High-Severity Flaws Patched in Chrome, Firefox

High-Severity Flaws Patched in Chrome, Firefox

Posted on By CWS

Google and Mozilla on Tuesday introduced a recent spherical of updates for Chrome and Firefox, together with patches for a number of high-severity reminiscence security vulnerabilities.

The newly introduced Chrome 138 refresh is the third for the reason that browser model was promoted to the secure channel. The earlier updates Google rolled out resolved two exploited zero-days, specifically CVE-2025-6558 and CVE-2025-6554.

On Tuesday, Chrome obtained patches for 3 safety defects, together with two reported by safety researcher Shaheen Fazim earlier this month.

The 2 flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity sort confusion points impacting the browser’s V8 JavaScript engine.

Google says it paid an $8,000 reward for the primary bug, however has but to find out the quantity to be handed out for the second.

The newest Chrome iteration is now rolling out as variations 138.0.7204.168/.169 for Home windows and macOS, and as model 138.0.7204.168 for Linux.

This week, Mozilla promoted Firefox 141 to the secure channel with 17 safety fixes, together with six that resolve high-severity vulnerabilities.

The primary high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which solely writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, the place quite a few entries in a selected instruction results in “truncation and incorrect computation of the department tackle”.Commercial. Scroll to proceed studying.

The opposite 4 high-severity points, specifically CVE-2025-8044, CVE-2025-8034, CVE-2025-8040, and CVE-2025-8035, are reminiscence security defects that would doubtlessly result in distant code execution.

Firefox 141 additionally resolves medium- and low-severity vulnerabilities that would result in URL truncation, bypasses, undesirable downloads, and code execution.

On Tuesday, Mozilla additionally launched safety updates for Thunderbird and Firefox ESR that tackle a few of these safety defects.

Customers are suggested to replace their Chrome and Firefox installations as quickly as doable.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Year-Old WordPress Plugin Flaws Exploited to Hack Websites Security Week News
Ericsson Data Breach Exposes Thousands’ Information Ericsson Data Breach Exposes Thousands’ Information Security Week News
Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform Security Week News
Google Pays 0,000 in Rewards for Two Chrome Vulnerabilities Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Security Week News
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption Security Week News
isVerified Emerges From Stealth With Voice Deepfake Detection Apps isVerified Emerges From Stealth With Voice Deepfake Detection Apps Security Week News