Firefox and Chrome Updates Patch High-Severity Vulnerabilities
Mozilla and Google have recently released important security updates for their web browsers, Firefox and Chrome. These updates include patches for several vulnerabilities, including some potentially harmful memory safety bugs.
First, let’s talk about Firefox. Mozilla unveiled Firefox version 119, which comes with fixes for a total of 11 vulnerabilities, including three high-severity issues. One of these high-severity problems, known as CVE-2023-5721, is an insufficient activation-delay bug. This bug could unintentionally activate or dismiss browser prompts and dialogues, potentially leading to clickjacking, which is a security threat. The good news is that Mozilla has taken action to patch this issue.
Firefox 119 also addresses a couple of memory safety issues, specifically tracked as CVE-2023-5730 and CVE-2023-5731. These issues could potentially allow attackers to execute arbitrary code on your system. In addition to these, the update addresses seven medium-severity flaws that could lead to problems like header leakage, crashes, unexpected errors, opening of arbitrary URLs, obscured full-screen notifications, and bypassing of download protections.
In addition to Firefox 119, Mozilla has also released Firefox ESR 115.4 and Thunderbird 115.4.1, both of which include fixes for eight of the vulnerabilities found in Firefox 119, including CVE-2023-5721 and CVE-2023-5730 issues. Fortunately, Mozilla hasn’t received any reports of these vulnerabilities being exploited in malicious attacks.
Chrome Updates Fix Vulnerabilities
Now, let’s turn our attention to Chrome. Google released an update for Chrome that takes care of two vulnerabilities, one of which is a high-severity issue reported by an external researcher. This specific flaw, known as CVE-2023-5472, is described as a use-after-free issue in Profiles. Google recognized the importance of this discovery by rewarding the researcher with $3,000. Use-after-free bugs in Chrome can be used to escape the browser’s security boundaries and potentially execute code on your computer’s operating system. However, it’s worth noting that Google has not found any evidence of this vulnerability being exploited in the wild.
These updates are a crucial part of maintaining the security and reliability of your web browsing experience. Linux distributions like Ubuntu and Debian have already released security updates for Firefox and Chrome packages to address these vulnerabilities. To ensure your online safety, it’s a good practice to update your web browser regularly.
For Firefox, you can update to version 119; for Chrome, ensure you have the latest version, which may vary depending on your operating system. You can stay safe from potential online threats by remaining up-to-date with these browser updates.
The sources for this article include a story from SecurityWeek.