Google and Mozilla Patch 26 High-Severity Vulnerabilities in Chrome and Firefox
Coordinated browser updates for Chrome 144 and Firefox 147 address critical sandbox escape and code execution bugs, with no evidence of exploitation in the wild.
Google and Mozilla have released coordinated security updates for Chrome 144 and Firefox 147, addressing a combined 26 high-severity vulnerabilities. The patches fix critical sandbox escape and code execution bugs, with neither company reporting evidence of exploitation in the wild.
Chrome 144 Security Fixes
Google's Chrome 144 release addresses 17 security vulnerabilities:
- V8 engine fixes: Multiple vulnerabilities in Chrome's JavaScript engine
- Sandbox improvements: Patches for potential sandbox escape vectors
- WebView hardening: Fixes for CVE-2026-0628, a high-severity policy enforcement issue
- Memory safety: Use-after-free and buffer overflow corrections
Chrome 144.0.7559.59 (Linux) and 144.0.7559.59/60 (Windows/Mac) are now available through Chrome's automatic update mechanism.
Firefox 147 Security Fixes
Mozilla's Firefox 147 release addresses 9 security vulnerabilities:
- Memory safety bugs: Fixes for potential code execution vulnerabilities
- JavaScript engine: SpiderMonkey security improvements
- Content Security Policy: Bypass prevention enhancements
- Cross-origin issues: Fixes for data leakage vulnerabilities
Firefox ESR (Extended Support Release) versions 115.32 and 140.7 also received corresponding security updates.
Coordinated Release Timing
The simultaneous browser updates align with Microsoft's January 2026 Patch Tuesday cycle. This coordination helps organizations plan comprehensive patching schedules that address vulnerabilities across their software stack.
No Active Exploitation
Both Google and Mozilla confirmed that none of the patched vulnerabilities were known to be exploited in the wild at the time of release. This proactive patching approach addresses security issues before attackers can weaponize them.
Update Recommendations
Users and administrators should update immediately:
- Chrome: Navigate to Settings → About Chrome to trigger automatic update
- Firefox: Navigate to Help → About Firefox to check for updates
- Enterprise: Deploy updates through managed update channels
Restart browsers after updating to ensure patches take effect.
Related Articles
Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks
Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.
HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth
HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.
Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot
Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.