Back to Feed
VulnerabilitiesJul 15, 2026

Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Chrome 150 and Firefox 152 updates patch critical vulnerabilities, with public exploit code for Firefox flaws.

Summary

Google and Mozilla have released updates for Chrome 150 and Firefox 152, addressing critical-severity vulnerabilities. Firefox 152.0.6 includes patches for two critical bugs (CVE-2026-15718, CVE-2026-15719) in its JavaScript and DOM components, for which public exploit code exists, though no in-the-wild exploitation has been confirmed. Chrome 150 addresses 15 vulnerabilities, including two critical use-after-free flaws in Ozone (CVE-2026-15764, CVE-2026-15765), alongside numerous high-severity bugs.

Full text

Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities. Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both. The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component. “We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw,” Mozilla notes for both weaknesses. Google fixed 15 vulnerabilities with the latest Chrome update, including two critical use-after-free flaws in Ozone, tracked as CVE-2026-15764 and CVE-2026-15765. The browser refresh also resolves 12 high-severity bugs across Skia, Libyuv, HTML-in-Canvas, Linux Toolkit Theming, V8, Media, GPU, Core, and UI, including uninitialized use, heap buffer overflow, insufficient policy enforcement, insufficient validation of untrusted input, and use-after-free issues.Advertisement. Scroll to continue reading. Only three of these security defects were reported by external researchers, while the rest were discovered by Google. The internet giant has yet to disclose the bug bounty amounts paid to the researchers. Google makes no mention of any of the patched vulnerabilities being exploited in the wild. The latest Chrome iteration is now rolling out as versions 150.0.7871.124/.125 for Windows and macOS and as version 150.0.7871.124 for Linux. Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days Related: Adobe Patches Critical ColdFusion Vulnerabilities Related: 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Multiple Jscrambler Packages Impacted by Supply Chain AttackRabbitMQ Vulnerability Threatens Enterprise SystemsZimbra Patches Critical Code Execution VulnerabilityOrganizations Warned of Exploited Joomla Extension VulnerabilitiesProgress Prompts ShareFile Storage Zone Controller Shutdown Amid Security ConcernsGhost Accounts Abuse GitHub API in Mass Recon CampaignOkta Warns of Vishing Attacks Targeting Microsoft 365 CustomersGigaWiper Combines Multiple Malware for System-Level Sabotage Latest News SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day ExploitsMicrosoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-DaysSynopsys Finds No Evidence of Data Breach Amid Bosch Hack ClaimsAdobe Patches Critical ColdFusion Vulnerabilities7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, CalendarSAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce CloudUS, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveF5 has appointed Cathy Peterman as Chief People Officer.Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

  • cve — CVE-2026-15718
  • cve — CVE-2026-15719
  • cve — CVE-2026-15764
  • cve — CVE-2026-15765

Entities

Chrome (product)Firefox (product)Google (vendor)Mozilla (vendor)