Google and Mozilla on Tuesday announced web browser security updates that address dozens of vulnerabilities, including one critical-severity and multiple high-severity flaws.
Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.
The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.
The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.
According to Google, it paid out $22,000 in bug bounty rewards to the reporting researchers. However, the final amount could be much higher, as the bounty reward for the high-severity flaw has yet to be determined.
The latest Chrome iteration is now rolling out as version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for Windows and macOS.
Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.
Five of the vulnerabilities are high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes. Firefox 124 also resolves five medium-severity bugs and one low-severity flaw.
On Tuesday, Mozilla also announced the release of Thunderbird 115.9 and Firefox ESR 115.9, each with patches for 10 vulnerabilities, including nine that were addressed in Firefox 124. The tenth is a high-severity improper handling of out-of-memory conditions in ICU.
Google and Mozilla make no mention of any of these vulnerabilities being exploited in the wild.
Related: Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities
Related: Chrome 121 Patches 17 Vulnerabilities
Related: Google Patches Six Vulnerabilities With First Chrome Update of 2024
