CVE-2025-10585
CVE-2025-10585
In short
A flaw in Chrome's V8 engine allows attackers to confuse data types in memory, potentially causing heap corruption through a malicious webpage. This could lead to crashes or unauthorized code execution on your computer.
Technical detail
Type confusion vulnerability in V8 engine permits remote code execution via crafted HTML pages exploiting improper type checking in memory management. Successful exploitation requires user interaction (visiting malicious site) and results in heap corruption with potential arbitrary code execution in browser context.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/AdityaBhatt3010/CVE-2025-10585-The-Chrome-V8-Zero-Day★ 13⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →