Google and Mozilla Patch Critical Memory Safety Flaws in Chrome and Firefox
Google and Mozilla released urgent security updates this week to address multiple memory safety vulnerabilities in Chrome and Firefox, including critical flaws that could enable arbitrary code execution.
Chrome 147 Update
Google’s latest Chrome update (version 147.0.7727.137/138 for Windows/macOS, 147.0.7727.137 for Linux) fixes 30 security issues, four of which are critical-severity use-after-free vulnerabilities:
- CVE-2026-7363 (Canvas)
- CVE-2026-7361 (iOS)
- CVE-2026-7344 (Accessibility)
- CVE-2026-7343 (Views)
Use-after-free flaws occur when an application references deallocated memory, potentially leading to crashes, data leaks, or remote code execution. The remaining 26 patches primarily address high-severity memory safety bugs, including out-of-bounds reads, buffer overflows, and type confusion issues. Google awarded $30,000 in bug bounties, with the highest payout ($16,000) for a GPU-related use-after-free flaw.
Firefox 150.0.1 Update
Mozilla’s Firefox 150.0.1 resolves four vulnerabilities, including three critical/high-severity memory safety bugs (CVE-2026-7322, CVE-2026-7323, CVE-2026-7324) that could allow arbitrary code execution. A fourth flaw, CVE-2026-7320, is an information disclosure issue in the Audio/Video component. The fixes extend to Firefox ESR 140.10.1 and 115.35.1, which also patch a medium-severity sandbox escape.
Both updates mitigate risks of exploitation, with Mozilla noting that some of the patched bugs showed signs of memory corruption. Users are advised to apply the updates immediately.
Source: https://www.securityweek.com/chrome-147-firefox-150-security-updates-rolling-out/
Mozilla TPRM report: https://www.rankiteo.com/company/mozilla-corporation
Google TPRM report: https://www.rankiteo.com/company/google-chrome
"id": "goomoz1777494638",
"linkid": "google-chrome, mozilla-corporation",
"type": "Vulnerability",
"date": "4/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'All Chrome users',
'industry': 'Technology',
'name': 'Google Chrome',
'type': 'Software'},
{'customers_affected': 'All Firefox users',
'industry': 'Technology',
'name': 'Mozilla Firefox',
'type': 'Software'}],
'attack_vector': 'Memory Safety Flaws',
'customer_advisories': 'Users are advised to apply the updates immediately.',
'description': 'Google and Mozilla released urgent security updates to '
'address multiple memory safety vulnerabilities in Chrome and '
'Firefox, including critical flaws that could enable arbitrary '
'code execution.',
'impact': {'operational_impact': 'Potential arbitrary code execution, '
'crashes, data leaks',
'systems_affected': 'Chrome and Firefox browsers'},
'post_incident_analysis': {'corrective_actions': 'Security patches released '
'for Chrome and Firefox',
'root_causes': 'Memory safety vulnerabilities '
'(use-after-free, out-of-bounds '
'reads, buffer overflows, type '
'confusion)'},
'recommendations': 'Users are advised to apply the updates immediately.',
'references': [{'source': 'Google Chrome Update'},
{'source': 'Mozilla Firefox Update'}],
'response': {'communication_strategy': 'Public disclosure of vulnerabilities '
'and patches',
'containment_measures': 'Security patches released',
'remediation_measures': 'Chrome 147.0.7727.137/138 and Firefox '
'150.0.1 updates'},
'title': 'Google and Mozilla Patch Critical Memory Safety Flaws in Chrome and '
'Firefox',
'type': 'Vulnerability Patch',
'vulnerability_exploited': ['CVE-2026-7363 (Canvas)',
'CVE-2026-7361 (iOS)',
'CVE-2026-7344 (Accessibility)',
'CVE-2026-7343 (Views)',
'CVE-2026-7322',
'CVE-2026-7323',
'CVE-2026-7324',
'CVE-2026-7320 (Audio/Video)']}