[German]Google has released a security update to Chrome 77.0.3865.75 on September 10, 2019. This update closes 52 vulnerabilities and contains further improvements and fixes.
The release notes list one critical vulnerability and several high rated vulnerabilities that have been fixed.
- Critical CVE-2019-5870: Use-after-free in media. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29
- High CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous on 2019-08-03
- High CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin（金哲），Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2019-07-05
- High CVE-2019-5873: URL bar spoofing on iOS. Reported by Khalil Zhani on 2019-07-31
- High CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee (@Windowsrcer) on 2019-08-01
- High CVE-2019-5875: URL bar spoof via download redirect. Reported by Khalil Zhani on 2019-06-28
- High CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-23
- High CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29
- High CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-03
The security fixes rated Medium and Low are listed in the Release Notes. Google will not disclose details until the majority of users have installed this Chrome version. Bleeping Computer mentioned here, that the Extended Validation indicator for URLs has been removed.
The Chrome version 77.0.3865.75 is available for Windows, Mac and Linux and will be rolled out to the systems via the automatic update function in the coming days. You can download it here.