Vulnerability Management

High-severity bugs patched in Chrome, Firefox browsers

Google this week introduced multiple security fixes for the desktop edition of its Chrome browser and Mozilla has also done the same for Firefox and Firefox Extended Support Release.

Google's stable channel update to version 83.0.4103.97 for Windows, Mac, and Linux has patched six bugs, four of which were rated high in severity. The most significant of the bunch, CVE-2020-6493, is use after-free-flaw in WebAuthentication that earned a $20,000 bug bounty for an anonymous researcher.

The three other fixed high-severity bugs were described as an incorrect security user interface in payments, insufficient policy enforcement in developer tools, and a use-after-free vulnerability in payments.

Meanwhile, Mozilla introduced fixes for eight bugs found across Firefox (fixed in version 77) and Firefox ESR (fixed in version 68.9) -- all eight of which exist in the former. Five of the bugs are rated high in severity and, depending on the issue, can lead to the leaking of private keys, an exploitable crash or arbitrary code execution.

Mozilla also released Thunderbird version 68.9.0, fixing five bugs in the email client products -- four of the same vulnerabilities found in the browsers, plus its own high-level vulnerability that could lead to information leakage.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.