A security researcher earned $43,000 from Google for discovering a critical Chrome vulnerability related to the Serviceworker component (CVE-2025-10200). The vulnerabilities prompted a Chrome update to fix the issues, but it is unclear if they have been actively exploited in the wild. #CVE-2025-10200 #ChromeUpdate
Keypoints
- A researcher reported a critical Chrome vulnerability related to the Serviceworker component, earning $43,000 from Google.
- The vulnerability involved a use-after-free (UAF) flaw, which can cause crashes, data corruption, or remote code execution.
- Another bug, CVE-2025-10201, was found in the Mojo IPC framework, with a reward of $30,000 for its discovery.
- Google released Chrome updates to address these vulnerabilities across Windows, macOS, and Linux platforms.
- Google has not disclosed whether these vulnerabilities have been exploited in real-world attacks.