Google and Mozilla have addressed high-severity memory safety vulnerabilities in their browsers, Chrome and Firefox, respectively. Chrome 122, released in the stable channel, patches 12 security defects, with two high-severity flaws reported externally. The most severe is an out-of-bounds memory access bug in Blink, rewarded with a $7,000 bug bounty, and the other is a use-after-free flaw in Mojo, earning a $5,000 reward. The update also resolves medium-severity vulnerabilities, with the highest bug bounty of $8,000 for inappropriate implementation in Site Isolation.
Mozilla’s Firefox 123, released on the same day, addresses 12 vulnerabilities, including four high-severity issues. These include an out-of-bounds memory read in networking channels, memory safety issues, and a bug leading to a spoofed alert dialog on a different site. Medium-severity bugs could have resulted in poisoned local browser cache, obscured permission dialogs, unintended permission grants, incorrectly honored Set-Cookie response headers, and SameSite cookies not being properly respected. Users are encouraged to update their browsers promptly to secure their systems against potential exploits.
Reference:
