Critical Chrome Security Update Patches Remote Code Execution Flaws

Google has released an urgent security update for the Chrome browser across Windows, Mac, and Linux platforms to address critical vulnerabilities that could enable remote attackers to execute arbitrary code. Chrome users are strongly encouraged to update their browsers immediately to safeguard against potential threats.

This update resolves two significant security flaws. The most critical is CVE-2025-10200, a “use-after-free” vulnerability within the Serviceworker component, carrying a CVSS score of 9.8. This flaw does not require user interaction for exploitation. Additionally, the update addresses CVE-2025-10201, a high-severity flaw related to an “inappropriate implementation in Mojo,” with a CVSS score of 8.8.

A use-after-free vulnerability, such as CVE-2025-10200, arises when a program attempts to access memory after it has been deallocated. This can lead to various detrimental outcomes, including crashes, data corruption, and, in severe instances, arbitrary code execution. The Mojo component, impacted by CVE-2025-10201, is a collection of runtime libraries facilitating inter-process communication within Chromium. Exploitation of this flaw could potentially compromise the browser’s sandbox environment, a key security feature.

Successful exploitation of CVE-2025-10200 could enable an attacker to craft a malicious webpage that, upon being visited by a user, could execute arbitrary code on the victim’s system. CVE-2025-10201 could compromise the browser’s sandbox, a critical security feature designed to isolate processes and prevent exploits from impacting the underlying system.

Attackers can exploit these vulnerabilities to execute arbitrary code remotely and potentially compromise the browser’s security sandbox. Here are some tactics and techniques that could be employed:

• TA0002 – Execution: To run malicious code on a victim’s system.
• T1059 – Command and Scripting Interpreter: To execute commands via a scripting interpreter.
• TA0004 – Privilege Escalation: To gain higher-level access to the system.
• T1068 – Exploitation for Privilege Escalation: To leverage vulnerabilities for escalating privileges.
• TA0007 – Discovery: To gather information about the system.
• T1082 – System Information Discovery: To find details about the operating system and installed software.
• TA0001 – Initial Access: Exploiting a public-facing application (T1190) through a malicious webpage.

To mitigate these vulnerabilities, Google has released the following updates to the stable channel:

• Version 140.0.7339.127/.128 for Windows
• Version 140.0.7339.132/.133 for Mac
• Version 140.0.7339.127 for Linux

Users can manually initiate the update process by navigating to Settings > About Google Chrome. The browser will automatically scan for the latest version and prompt the user to relaunch in order to complete the update. It is crucial to apply these security updates as soon as they become available.

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.