Web browsers: Chrome and Firefox updates plug some high-risk gaps
New versions of Google Chrome and Mozilla Firefox close security gaps in the web browsers. Some are considered high-risk.
Vulnerabilities in web browsers and mail clients allow malicious code to be infiltrated.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
Google and Mozilla have released updates for the Chrome and Firefox web browsers. They close security vulnerabilities, some of which are classified as high risk. Users should ensure that they are using the latest version.
While Google seals four security vulnerabilities in Chrome, Mozilla closes eleven security vulnerabilities in Firefox. As usual, Google is holding back on details about the vulnerabilities. There is only brief information on one of the four vulnerabilities, which is a type confusion in the JavaScript engine V8. According to Google's version announcement, the risk of the vulnerability is high, it brought the reporter a reward of 55,000 US dollars – an unusually high amount, it could be a typo. The vulnerability probably allows malicious code to be injected when carefully crafted websites are displayed, as suggested by its severity.
Firefox vulnerabilities patched
Firefox 134 seals a vulnerability in the Android version of the browser that allowed the address bar to be falsified with an invalid protocol scheme (CVE-2025-0244, no CVSS, risk"high"). There are also two advisories on security vulnerabilities that can be traced back to errors in memory management (CVE-2025-0242, CVE-2025-0247, no CVSS, high). Such memory-based vulnerabilities usually also allow code to be injected and executed through manipulated websites. The Mozilla developers classify the remaining eight vulnerabilities as medium risk.
Videos by heise
For ESR versions 128.6 and 115.19, Mozilla provides its own collective reports, which essentially list several vulnerabilities that were closed in version 134 and also affect the older versions.
Current versions
You can find out whether the versions of the web browsers are up-to-date in the settings menus under “Help” – “About <…>”. This opens the respective version dialog and starts the update process if the update has not yet been applied.
Google Chrome is currently available in versions 131.0.6778.260 for Android, 131.0.6778.264 for Linux and 131.0.6778.264/.265 for macOS and Linux; the long-term support version “Extended Stable” has the new version 130.0.6723.191. The new Firefox versions are 134, for the ESR version 128.6 and the older ESR version 115.19. The mail client Thunderbird, which is based on Firefox, should also be available in these versions shortly. These are already listed in the memory vulnerability entry CVE-2025-0242.
(dmk)
