Thirty-six of all security fixes are for vulnerabilities reported by external researchers. These include one Critical bug, eight High severity issues, 17 Medium risk flaws, and 10 Low severity vulnerabilities.
The most important of the patches addresses a Critical use-after-free vulnerability in the media component. Tracked as CVE-2019-5870, the bug was reported by Guang Gong of the Alpha Team at Qihoo 360 on August 29. Google has yet to reveal information on the reward paid for the finding.