Chrome Patches Zero-Day Vulnerabilities enabling Remote Code Execution

• CVE-2025-10585: It is a type of confusion vulnerability in the V8 JavaScript and WebAssembly engine that enables memory corruption, arbitrary code execution, and sandbox escape through malicious webpages. Exploiting this flaw could allow attackers to bypass Chromes security mechanisms and perform unauthorized actions. The vulnerability has a CVSS score of 8.1.
• CVE-2025-10500: It is a use-after-free vulnerability in the Dawn graphics abstraction layer that can cause memory corruption and potentially lead to arbitrary code execution or sandbox escape when triggered by crafted web content. Successful exploitation could allow attackers to gain control of the browser process or execute malicious code remotely. The vulnerability has a CVSS score of 7.8.
• CVE-2025-10501: It is a use-after-free vulnerability in Chromes WebRTC component that can lead to heap corruption and potentially arbitrary code execution or browser compromise when a user visits specially crafted web content. Exploiting this vulnerability could allow attackers to execute malicious code remotely and bypass browser security protections. The vulnerability has a CVSS score of 7.9.
• CVE-2025-10502: It is a heap buffer overflow in Chromes ANGLE component that can cause memory corruption and, if successfully exploited via crafted web content, enable arbitrary code execution or a sandbox escape. Attackers could leverage this vulnerability to gain unauthorized control over the browser and execute malicious operations remotely. The vulnerability has a CVSS score of 8.4.

RECOMMENDATION:

• We strongly recommend you update Google Chrome for Linux to version 140.0.7339.185 and for Windows, macOS to version 140.0.7339.185/.186.

REFERENCES:

The following reports contain further technical details:

• https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/