Patch now! Attackers exploit Chrome security vulnerability in JavaScript engine
The developers have fixed several vulnerabilities in the current version of the Chrome web browser. Attacks are already occurring.
(Image: 2lttgamingroom/Shutterstock.com)
Google Chrome is vulnerable, and attackers are currently exploiting a security vulnerability. If you use this browser, you should ensure that you have the latest version installed.
Update now!
In a warning message, the developers explain that they have closed a total of four software vulnerabilities with a "high" threat level. In three cases (CVE-2025-10500, CVE-2025-10501, CVE-2025-10502), attackers can provoke memory errors in order to push malicious code onto systems.
Attackers are currently targeting one vulnerability (CVE-2025-10585). According to the brief description, this is a type confusion vulnerability in the JavaScript engine V8. How such an attack is carried out and what the effects of a successful attack are is currently unclear. In such attacks, attackers usually manipulate certain parameters to trigger errors. This then allows them to bypass access restrictions, among other things. Google is not currently specifying the extent of the attacks.
Videos by heise
The developers assure that they have resolved the security issues described in Chrome versions 140.0.7339.185/.186 for Linux, macOS, and Windows. In Windows, for example, you can check the installed version under "Help," "About Google Chrome." The web browser typically updates automatically. If this is not the case, you can trigger the update manually in the menu.
(des)
