CHROME and Firefox have issued simultaneous security updates that address more than seventy vulnerabilities, including the newly identified CVE-2026-12437 according to Google’s release blog.
Google’s Chrome release notes show that version 149.0.7827.155 and its follow‑up 156 patch thirty‑three security flaws, six of which are rated critical and stem from use‑after‑free conditions that could allow remote code execution. Among them is CVE-2026-12437, located in the WebShare subsystem, alongside flaws affecting password handling and Web Authentication as reported by SecurityWeek.
Mozilla’s Firefox 152 update resolves forty vulnerabilities, thirteen of which are marked high severity. Many of these also involve memory safety errors such as use‑after‑free that could be leveraged for remote code execution if a user visits a specially crafted page.
To date neither vendor has reported any active exploitation of these flaws in the wild, and no threat‑actor group has been linked to the disclosed issues according to the same SecurityWeek coverage.
Defenders should verify that all endpoints are running Chrome 149.0.7827.155 or later and Firefox 152 or later, enabling automatic updates where possible. Manual checks can be performed through the browser’s settings menu to confirm the exact build number as advised in the SecurityOnline advisory.
In addition to applying the patches, security teams are advised to review recent phishing attempts that might try to exploit unpatched browsers, to keep endpoint detection tools current, and to consult the vendors’ security blogs for any future advisories.