Security

Google patches multiple Chrome vulnerabilities, including RCE.

The stable release 84.0.4147.105 of Chrome web browser which is out for Windows and Mac fixes a number of vulnerabilities ranging from low to high severity.

Update for Linux distros is expected to be rolled out in the upcoming days.

If exploited, some of these vulns. could have enabled attackers to execute arbitrary code remotely on the victims’ machines.

A list of vulns., security researchers who reported it, as well as the bug bounty offered to them by Google has been announced on the release updates page.

  • [$10000][1105318] High CVE-2020-6537: Type Confusion in V8.
    Reported by Alphalaab on 2020-07-14
  • [$N/A][1096677] High CVE-2020-6538: Inappropriate implementation in WebView.
    Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) on 2020-06-18
  • [$TBD][1104061] High CVE-2020-6532: Use after free in SCTP.
    Reported by Anonymous on 2020-07-09
  • [$N/A][1105635] High CVE-2020-6539: Use after free in CSS.
    Reported by Oriol Brufau on 2020-07-14
  • [$TBD][1105720] High CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15
  • [$N/A][1106773] High CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Prudhvikumar Bommana, Technical Program Manager at Google.

Google’s internal security teams have also been credited with implementing a number of fixes after having discovered bugs, as the page explains.

“[1109361] Various fixes from internal audits, fuzzing, and other initiatives. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.”

Users are advised to update their Chrome browsers to version 84.0.4147.105 or above.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

6 hours ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

2 days ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

2 days ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

5 days ago

World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?

You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js…

1 week ago

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

2 years ago

This website uses cookies.