taitei.net

chrome86 part2

投稿日: 2020年11月2日作成者: taitei

86.0.4240.111

includes 5 security fixes

[1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06
[1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05
[1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2020-10-13
[1139963] High CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero on 2020-10-19
[1134960] Medium CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani on 2020-10-04

コメントする

chrome86

投稿日: 2020年10月7日作成者: taitei

86.0.4240.75

35 security fixes

[1127322] Critical CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11

[1126424] High CVE-2020-15968: Use after free in Blink. Reported by Anonymous on 2020-09-09

[1124659] High CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous on 2020-09-03

[1108299] High CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab on 2020-07-22

[1114062] High CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-08-07

[1115901] High CVE-2020-15972: Use after free in audio. Reported by Anonymous on 2020-08-13

[1133671] High CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30

[1133688] High CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30

[1106890] Medium CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-17

[1104103] Medium CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im (junorouse) of Theori on 2020-07-10

[1110800] Medium CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous on 2020-07-29

[1123522] Medium CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-08-31

[1083278] Medium CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann (NDS Ruhr-University Bochum) on 2020-05-15

[1097724] Medium CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati (https://twitter.com/imnarendrabhati) on 2020-06-22

[1116280] Medium CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera (@lbherrera_) on 2020-08-14

[1127319] Medium CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-09-11

[1092453] Medium CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室） on 2020-06-08

[1123023] Medium CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin on 2020-08-28

[1039882] Medium CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera (@lbherrera_) on 2020-01-07

[1076786] Medium CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-30

[1080395] Medium CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora on 2020-05-07

[1099276] Medium CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2020-06-25

[1100247] Medium CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero on 2020-06-29

[1127774] Medium CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke on 2020-09-14

[1110195] Medium CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-28

[1092518] Low CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard on 2020-06-08

[1108351] Low CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans (Microsoft) on 2020-07-22

コメントする

chrome85 part3

投稿日: 2020年9月23日作成者: taitei

85.0.4183.121

10 security fix included

[1100136] High CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous on 2020-06-28

[1114636] High CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-10

[1121836] High CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-26

[1113558] High CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06

[1126249] High CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-09-08

[1113565] Medium CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06

[1121414] Low CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-08-25

コメントする

chrome85 part2

投稿日: 2020年9月9日作成者: taitei

85.0.4183.102

included 5 security fixes

[1116304] High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14

[1102196] High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs on 2020-07-05

[1081874] High CVE-2020-6575: Race in Mojo. Reported by Microsoft on 2020-05-12

[1111737] High CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31

[1122684] High CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft on 2020-08-27

コメントする

chrome85

投稿日: 2020年8月26日作成者: taitei

85.0.4183.83

includes 20 security fixes

[1109120] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24

[1116706] High CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15

[1108181] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22

[932892] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16

[1086845] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27

[1104628] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12

[841622] Medium CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani on 2018-05-10

[1029907] Medium CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-12-02

[1065264] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27

[937179] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01

[1092451] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室） on 2020-06-08

[995732] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20

[1084699] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19

[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora on 2020-05-21

コメントする

chrome84 part2

投稿日: 2020年8月11日作成者: taitei

84.0.4147.125

15 security fixes included

[1107433] High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20

[1104046] High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10

[1108497] High CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori on 2020-07-22

[1095584] High CVE-2020-6545: Use after free in audio. Reported by Anonymous on 2020-06-16

[1100280] High CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess (any1) on 2020-06-29

[1102153] High CVE-2020-6547: Incorrect security UI in media. Reported by David Albert on 2020-07-05

[1103827] High CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09

[1105426] High CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero on 2020-07-14

[1106682] High CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17

[1107815] High CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2020-07-21

[1108518] High CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori on 2020-07-22

[1111307] High CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30

[1094235] Medium CVE-2020-6554: Use after free in extensions. Reported by Anonymous on 2020-06-12

[1105202] Medium CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos on 2020-07-13

コメントする

chrome84

投稿日: 2020年7月15日作成者: taitei

84.0.4147.89

includes 38 security fixes.

[1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08

[1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24

[1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20

[1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04

[1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30

[1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14

[1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com) on 2020-06-08

[1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16

[986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20

[1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25

[1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08

[1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27

[1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13

[1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08

[1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12

[1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05

[1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24

[992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10

[1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22

[978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26

[1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21

[1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17

[1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11

[1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20

[1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22

[1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09

コメントする

chrome83 part2

投稿日: 2020年6月7日作成者: taitei

83.0.4103.97

This update includes 5 security fixes.

[1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13

[1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18

[1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18

[1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24

コメントする

chrome 83

投稿日: 2020年5月20日作成者: taitei

(skip M82 due to COVID-19 virus)

83.0.4103.61

included 38 security fixes

[1073015] High CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21

[1074706] High CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26

[1068084] High CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06

[1076708] High CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30

[1067382] High CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02

[1065761] Medium CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30

[1059577] Medium CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08

[1064519] Medium CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25

[1049510] Medium CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06

[1059533] Medium CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07

[1020026] Medium CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31

[1035315] Medium CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18

[946156] Medium CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26

[1037730] Medium CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24

[1041749] Medium CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14

[1054966] Medium CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21

[1068531] Medium CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07

[795595] Medium CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17

[966507] Medium CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23

[1045787] Medium CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26

[1047285] Medium CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30

[1055524] Medium CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24

[539938] Low CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06

[1044277] Low CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21

[1050756] Low CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10

[1035887] Low CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19

[1050011] Low CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07

コメントする

chrome81 part3

投稿日: 2020年4月29日作成者: taitei

81.0.4044.129

2 security fixes included

[1064891] High CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-26

[1072983] High CVE-2020-6461: Use after free in storage. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-21

コメントする

chrome86 part2

chrome86

chrome85 part3

chrome85 part2

chrome85

chrome84 part2

chrome84

chrome83 part2

chrome 83

chrome81 part3

最近の投稿

最近のコメント

アーカイブ

カテゴリー

メタ情報