Security News > 2020 > March > Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases
Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser.
The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.
A total of 13 security fixes were included in the latest Chrome update, including nine for vulnerabilities discovered by external security researchers.
Another Google Project Zero researcher, Natalie Silvanovich, found an out-of-bounds read bug in usersctplib, which is tracked as CVE-2019-20503.
The last vulnerability has been described by Google as an inappropriate implementation in V8. The security hole is tracked as CVE-2020-6426 and it was reported by Avihay Cohen of SeraphicAlgorithms.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-6426 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2020-03-06 | CVE-2019-20503 | Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | 6.5 |