Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

Chrome and Firefox vulnerabilities

Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities.

Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both.

The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component.

“We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw,” Mozilla notes for both weaknesses.

Google fixed 15 vulnerabilities with the latest Chrome update, including two critical use-after-free flaws in Ozone, tracked as CVE-2026-15764 and CVE-2026-15765.

The browser refresh also resolves 12 high-severity bugs across Skia, Libyuv, HTML-in-Canvas, Linux Toolkit Theming, V8, Media, GPU, Core, and UI, including uninitialized use, heap buffer overflow, insufficient policy enforcement, insufficient validation of untrusted input, and use-after-free issues.

Advertisement. Scroll to continue reading.

Only three of these security defects were reported by external researchers, while the rest were discovered by Google. The internet giant has yet to disclose the bug bounty amounts paid to the researchers.

Google makes no mention of any of the patched vulnerabilities being exploited in the wild. The latest Chrome iteration is now rolling out as versions 150.0.7871.124/.125 for Windows and macOS and as version 150.0.7871.124 for Linux.

Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Related: Adobe Patches Critical ColdFusion Vulnerabilities

Related: 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.