[German] Google's developers have just released Chrome 79.0.3945.130. The browser update closes 11 vulnerabilities in total, but Google don't reaveal details about that.
Advertising
In the release notes the following security fixes are listed for the desktop (it's only a part of all 11 vulnerabilities closed).
- [1018677] Critical CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio from Forcepoint on 2019-10-28
- [1033407] High CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-12-12
- [1032170] High CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
- [1040772] High N/A: Protections to mitigate Windows ECC certificate validation vulnerability CVE-2020-0601.
The release note also mentions [1042448] Various fixes from internal audits, fuzzing and other initiatives. Details will not be disclosed by Google. A list of changes can be found on this log page. A change is also, that the new Chrome mitigates the CryptoAPI vulnerability within the browser for unpatched systems. The vulnerability has been reported by NSA and Microsoft patched it on Windows 10/Server 2016/2019 in January 2020.
Chrome version 79.0.3945.130 is available for Windows, Mac and Linux and will be rolled out to the systems via the automatic update function in the next few days. You can download it here.
