possible for stronger protection.

 

3) Rely on a password manager

If attackers exploit the browser to steal login data, a password manager keeps your credentials safe and helps generate unique, complex passwords. Even if one account is targeted, it prevents a domino effect across your logins.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

 

4) Limit browser extensions

Some extensions can be abused to make attacks worse. Stick to extensions from trusted developers, review permissions carefully, and uninstall anything you no longer need.

 

5) Keep your operating system updated

Chrome updates are critical, but attackers can also exploit holes in Windows, macOS, Android, or iOS. Regular OS updates patch vulnerabilities across the system, reducing the chances of a browser exploit spreading further.

 

 

Related Links:

 

 

Kurt’s key takeaway

The fact that Chrome has already faced six zero-day attacks this year shows how relentless attackers are and how even the most popular software can have serious gaps. These flaws are not just bugs, but opportunities for hackers to exploit millions of users before fixes roll out. The pattern also highlights the growing sophistication of threat actors, including state-backed groups targeting high-risk individuals. No browser is completely safe, and the battle to secure widely used software is ongoing and far from over.

Do you think Google is reacting fast enough to keep your data secure? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Read Original   

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow