CVE-2025-10585 is a type confusion vulnerability in Chrome's V8 engine that allows remote code execution via crafted HTML pages. While actively exploited as a zero-day, it requires user interaction to visit malicious websites, making it a client-side attack rather than direct server exploitation.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2025-09-24
Added to CISA KEV: 2025-09-23 0 DAY BETWEEN CVE AND KEV
CVE-2025-10585 is the sixth zero-day vulnerability in Chrome that has been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year."This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site, including accounts used to administer the site, if the attacker knows, or can find, the associated email address," Wordfence said. The plugin is installed on more than 12,000 websites. A patch for the flaw was released on August 13, 2025, with exploitation activity beginning on August 22.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
The issue tracked as CVE-2025-10585 is a high-severity type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine that lets ...
CVE-2025-10585. Google Chromium V8 Type Confusion Vulnerability: Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly ...
CVE-2025-10585 is a type confusion vulnerability discovered in Google Chrome's V8 JavaScript and WebAssembly engine.