Google and Mozilla announced updates for their Chrome and Firefox browsers on Tuesday to address multiple high-severity memory safety vulnerabilities. Chrome 133 includes 12 security fixes, while Firefox 135 also resolves several critical issues.
Google and Mozilla release critical updates for Chrome and Firefox
Chrome 133, now available in versions 133.0.6943.53/54 for Windows and macOS, and 133.0.6943.53 for Linux, includes three notable vulnerabilities reported by external researchers. Two of these bugs are use-after-free defects tracked as CVE-2025-0444 and CVE-2025-0445, affecting the Skia graphics library and the V8 JavaScript engine, respectively. The third issue, CVE-2025-0451, is a medium-severity inappropriate implementation flaw in the Extensions API component.
Google reported that it awarded a $7,000 bug bounty for the vulnerability in Skia and a $2,000 reward for the medium-severity flaw. The bounty for the second high-severity vulnerability in V8 has yet to be determined. Use-after-free vulnerabilities may lead to code execution, data corruption, or denial of service, and in the context of Chrome, they could facilitate a sandbox escape if combined with a privileged bug.
Flexible-Ferret malware targets Mac users by doding XProtect measures
In a parallel update, Mozilla released Firefox 135, which fixes two high-severity use-after-free bugs tracked as CVE-2025-1009 and CVE-2025-1010, affecting the Custom Highlight API and Extensible Stylesheet Language Transformations (XSLT). The Firefox update also addresses CVE-2025-1016 and CVE-2025-1020, high-severity memory safety bugs impacting both Thunderbird and Firefox ESR, which could potentially lead to code execution.
Firefox 135 also resolves seven medium- and low-severity vulnerabilities that could allow spoofing attacks, code execution, use-after-free issues, privacy leaks, and improper certificate checks. Like Google, Mozilla did not disclose any incidents of these vulnerabilities being actively exploited, but users are strongly advised to update their browsers immediately.
For updates, users can navigate within Chrome by clicking the three-dot menu, selecting “Help,” and then “About Google Chrome” to automatically check for and install updates. The urgency for both Chrome and Firefox users to apply these updates stems from the potential for attackers to exploit these vulnerabilities for remote code execution and system control.
Featured image credit: Kerem Gülen/Ideogram
