Emergency patch for Chrome 0-day \ stacker news ~security

pull down to refresh

Emergency patch for Chrome 0-day www.theregister.com/2025/09/18/google_emergency_patch_chrome_0_day/?td=rt-3a

503 sats \ 7 comments \ @f0ab561d9c 21 Sep security

"CVE-2025-10585, is a type confusion flaw in the V8 JavaScript and WebAssembly engine. [] can lead to system crashes, arbitrary code execution, and when chained with other bugs, potentially a full system compromise via a malicious HTML page." "it's likely that this CVE was abused as a zero-day to steal sensitive information and snoop on high-value targets."

view all related items

220 sats \ 1 reply \ @petertodd 21 Sep

This is why I use Qubes on all my laptops and desktops. Qubes basically let's you do everything in separated VMs. So I do all my web browsing in disposable VMs, completely separate from the VMs I use to write and maintain code.

https://www.qubes-os.org/

10 sats \ 0 replies \ @ek 21 Sep

wow, they say it's also what Snowden uses

not sure if (still) true though

0 sats \ 4 replies \ @d680ecaa8e 21 Sep

I am more familiar with Brave Browser.

10 sats \ 3 replies \ @ken 21 Sep

Don't worry, the Brave team doesn't include 0-days in their code. It would be too much of a vulnerability.

102 sats \ 2 replies \ @optimism 21 Sep

Brave patched in chromium .186 same day as Google did, into Brave 1.82.170 - same risk profile as Chrome.

100 sats \ 1 reply \ @ek 21 Sep

I bet it was sarcasm

50 sats \ 0 replies \ @optimism 21 Sep

Me too but still lol