87.0.4280.66
includes 33 security fixes
[1136078] High CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-10-07
[1139408] High CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara on 2020-10-16
[1139411] High CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara on 2020-10-16
[1139414] High CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara on 2020-10-16
[1145680] High CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar on 2020-11-04
[1146673] High CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07
[1146675] High CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07
[1146761] High CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff on 2020-11-07
[1147430] High CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10
[1147431] High CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10
[$7500][1139153] Medium CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim (kkwon) on 2020-10-16
[1116444] Medium CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-08-14
[1138446] Medium CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine on 2020-10-14
[1134338] Medium CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous on 2020-10-01
[1141350] Medium CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum on 2020-10-22
[945997] Medium CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion (https://www.cyberpion.com) on 2019-03-26
[1133183] Medium CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-09-29
[1136714] Medium CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-10-09
[1143057] Medium CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani on 2020-10-28
[1137362] Medium CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by vvmute (Benjamin Petermaier) on 2020-10-12
[1139409] Medium CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara on 2020-10-16
[1088224] Low CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs on 2020-05-30
[830808] Low CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-09