Chrome 138, Firefox 140 Patch Multiple Vulnerabilities

Posted on By CWS

Recent steady iterations of Chrome and Firefox had been launched on Wednesday with patches for 2 dozen vulnerabilities throughout the favored net browsers, together with high-severity reminiscence security flaws.

Chrome 138 has arrived with 11 safety fixes, together with three for medium- and low-severity bugs reported by safety researchers.

These embrace a use-after-free defect in Animation for which Google handed out a $4,000 bug bounty reward, and an inadequate coverage enforcement subject in Loader and an inadequate information validation flaw in DevTools that earned the reporting researchers $1,000 rewards every.

The newest Chrome iteration is now rolling out as model 138.0.7204.49 for Linux and as variations 138.0.7204.49/50 for Home windows and macOS.

Google makes no point out of any of the addressed vulnerabilities being exploited in assaults, however customers are suggested to replace their browsers as quickly as attainable.

On Wednesday, Mozilla dropped Firefox 140 to the steady channel with patches for 13 safety defects, and introduced updates for Firefox ESR 128.12 and Firefox ESR 115.25.

Two of the CVEs addressed with the most recent Firefox launch are high-severity reminiscence security bugs, specifically a use-after-free subject in FontFaceSet and reminiscence corruption defects that, with sufficient effort, might be exploited for distant code execution.

The replace additionally fixes six medium-severity vulnerabilities resulting in the publicity of a persistent UUID to determine the browser, a scarcity of warning when opening information with the terminal extension, coverage bypass, phishing assaults on Android, safety checks bypass, and cross-site scripting assaults.Commercial. Scroll to proceed studying.

Firefox ESR 128.12 was rolled out with patches for 5 of those vulnerabilities, whereas Firefox ESR 115.25 arrived with two fixes. Mozilla makes no point out of any of those bugs being exploited within the wild.

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Associated: Google Researchers Discover New Chrome Zero-Day

Associated: Chrome 137, Firefox 139 Patch Excessive-Severity Vulnerabilities

Security Week News Tags:, , , ,

Related Posts

Surveillance Firm Bypasses SS7 Protections to Retrieve User Location Security Week News
SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover Security Week News
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Security Week News
Adobe Patches Critical Code Execution Bugs Security Week News
160,000 Impacted by Valsoft Data Breach Security Week News
US Announces $100 Million for State, Local and Tribal Cybersecurity Security Week News