Google has issued an pressing safety replace for the Chrome browser on Home windows, Mac, and Linux, addressing a crucial vulnerability that would permit attackers to execute arbitrary code remotely.
Customers are strongly suggested to replace their browsers instantly to guard in opposition to potential threats.
The Steady channel has been up to date to model 140.0.7339.127/.128 for Home windows, 140.0.7339.132/.133 for Mac, and 140.0.7339.127 for Linux.
The replace is at present rolling out and can grow to be out there to all customers over the approaching days and weeks. This patch follows the preliminary launch of Chrome 140, which additionally addressed a number of different safety points.
CVE IDSeverityDescriptionAffected ComponentBug BountyCVE-2025-10200CriticalUse-after-freeServiceworker$43,000CVE-2025-10201HighInappropriate implementationMojo$30,000
Essential Use-After-Free Vulnerability
The replace resolves two main safety flaws, with essentially the most extreme being CVE-2025-10200. This vulnerability is rated as crucial and is described as a “Use-after-free” bug within the Serviceworker element.
A use-after-free flaw happens when a program tries to make use of reminiscence after it has been deallocated, which might result in crashes, information corruption, or, within the worst case, arbitrary code execution.
An attacker may exploit this vulnerability by crafting a malicious webpage that, when visited by a person, may permit the attacker to run malicious code on the sufferer’s system.
Safety researcher Looben Yang reported this crucial flaw on August 22, 2025. In recognition of the severity of the invention, Google has awarded a bug bounty of $43,000.
Excessive-Severity Mojo Implementation Flaw
The second vulnerability patched on this launch is CVE-2025-10201, a high-severity flaw recognized as an “Inappropriate implementation in Mojo.”
Mojo is a group of runtime libraries used for inter-process communication inside Chromium, the open-source venture that powers Chrome.
Flaws on this element will be notably harmful as they will doubtlessly compromise the browser’s sandbox, a key safety function that isolates processes to forestall exploits from affecting the underlying system.
This vulnerability was reported by Sahan Fernando and an nameless researcher on August 18, 2025. The reporters have been awarded a $30,000 bounty for his or her findings.
Google is rolling out the replace regularly, however customers can manually test for and apply the replace by navigating to Settings > About Google Chrome.
The browser will mechanically scan for the most recent model and immediate the person to relaunch it to finish the replace course of.
As is normal observe, Google has restricted entry to detailed details about the bugs to forestall attackers from creating exploits earlier than a majority of customers have put in the patch. This highlights the significance of making use of safety updates as quickly as they grow to be out there.
Discover this Story Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Extra Prompt Updates.
