Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 123, Firefox 124 Patch Serious Vulnerabilities

Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities.

Safari, Chrome, Edge, Firefox security

Google and Mozilla on Tuesday announced web browser security updates that address dozens of vulnerabilities, including one critical-severity and multiple high-severity flaws.

Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.

The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.

The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.

According to Google, it paid out $22,000 in bug bounty rewards to the reporting researchers. However, the final amount could be much higher, as the bounty reward for the high-severity flaw has yet to be determined.

The latest Chrome iteration is now rolling out as version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for Windows and macOS.

Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.

Five of the vulnerabilities are high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes. Firefox 124 also resolves five medium-severity bugs and one low-severity flaw.

Advertisement. Scroll to continue reading.

On Tuesday, Mozilla also announced the release of Thunderbird 115.9 and Firefox ESR 115.9, each with patches for 10 vulnerabilities, including nine that were addressed in Firefox 124. The tenth is a high-severity improper handling of out-of-memory conditions in ICU.

Google and Mozilla make no mention of any of these vulnerabilities being exploited in the wild.

Related: Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities

Related: Chrome 121 Patches 17 Vulnerabilities

Related: Google Patches Six Vulnerabilities With First Chrome Update of 2024

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Allied Universal announced that Deanna Steele has joined the company as CISO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.