Google and Mozilla on Tuesday introduced a recent spherical of updates for Chrome and Firefox, together with patches for a number of high-severity reminiscence security vulnerabilities.
The newly introduced Chrome 138 refresh is the third for the reason that browser model was promoted to the secure channel. The earlier updates Google rolled out resolved two exploited zero-days, specifically CVE-2025-6558 and CVE-2025-6554.
On Tuesday, Chrome obtained patches for 3 safety defects, together with two reported by safety researcher Shaheen Fazim earlier this month.
The 2 flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity sort confusion points impacting the browser’s V8 JavaScript engine.
Google says it paid an $8,000 reward for the primary bug, however has but to find out the quantity to be handed out for the second.
The newest Chrome iteration is now rolling out as variations 138.0.7204.168/.169 for Home windows and macOS, and as model 138.0.7204.168 for Linux.
This week, Mozilla promoted Firefox 141 to the secure channel with 17 safety fixes, together with six that resolve high-severity vulnerabilities.
The primary high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which solely writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, the place quite a few entries in a selected instruction results in “truncation and incorrect computation of the department tackle”.Commercial. Scroll to proceed studying.
The opposite 4 high-severity points, specifically CVE-2025-8044, CVE-2025-8034, CVE-2025-8040, and CVE-2025-8035, are reminiscence security defects that would doubtlessly result in distant code execution.
Firefox 141 additionally resolves medium- and low-severity vulnerabilities that would result in URL truncation, bypasses, undesirable downloads, and code execution.
On Tuesday, Mozilla additionally launched safety updates for Thunderbird and Firefox ESR that tackle a few of these safety defects.
Customers are suggested to replace their Chrome and Firefox installations as quickly as doable.
Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities
Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities
Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs
