Google addresses high severity bugs in Chrome

Google released security updates to address multiple high-severity vulnerabilities in the popular Chrome browser.

Google released security updates to address multiple high-severity vulnerabilities in Chrome, the tech giant also announced a pause for upcoming releases of the popular browser.

The version 80.0.3987.149 is available for download for Windows, Mac, and Linux.

Google announced that it paused the upcoming releases of both Chrome and Chrome OS due to the current COVID-19 outbreak.

“Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases.” reads Google’s release update.

“Our primary objectives are to ensure they continue to be stable, secure, and work reliably for anyone who depends on them. We’ll continue to prioritize any updates related to security, which will be included in Chrome 80.”

Google addresses 13 security vulnerabilities, the most severe one, tracked as CVE-2020-6422, is a use-after-free issue that affects the WebGL. The vulnerability was discovered by David Manouchehri that earned $8,500 as part of the bug bounty program of the company.

Google also addressed two other vulnerabilities, tracked as CVE-2020-6424 and CVE-2020-6425 respectively. The flaws are a use-after-free in the media component and an insufficient policy enforcement issue in extensions, both issues were reported by Sergei Glazunov of Google Project Zero.

Google also fixed four use-after-free issues, tracked as CVE-2020-6427, CVE-2020-6428, CVE-2020-6429, and CVE-2020-6449, in the audio component.

The vulnerabilities were reported by Man Yue Mo of the Semmle Security Research Team.

The IT company also addressed an out-of-bounds read bug in usersctplib, which is tracked as CVE-2019-20503. The vulnerability was reported by Natalie Silvanovich from Google Project Zero.

The updates also address an inappropriate implementation in V8, the issue racked as CVE-2020-6426 was reported by Avihay Cohen of SeraphicAlgorithms.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google Chrome, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]