High-Severity Flaws Patched in Chrome, Firefox

High-Severity Flaws Patched in Chrome, Firefox

Posted on By CWS

Google and Mozilla on Tuesday introduced a recent spherical of updates for Chrome and Firefox, together with patches for a number of high-severity reminiscence security vulnerabilities.

The newly introduced Chrome 138 refresh is the third for the reason that browser model was promoted to the secure channel. The earlier updates Google rolled out resolved two exploited zero-days, specifically CVE-2025-6558 and CVE-2025-6554.

On Tuesday, Chrome obtained patches for 3 safety defects, together with two reported by safety researcher Shaheen Fazim earlier this month.

The 2 flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity sort confusion points impacting the browser’s V8 JavaScript engine.

Google says it paid an $8,000 reward for the primary bug, however has but to find out the quantity to be handed out for the second.

The newest Chrome iteration is now rolling out as variations 138.0.7204.168/.169 for Home windows and macOS, and as model 138.0.7204.168 for Linux.

This week, Mozilla promoted Firefox 141 to the secure channel with 17 safety fixes, together with six that resolve high-severity vulnerabilities.

The primary high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which solely writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, the place quite a few entries in a selected instruction results in “truncation and incorrect computation of the department tackle”.Commercial. Scroll to proceed studying.

The opposite 4 high-severity points, specifically CVE-2025-8044, CVE-2025-8034, CVE-2025-8040, and CVE-2025-8035, are reminiscence security defects that would doubtlessly result in distant code execution.

Firefox 141 additionally resolves medium- and low-severity vulnerabilities that would result in URL truncation, bypasses, undesirable downloads, and code execution.

On Tuesday, Mozilla additionally launched safety updates for Thunderbird and Firefox ESR that tackle a few of these safety defects.

Customers are suggested to replace their Chrome and Firefox installations as quickly as doable.

Associated: Chrome 138, Firefox 140 Patch A number of Vulnerabilities

Associated: Chrome 137 Replace Patches Excessive-Severity Vulnerabilities

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Security Week News Tags:, , , ,

Related Posts

SentinelOne to Acquire Observo AI in 5 Million Deal SentinelOne to Acquire Observo AI in $225 Million Deal Security Week News
Oracle Patches 200 Vulnerabilities With July 2025 CPU Oracle Patches 200 Vulnerabilities With July 2025 CPU Security Week News
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Security Week News
Russian APT Hits Ukrainian Government With New Malware via Signal Russian APT Hits Ukrainian Government With New Malware via Signal Security Week News
Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign Security Week News
Microsoft Addresses 137 Security Vulnerabilities Microsoft Addresses 137 Security Vulnerabilities Security Week News