On Wed, 22 Apr 2020 11:55:00 +0300 jim_p <pitsior...@gmail.com> wrote:
> As the title suggests, please update chromium to 81.0.4044.113 (or later), > because it includes a patch for CVE-2020-6457, which is a critical security > issue. More info here > https://chromereleases.googleblog.com/2020/04/stable-channel-update-for- > desktop_15.html In the meantime, another major version of Chromium was released with many high profile security fixes: - High CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 - High CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 - High CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 - High CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 - High CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 Also, from previous releases: - High CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang on 2020-04-15 - High CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-26 - High CVE-2020-6461: Use after free in storage. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-21 - High CVE-2020-6459: Use after free in payments. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-27 - High CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous on 2020-03-21 - High CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial of REDTEAM.PL on 2020-03-26 - High CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-04-02 -- Don't compare floating point numbers just for equality. - The Elements of Programming Style (Kernighan & Plauger)
