High-Severity Flaws Patched in Chrome, Firefox

High-Severity Flaws Patched in Chrome, Firefox

Posted on By CWS

Google and Mozilla on Tuesday introduced a recent spherical of updates for Chrome and Firefox, together with patches for a number of high-severity reminiscence security vulnerabilities.

The newly introduced Chrome 138 refresh is the third for the reason that browser model was promoted to the secure channel. The earlier updates Google rolled out resolved two exploited zero-days, specifically CVE-2025-6558 and CVE-2025-6554.

On Tuesday, Chrome obtained patches for 3 safety defects, together with two reported by safety researcher Shaheen Fazim earlier this month.

The 2 flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity sort confusion points impacting the browser’s V8 JavaScript engine.

Google says it paid an $8,000 reward for the primary bug, however has but to find out the quantity to be handed out for the second.

The newest Chrome iteration is now rolling out as variations 138.0.7204.168/.169 for Home windows and macOS, and as model 138.0.7204.168 for Linux.

This week, Mozilla promoted Firefox 141 to the secure channel with 17 safety fixes, together with six that resolve high-severity vulnerabilities.

The primary high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which solely writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, the place quite a few entries in a selected instruction results in “truncation and incorrect computation of the department tackle”.Commercial. Scroll to proceed studying.

The opposite 4 high-severity points, specifically CVE-2025-8044, CVE-2025-8034, CVE-2025-8040, and CVE-2025-8035, are reminiscence security defects that would doubtlessly result in distant code execution.

Firefox 141 additionally resolves medium- and low-severity vulnerabilities that would result in URL truncation, bypasses, undesirable downloads, and code execution.

On Tuesday, Mozilla additionally launched safety updates for Thunderbird and Firefox ESR that tackle a few of these safety defects.

Customers are suggested to replace their Chrome and Firefox installations as quickly as doable.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel Security Week News
Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool Security Week News
Dell and HP Enhance Quantum-Resistant Security Solutions Dell and HP Enhance Quantum-Resistant Security Solutions Security Week News
NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft Security Week News
Lumma Stealer Activity Drops After Doxxing Lumma Stealer Activity Drops After Doxxing Security Week News
Widespread Exploitation of XWiki Vulnerability Observed Widespread Exploitation of XWiki Vulnerability Observed Security Week News