Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Chrome & Chromium
Stable Channel Update for Desktop
Message
<blockquote data-quote="Bot" data-source="post: 857968" data-attributes="member: 52014"><p><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666">The Chrome team is delighted to announce the promotion of Chrome 80 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.</span></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666"></span></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'arial'"><span style="color: #666666">Chrome 80.0.3987.87 contains a number of fixes and improvements -- a list of changes is available in the<a href="https://chromium.googlesource.com/chromium/src/+log/79.0.3945.130..80.0.3987.87?pretty=fuller&n=10000" target="_blank"><span style="color: #4184f3"> log</span></a>. Watch out for upcoming<a href="https://chrome.blogspot.com/" target="_blank"><span style="color: #4184f3"> Chrome</span></a> and<a href="https://blog.chromium.org/" target="_blank"><span style="color: #4184f3"> Chromium</span></a> blog posts about new features and big efforts delivered in 80.</span></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'arial'"><span style="color: #666666">Security Fixes and Rewards</span></span></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><em><span style="font-family: 'arial'"><span style="color: #666666">Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.</span></span></em></span></span></p><p><span style="font-size: 17px"></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">This update includes </span></span><a href="https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-0-M80" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">56</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666"> security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the </span></span><a href="https://sites.google.com/a/chromium.org/dev/Home/chromium-security" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">Chrome Security Page</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666"> for more information.</span></span></span></span></p><p><span style="font-size: 17px"></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$5000][</span></span><a href="https://crbug.com/1034394" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1034394</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6381: Integer overflow in JavaScript. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by The UK's National Cyber Security Centre (NCSC) on 2019-12-09</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$2000][</span></span><a href="https://crbug.com/1031909" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1031909</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6382: Type Confusion in JavaScript. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Soyeon Park and Wen Xu from SSLab, Gatech on 2019-12-08</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1020745" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1020745</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2019-18197: Multiple vulnerabilities in XML. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by BlackBerry Security Incident Response Team on 2019-11-01</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1042700" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042700</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2019-19926: Inappropriate implementation in SQLite. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Richard Lorenz, SAP on 2020-01-16</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1035399" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1035399</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6385: Insufficient policy enforcement in storage. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Sergei Glazunov of Google Project Zero on 2019-12-18</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1038863" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1038863</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Richard Lorenz, SAP on 2020-01-03</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042535" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042535</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6387: Out of bounds write in WebRTC. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042879" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042879</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6388: Out of bounds memory access in WebAudio. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Sergei Glazunov of Google Project Zero on 2020-01-16</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042933" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042933</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6389: Out of bounds write in WebRTC. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1045874" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1045874</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> High </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6390: Out of bounds memory access in streams. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Sergei Glazunov of Google Project Zero on 2020-01-27</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$10000][</span></span><a href="https://crbug.com/1017871" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1017871</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6391: Insufficient validation of untrusted input in Blink. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Michał Bentkowski of Securitum on 2019-10-24</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$5000][</span></span><a href="https://crbug.com/1030411" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1030411</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6392: Insufficient policy enforcement in extensions. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Microsoft Edge Team on 2019-12-03</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$5000][</span></span><a href="https://crbug.com/1035058" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1035058</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6393: Insufficient policy enforcement in Blink. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Mark Amery on 2019-12-17</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$3000][</span></span><a href="https://crbug.com/1014371" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1014371</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6394: Insufficient policy enforcement in Blink. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Phil Freo on 2019-10-15</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$3000][</span></span><a href="https://crbug.com/1022855" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1022855</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6395: Out of bounds read in JavaScript. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Pierre Langlois from Arm on 2019-11-08</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$3000][</span></span><a href="https://crbug.com/1035271" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1035271</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6396: Inappropriate implementation in Skia. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by William Luc Ritchie on 2019-12-18</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$2000][</span></span><a href="https://crbug.com/1027408" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1027408</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6397: Incorrect security UI in sharing. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Khalil Zhani on 2019-11-22</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$2000][</span></span><a href="https://crbug.com/1032090" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1032090</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6398: Uninitialized use in PDFium. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by pdknsk on 2019-12-09</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$2000][</span></span><a href="https://crbug.com/1039869" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1039869</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6399: Insufficient policy enforcement in AppCache. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Luan Herrera (@lbherrera_) on 2020-01-07</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$1000][</span></span><a href="https://crbug.com/1038036" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1038036</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6400: Inappropriate implementation in CORS. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Takashi Yoneuchi (@y0n3uchy) on 2019-12-27</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1017707" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1017707</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Tzachy Horesh on 2019-10-24</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/1029375" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1029375</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6402: Insufficient policy enforcement in downloads. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Vladimir Metnew (@vladimir_metnew) on 2019-11-28</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$TBD][</span></span><a href="https://crbug.com/1006012" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1006012</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6403: Incorrect security UI in Omnibox. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Khalil Zhani on 2019-09-19</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1024256" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1024256</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6404: Inappropriate implementation in Blink. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by kanchi on 2019-11-13</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042145" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042145</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6405: Out of bounds read in SQLite. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Yongheng Chen(Ne0) & Rui Zhong(zr33) on 2020-01-15</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042254" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042254</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6406: Use after free in audio. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Sergei Glazunov of Google Project Zero on 2020-01-15</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1042578" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1042578</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Medium </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2019-19923: Out of bounds memory access in SQLite. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Richard Lorenz, SAP on 2020-01-16</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$1000][</span></span><a href="https://crbug.com/1026546" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1026546</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6408: Insufficient policy enforcement in CORS. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Zhong Zhaochen of andsecurity.cn on 2019-11-20</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$1000][</span></span><a href="https://crbug.com/1037889" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1037889</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6409: Inappropriate implementation in Omnibox. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Divagar S and Bharathi V from Karya Technologies on 2019-12-26</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/881675" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">881675</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6410: Insufficient policy enforcement in navigation. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by evi1m0 of Bilibili Security Team on 2018-09-07</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$500][</span></span><a href="https://crbug.com/929711" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">929711</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Khalil Zhani on 2019-02-07</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/968505" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">968505</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Zihan Zheng (@zzh1996) of University of Science and Technology of China on 2019-05-30</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1005713" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1005713</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6413: Inappropriate implementation in Blink. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Michał Bentkowski of Securitum on 2019-09-19</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1021855" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1021855</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Lijo A.T on 2019-11-06</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1029576" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1029576</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6415: Inappropriate implementation in JavaScript. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-11-30</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1031895" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1031895</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6416: Insufficient data validation in streams. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2019-12-08</span></span></em></span></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">[$N/A][</span></span><a href="https://crbug.com/1033824" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">1033824</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">]</span></span><strong><span style="font-family: 'Arial'"><span style="color: #666666"> Low </span></span></strong><span style="font-family: 'Arial'"><span style="color: #666666">CVE-2020-6417: Inappropriate implementation in installer. </span></span><em><span style="font-family: 'Arial'"><span style="color: #666666">Reported by Renato "Wrath" Moraes and Altieres "FallenHawk" Rohr on 2019-12-13</span></span></em></span></span></p><p><span style="font-size: 17px"></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.</span></span></span></span></p><p><span style="font-size: 17px"></span></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">As usual, our ongoing internal security work was responsible for a wide range of fixes:</span></span></span></span></p><p> <span style="font-size: 17px"></span></p><ul> <li data-xf-list-type="ul"><span style="font-family: 'Arial'"><span style="color: black"><span style="color: #666666">[</span><a href="https://crbug.com/1048330" target="_blank"><span style="color: #1155cc">1048330</span></a><span style="color: #666666">] Various fixes from internal audits, fuzzing and other initiatives</span></span></span></li> </ul><p></p><p><span style="font-size: 17px"><span style="font-family: 'Roboto'"><span style="font-family: 'Arial'"><span style="color: #666666">Many of our security bugs are detected using </span></span><a href="https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">AddressSanitizer</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">, </span></span><a href="https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">MemorySanitizer</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">, </span></span><a href="https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">UndefinedBehaviorSanitizer</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">, </span></span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">Control Flow Integrity</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">, </span></span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">libFuzzer</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">, or </span></span><a href="https://github.com/google/afl" target="_blank"><span style="font-family: 'Arial'"><span style="color: #1155cc">AFL</span></span></a><span style="font-family: 'Arial'"><span style="color: #666666">.</span></span></span></span></p><p></p><p>Source: <a href="http://feedproxy.google.com/~r/GoogleChromeReleases/~3/czJ5ekIhYG0/stable-channel-update-for-desktop.html" target="_blank">Stable Channel Update for Desktop</a></p></blockquote><p></p>
[QUOTE="Bot, post: 857968, member: 52014"] [SIZE=17px][FONT=arial][COLOR=#666666]The Chrome team is delighted to announce the promotion of Chrome 80 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 80.0.3987.87 contains a number of fixes and improvements -- a list of changes is available in the[URL='https://chromium.googlesource.com/chromium/src/+log/79.0.3945.130..80.0.3987.87?pretty=fuller&n=10000'][COLOR=#4184f3] log[/COLOR][/URL]. Watch out for upcoming[URL='https://chrome.blogspot.com/'][COLOR=#4184f3] Chrome[/COLOR][/URL] and[URL='https://blog.chromium.org/'][COLOR=#4184f3] Chromium[/COLOR][/URL] blog posts about new features and big efforts delivered in 80.[/COLOR][/FONT] [FONT=Roboto][FONT=arial][COLOR=#666666]Security Fixes and Rewards[/COLOR][/FONT][/FONT] [FONT=Roboto][I][FONT=arial][COLOR=#666666]Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666]This update includes [/COLOR][/FONT][URL='https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-0-M80'][FONT=Arial][COLOR=#1155cc]56[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666] security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [/COLOR][/FONT][URL='https://sites.google.com/a/chromium.org/dev/Home/chromium-security'][FONT=Arial][COLOR=#1155cc]Chrome Security Page[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666] for more information.[/COLOR][/FONT][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$5000][[/COLOR][/FONT][URL='https://crbug.com/1034394'][FONT=Arial][COLOR=#1155cc]1034394[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6381: Integer overflow in JavaScript. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by The UK's National Cyber Security Centre (NCSC) on 2019-12-09[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$2000][[/COLOR][/FONT][URL='https://crbug.com/1031909'][FONT=Arial][COLOR=#1155cc]1031909[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6382: Type Confusion in JavaScript. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Soyeon Park and Wen Xu from SSLab, Gatech on 2019-12-08[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1020745'][FONT=Arial][COLOR=#1155cc]1020745[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2019-18197: Multiple vulnerabilities in XML. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by BlackBerry Security Incident Response Team on 2019-11-01[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1042700'][FONT=Arial][COLOR=#1155cc]1042700[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2019-19926: Inappropriate implementation in SQLite. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Richard Lorenz, SAP on 2020-01-16[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1035399'][FONT=Arial][COLOR=#1155cc]1035399[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6385: Insufficient policy enforcement in storage. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Sergei Glazunov of Google Project Zero on 2019-12-18[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1038863'][FONT=Arial][COLOR=#1155cc]1038863[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Richard Lorenz, SAP on 2020-01-03[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042535'][FONT=Arial][COLOR=#1155cc]1042535[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6387: Out of bounds write in WebRTC. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042879'][FONT=Arial][COLOR=#1155cc]1042879[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6388: Out of bounds memory access in WebAudio. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Sergei Glazunov of Google Project Zero on 2020-01-16[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042933'][FONT=Arial][COLOR=#1155cc]1042933[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6389: Out of bounds write in WebRTC. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1045874'][FONT=Arial][COLOR=#1155cc]1045874[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] High [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6390: Out of bounds memory access in streams. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Sergei Glazunov of Google Project Zero on 2020-01-27[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$10000][[/COLOR][/FONT][URL='https://crbug.com/1017871'][FONT=Arial][COLOR=#1155cc]1017871[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6391: Insufficient validation of untrusted input in Blink. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Michał Bentkowski of Securitum on 2019-10-24[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$5000][[/COLOR][/FONT][URL='https://crbug.com/1030411'][FONT=Arial][COLOR=#1155cc]1030411[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6392: Insufficient policy enforcement in extensions. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Microsoft Edge Team on 2019-12-03[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$5000][[/COLOR][/FONT][URL='https://crbug.com/1035058'][FONT=Arial][COLOR=#1155cc]1035058[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6393: Insufficient policy enforcement in Blink. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Mark Amery on 2019-12-17[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$3000][[/COLOR][/FONT][URL='https://crbug.com/1014371'][FONT=Arial][COLOR=#1155cc]1014371[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6394: Insufficient policy enforcement in Blink. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Phil Freo on 2019-10-15[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$3000][[/COLOR][/FONT][URL='https://crbug.com/1022855'][FONT=Arial][COLOR=#1155cc]1022855[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6395: Out of bounds read in JavaScript. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Pierre Langlois from Arm on 2019-11-08[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$3000][[/COLOR][/FONT][URL='https://crbug.com/1035271'][FONT=Arial][COLOR=#1155cc]1035271[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6396: Inappropriate implementation in Skia. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by William Luc Ritchie on 2019-12-18[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$2000][[/COLOR][/FONT][URL='https://crbug.com/1027408'][FONT=Arial][COLOR=#1155cc]1027408[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6397: Incorrect security UI in sharing. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Khalil Zhani on 2019-11-22[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$2000][[/COLOR][/FONT][URL='https://crbug.com/1032090'][FONT=Arial][COLOR=#1155cc]1032090[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6398: Uninitialized use in PDFium. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by pdknsk on 2019-12-09[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$2000][[/COLOR][/FONT][URL='https://crbug.com/1039869'][FONT=Arial][COLOR=#1155cc]1039869[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6399: Insufficient policy enforcement in AppCache. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Luan Herrera (@lbherrera_) on 2020-01-07[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$1000][[/COLOR][/FONT][URL='https://crbug.com/1038036'][FONT=Arial][COLOR=#1155cc]1038036[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6400: Inappropriate implementation in CORS. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Takashi Yoneuchi (@y0n3uchy) on 2019-12-27[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1017707'][FONT=Arial][COLOR=#1155cc]1017707[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Tzachy Horesh on 2019-10-24[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/1029375'][FONT=Arial][COLOR=#1155cc]1029375[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6402: Insufficient policy enforcement in downloads. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Vladimir Metnew (@vladimir_metnew) on 2019-11-28[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$TBD][[/COLOR][/FONT][URL='https://crbug.com/1006012'][FONT=Arial][COLOR=#1155cc]1006012[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6403: Incorrect security UI in Omnibox. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Khalil Zhani on 2019-09-19[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1024256'][FONT=Arial][COLOR=#1155cc]1024256[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6404: Inappropriate implementation in Blink. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by kanchi on 2019-11-13[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042145'][FONT=Arial][COLOR=#1155cc]1042145[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6405: Out of bounds read in SQLite. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Yongheng Chen(Ne0) & Rui Zhong(zr33) on 2020-01-15[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042254'][FONT=Arial][COLOR=#1155cc]1042254[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6406: Use after free in audio. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Sergei Glazunov of Google Project Zero on 2020-01-15[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1042578'][FONT=Arial][COLOR=#1155cc]1042578[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Medium [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2019-19923: Out of bounds memory access in SQLite. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Richard Lorenz, SAP on 2020-01-16[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$1000][[/COLOR][/FONT][URL='https://crbug.com/1026546'][FONT=Arial][COLOR=#1155cc]1026546[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6408: Insufficient policy enforcement in CORS. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Zhong Zhaochen of andsecurity.cn on 2019-11-20[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$1000][[/COLOR][/FONT][URL='https://crbug.com/1037889'][FONT=Arial][COLOR=#1155cc]1037889[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6409: Inappropriate implementation in Omnibox. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Divagar S and Bharathi V from Karya Technologies on 2019-12-26[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/881675'][FONT=Arial][COLOR=#1155cc]881675[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6410: Insufficient policy enforcement in navigation. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by evi1m0 of Bilibili Security Team on 2018-09-07[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$500][[/COLOR][/FONT][URL='https://crbug.com/929711'][FONT=Arial][COLOR=#1155cc]929711[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Khalil Zhani on 2019-02-07[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/968505'][FONT=Arial][COLOR=#1155cc]968505[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Zihan Zheng (@zzh1996) of University of Science and Technology of China on 2019-05-30[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1005713'][FONT=Arial][COLOR=#1155cc]1005713[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6413: Inappropriate implementation in Blink. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Michał Bentkowski of Securitum on 2019-09-19[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1021855'][FONT=Arial][COLOR=#1155cc]1021855[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Lijo A.T on 2019-11-06[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1029576'][FONT=Arial][COLOR=#1155cc]1029576[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6415: Inappropriate implementation in JavaScript. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-11-30[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1031895'][FONT=Arial][COLOR=#1155cc]1031895[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6416: Insufficient data validation in streams. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2019-12-08[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666][$N/A][[/COLOR][/FONT][URL='https://crbug.com/1033824'][FONT=Arial][COLOR=#1155cc]1033824[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666]][/COLOR][/FONT][B][FONT=Arial][COLOR=#666666] Low [/COLOR][/FONT][/B][FONT=Arial][COLOR=#666666]CVE-2020-6417: Inappropriate implementation in installer. [/COLOR][/FONT][I][FONT=Arial][COLOR=#666666]Reported by Renato "Wrath" Moraes and Altieres "FallenHawk" Rohr on 2019-12-13[/COLOR][/FONT][/I][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666]We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.[/COLOR][/FONT][/FONT] [FONT=Roboto][FONT=Arial][COLOR=#666666]As usual, our ongoing internal security work was responsible for a wide range of fixes:[/COLOR][/FONT][/FONT] [FONT=Roboto] [/FONT][/SIZE] [LIST] [*][FONT=Arial][COLOR=black][COLOR=#666666][[/COLOR][URL='https://crbug.com/1048330'][COLOR=#1155cc]1048330[/COLOR][/URL][COLOR=#666666]] Various fixes from internal audits, fuzzing and other initiatives[/COLOR][/COLOR][/FONT] [/LIST] [SIZE=17px][FONT=Roboto][FONT=Arial][COLOR=#666666]Many of our security bugs are detected using [/COLOR][/FONT][URL='https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer'][FONT=Arial][COLOR=#1155cc]AddressSanitizer[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666], [/COLOR][/FONT][URL='https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer'][FONT=Arial][COLOR=#1155cc]MemorySanitizer[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666], [/COLOR][/FONT][URL='https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer'][FONT=Arial][COLOR=#1155cc]UndefinedBehaviorSanitizer[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666], [/COLOR][/FONT][URL='https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity'][FONT=Arial][COLOR=#1155cc]Control Flow Integrity[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666], [/COLOR][/FONT][URL='https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer'][FONT=Arial][COLOR=#1155cc]libFuzzer[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666], or [/COLOR][/FONT][URL='https://github.com/google/afl'][FONT=Arial][COLOR=#1155cc]AFL[/COLOR][/FONT][/URL][FONT=Arial][COLOR=#666666].[/COLOR][/FONT][/FONT][/SIZE] Source: [URL='http://feedproxy.google.com/~r/GoogleChromeReleases/~3/czJ5ekIhYG0/stable-channel-update-for-desktop.html']Stable Channel Update for Desktop[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top