Chrome Zero-Day (CVE-2025-6038) & Firefox 121 Patches Released

Chrome Patches Actively Exploited Zero-Day CVE-2025-6038

• Google released an emergency security update for Chrome, version 119.0.6045.199/.200 for desktop, addressing a critical zero-day vulnerability tracked as CVE-2025-6038.
• The vulnerability is a type confusion bug within the V8 JavaScript engine, confirmed by Google's Threat Analysis Group (TAG) to be actively exploited in the wild.
• Users are strongly advised to update their Chrome browsers immediately to the latest version to mitigate the significant risk posed by this actively exploited flaw.

Source: Google Chrome Releases | Date: November 28, 2025

Firefox 121 Delivers Key Security Updates

• Mozilla has released Firefox version 121, incorporating patches for several high-severity security vulnerabilities that could impact browser stability and user security.
• The updates address critical issues including memory safety bugs and potential use-after-free conditions, which, if exploited, could lead to arbitrary code execution or denial of service.
• It is highly recommended that all users update their Firefox browsers to version 121 to apply these crucial security improvements and protect against potential exploits.

Source: Mozilla Security Advisories | Date: January 9, 2026

Opera Neon AI Assistant Vulnerable to Prompt Injection

• Security researchers uncovered a prompt injection vulnerability in Opera Neon's integrated AI assistant, allowing attackers to manipulate the underlying LLM via hidden HTML content.
• This flaw could be exploited to extract sensitive user data, including email addresses, by circumventing established cross-origin security boundaries designed to isolate web content.
• Opera has been responsibly notified of the vulnerability, and users are cautioned to exercise prudence when interacting with AI features until an official patch is deployed.

Source: Brave Browser Blog | Date: October 31, 2025

References

1. Stable Channel Update for Desktop (119.0.6045.199/.200) - Google Chrome Releases
2. Mozilla Security Advisories - Mozilla
3. Prompt Injection Flaw in Opera Neon's AI Assistant Exposes Sensitive User Data - Brave Browser Blog