Google and Mozilla have released urgent updates for Chrome and Firefox. These updates fix several security flaws, including high-severity ones that could expose users to serious threats.
Chrome 136 Fixes Critical HTML Flaw
Google rolled out Chrome version 136 with eight security patches. Four of these came from external researchers. One of the most dangerous bugs—CVE-2025-4096—is a high-severity issue in Chrome’s HTML engine. It could let attackers overflow memory and crash the browser or run malicious code. Google paid $5,000 to the researcher who found it.
Other reported bugs include two medium-severity flaws in Chrome’s DevTools. These issues involve unsafe memory access and weak input validation. Google also fixed a low-severity problem linked to improper DevTools behavior. The researchers who found these flaws earned $2,000 and $1,000 rewards.
Chrome 136 is now live as version 136.0.7103.48/49 for Windows and macOS, and 136.0.7103.59 for Linux. Users should open Chrome settings and update right away to stay secure.
Firefox 138 Addresses Privilege Escalation Risks
Mozilla launched Firefox 138 with patches for 11 vulnerabilities. Four of them are high-severity bugs that could allow hackers to escape the browser sandbox or run unauthorized code. These flaws could give attackers more control over your system if not patched.
The update also fixes six medium-risk issues. These include memory leaks, CSRF attacks, and hidden file extensions during downloads. A low-risk bug affecting Firefox on Android has been resolved as well.
Mozilla rolled out the same fixes for Thunderbird 138. Firefox ESR and Thunderbird ESR have also been updated to plug overlapping flaws.
Neither Google nor Mozilla reported active exploitation of these issues. Still, users should not wait. Updating your browser now is the safest move.
