Browser Battlefront: Chrome and Firefox Race to Patch Critical Memory Flaws

Google and Mozilla scramble to plug dangerous memory vulnerabilities before hackers can strike.

In the shadowy world of browser security, the battle never ceases. This week, Google and Mozilla unleashed a barrage of critical fixes, racing against cybercriminals who constantly probe for weak spots. With Chrome 147 and Firefox 150 rolling out major patches, users are left to wonder: how close did we come to disaster, and is it ever truly safe to surf?

The latest wave of browser updates reveals just how relentless and lucrative the hunt for vulnerabilities has become. Chrome’s new version 147.0.7727.137/138 arrives with a staggering 30 security fixes, many of them targeting the browser’s most dangerous adversary: memory safety bugs. Four critical use-after-free vulnerabilities - CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, and CVE-2026-7343 - were unearthed by external researchers, affecting core components like Canvas, iOS, Accessibility, and Views.

Use-after-free flaws, a perennial nightmare for developers, occur when software tries to access memory that’s already been freed. The consequences? Everything from browser crashes to the holy grail for attackers - arbitrary code execution, where an intruder can hijack your system. Google’s bug bounty program reflects the stakes: $30,000 in rewards for just four of these bugs, with the largest payout going to a GPU-related vulnerability.

Meanwhile, Mozilla’s Firefox 150.0.1 update is no less urgent. Four security defects, including critical and high-severity memory corruption bugs (CVE-2026-7322, CVE-2026-7323, and CVE-2026-7324), have been patched. Mozilla warns that, with sufficient effort, these flaws could have been exploited to run malicious code on users’ machines. A fourth issue (CVE-2026-7320) involves information disclosure in the Audio/Video component, potentially leaking sensitive data.

Both tech giants are moving quickly to shield users, rolling out fixes across all major platforms and even extending protection to enterprise-focused Extended Support Release (ESR) channels. But the sheer volume and severity of these bugs underscore a sobering truth: browsers, our window to the web, remain a prime target for cybercriminals and researchers alike.

As Chrome and Firefox users install these latest updates, one question lingers: how many more vulnerabilities are lurking beneath the surface? The patch-and-pursue cycle continues, with the next round of exploits - and fixes - inevitably on the horizon.

WIKICROOK

Use: In cybersecurity, 'use' means accessing or interacting with a resource. Improper use, like using freed memory, can create security vulnerabilities.
Arbitrary code execution: Arbitrary Code Execution lets attackers run any code on a system, often leading to full control, data theft, or malware installation.
Memory safety: Memory safety ensures software only accesses permitted memory, preventing bugs and vulnerabilities like crashes, data leaks, and cyberattacks.
Bug bounty: A bug bounty is a program where companies reward security researchers for finding and reporting software vulnerabilities to improve cybersecurity.
Information disclosure: Information disclosure is a vulnerability that allows attackers to access sensitive or private data without authorization, risking privacy and security.