Chrome 131 and Firefox 134 Updates Fix High-Severity Security Flaws
This week, Google and Mozilla released critical updates for their widely used browsers, Chrome and Firefox. These updates address multiple high-severity vulnerabilities that could leave users exposed to serious cyber threats. Updating your browser is crucial to ensure your security and privacy online.
Table of Contents
Chrome 131 Fixes Critical Type Confusion Vulnerability
Google’s Chrome 131 update resolves four significant security flaws, including a high-severity type confusion vulnerability in the V8 JavaScript engine. This flaw, tracked as CVE-2025-0291, was reported by an external researcher who earned a $55,000 bug bounty for their discovery.
Type confusion vulnerabilities occur when an application incorrectly handles the type of an object during runtime. In the V8 engine, such a flaw can lead to devastating consequences. Attackers exploiting this vulnerability could:
- Leak sensitive information from the system.
- Execute arbitrary code remotely.
- Potentially gain full control of a compromised device.
The update is rolling out as versions 131.0.6778.264/.265 for Windows and macOS users, while Linux users will receive version 131.0.6778.264. If you use Chrome, ensure you are running the latest version to mitigate these risks.
Firefox 134 Patches Eleven Vulnerabilities
Mozilla’s Firefox 134 update addresses 11 vulnerabilities, three of which are classified as high-severity. Two of these high-severity flaws involve memory safety issues that could allow attackers to achieve remote code execution, a serious threat that could enable unauthorized actions on a victim’s device.
The third high-severity vulnerability, CVE-2025-0244, is an address bar spoofing flaw specific to Firefox for Android. This bug can be exploited during redirects to invalid protocol schemes, potentially tricking users into visiting malicious sites or divulging sensitive information.
In addition to these high-severity issues, Firefox 134 also fixes eight medium-severity vulnerabilities. These include:
- Bypasses and privilege escalation.
- Improper validation of certificates.
- Address bar spoofing and other UI manipulation attacks.
- Crashes that could potentially be exploited for denial-of-service attacks.
Mozilla also released updates for its Extended Support Release (ESR) versions, Firefox ESR 115.19 and Firefox ESR 128.6, which contain fixes for some of the vulnerabilities addressed in Firefox 134. These updates are especially important for users in organizations or environments relying on ESR versions for long-term browser support.
Act Now to Protect Your Devices
While neither Google nor Mozilla have reported active exploitation of these vulnerabilities, the potential risks they pose should not be underestimated. High-severity flaws, particularly those that could enable remote code execution or system compromise, are often targets for cybercriminals.
To safeguard your devices:
- Update Chrome to version 131.0.6778.264/.265 for Windows and macOS, or 131.0.6778.264 for Linux.
- Update Firefox to version 134 or the latest ESR version, depending on your usage.
Keeping your software up to date is one of the simplest yet most effective ways to protect yourself against online threats. Don’t wait for an attack to happen—update your browsers now.