Chrome 123, Firefox 124 Patch Serious Vulnerabilities
20-Mar-24
Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.
The most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine, Google notes in its advisory.
The browser update also resolves five medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, and one low-severity security hole in iOS.
Mozilla released Firefox 124 with patches for 12 security defects, the most severe of which are critical-severity memory safety bugs collectively tracked as CVE-2024-2615. Some of these flaws, Mozilla says, could potentially be exploited for arbitrary code execution.
Five of the vulnerabilities are high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes. Firefox 124 also resolves five medium-severity bugs and one low-severity flaw.
