(Image: heise online / dmk). Updates for web browsers Chrome and Firefox as well as the Thunderbird email client patch several critical security vulnerabilities. The manufacturers of web browsers [1] Chrome and Firefox as well as the Thunderbird mail software have released updated software versions. These close security gaps that are partly classified as critical. Firefox also brings some interesting features, such as selectable countries for VPN endpoints.
Google Updates. Google’s developers have now delivered the list [2] of security vulnerabilities closed in the latest Chrome browser updates. The total number has dropped significantly again; the update patches 16 security holes. However, two of these are classified as critical risk and nine as high-risk threats. Versions Chrome 148.0.7778.178 for Android and Linux as well as 148.0.7778.178/179 for macOS and Windows address the security-relevant errors. Google is also daring to transition to Chrome 149 in an initially limited rollout for Android and iOS.
According to Ars Technica [3], Google’s developers have had a small mishap in the meantime. On Wednesday, they accidentally published proof-of-concept code for a vulnerability reported about two and a half years ago in Chromium’s issue tracker. According to reports, it is supposed to open a kind of persistent (at least in Microsoft Edge) JavaScript backdoor and turn the browser into part of a botnet with limited capabilities even across restarts – however, a fix for this is still pending, explains discoverer Lyra Rebane on the social network Mastodon [4].
Updated Mozilla Software. Security vulnerabilities were not only discovered and patched in Chromium-based browsers, but also in those from the Mozilla Foundation. The new versions Firefox 151, Firefox 151 for iOS, Firefox ESR 140.11 and 115.36 as well as Thunderbird 151 and 140.11 close numerous security vulnerabilities. Firefox ESR 115.36 is the extended support line for older operating systems such as Windows 7 [5] and 8 and macOS up to version 10.14 – Mozilla will only maintain it until the end of August 2026. In the 151 Firefox version, there are six high-risk vulnerabilities, twelve medium-severity and 13 security holes classified as low-risk.
However, the 151 development branch also comes with some interesting new features. Firefox offers 50 GB of free VPN traffic monthly. In the new browser version, interested users can select from five countries where the VPN endpoints should originate: Germany, France, the United Kingdom, Canada and the USA. Under Android and iOS, there are now settings for AI features. In private mode, users can reset the session with the flame-shaped “Clear private session” button in the address bar; a browser restart is no longer required.
Since projects building on these also include browsers such as Microsoft’s Edge, which is based on Chromium, or the Tor Browser, which is based on Firefox, updated versions for these should also appear shortly. Users should check whether updates are already available, for example by calling up the version dialog of the software. This is regularly found in the settings menu under “Help” – “About” and installs any available updates if necessary.
(dmk [7]). URL of this article:
https://www.heise.de/-11301606
Links in this article:
https://www.heise.de/thema/Browser
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html
https://arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/
https://infosec.exchange/@rebane2001/116606719764376414
https://www.heise.de/news/Mozilla-kappt-Firefox-Support-fuer-Windows-7-8-und-8-1-endgueltig-11180671.html
heise security PRO
mailto:dmk@heise.de
Copyright © 2026 Heise Medien
heise security News