Chrome 81 Out And Fixes 32 Security Vulnerabilities

Google Chrome
Google Chrome

Chrome 81 out, and available to Download on Linux, Windows and MAC platforms.

Google has released Chrome 81, and fixes 32 security vulnerabilities including 3 High, 8 Medium and 21 Low severity.

New Chrome version is 81.0.4044.92, includes support for Web NFC API, it means that your device is bundled with an NFC, web apps can use it though Chrome Chrome.

What is Web NFC?

NFC stands for Near Field Communications, a short-range wireless technology operating at 13.56 MHz that enables communication between devices at a distance less than 10 cm and a transmission rate of up to 424 kbit/s.

Near Field Communication (NFC) enables wireless communication between two devices at close proximity, usually less than a few centimeters. NFC is an international standard (ISO/IEC 18092) defining an interface and protocol for simple wireless interconnection of closely coupled devices operating at 13.56 MHz.

Chrome 81.0.4044.92 contains a number of fixes and improvements – a list of changes is available in the log.

Security Fixes and Rewards

This update includes 32 security fixes. See below highlight fixes that were contributed by external researchers.

  • [$7500][1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29
  • [$5000][1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18
  • [$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
  • [$2000][1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
  • [$2000][1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10
  • [$1000][852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14
  • [$1000][965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21
  • [$1000][1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21
  • [$500][1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
  • [$N/A][1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
  • [$TBD][1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
  • [$500][639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19
  • [$500][714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24
  • [$500][868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26
  • [$500][894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11
  • [$500][959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
  • [$500][1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by [email protected] on 2019-10-12
  • [$500][1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08
  • [$N/A][922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17
  • [$N/A][933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
  • [$N/A][933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
  • [$N/A][991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
  • [$N/A][1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Google chrome security team will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

How To Update?

To update Chrome Browser 81 Version.

Go to Settings –> Help –> About Google chrome.

It will check automatically for new update and install or directly download from google.com/chrome

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Binance Hacked- Hackers Stole $40 Million in Bitcoin

Hackers stole 7000 Bitcoin, worth nearly $41 million USD at current price....
Read More

Leave a Reply