Critical Vulnerabilities Fixed in Chrome 150 and Firefox 152 Updates
Google and Mozilla have issued updated versions of their browsers to address multiple critical security flaws.
Critical Security Flaws Addressed in New Chrome 150 and Firefox 152 Releases
Google and Mozilla have issued updated versions of their browsers to address multiple critical security flaws. The Chrome 150 release and Firefox 152.0.6 update include fixes for severe vulnerabilities that could be exploited to compromise user systems.
Firefox 152.0.6 Vulnerabilities
Mozilla’s Firefox 152.0.6 patch resolves two critical issues tracked as CVE-2026-15718 and CVE-2026-15719. The first vulnerability involves an invalid pointer within the JavaScript: WebAssembly component, while the second relates to a site isolation flaw in the DOM: Navigation module. The company acknowledged public availability of exploit code for both flaws but stated no evidence of active exploitation in the wild.
Chrome 150 Security Fixes
Google’s Chrome 150 update addresses 15 security issues, including two critical use-after-free vulnerabilities in the Ozone component (CVE-2026-15764 and CVE-2026-15765). The patch also resolves 12 high-severity flaws across various components such as Skia, Libyuv, HTML-in-Canvas, Linux Toolkit Theming, V8, Media, GPU, Core, and UI. These include uninitialized memory usage, heap buffer overflows, insufficient policy enforcement, and input validation weaknesses. Of the 15 flaws, three were reported by external researchers, with the remaining identified internally by Google. The company has not disclosed financial rewards for the reported vulnerabilities.
Chrome 150 Update Distribution
The Chrome 150 update is being distributed as versions 150.0.7871.124 and 150.0.7871.125 for Windows and macOS, and 150.0.7871.124 for Linux. No indications of active exploitation of the patched vulnerabilities have been reported.
The updates highlight ongoing efforts by major browser developers to mitigate risks associated with memory corruption, privilege escalation, and cross-site attacks. Organizations are advised to apply the latest patches promptly to prevent potential exploitation of the resolved flaws.
