CVE-2025-10200

Published Sep 10, 2025

Last updated 6 months ago

CVSS high 8.8
Google Chrome

Overview

Description
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-416

Social media

Hype score
Not currently trending

  1. 🐞Bug Spotlight: CVE-2025-10200 – Use-after-Free in Chrome Service Worker [bounty $43000] One-shot renderer RCE to sandbox escape with a deep iterator invalidation Issue: 🔒440454442 (currently private) Reported by Looben Yang Reverse engineering & PoC exploit by @al

    @zerodaytraining

    8 Oct 2025

    11842 Impressions

    30 Retweets

    209 Likes

    76 Bookmarks

    3 Replies

    1 Quote

  2. Cyber threat roundup from the last hour 🔥: Credential leaks, mass attacks on governments, new malware strikes, and rising fraud schemes shape today’s risk landscape. Stay sharp and updated! 🛡️ Google Chrome critical flaw (CVE-2025-10200) actively exploited across all m

    @np_cyber_news

    29 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Google Chrome の脆弱性 CVE-2025-10200/10201 が FIX:リモート・コード実行の恐れ https://t.co/Z54dTFg8vz Chrome に、2つの深刻な脆弱性が発見されました。ひとつは Serviceworker コンポーネントにおける use-after-free

    @iototsecnews

    22 Sept 2025

    137 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Cybercrime heats up with AI exploits, zero-days, massive breaches, and crypto hacks in the last hour 🚨 Here’s what you must know now: 🛠️ Critical zero-days in Chrome patched twice this hour (CVE-2025-10200 & CVE-2025-10585) allow full remote code execution on multi

    @np_cyber_news

    18 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Google Chrome Warnung: Kritische Chrome-Sicherheitslücke CVE-2025-10200 - Hintergründe und Schutzmassnahmen 15.09.25 Die von Google veröffentlichte CVE-2025-10200 stellt eine der gravierendsten Sicherheitslücken der letzten Monate im Chrome-Browser dar… https://t.co/63ZkJ

    @tarifrechner

    16 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Google Chrome Warnung: Kritische Chrome-Sicherheitslücke CVE-2025-10200 - Hintergründe und Schutzmaßnahmen-- Die von Google veröffentlichte CVE-2025-10200 stellt eine der gravierendsten Sicherheitslücken der letzten Monate im Chrome-Browser dar. In der Serviceworker-Kompon

    @tarifrechner

    15 Sept 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Google Chrome Warnung: Kritische Chrome-Sicherheitslücke CVE-2025-10200 - Hintergründe und Schutzmaßnahmen-- Die von Google veröffentlichte CVE-2025-10200 stellt eine der gravierendsten Sicherheitslücken der letzten Monate im Chrome-Browser dar. In der Serviceworker-Kompon

    @tarifrechner

    15 Sept 2025

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Google patched a critical Chrome flaw in the Serviceworker component (CVE-2025-10200), awarding a researcher $43K. Another bug in Mojo IPC earned $30K. No reports of active exploitation yet. #CVE2025 #ChromePatch #USA https://t.co/kmSWuQYXn7

    @TweetThreatNews

    12 Sept 2025

    136 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. ⚠️Vulnerabilidades en Google Chrome ❗CVE-2025-10200 ❗CVE-2025-10201 ➡️Más info: https://t.co/Acw9G3vDBH https://t.co/41OVfj6M7b

    @CERTpy

    12 Sept 2025

    133 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Chromium: CVE-2025-10200 Use after free in Serviceworker https://t.co/y6PJjjl86E #SecQube #cybersecurity

    @SecQube

    12 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Chromeの深刻な脆弱性CVE-2025-10200とCVE-2025-10201の詳細 https://t.co/9WNMh3Kokx #Security #セキュリティ #ニュース

    @SecureShield_

    12 Sept 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. The @googlechrome team sent me this gift. It’s cute, thanks. In return, I submitted a new bug report( CVE-2025-10200). @arw @amyexp @adehohum https://t.co/VHLXuGCcPk https://t.co/1kA7bFN3bS

    @loobeny

    11 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google、Chromeの定例アップデートで2件の脆弱性を修正(CVE-2025-10200,CVE-2025-10201) https://t.co/JDelGP252B #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    11 Sept 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-10200 Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM… https://t.co/3uoC34Okb9

    @CVEnew

    10 Sept 2025

    292 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Chrome users: update ASAP! Google just patched a critical flaw (CVE-2025-10200) that could let hackers hijack your browser with a single malicious site. Details + protection tips in my latest blog 👇 https://t.co/3mYyavCpjw #CyberSecurity #GoogleChrome #RCE https://t.co/O

    @digitalinsiire

    10 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. woah... (CVE-2025-10200)[$43000][Critical][Serviceworker][440454442]A race condition between handling request timeouts and starting new requests -> UAF https://t.co/409YmnqPnp https://t.co/PDmxuqMVyO Reported by Looben Yang

    @xvonfers

    10 Sept 2025

    5674 Impressions

    6 Retweets

    37 Likes

    22 Bookmarks

    0 Replies

    1 Quote

  17. GoogleはChromeの緊急セキュリティアップデートを発表し、2つの重大な脆弱性を修正しました。特に、CVE-2025-10200は、ServiceWorkerコンポーネントのクリティカルな「use-after-free」脆弱性で、攻撃者がユーザーシステ

    @cyber_edu_jp

    10 Sept 2025

    116 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)CVE-2026-3545
  2. Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3540
  3. Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)CVE-2026-3544
  4. Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3543
  5. Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3542

References

Sources include official advisories and independent security research.