Researchers have earned vital rewards from Google for reporting two doubtlessly severe vulnerabilities discovered within the Chrome net browser.
Google this week rolled out a Chrome replace that fixes two security defects reported by exterior researchers, together with a critical-severity bug within the browser’s Serviceworker element, for which a $43,000 bug bounty reward was paid.
Tracked as CVE-2025-10200 and reported by Looben Yang, the essential flaw is described as a use-after-free situation. These kind of reminiscence corruption vulnerabilities seem when this system makes an attempt to entry reminiscence that has been freed.
By timing reminiscence operations, attackers can exploit use-after-free bugs to position malicious code within the freed reminiscence, doubtlessly attaining arbitrary code execution and full system compromise.
The most recent Chrome replace additionally resolves CVE-2025-10201, a high-severity inappropriate implementation in Mojo, for which Google handed out a $30,000 reward. This flaw was reported to Google by Sahan Fernando and an nameless researcher.
Whereas these might look like vital rewards, Google lately paid out a $250,000 bug bounty for a Chrome vulnerability that may be exploited to flee the net browser’s sandbox.
Google makes no point out of both of the newly patched vulnerabilities being exploited within the wild, however customers are suggested to replace their browsers as quickly as doable.
The Chrome replace is rolling out as variations 140.0.7339.127/.128 for Home windows, variations 140.0.7339.132/.133 for macOS, and 140.0.7339.127 for Linux.
