Google修复了Chrome浏览器中的两个关键漏洞(CVE-2025-10200和CVE-2025-10201),分别涉及Serviceworker组件的use-after-free问题和Mojo框架的不当实现。研究人员Looben Yang、Sahan Fernando及匿名专家因此获得总计73,美元奖励。更新版本为Windows 1468、macOS 666及Linux 666。目前未报告相关漏洞被野利用。 2025-9-11 14:7:54 Author: securityaffairs.com(查看原文) 阅读量:6 收藏
Google fixes critical Chrome flaw, researcher earns $43K
Pierluigi Paganini
September 11, 2025
Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution.
A researcher earned $43000 from Google for reporting a critical Chrome vulnerability, tracked as CVE-2025-10200, in the Serviceworker component.
A use-after-free (UAF) occurs when a program accesses memory after it has been freed. This can cause crashes, data corruption, or enable exploits like remote code execution. Common in C/C++ programs, UAFs are frequent in browsers and OS software handling manual memory management.
The researcher Looben Yang reported the vulnerability to Google on August 22, 2025.
Google rolled out a Chrome update that addressed this issue and another bug, tracked as CVE-2025-10201. CVE-2025-10201 is an inappropriate implementation in Mojo, which is an inter-process communication (IPC) framework used by Google Chrome.
Researchers Sahan Fernando and an anonymous expert reported the flaw CVE-2025-10201 and earned $30000 from Google for reporting this issue.
The Chrome update is being released as version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for macOS, and 140.0.7339.127 for Linux.
Google did not reveal if any of these vulnerabilities have been actively exploited in attacks in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
如有侵权请联系:admin#unsafe.sh