KP Cybersecurity News

High-Severity Vulnerabilities Patched in Chrome, Firefox

Wed, 08/20/2025 - 10:27 / 0 Comments

Google and Mozilla on Tuesday announced a fresh round of Chrome and Firefox patches, including fixes for high-severity vulnerabilities.

A new Chrome 139 iteration was released to resolve a high-severity out-of-bounds write issue in the V8 JavaScript engine, which is tracked as CVE-2025-9132.

The issue could be exploited remotely using crafted HTML pages, and was discovered by Google’s Big Sleep AI agent, which was launched by Google DeepMind and Project Zero in November 2024.

The internet giant did not share details on CVE-2025-9132, but it did say last month that Big Sleep can find vulnerabilities that attackers already know about and plan to use in attacks, enabling the industry to thwart their exploitation.

Fixes for the V8 flaw were included in Chrome versions 139.0.7258.138/.139 for Windows and macOS, and in version 139.0.7258.138 for Linux, which should reach all users shortly.

On Tuesday, Mozilla rolled out patches for nine security defects in Firefox, including five rated ‘high severity’. Fresh Thunderbird and Firefox ESR iterations were also released to resolve some of these bugs.

The high-severity vulnerabilities include a memory corruption issue in the GMP process, leading to sandbox escape (CVE-2025-9179), a same-origin policy bypass in a graphics component (CVE-2025-9180), and multiple memory safety bugs that could potentially lead to remote code execution (CVE-2025-9187, CVE-2025-9184, and CVE-2025-9185).

The remaining flaws addressed with this Firefox release include a medium-severity uninitialized memory issue and low-severity spoofing and denial-of-service (DoS) bugs.

Fixes for these security holes were included in Firefox 142, Thunderbird 142, Thunderbird 140.2, Thunderbird 128.14, Firefox for iOS 142, Focus for iOS 142, Firefox ESR 140.2, Firefox ESR 128.14, and Firefox ESR 115.27.

Google and Mozilla make no mention of any of these vulnerabilities being exploited in attacks, but users are advised to update their browsers and email clients as soon as possible.

This article was originally published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts