Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Chrome & Chromium
Chrome 84.0.4147.89 Stable Channel Update for Desktop
Message
<blockquote data-quote="Bot" data-source="post: 894238" data-attributes="member: 52014"><p>The Chrome team is delighted to announce the promotion of Chrome 84 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.</p><p></p><p>Chrome 84.0.4147.89 <span style="font-size: 17px"><span style="color: #666666">contains a number of fixes and improvements -- a list of changes is available in the</span></span><a href="https://chromium.googlesource.com/chromium/src/+log/81.0.4044.138..83.0.4103.61?pretty=fuller&n=10000" target="_blank"><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #4184f3"> log</span></span></span></a><span style="font-size: 17px"><span style="color: #666666">. Watch out for upcoming</span></span><a href="https://chrome.blogspot.com/" target="_blank"><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #4184f3"> Chrome</span></span></span></a><span style="font-size: 17px"><span style="color: #666666"> and</span></span><a href="https://blog.chromium.org/" target="_blank"><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #4184f3"> Chromium</span></span></span></a><span style="font-size: 17px"><span style="color: #666666"> blog posts about new features and big efforts delivered in</span></span> 84</p><p></p><p><strong> Security Fixes and Rewards</strong></p><p></p><p><em><span style="color: #666666">Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.</span></em></p><p></p><p><span style="color: #666666">This update includes </span><a href="https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-0-M84" target="_blank"><span style="color: #1155cc">38</span></a><span style="color: #666666"> security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the </span><a href="https://sites.google.com/a/chromium.org/dev/Home/chromium-security" target="_blank"><span style="color: #1155cc">Chrome Security Page</span></a><span style="color: #666666"> for more information.</span></p><p></p><p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1103195" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1103195</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Critical </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6510: Heap buffer overflow in background fetch. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$5000][</span></span><a href="https://crbug.com/1074317" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1074317</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6511: Side-channel information leakage in content security policy. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Mikhail Oblozhikhin on 2020-04-24</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$5000][</span></span><a href="https://crbug.com/1084820" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1084820</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6512: Type Confusion in V8. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$2000][</span></span><a href="https://crbug.com/1091404" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1091404</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6513: Heap buffer overflow in PDFium. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1076703" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1076703</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6514: Inappropriate implementation in WebRTC. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1082755" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1082755</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6515: Use after free in tab strip. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by DDV_UA on 2020-05-14</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1092449" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1092449</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6516: Policy bypass in CORS. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1095560" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1095560</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6517: Heap buffer overflow in history. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$3000][</span></span><a href="https://crbug.com/986051" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">986051</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6518: Use after free in developer tools. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by David Erceg on 2019-07-20</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$3000][</span></span><a href="https://crbug.com/1064676" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1064676</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6519: Policy bypass in CSP. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$1000][</span></span><a href="https://crbug.com/1092274" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1092274</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6520: Heap buffer overflow in Skia. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1075734" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1075734</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6521: Side-channel information leakage in autofill. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1052093" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1052093</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6522: Inappropriate implementation in external protocol handlers. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Eric Lawrence of Microsoft on 2020-02-13</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1080481" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1080481</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6523: Out of bounds write in Skia. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1081722" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1081722</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6524: Heap buffer overflow in WebAudio. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1091670" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1091670</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6525: Heap buffer overflow in Skia. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$1000][</span></span><a href="https://crbug.com/1074340" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1074340</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6526: Inappropriate implementation in iframe sandbox. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Jonathan Kingston on 2020-04-24</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/992698" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">992698</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6527: Insufficient policy enforcement in CSP. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1063690" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1063690</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6528: Incorrect security UI in basic auth. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Rayyan Bijoora on 2020-03-22</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/978779" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">978779</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6529: Inappropriate implementation in WebRTC. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by kaustubhvats7 on 2019-06-26</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1016278" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1016278</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6530: Out of bounds memory access in developer tools. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by myvyang on 2019-10-21</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1042986" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1042986</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6531: Side-channel information leakage in scroll to text. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1069964" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1069964</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6533: Type Confusion in V8. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1072412" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1072412</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6534: Heap buffer overflow in WebRTC. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Anonymous on 2020-04-20</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1073409" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1073409</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6535: Insufficient data validation in WebUI. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22</span></span></em></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1080934" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1080934</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'arial'"><span style="color: #666666">CVE-2020-6536: Incorrect security UI in PWAs. </span></span><em><span style="font-family: 'arial'"><span style="color: #666666">Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09</span></span></em></p> <p style="text-align: left"></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.</span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666"></span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">As usual, our ongoing internal security work was responsible for a wide range of fixes:</span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666"></span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">[</span></span><a href="https://crbug.com/1105224" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">1105224</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">] Various fixes from internal audits, fuzzing and other initiatives</span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666"></span></span></p> <p style="text-align: left"><span style="font-family: 'arial'"><span style="color: #666666">Many of our security bugs are detected using </span></span><a href="https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">AddressSanitizer</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">, </span></span><a href="https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">MemorySanitizer</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">, </span></span><a href="https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">UndefinedBehaviorSanitizer</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">, </span></span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">Control Flow Integrity</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">, </span></span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">libFuzzer</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">, or </span></span><a href="https://github.com/google/afl" target="_blank"><span style="font-family: 'arial'"><span style="color: #1155cc">AFL</span></span></a><span style="font-family: 'arial'"><span style="color: #666666">.</span></span></p><p><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666">Interested in switching release channels? Find out how </span></span></span><a href="https://www.chromium.org/getting-involved/dev-channel" target="_blank"><span style="font-size: 17px"><span style="font-family: 'tinos'"><span style="color: #4184f3"><strong><span style="font-family: 'arial'"><span style="color: black">here</span></span></strong></span></span></span></a><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666">. If you find a new issue, please let us know by </span></span></span><a href="https://crbug.com/" target="_blank"><span style="font-size: 17px"><span style="font-family: 'tinos'"><span style="color: #4184f3"><strong><span style="font-family: 'arial'"><span style="color: black">filing a bug</span></span></strong></span></span></span></a><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666">. The </span></span></span><a href="https://productforums.google.com/forum/#!forum/chrome" target="_blank"><span style="font-size: 17px"><span style="font-family: 'tinos'"><span style="color: #4184f3"><strong><span style="font-family: 'arial'"><span style="color: black">community help forum</span></span></strong></span></span></span></a><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666"> is also a great place to reach out for help or learn about common issues.</span></span></span></p><p></p><p>Google Chrome</p><p>Prudhvikumar Bommana</p><p><img src="http://feeds.feedburner.com/~r/GoogleChromeReleases/~4/pd2u-fdCugs" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>Source: <a href="http://feedproxy.google.com/~r/GoogleChromeReleases/~3/pd2u-fdCugs/stable-channel-update-for-desktop.html" target="_blank">Stable Channel Update for Desktop</a></p></blockquote><p></p>
[QUOTE="Bot, post: 894238, member: 52014"] The Chrome team is delighted to announce the promotion of Chrome 84 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 84.0.4147.89 [SIZE=17px][COLOR=#666666]contains a number of fixes and improvements -- a list of changes is available in the[/COLOR][/SIZE][URL='https://chromium.googlesource.com/chromium/src/+log/81.0.4044.138..83.0.4103.61?pretty=fuller&n=10000'][SIZE=17px][FONT=arial][COLOR=#4184f3] log[/COLOR][/FONT][/SIZE][/URL][SIZE=17px][COLOR=#666666]. Watch out for upcoming[/COLOR][/SIZE][URL='https://chrome.blogspot.com/'][SIZE=17px][FONT=arial][COLOR=#4184f3] Chrome[/COLOR][/FONT][/SIZE][/URL][SIZE=17px][COLOR=#666666] and[/COLOR][/SIZE][URL='https://blog.chromium.org/'][SIZE=17px][FONT=arial][COLOR=#4184f3] Chromium[/COLOR][/FONT][/SIZE][/URL][SIZE=17px][COLOR=#666666] blog posts about new features and big efforts delivered in[/COLOR][/SIZE] 84 [B] Security Fixes and Rewards[/B] [I][COLOR=#666666]Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.[/COLOR][/I] [COLOR=#666666]This update includes [/COLOR][URL='https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-0-M84'][COLOR=#1155cc]38[/COLOR][/URL][COLOR=#666666] security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [/COLOR][URL='https://sites.google.com/a/chromium.org/dev/Home/chromium-security'][COLOR=#1155cc]Chrome Security Page[/COLOR][/URL][COLOR=#666666] for more information.[/COLOR] [LEFT][FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1103195'][FONT=arial][COLOR=#1155cc]1103195[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Critical [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6510: Heap buffer overflow in background fetch. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$5000][[/COLOR][/FONT][URL='https://crbug.com/1074317'][FONT=arial][COLOR=#1155cc]1074317[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6511: Side-channel information leakage in content security policy. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Mikhail Oblozhikhin on 2020-04-24[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$5000][[/COLOR][/FONT][URL='https://crbug.com/1084820'][FONT=arial][COLOR=#1155cc]1084820[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6512: Type Confusion in V8. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$2000][[/COLOR][/FONT][URL='https://crbug.com/1091404'][FONT=arial][COLOR=#1155cc]1091404[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6513: Heap buffer overflow in PDFium. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1076703'][FONT=arial][COLOR=#1155cc]1076703[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6514: Inappropriate implementation in WebRTC. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1082755'][FONT=arial][COLOR=#1155cc]1082755[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6515: Use after free in tab strip. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by DDV_UA on 2020-05-14[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1092449'][FONT=arial][COLOR=#1155cc]1092449[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6516: Policy bypass in CORS. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1095560'][FONT=arial][COLOR=#1155cc]1095560[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6517: Heap buffer overflow in history. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$3000][[/COLOR][/FONT][URL='https://crbug.com/986051'][FONT=arial][COLOR=#1155cc]986051[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6518: Use after free in developer tools. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by David Erceg on 2019-07-20[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$3000][[/COLOR][/FONT][URL='https://crbug.com/1064676'][FONT=arial][COLOR=#1155cc]1064676[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6519: Policy bypass in CSP. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$1000][[/COLOR][/FONT][URL='https://crbug.com/1092274'][FONT=arial][COLOR=#1155cc]1092274[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6520: Heap buffer overflow in Skia. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1075734'][FONT=arial][COLOR=#1155cc]1075734[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6521: Side-channel information leakage in autofill. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1052093'][FONT=arial][COLOR=#1155cc]1052093[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6522: Inappropriate implementation in external protocol handlers. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Eric Lawrence of Microsoft on 2020-02-13[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1080481'][FONT=arial][COLOR=#1155cc]1080481[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6523: Out of bounds write in Skia. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1081722'][FONT=arial][COLOR=#1155cc]1081722[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6524: Heap buffer overflow in WebAudio. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1091670'][FONT=arial][COLOR=#1155cc]1091670[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6525: Heap buffer overflow in Skia. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$1000][[/COLOR][/FONT][URL='https://crbug.com/1074340'][FONT=arial][COLOR=#1155cc]1074340[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6526: Inappropriate implementation in iframe sandbox. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Jonathan Kingston on 2020-04-24[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/992698'][FONT=arial][COLOR=#1155cc]992698[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6527: Insufficient policy enforcement in CSP. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1063690'][FONT=arial][COLOR=#1155cc]1063690[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6528: Incorrect security UI in basic auth. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Rayyan Bijoora on 2020-03-22[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/978779'][FONT=arial][COLOR=#1155cc]978779[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6529: Inappropriate implementation in WebRTC. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by kaustubhvats7 on 2019-06-26[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1016278'][FONT=arial][COLOR=#1155cc]1016278[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6530: Out of bounds memory access in developer tools. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by myvyang on 2019-10-21[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1042986'][FONT=arial][COLOR=#1155cc]1042986[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6531: Side-channel information leakage in scroll to text. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1069964'][FONT=arial][COLOR=#1155cc]1069964[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6533: Type Confusion in V8. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1072412'][FONT=arial][COLOR=#1155cc]1072412[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6534: Heap buffer overflow in WebRTC. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Anonymous on 2020-04-20[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1073409'][FONT=arial][COLOR=#1155cc]1073409[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6535: Insufficient data validation in WebUI. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1080934'][FONT=arial][COLOR=#1155cc]1080934[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=arial][COLOR=#666666]CVE-2020-6536: Incorrect security UI in PWAs. [/COLOR][/FONT][I][FONT=arial][COLOR=#666666]Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09[/COLOR][/FONT][/I] [FONT=arial][COLOR=#666666]We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [[/COLOR][/FONT][URL='https://crbug.com/1105224'][FONT=arial][COLOR=#1155cc]1105224[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666]] Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using [/COLOR][/FONT][URL='https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer'][FONT=arial][COLOR=#1155cc]AddressSanitizer[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666], [/COLOR][/FONT][URL='https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer'][FONT=arial][COLOR=#1155cc]MemorySanitizer[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666], [/COLOR][/FONT][URL='https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer'][FONT=arial][COLOR=#1155cc]UndefinedBehaviorSanitizer[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666], [/COLOR][/FONT][URL='https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity'][FONT=arial][COLOR=#1155cc]Control Flow Integrity[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666], [/COLOR][/FONT][URL='https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer'][FONT=arial][COLOR=#1155cc]libFuzzer[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666], or [/COLOR][/FONT][URL='https://github.com/google/afl'][FONT=arial][COLOR=#1155cc]AFL[/COLOR][/FONT][/URL][FONT=arial][COLOR=#666666].[/COLOR][/FONT][/LEFT] [SIZE=17px][FONT=arial][COLOR=#666666]Interested in switching release channels? Find out how [/COLOR][/FONT][/SIZE][URL='https://www.chromium.org/getting-involved/dev-channel'][SIZE=17px][FONT=tinos][COLOR=#4184f3][B][FONT=arial][COLOR=black]here[/COLOR][/FONT][/B][/COLOR][/FONT][/SIZE][/URL][SIZE=17px][FONT=arial][COLOR=#666666]. If you find a new issue, please let us know by [/COLOR][/FONT][/SIZE][URL='https://crbug.com/'][SIZE=17px][FONT=tinos][COLOR=#4184f3][B][FONT=arial][COLOR=black]filing a bug[/COLOR][/FONT][/B][/COLOR][/FONT][/SIZE][/URL][SIZE=17px][FONT=arial][COLOR=#666666]. The [/COLOR][/FONT][/SIZE][URL='https://productforums.google.com/forum/#!forum/chrome'][SIZE=17px][FONT=tinos][COLOR=#4184f3][B][FONT=arial][COLOR=black]community help forum[/COLOR][/FONT][/B][/COLOR][/FONT][/SIZE][/URL][SIZE=17px][FONT=arial][COLOR=#666666] is also a great place to reach out for help or learn about common issues.[/COLOR][/FONT][/SIZE] Google Chrome Prudhvikumar Bommana [IMG]http://feeds.feedburner.com/~r/GoogleChromeReleases/~4/pd2u-fdCugs[/IMG] Source: [URL="http://feedproxy.google.com/~r/GoogleChromeReleases/~3/pd2u-fdCugs/stable-channel-update-for-desktop.html"]Stable Channel Update for Desktop[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top