"Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities"
Google and Mozilla recently announced security updates that address more than 35 vulnerabilities in their browsers, including a dozen high-severity flaws. Chrome 124 was released in the stable channel with patches for 22 bugs, 13 of which were reported by external researchers. Google noted that of the externally reported flaws, three are high-severity issues. Based on the bug bounty reward handed out, the most severe of these is CVE-2024-3832, described as an object corruption defect in the V8 JavaScript engine. The second most severe is CVE-2024-3833, a high-severity object corruption issue in WebAssembly, and the third high-severity flaw reported by an external researcher is CVE-2024-3834, a use-after-free defect in Downloads. Google noted that this Chrome update also resolves six medium-severity and four low-severity issues reported by outside researchers. The latest Chrome iteration is now rolling out as version 124.0.6367.60/.61 for Windows and macOS and as version 124.0.6367.60 for Linux. Firefox 125 was released with patches for 15 vulnerabilities, including nine high-severity bugs, some of which could allow attackers to execute arbitrary code. Firefox noted that five of the high-severity issues impact the JIT component, which, under certain conditions, could return the wrong object, generate code with out-of-bounds-reads, create incorrect code for arguments, or crash while tracing a mutated JavaScript object. Two of the remaining high-severity bugs are related to garbage collection, while the other two are memory safety bugs that, with enough effort from attackers, could have been exploited to run arbitrary code. The Firefox update also resolves five medium-severity security defects and a low-severity one.
SecurityWeek reports: "Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities"