CVE-2025-10200

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 140.0.7339.127 Microsoft Edge (Chromium-based) versions prior to 140.0.7339.127 Vivaldi versions prior to 138.0.7204.261

Description A critical use-after-free issue exists in the Serviceworker component of Chromium. This flaw could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution or denial of service. The vulnerability is related to a race condition between handling request timeouts and starting new requests within the ServiceWorker, resulting in a use-after-free condition. A researcher discovered the issue and was awarded a $43,000 bounty by Google. There have been no confirmed reports of active exploitation in the wild. The Serviceworker component is susceptible to this flaw.

Recommendations Chromium versions prior to 140.0.7339.127: Upgrade to version 140.0.7339.127 or later. Microsoft Edge (Chromium-based) versions prior to 140.0.7339.127: Upgrade to version 140.0.7339.127 or later. Vivaldi versions prior to 138.0.7204.261: Upgrade to version 138.0.7204.261 or later.