Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities

Chrome and Firefox updates released this week resolve high-severity vulnerabilities in the two popular browsers.

Chrome and Firefox patches

Google and Mozilla on Tuesday announced the release of fresh security updates that patch several high-severity vulnerabilities in their popular browsers.

Google has released a Chrome 131 update that resolves four security defects, including a high-severity type confusion flaw in the V8 JavaScript engine reported by an external researcher.

Tracked as CVE-2025-0291, the externally reported issue earned the reporting researcher a $55,000 bug bounty reward, which suggests that an attacker could exploit it to execute arbitrary code remotely.

A category of memory safety bugs, type confusion defects in Chrome’s V8 engine could allow threat actors to leak sensitive information or fully compromise the victim’s system.

The latest Chrome iteration is now rolling out as versions 131.0.6778.264/.265 for Windows and macOS users, and as version 131.0.6778.264 for Linux users.

Mozilla on Tuesday announced patches for 11 vulnerabilities in Firefox, including three high-severity flaws, two of which are memory safety bugs that could potentially be exploited for remote code execution.

The third high-severity issue, tracked as CVE-2025-0244, is described as an address bar spoofing defect in Firefox for Android, which is triggered when redirecting to an invalid protocol scheme.

The remaining eight vulnerabilities resolved in the latest Firefox release are medium-severity issues that could lead to bypasses, address bar spoofing, elevation of privilege, crashes, and improper validation of certificates.

Advertisement. Scroll to continue reading.

On Tuesday, Mozilla also announced the rollout of Firefox ESR 115.19 and Firefox ESR 128.6, which contain patches for some of the vulnerabilities addressed in Firefox 134.

Neither Google nor Mozilla make any mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.

Related: Chrome 131 Update Patches High-Severity Memory Safety Bugs

Related: Firefox 131 Update Patches Exploited Zero-Day Vulnerability

Related: Google Patches Critical Vulnerability With Chrome 99 Update

Related: Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.