77.0.3865.75
52 security fix included.
[999311] Critical CVE-2019-5870: Use-after-free in media. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29
[990570] High CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous on 2019-08-03
[981492] High CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response
Center of Qihoo 360 Technology Co. Ltd on 2019-07-05
[989497] High CVE-2019-5873: URL bar spoofing on iOS. Reported by Khalil Zhani on 2019-07-31
[989797] High CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee (@Windowsrcer) on 2019-08-01
[979443] High CVE-2019-5875: URL bar spoof via download redirect. Reported by Khalil Zhani on 2019-06-28
[997190] High CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-23
[999310] High CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29
[1000217] High CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-03
[986043] Medium CVE-2019-5879: Extension can bypass same origin policy. Reported by Jinseo Kim on 2019-07-20
[831725] Medium CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu (@shhnjk) on 2018-04-11
[980816] Medium CVE-2019-5881: Arbitrary read in SwiftShader. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response
Center of Qihoo 360 Technology Co. Ltd on 2019-07-03
[868846] Medium CVE-2019-13659: URL spoof. Reported by Lnyas Zhang on 2018-07-30
[882363] Medium CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-10
[882812] Medium CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-11
[967780] Medium CVE-2019-13662: CSP bypass. Reported by David Erceg on 2019-05-28
[863661] Medium CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang on 2018-07-14
[915538] Medium CVE-2019-13664: CSRF bypass. Reported by thomas “zemnmez” shadwell on 2018-12-16
[959640] Medium CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-05
[960305] Medium CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven on 2019-05-07
[973056] Medium CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani on 2019-06-11
[986393] Medium CVE-2019-13668: Global window leak via console. Reported by David Erceg on 2019-07-22
[968451] Medium CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani on 2019-05-30
[980891] Medium CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-07-03
[696454] Medium CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-02-27
[997925] Medium CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg on 2019-08-26
[896533] Low CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani on 2018-10-18
[929578] Low CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-07
[875178] Low CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-08-17
[939108] Low CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-06
[946633] Low CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing on 2019-03-27
[968914] Low CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin, Superhuman on 2019-05-31
[969684] Low CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade from Computest on 2019-06-03
[970378] Low CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg on 2019-06-04
[971917] Low CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-06-07
[987502] Low CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg on 2019-07-25