Redazione RHC : 10 September 2025 07:47
An urgent security update has been released by Google for the Chrome browser on Windows, Mac, and Linux operating systems. This new version fixes a critical vulnerability that could allow attackers to remotely execute code at their discretion.
A potential attacker can abuse this weakness by creating a malicious website that, once visited by a user, would allow the attacker to execute code on the user’s system.
The update is currently being rolled out and will be available to all users in the coming days and weeks. This patch follows the initial Chrome 140 release, which also addressed several other security issues.
Users are strongly advised to update their browsers immediately to protect themselves from potential threats. The stable channel has been updated to versions 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for Mac, and 140.0.7339.127 for Linux.
The update addresses two important security vulnerabilities, the most serious of which is CVE-2025-10200. This vulnerability is classified as critical and is described as a “Use-after-free” bug in the Serviceworker component.
A use-after-free flaw occurs when a program attempts to use memory after it has been deallocated, which can lead to crashes, data corruption, or, in the worst-case scenario, arbitrary code execution.
Security researcher Looben Yang reported this critical flaw on August 22, 2025. In recognition of the severity of the discovery, Google has awarded a $43,000 reward for the discovered bug.
The second vulnerability fixed in this release is CVE-2025-10201, a high-severity flaw labeled “Inappropriate Mojo Implementation.” Mojo is a collection of runtime libraries used for inter-process communication within Chromium, the open-source project that powers Chrome.
The second vulnerability was reported by Sahan Fernando and an anonymous researcher on August 18, 2025. The reporters were awarded a $30,000 reward for their findings.
Flaws in this component can be particularly dangerous because they can potentially compromise the browser sandbox, a critical security feature that isolates processes to prevent exploits from affecting the underlying system.
Google is rolling out the update gradually, but users can manually check for and apply it by going to Settings > About Google Chrome.
Redazione