CVE-2025-10585 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Chrome	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Vendor	Product	Version
google	chrome	𝑥 < 140.0.7339.185

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	vulnerable
bullseye	vulnerable
bookworm	vulnerable
bookworm (security)	143.0.7499.109-1~deb12u1 fixed
trixie	142.0.7444.134-1~deb13u1 fixed
trixie (security)	143.0.7499.109-1~deb13u1 fixed
forky	143.0.7499.109-1 fixed
sid	143.0.7499.109-1 fixed

Common Weakness Enumeration

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Vulnerability Media Exposure

[ENGLISH] Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and
Published: 2025-12-11T12:39:00+05:30

References

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

https://issues.chromium.org/issues/445380761

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585