Particle.news
Download on the App Store
5 ARTICLES
·
last wk.

Google Ships Chrome 140 Fixes for Critical ServiceWorker Bug and High-Risk Mojo Flaw

Patched builds are available across platforms, with no evidence of active attacks.

Image
Chrome-Logo
Image
Image

Overview

  • Updates address CVE-2025-10200, a critical use-after-free in ServiceWorker, and CVE-2025-10201, a high-severity issue in the Mojo IPC framework.
  • Desktop versions now include 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for macOS, and 140.0.7339.127 for Linux, with Android at 140.0.7339.123 and iOS at 140.0.7339.122.
  • Google says neither vulnerability is currently known to be exploited in the wild and withholds further technical details during the rollout.
  • Google awarded $43,000 to Looben Yang for the ServiceWorker flaw and $30,000 to the researchers who reported the Mojo issue.
  • Chromium-based browsers are updating on their own schedules, with Edge and Brave already on Chromium 140, Vivaldi preparing its move, and Opera still on an older base but backporting CVE-2025-10200.