Chrome 123, Firefox 124 Patch Serious Vulnerabilities

Google and Mozilla on Tuesday announced web browser security updates that address dozens of vulnerabilities, including one critical-severity and multiple high-severity flaws.

Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.

The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.

The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.

According to Google, it paid out $22,000 in bug bounty rewards to the reporting researchers. However, the final amount could be much higher, as the bounty reward for the high-severity flaw has yet to be determined.

The latest Chrome iteration is now rolling out as version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for Windows and macOS.

Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.

Read the Full Story Here

Source: Security Week