Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.