Use After Free Vulnerability in Google Chrome Serviceworker
CVE-2025-10200

8.8HIGH

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
10 September 2025

What is CVE-2025-10200?

CVE-2025-10200 is a critical vulnerability identified in Google Chrome's Serviceworker component, specifically affecting desktop versions before 140.0.7339.127. This vulnerability is classified as a "Use After Free" issue, which occurs when a program continues to use a memory resource after it has been freed. Such scenarios can lead to heap corruption, enabling remote attackers to craft HTML pages that exploit this flaw. Consequently, organizations relying on Google Chrome may face severe security risks, as the exploitation of this vulnerability can facilitate unauthorized access to sensitive data and control over affected systems. The critical nature of this vulnerability, coupled with its potential for exploitation without proper safeguards in place, poses significant challenges for maintaining secure web environments.

Potential impact of CVE-2025-10200

  1. Compromise of User Data: Exploiting this vulnerability can allow attackers to access and manipulate sensitive user data, leading to potential data breaches and loss of confidentiality.

  2. Remote Code Execution: The vulnerability's nature enables an attacker to execute arbitrary code on a victim's device, which can facilitate further system compromise and propagation of malware across networks.

  3. Increased Risk of Future Attacks: Successful exploitation of CVE-2025-10200 may serve as a foothold for attackers, allowing subsequent attacks that take advantage of further vulnerabilities or weaknesses within the system, thus exacerbating the security landscape for affected organizations.

Affected Version(s)

Chrome 140.0.7339.127

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-10200 : Use After Free Vulnerability in Google Chrome Serviceworker