Executive Summary

Recent releases of Mozilla Firefox 145 and Google Chrome 142 have addressed multiple high-severity vulnerabilities that pose significant risks to enterprise and individual users alike. These vulnerabilities, if left unpatched, could enable remote code execution, sandbox escapes, and security policy bypasses, potentially allowing attackers to gain unauthorized access to sensitive data or escalate privileges within affected systems. While there is currently no confirmed exploitation in the wild, the technical nature of these flaws and their historical attractiveness to advanced persistent threat (APT) actors make immediate remediation imperative. This advisory provides a comprehensive technical breakdown of the vulnerabilities, discusses exploitation potential, highlights the risk landscape, and offers actionable mitigation guidance.

Threat Actor Profile

The latest security updates for Mozilla Firefox 145 and Google Chrome 142 address a series of critical vulnerabilities, many of which are rooted in complex browser subsystems such as WebGPU, JavaScript engines (including V8 and JIT), and graphics processing components. These vulnerabilities are particularly dangerous due to their potential to facilitate remote code execution (RCE) and sandbox escapes, which are among the most sought-after capabilities for attackers targeting browsers.

In Mozilla Firefox 145, the most severe vulnerabilities are concentrated in the WebGPU and JavaScript JIT components. For example, CVE-2025-13021, CVE-2025-13022, CVE-2025-13023, CVE-2025-13025, and CVE-2025-13026 all involve incorrect boundary conditions in WebGPU, which can lead to memory corruption. Such flaws can be exploited to execute arbitrary code within the context of the browser, potentially escaping the browser sandbox and compromising the underlying operating system. CVE-2025-13012 describes a race condition in the graphics subsystem, which can also result in unpredictable behavior and potential code execution. CVE-2025-13016 targets WebAssembly, a technology increasingly used for high-performance web applications, and highlights the risk of boundary condition errors in this context. CVE-2025-13024 involves a miscompilation in the JavaScript JIT engine, which could allow crafted JavaScript to subvert intended execution flows. The most broadly impactful, CVE-2025-13027, encompasses multiple memory safety bugs across components, with Mozilla explicitly stating that some of these have shown evidence of memory corruption and are presumed exploitable for arbitrary code execution.

Moderate and low-severity vulnerabilities in Firefox 145 include same-origin policy bypasses (CVE-2025-13017, CVE-2025-13019), mitigation bypasses (CVE-2025-13018, CVE-2025-13013), use-after-free conditions in audio/video processing (CVE-2025-13020, CVE-2025-13014), and a spoofing issue (CVE-2025-13015). While these are less likely to result in full system compromise, they can be leveraged in multi-stage attacks or to facilitate social engineering.

Google Chrome 142 addresses several high-severity vulnerabilities, most notably CVE-2025-12725, an out-of-bounds write in WebGPU. This type of vulnerability is a classic vector for remote code execution, as it allows an attacker to overwrite critical memory structures and hijack program control flow. CVE-2025-12726 and CVE-2025-12727 involve inappropriate implementations in the Views subsystem and the V8 JavaScript Engine, respectively. The V8 engine, in particular, is a frequent target for exploit developers due to its complexity and the high value of successful exploitation, which can lead to sandbox escapes and privilege escalation.

Medium-severity issues in Chrome 142 include inappropriate implementations in the Omnibox (address/search bar), as seen in CVE-2025-12728 and CVE-2025-12729. While these are less likely to result in direct code execution, they can be used for phishing, spoofing, or as part of exploit chains.

Both Mozilla and Google have withheld detailed technical information and proof-of-concept (POC) code for these vulnerabilities to prevent opportunistic exploitation before the majority of users have updated. However, the vendors’ advisories and the nature of the bugs indicate that exploitation is plausible, especially by sophisticated threat actors.

From a technical perspective, the exploitation of these vulnerabilities typically involves crafting malicious web content—such as a specially designed HTML page or JavaScript payload—that triggers the underlying flaw when rendered by the browser. For memory corruption and out-of-bounds write vulnerabilities, attackers may use techniques such as heap spraying, type confusion, or use-after-free exploitation to achieve arbitrary code execution. Sandbox escape vulnerabilities are particularly valuable, as they allow attackers to break out of the browser’s restricted environment and execute code with higher privileges on the host system.

The WebGPU API, which is designed to provide high-performance graphics and computation capabilities in modern browsers, is a relatively new and complex attack surface. Its integration with low-level system resources makes it a prime target for memory safety issues. Similarly, the JavaScript JIT and V8 engines are highly optimized for performance, but their complexity and dynamic nature make them susceptible to subtle bugs that can be weaponized by attackers.

Technical Analysis of Malware/TTPs

As of the publication of this advisory, there is no confirmed evidence of public exploitation of the specific CVEs addressed in Firefox 145 and Chrome 142. Both Mozilla and Google have indicated that the vulnerabilities are severe enough to presume exploitability, particularly for memory corruption and sandbox escape bugs. Historically, similar vulnerabilities have been rapidly adopted by exploit kit developers and APT groups once details become available.

Memory safety and JIT-related vulnerabilities in browsers are among the most frequently targeted by attackers seeking initial access to enterprise environments. Exploitation typically occurs via drive-by compromise, where users are lured to malicious or compromised websites that deliver the exploit payload. Successful exploitation can result in the execution of arbitrary code, installation of malware, or further lateral movement within the victim’s network.

Organizations should be aware that the window between vulnerability disclosure and active exploitation is shrinking, especially for high-profile browser vulnerabilities. Attackers often reverse-engineer patches to develop exploits, making timely patching critical.

Exploitation in the Wild

No specific APT group has been publicly linked to the exploitation of these particular vulnerabilities as of this report. However, browser zero-days are a well-documented target for state-sponsored actors and advanced persistent threat groups, including APT28, APT29, and other nation-state entities. These groups have historically leveraged browser vulnerabilities for spear-phishing campaigns, watering hole attacks, and targeted intrusions against government, defense, technology, and critical infrastructure sectors.

The technical characteristics of the vulnerabilities patched in Firefox 145 and Chrome 142—notably those affecting WebGPU and JavaScript engines—align with the types of flaws that have been exploited by APT groups in the past. These actors are known to invest significant resources in identifying and weaponizing browser vulnerabilities, often chaining multiple bugs to achieve reliable exploitation and privilege escalation.

Given the high value of browser exploits in the cyber threat landscape, it is reasonable to anticipate that APT groups are actively analyzing these patches and may attempt to develop working exploits in the near future.

Victimology and Targeting

The vulnerabilities discussed in this advisory affect the following product versions:

Mozilla Firefox: All versions prior to 145 are affected by the high-severity vulnerabilities described above.Mozilla Firefox ESR: All versions prior to 115.30 and 140.5 are affected.Mozilla Thunderbird: All versions prior to 145 are affected by at least CVE-2025-13027.

Google Chrome: All versions prior to 142.0.7444.134 (Windows, Linux) and 142.0.7444.135 (Windows, Mac) are affected by the high-severity vulnerabilities.Chromium-based browsers: All versions based on Chromium prior to 142.0.7444.134/.135 are also at risk, including popular derivatives such as Microsoft Edge, Brave, and Opera.

Organizations should ensure that all endpoints running these browsers are updated to the latest secure versions to mitigate the risk of exploitation.

Mitigation and Countermeasures

The most effective mitigation is the immediate update and restart of all instances of Mozilla Firefox and Google Chrome to the latest available versions—Firefox 145 and Chrome 142.0.7444.134/.135, respectively. This action will remediate the vulnerabilities and prevent exploitation by known attack vectors.

In addition to patching, organizations should:

• Ensure that browser auto-update mechanisms are enabled and functioning correctly across all managed endpoints, reducing the window of exposure to newly disclosed vulnerabilities.

• Monitor vendor advisories, threat intelligence feeds, and security news sources for any signs of active exploitation or the publication of new indicators of compromise (IOCs) related to these vulnerabilities.

• Consider enabling advanced browser security features such as process isolation, site isolation, and exploit protection where available. These features can limit the impact of successful exploitation by containing malicious code within a restricted environment.

• Educate users about the risks associated with phishing, drive-by downloads, and suspicious web content. User awareness remains a critical component of defense-in-depth strategies.

• Implement network monitoring to detect unusual browser process behavior, unexpected outbound connections, or exploit kit activity targeting WebGPU or JavaScript engines.

• For organizations with high security requirements, consider deploying application whitelisting, endpoint detection and response (EDR) solutions, and network segmentation to further reduce the risk of lateral movement following a successful browser exploit.

References

Mozilla Security Advisory MFSA 2025-87Mozilla Known VulnerabilitiesChrome Releases: Stable Channel Update for DesktopForbes: Restart Google Chrome 142 Now, High-Rated Security Issues ConfirmedSecurityWeek: Chrome 142 Update Patches High-Severity FlawsCyberPress: Chrome 142 Released Vulnerabilities

About Rescana

At Rescana, we understand that the evolving threat landscape requires proactive and comprehensive risk management. Our Third-Party Risk Management (TPRM) platform empowers organizations to continuously monitor, assess, and mitigate cyber risks across their digital ecosystem. While this advisory focuses on the latest browser vulnerabilities, our platform is designed to help you identify and manage a wide range of security exposures, ensuring resilience against both known and emerging threats. If you have any questions about this advisory or require further assistance, our team is ready to help at ops@rescana.com.