New Chrome Stable Update Fixes Critical Exploitable Vulnerabilities

Published Date: September 10, 2025
Category: ShadowOpsIntel
Share:

Google released a Stable Channel update for Chrome on Windows, macOS, and Linux, addressing two security vulnerabilities. These flaws, reported by external security researchers, could allow attackers to execute arbitrary code or abuse improper implementations in Chrome components. Immediate patching is strongly advised.

Severity Level: Critical

Vulnerability Details

1. CVE-2025-10200

  • Severity: Critical
  • Type: Use-after-free in ServiceWorker
  • Description: A memory corruption issue caused by improper object lifecycle handling in the ServiceWorker component.
  • Impact: Could lead to arbitrary code execution or sandbox escape.

2. CVE-2025-10201

  • Severity: High
  • Type: Inappropriate implementation in Mojo (IPC framework used by Chrome)
  • Description: Insufficient enforcement of contract checks in the Mojo IPC layer, leading to unsafe state transitions and potential exploitation.
  • Impact: Could result in sandbox escape or privilege escalation when abused by a crafted payload.

Exploitation

  • As of the release, no evidence of active exploitation in the wild has been reported.
  • Both vulnerabilities could be exploited via specially crafted web page and tricking the victim into visiting it.
  • CVE-2025-10200 exploitation could lead directly to arbitrary code execution within the browser process.
  • CVE-2025-10201 exploitation could allow sandbox escapes to access system resources beyond the browser’s intended scope.
  • The ServiceWorker bug (CVE-2025-10200) is the more dangerous one, as it enables remote code execution.

Affected Products

Google Chrome Desktop for:

  • Windows: versions prior to 140.0.7339.127/.128
  • macOS: versions prior to 140.0.7339.132/.133
  • Linux: versions prior to 140.0.7339.127

Recommendations

  1. Ensure Google Chrome and Chromium based browsers are running latest security updates.
  2. Enforce auto-updates for Chrome in enterprise environments.
  3. Enable Enhanced Safe Browsing mode for real-time protection.

Source:

  • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.