Browser Security

Tor Browser 15.0.1 Patched; Google Boosts Security with Rust Adoption

16 Nov 2025 — 2 min read

Tor Browser 15.0.1 Released with Critical Security Fixes

Tor Browser 15.0.1 was released to deliver crucial security updates, addressing several vulnerabilities, including critical flaws inherited from the upstream Firefox codebase.
The update resolves an arbitrary file deletion vulnerability (CVE-2025-20340) within Firefox's crash reporter component and an HTML sanitization bypass flaw (CVE-2025-20341).
Users are strongly advised to update their Tor Browser installation to version 15.0.1 immediately to protect against these identified security risks and ensure continued anonymity.

Source: Cybersecurity News | Date: November 15, 2025

Google reports that its adoption of the Rust programming language for critical components has led to a thousand-fold reduction in memory safety vulnerabilities across projects like Android and Chrome.
Memory safety flaws, such as use-after-free and buffer overflows, have historically constituted a significant portion (up to 70% in Chrome) of all high-severity security vulnerabilities.
The transition to Rust helps developers prevent entire classes of common security bugs at the compilation stage, significantly improving the overall security posture of Google's widely used platforms.

Source: Security.nl | Date: November 15, 2025

The ChromeOS Stable channel has been updated to version 16463.10.0, incorporating Chrome browser version 143.0.7499.11.
This update delivers the latest security fixes, performance enhancements, and new features to all users on the stable release track.
Users are strongly advised to update their ChromeOS devices promptly to ensure they are protected with the most current security measures.

Source: Chrome Releases Blog | Date: November 14, 2025

Mozilla released Firefox 145 on November 11, 2025, addressing 15 CVEs with eight rated high impact, four moderate, and one low, including memory safety bugs that could allow arbitrary code execution.
Critical fixes include CVE-2025-13027 (memory safety bugs), multiple WebGPU boundary condition vulnerabilities, and sandbox escape flaws that could allow restricted code to access sensitive system resources.
The update also introduces Phase 2 anti-fingerprinting protections that reduce uniquely identifiable users by nearly half, PDF commenting features, and drops support for 32-bit Linux systems.

Source: Cybersecurity News | Date: November 12, 2025

Microsoft released Edge 142.0.3595.80 to the Stable channel on November 14, 2025, incorporating the latest security updates from the Chromium project.
The update includes improvements to SmartScreen and Scareware Blocker features, enabling better signal sharing between these security tools when both are enabled.
Users can update their browser through the built-in update mechanism or download the latest version from Microsoft's official website for Windows, Mac, and Linux platforms.

Source: AskVG | Date: November 14, 2025

Microsoft researchers identified a novel "Whisper Leak" attack technique that can infer the topics of AI chatbot conversations from encrypted network traffic.
The attack exploits patterns in data flow between a browser-based AI assistant and its backend server, allowing an attacker to determine if a specific topic is being discussed, even without decrypting the content.
This side-channel attack poses a significant privacy risk, enabling adversaries to surreptitiously gather intelligence on sensitive conversations occurring in browser-based AI chats.

Source: The Hacker News | Date: November 15, 2025