Google and Mozilla on Tuesday announced the release of Chrome 144 and Firefox 147 with patches for a total of 26 vulnerabilities.
Chrome 144 was rolled out to the stable channel with fixes for 10 security defects, including three high-severity bugs.
Two of the high-severity flaws affect V8, the browser’s JavaScript and WebAssembly engine: CVE-2026-0899 is an out-of-bounds memory access issue, while CVE-2026-0900 is an inappropriate implementation weakness.
The third high-severity vulnerability, CVE-2026-0901, is an inappropriate implementation bug in Blink.
The fresh Chrome release also resolves four medium-severity flaws and three low-severity defects in V8, Downloads, Digital Credentials, Network, Split View, and ANGLE.
Google says it handed out $18,500 in bug bounty rewards for six of these vulnerabilities, but has yet to disclose the amounts for the remaining four.
The latest Chrome iteration is now rolling out as version 144.0.7559.59 for Linux and as versions 144.0.7559.59/60 for Windows and macOS.
Mozilla on Tuesday released Firefox 147 with patches for 16 security defects, including seven high-severity issues.
Four of the high-severity bugs are sandbox escape flaws impacting the browser’s Graphics and Messaging System components. The remaining three include a mitigation bypass in DOM, a use-after-free issue in IPC, and memory safety bugs that could lead to remote code execution.
The Firefox update also resolves five medium-severity vulnerabilities and three low-severity defects in Networking, JavaScript Engine, JavaScript: GC, Graphics, XML, and DOM. Multiple medium-severity memory safety bugs tracked together under the same CVE were also addressed.
On Tuesday, Mozilla also released Firefox ESR 140.7 and Firefox ESR 115.32 with patches for many of the flaws resolved in Firefox 147.
Google and Mozilla make no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.
Related: Google Patches Mysterious Chrome Zero-Day Exploited in the Wild
Related: Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats
Related: Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases
Related: GhostPoster Firefox Extensions Hide Malware in Icons
