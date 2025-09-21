Google and WatchGuard have issued urgent security patches to address critical vulnerabilities. Google's Chrome browser is patched to fix an actively exploited zero-day, while WatchGuard addresses a remote code execution bug in its Firebox firewalls. Users are urged to update immediately to protect against potential exploitation. Other issues from Firefox and Samsung also arise.

In a swift response to an active exploitation, Google has issued an emergency patch for a critical vulnerability within its Chrome web browser. This high-severity flaw, identified as CVE-2025-10585, necessitates immediate action from users to ensure their browsing experience remains secure. The vulnerability resides within the V8 JavaScript and WebAssembly engine, specifically classified as a type confusion error.

This type of flaw arises when the engine incorrectly interprets a block of memory, leading to a potential cascade of consequences. Exploitation of this vulnerability could manifest as system crashes, the execution of arbitrary code, or, when coupled with other vulnerabilities, a complete system compromise orchestrated through a malicious HTML page. Users are strongly advised to update their Chrome browsers to the latest versions, specifically 140.0.7339.185/.186 for Windows and macOS, and 140.0.7339.185 for Linux, to mitigate the risk posed by this actively exploited zero-day flaw. Chrome typically updates automatically, however a restart is often required to fully implement the patch. To force an immediate update, users can navigate to chrome://settings/help within the browser and relaunch Chrome if an update is available. This proactive measure is essential to safeguard against potential cyber threats. Furthermore, the discovery and reporting of the vulnerability were handled by Google's Threat Analysis Group (TAG). While specific details regarding the entities exploiting this vulnerability remain undisclosed, the potential impact underscores the severity of the situation. This is a stark reminder to the importance of updating to the latest version of Chrome.\Concurrently, WatchGuard has released an update to address a critical remote code execution (RCE) bug, designated as CVE-2025-9242, affecting its Firebox firewalls. This vulnerability, stemming from an out-of-bounds write flaw, poses a significant security risk to both mobile user VPNs employing IKEv2 and branch office VPNs utilizing IKEv2 with a dynamic gateway peer configuration. The vendor's advisory emphasizes the widespread impact of this vulnerability, affecting various Fireware OS versions including 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1. The remedy is provided within versions 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1. The patch addresses the vulnerabilities that could potentially allow attackers to gain unauthorized access and execute malicious code remotely. The immediate application of this update is crucial to prevent exploitation of this critical security flaw and to maintain the integrity of the affected firewalls and the networks they protect. The potential consequences of this exploit include unauthorized data access, system compromise, and disruption of critical network services. This highlights the importance of proactive security measures and prompt patching of critical vulnerabilities within network infrastructure.\Additional security concerns have emerged with the identification of other high-severity Chrome issues. A related issue has been identified in Firefox, which shares the same V8 JavaScript engine with Chrome. This bug could be exploited by a remote attacker to potentially bypass security policies, potentially allowing for unauthorized code execution. Furthermore, there are a couple of additional vulnerabilities. The first is an out-of-bounds read and write vulnerability in the V8 JavaScript engine that could allow a remote attacker to corrupt memory and potentially hijack execution. This could lead to the exposure of sensitive data or the execution of arbitrary code. The second issue, arising from inadequate validation of untrusted input in ANGLE and GPU, could provide a means for a remote attacker to escape the sandbox using an HTML page. Alongside the Chrome and WatchGuard updates, there is the confirmation from Samsung regarding the fixes of an Android 0-day that may have been used to spy on WhatsApp messages. Simultaneously, Apple has been working on an 0-day issue used in spy attacks that is affecting devices as old as iPhone 8. Finally, the Social Security Administration is denying a data leak and DOGE is making questions about a copy of the data





