Google and Mozilla on Tuesday announced the release of fresh security updates that patch several high-severity vulnerabilities in their popular browsers.
Google has released a Chrome 131 update that resolves four security defects, including a high-severity type confusion flaw in the V8 JavaScript engine reported by an external researcher.
Tracked as CVE-2025-0291, the externally reported issue earned the reporting researcher a $55,000 bug bounty reward, which suggests that an attacker could exploit it to execute arbitrary code remotely.
A category of memory safety bugs, type confusion defects in Chrome’s V8 engine could allow threat actors to leak sensitive information or fully compromise the victim’s system.
The latest Chrome iteration is now rolling out as versions 131.0.6778.264/.265 for Windows and macOS users, and as version 131.0.6778.264 for Linux users.
Mozilla on Tuesday announced patches for 11 vulnerabilities in Firefox, including three high-severity flaws, two of which are memory safety bugs that could potentially be exploited for remote code execution.
The third high-severity issue, tracked as CVE-2025-0244, is described as an address bar spoofing defect in Firefox for Android, which is triggered when redirecting to an invalid protocol scheme.
The remaining eight vulnerabilities resolved in the latest Firefox release are medium-severity issues that could lead to bypasses, address bar spoofing, elevation of privilege, crashes, and improper validation of certificates.
On Tuesday, Mozilla also announced the rollout of Firefox ESR 115.19 and Firefox ESR 128.6, which contain patches for some of the vulnerabilities addressed in Firefox 134.
Neither Google nor Mozilla make any mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.
Related: Chrome 131 Update Patches High-Severity Memory Safety Bugs
Related: Firefox 131 Update Patches Exploited Zero-Day Vulnerability
Related: Google Patches Critical Vulnerability With Chrome 99 Update
Related: Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update