Google
CVE-2025-10585
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Google Chrome V8 JavaScript engine contains a type confusion vulnerability enabling heap corruption through crafted HTML pages, exploited in the wild in June 2025.
Technical ContextAI
The CWE-843 type confusion in V8 causes the engine to misinterpret JavaScript object types, leading to heap corruption that can be leveraged for arbitrary read/write and code execution.
RemediationAI
Update Chrome immediately. Enable Chrome auto-updates via enterprise policy.
Same technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today