Jump to content

Recommended Posts

Posted (edited)
chrome-108-desktop.jpg?ezimgfmt=ng%3Aweb

Great news everybody! Here’s some news that has absolutely nothing to do with Black Friday, Cyber Week, or any other kind of deal. Today, we’re talking Chrome. More specifically, the last update of 2022 for the Chrome browser for desktop devices. Yesterday, Google officially rolled out Chrome 108 for Windows, macOS, and Linux. The next update won’t arrive until the second week of 2023 and while there isn’t a lot to talk about, 108 has some nifty new features you should know about. So, here’s what’s new in Chrome 108.

Sharper Emojis

Chrome 98 introduced support for COLRv1 Color Gradient Vector Fonts which produce sharper emojis that are more scalable. In Chrome 108, websites will now have the ability to detect if a browser supports COLRv1 and in turn, display crisper emoji images. Sharp.

Battery Saver Mode

Google has been working on some battery and memory-saving features for Chrome and ChromeOS for months and some of those tools have finally appeared in the Stable build of the browser. Still disabled behind a flag, battery saver mode can be set to enable when your device is off charge or when your battery drops below 20%. Once you update to 108, you can enable the flag by pointing your browser to chrome://flags/#battery-saver-mode-available and setting the flag to the enable position. Restart your browser and you’re good to go.

ngcb91

 

 

 
 
Silent installation
 
Quote

666.png

Edited by 大†Shinegumi†大
  • 3 weeks later...
Posted

The stable channel has been updated to 78.0.3904.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

 

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 
This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 
[$7500][1013868] High CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin on 2019-10-12
[$TBD][1019226] High CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29
 
Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 
 

 

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 
 
Srinivas Sista
Google Chrome
Posted

56 security vulnerabilities fixed

The Chrome 80 release fixes 56 security vulnerabilities, with the following discovered by external researchers:

• High CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre (NCSC) on 2019-12-09
• High CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu from SSLab, Gatech on 2019-12-08
• High CVE-2019-18197: Multiple vulnerabilities in XML. Reported by BlackBerry Security Incident Response Team on 2019-11-01
• High CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz, SAP on 2020-01-16
• High CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov of Google Project Zero on 2019-12-18
• High CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite. Reported by Richard Lorenz, SAP on 2020-01-03
• High CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16
• High CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2020-01-16
• High CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16
• High CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
• Medium CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski of Securitum on 2019-10-24
• Medium CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team on 2019-12-03
• Medium CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery on 2019-12-17
• Medium CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo on 2019-10-15
• Medium CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois from Arm on 2019-11-08
• Medium CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie on 2019-12-18
• Medium CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani on 2019-11-22
• Medium CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk on 2019-12-09
• Medium CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
• Medium CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi (@y0n3uchy) on 2019-12-27
• Medium CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh on 2019-10-24
• Medium CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew (@vladimir_metnew) on 2019-11-28
• Medium CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-09-19
• Medium CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi on 2019-11-13
• Medium CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen(Ne0) & Rui Zhong(zr33) on 2020-01-15
• Medium CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov of Google Project Zero on 2020-01-15
• Medium CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz, SAP on 2020-01-16
• Low CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen of andsecurity.cn on 2019-11-20
• Low CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V from Karya Technologies on 2019-12-26
• Low CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 of Bilibili Security Team on 2018-09-07
• Low CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani on 2019-02-07
• Low CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng (@zzh1996) of University of Science and Technology of China on 2019-05-30
• Low CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski of Securitum on 2019-09-19
• Low CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T on 2019-11-06
• Low CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-11-30
• Low CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2019-12-08
• Low CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato "Wrath" Moraes and Altieres "FallenHawk" Rohr on 2019-12-13

Posted

The stable channel has been updated to 80.0.3987.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.



 

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

 
Security Fixes and Rewards

 
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 
[$5000][1044570] High: Integer overflow in ICU. Reported by André Bargull on 2020-01-22
[N/A][1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
 
This release also contains:
[N/A][1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18
 
Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.
 
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Posted

The stable channel has been updated to 80.0.3987.162 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.




 

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 
This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 
[$TBD][1062247] High CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-17
[$TBD][1061018] High CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-12
[$N/A][1059764] High CVE-2020-6452: Heap buffer overflow in media. Reported by asnine on 2020-03-09
 
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1066247] Various fixes from internal audits, fuzzing and other initiatives
Posted

The stable channel has been updated to 80.0.3987.163 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.


 

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Posted

The Chrome team is delighted to announce the promotion of Chrome 81 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.


Chrome 81.0.4044.92 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 81.


 

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


 

This update includes 32 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


 

[$7500][1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29
[$5000][1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18
[$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
[$2000][1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
[$2000][1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10
[$1000][852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14
[$1000][965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21
[$1000][1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21
[$500][1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
[$N/A][1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
[$TBD][1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
[$500][639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19
[$500][714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24
[$500][868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26
[$500][894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11
[$500][959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
[$500][1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12
[$500][1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08
[$N/A][922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17
[$N/A][933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
[$N/A][991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
[$N/A][1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26


 

Thanks also to Hosein Askari for identifying a vulnerability with the Chromium website.


 

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1067891] Various fixes from internal audits, fuzzing and other initiatives


 

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
 
Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 
Thank you,
Prudhvikumar Bommana
Posted

The stable channel has been updated to 81.0.4044.113 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.
 A list of all changes is available in the log. Interested in switching release channels?  Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 This update includes 1 security fix. Please see the Chrome Security Page for more information.
 [$TBD][1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04
 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Posted

The stable channel has been updated to 81.0.4044.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.





A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

 
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 
This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 
[$20000][1065298] High CVE-2020-6459: Use after free in payments. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-27
[$15000][1063566] High CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous on 2020-03-21
[$5000][1067270] High CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-04-02
 
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1072815] Various fixes from internal audits, fuzzing and other initiatives
Posted

The stable channel has been updated to 81.0.4044.138 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.





A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

 

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

 

[$N/A][1073602] High CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-22
[$7500][1071059] High CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang on 2020-04-15

 

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [1077866] Various fixes from internal audits, fuzzing and other initiatives
Posted

Other developer features in this release include:

  • ARIA Annotations: New ARIA annotations support screen reader accessibility for comments, suggestions, and text highlights with semantic meanings (similar to <mark>). Additionally, related information can now be tied semantically to an element allowing descriptions, definitions, footnotes, and comments to be tied to another element.
  • ‘auto’ keyword for ‘-webkit-appearance’ CSS property: The -webkit-appearance CSS property has a new auto keyword, which indicates the default appearance of the target element. This is a step on the way to replacing the nonstandard -webkit-appearance property with a future fully standardized appearance property.
  • Barcode Detection API: Chrome now supports the Barcode Detection API, a subset of the Shape Detection API which provides the ability to detect and decode barcodes in an image provided by a script. The image may come from any type of image buffer source such as an <image>, <video>, or <canvas>tag. Previously, supporting barcode detection on a web page required inclusion of a large third-party library. This API is only available on devices with Google Play Services installed and is not available on uncertified devices.
  • CSS contain-intrinsic-size: The contain-intrinsic-size property allows developers to specify a placeholder size which would be used while contain: size is applied. With contain-intrinsic-size specified, elements lay out as if they had a single child with fixed size, the one specified by this property, unless they have an explicit width/height. The motivation for the property is to provide a placeholder sizing for subtree content which is either not yet available or not rendered. There was previously no way to provide this other than sizing the element itself which may not be desirable as it affects how the element lays out in its container. Examples are available from the WICG.
  • CSS Color Adjust: Many operating systems now have a “dark mode” preference. Some browsers already offer an option to transform web pages into a dark theme. The prefers-color-scheme media query lets authors support their own dark theme so they have full control over experiences they build. The meta tag lets a site explicitly opt-in to fully supporting a dark theme so that the browser loads a different user agent sheet and not ever apply transformations.
  • display:inline-grid/grid/inline-flex/flex for <button>: The display keywords inline-grid, grid, inline-flex, and flex now function with the <button>element when the align property is applied. (Demo)
  • ES Modules for shared workers (‘module’ type option): JavaScript now supports modules in shared workers. Setting module type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available in worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers.
  • Improvements to font-display: A few changes have been made to the way font-display works on Chrome. Setting font-display to optional no longer causes relayout. Web font preloading is allowed to slightly block rendering (for all font-display values), so that if the font loads fast enough, Chrome doesn’t need to render with fallback.
  • IndexedDB relaxed durability transactions: IDBDatabase.transaction() now accepts an optional durability argument to control flushing of data to storage. This allows developers to explicitly trade off durability for performance. Previously after writing an IndexedDB transaction, Firefox did not flush to disk but Chrome did. This provided increased durability by guaranteeing that data is written to the device’s disk rather than merely to an intermediate OS cache. Unfortunately, this comes with a significant performance cost. Valid options are "default", "strict", and "relaxed". The "default" option uses whatever behavior is provided by the user agent and is currently the default. An example is shown below. The current value may be read using IDBTransaction.durability.
  • Out-Of-Renderer Cross-Origin Resource Sharing: Out-Of-Renderer Cross-Origin Resource Sharing (OOR-CORS) is a new CORS implementation that inspects network accesses. Chrome’s previous CORS implementation was only available to Blink core parts, XHR, and Fetch APIs, while a simplified implementation was used in other parts of the application. HTTP requests made by some internal modules could not be inspected for CORS at all. The new implementation addresses these shortcomings.
  • Reversed range for <input type=time>: Chrome now supports reversed ranges for <input> elements whose type is time, allowing developers to express time inputs that cross midnight. A reversed range is one where the maximum is less than the minimum. In this state, the input allows values that are less than the minimum or greater than the maximum, but not between them. This functionality has been in the specification for many years, but has not yet been implemented in Chrome.
  • Support “JIS-B5” and “JIS-B4” @page: Chrome now supports two page sizes for the @page rule, both listed in the CSS Paged Media Module Level 3 spec.
  • @supports selector() feature query function: The new @supports function provides feature detection for CSS selectors. Web authors can use this feature to query whether the UA supports the selector before they actually try to apply the specified style rules matching the selector.
  • RTCPeerConnection.canTrickleIceCandidates: The canTrickleIceCandidatesboolean property indicates whether a remote peer is capable of handling trickle candidates. It exposes information from the SDP session description.
  • RTCRtpEncodingParameters.maxFramerate: This encoding parameter allows developers to limit the framerate on a video layer before sending. Use RTCRtpSender.setParameters() to set the new framerate, which takes effect after the current picture is complete. Read it back using RTCRtpEncodingParameters.maxFramerate. Setting maxFramerate to 0 freezes the video on the next frame.
  • RTCRtpSendParameters.degradationPreference: A new attribute for RTCRtpSendParameters called degradationPreference allows developers to control how quality degrades when constraints such as bandwidth or CPU prevent encoding at the configured frame rate and resolution. For example, on a screen share app, users will probably prefer screen legibility over animations. On a video conference users likely prefer a smooth frame rate over a higher resolution. Valid values for degradationPreference are "maintain-framerate", "maintain-resolution", and "balanced".
  • WebXR DOM Overlay: DOM overlay is a feature for immersive AR on handheld devices that lets two-dimensional page content be shown as an interactive transparent layer on top of the WebXR content and camera image. With this feature, developers can use the DOM to create user interfaces for WebXR experiences. For VR, inline sessions are by definition within the DOM. For AR, though, there is no inline mode, making this particularly important for certain use cases. To try the feature, use one of the two samples in Chrome 83. This feature is currently only available on ARCore-based handheld devices.

For a full rundown of what’s new, check out the Chrome 83 milestone hotlist.

Posted

This update includes 38 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. 

  • [$TBD][1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08
  • [$5000][1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24
  • [$5000][1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20
  • [$2000][1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04
  • [$TBD][1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30 
  • [$TBD][1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14
  • [$TBD][1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08
  • [$TBD][1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16
  • [$3000][986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20
  • [$3000][1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25
  • [$1000][1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08
  • [$500][1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27
  • [$TBD][1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13
  • [$N/A][1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08
  • [$N/A][1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12
  • [$N/A][1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05
  • [$1000][1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24
  • [$500][992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10
  • [$500][1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22
  • [$N/A][978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26
  • [$N/A][1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21
  • [$TBD][1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17
  • [$N/A][1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11
  • [$N/A][1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20
  • [$TBD][1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22
  • [$TBD][1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes: 
  • [1105224] Various fixes from internal audits, fuzzing and other initiatives
Posted

Correcciones de seguridad

Chrome 85 implementa 20 correcciones de seguridad. Investigadores externos encontraron lo siguiente:

  • [$ N / A] [ 1109120 ] Alto CVE-2020-6558: Cumplimiento de políticas insuficiente en iOS. Reportado por Alison Huffman, Microsoft Browser Vulnerability Research el 2020-07-24
  • [$ TBD] [ 1116706 ] Alto CVE-2020-6559: usar después de la API gratuita en la presentación. Reportado por Liu Wei y Wu Zekai de Tencent Security Xuanwu Lab el 2020-08-15
  • [$ 5000] [ 1108181 ] Medio CVE-2020-6560: Cumplimiento de políticas insuficiente en la función de autocompletar. Reportado por Nadja Ungethuem de www.unnex.de el 2020-07-22
  • [$ 1000] [ 932892 ] Medio CVE-2020-6561: Implementación inapropiada en la Política de seguridad de contenido. Reportado por Rob Wu el 2019-02-16
  • [$ 1000] [ 1086845 ] Medio CVE-2020-6562: Cumplimiento de políticas insuficiente en Blink. Reportado por Masato Kinugawa el 2020-05-27
  • [$ 1000] [ 1104628 ] Medio CVE-2020-6563: Cumplimiento de políticas insuficiente en el manejo de intenciones. Reportado por Pedro Oliveira el 2020-07-12
  • [$ 500] [ 841622 ] Medio CVE-2020-6564: IU de seguridad incorrecta en los permisos. Reportado por Khalil Zhani el 2018-05-10
  • [$ 500] [ 1029907 ] Medio CVE-2020-6565: IU de seguridad incorrecta en Omnibox. Reportado por Khalil Zhani el 2019-12-02
  • [$ N / A] [ 1065264 ] Medio CVE-2020-6566: Cumplimiento de políticas insuficiente en los medios. Reportado por Jun Kokatsu, Microsoft Browser Vulnerability Research el 2020-03-27
  • [$ 500] [ 937179 ] Bajo CVE-2020-6567: validación insuficiente de la entrada no confiable en el manejo de la línea de comandos. Reportado por Joshua Graham de TSS el 2019-03-01
  • [$ 500] [ 1092451 ] CVE-2020-6568 bajo: Cumplimiento de políticas insuficiente en el manejo de intenciones. Informado por Yongke Wang (@Rudykewang) y Aryb1n (@ aryb1n) de Tencent Security Xuanwu Lab (Tencent Security Xuanwu Lab) el 2020-06 -08
  • [$ N / A] [ 995732 ] Bajo CVE-2020-6569: Desbordamiento de enteros en WebUSB. Reportado por guaixiaomei el 2019-08-20
  • [$ N / A] [ 1084699 ] Bajo CVE-2020-6570: Fuga de información de canal lateral en WebRTC. Reportado por Signal / Tenable el 2020-05-19
  • [$ N / A] [ 1085315 ] CVE-2020-6571 bajo: IU de seguridad incorrecta en el cuadro multifunción. Reportado por Rayyan Bijoora el 2020-05-21
  • [ 1121299 ] Varias correcciones de auditorías internas, fuzzing y otras iniciativas

Por lo tanto, Google gastó al menos $ 10,000 en recompensas por errores para esta versión, una pequeña cantidad en comparación con su gasto habitual. Como siempre, las correcciones de seguridad por sí solas deberían ser un incentivo suficiente para que actualice.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...