This release contains 10 security fixes, including:
- [1138911] High CVE-2020-16004: Use after free in user interface.
Reported by Leecraso and Guang Gong of 360 Alpha Lab working with
360 BugCloud on 2020-10-15
- [1139398] High CVE-2020-16005: Insufficient policy enforcement
in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on
2020-10-16
- [1133527] High CVE-2020-16006: Inappropriate implementation in
V8. Reported by Bill Parks on 2020-09-29
- [1125018] High CVE-2020-16007: Insufficient data validation in
installer. Reported by Abdelhamid Naceri (halov) on
2020-09-04
- [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.
Reported by Tolya Korniltsev on 2020-10-01
- [1143772] High CVE-2020-16009: Inappropriate implementation in
V8. Reported by Clement Lecigne of Google's Threat Analysis Group
and Samuel Groß of Google Project Zero on 2020-10-29
- [1144489] High CVE-2020-16011: Heap buffer overflow in UI on
Windows. Reported by Sergei Glazunov of Google Project Zero on
2020-11-01
There are reports that an exploit for CVE-2020-16009 exists in the
wild.