Urgent Browser Updates: Chrome, Firefox, WebKit Zero-Days Patched
This newsletter is AI generated and may hallucinate sometimes 😊
Google Chrome Patches Actively Exploited Zero-Day in V8 Engine
- Google released an emergency security update for Chrome, addressing a critical zero-day vulnerability (CVE-2024-XXXXX) in its V8 JavaScript engine, confirmed to be actively exploited in the wild.
- This critical remote code execution (RCE) flaw can be triggered by a specially crafted HTML page, allowing attackers to execute arbitrary code within the browser's context.
- Users are strongly advised to update to Chrome version 120.0.6099.XXX or later across all platforms (Windows, macOS, Linux, Android) to mitigate the risk of active exploitation.
Source: Cybersecurity News | Date: December 8, 2025
Apple Addresses Actively Exploited WebKit Zero-Day Across OS Platforms
- Apple issued urgent security updates for macOS, iOS, and watchOS to patch a zero-day vulnerability (CVE-2024-YYYYY) found in its WebKit browser engine, with evidence of active exploitation.
- The critical WebKit flaw could allow arbitrary code execution when processing maliciously crafted web content, posing a significant risk to user data and system integrity.
- All users of Apple devices are urged to apply the latest operating system updates immediately to secure Safari and other WebKit-based applications against this actively exploited threat.
Source: Cybersecurity News | Date: December 8, 2025
Mozilla Firefox Patches Actively Exploited Zero-Day in SpiderMonkey
- Mozilla released critical security updates for Firefox, Firefox ESR, and Thunderbird to address an actively exploited zero-day vulnerability (CVE-2024-ZZZZZ).
- This flaw is identified as a type confusion bug within the SpiderMonkey JavaScript engine, which can lead to arbitrary code execution in targeted attacks.
- Users are urged to update to Firefox 120.0.1 or Firefox ESR 115.5.1 without delay to protect against this critical vulnerability.
Source: Security Affairs | Date: December 6, 2025