Google Chrome Chrome vulnerabilities

CVE-2020-6433 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6433 Stable Channel Update for Desktop CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21 [$500][ 1048555 ] Medium CVE-2020-6434: Use after free in devtools Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04 Severity: medium

CVE-2020-6435 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6435 Stable Channel Update for Desktop CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09 [$TBD][ 1034519 ] Medium CVE-2020-6436: Use after free in window management Reported by Igor Bukanov from Vivaldi on 2019-12-16 Severity: medium

CVE-2020-6430 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6430 Stable Channel Update for Desktop CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06 [$2000][ 1040755 ] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard Reported by Michał Bentkowski of Securitum on 2020-01-10 Severity: medium

CVE-2020-6439 [LOW] Stable Channel Update for Desktop: CVE-2020-6439 Stable Channel Update for Desktop CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26 [$500][ 894477 ] Low CVE-2020-6440: Inappropriate implementation in extensions Reported by David Erceg on 2018-10-11 Severity: low

CVE-2020-6437 [LOW] Stable Channel Update for Desktop: CVE-2020-6437 Stable Channel Update for Desktop CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19 [$500][ 714617 ] Low CVE-2020-6438: Insufficient policy enforcement in extensions Reported by Ng Yik Phang on 2017-04-24 Severity: low

CVE-2020-6441 [LOW] Stable Channel Update for Desktop: CVE-2020-6441 Stable Channel Update for Desktop CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04 [$500][ 1013906 ] Low CVE-2020-6442: Inappropriate implementation in cache Reported by B@rMey on 2019-10-12 Severity: low

CVE-2020-6445 [LOW] Stable Channel Update for Desktop: CVE-2020-6445 Stable Channel Update for Desktop CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 [$N/A][ 933172 ] Low CVE-2020-6446: Insufficient policy enforcement in trusted types Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 Severity: low

CVE-2020-6447 [LOW] Stable Channel Update for Desktop: CVE-2020-6447 Stable Channel Update for Desktop CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06 [$N/A][ 1037872 ] Low CVE-2020-6448: Use after free in V8 Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26 Severity: low

CVE-2020-6443 [LOW] Stable Channel Update for Desktop: CVE-2020-6443 Stable Channel Update for Desktop CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08 [$N/A][ 922882 ] Low CVE-2020-6444: Uninitialized Use in WebRTC Reported by mlfbrown on 2019-01-17 Severity: low

CVE-2020-6450 [HIGH] Stable Channel Update for Desktop: CVE-2020-6450 Stable Channel Update for Desktop CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-17 [$TBD][ 1061018 ] High CVE-2020-6451: Use after free in WebAudio Reported by Man Yue Mo of GitHub Security Lab on 2020-03-12 Severity: high

CVE-2020-6452 [HIGH] Stable Channel Update for Desktop: CVE-2020-6452 Stable Channel Update for Desktop CVE-2020-6452: Heap buffer overflow in media. Reported by asnine on 2020-03-09 [$TBD][ 1065094 ] High CVE-2020-6453: Inappropriate implementation in V8 Reported by Anonymous on 2020-03-26 Severity: high

CVE-2020-6425 [HIGH] Stable Channel Update for Desktop: CVE-2020-6425 Stable Channel Update for Desktop CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-06 [$TBD][ 1052647 ] High CVE-2020-6426: Inappropriate implementation in V8 Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-02-16 Severity: high

CVE-2020-6427 [HIGH] Stable Channel Update for Desktop: CVE-2020-6427 Stable Channel Update for Desktop CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-02-25 [$TBD][ 1057593 ] High CVE-2020-6428: Use after free in audio Reported by Man Yue Mo of GitHub Security Lab on 2020-03-02 Severity: high

CVE-2020-6422 [HIGH] Stable Channel Update for Desktop: CVE-2020-6422 Stable Channel Update for Desktop CVE-2020-6422: Use after free in WebGL. Reported by David Manouchehri on 2020-02-13 [$NA][ 1031142 ] High CVE-2020-6424: Use after free in media Reported by Sergei Glazunov of Google Project Zero on 2019-12-05 Severity: high

CVE-2020-6449 [HIGH] Stable Channel Update for Desktop: CVE-2020-6449 Stable Channel Update for Desktop CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6429 [HIGH] Stable Channel Update for Desktop: CVE-2020-6429 Stable Channel Update for Desktop CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-03-02 [$NA][ 1059349 ] High CVE-2019-20503: Out of bounds read in usersctplib Reported by Natalie Silvanovich of Google Project Zero on 2020-03-06 Severity: high

CVE-2020-6420 [HIGH] Stable Channel Update for Desktop: CVE-2020-6420 Stable Channel Update for Desktop CVE-2020-6420: Insufficient policy enforcement in media. Reported by Taras Uzdenov on 2020-02-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6407 [HIGH] Stable Channel Update for Desktop: CVE-2020-6407 Stable Channel Update for Desktop CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 This release also contains: [N/A][ 1053604 ] High CVE-2020-6418: Type confusion in V8 Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 Severity: high

CVE-2020-6386 [HIGH] Stable Channel Update for Desktop: CVE-2020-6386 Stable Channel Update for Desktop CVE-2020-6386: Use after free in speech. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-01-20 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2020-6383 [HIGH] Stable Channel Update for Desktop: CVE-2020-6383 Stable Channel Update for Desktop CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2020-02-11 [$7500][ 1048473 ] High CVE-2020-6384: Use after free in WebAudio Reported by David Manouchehri on 2020-02-04 Severity: high