Researchers have earned important rewards from Google for reporting two probably critical vulnerabilities discovered within the Chrome net browser.
Google this week rolled out a Chrome replace that fixes two safety defects reported by exterior researchers, together with a critical-severity bug within the browser’s Serviceworker part, for which a $43,000 bug bounty reward was paid.
Tracked as CVE-2025-10200 and reported by Looben Yang, the vital flaw is described as a use-after-free challenge. Most of these reminiscence corruption vulnerabilities seem when this system makes an attempt to entry reminiscence that has been freed.
By timing reminiscence operations, attackers can exploit use-after-free bugs to put malicious code within the freed reminiscence, probably reaching arbitrary code execution and full system compromise.
The newest Chrome replace additionally resolves CVE-2025-10201, a high-severity inappropriate implementation in Mojo, for which Google handed out a $30,000 reward. This flaw was reported to Google by Sahan Fernando and an nameless researcher.
Whereas these could appear to be important rewards, Google just lately paid out a $250,000 bug bounty for a Chrome vulnerability that may be exploited to flee the online browser’s sandbox.
Google makes no point out of both of the newly patched vulnerabilities being exploited within the wild, however customers are suggested to replace their browsers as quickly as potential.
The Chrome replace is rolling out as variations 140.0.7339.127/.128 for Home windows, variations 140.0.7339.132/.133 for macOS, and 140.0.7339.127 for Linux.Commercial. Scroll to proceed studying.
Associated: Google Patches Excessive-Severity Chrome Vulnerability in Newest Replace
Associated: Excessive-Severity Vulnerabilities Patched in Chrome, Firefox
Associated: Apple Patches Safari Vulnerability Flagged as Exploited Towards Chrome
