Recent browser updates address multiple high-risk vulnerabilities — users urged to update immediately.
This week, both Mozilla and Google released important updates to their web browsers, Firefox and Chrome, patching a range of security vulnerabilities.
These patches fix a number of vulnerabilities that, if left unaddressed, could put your online security at risk. Some of these issues were serious enough that attackers could potentially gain control of your browser or even your entire system.
The good news is that both Mozilla and Google acted quickly to patch these security holes, and by updating your browser, you’ll be protected from these risks. If you haven’t updated yet, now’s the time to do so.
Mozilla Firefox
The Firefox 138 update includes patches for 11 security flaws, four of which are rated high severity. These high-risk issues could allow attackers to bypass browser protections, run unauthorized code, or gain elevated access on a user’s system. One flaw, for example, involved the Firefox update process, where a non-admin user could potentially gain system-level control.
Other fixed vulnerabilities in this update include:
- memory issue that could be used to bypass sandboxing on macOS
- browser process isolation bug that could lead to cross-site attacks
- download trick that could hide a file’s true type using encoded filenames (Android only)
Several bugs that could expose user data or lead to memory corruption.
Some of these fixes also apply to Thunderbird, Mozilla’s open-source email client and Firefox’s ESR (Extended Support Release) version. Read more about Mozilla’s security advisory on their website report.
Google Chrome
The Chrome 136 update brings eight security fixes to users across multiple devices (Windows, macOS, and Linux). Among the most serious is a high-severity bug (CVE-2025-4096) involving a buffer overflow in Chrome’s HTML engine.
Other vulnerabilities fixed include:
- out-of-bounds memory access issues in Chrome’s developer tools
- data validation problem that could lead to unintended behavior
- other implementation flaws with low severity
They confirmed that these issues were reported before they could be exploited, and no known attacks using them have been observed in the wild. Read more about Google’s update report on their releases page.
While there’s no reports of any of these vulnerabilities being having been or being exploited, it is strongly recommend updating your browsers as soon as possible. Updates are being rolled out automatically, but users can manually check for updates (and ensure auto-updates) to ensure they’re protected.
Ensure Web Browser Auto-Updates Are Enabled
Keeping your browser up to date is one of the easiest ways to stay protected online. Usually auto-update settings are enabled by default on install, but here’s how to make sure auto-updates are turned on:
For Google Chrome:
Click the three-dot menu in the top-right corner.
Go to Help >> About Google Chrome.
Chrome will automatically check for updates and install them.
If updates are available, you’ll be prompted to relaunch the browser.
For Mozilla Firefox:
First, open the browser and click the menu button (☰) in the top-right corner.
Go to Settings >> General.
Scroll down to Firefox Updates and make sure “Automatically install updates” is selected.
Firefox also updates automatically unless this setting has been changed manually.
Keeping browsers up to date is a critical part of maintaining device security, especially as online threats continue to grow in complexity.
Leave a Reply