Google Chrome Chrome vulnerabilities

CVE-2019-13755 [LOW] Stable Channel Update for Desktop: CVE-2019-13755 Stable Channel Update for Desktop CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa on 2017-02-25 [$500][ 708595 ] Low CVE-2019-13756: Incorrect security UI in printing Reported by Khalil Zhani on 2017-04-05 Severity: low

CVE-2019-13762 [LOW] Stable Channel Update for Desktop: CVE-2019-13762 Stable Channel Update for Desktop CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain (@csanuragjain) on 2019-09-16 [$TBD][ 1011600 ] Low CVE-2019-13763: Insufficient policy enforcement in payments Reported by weiwangpp93 on 2019-10-05 Severity: low

CVE-2019-13759 [LOW] Stable Channel Update for Desktop: CVE-2019-13759 Stable Channel Update for Desktop CVE-2019-13759: Incorrect security UI in interstitials. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-11-05 [$N/A][ 1002687 ] Low CVE-2019-13761: Incorrect security UI in Omnibox Reported by Khalil Zhani on 2019-09-10 Severity: low

CVE-2019-13757 [LOW] Stable Channel Update for Desktop: CVE-2019-13757 Stable Channel Update for Desktop CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2018-09-17 [$500][ 979441 ] Low CVE-2019-13758: Insufficient policy enforcement in navigation Reported by Khalil Zhani on 2019-06-28 Severity: low

CVE-2019-13723 [HIGH] Stable Channel Update for Desktop: CVE-2019-13723 Stable Channel Update for Desktop CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li (@Xbalien29) of Tencent Blade Team on 2019-11-13 [$TBD][ 1024116 ] High CVE-2019-13724: Out-of-bounds access in Bluetooth Reported by Yuxiang Li (@Xbalien29) of Tencent Blade Team on 2019-11-13 Severity: high

CVE-2019-13721 [HIGH] Stable Channel Update for Desktop: CVE-2019-13721 Stable Channel Update for Desktop CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin on 2019-10-12 [$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29 Severity: high

CVE-2019-13701 [HIGH] Stable Channel Update for Desktop: CVE-2019-13701 Stable Channel Update for Desktop CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27 [$5000][ 1007194 ] High CVE-2019-13765: Use-after-free in content delivery manager Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-24 Severity: high

CVE-2019-13699 [HIGH] Stable Channel Update for Desktop: CVE-2019-13699 Stable Channel Update for Desktop CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06 [$15000][ 998431 ] High CVE-2019-13700: Buffer overrun in Blink Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28 Severity: high

CVE-2019-13713 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13713 Stable Channel Update for Desktop CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13 [$2000][ 982812 ] Low CVE-2019-13714: CSS injection Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10 Severity: medium

CVE-2019-13711 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13711 Stable Channel Update for Desktop CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20 [$500][ 1004341 ] Medium CVE-2019-15903: Buffer overflow in expat Reported by Sebastian Pipping on 2019-09-16 Severity: medium

CVE-2019-13705 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13705 Stable Channel Update for Desktop CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30 [$2000][ 1001159 ] Medium CVE-2019-13706: Out-of-bounds read in PDFium Reported by pdknsk on 2019-09-05 Severity: medium

CVE-2019-13703 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13703 Stable Channel Update for Desktop CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12 [$3000][ 1001283 ] Medium CVE-2019-13704: CSP bypass Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05 Severity: medium

CVE-2019-13707 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13707 Stable Channel Update for Desktop CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01 [$1000][ 931894 ] Medium CVE-2019-13708: HTTP authentication spoof Reported by Khalil Zhani on 2019-02-13 Severity: medium

CVE-2019-13710 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13710 Stable Channel Update for Desktop CVE-2019-13710: File download protection bypass. Reported by bernardo Severity: medium

CVE-2019-13702 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13702 Stable Channel Update for Desktop CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois (phillip Severity: medium

CVE-2019-13709 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13709 Stable Channel Update for Desktop CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity Severity: medium

CVE-2019-13715 [LOW] Stable Channel Update for Desktop: CVE-2019-13715 Stable Channel Update for Desktop CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-31 [$500][ 1005948 ] Low CVE-2019-13716: Service worker state error Reported by Barron Hagerman on 2019-09-19 Severity: low

CVE-2019-13719 [LOW] Stable Channel Update for Desktop: CVE-2019-13719 Stable Channel Update for Desktop CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2019-13717 [LOW] Stable Channel Update for Desktop: CVE-2019-13717 Stable Channel Update for Desktop CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent's Xuanwu Lab on 2018-05-03 [$N/A][ 866162 ] Low CVE-2019-13718: IDN spoof Reported by Khalil Zhani on 2018-07-20 Severity: low