
"Google promoted Chrome 141 to the stable channel with 21 security fixes, including 12 for security defects reported by external researchers, who earned a total of $50,000 for their findings. Two of the externally reported bugs, tracked as CVE-2025-11205 and CVE-2025-11206, are high-severity heap buffer overflow issues impacting Chrome's WebGPU and Video components. Google says it handed out a $25,000 bug bounty reward for the WebGPU flaw, which was reported by Atte Kettunen of OUSPG in early September."
"Chrome 141 also resolves eight medium-severity vulnerabilities, including side-channel information leakage issues in Storage and Tab, inappropriate implementation bugs in Media and Omnibox, an out-of-bounds read flaw in Media, and an off-by-one error in the V8 JavaScript engine. The remaining two security holes reported by external researchers are low-severity issues affecting Chrome's Storage component and the V8 engine. The latest Chrome iteration is rolling out as version 141.0.7390.54 for Linux and as versions 141.0.7390.54/55 for Windows and macOS."
"Mozilla released Firefox 143.0.3 this week with fixes for two high-severity defects in the Graphics and JavaScript Engine components. The Graphics flaw, tracked as CVE-2025-11152, is an integer overflow issue that could lead to sandbox escape. The JavaScript Engine weakness, tracked as CVE-2025-11153, is described as a JIT miscompilation. Neither Google nor Mozilla mention any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible."
Google released Chrome 141 to the stable channel with 21 security fixes, including 12 externally reported defects that earned researchers a combined $50,000 in bounties. Two externally reported high-severity heap buffer overflow vulnerabilities affect Chrome's WebGPU (CVE-2025-11205) and Video (CVE-2025-11206) components; Google paid $25,000 for the WebGPU report. Chrome 141 also addresses eight medium-severity issues and two low-severity flaws, and is rolling out across Linux, Windows, macOS, and Android builds. Mozilla released Firefox 143.0.3 fixing an integer overflow in Graphics (CVE-2025-11152) and a JIT miscompilation in the JavaScript engine (CVE-2025-11153). No in-the-wild exploitation reported; users should update.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]