{"id":15050,"date":"2020-07-15T22:42:15","date_gmt":"2020-07-15T20:42:15","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15050"},"modified":"2020-07-15T22:42:15","modified_gmt":"2020-07-15T20:42:15","slug":"chrome-84-0-4147-89-freigegeben","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/15\/chrome-84-0-4147-89-freigegeben\/","title":{"rendered":"Chrome 84.0.4147.89 released"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Chrome.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/07\/15\/chrome-84-0-4147-89-freigegeben\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Google's developers have updated the Chrome Browser to version 84.0.4147.89 as of July 14 , 2020. This version closes vulnerabiltieis in the desktop version of Google Browser. TLS 1.0 and 1.1 support has also been removed.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/be6c36ad6f4f406e82dd99a27546dca7\" width=\"1\" height=\"1\">Google has published <a href=\"https:\/\/chromereleases.googleblog.com\/2020\/07\/stable-channel-update-for-desktop.html\" target=\"_blank\" rel=\"noopener noreferrer\">this blog post<\/a> about version 84.0.4147.89. Starting with Chrome 84, Google is now removing TLS 1.0 and 1.1 support. When visitors visit a site that uses these older certificates, they are greeted with a full-page intermediate page indicating that the \"connection is not completely secure,\" as Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/chrome-84-released-with-important-security-enhancements\/\" target=\"_blank\" rel=\"noopener noreferrer\">writes here<\/a>. The security update fixes 38 vulnerabilities in Google's Chrome browser for the desktop.&nbsp; <\/p>\n<ul>\n<li>[$TBD][1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08\n<li>[$5000][1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24\n<li>[$5000][1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20\n<li>[$2000][1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04\n<li>[$TBD][1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30\n<li>[$TBD][1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14\n<li>[$TBD][1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (\u817e\u8baf\u5b89\u5168\u7384\u6b66\u5b9e\u9a8c\u5ba4\uff09 on 2020-06-08\n<li>[$TBD][1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16\n<li>[$3000][986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20\n<li>[$3000][1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25\n<li>[$1000][1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08\n<li>[$500][1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27\n<li>[$TBD][1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13\n<li>[$N\/A][1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08\n<li>[$N\/A][1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12\n<li>[$N\/A][1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05\n<li>[$1000][1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24\n<li>[$500][992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10\n<li>[$500][1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22\n<li>[$N\/A][978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26\n<li>[$N\/A][1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21\n<li>[$TBD][1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17\n<li>[$N\/A][1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11\n<li>[$N\/A][1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20\n<li>[$TBD][1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22\n<li>[$TBD][1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09\n<li>We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.<br \/>As usual, our ongoing internal security work was responsible for a wide range of fixes:<br \/>[1105224] Various fixes from internal audits, fuzzing and other initiatives<\/li>\n<\/ul>\n<p>Many of the vulnerabilities have been identified using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer or AFL. <\/p>\n<p>Chrome version84.0.4147.89 for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next days. You can also download this build <a href=\"https:\/\/www.google.com\/intl\/de_de\/chrome\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. Updates for Edge, Vivaldi and other clones will probably follow soon. (<a href=\"https:\/\/www.deskmodder.de\/blog\/2020\/07\/15\/chrome-84-0-4147-89-behebt-sehr-viele-sicherheitsluecken\/\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Google's developers have updated the Chrome Browser to version 84.0.4147.89 as of July 14 , 2020. This version closes vulnerabiltieis in the desktop version of Google Browser. TLS 1.0 and 1.1 support has also been removed.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,1547,22],"tags":[780,69,195],"class_list":["post-15050","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-software","category-update","tag-chrome","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15050"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15050\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}