Chrome, Firefox Updates Patch High-Severity Vulnerabilities

2 weeks ago 6
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Google and Mozilla this week announced fresh Chrome and Firefox security updates that resolve 17 vulnerabilities, including 10 high-severity flaws.

Now rolling out to Windows and macOS users as versions 129.0.6668.89/.90 and to Linux users as version 129.0.6668.89, the Chrome update fixes four security defects, three of which were reported by external researchers.

The externally reported bugs, all three high-severity flaws, include an integer overflow in Layout, insufficient data validation in Mojo, and inappropriate implementation in V8.

Google says it handed out a $10,000 bug bounty reward for the integer overflow, but has yet to determine the reward amounts for the other two vulnerabilities.

The internet giant makes no mention of any of these vulnerabilities being exploited in the wild.

This week, Mozilla announced the release of Firefox 131 to the stable channel with patches for 13 vulnerabilities, including seven high-severity flaws.

Of the high-severity bugs, three mainly impact Android users and could have led to users being prevented from exiting full-screen mode, cross-origin access to PDF contents, and cross-origin access to JSON contents through multipart responses.

The fourth issue could have led to the arbitrary loading of cross-origin pages, through a compromised content process, Mozilla explains.

Advertisement. Scroll to continue reading.

In addition to six medium- and low-severity vulnerabilities, Firefox 131 resolves three memory safety bugs that could potentially be exploited for arbitrary code execution.

Mozilla also announced the release of Firefox ESR versions 128.3 and 115.16 and Thunderbird versions 131 and 128.3 with patches for most of the security defects resolved with the Firefox 131 update.

Users are advised to update their browsers and email clients as soon as possible, although Mozilla makes no mention of any of these vulnerabilities being exploited in attacks.

Related: Chrome 129 Patches High-Severity Vulnerability in V8 Engine

Related: Google Now Syncing Passkeys Across Desktop, Android Devices

Related: Intel Warns of 20+ Vulnerabilities, Advises Firmware Updates

Related: Mozilla Says Intermediate CA Preloading Reduces Connection Errors in Firefox

Read Entire Article