Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities.

Chrome 134 and Firefox 136 were released to the stable channel on Tuesday with patches for dozens of vulnerabilities, including multiple high-severity bugs.

Google rolled out Chrome 134 with 14 security fixes, including nine for security defects reported by external researchers.

The most severe of these is CVE-2025-1914, a high-severity out-of-bounds read bug in the V8 JavaScript engine that earned its two reporting researchers a $7,000 bug bounty reward.

The latest Chrome update resolves six externally reported medium-severity flaws, including an improper limitation in DevTools, a use-after-free in Profiles, improper implementations in Browser UI and Media Stream, and out-of-bounds reads in PDFium and Media.

Two low-severity improper implementations in Selection and Permission Prompts were also addressed in this browser release.

Google says it handed out a total of $27,000 in ...