Use After Free Vulnerability in Google Chrome
CVE-2025-10500

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
24 September 2025

What is CVE-2025-10500?

CVE-2025-10500 is a security vulnerability in Google Chrome, specifically related to a "Use After Free" flaw within the Dawn component. This vulnerability arises when an application attempts to access memory that has already been freed, which can lead to heap corruption. Such a scenario can allow remote attackers to exploit this vulnerability through specially crafted HTML pages. Given the widespread use of Google Chrome for web browsing, particularly in enterprise environments, this vulnerability poses a serious risk as it can enable unauthorized actions on affected systems, ultimately compromising user data and system integrity. The vulnerability is categorized with a high severity rating, indicating substantial implications for organizations that rely on Chrome for their daily operations.

Potential impact of CVE-2025-10500

  1. Heap Corruption: The vulnerability allows for potential exploitation of heap corruption, which can lead to arbitrary code execution. This could enable attackers to alter program execution flows, potentially taking complete control over an affected system.

  2. Data Breach Risks: Exploiting this vulnerability could lead to unauthorized access to sensitive data stored within the browser, including login credentials, personal information, and confidential communications, posing serious risks to organizational data security.

  3. Widespread Exploitation Potential: Though there are no known exploitations in the wild at this time, the nature of the vulnerability suggests that it could be attractive to threat actors, including ransomware groups, which may seek to exploit it once it becomes widely known, increasing the urgency for organizations to implement the latest security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Chrome 140.0.7339.185

References

https://chromereleases.googleblog.com/2025/09/stable-chan...
https://issues.chromium.org/issues/435875050

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.