Google has issued an urgent security update for the Chrome browser on Windows, Mac, and Linux, addressing a critical vulnerability that could allow attackers to execute arbitrary code remotely.
Users are strongly advised to update their browsers immediately to protect against potential threats.
The Stable channel has been updated to version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for Mac, and 140.0.7339.127 for Linux.
The update is currently rolling out and will become available to all users over the coming days and weeks. This patch follows the initial release of Chrome 140, which also addressed several other security issues.
Critical Use-After-Free Vulnerability
The update resolves two major security flaws, with the most severe being CVE-2025-10200. This vulnerability is rated as critical and is described as a “Use-after-free” bug in the Serviceworker component.
A use-after-free flaw occurs when a program tries to use memory after it has been deallocated, which can lead to crashes, data corruption, or, in the worst case, arbitrary code execution.
An attacker could exploit this vulnerability by crafting a malicious webpage that, when visited by a user, could allow the attacker to run malicious code on the victim’s system.
Security researcher Looben Yang reported this critical flaw on August 22, 2025. In recognition of the severity of the discovery, Google has awarded a bug bounty of $43,000.
High-Severity Mojo Implementation Flaw
The second vulnerability patched in this release is CVE-2025-10201, a high-severity flaw identified as an “Inappropriate implementation in Mojo.”
Mojo is a collection of runtime libraries used for inter-process communication within Chromium, the open-source project that powers Chrome.
Flaws in this component can be particularly dangerous as they can potentially compromise the browser’s sandbox, a key security feature that isolates processes to prevent exploits from affecting the underlying system.
This vulnerability was reported by Sahan Fernando and an anonymous researcher on August 18, 2025. The reporters were awarded a $30,000 bounty for their findings.
Google is rolling out the update gradually, but users can manually check for and apply the update by navigating to Settings > About Google Chrome.
The browser will automatically scan for the latest version and prompt the user to relaunch it to complete the update process.
As is standard practice, Google has restricted access to detailed information about the bugs to prevent attackers from developing exploits before a majority of users have installed the patch. This highlights the importance of applying security updates as soon as they become available.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
