Mozilla and Google both updated their web browsers on Tuesday and the latest versions patch several potentially serious vulnerabilities.
Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. A reward has yet to be determined for this flaw, which is tracked as CVE-2024-7532.
The remaining issues have been assigned a ‘high severity’ rating. One of them, which earned the reporting researchers $11,000, has been described as a use-after-free in the Sharing component.
The list of patched vulnerabilities also includes a type confusion in V8, a heap buffer overflow in Layout, an inappropriate implementation issue in V8, and a use-after-free in WebAudio.
Mozilla has updated Firefox to version 129, which patches 14 vulnerabilities, including 11 with a ‘high severity’ rating. Two of the security holes are ‘moderate’ and one is ‘low’.
The high-severity flaws can be exploited for spoofing, sandbox escapes, arbitrary code execution, bypassing security features, obtaining sensitive information, and for tricking users into granting permissions.
Mozilla has also patched vulnerabilities in Thunderbird and Firefox ESR versions 115.14 and 128.1.
Mozilla and Google do not appear to be aware of malicious exploitation of these vulnerabilities.
Related: Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery
Related: Chrome 127 Improves Cookie Protection on Windows
Related: Google Boosts Chrome Protections Against Malicious Files