On February 5, 2025, Google and Mozilla released security updates for their respective web browsers, Chrome 133 and Firefox 135 to address multiple high-severity memory safety vulnerabilities.
In Chrome 133, Google fixed 12 security issues including two major weaknesses, CVE-2025-0444 (in the Skia graphics library) and CVE-2025-0445 (in the V8 JavaScript engine). These flaws could let attackers run harmful code on a user’s system or break out Chrome’s security protections. Another medium-risk issue in Chrome’s Extension API was also fixed.
Mozilla’s Firefox 135 update addressed four serious security problems, including CVE-2025-1009 (affecting the Custom Highlight API) and CVE-2025-1010 (impacting XSLT transformations). These issues, like Chrome’s, could allow hackers to execute malicious code. Mozilla also fixed CVE-2025-1016 and CVE-2025-1020, which are memory safety flaws that could cause data corruption or let attackers bypass security protections in Firefox, Thunderbird, and Firefox ESR.
According to an update from Chrome, “The Chrome team is delighted to announce the promotion of Chrome 133 to the stable channel for Windows, Mac, and Linux. This will roll out over the coming days/weeks… Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
Browser vulnerabilities, such as the use-after-free issues fixed in these updates, can allow attackers to execute malicious code remotely or bypass critical security measures. As healthcare systems increasingly depend on secure web applications and telemedicine platforms, all software components should be up-to-date and free of known vulnerabilities.
Related: HIPAA Compliant Email: The Definitive Guide
High-severity vulnerabilities are security flaws that can allow malicious attackers to access application resources and data, potentially leading to significant breaches or disruptions.
Examples include Cross-Site Scripting (XSS), XML External Entity Injection (XXE), and Local File Inclusion (LFI). These can enable attackers to steal session information or sensitive data from applications.
Exploiting these vulnerabilities could lead to unauthorized access, theft of medical records, or disruption of services.