Google Chrome Chrome vulnerabilities

CVE-2024-3841 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3841 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19 [$5000][ 40058873 ] Low CVE-2024-3844: Inappropriate implementation in Extensions Reported by Alesandro Ortiz on 2022-02-23 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts Severity: medium

CVE-2024-3847 [LOW] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3847 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08 Please Note: Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes Severity: low

CVE-2024-4058 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-4058 Long Term Support Channel Update for ChromeOS CVE-2024-4058

CVE-2024-2625 [HIGH] Stable Channel Update for Desktop: CVE-2024-2625 Stable Channel Update for Desktop CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01 and CFF of Topsec Alpha Team on 2023-09-14 [$20000][ 331358160 ] High CVE-2024-3832: Object corruption in V8 Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [$10000][ 331383939 ] High CVE-2024-3833: Object corruption in WebAssembly Severity: high

CVE-2024-3914 [HIGH] Stable Channel Update for Desktop: CVE-2024-3914 Stable Channel Update for Desktop CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [$3000][ 326607008 ] High CVE-2024-3834: Use after free in Downloads Reported by ChaobinZhang on 2024-02-24 [$7000][ 41491379 ] Medium CVE-2024-3837: Use after free in QUIC Severity: high

CVE-2024-7021 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-7021 Stable Channel Update for Desktop CVE-2024-7021: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-05-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2024-3838 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-3838 Stable Channel Update for Desktop CVE-2024-3838: Inappropriate implementation in Autofill. Reported by KiriminAja on 2024-03-06 [$5000][ 41491859 ] Medium CVE-2024-3839: Out of bounds read in Fonts Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16 [$3000][ 41493458 ] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation Severity: medium

CVE-2024-3845 [LOW] Stable Channel Update for Desktop: CVE-2024-3845 Stable Channel Update for Desktop CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts Reported by Ahmed ElMasry on 2023-05-23 [$1000][ 328690293 ] Low CVE-2024-3847: Insufficient policy enforcement in WebUI Severity: low

CVE-2024-3157 [HIGH] Stable Channel Update for Desktop: CVE-2024-3157 Stable Channel Update for Desktop CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 [$10000][ 328859176 ] High CVE-2024-3516: Heap buffer overflow in ANGLE Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09 [$10000][ 331123811 ] High CVE-2024-3515: Use after free in Dawn Severity: high

CVE-2024-3156 [HIGH] Stable Channel Update for Desktop: CVE-2024-3156 Stable Channel Update for Desktop CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-03-12 [$3000][ 329965696 ] High CVE-2024-3158: Use after free in Bookmarks Reported by undoingfish on 2024-03-17 [N/A][ 330760873 ] High CVE-2024-3159: Out of bounds memory access in V8 Severity: high

CVE-2024-1284 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2024-1284 Long Term Support Channel Update for ChromeOS CVE-2024-1284

CVE-2024-2883 [CRITICAL] Stable Channel Update for Desktop: CVE-2024-2883 Stable Channel Update for Desktop CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03 [TBD][ 328958020 ] High CVE-2024-2885: Use after free in Dawn Reported by wgslfuzz on 2024-03-11 [N/A][ 330575496 ] High CVE-2024-2886: Use after free in WebCodecs Severity: critical

CVE-2024-2887 [HIGH] Stable Channel Update for Desktop: CVE-2024-2887 Stable Channel Update for Desktop CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2024-1086 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-1086 Long Term Support Channel Update for ChromeOS CVE-2024-1086

CVE-2024-1673 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2024-1673 Long Term Support Channel Update for ChromeOS CVE-2024-1673

CVE-2024-2629 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-2629 Stable Channel Update for Desktop CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02 [$1000][ 41481877 ] Medium CVE-2024-2630: Inappropriate implementation in iOS Reported by James Lee (@Windowsrcer) on 2023-12-07 [$2000][ 41495878 ] Low CVE-2024-2631: Inappropriate implementation in iOS Severity: medium

CVE-2024-2626 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-2626 Stable Channel Update for Desktop CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22 [$4000][ 41493290 ] Medium CVE-2024-2627: Use after free in Canvas Reported by Anonymous on 2024-01-21 [$3000][ 41487774 ] Medium CVE-2024-2628: Inappropriate implementation in Downloads Severity: medium

CVE-2024-1672 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2024-1672 Long Term Support Channel Update for ChromeOS CVE-2024-1672

CVE-2024-2400 [HIGH] Stable Channel Update for Desktop: CVE-2024-2400 Stable Channel Update for Desktop CVE-2024-2400: Use after free in Performance Manager. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2024-03-01 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2024-0204 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2024-0204 Long Term Support Channel Update for ChromeOS CVE-2024-0204