What security vulnerabilities did Google patch in the latest Chrome update?

Google released a security update for Chrome addressing two vulnerabilities: CVE-2025-10200 (Critical) - a Use-After-Free vulnerability in ServiceWorker that could enable remote code execution, and CVE-2025-10201 (High) - an Inappropriate Implementation in Mojo.

How serious is the CVE-2025-10200 Chrome vulnerability?

CVE-2025-10200 is rated as Critical by Google. It's a use-after-free vulnerability in ServiceWorker that occurs when programs continue to use memory after it has been freed, potentially allowing attackers to execute malicious code remotely. ServiceWorkers operate with elevated privileges and affect how web pages interact with the browser's core functionality.

What Chrome versions fix these security vulnerabilities?

The security update includes Chrome version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for Mac, and 140.0.7339.127 for Linux. These versions address both the critical ServiceWorker vulnerability and the Mojo implementation issue.

What are ServiceWorkers and why is this vulnerability important?

ServiceWorkers are background scripts that enable web applications to function offline and handle network requests. They operate with elevated privileges and affect how web pages interact with the browser's core functionality, making vulnerabilities in this component particularly dangerous for remote code execution attacks.

What is the Mojo vulnerability in Chrome about?

CVE-2025-10201 is rated as High severity by Google and involves an inappropriate implementation in Mojo. While Google has restricted detailed vulnerability information until most users receive the patches, Mojo is Chrome's inter-process communication system that handles communication between different browser processes.

How can I update Chrome to get these security fixes?

The patches will be available to all users over the coming days and weeks through Chrome's automatic update mechanisms. Users can also manually initiate the update process by going to Chrome's settings and checking for updates.

Why hasn't Google released detailed information about these vulnerabilities?

Google has restricted detailed vulnerability information until the majority of users have received the security patches. This is a standard security practice to prevent malicious actors from exploiting the vulnerabilities before users can update their browsers.

Which operating systems are affected by these Chrome vulnerabilities?

The security vulnerabilities affect Chrome on Windows, Mac, and Linux platforms. Google has released specific version updates for each operating system to address these security issues.

What is a use-after-free vulnerability and how dangerous is it?

Use-after-free vulnerabilities occur when programs continue to use memory after it has been freed. This can potentially allow attackers to execute malicious code remotely by manipulating the freed memory space. In Chrome's ServiceWorker component, this type of vulnerability is particularly dangerous due to the elevated privileges these scripts operate with.

Should I update Chrome immediately for these security fixes?

Yes, users should update Chrome as soon as the update becomes available through automatic updates or by manually checking for updates. The critical nature of the ServiceWorker vulnerability (CVE-2025-10200) makes it important to install these security patches promptly to protect against potential remote code execution attacks.

Advisory

Google releases urgent Chrome update, patches critical vulnerability

published: Sept. 10, 2025

Take action: Once again - an critical patch for Chrome - Google is patching an critica flaw in Chrome. Not exploited yet, but the reward for the bug was huge, so there is a real danger of this flaw being exploited. Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.

Learn More

Google has released a security update for the Chrome browser for Windows, Mac, and Linux platforms, addressing two vulnerabilities including a critical use-after-free flaw that could enable remote code execution.

Vulnerabilities summary:

CVE-2025-10200 (CVSS score N/A, Google score Critical) - Use-After-Free Vulnerability in ServiceWorker. Use-after-free vulnerabilities occur when programs continue to use memory after it has been freed, potentially allowing attackers to execute malicious code remotely. ServiceWorkers are background scripts that enable web applications to function offline and handle network requests, operating with elevated privileges and affecting how web pages interact with the browser's core functionality.
CVE-2025-10201 (CVSS score N/A, Google score High) - Inappropriate Implementation in Mojo

The update released Chrome version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for Mac, and 140.0.7339.127 for Linux. Google's has restricted detailed vulnerability information until the majority of users have received the security patches.

The patches will be available to all users over the coming days and weeks through automatic update mechanisms. Users can manually initiate the update process.

Google releases urgent Chrome update, patches critical vulnerability

Read More
Apple patches critical WebKit Vulnerability exploited in "Extremely …
Google releases update for Chrome
Google releases Chrome 116 Update, fixes eight High …
Microsoft patch release for November 2023, fixes 5 …
Microsoft December 2025 patch Tuesday fixes one actively …