Google Chrome 73.0.3683.75 releases: includes 60 security fixes

by ·

The Google Chrome team has released version 73.0.3683.75 to all official users. There are new features, improvements in this update, and mainly to fix known issues.

Changelog

New feature

  • including the native dark theme that can follow the system. , high-performance Never-Slow Mode and Tab Hover Cards
  • support for hardware multimedia buttons
  • automatic picture-in-picture functionality for PWA applications
  • skipping ads in the picture-in-picture mode.

Security Fixes

[$TBD][913964] High CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
[$N/A][925864] High CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand of Google Project Zero on 2019-01-28
[$N/A][921581] High CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand of Google Project Zero on 2019-01-14
[$7500][914736] High CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny (Blue Frost Security) on 2018-12-13
[$1000][926651] High CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han of Naver Corporation on 2019-01-30
[$500][914983] High CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk on 2018-12-13
[$TBD][937487] Medium CVE-2019-5793: Excessive permissions for private API in Extensions. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-01
[$TBD][935175] Medium CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori on 2019-02-24
[$N/A][919643] Medium CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07
[$N/A][918861] Medium CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand of Google Project Zero on 2019-01-03
[$N/A][916523] Medium CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand of Google Project Zero on 2018-12-19
[$N/A][883596] Medium CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
[$1000][905301] Medium CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt on 2018-11-14
[$1000][894228] Medium CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu (@shhnjk) on 2018-10-10
[$500][921390] Medium CVE-2019-5801: Incorrect Omnibox display on iOS. Reported by Khalil Zhani on 2019-01-13
[$500][632514] Medium CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing on 2016-07-28
[$1000][909865] Low CVE-2019-5803: CSP bypass with Javascript URLs’. Reported by Andrew Comminos of Facebook on 2018-11-28
[$500][933004] Low CVE-2019-5804: Command line command injection on Windows. Reported by Joshua Graham of TSS on 2019-02-17

More

Tags: