This update includes
33 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[$TBD][
1136078] High CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-10-07
[$TBD][
1139408] High CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara on 2020-10-16
[$TBD][
1139411] High CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara on 2020-10-16
[$TBD][
1139414] High CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara on 2020-10-16
[$TBD][
1145680] High CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar on 2020-11-04
[$TBD][
1146673] High CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07
[$TBD][
1146675] High CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07
[$7500+$7500][
1146761] High CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the
@Eff on 2020-11-07
[$NA][
1147430] High CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10
[$NA][
1147431] High CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10
[$7500][
1139153] Medium CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim (kkwon) on 2020-10-16
[$5000][
1116444] Medium CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-08-14
[$5000][
1138446] Medium CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine on 2020-10-14
[$3000][
1134338] Medium CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous on 2020-10-01
[$3000][
1141350] Medium CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum on 2020-10-22
[$1000][
945997] Medium CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion (
Homepage - Cyberpion) on 2019-03-26
[$500][
1133183] Medium CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01(
https://twitter.com/wester0x01) on 2020-09-29
[$500][
1136714] Medium CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01(
https://twitter.com/wester0x01) on 2020-10-09
[$500][
1143057] Medium CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani on 2020-10-28
[$TBD][
1137362] Medium CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by vvmute (Benjamin Petermaier) on 2020-10-12
[$TBD][
1139409] Medium CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara on 2020-10-16
[$5000][
1088224] Low CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs on 2020-05-30
[$500][
830808] Low CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-09
www.technopat.net
