Google releases the latest Chrome stable version 84.0.4147.125 for Windows, Linux and macOS PC/laptops with as many as 15 security fixes
Google has just released the stable version of “Chrome 84.0.4147.125,” its Chromium-based browser for “Windows”, “macOS” and “Linux” run PC/laptops and servers. According to the company, the distribution has already started. However, it will take a few days or weeks until all users are fully supplied with the latest version.
Featurewise, this update has nothing but it fixes nearly 15 severe vulnerabilities. The stable version has patches for as many as 14 CVEs
Of the 12 vulnerabilities, the second highest from the top of the list of importance is rated “High”, and 9 “Use After Free” vulnerabilities to access memory after freeing are found. The stable version also fixes heap buffer overflow flaws and vulnerabilities related to the user interface and installer.
You can view the changelog for “Chrome 84.0.4147.125” here.
CVEs fixed in Chrome 84.0.4147.125 are as follows: CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, and CVE-2020-6555.
Google has paid out bug bounties to security researchers up to $ 10,000 for finding the following vulnerabilities.
Closed security holes
[$ 10000]  High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20
[$ 7500]  High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10
[$ 7500]  High CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori on 2020-07-22
[$ 5000]  High CVE-2020-6545: Use after free in audio. Reported by Anonymous on 2020-06-16
[$ TBD]  High CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess (any1) on 2020-06-29
[$ TBD]  High CVE-2020-6547: Incorrect security UI in media. Reported by David Albert on 2020-07-05
[$ TBD]  High CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09
[$ N / A]  High CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero on 2020-07-14
[$ N / A]  High CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17
[$ N / A]  High CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2020-07-21
[$ TBD]  High CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori on 2020-07-22
[$ TBD]  High CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30
[$ 5000]  Medium CVE-2020-6554: Use after free in extensions. Reported by Anonymous on 2020-06-12
[$ 1000]  Medium CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos on 2020-07-13