Google Chrome Chrome vulnerabilities

CVE-2020-15964 [LOW] Stable Channel Update for Desktop: CVE-2020-15964 Stable Channel Update for Desktop CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-08-25 As usual, our ongoing internal security work was responsible for a wide range of fixes: [ 1130676 ] Various fixes from internal audits, fuzzing and other initiatives We would also like to thank all security researchers that worked with us during the development cycle to prevent

CVE-2020-6576 [HIGH] Stable Channel Update for Desktop: CVE-2020-6576 Stable Channel Update for Desktop CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31 [$TBD][ 1122684 ] High CVE-2020-15959: Insufficient policy enforcement in networking Reported by Eric Lawrence of Microsoft on 2020-08-27 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Seve

CVE-2020-6573 [HIGH] Stable Channel Update for Desktop: CVE-2020-6573 Stable Channel Update for Desktop CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14 [$10000][ 1102196 ] High CVE-2020-6574: Insufficient policy enforcement in installer Reported by CodeColorist of Ant-Financial LightYear Labs on 2020-07-05 [$TBD][ 1081874 ] High CVE-2020-6575: Race in Mojo Severity: high

CVE-2020-6558 [HIGH] Stable Channel Update for Desktop: CVE-2020-6558 Stable Channel Update for Desktop CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24 [$TBD][ 1116706 ] High CVE-2020-6559: Use after free in presentation API Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15 [$5000][ 1108181 ] Medium CVE-2020-6560: Insufficient policy enforcement in autofill Severity: high

CVE-2020-6564 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6564 Stable Channel Update for Desktop CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani on 2018-05-10 [$1000][ 40091076 ] Medium CVE-2020-36765: Insufficient policy enforcement in Navigation Reported by Jun Kokatsu (@shhnjk) on 2018-04-12 [$500][ 1029907 ] Medium CVE-2020-6565: Incorrect security UI in Omnibox Severity: medium

CVE-2020-6566 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6566 Stable Channel Update for Desktop CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27 [$500][ 937179 ] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling Reported by Joshua Graham of TSS on 2019-03-01 [$500][ 1092451 ] Low CVE-2020-6568: Insufficient policy enforcement in intent handling Severity: medium

CVE-2020-6561 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6561 Stable Channel Update for Desktop CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16 [$1000][ 1086845 ] Medium CVE-2020-6562: Insufficient policy enforcement in Blink Reported by Masato Kinugawa on 2020-05-27 [$1000][ 1104628 ] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling Severity: medium

CVE-2020-6569 [LOW] Stable Channel Update for Desktop: CVE-2020-6569 Stable Channel Update for Desktop CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20 [$N/A][ 1084699 ] Low CVE-2020-6570: Side-channel information leakage in WebRTC Reported by Signal/Tenable on 2020-05-19 [$N/A][ 1085315 ] Low CVE-2020-6571: Incorrect security UI in Omnibox Severity: low

CVE-2020-6556 [HIGH] Stable Channel Update for Desktop: CVE-2020-6556 Stable Channel Update for Desktop CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6548 [HIGH] Stable Channel Update for Desktop: CVE-2020-6548 Stable Channel Update for Desktop CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09 [$N/A][ 1105426 ] High CVE-2020-6549: Use after free in media Reported by Sergei Glazunov of Google Project Zero on 2020-07-14 Severity: high

CVE-2020-6546 [HIGH] Stable Channel Update for Desktop: CVE-2020-6546 Stable Channel Update for Desktop CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess (any1) on 2020-06-29 [$TBD][ 1102153 ] High CVE-2020-6547: Incorrect security UI in media Reported by David Albert on 2020-07-05 Severity: high

CVE-2020-6542 [HIGH] Stable Channel Update for Desktop: CVE-2020-6542 Stable Channel Update for Desktop CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 [$7500][ 1104046 ] High CVE-2020-6543: Use after free in task scheduling Reported by Looben Yang on 2020-07-10 Severity: high

CVE-2020-6544 [HIGH] Stable Channel Update for Desktop: CVE-2020-6544 Stable Channel Update for Desktop CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori on 2020-07-22 [$5000][ 1095584 ] High CVE-2020-6545: Use after free in audio Reported by Anonymous on 2020-06-16 Severity: high

CVE-2020-6550 [HIGH] Stable Channel Update for Desktop: CVE-2020-6550 Stable Channel Update for Desktop CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17 [$N/A][ 1107815 ] High CVE-2020-6551: Use after free in WebXR Reported by Sergei Glazunov of Google Project Zero on 2020-07-21 Severity: high

CVE-2020-6552 [HIGH] Stable Channel Update for Desktop: CVE-2020-6552 Stable Channel Update for Desktop CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori on 2020-07-22 [$TBD][ 1111307 ] High CVE-2020-6553: Use after free in offline mode Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30 Severity: high

CVE-2020-6554 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6554 Stable Channel Update for Desktop CVE-2020-6554: Use after free in extensions. Reported by Anonymous on 2020-06-12 [$1000][ 1105202 ] Medium CVE-2020-6555: Out of bounds read in WebGL Reported by Marcin Towalski of Cisco Talos on 2020-07-13 Severity: medium

CVE-2020-6540 [HIGH] Stable Channel Update for Desktop: CVE-2020-6540 Stable Channel Update for Desktop CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15 [$N/A][ 1106773 ] High CVE-2020-6541: Use after free in WebUSB Reported by Sergei Glazunov of Google Project Zero on 2020-07-17 [$TBD][ 1098606 ] High CVE-2020-16046: Script injection in iOSWeb Severity: high

CVE-2020-6532 [HIGH] Stable Channel Update for Desktop: CVE-2020-6532 Stable Channel Update for Desktop CVE-2020-6532: Use after free in SCTP. Reported by Anonymous on 2020-07-09 [$N/A][ 1105635 ] High CVE-2020-6539: Use after free in CSS Reported by Oriol Brufau on 2020-07-14 Severity: high

CVE-2020-6537 [HIGH] Stable Channel Update for Desktop: CVE-2020-6537 Stable Channel Update for Desktop CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-14 [$N/A][ 1096677 ] High CVE-2020-6538: Inappropriate implementation in WebView Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室） on 2020-06-18 Severity: high

CVE-2020-6510 [CRITICAL] Stable Channel Update for Desktop: CVE-2020-6510 Stable Channel Update for Desktop CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 [$5000][ 1074317 ] High CVE-2020-6511: Side-channel information leakage in content security policy Reported by Mikhail Oblozhikhin on 2020-04-24 Severity: critical