Web browsers: Mozilla & Google close security gaps

Recently updated versions have been made available for both web browsers, Google Chrome and Mozilla Firefox. The updates sometimes close high-risk security gaps and should therefore be carried out promptly.

Chrome update closes 8 security bugs

Google has released an updated version of its Chrome web browser. It closes eight security-related bugs, of which Google classifies at least four as high risk and one as medium risk. The remaining gaps were apparently not reported by external IT researchers, so no further information was disclosed.

The debugged versions are 108.0.5359.128 for Android, 108.0.5359.112 for iOS, 108.0.5359.124 for Linux and Mac, and 108.0.5359.124/.125 for Windows. Chrome users can check for themselves in the settings menu whether their browser is on the new software version and possibly speed up the update. Linux users must use the software management of their distribution and have the update installed in this way.

Web browser Firefox version 108 released

The development team at the Mozilla Foundation has also been hard at work sealing security holes and recently released version 108 of the Firefox web browser.

The innovations that the Firefox update brings with it are clear:

  • Import maps are now enabled by default (allow websites to control JavaScript import behavior)
  • Efficiency mode on Windows 11
  • Process manager, in which the resource consumption of individual browser processes can be identified (similar to Chrome with the shortcut Shift+esc)
  • Improved frame scheduling under load (greatly improves Firefox’s MotionMark scores)

The following adjustments have been made:

  • Proper color correction of images tagged with ICCv4 profiles is now supported
  • Non-English characters are supported when saving and printing PDF forms
  • Correct functioning of the default status “Only show on new tab” of the bookmarks toolbar

As previously announced, various security fixes have also been made. Specifically, the developers sealed four vulnerabilities with a high degree of severity, three with a medium severity rating and one with a low hazard rating.

Among other things, an outdated third-party component, the libusrsctp library, opened up security vulnerabilities. For example, attackers using Firefox for Linux could potentially break out of a compromised process in the browser sandbox and read arbitrary files.

Source: heise.de & Mozilla