Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities.

Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both.

The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component.

“We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw,” Mozilla notes for both weaknesses.

Google fixed 15 vulnerabilities with the latest Chrome update, including two critical use-after-free flaws in Ozone, tracked as CVE-2026-15764 and CVE-2026-15765.