Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities

2 weeks ago 10
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Google and Mozilla on Tuesday announced the rollout of updates for the Chrome and Firefox browsers that address multiple high-severity memory safety vulnerabilities.

Chrome 133 was promoted to the stable channel with 12 security fixes, including three for flaws reported by external researchers.

Two of these bugs, tracked as CVE-2025-0444 and CVE-2025-0445, are use-after-free defects in the open source 2D graphics library Skia and the V8 JavaScript engine. The third issue is a medium-severity inappropriate implementation flaw in the Extensions API component.

Google did not share technical information on any of these vulnerabilities, but said it handed out a $7,000 bug bounty reward for the bug in Skia, and $2,000 for the medium-severity flaw. The reward for the second high-severity issue has yet to be determined.

A type of memory safety bugs, use-after-free vulnerabilities could lead to code execution, data corruption, or denial of service. In Chrome, they can lead to a sandbox escape if combined with a bug in a privileged part of Chrome.

Use-after-free issues impact Firefox as well, and Mozilla released version 135 of the browser with fixes for two such high-severity defects, tracked as CVE-2025-1009 and CVE-2025-1010, and impacting the Custom Highlight API and the Extensible Stylesheet Language Transformations (XSLT) language.

The browser update also fixes CVE-2025-1016 and CVE-2025-1020, two high-severity memory safety bugs that could potentially lead to code execution, and which affect Thunderbird and Firefox ESR as well.

Firefox 135 also resolves seven medium- and low-severity vulnerabilities that could lead to spoofing attacks, code execution, use-after-free, privacy leaks, and improper certificate checks.

Advertisement. Scroll to continue reading.

Neither Google nor Firefox mention any of these flaws being exploited in attacks, but users are advised to update their browsers as soon as possible.

Chrome is now rolling out as versions 133.0.6943.53/54 for Windows and macOS, and as 133.0.6943.53 for Linux. Firefox 135 was released along with Thunderbird 135, Thunderbird ESR 128.7, Firefox ESR 128.7, and Firefox ESR 115.20.

Related: Vulnerability Patched in Android Possibly Exploited by Forensic Tools

Related: Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities

Related: Web-Tracking ‘Cookies’ Meant to Protect Privacy: Inventor

Related: Microsoft Says HTML Smuggling Attacks On The Rise

Read Entire Article