Google and Mozilla on Tuesday announced fresh security updates for Chrome 133 and Firefox 135 to address high-severity memory safety vulnerabilities in the popular browsers.
The latest Chrome update is rolling out to Windows, macOS, and Linux with patches for two high- and one medium-severity flaw, all reported by external researchers.
The first is CVE-2025-0999, a heap buffer overflow issue in the V8 JavaScript engine that could be exploited to achieve remote code execution. Google says it handed out an $11,000 bug bounty reward for this bug.
The second security defect, tracked as CVE-2025-1426, is a heap buffer overflow vulnerability in Chrome’s GPU component. Google has yet to determine the reward to be paid out for this issue.
Chrome’s latest update also resolves a medium-severity use-after-free bug in the Network component, for which Google handed out a $4,000 reward.
As usual, the internet giant refrained from sharing specific details on these vulnerabilities. The company made no mention of any of them being exploited in the wild.
The latest Chrome iteration is now rolling out as versions 133.0.6943.126/.127 for Windows and macOS, and as version 133.0.6943.126 for Linux.
On Tuesday, Mozilla announced the release of Firefox 135.0.1 with fixes for high-severity memory safety vulnerabilities collectively tracked as CVE-2025-1414, warning that they could potentially lead to code execution.
“Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” Mozilla said.
Users are advised to update their Chrome and Firefox browsers as soon as possible.
Related: Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Related: Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities
Related: Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
Related: Several Chrome Extensions Compromised in Supply Chain Attack
