"Chrome, Firefox Updates Patch Serious Vulnerabilities"
Mozilla and Google recently updated their web browsers, and the latest versions patch several potentially serious vulnerabilities. Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. The remaining issues have been assigned a "high severity" rating. Google noted that one of them, which earned the reporting researchers $11,000, has been described as a use-after-free in the Sharing component. The list of patched vulnerabilities also includes a type confusion in V8, a heap buffer overflow in Layout, an inappropriate implementation issue in V8, and a use-after-free in WebAudio. Mozilla updated Firefox to version 129, which patches 14 vulnerabilities, including 11 with a "high severity" rating. Two of the security holes are "moderate," and one is "low." Mozilla noted that the high-severity flaws can be exploited for spoofing, sandbox escapes, arbitrary code execution, bypassing security features, obtaining sensitive information, and for tricking users into granting permissions. Mozilla has also patched vulnerabilities in Thunderbird and Firefox ESR versions 115.14 and 128.1. Mozilla and Google do not believe these vulnerabilities have been exploited.
SecurityWeek reports: "Chrome, Firefox Updates Patch Serious Vulnerabilities"