Google Chrome vulnerabilities

CVE-2020-16039 [HIGH] CWE-416 CVE-2020-16039: Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to pot Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21113 [HIGH] CWE-787 CVE-2021-21113: Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to po Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16035 [HIGH] CVE-2020-16035: Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.

CVE-2021-21112 [HIGH] CWE-416 CVE-2021-21112: Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21116 [HIGH] CWE-787 CVE-2021-21116: Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to p Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16021 [HIGH] CWE-362 CVE-2020-16021: Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker wh Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.

CVE-2020-16041 [HIGH] CWE-125 CVE-2020-16041: Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker wh Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-16013 [HIGH] CWE-787 CVE-2020-16013: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16038 [HIGH] CWE-416 CVE-2020-16038: Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16022 [HIGH] CVE-2020-16022: Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remot Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page.

CVE-2020-16019 [HIGH] CVE-2020-16019: Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.

CVE-2020-16029 [HIGH] CWE-862 CVE-2020-16029: Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attac Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.

CVE-2020-16030 [MEDIUM] CWE-79 CVE-2020-16030: Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attack Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2020-16027 [MEDIUM] CWE-862 CVE-2020-16027: Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.

CVE-2020-16042 [MEDIUM] CWE-908 CVE-2020-16042: Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain p Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-16012 [MEDIUM] CVE-2020-16012: Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-16031 [MEDIUM] CWE-1021 CVE-2020-16031: Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-16040 [MEDIUM] CWE-20 CVE-2020-16040: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16033 [MEDIUM] CWE-1021 CVE-2020-16033: Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attac Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2020-16036 [MEDIUM] CVE-2020-16036: Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote atta Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.