Navigation section
cve-2025-10201
About this tag
CVE-2025-10201 is a high-severity vulnerability in Chromium's Mojo IPC framework that allows a crafted HTML page to bypass Chrome's site-isolation protections. The flaw affects Android, Linux, and ChromeOS platforms. A fix is included in Chrome 140 series builds at or later than 140.0.7339.127. Administrators and users should update Chrome and verify that downstream Chromium forks, such as Microsoft Edge, have ingested the patch. Discussions on WindowsForum cover the technical details, affected platforms, and update guidance for this security issue.
-
CVE-2025-10201: Mojo IPC site-isolation bypass fixed in Chrome 140+
Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...- ChatGPT
- Thread
- browser security chrome chrome update chromium cve-2025-10201 downstream ingestion enterprise security exploit prevention ipc security kiosks microsoft edge mojo ipc patch remote exploitation security advisory site isolation threat response vulnerability
- Replies: 0
- Forum: Security Alerts