Google and Mozilla on Tuesday released fresh updates for Chrome and Firefox to resolve multiple high-severity vulnerabilities.
Google announced a Chrome 142 update that resolves a high-severity inappropriate implementation issue in the V8 JavaScript engine. The bug is tracked as CVE-2025-13042.
The internet giant has not detailed the flaw, but such V8 defects can typically be exploited remotely to cause denial-of-service (DoS) conditions or for code execution, Hong Kong CERT/CC notes. Google has yet to determine the bug bounty reward for the defect.
The latest Chrome iteration is now rolling out as version 142.0.7444.162 for Linux, version 142.0.7444.162 for macOS, and versions 142.0.7444.162/.163 for Windows.
Mozilla on Tuesday released Firefox 145 to the stable channel with fixes for 16 vulnerabilities, including nine high-severity weaknesses, and with improved anti-fingerprinting protections.
Six of these security defects impact the browser’s graphics, and five of them are described as incorrect boundary conditions issues affecting the WebGPU component. The sixth is a race condition.
Firefox 145 also resolves an incorrect boundary conditions flaw in the WebAssembly component, and a JIT miscompilation bug in the JavaScript Engine.
The ninth high-severity bug, tracked as CVE-2025-13027, collectively identifies memory safety flaws impacting Firefox 144 and Thunderbird 144.
On Tuesday, Mozilla also released Firefox ESR 140.5 with fixes for nine security defects, and Firefox ESR 115.30 with patches for four weaknesses.
Google and Mozilla make no mention of any of these vulnerabilities being exploited in the wild.
Related: Chrome 142 Update Patches High-Severity Flaws
Related: New Firefox Extensions Required to Disclose Data Collection Practices
Related: High-Severity Vulnerabilities Patched by Ivanti and Zoom
