Google Chrome Chrome vulnerabilities

CVE-2021-21185 [LOW] Stable Channel Update for Desktop: CVE-2021-21185 Stable Channel Update for Desktop CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-06-30 [$TBD][ 1153445 ] Low CVE-2021-21186: Insufficient policy enforcement in QR scanning Reported by dhirajkumarnifty on 2020-11-28 [$TBD][ 1155516 ] Low CVE-2021-21187: Insufficient data validation in URL formatting Severity: low

CVE-2021-21200 [LOW] Stable Channel Update for Desktop: CVE-2021-21200 Stable Channel Update for Desktop CVE-2021-21200: Inappropriate implementation in Settings. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2021-01-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2021-21188 [LOW] Stable Channel Update for Desktop: CVE-2021-21188 Stable Channel Update for Desktop CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-12-24 [$TBD][ 1165392 ] Low CVE-2021-21189: Insufficient policy enforcement in payments Reported by Khalil Zhani on 2021-01-11 [$TBD][ 1166091 ] Low CVE-2021-21190: Uninitialized Use in PDFium Severity: low

CVE-2021-21182 [LOW] Stable Channel Update for Desktop: CVE-2021-21182 Stable Channel Update for Desktop CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera (@lbherrera_) on 2020-02-05 [$1000][ 1105875 ] Low CVE-2021-21183: Inappropriate implementation in performance APIs Reported by Takashi Yoneuchi (@y0n3uchy) on 2020-07-15 [$1000][ 1131929 ] Low CVE-2021-21184: Inappropriate implementation in performance APIs Severity: low

CVE-2021-21152 [HIGH] Stable Channel Update for Desktop: CVE-2021-21152 Stable Channel Update for Desktop CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14 [$1000][ 1155974 ] High CVE-2021-21153: Stack overflow in GPU Process Reported by Jan Ruge of ERNW GmbH on 2020-12-06 [$TBD][ 1173269 ] High CVE-2021-21154: Heap buffer overflow in Tab Strip Severity: high

CVE-2021-21155 [HIGH] Stable Channel Update for Desktop: CVE-2021-21155 Stable Channel Update for Desktop CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani on 2021-02-07 [$TBD][ 1177341 ] High CVE-2021-21156: Heap buffer overflow in V8 Reported by Sergei Glazunov of Google Project Zero on 2021-02-11 [$TBD][ 1170657 ] Medium CVE-2021-21157: Use after free in Web Sockets Severity: high

CVE-2021-21149 [HIGH] Stable Channel Update for Desktop: CVE-2021-21149 Stable Channel Update for Desktop CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14 [$20000][ 1172192 ] High CVE-2021-21150: Use after free in Downloads Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29 [$15000][ 1165624 ] High CVE-2021-21151: Use after free in Payments Severity: high

CVE-2021-21148 [HIGH] Stable Channel Update for Desktop: CVE-2021-21148 Stable Channel Update for Desktop CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24 Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild Severity: high

CVE-2021-21142 [CRITICAL] Stable Channel Update for Desktop: CVE-2021-21142 Stable Channel Update for Desktop CVE-2021-21142: Use after free in Payments . Reported by Khalil Zhani on 2021-01-21 [$10000][ 1163504 ] High CVE-2021-21143: Heap buffer overflow in Extensions Reported by Allen Parker & Alex Morgan of MU on 2021-01-06 [$10000][ 1163845 ] High CVE-2021-21144: Heap buffer overflow in Tab Groups Severity: critical

CVE-2021-21145 [HIGH] Stable Channel Update for Desktop: CVE-2021-21145 Stable Channel Update for Desktop CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03 [$TBD][ 1161705 ] High CVE-2021-21146: Use after free in Navigation Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24 [$5000][ 1162942 ] Medium CVE-2021-21147: Inappropriate implementation in Skia Severity: high

CVE-2021-21117 [CRITICAL] Stable Channel Update for Desktop: CVE-2021-21117 Stable Channel Update for Desktop CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 [$16000][ 1161357 ] High CVE-2021-21118: Insufficient data validation in V8 Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23 [$5000][ 1160534 ] High CVE-2021-21119: Use after free in Media Severity: critical

CVE-2021-21120 [HIGH] Stable Channel Update for Desktop: CVE-2021-21120 Stable Channel Update for Desktop CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21 [$5000][ 1161143 ] High CVE-2021-21121: Use after free in Omnibox Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22 [$5000][ 1162131 ] High CVE-2021-21122: Use after free in Blink Severity: high

CVE-2020-16044 [HIGH] Stable Channel Update for Desktop: CVE-2020-16044 Stable Channel Update for Desktop CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05 [$3000][ 1108126 ] Medium CVE-2021-21126: Insufficient policy enforcement in extensions Reported by David Erceg on 2020-07-22 [$3000][ 1115590 ] Medium CVE-2021-21127: Insufficient policy enforcement in extensions Severity: high

CVE-2021-21123 [HIGH] Stable Channel Update for Desktop: CVE-2021-21123 Stable Channel Update for Desktop CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11 [$N/A][ 1131346 ] High CVE-2021-21124: Potential user after free in Speech Recognizer Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23 [$N/A][ 1152327 ] High CVE-2021-21125: Insufficient policy enforcement in File System API Severity:

CVE-2021-21131 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21131 Stable Channel Update for Desktop CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 [$TBD][ 1128206 ] Medium CVE-2021-21132: Inappropriate implementation in DevTools Reported by David Erceg on 2020-09-15 [$TBD][ 1157743 ] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads Severity: medium

CVE-2021-21135 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21135 Stable Channel Update for Desktop CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11 [$2000][ 1038002 ] Low CVE-2021-21136: Insufficient policy enforcement in WebView Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27 [$500][ 1093791 ] Low CVE-2021-21137: Inappropriate implementation in DevTools Severity: medium

CVE-2021-21128 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21128 Stable Channel Update for Desktop CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15 [$1000][ 1140403 ] Medium CVE-2021-21129: Insufficient policy enforcement in File System API Reported by Maciej Pulikowski on 2020-10-20 [$1000][ 1140410 ] Medium CVE-2021-21130: Insufficient policy enforcement in File System API Severity: medium

CVE-2021-21134 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21134 Stable Channel Update for Desktop CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01(https://twitter Severity: medium

CVE-2021-21141 [LOW] Stable Channel Update for Desktop: CVE-2021-21141 Stable Channel Update for Desktop CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2021-21138 [LOW] Stable Channel Update for Desktop: CVE-2021-21138 Stable Channel Update for Desktop CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27 [$N/A][ 937131 ] Low CVE-2021-21139: Inappropriate implementation in iframe sandbox Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-01 [$N/A][ 1136327 ] Low CVE-2021-21140: Uninitialized Use in USB Severity: low