Browser Security

Critical Browser Security Updates: Chrome, Firefox, and WebKit Address Zero-Days and RCE

Nishant Sharma

— 2 min read
This newsletter is AI generated and may hallucinate sometimes 😊

Brave launches most powerful search API for AI to date

  • Brave launched a new Search API featuring Zero Data Retention (ZDR) and SOC 2 Type II compliance.
  • The API operates an independent global search index, offering direct control over data sources.
  • It prevents query logging, user tracking, and query use for AI model training, enhancing privacy for developers.

Source: Brave | Date: February 12, 2026

Chrome Patches Critical V8 Zero-Day Exploited in Attacks (CVE-2024-5987)

  • Google Chrome version 126.0.6478.114 addresses a critical type confusion vulnerability, CVE-2024-5987, within the V8 JavaScript engine that allowed remote code execution.
  • The zero-day flaw was identified by Google's Threat Analysis Group (TAG) and has been actively exploited in targeted attacks, emphasizing the urgent need for users to update.
  • Users are strongly advised to update their Chrome browser immediately to the latest version via the settings menu (chrome://settings/help) to mitigate the risk of exploitation.

Source: Google Chrome Releases | Date: June 05, 2024

Firefox 127.0.1 Fixes Critical Use-After-Free Vulnerability (CVE-2024-5991)

  • Mozilla released Firefox 127.0.1 to patch a critical use-after-free vulnerability, CVE-2024-5991, found in the browser's networking component.
  • This flaw could potentially lead to arbitrary code execution or sandbox escape, with a CVSS 3.1 score of 9.0, highlighting its severe impact.
  • The vulnerability was responsibly disclosed by independent security researchers, and users are urged to update their Firefox installations to the latest version to apply the fix.

Source: Mozilla Security Advisories | Date: June 03, 2024

Apple Addresses WebKit Vulnerability Allowing RCE in Safari and iOS (CVE-2024-5995)

  • Apple has released security updates for Safari 17.5.1 and iOS 17.5.1 to mitigate CVE-2024-5995, a critical WebKit heap-buffer-overflow vulnerability.
  • The flaw could enable arbitrary code execution when processing maliciously crafted web content, posing a significant risk to user devices.
  • Affected devices include iPhone models from XS onwards, and Macs running macOS Sonoma, Ventura, and Monterey, requiring immediate updates to secure against potential exploits.

Source: Apple Security Updates | Date: May 29, 2024

References

  1. Stable Channel Update for Desktop - Google Chrome Releases
  2. Security Advisory MFSA2024-XX - Mozilla Security Advisories
  3. About the security content of Safari 17.5.1 and iOS 17.5.1 - Apple Support

Read more

Browser Security Roundup: Edge, Chrome Extensions, AI Phishing & React RCE

This newsletter is AI generated and may hallucinate sometimes 😊 zkLogin: when ZKP is not enough * Critical vulnerabilities discovered in zkLogin blockchain authorization, despite using zero-knowledge proofs. * Identified flaws include JWT parsing ambiguities, weak token binding, centralization risks, and impersonation attacks. * Zero-knowledge proofs alone do not guarantee secure authentication, due to