High-Severity Flaws Patched in Chrome, Firefox – Source: www.securityweek.com

Google and Mozilla on Tuesday announced a fresh round of updates for Chrome and Firefox, including patches for several high-severity memory safety vulnerabilities.

The newly announced Chrome 138 refresh is the third since the browser version was promoted to the stable channel. The previous updates Google rolled out resolved two exploited zero-days, namely CVE-2025-6558 and CVE-2025-6554.

On Tuesday, Chrome received patches for three security defects, including two reported by security researcher Shaheen Fazim earlier this month.

The two flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity type confusion issues impacting the browser’s V8 JavaScript engine.

Google says it paid an $8,000 reward for the first bug, but has yet to determine the amount to be handed out for the second.

The latest Chrome iteration is now rolling out as versions 138.0.7204.168/.169 for Windows and macOS, and as version 138.0.7204.168 for Linux.

This week, Mozilla promoted Firefox 141 to the stable channel with 17 security fixes, including six that resolve high-severity vulnerabilities.

The first high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which only writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, where numerous entries in a specific instruction leads to “truncation and incorrect computation of the branch address”.

The other four high-severity issues, namely CVE-2025-8044, CVE-2025-8034, CVE-2025-8040, and CVE-2025-8035, are memory safety defects that could potentially lead to remote code execution.

Firefox 141 also resolves medium- and low-severity vulnerabilities that could lead to URL truncation, bypasses, unwanted downloads, and code execution.

On Tuesday, Mozilla also released security updates for Thunderbird and Firefox ESR that address some of these security defects.

Users are advised to update their Chrome and Firefox installations as soon as possible.

Related: Chrome 138, Firefox 140 Patch Multiple Vulnerabilities

Related: Chrome 137 Update Patches High-Severity Vulnerabilities

Related: Chrome, Firefox Updates Resolve High-Severity Memory Bugs