Chrome Vulnerability Fixed Researcher Earns $43K After Google Patch
Chrome Vulnerability Fixed Researcher Earns $43K After Google Patch
In the Chrome browser, Google fixed a serious use-after-free flaw that might have resulted in code execution.
For disclosing a major Chrome vulnerability in the Service Worker component (recorded as CVE-2025-10200), a researcher received $43,000 from Google.
When a program accesses memory after it has been released, this is known as a use-after-free (UAF). Crashing, corrupting data, or enabling exploits like remote code execution are all possible outcomes of this. UAFs are frequently seen in browsers and operating systems that manage memory manually, and they are common in C/C++ programs.
On August 22, 2025, researcher Looben Yang notified Google of the vulnerability.
This problem and another bug, identified as CVE-2025-10201, were fixed in the Chrome update that Google released. Google Chrome’s inter-process communication (IPC) framework, Mojo, has an improper implementation of CVE-2025-10201.
Researchers Sahan Fernando and an unnamed expert received $30000 from Google for bringing attention to the vulnerability CVE-2025-10201.
Version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 for macOS, and 140.0.7339.127 for Linux are the versions of the Chrome update that are now available.
Google does not disclose if any of these flaws have been actively used in real-world assaults.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Google Pixel 10 Supports C2PA to Confirm the Authenticity of AI-Generated Media
About Author
English