Google Chrome Chrome vulnerabilities

CVE-2020-6514 [HIGH] Stable Channel Update for Desktop: CVE-2020-6514 Stable Channel Update for Desktop CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30 [$TBD][ 1082755 ] High CVE-2020-6515: Use after free in tab strip Reported by DDV_UA on 2020-05-14 Severity: high

CVE-2020-6512 [HIGH] Stable Channel Update for Desktop: CVE-2020-6512 Stable Channel Update for Desktop CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20 [$2000][ 1091404 ] High CVE-2020-6513: Heap buffer overflow in PDFium Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04 Severity: high

CVE-2020-6524 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6524 Stable Channel Update for Desktop CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12 [$N/A][ 1091670 ] Medium CVE-2020-6525: Heap buffer overflow in Skia Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05 Severity: medium

CVE-2020-6518 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6518 Stable Channel Update for Desktop CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20 [$3000][ 1064676 ] Medium CVE-2020-6519: Policy bypass in CSP Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2019-04-23, and also by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25 Severity: medium

CVE-2020-6522 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6522 Stable Channel Update for Desktop CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13 [$N/A][ 1080481 ] Medium CVE-2020-6523: Out of bounds write in Skia Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08 Severity: medium

CVE-2020-6520 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6520 Stable Channel Update for Desktop CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08 [$500][ 1075734 ] Medium CVE-2020-6521: Side-channel information leakage in autofill Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27 Severity: medium

CVE-2020-6535 [LOW] Stable Channel Update for Desktop: CVE-2020-6535 Stable Channel Update for Desktop CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22 [$TBD][ 1080934 ] Low CVE-2020-6536: Incorrect security UI in PWAs Reported by Zhiyang Zeng(@Wester) of OPPO ZIWU Cyber Security Lab on 2020-05-09 Severity: low

CVE-2020-6526 [LOW] Stable Channel Update for Desktop: CVE-2020-6526 Stable Channel Update for Desktop CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24 [$500][ 992698 ] Low CVE-2020-6527: Insufficient policy enforcement in CSP Reported by Zhong Zhaochen of andsecurity Severity: low

CVE-2020-6530 [LOW] Stable Channel Update for Desktop: CVE-2020-6530 Stable Channel Update for Desktop CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21 [$TBD][ 1042986 ] Low CVE-2020-6531: Side-channel information leakage in scroll to text Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17 Severity: low

CVE-2020-6533 [LOW] Stable Channel Update for Desktop: CVE-2020-6533 Stable Channel Update for Desktop CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11 [$N/A][ 1072412 ] Low CVE-2020-6534: Heap buffer overflow in WebRTC Reported by Anonymous on 2020-04-20 Severity: low

CVE-2020-6528 [LOW] Stable Channel Update for Desktop: CVE-2020-6528 Stable Channel Update for Desktop CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22 [$N/A][ 978779 ] Low CVE-2020-6529: Inappropriate implementation in WebRTC Reported by kaustubhvats7 on 2019-06-26 Severity: low

CVE-2020-6509 [HIGH] Stable Channel Update for Desktop: CVE-2020-6509 Stable Channel Update for Desktop CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6507 [HIGH] Stable Channel Update for Desktop: CVE-2020-6507 Stable Channel Update for Desktop CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov of Google Project Zero on 2020-05-27 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6505 [HIGH] Stable Channel Update for Desktop: CVE-2020-6505 Stable Channel Update for Desktop CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani on 2020-05-11 [$15000][ 1083819 ] High CVE-2020-6506: Insufficient policy enforcement in WebView Reported by Alesandro Ortiz on 2020-05-18 Severity: high

CVE-2020-6496 [HIGH] Stable Channel Update for Desktop: CVE-2020-6496 Stable Channel Update for Desktop CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24 [$5000][ 1086124 ] Medium CVE-2020-6508: Use after free in login screen Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-05-25 Severity: high

CVE-2020-6493 [HIGH] Stable Channel Update for Desktop: CVE-2020-6493 Stable Channel Update for Desktop CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 [$7500][ 1083972 ] High CVE-2020-6494: Incorrect security UI in payments Reported by Juho Nurminen on 2020-05-18 [$TBD][ 1072116 ] High CVE-2020-6495: Insufficient policy enforcement in developer tools Severity: high

CVE-2020-6497 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6497 Stable Channel Update for Desktop CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora on 2020-04-08 [$500][ 1081081 ] Medium CVE-2020-6498: Incorrect security UI in progress display Reported by Rayyan Bijoora on 2020-05-11 Severity: medium

CVE-2020-6469 [HIGH] Stable Channel Update for Desktop: CVE-2020-6469 Stable Channel Update for Desktop CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 [$5000][ 1065761 ] Medium CVE-2020-6470: Insufficient validation of untrusted input in clipboard Reported by Michał Bentkowski of Securitum on 2020-03-30 Severity: high

CVE-2020-6467 [HIGH] Stable Channel Update for Desktop: CVE-2020-6467 Stable Channel Update for Desktop CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 [$7500][ 1076708 ] High CVE-2020-6468: Type Confusion in V8 Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 Severity: high

CVE-2020-6465 [HIGH] Stable Channel Update for Desktop: CVE-2020-6465 Stable Channel Update for Desktop CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 [$15000][ 1074706 ] High CVE-2020-6466: Use after free in media Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 Severity: high