Google Chrome Releases reports:
This updates includes 32 security fixes, including:
- [1019161] High CVE-2020-6454: Use after free in extensions.
Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on
2019-10-29
- [1043446] High CVE-2020-6423: Use after free in audio.
Reported by Anonymous on 2020-01-18
- [1059669] High CVE-2020-6455: Out of bounds read in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,
Qihoo 360 on 2020-03-09
- [1031479] Medium CVE-2020-6430: Type Confusion in V8.
Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
- [1040755] Medium CVE-2020-6456: Insufficient validation of
untrusted input in clipboard. Reported by Michał Bentkowski of
Securitum on 2020-01-10
- [852645] Medium CVE-2020-6431: Insufficient policy
enforcement in full screen. Reported by Luan Herrera (@lbherrera_)
on 2018-06-14
- [965611] Medium CVE-2020-6432: Insufficient policy
enforcement in navigations. Reported by David Erceg on
2019-05-21
- [1043965] Medium CVE-2020-6433: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-01-21
- [1048555] Medium CVE-2020-6434: Use after free in devtools.
Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
- [1032158] Medium CVE-2020-6435: Insufficient policy
enforcement in extensions. Reported by Sergei Glazunov of Google
Project Zero on 2019-12-09
- [1034519] Medium CVE-2020-6436: Use after free in window
management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
- [639173] Low CVE-2020-6437: Inappropriate implementation in
WebView. Reported by Jann Horn on 2016-08-19
- [714617] Low CVE-2020-6438: Insufficient policy enforcement in
extensions. Reported by Ng Yik Phang on 2017-04-24
- [868145] Low CVE-2020-6439: Insufficient policy enforcement in
navigations. Reported by remkoboonstra on 2018-07-26
- [894477] Low CVE-2020-6440: Inappropriate implementation in
extensions. Reported by David Erceg on 2018-10-11
- [959571] Low CVE-2020-6441: Insufficient policy enforcement in
omnibox. Reported by David Erceg on 2019-05-04
- [1013906] Low CVE-2020-6442: Inappropriate implementation in
cache. Reported by B@rMey on 2019-10-12
- [1040080] Low CVE-2020-6443: Insufficient data validation in
developer tools. Reported by @lovasoa (Ophir LOJKINE) on
2020-01-08
- [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.
Reported by mlfbrown on 2019-01-17
- [933171] Low CVE-2020-6445: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
- [933172] Low CVE-2020-6446: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
- [991217] Low CVE-2020-6447: Inappropriate implementation in
developer tools. Reported by David Erceg on 2019-08-06
- [1037872] Low CVE-2020-6448: Use after free in V8. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26