Chrome releases reports:
This release contains 35 security fixes, including:
- [1127322] Critical CVE-2020-15967: Use after free in payments.
Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11
- [1126424] High CVE-2020-15968: Use after free in Blink.
Reported by Anonymous on 2020-09-09
- [1124659] High CVE-2020-15969: Use after free in WebRTC.
Reported by Anonymous on 2020-09-03
- [1108299] High CVE-2020-15970: Use after free in NFC. Reported
by Man Yue Mo of GitHub Security Lab on 2020-07-22
- [1114062] High CVE-2020-15971: Use after free in printing.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on
2020-08-07
- [1115901] High CVE-2020-15972: Use after free in audio.
Reported by Anonymous on 2020-08-13
- [1133671] High CVE-2020-15990: Use after free in autofill.
Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on
2020-09-30
- [1133688] High CVE-2020-15991: Use after free in password
manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo
360 on 2020-09-30
- [1106890] Medium CVE-2020-15973: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-07-17
- [1104103] Medium CVE-2020-15974: Integer overflow in Blink.
Reported by Juno Im (junorouse) of Theori on 2020-07-10
- [1110800] Medium CVE-2020-15975: Integer overflow in
SwiftShader. Reported by Anonymous on 2020-07-29
- [1123522] Medium CVE-2020-15976: Use after free in WebXR.
Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on
2020-08-31
- [1083278] Medium CVE-2020-6557: Inappropriate implementation
in networking. Reported by Matthias Gierlings and Marcus Brinkmann
(NDS Ruhr-University Bochum) on 2020-05-15
- [1097724] Medium CVE-2020-15977: Insufficient data validation
in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on
2020-06-22
- [1116280] Medium CVE-2020-15978: Insufficient data validation
in navigation. Reported by Luan Herrera (@lbherrera_) on
2020-08-14
- [1127319] Medium CVE-2020-15979: Inappropriate implementation
in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on
2020-09-11
- [1092453] Medium CVE-2020-15980: Insufficient policy
enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and
Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
- [1123023] Medium CVE-2020-15981: Out of bounds read in audio.
Reported by Christoph Guttandin on 2020-08-28
- [1039882] Medium CVE-2020-15982: Side-channel information
leakage in cache. Reported by Luan Herrera (@lbherrera_) on
2020-01-07
- [1076786] Medium CVE-2020-15983: Insufficient data validation
in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-04-30
- [1080395] Medium CVE-2020-15984: Insufficient policy
enforcement in Omnibox. Reported by Rayyan Bijoora on
2020-05-07
- [1099276] Medium CVE-2020-15985: Inappropriate implementation
in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2020-06-25
- [1100247] Medium CVE-2020-15986: Integer overflow in media.
Reported by Mark Brand of Google Project Zero on 2020-06-29
- [1127774] Medium CVE-2020-15987: Use after free in WebRTC.
Reported by Philipp Hancke on 2020-09-14
- [1110195] Medium CVE-2020-15992: Insufficient policy
enforcement in networking. Reported by Alison Huffman, Microsoft
Browser Vulnerability Research on 2020-07-28
- [1092518] Low CVE-2020-15988: Insufficient policy enforcement
in downloads. Reported by Samuel Attard on 2020-06-08
- [1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.
Reported by Gareth Evans (Microsoft) on 2020-07-22