The Hacker News

Top story

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation component "We are aware that exploit code for this is public, however we are not aware of

Jul 15, 2026, 1:18 PMBy info@thehackernews.com (The Hacker News)3 min readcybersecurity
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - "We are aware that exploit code for this is public, however we are not aware of any attacks in the wild abusing this flaw," Mozilla said in an advisory.

Both vulnerabilities have been addressed in Firefox version 152. 0. 6.

The release comes as Google shipped fixes for 15 security flaws, including two critical use-after-free bugs in Ozone ( CVE-2026-15764 and CVE-2026-15765 ), a cross-platform abstraction layer that allows the browser to interact natively with various display servers and windowing systems.

It supports Linux, ChromeOS, and Fuchsia. "Use after free in Ozone in Google Chrome on Linux prior to 150. 0. 7871.

125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page," according to a description of CVE-2026-15764 in the NIST National Vulnerability Database (NVD). The shortcomings have been patched in Chrome version 150. 0. 7871. 124/.

125 for Windows and Mac and 150. 0. 7871. 124 for Linux. The CodeFusion flaws have been remediated in versions ColdFusion 2025 Update 11 and ColdFusion 2023 Update 22.

Also fixed by Adobe are two critical flaws each in Adobe Commerce and Magento Open Source and Adobe Experience Manager - Elsewhere, Broadcom has released a fix for a critical authentication bypass vulnerability in VMware Avi Load Balancer ( CVE-2026-47865 , CVSS score: 9.

8) that a malicious user with network access can exploit to access the Avi Control plane. Filip Waeytens of the NATO Cyber Security Centre (NCSC) has been credited with discovering and reporting the flaw.

Although none of the vulnerabilities have been marked as actively exploited, it's essential that organizations install the latest updates, given that threat actors are known to weaponize flaws in these products in attacks.

Learn how to secure AI agents with practical controls for access, visibility, secrets, and risk containment. Learn how to govern risk, secure AI-built software, and keep control as development moves at machine speed.

Continue with the publisher

Read the original source after the immersive in-app article experience.

Read on source site
Loading...