Chrome 147, Firefox 150 Security Updates Rolling Out
The browser refreshes resolve critical and high-severity vulnerabilities that could lead to arbitrary code execution.
Aggregated from SecurityWeek
This article was automatically aggregated from an external source. Content may be summarized.
Full Analysis
Google and Mozilla on Tuesday announced fresh security updates for Chrome and Firefox users, addressing multiple memory safety vulnerabilities.
The new Chrome 147 update is rolling out with 30 security fixes, including four for critical-severity use-after-free flaws reported by external researchers.
Tracked as CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, and CVE-2026-7343, the bugs impact the Canvas, iOS, Accessibility, and Views browser components.
Use-after-free issues are a type of memory safety defects that occur when an application continues to point to memory that has been deallocated, and could lead to arbitrary code execution, information disclosure, or crashes.
Nearly all of the remaining 26 flaws addressed in Chrome this week are memory safety bugs, including 16 high-severity use-after-free issues. High-severity out-of-bounds, buffer overflow, and type confusion bugs were also addressed.
Google says it handed out $30,000 in bug bounty rewards for four of the resolved security defects, with the highest amount ($16,000) paid for a use-after-free issue in the GPU component.
Advertisement. Scroll to continue reading.
While most of the resolved vulnerabilities were reported by Google’s own team, the final amount might be much higher once all the rewards are disclosed.
The latest Chrome iteration is now rolling out as version 147.0.7727.137/138 for Windows and macOS, and as version 147.0.7727.137 for Linux.
On Tuesday, Mozilla announced the release of Firefox 150.0.1 with fixes for four security defects, including critical and high-severity memory safety bugs collectively tracked as CVE-2026-7322, CVE-2026-7323, and CVE-2026-7324.
“Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” Mozilla notes for each CVE.
The fourth issue, tracked as CVE-2026-7320, is described as an information disclosure bug rooted in incorrect boundary conditions in the Audio/Video component.
Fixes for these security defects were included in the newly released Firefox ESR 140.10.1 and Firefox ESR 115.35.1 as well. The former also addresses a medium-severity sandbox escape.
Related: Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
Related: Google Rolls Out Cookie Theft Protections in Chrome
Related: Firefox Vulnerability Allows Tor User Fingerprinting
Originally published by SecurityWeek
Original Source
SecurityWeek