78.0.3904.70
includes 37 security fix
[1001503] High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06
[998431] High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28
[998284] High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27
[991125] Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois (phillip.langlois@nccgroup.com) and Edward Torkington (edward.torkington@nccgroup.com), NCC Group on 2019-08-06
[992838] Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12
[1001283] Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
[989078] Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30
[1001159] Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05
[859349] Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01
[931894] Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13
[1005218] Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18
[756825] Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18
[986063] Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20
[1004341] Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16
[993288] Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13
[982812] Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10
[760855] Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-31
[1005948] Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19
[839239] Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent’s Xuanwu Lab on 2018-05-03
[866162] Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20
[927150] Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31