Chrome browser update 79.0.3945.130 fixes four vulnerabilities, one of which is classified as a critical issue. This vulnerability allows for bypassing all layers of browser protection and executing code on the system, outside of the sandbox environment. Details about the critical vulnerability (CVE-2020-6378) are not yet available. , it is only known that it is caused by an access to an already freed memory block in the speech recognition component.
The remaining three vulnerabilities are marked as severe. Vulnerability CVE-2020-6379 is also related to a use-after-free in speech recognition code. The issue CVE-2020-6380 is caused by an error in verifying messages from add-ons. Another change is related to protection from in the Crypto API platform Windows, allowing the creation of fake TLS certificates and fictitious digital signatures (already code for generating fake certificates that are verified in Windows as trustworthy).
Source: opennet.ru
