Chrome 123, Firefox 124 Patch Serious Vulnerabilities


Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.

The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.

The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.

Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.

Five of the vulnerabilities are high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes. Firefox 124 also resolves five medium-severity bugs and one low-severity flaw.

Read More…