Chrome 135, Firefox 137: Patch Now Against Critical Threats
Google and Mozilla have released updates for their Chrome and Firefox browsers, addressing dozens of vulnerabilities, including critical memory management flaws. The updated Chrome 135 includes 14 security patches, nine of which were discovered by external researchers. The most severe issue—CVE-2025-3066—involves use-after-free in the navigation component, a type of vulnerability that can lead to crashes or arbitrary code execution.
In addition, Google resolved four medium-severity issues, including improper implementations in Custom Tabs, Intents, and Extensions, as well as inadequate input validation. Four other flaws, considered less critical, were found in the browser’s navigation, autofill, download, and tab functionalities.
For their contributions, researchers received a total of $18,000 in bug bounties. The largest single award—$10,000—was granted to Philipp Beer of the Technical University of Vienna for a vulnerability in Custom Tabs. The bounty for the most critical vulnerability remains undisclosed, suggesting the overall payout could be significantly higher.
Chrome 135 is currently being rolled out as version 135.0.7049.52 for Linux and 135.0.7049.41/42 for Windows and macOS.
Meanwhile, Mozilla has released Firefox 137, which resolves eight vulnerabilities, including three critical ones. These include a serious flaw in XSLTProcessor (CVE-2025-3028) and two memory management bugs (CVE-2025-3030 and CVE-2025-3034) that could potentially allow the execution of malicious code.
The update also addresses medium- and low-severity issues, including risks of data leakage, address bar spoofing, and stealthy downloads triggered by .url shortcuts on Windows.
In addition to Firefox, Mozilla has updated its extended support and email clients: Firefox ESR 128.9, Firefox ESR 115.22, Thunderbird 137, and Thunderbird ESR 128.9—all of which received equivalent security patches.
Although neither Google nor Mozilla has reported any active exploitation of these vulnerabilities in the wild, users are strongly advised to install the latest updates without delay.