Google Chrome Chrome vulnerabilities

CVE-2021-30547 [HIGH] Stable Channel Update for Desktop: CVE-2021-30547 Stable Channel Update for Desktop CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18 [$TBD][ 1210487 ] High CVE-2021-30548: Use after free in Loader Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18 [$TBD][ 1212498 ] High CVE-2021-30549: Use after free in Spell check Severity: high

CVE-2021-30553 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30553 Stable Channel Update for Desktop CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2021-30527 [HIGH] Stable Channel Update for Desktop: CVE-2021-30527 Stable Channel Update for Desktop CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15 [$NA][ 1206329 ] High CVE-2021-30528: Use after free in WebAuthentication Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06 [$10000][ 1190550 ] Medium CVE-2021-4322: Use after free in DevTools Severity: high

CVE-2021-30521 [HIGH] Stable Channel Update for Desktop: CVE-2021-30521 Stable Channel Update for Desktop CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13 [$7500][ 1176218 ] High CVE-2021-30522: Use after free in WebAudio Reported by Piotr Bania of Cisco Talos on 2021-02-09 [$7500][ 1187797 ] High CVE-2021-30523: Use after free in WebRTC Severity: high

CVE-2021-30524 [HIGH] Stable Channel Update for Desktop: CVE-2021-30524 Stable Channel Update for Desktop CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08 [$TBD][ 1197888 ] High CVE-2021-30525: Use after free in TabGroups Reported by David Erceg on 2021-04-11 [$TBD][ 1198717 ] High CVE-2021-30526: Out of bounds write in TabStrip Severity: high

CVE-2021-30529 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30529 Stable Channel Update for Desktop CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02 [$7500][ 1201033 ] Medium CVE-2021-30530: Out of bounds memory access in WebAudio Reported by kkwon on 2021-04-21 [$5000][ 1115628 ] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy Severity: medium

CVE-2021-30535 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30535 Stable Channel Update for Desktop CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01 [$TBD][ 1184954 ] Medium CVE-2021-30542: Use after free in Tab Strip Reported by Khalil Zhani on 2021-03-05 [$TBD][ 1203607 ] Medium CVE-2021-30543: Use after free in Tab Strip Severity: medium

CVE-2021-30532 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30532 Stable Channel Update for Desktop CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18 [$5000][ 1145553 ] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker Reported by Eliya Stein on 2020-11-04 [$3000][ 1151507 ] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox Severity: medium

CVE-2021-30558 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30558 Stable Channel Update for Desktop CVE-2021-30558: Insufficient policy enforcement in content security policy. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2018-12-19 [$15000][ 1194358 ] Low CVE-2021-30536: Out of bounds read in V8 Reported by Chris Salls (@salls) on 2021-03-31 [$3000][ 830101 ] Low CVE-2021-30537: Insufficient policy enforcement in cookies Severity: medium

CVE-2021-30538 [LOW] Stable Channel Update for Desktop: CVE-2021-30538 Stable Channel Update for Desktop CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11 [$1000][ 971231 ] Low CVE-2021-30539: Insufficient policy enforcement in content security policy Reported by unnamed researcher on 2019-06-05 [$500][ 1184147 ] Low CVE-2021-30540: Incorrect security UI in payments Severity: low

CVE-2021-4321 [LOW] Stable Channel Update for Desktop: CVE-2021-4321 Stable Channel Update for Desktop CVE-2021-4321: Policy bypass in Blink. Reported by Austin Williams on 2020-12-27 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2021-30518 [HIGH] Stable Channel Update for Desktop: CVE-2021-30518 Stable Channel Update for Desktop CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28 [$15000][ 1194058 ] Medium CVE-2021-30519: Use after free in Payments Reported by asnine on 2021-03-30 [$10000][ 1193362 ] Medium CVE-2021-30520: Use after free in Tab Strip Severity: high

CVE-2021-30515 [HIGH] Stable Channel Update for Desktop: CVE-2021-30515 Stable Channel Update for Desktop CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21 [$TBD][ 1201446 ] High CVE-2021-30516: Heap buffer overflow in History Reported by ZhanJia Song on 2021-04-22 [$TBD][ 1203122 ] High CVE-2021-30517: Type Confusion in V8 Severity: high

CVE-2021-30509 [HIGH] Stable Channel Update for Desktop: CVE-2021-30509 Stable Channel Update for Desktop CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06 [$TBD][ 1197436 ] High CVE-2021-30510: Race in Aura Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09 [$TBD][ 1197875 ] High CVE-2021-30511: Out of bounds read in Tab Groups Severity: high

CVE-2021-30512 [HIGH] Stable Channel Update for Desktop: CVE-2021-30512 Stable Channel Update for Desktop CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17 [$NA][ 1200490 ] High CVE-2021-30513: Type Confusion in V8 Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19 [$TBD][ 1200766 ] High CVE-2021-30514: Use after free in Autofill Severity: high

CVE-2021-30506 [HIGH] Stable Channel Update for Desktop: CVE-2021-30506 Stable Channel Update for Desktop CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 [$NA][ 1178202 ] High CVE-2021-30507: Inappropriate implementation in Offline Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14 [$TBD][ 1195340 ] High CVE-2021-30508: Heap buffer overflow in Media Feeds Severity: high

CVE-2021-21227 [HIGH] Stable Channel Update for Desktop: CVE-2021-21227 Stable Channel Update for Desktop CVE-2021-21227: Insufficient data validation in V8. Reported by Anonymous on 2021-04-15 [$NA][ 1120238 ][ 1175058 ] High CVE-2021-21232: Use after free in Dev Tools Reported by asinine on 2020-04-21; also reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05 [$TBD][ 1182937 ] High CVE-2021-21233: Heap buffer overflow in ANGLE Severity: high

CVE-2021-21228 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21228 Stable Channel Update for Desktop CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16 [$5000][ 1193233 ] Medium CVE-2021-4324: Insufficient policy enforcement in Google Update Reported by Abdelhamid Naceri (halov) on 2021-03-28 [$TBD][ 1198165 ] Medium CVE-2021-21229: Incorrect security UI in downloads Severity: medium

CVE-2021-21230 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21230 Stable Channel Update for Desktop CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13 [$NA][ 1198696 ] Low CVE-2021-21231: Insufficient data validation in V8 Reported by Sergei Glazunov of Google Project Zero on 2021-04-13 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: med

CVE-2021-21225 [HIGH] Stable Channel Update for Desktop: CVE-2021-21225 Stable Channel Update for Desktop CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05 [$27000 + $27000][ 1197904 ] High CVE-2021-21226: Use after free in navigation Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security