Chrome 123, Firefox 124 Patch Serious Vulnerabilities
Google and Mozilla on Tuesday announced web browser security updates that address dozens of vulnerabilities, including one critical-severity and multiple high-severity flaws.
Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.
The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.
The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.
According to Google, it paid out $22,000 in bug bounty rewards to the reporting researchers. However, the final amount could be much higher, as the bounty reward for the high-severity flaw has yet to be determined.
The latest Chrome iteration is now rolling out as version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for Windows and macOS.
Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.
Source: Security Week