Major software firms have rolled out essential security patches to address critical vulnerabilities in their products. Mozilla, Google, Adobe, and Broadcom have issued updates to mitigate potential security threats, aiming to safeguard users against exploitation.
Firefox and Chrome Receive Critical Fixes
Mozilla has launched updates for Firefox to fix two significant vulnerabilities. Identified as CVE-2026-15718 and CVE-2026-15719, these flaws concern the JavaScript: WebAssembly component and the DOM: Navigation component, respectively. Mozilla has confirmed the availability of exploit codes but noted the absence of active attacks. The fixes are part of Firefox version 152.0.6.
Google has also patched 15 security issues in Chrome, including two critical use-after-free vulnerabilities related to the Ozone component. These vulnerabilities (CVE-2026-15764 and CVE-2026-15765) could have allowed remote attackers to execute code on Linux systems. The updates are available in Chrome version 150.0.7871.124/.125 for Windows and Mac, and version 150.0.7871.124 for Linux.
Adobe Updates Address Multiple Critical Vulnerabilities
Adobe has released security updates for 88 vulnerabilities affecting several of its products, such as ColdFusion, Commerce, Experience Manager, and Illustrator. Notably, eight critical flaws in ColdFusion could lead to arbitrary code execution and privilege escalation. These have been resolved in ColdFusion 2025 Update 11 and ColdFusion 2023 Update 22.
Additional vulnerabilities fixed in Adobe Commerce and Magento Open Source include file upload issues and improper output encoding, both of which could result in privilege escalation and code execution. Adobe Experience Manager has also been updated to address critical vulnerabilities that could facilitate server-side request forgery and XML external entity attacks.
VMware Avi Load Balancer Secured Against Critical Flaw
Broadcom has released a vital patch for a critical vulnerability in VMware Avi Load Balancer (CVE-2026-47865), which was discovered by Filip Waeytens of the NATO Cyber Security Centre. This vulnerability could allow unauthorized access to the Avi Control plane, posing a significant security risk.
While none of these vulnerabilities have been detected in active exploitation, it is crucial for organizations to implement these updates promptly. Cyber attackers frequently exploit known vulnerabilities, emphasizing the importance of maintaining up-to-date security measures.
In conclusion, these updates reflect the ongoing efforts of software companies to protect their users from evolving cyber threats. Keeping software current is essential to minimize the risk of exploitation and ensure system integrity.
