Select a theme from the list.
Insights

From our experts

Latest
Microsoft Makes Passkeys the Entra ID Default and Sets a Deadline for Native SMS AuthenticationSonicWall Zero-Days Under Active Attack Demand Immediate SMA1000 PatchingCritical Chrome and Firefox Updates Put Browser Restarts Back on the Security AgendaAsyncAPI Package Breach Turns Trusted Build Pipelines Into a Malware Delivery SystemMicrosoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS HardwareMicrosoft Makes Passkeys the Entra ID Default and Sets a Deadline for Native SMS AuthenticationSonicWall Zero-Days Under Active Attack Demand Immediate SMA1000 PatchingCritical Chrome and Firefox Updates Put Browser Restarts Back on the Security AgendaAsyncAPI Package Breach Turns Trusted Build Pipelines Into a Malware Delivery SystemMicrosoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS Hardware
Security Insight

Critical Chrome and Firefox Updates Put Browser Restarts Back on the Security Agenda

Critical Chrome and Firefox Updates Put Browser Restarts Back on the Security Agenda
Photo by Markus Winkler on Pexels

Google and Mozilla have released security updates correcting critical vulnerabilities in Chrome 150 and Firefox 152. Public exploit code is available for two Firefox flaws, although Mozilla has not identified attacks exploiting them in the wild.

News Date: 2026-07-15

Google and Mozilla have issued new browser updates addressing critical security weaknesses, giving IT departments another reason to examine how quickly browser patches actually reach employees. The releases cover Chrome 150 and Firefox 152, including vulnerabilities that could create opportunities for memory corruption, security-boundary bypasses and potentially malicious code execution.

Firefox Exploit Code Is Already Public

Mozilla released Firefox 152.0.6 to fix two critical vulnerabilities tracked as CVE-2026-15718 and CVE-2026-15719. The defects involve an invalid pointer in the JavaScript and WebAssembly component and a site-isolation weakness affecting navigation behavior.

Mozilla confirmed that public exploit code exists for both issues, although it had not observed active exploitation at the time of publication. That is not a reason to delay. Once practical technical information becomes available, attackers can study it, improve it and incorporate it into malicious websites or targeted campaigns.

Chrome Corrects Fifteen Security Defects

Google's Chrome update fixes 15 vulnerabilities, including two critical use-after-free flaws in the Ozone component. Additional high-severity problems affect areas such as V8, GPU processing, media, user-interface code and HTML canvas functionality.

The corrected Chrome builds are rolling out as versions 150.0.7871.124 and 150.0.7871.125 for Windows and macOS, with version 150.0.7871.124 available for Linux. Google did not report active exploitation of the patched Chrome vulnerabilities.

What IT Teams Should Do

  • Use browser-management platforms to verify deployed versions.
  • Force or strongly encourage browser restarts after updates are installed.
  • Prioritize systems used for administration, finance and privileged cloud access.
  • Check virtual desktop and application-packaging environments for outdated builds.
  • Monitor for users running unmanaged or portable browser installations.

I believe browser patching remains deceptively difficult because an update may be downloaded without becoming active until the user restarts the application. A compliance dashboard showing an installed update can therefore provide false confidence.

Browsers now process sensitive corporate applications, identity sessions, documents and untrusted internet content in the same environment. Enterprises should manage them as critical endpoint infrastructure, with measurable patch deadlines and restart enforcement rather than optional user reminders.

Talk to our team →

Latest

Microsoft Makes Passkeys the Entra ID Default and Sets a Deadline for Native SMS AuthenticationJul 15, 2026SonicWall Zero-Days Under Active Attack Demand Immediate SMA1000 PatchingJul 15, 2026Critical Chrome and Firefox Updates Put Browser Restarts Back on the Security AgendaJul 15, 2026AsyncAPI Package Breach Turns Trusted Build Pipelines Into a Malware Delivery SystemJul 15, 2026Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalJul 13, 2026Global CMS Exploitation Wave Plants Webshells on Business WebsitesJul 13, 2026

Most read

1Global CMS Exploitation Wave Plants Webshells on Business Websites2Exposed Attack Server Unmasks Three Microsoft 365 Phishing Operations3Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe Goal4Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet Cards5Microsoft Prepares Windows Customers for a Faster Era of AI-Driven Patching6Switzerland Mandates 24-Hour Cyberattack Reporting for Critical Sectors