The Chrome squad is delighted to denote the advertisement of Chrome 72 to the stable channel for Windows, Mac as well as Linux. This volition scroll out over the coming days/weeks.

Chrome 72.0.3626.81 contains a number of fixes as well as improvements -- a listing of changes is available inward the log. Watch out for upcoming Chrome and Chromium blog posts nigh novel features as well as large efforts delivered inward 72.



Security Fixes as well as Rewards
Note: Access to põrnikas details as well as links may travel kept restricted until a bulk of users are updated with a fix. We volition likewise retain restrictions if the põrnikas exists inward a tertiary political party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 58 security fixes. Below, nosotros highlight fixes that were contributed past times external researchers. Please meet the Chrome Security Page for to a greater extent than information.

[$7500][914497] Critical CVE-2019-5754: Inappropriate implementation inward QUIC Networking. Reported past times Klzgrad on 2018-12-12
[$N/A][906043] High CVE-2019-5782:  Inappropriate implementation inward V8. Reported past times Qixun Zhao of Qihoo 360 Vulcan Team via Tianfu Cup on 2018-11-16

[$5000][913296] High CVE-2019-5755: Inappropriate implementation inward V8. Reported past times Jay Bosamiya on 2018-12-10
[$5000][895152] High CVE-2019-5756: Use afterward gratis inward PDFium. Reported past times Anonymous on 2018-10-14
[$3000][915469] High CVE-2019-5757: Type Confusion inward SVG. Reported past times Alexandru Pitis, Microsoft Browser Vulnerability Research on 2018-12-15
[$3000][913970] High CVE-2019-5758: Use afterward gratis inward Blink. Reported past times Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
[$3000][912211] High CVE-2019-5759: Use afterward gratis inward HTML select elements. Reported past times Almog Republic of Benin on 2018-12-05
[$3000][912074] High CVE-2019-5760: Use afterward gratis inward WebRTC. Reported past times Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-05
[$3000][904714] High CVE-2019-5761: Use afterward gratis inward SwiftShader. Reported past times Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-13
[$3000][900552] High CVE-2019-5762: Use afterward gratis inward PDFium. Reported past times Anonymous on 2018-10-31
[$1000][914731] High CVE-2019-5763: Insufficient validation of untrusted input inward V8. Reported past times Guang Gong of Alpha Team, Qihoo 360 on 2018-12-13
[$1000][913246] High CVE-2019-5764: Use afterward gratis inward WebRTC. Reported past times Eyal Itkin from Check Point Software Technologies on 2018-12-09
[$N/A][922677] High: Use afterward gratis inward FileAPI. Reported past times Mark Brand of Google Project Zero on 2019-01-16
[$TBD][922627] High CVE-2019-5765: Insufficient policy enforcement inward the browser. Reported past times Sergey Toshin (@bagipro) on 2019-01-16
[$N/A][916080] High: Use afterward gratis inward Mojo interface. Reported past times Mark Brand of Google Project Zero on 2018-12-18
[$N/A][912947] High: Use afterward gratis inward Payments. Reported past times Mark Brand of Google Project Zero on 2018-12-07
[$N/A][912520] High: Use afterward gratis inward Mojo interface. Reported past times Mark Brand of Google Project Zero on 2018-12-06
[$N/A][899689] High: Stack buffer overflow inward Skia. Reported past times Ivan Fratric of Google Project Zero on 2018-10-29
[$4000][907047] Medium CVE-2019-5766: Insufficient policy enforcement inward Canvas. Reported past times David Erceg on 2018-11-20
[$2000][902427] Medium CVE-2019-5767: Incorrect safety UI inward WebAPKs. Reported past times Haoran Lu, Yifan Zhang, Luyi Xing, as well as Xiaojing Liao from Indiana University Bloomington on 2018-11-06
[$2000][805557] Medium CVE-2019-5768: Insufficient policy enforcement inward DevTools. Reported past times Rob Wu on 2018-01-24
[$1000][913975] Medium CVE-2019-5769: Insufficient validation of untrusted input inward Blink. Reported past times Guy Eshel on 2018-12-11
[$1000][908749] Medium CVE-2019-5770: Heap buffer overflow inward WebGL. Reported past times  hemidallt@ on 2018-11-27
[$1000][904265] Medium CVE-2019-5771: Heap buffer overflow inward SwiftShader. Reported past times Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-12
[$500][908292] Medium CVE-2019-5772: Use afterward gratis inward PDFium. Reported past times Zhen Zhou of NSFOCUS Security Team on 2018-11-26
[$N/A][917668] Medium CVE-2019-5773: Insufficient information validation inward IndexedDB. Reported past times Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2018-12-24
[$N/A][904182] Medium CVE-2019-5774: Insufficient validation of untrusted input inward SafeBrowsing. Reported past times Junghwan Kang (ultract) as well as Juno Im on 2018-11-11
[$N/A][896722] Medium CVE-2019-5775: Insufficient policy enforcement inward Omnibox. Reported past times evi1m0 of Bilibili Security Team on 2018-10-18
[$N/A][863663] Medium CVE-2019-5776: Insufficient policy enforcement inward Omnibox. Reported past times Lnyas Zhang on 2018-07-14
[$N/A][849421] Medium CVE-2019-5777: Insufficient policy enforcement inward Omnibox. Reported past times Khalil Zhani on 2018-06-04
[$500][918470] Low CVE-2019-5778: Insufficient policy enforcement inward Extensions. Reported past times David Erceg on 2019-01-02
[$500][904219] Low CVE-2019-5779: Insufficient policy enforcement inward ServiceWorker. Reported past times David Erceg on 2018-11-11
[$500][891697] Low CVE-2019-5780: Insufficient policy enforcement. Reported past times Andreas Hegenberg (folivora.AI GmbH) on 2018-10-03
[$N/A][896725] Low CVE-2019-5781: Insufficient policy enforcement inward Omnibox. Reported past times evi1m0 of Bilibili Security Team on 2018-10-18

We would likewise similar to give thank you lot all safety researchers that worked with us during the evolution bike to forestall safety bugs from always reaching the stable channel.

As usual, our ongoing internal safety piece of occupation was responsible for a broad gain of fixes:

  • [926238] Various fixes from internal audits, fuzzing as well as other initiatives





Interested inward switching unloose channels?  Find out how here. If you lot let out a novel issue, delight allow us know past times filing a bug. The community help forum is likewise a bully house to accomplish out for help or larn nigh mutual issues.


Thank you,

Abdul Syed