Severity

Medium

Analysis Summary

Google has released Chrome 78 to the Stable desktop channel, with new improvements, features, and 37 security fixes. Included in this release is the DoH trial for all users on supported DNS providers, a basic Tab Hover Cards, and some other features behind experimental flags. Windows, Mac, and Linux desktop users can upgrade to Chrome 78.0.3904.70 by going to Settings -> Help -> About Google Chrome and the browser will automatically check for the new update and install it when available.

The release of Chrome 78 fixes 37 security vulnerabilities, with the following discovered by external researchers:

 CVE-2019-13699: Use-after-free in media.  
CVE-2019-13700: Buffer overrun in Blink.  
CVE-2019-13701: URL spoof in navigation.  
CVE-2019-13702: Privilege elevation in Installer.  
CVE-2019-13703: URL bar spoofing.  
CVE-2019-13704: CSP bypass.  
CVE-2019-13705: Extension permission bypass.  
CVE-2019-13706: Out-of-bounds read in PDFium.  
CVE-2019-13707: File storage disclosure.  
CVE-2019-13708: HTTP authentication spoof.  
CVE-2019-13709: File download protection bypass.  
CVE-2019-13710: File download protection bypass.  
CVE-2019-13711: Cross-context information leak.  
CVE-2019-15903: Buffer overf in expat.  
CVE-2019-13713: Cross-origin data leak.  
CVE-2019-13714: CSS injection.  
CVE-2019-13715: Address bar spoofing.  
CVE-2019-13716: Service worker state error.  
CVE-2019-13717: Notification obscured.  
CVE-2019-13718: IDN spoof. 
CVE-2019-13719: Notification obscured.

Affected Vendors

Google

Affected Products

Google Chrome

Remediation

Users can upgrade to Chrome 78.0.3904.70.