The medium-severity flaws include an integer overflow in PDFium insufficient policy enforcement in autocomplete, navigation, Omnibox, cookies, audio, and developer tools incorrect security UIs in Omnibox, sharing, and external protocol handling insufficient validation of untrusted input in Blink uninitialized use in rendering and SQLite and out of bounds read and insufficient data validation issues in SQLite. The high-risk vulnerabilities addressed in this release include insufficient policy enforcement in WebSockets (CVE-2019-13727), out of bounds write in V8 (CVE-2019-13728 and CVE-2019-13735), use-after-free in WebSockets (CVE-2019-13729), type confusion in V8 (CVE-2019-13730 and CVE-2019-13764), use-after-free in WebAudio (CVE-2019-13732), and out of bounds write in SQLite (CVE-2019-13734). ![]() Google revealed that it paid $20,000 for the use-after-free flaw, but has yet to determine the bug bounty reward for the heap buffer overflow. ![]() The two critical flaws include CVE-2019-13725, a use-after-free in the Bluetooth component reported by Gengming Liu and Jianyu Chen of Tencent Keen Security Lab, and CVE-2019-13726, a heap buffer overflow in password manager, reported by Sergei Glazunov of Google Project Zero. Of the remaining bugs reported by external researchers, 8 are considered high risk, 18 have a medium severity rating, and 9 are considered low-risk. Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |