Google and Mozilla this week released Chrome and Firefox browser updates that address multiple high-severity vulnerabilities.
Google promoted Chrome 141 to the stable channel with 21 security fixes, including 12 for security defects reported by external researchers, who earned a total of $50,000 for their findings.
Two of the externally reported bugs, tracked as CVE-2025-11205 and CVE-2025-11206, are high-severity heap buffer overflow issues impacting Chrome’s WebGPU and Video components.
Google says it handed out a $25,000 bug bounty reward for the WebGPU flaw, which was reported by Atte Kettunen of OUSPG in early September.
Chrome 141 also resolves eight medium-severity vulnerabilities, including side-channel information leakage issues in Storage and Tab, inappropriate implementation bugs in Media and Omnibox, an out-of-bounds read flaw in Media, and an off-by-one error in the V8 JavaScript engine.
The remaining two security holes reported by external researchers are low-severity issues affecting Chrome’s Storage component and the V8 engine.
The latest Chrome iteration is rolling out as version 141.0.7390.54 for Linux and as versions 141.0.7390.54/55 for Windows and macOS. The patches were also included in Chrome 141.0.7390.43 for Android.
Mozilla released Firefox 143.0.3 this week with fixes for two high-severity defects in the Graphics and JavaScript Engine components.
The Graphics flaw, tracked as CVE-2025-11152, is an integer overflow issue that could lead to sandbox escape. The JavaScript Engine weakness, tracked as CVE-2025-11153, is described as a JIT miscompilation.
Neither Google nor Mozilla mention any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.
Related: Chrome 140 Update Patches Sixth Zero-Day of 2025
Related: OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks
