Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    3 Questions: Neural transparency and the future of AI design | MIT News

    July 16, 2026

    Apple now lets you pay for cellular iPads over 3 years, and it’s a sign of a pricey trend that won’t halt soon

    July 16, 2026

    How You Distill 80 Years of Marvel Comics Into Magic: The Gathering Cards

    July 15, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
    Cybersecurity

    Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

    InfoForTechBy InfoForTechJuly 15, 2026No Comments3 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email


    Ravie LakshmananJul 15, 2026Vulnerability / Browser Security

    Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published.

    The vulnerabilities are listed below –

    • CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component
    • CVE-2026-15719, a site isolation in the DOM: Navigation component

    “We are aware that exploit code for this is public, however we are not aware of any attacks in the wild abusing this flaw,” Mozilla said in an advisory. Both vulnerabilities have been addressed in Firefox version 152.0.6.

    The release comes as Google shipped fixes for 15 security flaws, including two critical use-after-free bugs in Ozone (CVE-2026-15764 and CVE-2026-15765), a cross-platform abstraction layer that allows the browser to interact natively with various display servers and windowing systems. It supports Linux, ChromeOS, and Fuchsia.

    “Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page,” according to a description of CVE-2026-15764 in the NIST National Vulnerability Database (NVD).

    The shortcomings have been patched in Chrome version 150.0.7871.124/.125 for Windows and Mac and 150.0.7871.124 for Linux.

    In a related development, Adobe has published security updates for 88 vulnerabilities, including multiple critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator. Of these, eight impact Adobe ColdFusion –

    • CVE-2026-48318 (CVSS score: 9.9) – A path traversal vulnerability that could lead to arbitrary code execution
    • CVE-2026-48322 (CVSS score: 9.6) – A code injection vulnerability that could lead to arbitrary code execution
    • CVE-2026-48284 (CVSS score: 9.6) – An improper input validation vulnerability that could lead to arbitrary code execution 
    • CVE-2026-48321 (CVSS score: 9.3) – An incorrect authorization vulnerability that could lead to privilege escalation
    • CVE-2026-48325 (CVSS score: 9.3) – A missing authentication for a critical function vulnerability that could lead to arbitrary code execution
    • CVE-2026-48319 (CVSS score: 9.1) – A path traversal vulnerability that could lead to arbitrary code execution
    • CVE-2026-48324 (CVSS score: 9.1) – An SQL injection vulnerability that could lead to arbitrary code execution
    • CVE-2026-48327 (CVSS score: 9.0) – An incorrect authorization vulnerability that could lead to arbitrary code execution

    The CodeFusion flaws have been remediated in versions ColdFusion 2025 Update 11 and ColdFusion 2023 Update 22. Also fixed by Adobe are two critical flaws each in Adobe Commerce and Magento Open Source and Adobe Experience Manager –

    • CVE-2026-48356 (CVSS score: 9.6) – A file upload vulnerability in Adobe Commerce and Magento Open Source that could lead to privilege escalation
    • CVE-2026-48358 (CVSS score: 9.1) – An improper encoding or escaping of output vulnerability in Adobe Commerce and Magento Open Source that could lead to arbitrary code execution
    • CVE-2026-48259 (CVSS score: 9.6) – A server-side request forgery vulnerability in Adobe Experience Manager that could lead to arbitrary code execution
    • CVE-2026-48359 (CVSS score: 9.6) – An improper restriction of XML external entity reference vulnerability in Adobe Experience Manager that could lead to arbitrary code execution

    Elsewhere, Broadcom has released a fix for a critical authentication bypass vulnerability in VMware Avi Load Balancer (CVE-2026-47865, CVSS score: 9.8) that a malicious user with network access can exploit to access the Avi Control plane. Filip Waeytens of the NATO Cyber Security Centre (NCSC) has been credited with discovering and reporting the flaw.

    Although none of the vulnerabilities have been marked as actively exploited, it’s essential that organizations install the latest updates, given that threat actors are known to weaponize flaws in these products in attacks.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    Troy Hunt: Weekly Update 512: IoT Lockout Fail

    July 15, 2026

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 15, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    July 14, 2026

    CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

    July 13, 2026

    Rokarolla Android Malware, How to Protect Your Banking Apps

    July 13, 2026

    Europe Must Sell Intelligence, Not Electrons

    July 13, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.