Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities.
Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both.
The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component.
“We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw,” Mozilla notes for both weaknesses.
Google fixed 15 vulnerabilities with the latest Chrome update, including two critical use-after-free flaws in Ozone, tracked as CVE-2026-15764 and CVE-2026-15765.
The browser refresh also resolves 12 high-severity bugs across Skia, Libyuv, HTML-in-Canvas, Linux Toolkit Theming, V8, Media, GPU, Core, and UI, including uninitialized use, heap buffer overflow, insufficient policy enforcement, insufficient validation of untrusted input, and use-after-free issues.
Only three of these security defects were reported by external researchers, while the rest were discovered by Google. The internet giant has yet to disclose the bug bounty amounts paid to the researchers.
Google makes no mention of any of the patched vulnerabilities being exploited in the wild. The latest Chrome iteration is now rolling out as versions 150.0.7871.124/.125 for Windows and macOS and as version 150.0.7871.124 for Linux.
Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits
Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
Related: Adobe Patches Critical ColdFusion Vulnerabilities
Related: 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
