"Chrome 123, Firefox 124 Patch Serious Vulnerabilities"

Google and Mozilla recently announced web browser security updates that address dozens of vulnerabilities, including one critical severity and multiple high-severity flaws.  Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.  According to Google, the most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine.  The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS and one low-severity security hole in iOS.  Google says it paid the reporting researchers $22,000 in bug bounty rewards.  The latest Chrome iteration is now rolling out as version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for Windows and macOS.  Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615.  Mozilla noted that some of these flaws could potentially be exploited for arbitrary code execution.  Five of the vulnerabilities are high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes.  Firefox 124 also resolves five medium-severity bugs and one low-severity flaw.

SecurityWeek reports: "Chrome 123, Firefox 124 Patch Serious Vulnerabilities"