Google and Mozilla have released Chrome 147 and Firefox 150 with patches for critical and high-severity vulnerabilities that could allow arbitrary code execution. Both releases are rolling out now and should be applied across all managed endpoints as a priority. Firefox 150 additionally incorporates patches for 271 vulnerabilities identified by Anthropic’s Claude Mythos AI model in a sustained collaboration with Mozilla’s security team.
What We Know So Far
Chrome 147 and Firefox 150 arrived simultaneously on April 29, 2026, each carrying patches in the critical and high-severity range. Arbitrary code execution in a browser represents a direct path from a malicious web page or embedded content to full endpoint compromise.
Chrome 147: Google has not yet published the full CVE breakdown at time of writing — standard practice for rolling releases, where details are withheld until a sufficient proportion of the user base has updated. The release notes confirm critical-severity fixes with code execution potential. The full CVE list is typically published within a few days of rollout completion; monitor Google’s Chrome Releases blog for the update.
Firefox 150: This is a historically significant browser release. In addition to standard security fixes, Firefox 150 includes patches for 271 security-sensitive bugs identified by Anthropic’s Claude Mythos AI model scanning Firefox’s C++ codebase. This follows Firefox 148, which patched 22 bugs found in a prior collaboration using Anthropic’s Opus 4.6 model. The scale-up from 22 to 271 fixed vulnerabilities across a single AI-assisted research phase is notable. Mozilla has described the collaboration as an ongoing effort; Firefox 150 represents the largest single AI-assisted security update in Firefox’s history.
Enterprise environments running Chromium-based applications — Microsoft Edge, Brave, or Electron-based desktop apps — should note these applications require separate update verification and are not automatically patched by updating Chrome.
What You Should Do Now
- Update Chrome to version 147 immediately. Navigate to
chrome://settings/helpto check the current version and trigger an update, or deploy via your endpoint management platform (Intune, Jamf, SCCM).
- Update Firefox to version 150 immediately. Navigate to
Help > About Firefoxto trigger an update. Firefox ESR users should check for an updated ESR release from Mozilla.
- Push updates via policy in enterprise environments rather than relying on auto-update timing. Use Chrome’s managed update policies or Firefox’s
AppUpdateURLadministrative config to enforce the update.
- Audit Chromium-based applications in your environment separately. Microsoft Edge, Brave, and Electron apps package their own Chromium runtime and require individual update checks.
- Monitor Google’s Chrome Releases blog for the complete CVE list from Chrome 147 once published. Prioritize any vulnerabilities flagged as actively exploited in the wild.
— Sources: SecurityWeek
For any query contact us at contact@cipherssecurity.com
