Chrome exploit in V8 “type confusion” threatens crypto wallets and drives urgent updates

Exploit Details and Attack Campaigns

A critical zero-day vulnerability (CVE-2025-10585) in Google Chrome’s V8 JavaScript engine has been actively exploited to execute malicious code and drain cryptocurrency wallets. This type confusion flaw allows attackers to manipulate the engine into treating one data type as another, enabling arbitrary code execution when users visit malicious websites or use compromised browser extensions. The exploit facilitates wallet-draining campaigns, such as:

• GreedyBear: Malicious extensions stole over $1 million by hijacking browser sessions and redirecting users to fake pages.

• CLINKSINK: Siphoned approximately $4.4 million from 7,000 victims in early 2024 via phishing pages distributed through social channels like X (Twitter) and Discord.
  Attackers often use affiliate models, where affiliates receive ~80% of stolen funds, while operators retain ~20%. These campaigns leverage fake extensions and websites impersonating legitimate services (e.g., AI tools, VPNs, or crypto platforms) to trick users into approving malicious transactions.

Mitigation and Operational Implications

Immediate action is required to mitigate risks:

1. Update Chrome: Install patched versions (140.0.7339.185/.186 for Windows/Mac or 140.0.7339.185 for Linux) to resolve CVE-2025-10585.

2. Audit Extensions: Remove suspicious browser extensions (e.g., “Emoji keyboard,” “Free Weather Forecast,” or “Unlock Discord”) and avoid granting excessive permissions.

3. Enhance Security Practices: Use offline wallets for large holdings, enable 2FA, and employ Web3 security tools like Wallet Guard to detect phishing attempts.

4. Monitor Transactions: Revoke unused wallet permissions and cancel suspicious incomplete transactions.

For institutions and developers, this exploit underscores the need for stricter extension vetting, continuous monitoring, and user education to combat social engineering threats. The persistence of these attacks may slow adoption of web-based crypto solutions, favoring hardware wallets or institutional custody with stronger key controls.

Key Takeaways

• Type confusion flaws enable remote code execution and wallet drainage.

• Malicious extensions and phishing pages are primary attack vectors.

• Immediate updates and security audits are critical to protect assets.

Users and organizations should prioritize browser hygiene and proactive security measures to mitigate evolving threats. For further details, refer to Google’s security advisory  and Chainalysis’ analysis of drainer campaigns.