Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
Red Hot Cyber Academy
Crowdtour Promo Banner For Milan V1 970x120 Desktop
Google Chrome Zero-Day Vulnerability: CISA Warns and Files Bug on KEV

Google Chrome Zero-Day Vulnerability: CISA Warns and Files Bug on KEV

Redazione RHC : 24 September 2025 16:01

The United States has received an alert from the Cybersecurity and Infrastructure Security Agency (CISA) regarding a highly critical zero-day flaw in Google Chrome, which is currently being exploited in ongoing attacks.

In response to the active exploitation, CISA directed Federal Civilian Executive Branch ( FCEB ) agencies to apply required security updates by October 14, 2025, in accordance with Binding Operational Directive (BOD) 22-01.

A vulnerability, designated CVE-2025-10585, has been added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting the immediate need for urgent action by users and administrators. Google has confirmed that it is aware of an exploit for this flaw and has released security updates to address the threat.

A type confusion flaw in Chrome’s JavaScript and WebAssembly V8 engine leads to the vulnerability. When a program attempts to access a resource with an incompatible type , a type confusion error, known as CWE-843, occurs, leading to incorrect data interpretation. This can lead to memory corruption, which an attacker can exploit to crash the browser or, more seriously, execute arbitrary code on the affected system.

The flaw was discovered and reported by Google’s Threat Analysis Group (TAG) on September 16, 2025. While Google has not disclosed technical details about the specific attacks or the threat actors involved, this is standard practice to prevent broader exploitation before users have a chance to apply the necessary patches.

This is the sixth actively exploited Chrome zero-day vulnerability in 2025, highlighting a persistent trend of attackers targeting browser vulnerabilities . In 2025, Google fixed several actively exploited zero-day vulnerabilities in its Chrome web browser. These flaws required urgent updates to protect users from potential attacks.

While this directive is mandatory for federal agencies, CISA strongly urges all organizations and individuals to prioritize patching their systems to defend against potential attacks. Users can initiate the update by going to the Chrome menu, selecting “Help,” and then “About Google Chrome,” which will initiate an automatic check and install the latest version.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to install security updates from their respective providers as soon as they become available.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli