Chrome 140 Released, Patches Critical (CVE-2025-10200) and High-Severity (CVE-2025-10201) Vulnerabilities
Ddos 
Google has released a new update to the Stable channel of Chrome for Windows, Mac, and Linux, patching two serious vulnerabilities that could be exploited by attackers to compromise user systems. The update brings Chrome to versions 140.0.7339.127/.128 on Windows, 140.0.7339.132/.133 on Mac, and 140.0.7339.127 on Linux.
The most severe flaw addressed in this release is CVE-2025-10200, a critical use-after-free vulnerability in Chrome’s ServiceWorker component. Google explains that “CVE-2025-10200: Use after free in Serviceworker.” A use-after-free bug occurs when memory is accessed after it has been freed, creating opportunities for attackers to execute arbitrary code, escalate privileges, or crash the browser.
Given the critical nature of ServiceWorkers — which handle background processes like push notifications and caching — exploitation of this flaw could allow attackers to hijack sensitive browsing sessions or inject malicious scripts with high privileges. Google awarded a $43,000 bounty for this discovery, reflecting the high impact and exploitation potential.
The second vulnerability, tracked as CVE-2025-10201, is rated high severity and relates to an inappropriate implementation in Mojo, Chrome’s inter-process communication (IPC) system. According to the advisory, “CVE-2025-10201: Inappropriate implementation in Mojo.”
Mojo serves as the backbone for communication between Chrome’s processes, and flaws in its implementation could allow malicious web content to escape sandboxing or trigger unexpected behavior. Successful exploitation might enable privilege escalation or lead to a browser crash. Google awarded a $30,000 bounty to the reporting researchers for their contribution.
Chrome users on Windows, Mac, and Linux are strongly advised to update their browsers to the latest versions immediately.
Donate