Google Chrome Chrome vulnerabilities

CVE-2021-21222 [HIGH] Stable Channel Update for Desktop: CVE-2021-21222 Stable Channel Update for Desktop CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 [$TBD][ 1195308 ] High CVE-2021-21223: Integer overflow in Mojo Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02 [$TBD][ 1195777 ] High CVE-2021-21224: Type Confusion in V8 Severity: high

CVE-2021-21201 [HIGH] Stable Channel Update for Desktop: CVE-2021-21201 Stable Channel Update for Desktop CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen when working at Tencent KeenLab on 2019-11-18 [$10000][ 1188889 ] High CVE-2021-21202: Use after free in extensions Reported by David Erceg on 2021-03-16 [$5000][ 1192054 ] High CVE-2021-21203: Use after free in Blink Severity: high

CVE-2021-21204 [HIGH] Stable Channel Update for Desktop: CVE-2021-21204 Stable Channel Update for Desktop CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19 [$TBD][ 1165654 ] High CVE-2021-21205: Insufficient policy enforcement in navigation Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12 [$TBD][ 1195333 ] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo Se

CVE-2021-21209 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21209 Stable Channel Update for Desktop CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem ( @tomvangoethem) on 2020-10-29 [$3000][ 1184562 ] Medium CVE-2021-21210: Inappropriate implementation in Network Reported by @bananabr on 2021-03-04 [$2000][ 1103119 ] Medium CVE-2021-21211: Inappropriate implementation in Navigation Severity: medium

CVE-2021-21215 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21215 Stable Channel Update for Desktop CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30 [$TBD][ 1173297 ] Medium CVE-2021-21216: Inappropriate implementation in Autofill Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02 [$500][ 1166462 ] Low CVE-2021-21217: Uninitialized Use in PDFium Severi

CVE-2021-21212 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21212 Stable Channel Update for Desktop CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03 [$N/A][ 1161806 ] Medium CVE-2021-21213: Use after free in WebMIDI Reported by raven (@raid_akame) on 2020-12-25 [$TBD][ 1170148 ] Medium CVE-2021-21214: Use after free in Network API Severity: medium

CVE-2021-4323 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-4323 Stable Channel Update for Desktop CVE-2021-4323: Insufficient validation of untrusted input in Extensions. Reported by Luan Herrera (@lbherrera_) on 2021-02-09 [$5000][ 1185732 ] Medium CVE-2021-21207: Use after free in IndexedDB Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08 [$3000][ 1039539 ] Medium CVE-2021-21208: Insufficient data validation in QR scanner Severity: medium

CVE-2021-21218 [LOW] Stable Channel Update for Desktop: CVE-2021-21218 Stable Channel Update for Desktop CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14 [$500][ 1166972 ] Low CVE-2021-21219: Uninitialized Use in PDFium Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever

CVE-2021-21206 [HIGH] Stable Channel Update for Desktop: CVE-2021-21206 Stable Channel Update for Desktop CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07 [$N/A][ 1196683 ] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64 Reported by Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07 We would also like to thank all security researchers that worked with us during the

CVE-2021-21197 [HIGH] Stable Channel Update for Desktop: CVE-2021-21197 Stable Channel Update for Desktop CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03 [$TBD][ 1184399 ] High CVE-2021-21198: Out of bounds read in IPC Reported by Mark Brand of Google Project Zero on 2021-03-03 [$7500][ 1179635 ] High CVE-2021-21199: Use Use after free in Aura Severity: high

CVE-2021-21194 [HIGH] Stable Channel Update for Desktop: CVE-2021-21194 Stable Channel Update for Desktop CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23 [$15000][ 1182647 ] High CVE-2021-21195: Use after free in V8 Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26 [$10000][ 1175992 ] High CVE-2021-21196: Heap buffer overflow in TabStrip Severity: high

CVE-2021-21191 [HIGH] Stable Channel Update for Desktop: CVE-2021-21191 Stable Channel Update for Desktop CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [$TBD][ 1181387 ] High CVE-2021-21192: Heap buffer overflow in tab groups Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23 [$TBD][ 1186287 ] High CVE-2021-21193: Use after free in Blink Severity: high

CVE-2021-21165 [HIGH] Stable Channel Update for Desktop: CVE-2021-21165 Stable Channel Update for Desktop CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-04 [$TBD][ 1177465 ] High CVE-2021-21166: Object lifecycle issue in audio Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-11 [$10000][ 1161144 ] Medium CVE-2021-21167: Use after free in bookmarks Severity: high

CVE-2021-21162 [HIGH] Stable Channel Update for Desktop: CVE-2021-21162 Stable Channel Update for Desktop CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous on 2021-01-29 [$TBD][ 1111239 ] High CVE-2021-21163: Insufficient data validation in Reader Mode Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30 [$TBD][ 1164846 ] High CVE-2021-21164: Insufficient data validation in Chrome for iOS Severity: high

CVE-2021-21159 [HIGH] Stable Channel Update for Desktop: CVE-2021-21159 Stable Channel Update for Desktop CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-01-27 [$7500][ 1170531 ] High CVE-2021-21160: Heap buffer overflow in WebAudio Reported by Marcin 'Icewall' Noga of Cisco Talos on 2021-01-25 [$7500][ 1173702 ] High CVE-2021-21161: Heap buffer overflow in TabStrip Severity: high

CVE-2021-21180 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21180 Stable Channel Update for Desktop CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-07 [$TBD][ 1177875 ] Medium CVE-2020-27844: Heap buffer overflow in OpenJPEG Reported by Sean Campbell at Tableau on 2021-02-12 [$TBD][ 1182767 ] Medium CVE-2021-21181: Side-channel information leakage in autofill Severity: medium

CVE-2021-21171 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21171 Stable Channel Update for Desktop CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan (sourc7) on 2020-11-25 [$1000][ 1150810 ] Medium CVE-2021-21172: Insufficient policy enforcement in File System API Reported by Maciej Pulikowski on 2020-11-19 [$500][ 1154250 ] Medium CVE-2021-21173: Side-channel information leakage in Network Internals Severity: medium

CVE-2021-21177 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21177 Stable Channel Update for Desktop CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03 [$TBD][ 1174186 ] Medium CVE-2021-21178: Inappropriate implementation in Compositing Reported by Japong on 2021-02-03 [$TBD][ 1174943 ] Medium CVE-2021-21179: Use after free in Network Internals Severity: medium

CVE-2021-21168 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21168 Stable Channel Update for Desktop CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera (@lbherrera_) on 2020-11-24 [$5000][ 1166138 ] Medium CVE-2021-21169: Out of bounds memory access in V8 Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-01-13 [$3000][ 1111646 ] Medium CVE-2021-21170: Incorrect security UI in Loader Severity: medium

CVE-2021-21174 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21174 Stable Channel Update for Desktop CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Jun Kokatsu (@shhnjk) on 2020-11-26 [$TBD][ 1146651 ] Medium CVE-2021-21175: Inappropriate implementation in Site isolation Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-11-07 [$TBD][ 1170584 ] Medium CVE-2021-21176: Inappropriate implementation in full screen mode Severity: medium