Update now: Google patches another Chrome zero-day

Chrome users, you know the drill. Yet another zero-day exploit for Google’s browser giant has been patched, and you need to go update your browser now. Google said the latest zero-day — the sixth announced and patched so far in 2025 — has an active exploit “in the wild,” though it’s not clear if it’s being used widely. The vulnerability is public knowledge and therefore critical.

Google has labeled the issue CVE-2025-10585, and pushed out a fix to the stable desktop builds (Windows, Mac, Linux) just two days after it was reported to the Threat Analysis Group. As Bleeping Computer reports, the issue stems from a type confusion issue in the JavaScript engine. This kind of vulnerability has been exploited multiple times before for Chrome and other browsers. Three other high-level vulnerabilities, two of which were discovered by independent researchers and were rewarded with bug bounties, have also been patched.

Chrome users on all desktop browsers should be getting an automated update alert today, possibly before you clicked on this story. Don’t let it sit around.