Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities
Google and Mozilla released security updates for Chrome and Firefox, fixing over 70 vulnerabilities including critical memory safety bugs that could lead to remote code execution.
Google and Mozilla have released security updates for their flagship browsers, Chrome and Firefox, addressing a combined total of over 70 vulnerabilities. The patches include fixes for critical and high-severity memory safety bugs that could potentially allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update their browsers immediately.
Chrome has been updated to versions 149.0.7827.155/.156 for Windows and macOS, and version 149.0.7827.155 for Linux. This release resolves 33 security defects, 32 of which were discovered by Google's internal security teams. Among the vulnerabilities patched are seven critical-severity flaws, six of which are use-after-free issues—a type of memory safety bug that can be exploited for remote code execution (RCE). These weaknesses could also lead to sandbox escape if combined with exploitation of vulnerabilities in the operating system or a privileged browser process.
In addition to the critical bugs, the Chrome update addresses 26 high-severity vulnerabilities. These include eight use-after-free flaws, along with issues related to insufficient data validation, inappropriate implementation, out-of-bounds read, incorrect security UI, heap buffer overflow, and uninitialized use. Google has not reported any of these vulnerabilities being exploited in the wild.
Firefox 152 has been released to the stable channel with fixes for 40 vulnerabilities. Among them are 13 high-severity flaws, including use-after-free, privilege escalation, incorrect boundary condition, sandbox escape, JIT miscompilation, and memory safety bugs. Mozilla warns that some of the resolved memory safety flaws could potentially be exploited for arbitrary code execution.
Mozilla also released security updates to address these vulnerabilities in Firefox ESR, Thunderbird, and Firefox for iOS. Additional details can be found on Mozilla's advisories page. The coordinated updates from both browser vendors highlight the ongoing effort to patch critical security holes in widely used software.
The simultaneous release of patches for both Chrome and Firefox underscores the importance of keeping browsers up to date. With memory safety bugs remaining a primary vector for exploitation, users and organizations should prioritize applying these updates to reduce the risk of compromise.