Chrome browser update 79.0.3945.130, which fixes four vulnerabilities, one of which has been assigned the status of a critical problem, which allows you to bypass all levels of browser protection and execute code on the system, outside the sandbox environment. Details about the critical vulnerability (CVE-2020-6378) so far , we only know that it is caused by accessing an already freed memory block in the speech recognition component.
The remaining three vulnerabilities are marked as dangerous. The CVE-2020-6379 vulnerability is also associated with access to an already freed memory block (Use-after-free) in the speech recognition code. CVE-2020-6380 is caused by an error in verifying messages from add-ons. Another change is related to protection from in the Crypto API of the Windows platform, which allows the creation of fake TLS certificates and fictitious digital signatures (already code to generate dummy certificates that are verified as trustworthy by Windows).
Source: opennet.ru