CVE-2025-10585

ENISA EUVD: EUVD-2025-31006 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 6 articles Published: 2025-09-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.79%

probability

This CVE has a 0.79% probability of being exploited in the next 30 days.

0% Top 74.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google

Chrome

140.0.7339.185

google

chrome

Google

Chrome

140.0.7339.185 <140.0.7339.185

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Patched

Sept. 17, 2025

Reported by

Google Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day

Google patched CVE-2025-10585, a Chrome V8 zero-day under active exploitation — here’s what it is, why it matters, and how to stay safe.

13 2025-09-19

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

https://issues.chromium.org/issues/445380761

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.79%

CVSS v3.1 8.8

Mentions 6

Last Seen Dec 11, 2025

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2025-10585 is confirmed as actively exploited in the wild, as evidenced by multiple credible sources (BleepingComputer, TheHackerNews) reporting Google's patch for this sixth Chrome zero-day vulnerability exploited in 2025. The high CVSS score (8.8), involvement of Google Project Zero, and documented active exploitation provide strong corroboration for the CONFIRMED status.