Critical malware vulnerability threatens Google Chrome
The developers have closed two vulnerabilities in the latest version of the Chrome web browser.
Google's Chrome is vulnerable on Linux, macOS, and Windows. A repaired version is available for download.
Two dangers averted
In a warning message, the developers list two vulnerabilities that have now been closed (CVE-2025-10200 “critical”, CVE2025-10201“high”). According to the brief description, the critical vulnerability affects the service worker component. Here, attackers can trigger memory errors (use-after-free) in an unspecified way. In such cases, malicious code usually gets onto systems and compromises them.
Videos by heise
The specific effects of successful attacks on the second vulnerability are still unclear. Chrome versions 140.0.7339.127 (Linux), 140.0.7339.132/.133 (macOS), and 140.0.7339.127/.128 (Windows) are protected against the attacks described.
The web browser updates itself automatically by default. To check the installed version and manually initiate an update, go to “About Google Chrome” under “Help.”
(des)
