Google and Mozilla promptly issued new security updates for Chrome and Firefox on Tuesday to address a range of high-severity vulnerabilities discovered in both browsers. These patches aim to safeguard users against potential remote exploitation.
Google’s update, Chrome 142, fixes one major flaw: a high-severity inappropriate implementation issue within the V8 JavaScript engine, officially tracked as CVE-2025-13042. While the internet giant has provided few details about the defect, security experts suggest that similar V8 flaws can often be exploited remotely to trigger denial-of-service (DoS) conditions or facilitate arbitrary code execution. Google has not yet specified the bug bounty reward for the researcher who reported the issue. The new Chrome version is now rolling out across all major platforms: version 142.0.7444.162 for Linux and macOS, and versions 142.0.7444.162/.163 for Windows.
Mozilla also released Firefox 145 to the stable channel, which resolves a total of 16 vulnerabilities. Among these are nine high-severity weaknesses that could pose a significant risk to users. The update also includes crucial anti-fingerprinting protections to enhance user privacy. A significant portion of these high-severity flaws—six, to be precise—are tied to the browser’s graphics component. Five of these involve incorrect boundary conditions in the WebGPU component, and the sixth is a race condition.
Beyond the graphics-related issues, Firefox 145 also addresses another incorrect boundary conditions flaw found in the WebAssembly component, as well as a JIT miscompilation bug in the core JavaScript Engine. The ninth high-severity vulnerability, designated CVE-2025-13027, is a collective identifier for memory safety flaws that previously affected both Firefox 144 and Thunderbird 144.
In addition to the main release, Mozilla simultaneously pushed out updates for its extended support versions, releasing Firefox ESR 140.5 with fixes for nine security defects and Firefox ESR 115.30 which patches four weaknesses. Importantly, both Google and Mozilla have confirmed that they have no evidence that any of these specific vulnerabilities have been exploited by malicious actors in the wild.
Reference:
