Fresh Chrome and Firefox updates are now rolling out with fixes for over 70 vulnerabilities, including critical and high-severity memory safety bugs that could potentially lead to remote code execution (RCE).
Chrome has been updated to versions 149.0.7827.155/.156 for Windows and macOS and version 149.0.7827.155 for Linux to resolve 33 security defects, 32 of which were found by Google.
Of the seven critical-severity flaws mentioned in Google’s advisory, six are use-after-free issues, a type of memory safety bug that could be exploited for RCE.
In Chrome, these weaknesses could lead to sandbox escape if combined with the exploitation of vulnerabilities in the operating system or in a privileged browser process.
The fresh Chrome release also patches 26 high-severity bugs, including eight use-after-free flaws, along with insufficient data validation, inappropriate implementation, out-of-bounds read, incorrect security UI, heap buffer overflow, and uninitialized use issues.
Google makes no mention of any of these vulnerabilities being exploited in the wild.
Firefox 152 was released to the stable channel with fixes for 40 vulnerabilities, including 13 high-severity use-after-free, privilege escalation, incorrect boundary condition, sandbox escape, JIT miscompilation, and memory safety bugs.
Some of the resolved memory safety flaws could potentially be exploited for arbitrary code execution, Mozilla warns.
On Wednesday, Mozilla also released security updates to address these vulnerabilities in Firefox ESR, Thunderbird, and Firefox for iOS. Additional information can be found on Mozilla’s advisories page.
Related: Chrome 149 Update Patches 28 Vulnerabilities
Related: VS Code Vulnerability Allows One-Click GitHub Token Theft
Related: Google Adds Rust DNS Parser to Pixel Phones for Better Security
Related: AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask
