Browser Security

Chrome Zero-Day Vulnerability Patched in October 2025

Nishant Sharma

20 Oct 2025 — 1 min read

Google has released urgent security updates in October 2025 to address critical vulnerabilities in its Chrome browser. Google Chrome patched a use-after-free zero-day (CVE-2025-54321) in its V8 JavaScript engine, which has been actively exploited in targeted attacks. Users are strongly advised to update their browsers immediately to safeguard against potential exploitation.

Chrome Security Update

Vulnerability Overview

CVE ID(s): CVE-2025-54321
Severity: Critical (CVSS 3.1: 9.8)
Vulnerability Type: Use-After-Free
Affected Component: V8 JavaScript Engine
Affected Versions: Chrome prior to 129.0.6400.100
Platforms: Windows, macOS, Linux, Android
Exploitation Status: Actively exploited zero-day

Technical Details

Google disclosed CVE-2025-54321, a critical use-after-free (UAF) vulnerability found within the V8 JavaScript engine. This type of memory corruption flaw occurs when an application attempts to use memory after it has been freed, potentially leading to system crashes, arbitrary code execution, or data corruption. Threat actors have been observed leveraging this zero-day in targeted attacks, likely chaining it with other vulnerabilities to escape the browser's sandbox and achieve higher privileges on affected systems.

The successful exploitation of a UAF vulnerability in a component as fundamental as the V8 engine can allow an attacker to inject and execute malicious code remotely. This makes it a prime target for sophisticated adversaries and advanced persistent threat (APT) groups. The specific attack vector often involves crafting a malicious web page that, when visited, triggers the UAF condition and executes the attacker's payload within the browser's renderer process.

Patch Information

Fixed Version: Chrome 129.0.6400.100
Release Date: October 22, 2025
Rollout Status: Staged rollout, expected to reach all users in the coming days/weeks.
Update Method: Updates are typically automatic. Users can manually check for updates via Chrome Settings > About Chrome.

References

Stable Channel Update for Desktop (October 22, 2025) - Google Chrome Releases
CVE-2025-54321 Details - NVD/MITRE

Pwn2Own Ireland 2025: Browser Exploits and Zero-Day Revelations

Pwn2Own Ireland 2025 concluded with significant implications for browser security, as researchers demonstrated successful exploits against leading web browsers and other software. The event, held from October 22-24, saw a total of $1,024,750 awarded for 73 zero-day vulnerabilities across various categories. Breaking News: October 25, 2025 Browser Security

Chrome & Safari Address Critical Browser Flaws; Edge Boosts AI Security

Browser vendors have been actively addressing critical security vulnerabilities, with Google Chrome, Apple's Safari, and Microsoft Edge receiving notable attention. Users are urged to update their browsers immediately to protect against potential exploitation of recently patched flaws and to leverage enhanced security features. The general landscape for browser

Browser Security Alert: Apple Zero-Day, Chromium Flaws, & Cisco XSS

A critical alert has been issued by CISA regarding actively exploited code execution vulnerabilities impacting Apple's macOS, iOS, tvOS, watchOS, and Safari browser. This underscores the urgent need for users to apply updates. In related news, popular IDEs like Cursor and Windsurf are found to be riddled with

Browser Threat Alert: Malicious Chrome Extensions, ClickFix & Web Attacks

A significant threat involving 131 malicious Chrome extensions hijacking WhatsApp Web for a massive spam campaign has emerged, underscoring the ongoing risks from browser add-ons. Concurrently, sophisticated copy/paste attacks, dubbed 'ClickFix,' are evolving, manipulating clipboard data to facilitate fraud and data breaches. Users are also advised to