Google has released an emergency security patch for Chrome to address a high-severity zero-day vulnerability, marking the sixth one fixed this year. As reported by Tom’s Guide, the flaw, tracked as CVE-2025-10585, is already being actively exploited in the wild. It stems from a “type confusion” weakness in Chrome’s V8 JavaScript engine and could allow attackers to compromise your system just by luring you to a malicious website.
Because it’s a public exploit, Google has withheld further technical details until most users receive the fix. However, the company confirmed that the flaw was discovered by its Threat Analysis Group on September 16, and a patch was released just one day later, highlighting both the urgency and the risk.
Why This Matters for Cord-Cutters
If you stream Netflix, YouTube TV, Sling, or other services directly through Chrome, this update is especially important. A compromised browser can expose your accounts, passwords, and personal data. It could even affect connected devices if you’re using your laptop or desktop to control your streaming setup.
Cord-cutters often rely on browsers for accessing smart TV dashboards, adjusting Wi-Fi streaming settings, and even controlling apps like Pluto TV or Samsung TV Plus. A vulnerability like this puts all of that at risk.
How to Update Chrome
To manually update your Chrome browser:
- Click the three vertical dots in the top-right corner
- Go to Settings > About Chrome
- Chrome will automatically check for updates and install them
- Relaunch the browser to complete the update
This patch brings Chrome to version 140.0.7339.185/.186 on Windows and macOS, and 140.0.7339.185 on Linux.
As Tom’s Guide explains, even if Chrome updates automatically, you could miss the patch if you keep your browser open for long periods. It’s best to check manually.
Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to watch for updates, as they may share the same vulnerability.