Google has introduced multiple security fixes for the desktop edition of its Chrome browser and Mozilla has also done the same for Firefox and Firefox Extended Support Release.
Google’s stable channel update to version 83.0.4103.97 for Windows, Mac, and Linux has patched six bugs, four of which were rated high in severity. The most significant of the bunch, CVE-2020-6493, is use after-free-flaw in WebAuthentication that earned a US$ 20,000 (£17,500) bug bounty for an anonymous researcher.
The three other fixed high-severity bugs were described as an incorrect security user interface in payments, insufficient policy enforcement in developer tools, and a use-after-free vulnerability in payments.
Meanwhile, Mozilla introduced fixes for eight bugs found across Firefox (fixed in version 77) and Firefox ESR (fixed in version 68.9) — all eight of which exist in the former. Five of the bugs are rated high in severity and, depending on the issue, can lead to the leaking of private keys, an exploitable crash or arbitrary code execution.
Mozilla also released Thunderbird version 68.9.0, fixing five bugs in the email client products — four of the same vulnerabilities found in the browsers, plus its own high-level vulnerability that could lead to information leakage.
First published in SC US.