Security News > 2020 > February > Chrome 80 Released With 56 Security Fixes

Chrome 80 Released With 56 Security Fixes
2020-02-06 06:04

Google this week released Chrome 80 to the stable channel with 56 vulnerability patches and various other improvements to user security.

To better protect from cross-site request forgery attacks, Chrome 80 will enforce a new secure-by-default cookie classification system, where only cookies set as SameSite=None; Secure will be available in third-party contexts, as long as they are accessed from secure connections.

Google plans to disable FTP by default in the next Chrome iteration and will completely remove support for it in Chrome 82.

Of the 56 patches included in the new release - which is rolling out to Windows, Mac and Linux as Chrome 80.0.3987.87 - 37 address vulnerabilities that were reported by external researchers.

Medium risk bugs addressed in Chrome 80 include insufficient validations of untrusted input in Blink and Omnibox; insufficient policy enforcements in extensions, Blink, AppCache, and downloads; out of bounds reads in JavaScript and SQLite; inappropriate implementations in Skia, CORS, and Blink; incorrect security UIs in sharing and Omnibox; uninitialized use in PDFium; use after free in audio, and out of bounds memory access in SQLite.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/QD5fWOEDY-4/chrome-80-released-56-security-fixes