News

Update Chrome now: Google patches new zero-day threat

NEWYou can now listen to Fox News articles!

Google has released an urgent update for its Chrome browser to fix a newly discovered zero-day security flaw that hackers are already exploiting. This is the sixth zero-day Chrome has faced this year, highlighting just how quickly attackers move to take advantage of these hidden weaknesses. 

Because zero-day threats strike before developers can patch them, your personal data and browsing activity could be at risk if you don’t update right away. If you use Chrome, now is the time to upgrade.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

A critical flaw in Chrome’s V8 engine

The newly patched vulnerability, tracked as CVE-2025-10585, stems from a type confusion weakness in Chrome’s V8 JavaScript engine. Google’s Threat Analysis Group (TAG) discovered and reported the bug on Tuesday, and the company shipped a fix the following day, Bleeping Computer reported.

Google confirmed that the flaw was being exploited in the wild, though it did not share technical details or name the groups behind the attacks. TAG has a history of uncovering zero-days tied to government-sponsored spyware campaigns aimed at high-risk individuals such as opposition leaders, journalists and dissidents.

The fix was delivered through Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux. These updates will gradually reach all users in the Stable Desktop channel over the coming weeks.

While Chrome typically updates automatically, you can apply the patch immediately by navigating to the ‘About Google Chrome’ section. Google stated that it is withholding full technical details until most users have installed the update, a precaution meant to prevent attackers from exploiting lagging systems.

GOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED

flash drive hacker 3

A growing list of zero-day attacks in 2025

This marks the sixth zero-day flaw patched in Chrome this year. In March, Google addressed CVE-2025-2783, a sandbox escape bug exploited in espionage attacks against Russian organizations. In May, it pushed emergency updates for CVE-2025-4664, which let attackers hijack user accounts.

Then in June, another flaw in the V8 engine, CVE-2025-5419, was patched after being spotted by TAG. July saw the release of a fix for CVE-2025-6558, which allowed attackers to bypass Chrome’s sandbox protection. With this latest patch, Google continues a busy year of racing to secure its browser against rapidly emerging threats. 

How to update Google Chrome on a desktop

Updating Chrome only takes a minute, whether you’re on Mac or Windows. Here are the steps.

  • Open Chrome.
  • Click the three dots in the top-right corner.
  • Go to HelpAbout Google Chrome.
  • Wait while Chrome checks for updates.
  • Click Relaunch when the update finishes.

How to update Chrome on iPhone

  • Open the App Store on your iPhone.
  • Tap your profile icon in the top-right corner.
  • Scroll down to see pending updates.
  • Find Google Chrome in the list.
  • Tap Update next to it (or Update All if you want to update everything).

How to update Chrome on Android

Settings may vary depending on your Android phone’s manufacturer. 

  • Open the Google Play Store on your Android device.
  • Tap your profile icon in the top-right corner.
  • Select Manage apps & device.
  • Under “Updates available,” look for Google Chrome.

Tap Update to install the latest version.

New CISA warning: Thanksgiving clickjacking threat in popular browsers

5 ways to stay safe from Chrome zero-day attacks

Updating Chrome is essential, but there are additional steps you can take to stay safe from attacks.

1) Be cautious with links and downloads and use strong antivirus software

Many zero-day attacks are delivered through malicious websites or email attachments. Avoid clicking unknown links or downloading files from unverified sources, especially if they prompt you to disable security settings. Also, use strong antivirus software to add another layer of defense to detect malicious code that tries to run through compromised browsers. A strong antivirus can spot suspicious activity before it takes hold. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech 

2) Enable two-factor authentication (2FA)

Even if attackers manage to steal your login details through a browser exploit, 2FA makes it much harder for them to break into your accounts. Use an authenticator app instead of SMS when possible for stronger protection. 

3) Rely on a password manager

If attackers exploit the browser to steal login data, a password manager keeps your credentials safe and helps generate unique, complex passwords. Even if one account is targeted, it prevents a domino effect across your logins.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

4) Limit browser extensions

Some extensions can be abused to make attacks worse. Stick to extensions from trusted developers, review permissions carefully and uninstall anything you no longer need.

5) Keep your operating system updated

Chrome updates are critical, but attackers can also exploit holes in Windows, macOS, Android or iOS. Regular OS updates patch vulnerabilities across the system, reducing the chances of a browser exploit spreading further. 

Kurt’s key takeaway

The fact that Chrome has already faced six zero-day attacks this year shows how relentless attackers are and how even the most popular software can have serious gaps. These flaws are not just bugs, but opportunities for hackers to exploit millions of users before fixes roll out. The pattern also highlights the growing sophistication of threat actors, including state-backed groups targeting high-risk individuals. No browser is completely safe, and the battle to secure widely used software is ongoing and far from over.

Do you think Google is reacting fast enough to keep your data secure? Let us know in the comments below. Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com.  All rights reserved.

Read the full article here

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button