Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome, Firefox Updates Patch Serious Vulnerabilities 

A Chrome 127 update patches five vulnerabilities, and Firefox 129 addresses over a dozen security holes.

Chrome, Firefox security

Mozilla and Google both updated their web browsers on Tuesday and the latest versions patch several potentially serious vulnerabilities. 

Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. A reward has yet to be determined for this flaw, which is tracked as CVE-2024-7532.

The remaining issues have been assigned a ‘high severity’ rating. One of them, which earned the reporting researchers $11,000, has been described as a use-after-free in the Sharing component.

The list of patched vulnerabilities also includes a type confusion in V8, a heap buffer overflow in Layout, an inappropriate implementation issue in V8, and a use-after-free in WebAudio. 

Mozilla has updated Firefox to version 129, which patches 14 vulnerabilities, including 11 with a ‘high severity’ rating. Two of the security holes are ‘moderate’ and one is ‘low’. 

The high-severity flaws can be exploited for spoofing, sandbox escapes, arbitrary code execution, bypassing security features, obtaining sensitive information, and for tricking users into granting permissions.

Mozilla has also patched vulnerabilities in Thunderbird and Firefox ESR versions 115.14 and 128.1.

Mozilla and Google do not appear to be aware of malicious exploitation of these vulnerabilities. 

Advertisement. Scroll to continue reading.

Related: Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

Related: After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

Related: Chrome 127 Improves Cookie Protection on Windows

Related: Google Boosts Chrome Protections Against Malicious Files

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights