cvelistv5 - cve-2025-10585

CVE-2025-10585 (GCVE-0-2025-10585)

Vulnerability from cvelistv5

Published

2025-09-24 16:17

Modified

2025-10-21 22:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-843 - Type Confusion

Summary

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

URL

Tags

chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://issues.chromium.org/issues/445380761	Issue Tracking, Permissions Required
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585

Impacted products

	Vendor	Product	Version
	Google	Chrome	Version: 140.0.7339.185 < 140.0.7339.185

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-09-23

Due date: 2025-10-14

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-10585

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10585",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-25T03:55:48.690305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-09-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:45:17.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-09-23T00:00:00+00:00",
            "value": "CVE-2025-10585 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "140.0.7339.185",
              "status": "affected",
              "version": "140.0.7339.185",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "Type Confusion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T16:17:11.576Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
        },
        {
          "url": "https://issues.chromium.org/issues/445380761"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2025-10585",
    "datePublished": "2025-09-24T16:17:11.576Z",
    "dateReserved": "2025-09-16T21:03:35.556Z",
    "dateUpdated": "2025-10-21T22:45:17.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-10585",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2025-09-23",
      "dueDate": "2025-10-14",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-10585",
      "product": "Chromium V8",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-10585\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2025-09-24T17:15:39.473\",\"lastModified\":\"2025-10-21T23:16:45.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-09-23\",\"cisaActionDue\":\"2025-10-14\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium V8 Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"chrome-cve-admin@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"140.0.7339.185\",\"matchCriteriaId\":\"7857C78B-3F28-4180-AE76-ABF96A380265\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://issues.chromium.org/issues/445380761\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10585\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-25T03:55:48.690305Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-09-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-09-23T00:00:00+00:00\", \"value\": \"CVE-2025-10585 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-24T16:54:29.703Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"140.0.7339.185\", \"lessThan\": \"140.0.7339.185\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html\"}, {\"url\": \"https://issues.chromium.org/issues/445380761\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-843\", \"description\": \"Type Confusion\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2025-09-24T16:17:11.576Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-10585\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:45:17.692Z\", \"dateReserved\": \"2025-09-16T21:03:35.556Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2025-09-24T16:17:11.576Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0856

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions postérieures ou égales à 139.18.2.139 et antérieures à 141.6.4.55
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.8
Palo Alto Networks	PAN-OS	PAN-OS versions 11.1.x antérieures à 11.1.12
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.17

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2025-4614	2025-10-08	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2025-0016	2025-10-08	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2025-4615	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Browser versions post\u00e9rieures ou \u00e9gales \u00e0 139.18.2.139 et ant\u00e9rieures \u00e0 141.6.4.55",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4614"
    },
    {
      "name": "CVE-2025-10501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10501"
    },
    {
      "name": "CVE-2025-10201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10201"
    },
    {
      "name": "CVE-2025-9865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9865"
    },
    {
      "name": "CVE-2025-9867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9867"
    },
    {
      "name": "CVE-2025-10892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10892"
    },
    {
      "name": "CVE-2025-10200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10200"
    },
    {
      "name": "CVE-2025-10500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10500"
    },
    {
      "name": "CVE-2025-10891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10891"
    },
    {
      "name": "CVE-2025-10502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10502"
    },
    {
      "name": "CVE-2025-9866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9866"
    },
    {
      "name": "CVE-2025-9478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9478"
    },
    {
      "name": "CVE-2025-9864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9864"
    },
    {
      "name": "CVE-2025-10890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10890"
    },
    {
      "name": "CVE-2025-9132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
    },
    {
      "name": "CVE-2025-10585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"
    },
    {
      "name": "CVE-2025-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4615"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0856",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4614",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4614"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0016",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0016"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4615",
      "url": "https://security.paloaltonetworks.com/CVE-2025-4615"
    }
  ]
}

CERTFR-2025-AVI-0809

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Microsoft indique que la vulnérabilité CVE-2025-10585 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 140.0.3485.81

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge CVE-2025-10502	2025-09-19	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2025-10500	2025-09-19	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2025-10501	2025-09-19	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2025-10585	2025-09-19	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 140.0.3485.81",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-10501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10501"
    },
    {
      "name": "CVE-2025-10500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10500"
    },
    {
      "name": "CVE-2025-10502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10502"
    },
    {
      "name": "CVE-2025-10585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"
    }
  ],
  "initial_release_date": "2025-09-22T00:00:00",
  "last_revision_date": "2025-09-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0809",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2025-10585 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": "2025-09-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502"
    },
    {
      "published_at": "2025-09-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10500",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500"
    },
    {
      "published_at": "2025-09-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10501",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501"
    },
    {
      "published_at": "2025-09-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10585",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585"
    }
  ]
}

CERTFR-2025-AVI-0802

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Google indique que la vulnérabilité CVE-2025-10585 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Google	Chrome	Chrome versions antérieures à 140.0.7339.185/.186 pour Windows et Mac
	Google	Chrome	Chrome versions antérieures à 140.0.7339.185 pour Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome

2025-09-17

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 140.0.7339.185/.186 pour Windows et Mac",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 140.0.7339.185 pour Linux",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-10501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10501"
    },
    {
      "name": "CVE-2025-10500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10500"
    },
    {
      "name": "CVE-2025-10502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10502"
    },
    {
      "name": "CVE-2025-10585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"
    }
  ],
  "initial_release_date": "2025-09-18T00:00:00",
  "last_revision_date": "2025-09-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0802",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2025-10585 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": "2025-09-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
      "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
    }
  ]
}

fkie_cve-2025-10585

Vulnerability from fkie_nvd

Published

2025-09-24 17:15

Modified

2025-10-21 23:16

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://issues.chromium.org/issues/445380761	Issue Tracking, Permissions Required
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585

Impacted products

Vendor	Product	Version
google	chrome	*
apple	macos	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "cisaActionDue": "2025-10-14",
  "cisaExploitAdd": "2025-09-23",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7857C78B-3F28-4180-AE76-ABF96A380265",
              "versionEndExcluding": "140.0.7339.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
    }
  ],
  "id": "CVE-2025-10585",
  "lastModified": "2025-10-21T23:16:45.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-24T17:15:39.473",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://issues.chromium.org/issues/445380761"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "chrome-cve-admin@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ghsa-hmrc-68hp-82x6

Vulnerability from github

Published

2025-09-24 18:30

Modified

2025-10-22 00:33

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-10585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-24T17:15:39Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-hmrc-68hp-82x6",
  "modified": "2025-10-22T00:33:20Z",
  "published": "2025-09-24T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10585"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/445380761"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

opensuse-su-2025:15578-1

Vulnerability from csaf_opensuse

Published

2025-09-26 00:00

Modified

2025-09-26 00:00

Summary

chromedriver-140.0.7339.207-1.1 on GA media

Notes

Title of the patch

chromedriver-140.0.7339.207-1.1 on GA media

Description of the patch

These are all security issues fixed in the chromedriver-140.0.7339.207-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15578

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "chromedriver-140.0.7339.207-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the chromedriver-140.0.7339.207-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15578",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15578-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10500 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10500/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10501 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10501/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10502 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10502/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10585 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10585/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10890 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10891 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10891/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-10892 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-10892/"
      }
    ],
    "title": "chromedriver-140.0.7339.207-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-09-26T00:00:00Z",
      "generator": {
        "date": "2025-09-26T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15578-1",
      "initial_release_date": "2025-09-26T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-09-26T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-140.0.7339.207-1.1.aarch64",
                "product": {
                  "name": "chromedriver-140.0.7339.207-1.1.aarch64",
                  "product_id": "chromedriver-140.0.7339.207-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-140.0.7339.207-1.1.aarch64",
                "product": {
                  "name": "chromium-140.0.7339.207-1.1.aarch64",
                  "product_id": "chromium-140.0.7339.207-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-140.0.7339.207-1.1.ppc64le",
                "product": {
                  "name": "chromedriver-140.0.7339.207-1.1.ppc64le",
                  "product_id": "chromedriver-140.0.7339.207-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-140.0.7339.207-1.1.ppc64le",
                "product": {
                  "name": "chromium-140.0.7339.207-1.1.ppc64le",
                  "product_id": "chromium-140.0.7339.207-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-140.0.7339.207-1.1.s390x",
                "product": {
                  "name": "chromedriver-140.0.7339.207-1.1.s390x",
                  "product_id": "chromedriver-140.0.7339.207-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-140.0.7339.207-1.1.s390x",
                "product": {
                  "name": "chromium-140.0.7339.207-1.1.s390x",
                  "product_id": "chromium-140.0.7339.207-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromedriver-140.0.7339.207-1.1.x86_64",
                "product": {
                  "name": "chromedriver-140.0.7339.207-1.1.x86_64",
                  "product_id": "chromedriver-140.0.7339.207-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "chromium-140.0.7339.207-1.1.x86_64",
                "product": {
                  "name": "chromium-140.0.7339.207-1.1.x86_64",
                  "product_id": "chromium-140.0.7339.207-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-140.0.7339.207-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64"
        },
        "product_reference": "chromedriver-140.0.7339.207-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-140.0.7339.207-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le"
        },
        "product_reference": "chromedriver-140.0.7339.207-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-140.0.7339.207-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x"
        },
        "product_reference": "chromedriver-140.0.7339.207-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromedriver-140.0.7339.207-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64"
        },
        "product_reference": "chromedriver-140.0.7339.207-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-140.0.7339.207-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64"
        },
        "product_reference": "chromium-140.0.7339.207-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-140.0.7339.207-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le"
        },
        "product_reference": "chromium-140.0.7339.207-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-140.0.7339.207-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x"
        },
        "product_reference": "chromium-140.0.7339.207-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-140.0.7339.207-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        },
        "product_reference": "chromium-140.0.7339.207-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10500",
          "url": "https://www.suse.com/security/cve/CVE-2025-10500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249999 for CVE-2025-10500",
          "url": "https://bugzilla.suse.com/1249999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10500"
    },
    {
      "cve": "CVE-2025-10501",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10501"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10501",
          "url": "https://www.suse.com/security/cve/CVE-2025-10501"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249999 for CVE-2025-10501",
          "url": "https://bugzilla.suse.com/1249999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10501"
    },
    {
      "cve": "CVE-2025-10502",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10502"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10502",
          "url": "https://www.suse.com/security/cve/CVE-2025-10502"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249999 for CVE-2025-10502",
          "url": "https://bugzilla.suse.com/1249999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10502"
    },
    {
      "cve": "CVE-2025-10585",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10585"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10585",
          "url": "https://www.suse.com/security/cve/CVE-2025-10585"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249999 for CVE-2025-10585",
          "url": "https://bugzilla.suse.com/1249999"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-10585"
    },
    {
      "cve": "CVE-2025-10890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10890",
          "url": "https://www.suse.com/security/cve/CVE-2025-10890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250472 for CVE-2025-10890",
          "url": "https://bugzilla.suse.com/1250472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-10890"
    },
    {
      "cve": "CVE-2025-10891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10891",
          "url": "https://www.suse.com/security/cve/CVE-2025-10891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250472 for CVE-2025-10891",
          "url": "https://bugzilla.suse.com/1250472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-10891"
    },
    {
      "cve": "CVE-2025-10892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-10892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
          "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-10892",
          "url": "https://www.suse.com/security/cve/CVE-2025-10892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250472 for CVE-2025-10892",
          "url": "https://bugzilla.suse.com/1250472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromedriver-140.0.7339.207-1.1.x86_64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.aarch64",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.ppc64le",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.s390x",
            "openSUSE Tumbleweed:chromium-140.0.7339.207-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-26T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-10892"
    }
  ]
}

cnvd-2025-22927

Vulnerability from cnvd

Title

Google Chrome V8类型混淆漏洞

Description

Google Chrome是由Google开发的网页浏览器，以快速、安全和个性化著称，支持多设备同步及智能工具集成。 Google Chrome存在类型混淆漏洞，该漏洞源于V8中类型混淆，攻击者可利用该漏洞通过特制HTML页面触发堆损坏。

Severity

高

Patch Name

Google Chrome V8类型混淆漏洞的补丁

Patch Description

Google Chrome是由Google开发的网页浏览器，以快速、安全和个性化著称，支持多设备同步及智能工具集成。 Google Chrome存在类型混淆漏洞，该漏洞源于V8中类型混淆，攻击者可利用该漏洞通过特制HTML页面触发堆损坏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-10585

Impacted products

Name
Google Chrome <140.0.7339.185

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-10585",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-10585"
    }
  },
  "description": "Google Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4ee5\u5feb\u901f\u3001\u5b89\u5168\u548c\u4e2a\u6027\u5316\u8457\u79f0\uff0c\u652f\u6301\u591a\u8bbe\u5907\u540c\u6b65\u53ca\u667a\u80fd\u5de5\u5177\u96c6\u6210\u3002\n\nGoogle Chrome\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eV8\u4e2d\u7c7b\u578b\u6df7\u6dc6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236HTML\u9875\u9762\u89e6\u53d1\u5806\u635f\u574f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-22927",
  "openTime": "2025-09-28",
  "patchDescription": "Google Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u7f51\u9875\u6d4f\u89c8\u5668\uff0c\u4ee5\u5feb\u901f\u3001\u5b89\u5168\u548c\u4e2a\u6027\u5316\u8457\u79f0\uff0c\u652f\u6301\u591a\u8bbe\u5907\u540c\u6b65\u53ca\u667a\u80fd\u5de5\u5177\u96c6\u6210\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eV8\u4e2d\u7c7b\u578b\u6df7\u6dc6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236HTML\u9875\u9762\u89e6\u53d1\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome V8\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c140.0.7339.185"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-10585",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-24",
  "title": "Google Chrome V8\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-10585 (GCVE-0-2025-10585)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2025-AVI-0856

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0809

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0802

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-10585

Vulnerability from fkie_nvd

ghsa-hmrc-68hp-82x6

Vulnerability from github

opensuse-su-2025:15578-1

Vulnerability from csaf_opensuse

cnvd-2025-22927

Vulnerability from cnvd

Tags

Sightings

Nomenclature