The Chrome 77 update includes new features along with 36 security vulnerabilities with 1 being classified as Critical, 8 as High, 17 as Medium, and 10 as Low.
Google Chrome 77 no longer shows the company name in the browser's address bar for sites that use extended validation certificates. Instead, the company information has moved into an info bubble that appears when you click on the lock icon. Additionally, there's a new welcome screen for new Chrome installations. So for the new features, deploy the Chrome security update.
More importantly, Chrome 77 fixes 36 security issues. The vulnerabilities classified as Critical and High are listed below:
- Critical - CVE-2019-5870: Use-after-free in media.
- High - CVE-2019-5871: Heap overflow in Skia.
- High - CVE-2019-5872: Use-after-free in Mojo.
- High - CVE-2019-5873: URL bar spoofing on iOS.
- High - CVE-2019-5874: External URIs may trigger other browsers.
- High - CVE-2019-5875: URL bar spoof via download redirect.
- High - CVE-2019-5876: Use-after-free in media.
- High - CVE-2019-5877: Out-of-bounds access in V8.
- High - CVE-2019-5878: Use-after-free in V8.
Get A Report of all Outdated Chrome Installations
If you currently have Google Chrome deployed on your workstations, it's pretty critical that you update it (chrome 77) at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities.
Our Chrome 77 Audit Report can tell you in no time which devices have a vulnerable Chrome version in place and need to be patched. If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Chrome versions in no time.