High-Severity Vulnerabilities Patched in Chrome, Firefox

High-Severity Vulnerabilities Patched in Chrome, Firefox

Posted on By CWS

Google and Mozilla on Tuesday introduced a contemporary spherical of Chrome and Firefox patches, together with fixes for high-severity vulnerabilities.

A brand new Chrome 139 iteration was launched to resolve a high-severity out-of-bounds write challenge within the V8 JavaScript engine, which is tracked as CVE-2025-9132.

The difficulty could possibly be exploited remotely utilizing crafted HTML pages, and was found by Google’s Huge Sleep AI agent, which was launched by Google DeepMind and Mission Zero in November 2024.

The web big didn’t share particulars on CVE-2025-9132, but it surely did say final month that Huge Sleep can discover vulnerabilities that attackers already learn about and plan to make use of in assaults, enabling the trade to thwart their exploitation.

Fixes for the V8 flaw have been included in Chrome variations 139.0.7258.138/.139 for Home windows and macOS, and in model 139.0.7258.138 for Linux, which ought to attain all customers shortly.

On Tuesday, Mozilla rolled out patches for 9 safety defects in Firefox, together with 5 rated ‘excessive severity’. Recent Thunderbird and Firefox ESR iterations have been additionally launched to resolve a few of these bugs.

The high-severity vulnerabilities embody a reminiscence corruption challenge within the GMP course of, resulting in sandbox escape (CVE-2025-9179), a same-origin coverage bypass in a graphics part (CVE-2025-9180), and a number of reminiscence security bugs that would probably result in distant code execution (CVE-2025-9187, CVE-2025-9184, and CVE-2025-9185).

The remaining flaws addressed with this Firefox launch embody a medium-severity uninitialized reminiscence challenge and low-severity spoofing and denial-of-service (DoS) bugs.Commercial. Scroll to proceed studying.

Fixes for these safety holes have been included in Firefox 142, Thunderbird 142, Thunderbird 140.2, Thunderbird 128.14, Firefox for iOS 142, Focus for iOS 142, Firefox ESR 140.2, Firefox ESR 128.14, and Firefox ESR 115.27.

Google and Mozilla make no point out of any of those vulnerabilities being exploited in assaults, however customers are suggested to replace their browsers and e mail shoppers as quickly as attainable.

Associated: Chrome Sandbox Escape Earns Researcher $250,000

Associated: Google Mission Zero Tackles Upstream Patch Hole With New Coverage

Associated: Cisco Patches Crucial Vulnerability in Firewall Administration Platform

Associated: Meta Releases Llama AI Open Supply Safety Instruments

Security Week News Tags:, , , ,

Related Posts

Columbia University Data Breach Impacts 860,000 Columbia University Data Breach Impacts 860,000 Security Week News
Critical Vulnerabilities Patched by Splunk and Zoom Critical Vulnerabilities Patched by Splunk and Zoom Security Week News
Production at Steelmaker Nucor Disrupted by Cyberattack Production at Steelmaker Nucor Disrupted by Cyberattack Security Week News
Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities Security Week News
Cisco Warns of Hardcoded Credentials in Enterprise Software Cisco Warns of Hardcoded Credentials in Enterprise Software Security Week News
React Native Vulnerability Actively Exploited in Attacks React Native Vulnerability Actively Exploited in Attacks Security Week News