Chrome, Firefox, and Thunderbird: Updates eliminate potential entry points
New releases patch security vulnerabilities in browsers and email clients. None are critical. The newly released Firefox 144 also includes the fixes.
(Image: Artur Szczybylo/ Shutterstock.com)
Updates are available for Mozilla's Firefox and Thunderbird, as well as Google's Chrome browser. Critical vulnerabilities have not been patched – but some “high”-rated vulnerabilities that cybercriminals could exploit have been.
While such exploits have not yet been observed with the current vulnerabilities, updating promptly is advisable rather than waiting. If the automatic update function is enabled, this usually happens automatically. The new Firefox version 144 is also available for download on the corresponding release notes page.
Videos by heise
Stable Channel Update for Chrome
The new stable channel versions 141.0.7390.107/.108 for Windows and macOS and 141.0.7390.107 for Linux fix a Chrome security vulnerability that Google states poses a high risk. The Chrome version for Android was also affected by the vulnerability before the new, secured version 141.0.7390.111.
The vulnerability in question, CVE-2025-11756 (“High”), is in the Safe Browsing feature. It is a use-after-free vulnerability where freed memory is improperly reused. Further details are not revealed by Google's announcement on the Stable Channel Update.
Those who want to delve deeper into technical details can study the changelog of the Chromium codebase.
Is Chrome Up to Date?
You can check the current software version via Chrome's browser menu, accessible by clicking the icon with three stacked dots to the right of the address bar. Then navigate to “Help”—“About Google Chrome.”
On Linux, users typically need to start the software manager of their distribution. The secured Android version is available via Google Play.
Other browsers based on the Chromium codebase are likely also vulnerable. Their manufacturers are expected to release updates to patch the security hole shortly, such as Microsoft for the Edge web browser.
Firefox, Firefox ESR, and Thunderbird Patched
The free browser Firefox, its ESR (Extended Support Release) version, and the email client Thunderbird have all received multiple vulnerability updates.
Mozilla's overview page with security advisories lists the new Firefox 144 and ESR versions 140.4 and 115.29 as secured versions. Also secured are Thunderbird 140.4 and, of course, the fresh email client release 144 (see release notes).
As usual, some security-relevant bug fixes overlap in the advisories for Mozilla software. Several “high”-rated vulnerabilities could have been exploited to execute arbitrary malicious code “with sufficient effort,” according to the team's assessment. Also included are vulnerabilities that could have been exploited to read information or for unauthorized write access to JavaScript objects, for example.
More on Firefox 144
For those interested in new features and changes in Firefox 144, more detailed information can be found on the release notes page.
From a security perspective, it's interesting: the integrated password manager will now use AES-256-CBC for encryption (instead of the previous 3DES-CBC) to better protect stored data.
(ovw)
