Google Chrome Chrome vulnerabilities

CVE-2020-6385 [HIGH] Stable Channel Update for Desktop: CVE-2020-6385 Stable Channel Update for Desktop CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov of Google Project Zero on 2019-12-18 [$N/A][ 1038863 ] High CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite Reported by Richard Lorenz, SAP on 2020-01-03 Severity: high

CVE-2020-6381 [HIGH] Stable Channel Update for Desktop: CVE-2020-6381 Stable Channel Update for Desktop CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre (NCSC) on 2019-12-09 [$2000][ 1031909 ] High CVE-2020-6382: Type Confusion in JavaScript Reported by Soyeon Park and Wen Xu from SSLab, Gatech on 2019-12-08 Severity: high

CVE-2019-18197 [HIGH] Stable Channel Update for Desktop: CVE-2019-18197 Stable Channel Update for Desktop CVE-2019-18197: Multiple vulnerabilities in XML. Reported by Jordan Pryde from the BlackBerry Security Incident Response Team on 2019-11-01 [$500][ 1042700 ] High CVE-2019-19926: Inappropriate implementation in SQLite Reported by Richard Lorenz, SAP on 2020-01-16 Severity: high

CVE-2020-6389 [HIGH] Stable Channel Update for Desktop: CVE-2020-6389 Stable Channel Update for Desktop CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16 [$N/A][ 1045874 ] High CVE-2020-6390: Out of bounds memory access in streams Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 Severity: high

CVE-2020-6387 [HIGH] Stable Channel Update for Desktop: CVE-2020-6387 Stable Channel Update for Desktop CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-01-16 [$N/A][ 1042879 ] High CVE-2020-6388: Out of bounds memory access in WebAudio Reported by Sergei Glazunov of Google Project Zero on 2020-01-16 Severity: high

CVE-2020-6501 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6501 Stable Channel Update for Desktop CVE-2020-6501: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity Severity: medium

CVE-2020-6403 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6403 Stable Channel Update for Desktop CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-09-19 [$N/A][ 1024256 ] Medium CVE-2020-6404: Inappropriate implementation in Blink Reported by kanchi on 2019-11-13 Severity: medium

CVE-2020-6401 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6401 Stable Channel Update for Desktop CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh on 2019-10-24 [$500][ 1029375 ] Medium CVE-2020-6402: Insufficient policy enforcement in downloads Reported by Vladimir Metnew (@vladimir_metnew) on 2019-11-28 Severity: medium

CVE-2020-6405 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6405 Stable Channel Update for Desktop CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen(Ne0) & Rui Zhong(zr33) on 2020-01-15 [$N/A][ 1042254 ] Medium CVE-2020-6406: Use after free in audio Reported by Sergei Glazunov of Google Project Zero on 2020-01-15 Severity: medium

CVE-2020-6393 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6393 Stable Channel Update for Desktop CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery on 2019-12-17 [$5000][ 999001 ] Medium CVE-2020-6499: Inappropriate implementation in AppCache Reported by Kevin Higgs (@themalwareman) on 2019-08-29 Severity: medium

CVE-2020-6396 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6396 Stable Channel Update for Desktop CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie on 2019-12-18 [$2000][ 1027408 ] Medium CVE-2020-6397: Incorrect security UI in sharing Reported by Khalil Zhani on 2019-11-22 Severity: medium

CVE-2020-6500 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6500 Stable Channel Update for Desktop CVE-2020-6500: Inappropriate implementation in interstitials. Reported by evi1m0 of Bilibili Security Team on 2018-05-15 [$1000][ 1038036 ] Medium CVE-2020-6400: Inappropriate implementation in CORS Reported by Takashi Yoneuchi (@y0n3uchy) on 2019-12-27 Severity: medium

CVE-2020-6394 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6394 Stable Channel Update for Desktop CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo on 2019-10-15 [$3000][ 1022855 ] Medium CVE-2020-6395: Out of bounds read in JavaScript Reported by Pierre Langlois from Arm on 2019-11-08 Severity: medium

CVE-2020-6398 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6398 Stable Channel Update for Desktop CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk on 2019-12-09 [$2000][ 1039869 ] Medium CVE-2020-6399: Insufficient policy enforcement in AppCache Reported by Luan Herrera (@lbherrera_) on 2020-01-07 Severity: medium

CVE-2019-19923 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-19923 Stable Channel Update for Desktop CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz, SAP on 2020-01-16 [$1000][ 1026546 ] Low CVE-2020-6408: Insufficient policy enforcement in CORS Reported by Zhong Zhaochen of andsecurity Severity: medium

CVE-2020-6391 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-6391 Stable Channel Update for Desktop CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski of Securitum on 2019-10-24 [$5000][ 1030411 ] Medium CVE-2020-6392: Insufficient policy enforcement in extensions Reported by Microsoft Edge Team on 2019-12-03 Severity: medium

CVE-2020-6412 [LOW] Stable Channel Update for Desktop: CVE-2020-6412 Stable Channel Update for Desktop CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng (@zzh1996) of University of Science and Technology of China on 2019-05-30 [$N/A][ 1005713 ] Low CVE-2020-6413: Inappropriate implementation in Blink Reported by Michał Bentkowski of Securitum on 2019-09-19 Severity: low

CVE-2020-6414 [LOW] Stable Channel Update for Desktop: CVE-2020-6414 Stable Channel Update for Desktop CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A Severity: low

CVE-2020-6409 [LOW] Stable Channel Update for Desktop: CVE-2020-6409 Stable Channel Update for Desktop CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V from Karya Technologies on 2019-12-26 [$500][ 881675 ] Low CVE-2020-6410: Insufficient policy enforcement in navigation Reported by evi1m0 of Bilibili Security Team on 2018-09-07 Severity: low

CVE-2020-6411 [LOW] Stable Channel Update for Desktop: CVE-2020-6411 Stable Channel Update for Desktop CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani on 2019-02-07 [$500][ 785159 ] Low CVE-2020-6502: Incorrect security UI in permissions Reported by evi1m0 of Bilibili Security Team on 2017-11-15 Severity: low