Recent steady iterations of Chrome and Firefox had been launched on Wednesday with patches for 2 dozen vulnerabilities throughout the favored net browsers, together with high-severity reminiscence security flaws.
Chrome 138 has arrived with 11 safety fixes, together with three for medium- and low-severity bugs reported by safety researchers.
These embrace a use-after-free defect in Animation for which Google handed out a $4,000 bug bounty reward, and an inadequate coverage enforcement subject in Loader and an inadequate information validation flaw in DevTools that earned the reporting researchers $1,000 rewards every.
The newest Chrome iteration is now rolling out as model 138.0.7204.49 for Linux and as variations 138.0.7204.49/50 for Home windows and macOS.
Google makes no point out of any of the addressed vulnerabilities being exploited in assaults, however customers are suggested to replace their browsers as quickly as attainable.
On Wednesday, Mozilla dropped Firefox 140 to the steady channel with patches for 13 safety defects, and introduced updates for Firefox ESR 128.12 and Firefox ESR 115.25.
Two of the CVEs addressed with the most recent Firefox launch are high-severity reminiscence security bugs, specifically a use-after-free subject in FontFaceSet and reminiscence corruption defects that, with sufficient effort, might be exploited for distant code execution.
The replace additionally fixes six medium-severity vulnerabilities resulting in the publicity of a persistent UUID to determine the browser, a scarcity of warning when opening information with the terminal extension, coverage bypass, phishing assaults on Android, safety checks bypass, and cross-site scripting assaults.Commercial. Scroll to proceed studying.
Firefox ESR 128.12 was rolled out with patches for 5 of those vulnerabilities, whereas Firefox ESR 115.25 arrived with two fixes. Mozilla makes no point out of any of those bugs being exploited within the wild.
Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities
Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs
Associated: Google Researchers Discover New Chrome Zero-Day
Associated: Chrome 137, Firefox 139 Patch Excessive-Severity Vulnerabilities
