Browser Updates: Chrome, Firefox, and Thunderbird Patch Security Holes

The manufacturers of the web browsers Chrome and Firefox, as well as the Thunderbird email software, have released updated software versions. These close partly critical security vulnerabilities. However, Firefox also brings interesting new features, such as selectable countries for VPN endpoints.

Google Updates

Google's developers have since provided the list of security vulnerabilities closed in the latest updates for the Chrome browser. The total number has decreased significantly again; the update patches 16 security holes. However, two of these are considered critical risks, and nine are considered high-risk threats. Versions Chrome 148.0.7778.178 for Android and Linux, and 148.0.7778.178/179 for macOS and Windows, fix these security-relevant errors. In addition, Google is also transitioning to Chrome 149 for Android and iOS in an initially limited rollout.

According to Ars Technica, Google's developers have had a small mishap meanwhile. On Wednesday, they accidentally made proof-of-concept code for a vulnerability reported for about two and a half years public in the Chromium issue tracker. This is said to open a kind of persistent (at least in Microsoft Edge) JavaScript backdoor and, even after restarts, can make the browser part of a botnet with limited capabilities; however, a fix for this is still pending, explains the discoverer Lyra Rebane on the social network Mastodon.

Updated Mozilla Software

Vulnerabilities have been discovered and closed not only in the Chromium browsers but also in those from the Mozilla Foundation. The new versions Firefox 151, Firefox 151 for iOS, Firefox ESR 140.11 and 115.36, and Thunderbird 151 and 140.11 close numerous security vulnerabilities. Firefox ESR 115.36 is the extended support line for older operating systems like Windows 7 and 8, and macOS up to version 10.14 – Mozilla will only maintain it until the end of August 2026. In the 151 version of Firefox, there are six high-risk vulnerabilities, twelve medium-risk, and 13 classified as low-risk security holes.

However, the 151 development branch also includes interesting new features. Firefox offers 50 GB of free VPN traffic per month. In the new browser version, interested users can choose from five countries where the VPN endpoints should be located: Germany, France, Great Britain, Canada, and the USA. On Android and iOS, settings for AI functions are now included. In private mode, the session can be reset using the flame-shaped button “Clear private session” in the address bar; a browser restart is no longer necessary.

Since browsers based on these projects, such as Microsoft Edge (based on Chrome) or the Tor Browser (based on Firefox), are also affected by the vulnerabilities, updated versions are likely to appear for them shortly. Users should check if the updates are already available, for example, by calling up the software's version dialog. This is usually found in the settings menu under “Help” – “About <Software Name>” and installs any available updates.

(dmk)