Google and Mozilla Release Security Updates for Chrome and Firefox to Address High-Severity Flaws
Google and Mozilla have recently released security updates for their browsers, Chrome and Firefox, addressing over 35 vulnerabilities, with a focus on fixing high-severity flaws. Chrome 124, now available in the stable channel, comes with patches for 22 bugs, 13 of which were identified by external researchers. Among these, three high-severity issues were reported, with bug bounty rewards being handed out for their discovery.
One of the critical vulnerabilities, CVE-2024-3832, was described as an object corruption defect in the V8 JavaScript engine, for which Google awarded a $20,000 bounty to the researcher. Another high-severity flaw, CVE-2024-3833, related to object corruption in WebAssembly, earned a $10,000 reward. Additionally, a use-after-free defect in Downloads, identified as CVE-2024-3834, was also addressed, with a $3,000 bug bounty reward being given by Google.
In total, Google paid out $65,000 in bug bounty rewards for the reported flaws, with the final amount potentially increasing as assessments for two bugs are still pending. The latest Chrome version, 124.0.6367.60/.61 for Windows and macOS and 124.0.6367.60 for Linux, is now being rolled out to users.
On the other hand, Firefox 125 was released with fixes for 15 vulnerabilities, nine of which were classified as high-severity. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code. Notably, five high-severity issues were related to the JIT component, while others were associated with garbage collection and memory safety bugs that could potentially be exploited for running arbitrary code.
The Firefox update also addressed medium-severity security defects and a low-severity one, including a vulnerability (CVE-2024-3302) that could lead to denial-of-service using HTTP/2 CONTINUATION frames, through a new attack method known as HTTP/2 Continuation Flood. Additionally, Mozilla released Firefox ESR 115.10, offering further security enhancements to users.