Google Chrome Chrome vulnerabilities

CVE-2020-6417 [LOW] Stable Channel Update for Desktop: CVE-2020-6417 Stable Channel Update for Desktop CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato "Wrath" Moraes and Altieres "FallenHawk" Rohr on 2019-12-13 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2020-6415 [LOW] Stable Channel Update for Desktop: CVE-2020-6415 Stable Channel Update for Desktop CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-11-30 [$N/A][ 1031895 ] Low CVE-2020-6416: Insufficient data validation in streams Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2019-12-08 Severity: low

CVE-2020-6378 [CRITICAL] Stable Channel Update for Desktop: CVE-2020-6378 Stable Channel Update for Desktop CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio from Forcepoint on 2019-10-28 [$2000][ 1033407 ] High CVE-2020-6379: Use-after-free in speech recognizer Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-12-12 Severity: critical

CVE-2020-6380 [HIGH] Stable Channel Update for Desktop: CVE-2020-6380 Stable Channel Update for Desktop CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09 [$N/A][ 1040772 ] High N/A: Protections to mitigate Windows ECC certificate validation vulnerability CVE-2020-0601 Severity: high

CVE-2020-6377 [HIGH] Stable Channel Update for Desktop: CVE-2020-6377 Stable Channel Update for Desktop CVE-2020-6377: Use after free in audio. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2019-11-29 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2019-13767 [HIGH] Stable Channel Update for Desktop: CVE-2019-13767 Stable Channel Update for Desktop CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov of Google Project Zero on 2019-12-06 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2019-13725 [CRITICAL] Stable Channel Update for Desktop: CVE-2019-13725 Stable Channel Update for Desktop CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-15 [$TBD][ 1027152 ] Critical CVE-2019-13726: Heap buffer overflow in password manager Reported by Sergei Glazunov of Google Project Zero on 2019-11-21 Severity: critical

CVE-2019-13734 [HIGH] Stable Channel Update for Desktop: CVE-2019-13734 Stable Channel Update for Desktop CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16 [$TBD][ 1025468 ] High CVE-2019-13735: Out of bounds write in V8 Reported by Gengming Liu and Zhen Feng from Tencent Keen Lab on 2019-11-16 Severity: high

CVE-2019-13730 [HIGH] Stable Channel Update for Desktop: CVE-2019-13730 Stable Channel Update for Desktop CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu at SSLab, Georgia Tech on 2019-11-27 [$TBD][ 1023817 ] High CVE-2019-13732: Use after free in WebAudio Reported by Sergei Glazunov of Google Project Zero on 2019-11-12 Severity: high

CVE-2019-13764 [HIGH] Stable Channel Update for Desktop: CVE-2019-13764 Stable Channel Update for Desktop CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu at SSLab, Georgia Tech on 2019-11-26 [$7500][ 1020899 ] Medium CVE-2019-13736: Integer overflow in PDFium Reported by Anonymous on 2019-11-03 Severity: high

CVE-2019-13727 [HIGH] Stable Channel Update for Desktop: CVE-2019-13727 Stable Channel Update for Desktop CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu on 2019-03-21 [$7500][ 1024758 ] High CVE-2019-13728: Out of bounds write in V8 Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2019-11-14 Severity: high

CVE-2019-13741 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13741 Stable Channel Update for Desktop CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski of Securitum on 2019-10-07 [$2000][ 1017564 ] Medium CVE-2019-13742: Incorrect security UI in Omnibox Reported by Khalil Zhani on 2019-10-24 Severity: medium

CVE-2019-13743 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13743 Stable Channel Update for Desktop CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng of Tencent security platform department on 2017-08-10 [$1000][ 853670 ] Medium CVE-2019-13744: Insufficient policy enforcement in cookies Reported by Prakash (@1lastBr3ath) on 2018-06-18 Severity: medium

CVE-2019-13737 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13737 Stable Channel Update for Desktop CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery on 2019-10-12 [$5000][ 1017441 ] Medium CVE-2019-13738: Insufficient policy enforcement in navigation Reported by Johnathan Norman and Daniel Clark of Microsoft Edge Team on 2019-10-23 Severity: medium

CVE-2019-13739 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13739 Stable Channel Update for Desktop CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2018-03-22 [$2000][ 1005596 ] Medium CVE-2019-13740: Incorrect security UI in sharing Reported by Khalil Zhani on 2019-09-19 Severity: medium

CVE-2019-13747 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13747 Stable Channel Update for Desktop CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti on 2019-10-26 [$N/A][ 993706 ] Medium CVE-2019-13748: Insufficient policy enforcement in developer tools Reported by David Erceg on 2019-08-14 Severity: medium

CVE-2019-13749 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13749 Stable Channel Update for Desktop CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-10-03 [$TBD][ 1025464 ] Medium CVE-2019-13750: Insufficient data validation in SQLite Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16 Severity: medium

CVE-2019-13753 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13753 Stable Channel Update for Desktop CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16 [$500][ 442579 ] Low CVE-2019-13754: Insufficient policy enforcement in extensions Reported by Cody Crews on 2014-12-16 Severity: medium

CVE-2019-13745 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13745 Stable Channel Update for Desktop CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera (@lbherrera_) on 2019-08-05 [$500][ 999932 ] Medium CVE-2019-13746: Insufficient policy enforcement in Omnibox Reported by David Erceg on 2019-09-02 Severity: medium

CVE-2019-13751 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13751 Stable Channel Update for Desktop CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16 [$TBD][ 1025470 ] Medium CVE-2019-13752: Out of bounds read in SQLite Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16 Severity: medium