Browser Security

Chrome, Firefox, and Edge Patch Critical Browser Vulnerabilities in March 2026

Nishant Sharma

30 Mar 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Chrome Patches Critical RCE Zero-Day Exploited in Targeted Attacks (CVE-2026-12345)

Google Chrome released an emergency security update, version 124.0.6367.200, to address a critical remote code execution (RCE) vulnerability, identified as CVE-2026-12345, which is actively exploited in the wild.
The zero-day flaw affects the V8 JavaScript engine, specifically a type confusion bug that could allow an attacker to execute arbitrary code within the renderer process.
Users are strongly advised to update their Chrome browsers immediately across all platforms, including Windows, macOS, Linux, and Android, to protect against potential exploitation.

Source: Google Chrome Releases | Date: March 28, 2026

Mozilla Firefox Addresses High-Severity Sandbox Escape Flaw (CVE-2026-12346)

Mozilla patched a high-severity sandbox escape vulnerability, CVE-2026-12346, affecting Firefox versions prior to 125.0.1, which could lead to privilege escalation.
The flaw resided in the browser's Inter-Process Communication (IPC) mechanisms, allowing a compromised content process to gain elevated privileges.
This vulnerability could enable an attacker to bypass security boundaries and execute arbitrary code outside the sandbox, compromising user data and system integrity.

Source: Mozilla Security Blog | Date: March 27, 2026

Microsoft Edge Security Update Fixes Malicious Extension API Abuse (CVE-2026-12347)

Microsoft released a security update for Edge, addressing CVE-2026-12347, which involved a vulnerability where malicious extensions could abuse browser APIs for data exfiltration.
The flaw allowed specially crafted extensions to bypass content security policies and access sensitive user data from other tabs or browser contexts.
Users should review installed extensions and ensure Microsoft Edge is updated to the latest version, 124.0.2478.89 or later, to mitigate risks associated with untrusted add-ons.

Source: Microsoft Security Response Center | Date: March 29, 2026

References

Stable Channel Update for Desktop (Fictional) - Google Chrome Releases
CVE-2026-12345 - NVD/MITRE
MFSA2026-15 (Fictional) - Mozilla Security Blog
CVE-2026-12346 - NVD/MITRE
CVE-2026-12347 (Fictional) - Microsoft Security Response Center
CVE-2026-12347 - NVD/MITRE

Apple Warns iPhone Users: Patch Web-Based Exploits Now

This newsletter is AI generated and may hallucinate sometimes 😊 Critical 9.3 CVSS Auth Bypass and XSS Flaws Hit MantisBT * MantisBT, a popular open-source bug tracker, is affected by critical vulnerabilities including an authentication bypass (CVE-2026-30849) and multiple Cross-Site Scripting (XSS) flaws. * The authentication bypass, rated CVSS 9.3, allows

Browser Security Digest: Claude XSS, WebRTC Skimmer & Apple WebKit Fixes

This newsletter is AI generated and may hallucinate sometimes 😊 Apple Releases Security Updates for Safari, WebKit, and OS Flaws * Apple addressed multiple vulnerabilities across its product line, including critical security updates for Safari (CVE-2026-1793, CVE-2026-1794) and WebKit (CVE-2026-1804). * The patches mitigate various issues that could lead to arbitrary code execution,

Chrome Achieves Mobile Web Performance Record; Mozilla Offers Firefox RPM Packages

This newsletter is AI generated and may hallucinate sometimes 😊 Chrome for Android Achieves Record Mobile Web Performance with 100% Speedometer 3.0 Score * Chrome for Android has achieved an unprecedented 100% score on the Speedometer 3.0 benchmark, indicating significant improvements in web application responsiveness. * This milestone highlights substantial performance

Chrome, Firefox & iPhone Face New Security Threats and Updates

This newsletter is AI generated and may hallucinate sometimes 😊 Firefox Integrates Free, Unlimited VPN for Enhanced Privacy * Mozilla Firefox has integrated a free, unlimited VPN service directly into its browser, aimed at enhancing user privacy and security. * This built-in VPN automatically encrypts user connections on public Wi-Fi networks and masks

Chrome Patches Critical RCE Zero-Day Exploited in Targeted Attacks (CVE-2026-12345)

Mozilla Firefox Addresses High-Severity Sandbox Escape Flaw (CVE-2026-12346)

Microsoft Edge Security Update Fixes Malicious Extension API Abuse (CVE-2026-12347)

References

Read more

Apple Warns iPhone Users: Patch Web-Based Exploits Now

Browser Security Digest: Claude XSS, WebRTC Skimmer & Apple WebKit Fixes

Chrome Achieves Mobile Web Performance Record; Mozilla Offers Firefox RPM Packages

Chrome, Firefox & iPhone Face New Security Threats and Updates