Google Chrome Chrome vulnerabilities

CVE-2021-30593 [HIGH] Stable Channel Update for Desktop: CVE-2021-30593 Stable Channel Update for Desktop CVE-2021-30593: Out of bounds read in Tab Strip. Reported by David Erceg on 2021-05-16 [$N/A][ 1218468 ] High CVE-2021-30594: Use after free in Page Info UI Reported by raven (@raid_akame) on 2021-06-10 [$1000][ 1214481 ] Medium CVE-2021-30596: Incorrect security UI in Navigation Severity: high

CVE-2021-30590 [HIGH] Stable Channel Update for Desktop: CVE-2021-30590 Stable Channel Update for Desktop CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09 [$20000][ 1229298 ] High CVE-2021-30591: Use after free in File System API Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14 [$10000][ 1209469 ] High CVE-2021-30592: Out of bounds write in Tab Groups Severity: high

CVE-2021-30597 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30597 Stable Channel Update for Desktop CVE-2021-30597: Use after free in Browser UI. Reported by raven (@raid_akame) on 2021-07-24 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2021-30572 [HIGH] Stable Channel Update for Desktop: CVE-2021-30572 Stable Channel Update for Desktop CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28 [$TBD][ 1216822 ] High CVE-2021-30573: Use after free in GPU Reported by Security For Everyone Team - https://securityforeveryone Severity: high

CVE-2021-30568 [HIGH] Stable Channel Update for Desktop: CVE-2021-30568 Stable Channel Update for Desktop CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15 [$500][ 1218707 ] High CVE-2021-30569: Use after free in sqlite Reported by Chris Salls (@salls) of Makai Security on 2021-06-11 [$TBD][ 1101897 ] High CVE-2021-30571: Insufficient policy enforcement in DevTools Severity: high

CVE-2021-30565 [HIGH] Stable Channel Update for Desktop: CVE-2021-30565 Stable Channel Update for Desktop CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19 [$10000][ 1202661 ] High CVE-2021-30566: Stack buffer overflow in Printing Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26 [$10000][ 1211326 ] High CVE-2021-30567: Use after free in DevTools Severity: high

CVE-2021-4320 [HIGH] Stable Channel Update for Desktop: CVE-2021-4320 Stable Channel Update for Desktop CVE-2021-4320: Use after free in Blink. Reported by raven at KunLun lab on 2021-06-28 [$TBD][ 1227315 ] High CVE-2021-30574: Use after free in protocol handling Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08 [$15000][ 1213313 ] Medium CVE-2021-30575: Out of bounds read in Autofill Severity: high

CVE-2021-30587 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30587 Stable Channel Update for Desktop CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30 [$5000][ 1195650 ] Low CVE-2021-30588: Type Confusion in V8 Reported by Jose Martinez (tr0y4) from VerSprite Inc Severity: medium

CVE-2021-30578 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30578 Stable Channel Update for Desktop CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21 [$7500][ 1207277 ] Medium CVE-2021-30579: Use after free in UI framework Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10 [$5000][ 1189092 ] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents Severity: medium

CVE-2021-30584 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30584 Stable Channel Update for Desktop CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26 [$N/A][ 1023503 ] Medium CVE-2021-30585: Use after free in sensor handling Reported by niarci on 2019-11-11 [$TBD][ 1201032 ] Medium CVE-2021-30586: Use after free in dialog box handling on Windows Severity: medium

CVE-2021-30581 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30581 Stable Channel Update for Desktop CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31 [$5000][ 1205981 ] Medium CVE-2021-30582: Inappropriate implementation in Animation Reported by George Liu on 2021-05-05 [$3000][ 1179290 ] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows Severity: medium

CVE-2021-30576 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30576 Stable Channel Update for Desktop CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01 [$10000][ 1183137 ][ 1204811 ] Medium CVE-2021-30577: Insufficient policy enforcement in Installer Reported by Abdelhamid Naceri on 2021-02-28 and Jan van der Put (REQON B Severity: medium

CVE-2021-30589 [LOW] Stable Channel Update for Desktop: CVE-2021-30589 Stable Channel Update for Desktop CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2021-30561 [HIGH] Stable Channel Update for Desktop: CVE-2021-30561 Stable Channel Update for Desktop CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14 [$TBD][ 1220078 ] High CVE-2021-30562: Use after free in WebSerial Reported by Anonymous on 2021-06-15 [$TBD][ 1228407 ] High CVE-2021-30563: Type Confusion in V8 Severity: high

CVE-2021-30559 [HIGH] Stable Channel Update for Desktop: CVE-2021-30559 Stable Channel Update for Desktop CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11 [$5000][ 1214842 ] High CVE-2021-30541: Use after free in V8 Reported by Richard Wheeldon on 2021-05-31 [$N/A][ 1219209 ] High CVE-2021-30560: Use after free in Blink XSLT Severity: high

CVE-2021-30564 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30564 Stable Channel Update for Desktop CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2021-30554 [HIGH] Stable Channel Update for Desktop: CVE-2021-30554 Stable Channel Update for Desktop CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15 [$10000][ 1215029 ] High CVE-2021-30555: Use after free in Sharing Reported by David Erceg on 2021-06-01 [$7500][ 1212599 ] High CVE-2021-30556: Use after free in WebAudio Severity: high

CVE-2021-30557 [HIGH] Stable Channel Update for Desktop: CVE-2021-30557 Stable Channel Update for Desktop CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2021-30544 [CRITICAL] Stable Channel Update for Desktop: CVE-2021-30544 Stable Channel Update for Desktop CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24 [$20000][ 1201031 ] High CVE-2021-30545: Use after free in Extensions Reported by kkwon with everpall and kkomdal on 2021-04-21 [$NA][ 1206911 ] High CVE-2021-30546: Use after free in Autofill Severity: critical

CVE-2021-30550 [HIGH] Stable Channel Update for Desktop: CVE-2021-30550 Stable Channel Update for Desktop CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23 [$NA][ 1216437 ] High CVE-2021-30551: Type Confusion in V8 Reported by Clement Lecigne of Google's Threat Analysis Group and Sergei Glazunov of Google Project Zero on 2021-06-04 [$TBD][ 1200679 ] Medium CVE-2021-30552: Use after free in Extensions Severity: high