Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
The type confusion error (CWE-843) occurs when the V8 engine incorrectly interprets the type of an object in memory, treating it as a different type than what was actually allocated. An attacker can exploit this by delivering a specially crafted HTML page to the victim, whose processing by V8 leads to heap corruption. It is sufficient for the user to visit the malicious page — no additional interaction or special privileges are required.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the browser process, which could consequently lead to takeover of the victim's system, disclosure of sensitive data, or compromise of system integrity.
Google Chrome must be immediately updated to version 140.0.7339.185 or later. The update is available through the built-in Chrome update mechanism and on the vendor's website (https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html).
Google Chrome in all versions prior to 140.0.7339.185, running on Microsoft Windows, Linux, and Apple macOS systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple macOS
OSApplewszystkie wersjeGoogle Chrome
APPGoogle< 140.0.7339.185Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Google ↗
- Producti
- Chromium V8
- Added to KEVi
- September 23, 2025
- Remediation deadline (US Federal)i
- October 14, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio