Google and Mozilla on Tuesday introduced contemporary security updates for Chrome and Firefox customers, addressing a number of reminiscence security vulnerabilities.
The brand new Chrome 147 replace is rolling out with 30 security fixes, together with 4 for critical-severity use-after-free flaws reported by exterior researchers.
Tracked as CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, and CVE-2026-7343, the bugs affect the Canvas, iOS, Accessibility, and Views browser elements.
Use-after-free points are a sort of reminiscence security defects that happen when an utility continues to level to reminiscence that has been deallocated, and will result in arbitrary code execution, data disclosure, or crashes.
Practically all the remaining 26 flaws addressed in Chrome this week are reminiscence security bugs, together with 16 high-severity use-after-free points. Excessive-severity out-of-bounds, buffer overflow, and sort confusion bugs have been additionally addressed.
Google says it handed out $30,000 in bug bounty rewards for 4 of the resolved security defects, with the very best quantity ($16,000) paid for a use-after-free challenge within the GPU part.
Whereas a lot of the resolved vulnerabilities have been reported by Google’s personal group, the ultimate quantity is perhaps a lot increased as soon as all of the rewards are disclosed.
The newest Chrome iteration is now rolling out as model 147.0.7727.137/138 for Home windows and macOS, and as model 147.0.7727.137 for Linux.
On Tuesday, Mozilla introduced the discharge of Firefox 150.0.1 with fixes for 4 security defects, together with important and high-severity reminiscence security bugs collectively tracked as CVE-2026-7322, CVE-2026-7323, and CVE-2026-7324.
“A few of these bugs confirmed proof of reminiscence corruption and we presume that with sufficient effort a few of these may have been exploited to run arbitrary code,” Mozilla notes for every CVE.
The fourth challenge, tracked as CVE-2026-7320, is described as an data disclosure bug rooted in incorrect boundary circumstances within the Audio/Video part.
Fixes for these security defects have been included within the newly launched Firefox ESR 140.10.1 and Firefox ESR 115.35.1 as nicely. The previous additionally addresses a medium-severity sandbox escape.
