Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities

Briefly

"Google promoted Chrome 141 to the stable channel with 21 security fixes, including 12 for security defects reported by external researchers, who earned a total of $50,000 for their findings. Two of the externally reported bugs, tracked as CVE-2025-11205 and CVE-2025-11206, are high-severity heap buffer overflow issues impacting Chrome's WebGPU and Video components. Google says it handed out a $25,000 bug bounty reward for the WebGPU flaw, which was reported by Atte Kettunen of OUSPG in early September."

"Chrome 141 also resolves eight medium-severity vulnerabilities, including side-channel information leakage issues in Storage and Tab, inappropriate implementation bugs in Media and Omnibox, an out-of-bounds read flaw in Media, and an off-by-one error in the V8 JavaScript engine. The remaining two security holes reported by external researchers are low-severity issues affecting Chrome's Storage component and the V8 engine. The latest Chrome iteration is rolling out as version 141.0.7390.54 for Linux and as versions 141.0.7390.54/55 for Windows and macOS."

"Mozilla released Firefox 143.0.3 this week with fixes for two high-severity defects in the Graphics and JavaScript Engine components. The Graphics flaw, tracked as CVE-2025-11152, is an integer overflow issue that could lead to sandbox escape. The JavaScript Engine weakness, tracked as CVE-2025-11153, is described as a JIT miscompilation. Neither Google nor Mozilla mention any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible."