The Chrome 147 update includes 30 security fixes, notably four critical use-after-free vulnerabilities (CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, CVE-2026-7343) affecting Canvas, iOS, Accessibility, and Views components. Most other fixes are memory safety bugs such as use-after-free, out-of-bounds, buffer overflow, and type confusion issues. Firefox 150.0.1 addresses four security flaws (CVE-2026-7322, CVE-2026-7323, CVE-2026-7324, CVE-2026-7320), including critical memory corruption bugs potentially exploitable for arbitrary code execution and an information disclosure bug in the Audio/Video component. Firefox ESR versions 140.10.1 and 115.35.1 also include these fixes. Both vendors have released official patches to remediate these vulnerabilities.

Successful exploitation of the use-after-free and memory corruption vulnerabilities could allow attackers to execute arbitrary code within the context of the affected browsers, potentially leading to full compromise of the browser process. The information disclosure vulnerability in Firefox could leak sensitive information. These vulnerabilities pose a critical risk to users if left unpatched.

Official security updates for Chrome 147 and Firefox 150.0.1 have been released and should be applied promptly. Users should update their browsers to the latest versions (Chrome 147.0.7727.137/138 and Firefox 150.0.1 or ESR 140.10.1/115.35.1) to mitigate these vulnerabilities. No additional vendor-recommended mitigations are indicated beyond applying these patches.