Article IT security and cybersecurity
Dawid Młynarski | 2025-10-07

Critical zero-day vulnerability in the Chromium engine (CVE-2025-10585) – how to protect yourself?

The Google Threat Analysis Group (TAG) discovered a zero-day vulnerability on September 16, 2025. This vulnerability exploits an attack vector known as "type confusion" in the V8 engine. Simply put, this bug causes the browser to confuse one type of data with another, allowing an attacker to execute arbitrary code. Google confirmed that the vulnerability had been exploited in cyberattacks against users of Chromium-based browsers and released a patch the next day, on September 17.

On September 16, 2025, the Google Threat Analysis Group (TAG) discovered a zero-day vulnerability. This vulnerability exploits an attack vector known as "type confusion" in the V8 engine. Simply put, this bug causes the browser to confuse one type of data with another, allowing attackers to execute arbitrary code. Google confirmed that the vulnerability was exploited in cyberattacks against users of Chromium-based browsers and released a patch the very next day – September 17.

The scale of the problem is alarming. This is the sixth zero-day vulnerability in Chrome in 2025 that has been actively exploited. This demonstrates the growing pressure on the ecosystem and the effectiveness of attackers in finding new exploitation vectors. It also exposes the problem of monopoly among the most popular browser engines. Chromium powers approximately 70% of all web browsers, meaning a single vulnerability could affect millions of users worldwide. Safari with WebKit (15% market share) and Firefox with Gecko (2.3% market share) remain the main alternatives to Google's dominance, but their combined share demonstrates the scale of risk concentration within a single source codebase.

Zero Day – When Time Is Against Us

A zero day is a vulnerability in software or hardware that is unknown to its manufacturer and users at that moment. The term "zero day" means that victims have zero days to react before the first attack. Attacks based on zero-day vulnerabilities are among the most dangerous because they are launched before the vulnerability becomes publicly known or before a patch or workaround is developed.

The Chromium Ecosystem – A Blessing or a Curse? 

Google Chrome and Chromium

Chromium is an open-source web browser project led by Google that forms the foundation for many commercial browsers. Google Chrome is based on Chromium, but adds features such as integration with Google services, automatic updates, and advanced synchronization features.

Microsoft Edge (post-2020), Opera, Brave, Vivaldi, Samsung Internet, and dozens of other browsers also operate on the same platform. Each vendor adds its own features – Edge integrates with Microsoft 365, Brave blocks ads by default, and Opera offers a built-in VPN.

Chromium Advantages

The common core of Chromium benefits the entire web system. Web developers can focus on optimizing for a single main engine (Blink), significantly simplifying the process of creating and testing web applications.

Chromium provides a stable platform with a modern web API, rapid security updates, and advanced features like Site Isolation and Process Sandboxing. This allows smaller companies to create competitive browsers without having to invest millions of dollars in developing their own rendering engine.

The Monocultural Threat

However, the dominance of a single solution carries significant systemic risk. With a global market share of up to 70%, a single critical vulnerability in Chromium could expose over 3.9 billion users to attack.

Additionally, Google, as the project's host, has de facto control over the direction of web technology development. Decisions on implementing new APIs, security standards, and deprecating older features impact the entire internet, raising concerns about excessive concentration of power in the hands of a single corporation.

How to protect yourself from browser attacks? 5 effective ways

  1. Enable automatic browser updates

The most reliable way to defend against attacks exploiting unpatched vulnerabilities is to install patches as soon as they become available. Ensure your browser automatically downloads and installs updates – until the patch is installed, you remain vulnerable. 

  1. Block unknown scripts and ads

Install extensions like uBlock Origin, NoScript, or similar script execution control solutions. These plugins allow you to block suspicious scripts, ads, and other website elements that could serve as threat vectors.

  1. Keep your security software up-to-date

Choose a reputable antivirus program or endpoint security suite with Exploit Prevention (HIPS) and real-time script monitoring features. This type of protection can detect and block unusual script behavior in the browser before malicious code is loaded.

  1. Follow safe browsing practices

Avoid opening links and attachments from unknown sources. Always verify that the URL begins with "https://" and check the website's certificate. Caution when browsing the internet shortens the list of potential attack vectors.

  1. Use multi-factor authentication

Introduce two-factor authentication (2FA) for online accounts. If malware is successful, an additional layer of authentication can prevent the takeover of your data and accounts.

Summary 

Web browsers are a very common attack vector due to the sheer volume of information transmitted through them. Completely preventing vulnerabilities is impossible. It's important to protect yourself against potential threats before they appear.

If you'd like to improve your company's cybersecurity but don't know where to start, contact us. We'll answer your questions and help you choose the best solutions for your organization's needs.

Dawid Młynarski - IT specialist
Related articles
Case study
| migrations and backups Case Study: Implementing Hardened Backup in Microsoft Azure. Read more
Article
| career Employee training and development in Support Online Read more
Article
| migrations and backups Veeam Hardened Repository – What is it and how does it protect backups against ransomware in 2026? Read more
Your IT.
our
support.
Contact us

The administrator of your personal data is Support Online sp. z o.o. Your personal data will be processed to respond to your inquiry and, if you consent, also to send the SOL newsletter. You can read about the detailed rules for personal data processing by our organization in our Privacy Policy.

FAQ
What does an IT company do? What IT solutions do we use at Support Online? When is it worth using an IT company? Why is it worth hiring an IT company rather than a freelance IT specialist? What are the advantages of working with IT Support Online?

An IT company, or IT firm, deals with information technology in a broad sense. This includes, among other things:

  1. Software design and development: An IT company can create custom applications for other companies or software products for the mass market. Depending on their specialization, these can include mobile applications, desktop applications, web applications, or embedded systems.
  2. Consulting services: An IT company often provides experts to advise on implementing new technologies, optimizing business processes, or selecting appropriate technological solutions.
  3. Cloud solutions: Many IT companies specialize in implementing and managing cloud solutions, such as data storage, application hosting, and data analysis platforms.
  4. IT security: Protection against cyberattacks, security audits, implementing security policies, and network monitoring are just some of the IT companies' responsibilities in this area.
  5. IT infrastructure management: In this area, a company may manage servers, databases, networks, and endpoints.
  6. Technical Support and Service: An IT company may provide support for its own products or general IT support for other companies, managing their technology on a daily basis.
  7. Training: Many IT providers also offer training in software use and secure technology use.
  8. Hardware Solutions: Some IT companies may also provide and configure computer, server, or network hardware.

Depending on their specialization and size, an IT company may offer one, several, or all of the above solutions. When choosing a provider, it's important to thoroughly understand their services and tailor them to your individual needs.

At Support Online, we have been supporting companies for years with

  1. comprehensive user support (both on-site and remotely),
  2. we service computers, phones, tablets, and related network issues,
  3. we specialize in server administration: Windows, Linux/Unix,
  4. we support virtualizers such as KVM, Hyper-V, VMWare, and Proxmox,
  5. we support cloud services, particularly solutions such as Azure, Microsoft 365, and AWS,
  6. we monitor servers and devices on the internet,
  7. we consult on development, DRP, and support the stability of your business in the IT layer.

If you're looking for a good IT company, Support Online is the right place to grow your business.

It's worth using an IT company like Support Online when:

  1. You plan to implement new technologies or software in your company.
  2. You need specialized technology consulting.
  3. You want to optimize existing IT processes.
  4. You struggle with digital security issues.
  5. You need support in managing your IT infrastructure.
  6. You lack internal resources or expertise to implement certain technology projects.

Using external IT experts can bring benefits in terms of saving time and resources, and ensuring high-quality solutions.

Hiring an IT company like Support Online offers several key benefits over an IT freelancer:

  1. Support from the entire team: An IT company has a full team of specialists, from DevOps specialists and Cyber ​​Security Specialists to IT Helpdesk Specialists, who possess diverse skills and experience, enabling faster problem resolution and the implementation of more complex projects.
  2. Reliability and stability: IT companies have an established reputation and track record, which can translate into greater reliability and stability of services.
  3. Maintenance and support: An IT company can offer service contracts, warranties, and after-sales support, which may be more difficult to obtain from an individual freelancer.
  4. Resources: Companies have access to more resources, tools, and technologies that can accelerate and improve project execution.
  5. Long-term availability: The risk of a freelancer disappearing or changing careers is greater than the risk of a well-established company going out of business.

However, it's worth noting that the choice between a company and a freelancer depends on your specific needs and situation. If you value peace of mind and a quick response to unexpected problems, it is worth choosing an IT company such as Support Online.

Partnering with IT Support Online offers the following advantages:

  1. Professional IT outsourcing: The company guarantees high-quality IT outsourcing services for businesses of all sizes.
  2. Comprehensive IT support: IT Support Online provides comprehensive IT support that meets the diverse needs of businesses.
  3. Saves time and money: With our support, clients can focus on their core business activities while reducing the costs associated with information technology management.
  4. Serving a diverse range of businesses: The company specializes in serving both small and medium-sized enterprises and large corporations, demonstrating its flexibility and ability to adapt to diverse client needs.
  5. Leadership in IT outsourcing: The company is recognized as a leader in IT outsourcing, particularly in the Poznań and Warsaw regions.

By partnering with our company, IT Support Online, businesses can count on a high standard of service and professionalism at every stage of the relationship.

Free consultation
22 335 28 00