๐ŸŸข CVE-2025-10585

CVE-2025-10585 is a type confusion vulnerability in Chrome's V8 engine that allows remote code execution via crafted HTML pages. While actively exploited as a zero-day, it requires user interaction to visit malicious websites, making it a client-side attack rather than direct server exploitation.

โ† Back to Overview
LOW_RISK
Risk Level
Not provided in CIRCL data
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1189 โ€” Drive-by Compromise
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-09-24

Added to CISA KEV: 2025-09-23 0 DAY BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2025-09-25)

CVE-2025-10585 is a high-severity type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine [3][5].

Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects internet-facing applications and services through the Chrome browser [1].
  • Active exploitation: There is evidence of active exploitation of this vulnerability as a zero-day [2].
  • Attack vectors and exploitation methods: Exploitation methods involve leveraging the type confusion to gain unauthorized access [1][2]. An unauthenticated attacker could potentially gain access to any account on a site if they know or can find the associated email address [1].
  • Targeted attacks: It is the sixth zero-day vulnerability in Chrome that has been actively exploited or demonstrated as a proof-of-concept in 2025 [6][1].
  • CISA Known Exploited Vulnerabilities status: CVE-2025-10585 has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [2][4].
  • Technical details about internet exploitability: The vulnerability is a type confusion issue in the V8 JavaScript and WebAssembly engine [3][5].

Sources

  1. Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm...

    CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year."This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site, including accounโ€ฆ

  2. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  3. CVE-2025-10585 Vulnerability: A New Zero-Day Exploit in ...

    The issue tracked as CVE-2025-10585 is a high-severity type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine that lets ...

  4. Known Exploited Vulnerabilities Catalog

    CVE-2025-10585. Google Chromium V8 Type Confusion Vulnerability: Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly ...

  5. CVE-2025-10585 Impact, Exploitability, and Mitigation Steps | Wiz

    CVE-2025-10585 is a type confusion vulnerability discovered in Google Chrome's V8 JavaScript and WebAssembly engine.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed