AI description
CVE-2025-10500 is a use-after-free vulnerability found in the Dawn component of Google Chrome's WebGPU implementation. This flaw occurs due to improper memory management within Dawn, where memory is freed but remains accessible through dangling pointers after certain WebGPU operations. An attacker could exploit this vulnerability by creating a malicious HTML page that, when opened in a vulnerable Chrome browser, triggers the use-after-free condition, potentially leading to heap corruption and arbitrary code execution. Google addressed this vulnerability in Chrome version 140.0.7339.185 for Linux and 140.0.7339.185/.186 for Windows and Mac.
- Description
- Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- chrome-cve-admin@google.com
- CWE-416
- Hype score
- Not currently trending
CVE-2025-10500 (+15000 usd) When will they update my credit?😂 https://t.co/PqzDIjaZ5W
@gap_dev
14 Dec 2025
10711 Impressions
3 Retweets
163 Likes
38 Bookmarks
5 Replies
0 Quotes
⚠️Chromeにゼロデイ脆弱性あり⚠️ いずれも危険度「High」、既に攻撃例が報告されているようですので早急のアップデートがおすすめです。 CVE-2025-10585:Type Confusion in V8(High) CVE-2025-10500:Use after free in D
@HiromiOgura_
26 Sept 2025
1226 Impressions
5 Retweets
26 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome WebGPU Use-After-Free Vulnerability: CVE-2025-10500 A critical use-after-free bug in #Chrome's WebGPU lets attackers achieve RCE. Patch ASAP to reduce risk. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec https://t.co/24GBS0xUfS
@ZeroPathLabs
24 Sept 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10500 Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se… https://t.co/wGJN0YaNMg
@CVEnew
24 Sept 2025
273 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Google Chrome ❗CVE-2025-10500 ❗CVE-2025-10501 ❗CVE-2025-10502 ➡️Más info: https://t.co/zXC90XzINa https://t.co/JPKY8vTk2L
@CERTpy
22 Sept 2025
161 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Chromium: CVE-2025-10500 Use after free in Dawn https://t.co/Hpdd2F1HGE This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://t.co/UjiS9AYOvz) for more information.
@zeeshankghouri
22 Sept 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL VULNERABILITY ALERT A use-after-free flaw (CVE-2025-10500) in the Dawn graphics layer could lead to remote code execution. Update your Chrome browser now! https://t.co/2f3jCTl9JX https://t.co/fIcAkkhSam
@Iambivash007
18 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7857C78B-3F28-4180-AE76-ABF96A380265",
"versionEndExcluding": "140.0.7339.185"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]