Google and Mozilla on Tuesday introduced a contemporary spherical of Chrome and Firefox patches, together with fixes for high-severity vulnerabilities.
A brand new Chrome 139 iteration was launched to resolve a high-severity out-of-bounds write challenge within the V8 JavaScript engine, which is tracked as CVE-2025-9132.
The difficulty could possibly be exploited remotely utilizing crafted HTML pages, and was found by Google’s Huge Sleep AI agent, which was launched by Google DeepMind and Mission Zero in November 2024.
The web big didn’t share particulars on CVE-2025-9132, but it surely did say final month that Huge Sleep can discover vulnerabilities that attackers already learn about and plan to make use of in assaults, enabling the trade to thwart their exploitation.
Fixes for the V8 flaw have been included in Chrome variations 139.0.7258.138/.139 for Home windows and macOS, and in model 139.0.7258.138 for Linux, which ought to attain all customers shortly.
On Tuesday, Mozilla rolled out patches for 9 safety defects in Firefox, together with 5 rated ‘excessive severity’. Recent Thunderbird and Firefox ESR iterations have been additionally launched to resolve a few of these bugs.
The high-severity vulnerabilities embody a reminiscence corruption challenge within the GMP course of, resulting in sandbox escape (CVE-2025-9179), a same-origin coverage bypass in a graphics part (CVE-2025-9180), and a number of reminiscence security bugs that would probably result in distant code execution (CVE-2025-9187, CVE-2025-9184, and CVE-2025-9185).
The remaining flaws addressed with this Firefox launch embody a medium-severity uninitialized reminiscence challenge and low-severity spoofing and denial-of-service (DoS) bugs.Commercial. Scroll to proceed studying.
Fixes for these safety holes have been included in Firefox 142, Thunderbird 142, Thunderbird 140.2, Thunderbird 128.14, Firefox for iOS 142, Focus for iOS 142, Firefox ESR 140.2, Firefox ESR 128.14, and Firefox ESR 115.27.
Google and Mozilla make no point out of any of those vulnerabilities being exploited in assaults, however customers are suggested to replace their browsers and e mail shoppers as quickly as attainable.
Associated: Chrome Sandbox Escape Earns Researcher $250,000
Associated: Google Mission Zero Tackles Upstream Patch Hole With New Coverage
Associated: Cisco Patches Crucial Vulnerability in Firewall Administration Platform
Associated: Meta Releases Llama AI Open Supply Safety Instruments
