Vulnerabilities

Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

Chrome and Firefox vulnerabilities

Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities.

Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both.

The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component.

“We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw,” Mozilla notes for both weaknesses.

Google fixed 15 vulnerabilities with the latest Chrome update, including two critical use-after-free flaws in Ozone, tracked as CVE-2026-15764 and CVE-2026-15765.

The browser refresh also resolves 12 high-severity bugs across Skia, Libyuv, HTML-in-Canvas, Linux Toolkit Theming, V8, Media, GPU, Core, and UI, including uninitialized use, heap buffer overflow, insufficient policy enforcement, insufficient validation of untrusted input, and use-after-free issues.

Advertisement. Scroll to continue reading.

Only three of these security defects were reported by external researchers, while the rest were discovered by Google. The internet giant has yet to disclose the bug bounty amounts paid to the researchers.

Google makes no mention of any of the patched vulnerabilities being exploited in the wild. The latest Chrome iteration is now rolling out as versions 150.0.7871.124/.125 for Windows and macOS and as version 150.0.7871.124 for Linux.

Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Related: Adobe Patches Critical ColdFusion Vulnerabilities

Related: 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Related Content

Vulnerabilities

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

Vulnerabilities

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

Artificial Intelligence

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Vulnerabilities

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Vulnerabilities

Unauthenticated attackers could obtain the broker's confidential OAuth client secret, allowing them to take control of the broker.

Email Security

The flaw results in malicious code embedded in crafted emails being executed when the emails are opened.

Vulnerabilities

The company notified customers to manually shut down their servers while it is investigating a credible threat.

Vulnerabilities

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version