Google Chrome Chrome vulnerabilities

CVE-2020-6471 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6471 Stable Channel Update for Desktop CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08 [$3000][ 1064519 ] Medium CVE-2020-6472: Insufficient policy enforcement in developer tools Reported by David Erceg on 2020-03-25 Severity: medium

CVE-2020-6477 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6477 Stable Channel Update for Desktop CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26 [$500][ 1037730 ] Medium CVE-2020-6478: Inappropriate implementation in full screen Reported by Khalil Zhani on 2019-12-24 Severity: medium

CVE-2020-6475 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6475 Stable Channel Update for Desktop CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31 [$1000][ 1035315 ] Medium CVE-2020-6476: Insufficient policy enforcement in tab strip Reported by Alexandre Le Borgne on 2019-12-18 Severity: medium

CVE-2020-6486 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6486 Stable Channel Update for Desktop CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24 [$500][ 539938 ] Low CVE-2020-6487: Insufficient policy enforcement in downloads Reported by Jun Kokatsu (@shhnjk) on 2015-10-06 Severity: medium

CVE-2020-6473 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6473 Stable Channel Update for Desktop CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06 [$2000][ 1059533 ] Medium CVE-2020-6474: Use after free in Blink Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07 Severity: medium

CVE-2020-6484 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6484 Stable Channel Update for Desktop CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26 [$N/A][ 1047285 ] Medium CVE-2020-6485: Insufficient data validation in media router Reported by Sergei Glazunov of Google Project Zero on 2020-01-30 Severity: medium

CVE-2020-6482 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6482 Stable Channel Update for Desktop CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17 [$TBD][ 966507 ] Medium CVE-2020-6483: Insufficient policy enforcement in payments Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23 Severity: medium

CVE-2020-6480 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6480 Stable Channel Update for Desktop CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21 [$500][ 1068531 ] Medium CVE-2020-6481: Insufficient policy enforcement in URL formatting Reported by Rayyan Bijoora on 2020-04-07 Severity: medium

CVE-2020-6479 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6479 Stable Channel Update for Desktop CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity Severity: medium

CVE-2020-6490 [LOW] Stable Channel Update for Desktop: CVE-2020-6490 Stable Channel Update for Desktop CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19 [$N/A][ 1050011 ] Low CVE-2020-6491: Incorrect security UI in site information Reported by Sultan Haikal M Severity: low

CVE-2020-6488 [LOW] Stable Channel Update for Desktop: CVE-2020-6488 Stable Channel Update for Desktop CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21 [$500][ 1050756 ] Low CVE-2020-6489: Inappropriate implementation in developer tools Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10 Severity: low

CVE-2020-6831 [HIGH] Stable Channel Update for Desktop: CVE-2020-6831 Stable Channel Update for Desktop CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-22 [$7500][ 1071059 ] High CVE-2020-6464: Type Confusion in Blink Reported by Looben Yang on 2020-04-15 Severity: high

CVE-2020-6462 [HIGH] Stable Channel Update for Desktop: CVE-2020-6462 Stable Channel Update for Desktop CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-26 [$TBD][ 1072983 ] High CVE-2020-6461: Use after free in storage Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-21 Severity: high

CVE-2020-6463 [HIGH] Stable Channel Update for Desktop: CVE-2020-6463 Stable Channel Update for Desktop CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial of REDTEAM Severity: high

CVE-2020-6458 [HIGH] Stable Channel Update for Desktop: CVE-2020-6458 Stable Channel Update for Desktop CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-04-02 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6459 [HIGH] Stable Channel Update for Desktop: CVE-2020-6459 Stable Channel Update for Desktop CVE-2020-6459: Use after free in payments. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-27 [$15000][ 1063566 ] High CVE-2020-6460: Insufficient data validation in URL formatting Reported by Anonymous on 2020-03-21 Severity: high

CVE-2020-6457 [CRITICAL] Stable Channel Update for Desktop: CVE-2020-6457 Stable Channel Update for Desktop CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: critical

CVE-2020-6454 [HIGH] Stable Channel Update for Desktop: CVE-2020-6454 Stable Channel Update for Desktop CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 [$5000][ 1043446 ] High CVE-2020-6423: Use after free in audio Reported by Anonymous on 2020-01-18 Severity: high

CVE-2020-6455 [HIGH] Stable Channel Update for Desktop: CVE-2020-6455 Stable Channel Update for Desktop CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09 [$2000][ 1040325 ] High CVE-2020-6419: Out of bounds read and write in V8 Reported by David Manouchehri on 2020-01-09 [$N/A] [ 1066893 ] High CVE-2020-6572: Use after free in media Severity: high

CVE-2020-6431 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6431 Stable Channel Update for Desktop CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14 [$1000][ 965611 ] Medium CVE-2020-6432: Insufficient policy enforcement in navigations Reported by David Erceg on 2019-05-21 Severity: medium