Google Chrome Chrome vulnerabilities

CVE-2024-6778 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-6778 Long Term Support Channel Update for ChromeOS CVE-2024-6778

CVE-2024-7534 [HIGH] Stable Channel Update for Desktop: CVE-2024-7534 Stable Channel Update for Desktop CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11 [TBD][ 352690885 ] High CVE-2024-7535: Inappropriate implementation in V8 Reported by Tashita Software Security on 2024-07-12 [TBD][ 354847246 ] High CVE-2024-7536: Use after free in WebAudio Severity: high

CVE-2024-6990 [CRITICAL] Stable Channel Update for Desktop: CVE-2024-6990 Stable Channel Update for Desktop CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15 [TBD][ 352872238 ] High CVE-2024-7255: Out of bounds read in WebTransport Reported by Marten Richter on 2024-07-13 [TBD][ 354748060 ] High CVE-2024-7256: Insufficient data validation in Dawn Severity: critical

CVE-2024-9126 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-9126 Stable Channel Update for Desktop CVE-2024-9126: Use after free in Internals. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-27 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2024-6100 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-6100 Long Term Support Channel Update for ChromeOS CVE-2024-6100

CVE-2024-36971 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-36971 Long Term Support Channel Update for ChromeOS CVE-2024-36971

CVE-2024-5497 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-5497 Long Term Support Channel Update for ChromeOS CVE-2024-5497

CVE-2024-6988 [HIGH] Stable Channel Update for Desktop: CVE-2024-6988 Stable Channel Update for Desktop CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 [$8000][ 349342289 ] High CVE-2024-6989: Use after free in Loader Reported by Anonymous on 2024-06-25 [TBD][ 346618785 ] High CVE-2024-6991: Use after free in Dawn Severity: high

CVE-2024-6994 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-6994 Stable Channel Update for Desktop CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10 [$6000][ 343938078 ] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen Reported by Alesandro Ortiz on 2024-06-01 [$5000][ 333708039 ] Medium CVE-2024-6996: Race in Frames Severity: medium

CVE-2024-6997 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-6997 Stable Channel Update for Desktop CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15 [$2000][ 340098902 ] Medium CVE-2024-6998: Use after free in User Education Reported by Sven Dysthe (@svn-dys) on 2024-05-13 [$2000][ 340893685 ] Medium CVE-2024-6999: Inappropriate implementation in FedCM Severity: medium

CVE-2024-7000 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-7000 Stable Channel Update for Desktop CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11 [TBD][ 347509736 ] Medium CVE-2024-7001: Inappropriate implementation in HTML Reported by Jake Archibald on 2024-06-17 [$2000][ 338233148 ] Low CVE-2024-7003: Inappropriate implementation in FedCM Severity: medium

CVE-2024-7004 [LOW] Stable Channel Update for Desktop: CVE-2024-7004 Stable Channel Update for Desktop CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10 [TBD][ 40068800 ] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing Reported by Umar Farooq on 2023-08-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the

CVE-2024-6775 [HIGH] Stable Channel Update for Desktop: CVE-2024-6775 Stable Channel Update for Desktop CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous on 2024-06-15 [$4000][ 346692546 ] High CVE-2024-6776: Use after free in Audio Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-12 [$2500][ 345640549 ] High CVE-2024-6777: Use after free in Navigation Severity: high

CVE-2024-6772 [HIGH] Stable Channel Update for Desktop: CVE-2024-6772 Stable Channel Update for Desktop CVE-2024-6772: Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-06-12 [$7000][ 347724915 ] High CVE-2024-6773: Type Confusion in V8 Reported by 2ourc3 | Salim Largo on 2024-06-17 [$6000][ 346898524 ] High CVE-2024-6774: Use after free in Screen Capture Severity: high

CVE-2024-5496 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-5496 Long Term Support Channel Update for ChromeOS CVE-2024-5496

CVE-2024-5493 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-5493 Long Term Support Channel Update for ChromeOS CVE-2024-5493

CVE-2024-6290 [HIGH] Stable Channel Update for Desktop: CVE-2024-6290 Stable Channel Update for Desktop CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 [$4000][ 40942995 ] High CVE-2024-6291: Use after free in Swiftshader Reported by Cassidy Kim(@cassidy6564) on 2023-11-15 [TBD][ 342545100 ] High CVE-2024-6292: Use after free in Dawn Severity: high

CVE-2024-6293 [HIGH] Stable Channel Update for Desktop: CVE-2024-6293 Stable Channel Update for Desktop CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz on 2024-06-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2024-6103 [HIGH] Stable Channel Update for Desktop: CVE-2024-6103 Stable Channel Update for Desktop CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz on 2024-06-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2024-5836 [HIGH] Stable Channel Update for Desktop: CVE-2024-5836 Stable Channel Update for Desktop CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding on 2024-05-21 [TBD][ 342415789 ] High CVE-2024-5837: Type Confusion in V8 Reported by Anonymous on 2024-05-23 [TBD][ 342522151 ] High CVE-2024-5838: Type Confusion in V8 Severity: high