The release of Chrome 123 and Firefox 124 has brought attention to the critical-severity and multiple high-severity vulnerabilities addressed in these security updates. Chrome 123’s stable channel includes patches for 12 bugs, with the most severe being a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine. Additionally, Google notes the resolution of multiple medium-severity vulnerabilities in components such as Swiftshader, Canvas, Downloads, and iOS, along with one low-severity security hole in iOS. The bug bounty rewards paid out by Google to reporting researchers amount to $22,000, reflecting the significance of the vulnerabilities identified.
Meanwhile, Mozilla’s release of Firefox 124 includes patches for 12 security defects, with critical-severity memory safety bugs collectively tracked as CVE-2024-2615 being the most severe. Notably, some of these flaws could potentially be exploited for arbitrary code execution. In addition to these critical-severity bugs, Firefox 124 resolves high-severity issues leading to sandbox escape, the creation of invalid WASM values, arbitrary code execution on Armv7-A systems, and out-of-bounds writes. This comprehensive approach in addressing vulnerabilities underscores the commitment to ensuring the security of web browsers and the protection of user data.
The significance of these security updates extends to other Mozilla products, as Thunderbird 115.9 and Firefox ESR 115.9 were also released with patches for 10 vulnerabilities, including nine addressed in Firefox 124. This emphasizes the broader impact of addressing security concerns across multiple products and platforms. Notably, Google and Mozilla have not identified any of these vulnerabilities as being exploited in the wild, highlighting the proactive nature of addressing security flaws before they can be maliciously exploited.
