The recent fixing of a Chrome zero-day vulnerability by Google has prompted developers of the Firefox browser to investigate for a similar flaw – and they have indeed found one. The vulnerability, known as CVE-2025-2857, has not shown signs of being actively exploited so far, but the discovery has raised concerns in the cybersecurity community.
With Chrome holding a dominant market share of 66.3%, while Firefox lags behind at only 2.62%, the potential impact of the Firefox bug may be less widespread but still significant. The vulnerability, which was identified in Firefox’s IPC code, allowed a compromised child process to manipulate the parent process and escape the browser’s security sandbox.
Mozilla acted swiftly to address the issue by releasing security updates for Firefox versions 136.0.4, ESR v128.8.1, and ESR v115.21.1 for Windows. Additionally, the Tor Project, which utilizes a modified version of Firefox ESR, has also rolled out an emergency security update to protect its users.
In response to the vulnerability in Chrome, Opera developers have already implemented the necessary security patch, and other Chromium-based browsers like Microsoft Edge, Brave, and Vivaldi are expected to follow suit soon. The severity of the vulnerability was underscored by Kaspersky researchers, who were initially puzzled by its ability to circumvent Chrome’s sandbox protection without triggering any obvious red flags.
The researchers also noted that the exploitation of CVE-2025-2857 was coupled with another vulnerability that facilitated remote code execution, adding another layer of concern to the situation. They have committed to releasing a detailed report on the exploit, shedding light on the techniques and malware used by the threat actors.
Overall, the discovery of the Firefox vulnerability serves as a reminder of the constant cat-and-mouse game between cybercriminals and cybersecurity experts. The proactive response from Mozilla and other browser developers highlights the importance of swift patching and regular security updates to mitigate the risk of exploitation. As internet users continue to rely on browsers for their daily activities, ensuring the integrity and security of these platforms remains a top priority for the tech industry.