In recent news, Google and Mozilla have rolled out critical updates for their Chrome and Firefox browsers respectively, aimed at patching a series of high-severity memory safety vulnerabilities. The updates come as part of a continuous effort to enhance browser security and protect users from potential threats such as code execution, data corruption, and denial of service attacks. Both companies have emphasized the importance of updating to the latest browser versions to mitigate these risks effectively and ensure secure browsing experiences for their users.
Chrome’s Key Security Patches
Google’s Chrome version 133 introduces a total of 12 security fixes, with three particularly significant vulnerabilities that were flagged by external researchers. Among these, two notable use-after-free flaws were identified in the 2D graphics library Skia and the V8 JavaScript engine. These vulnerabilities, tracked as CVE-2025-0444 and CVE-2025-0445, could potentially be exploited to execute arbitrary code, corrupt data, or cause denial of service. Additionally, the update addresses a medium-severity inappropriate implementation flaw within the Extensions API component.
For their contributions, Google has awarded $7,000 to the researcher who identified the Skia bug and $2,000 for the medium-severity flaw. As of now, the bounty for the second high-severity issue involving the V8 JavaScript engine is still pending. These payouts underscore Google’s commitment to rewarding external contributions that enhance the security of their browser. Chrome users on Windows and macOS can now upgrade to versions 133.0.6943.53 or 133.0.6943.54, while Linux users can update to version 133.0.6943.53. It’s critical for users to promptly apply these updates to safeguard their browsing activities.
Firefox’s Security Enhancements
Similarly, Mozilla has addressed high-severity vulnerabilities in their Firefox browser with the release of version 135. This update tackles two significant use-after-free vulnerabilities discovered in the Custom Highlight API and the Extensible Stylesheet Language Transformations (XSLT) language. Tracked as CVE-2025-1009 and CVE-2025-1010 respectively, these flaws pose risks of arbitrary code execution and data corruption, much like their Chrome counterparts. Additionally, the update resolves further high-severity memory safety issues, identified as CVE-2025-1016 and CVE-2025-1020, which could also lead to serious security breaches.
The update to Firefox 135 coincides with updates for other Mozilla products, including Thunderbird 135, Thunderbird ESR 128.7, Firefox ESR 128.7, and Firefox ESR 115.20. This comprehensive approach underscores Mozilla’s commitment to maintaining high-security standards and ensuring the safety of users across all their platforms. Mozilla has assured users that there have been no reports of these vulnerabilities being exploited in active attacks, yet it strongly encourages immediate updates to prevent any potential exploits.
The Ongoing Battle Against Browser Vulnerabilities
Google and Mozilla have recently introduced crucial updates for their Chrome and Firefox browsers, addressing a range of severe memory safety vulnerabilities. These updates are part of an ongoing initiative to improve browser security and shield users from potential dangers such as code execution, data corruption, and denial of service attacks. By releasing these updates, both companies underscore the critical importance of using the latest browser versions to mitigate these risks. Google and Mozilla both emphasize that users need to regularly update their browsers to protect their data and ensure a safe browsing environment. These memory safety issues could allow hackers to exploit system weaknesses, potentially leading to unauthorized access and other malicious activities. The continuous enhancement of browser security reflects the tech giants’ commitment to safeguarding user privacy and maintaining a secure internet experience. Users are strongly encouraged to download these updates promptly to benefit from improved protection and a more reliable browsing experience overall.
