FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
26f2123b-c6c6-11ec-b66f-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 30 security fixes, including:

  • [1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
  • [1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
  • [1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
  • [1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
  • [1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
  • [1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
  • [1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
  • [1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
  • [1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
  • [1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
  • [1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
  • [1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
  • [1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
  • [1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
  • [1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
  • [1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11
  • [1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
  • [1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
  • [1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
  • [1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
  • [1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
  • [1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
  • [1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
  • [1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
  • [1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02

Discovery 2022-04-26
Entry 2022-04-28
chromium
< 101.0.4951.41

CVE-2022-1477
CVE-2022-1478
CVE-2022-1479
CVE-2022-1480
CVE-2022-1481
CVE-2022-1482
CVE-2022-1483
CVE-2022-1484
CVE-2022-1485
CVE-2022-1486
CVE-2022-1487
CVE-2022-1488
CVE-2022-1489
CVE-2022-1490
CVE-2022-1491
CVE-2022-1492
CVE-2022-1493
CVE-2022-1494
CVE-2022-1495
CVE-2022-1496
CVE-2022-1497
CVE-2022-1498
CVE-2022-1499
CVE-2022-1500
CVE-2022-1501
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
e0914087-9a09-11ec-9e61-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21
  • [1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26
  • [1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09
  • [1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11
  • [1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28
  • [1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04
  • [1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27
  • [1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10
  • [1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21
  • [1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30
  • [1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12
  • [1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24
  • [1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michal Bentkowski of Securitum on 2021-07-20
  • [1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14
  • [1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15
  • [1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29
  • [1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25
  • [1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril on 2021-12-31
  • [1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14
  • [1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29
  • [1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03

Discovery 2022-03-01
Entry 2022-03-02
chromium
< 99.0.4844.51

CVE-2022-0789
CVE-2022-0790
CVE-2022-0791
CVE-2022-0792
CVE-2022-0793
CVE-2022-0794
CVE-2022-0795
CVE-2022-0796
CVE-2022-0797
CVE-2022-0798
CVE-2022-0799
CVE-2022-0800
CVE-2022-0801
CVE-2022-0802
CVE-2022-0803
CVE-2022-0804
CVE-2022-0805
CVE-2022-0806
CVE-2022-0807
CVE-2022-0808
CVE-2022-0809
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
b8c0cbca-472d-11ec-83dc-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 25 security fixes, including:

  • [1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26
  • [1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
  • [1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17
  • [1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29
  • [1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18
  • [1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28
  • [1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09
  • [1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24
  • [1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23
  • [1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
  • [957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29
  • [1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer on 2021-08-28
  • [1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05
  • [1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11
  • [1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20
  • [1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13
  • [1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27
  • [1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13

Discovery 2021-11-15
Entry 2021-11-16
chromium
< 96.0.4664.45

CVE-2021-38005
CVE-2021-38006
CVE-2021-38007
CVE-2021-38008
CVE-2021-38009
CVE-2021-38010
CVE-2021-38011
CVE-2021-38012
CVE-2021-38013
CVE-2021-38014
CVE-2021-38015
CVE-2021-38016
CVE-2021-38017
CVE-2021-38018
CVE-2021-38019
CVE-2021-38020
CVE-2021-38021
CVE-2021-38022
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
128deba6-ff56-11eb-8514-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 9 security fixes, including:

  • [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30
  • [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30
  • [1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20
  • [1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28
  • [1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-07-19
  • [1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27
  • [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30

Discovery 2021-08-16
Entry 2021-08-17
chromium
< 92.0.4515.159

CVE-2021-30598
CVE-2021-30599
CVE-2021-30600
CVE-2021-30601
CVE-2021-30602
CVE-2021-30603
CVE-2021-30604
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
6b04476f-601c-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
  • [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
  • [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
  • [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
  • [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
  • [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

Discovery 2022-11-08
Entry 2022-11-09
chromium
< 107.0.5304.110

ungoogled-chromium
< 107.0.5304.110

CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
b6c875f1-1d76-11ec-ae80-704d7b472482chromium -- use after free in Portals

Chrome Releases reports:

][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

Google is aware that an exploit for CVE-2021-37973 exists in the wild.


Discovery 2021-09-24
Entry 2021-09-24
chromium
< 94.0.4606.61

CVE-2021-37973
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
2899da38-7300-11ed-92ce-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release contains 1 security fix:

  • [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29

Google is aware that an exploit for CVE-2022-4262 exists in the wild.


Discovery 2022-12-02
Entry 2022-12-03
chromium
< 108.0.5359.94

ungoogled-chromium
< 108.0.5359.94

CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
27cc4258-0805-11ed-8ac1-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14
  • [1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13
  • [1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
  • [1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
  • [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
  • [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21

Discovery 2022-07-19
Entry 2022-07-20
chromium
< 103.0.5060.134

CVE-2022-2163
CVE-2022-2477
CVE-2022-2478
CVE-2022-2479
CVE-2022-2480
CVE-2022-2481
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ecchromium -- mulitple vulnerabilities

Chrome Releases reports:

This release contains 6 security fixes:

  • [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
  • [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
  • [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
  • [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
  • [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
  • [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30

Discovery 2022-10-11
Entry 2022-10-12
chromium
< 106.0.5249.119

ungoogled-chromium
< 106.0.5249.119

CVE-2022-3445
CVE-2022-3446
CVE-2022-3447
CVE-2022-3448
CVE-2022-3449
CVE-2022-3450
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
c3c6c4a3-f47d-11eb-b632-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1227777] High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09
  • [1229298] High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14
  • [1209469] High CVE-2021-30592: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-15
  • [1209616] High CVE-2021-30593: Out of bounds read in Tab Strip. Reported by David Erceg on 2021-05-16
  • [1218468] High CVE-2021-30594: Use after free in Page Info UI. Reported by raven (@raid_akame) on 2021-06-10
  • [1214481] Medium CVE-2021-30596: Incorrect security UI in Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29
  • [1232617] Medium CVE-2021-30597: Use after free in Browser UI. Reported by raven (@raid_akame) on 2021-07-24

Discovery 2021-08-02
Entry 2021-08-03
chromium
< 92.0.4515.131

CVE-2021-30590
CVE-2021-30591
CVE-2021-30592
CVE-2021-30593
CVE-2021-30594
CVE-2021-30596
CVE-2021-30597
https://chromereleases.googleblog.com/search/label/Stable%20updates
47b571f2-157b-11ec-ae98-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 11 security fixes, including:

  • [1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
  • [1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
  • [1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
  • [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
  • [1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26
  • [1244568] High CVE-2021-30630: Inappropriate implementation in Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
  • [1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
  • [1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
  • [1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.


Discovery 2021-09-13
Entry 2021-09-14
chromium
< 93.0.4577.82

CVE-2021-30625
CVE-2021-30626
CVE-2021-30627
CVE-2021-30628
CVE-2021-30629
CVE-2021-30630
CVE-2021-30631
CVE-2021-30632
CVE-2021-30633
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
9eeccbf3-6e26-11ec-bb10-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 37 security fixes, including:

  • [$TBD][1275020] Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30
  • [1117173] High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17
  • [1273609] High CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24
  • [1245629] High CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01
  • [1238209] High CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10
  • [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14
  • [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14
  • [1272266] High CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21
  • [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25
  • [1274376] High CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
  • [1278960] High CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10
  • [1248438] Medium CVE-2022-0107: Use after free in File Manager API. Reported by raven (@raid_akame) on 2021-09-10
  • [1248444] Medium CVE-2022-0108: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2021-09-10
  • [1261689] Medium CVE-2022-0109: Inappropriate implementation in Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2021-10-20
  • [1237310] Medium CVE-2022-0110: Incorrect security UI in Autofill. Reported by Alesandro Ortiz on 2021-08-06
  • [1241188] Medium CVE-2022-0111: Inappropriate implementation in Navigation. Reported by garygreen on 2021-08-18
  • [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita on 2021-10-04
  • [1039885] Medium CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
  • [1267627] Medium CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by Looben Yang on 2021-11-06
  • [1268903] Medium CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero on 2021-11-10
  • [1272250] Medium CVE-2022-0116: Inappropriate implementation in Compositing. Reported by Irvan Kurniawan (sourc7) on 2021-11-20
  • [1115847] Low CVE-2022-0117: Policy bypass in Service Workers. Reported by Dongsung Kim (@kid1ng) on 2020-08-13
  • [1238631] Low CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11
  • [1262953] Low CVE-2022-0120: Inappropriate implementation in Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25

Discovery 2022-01-04
Entry 2022-01-05
chromium
< 97.0.4692.71

CVE-2022-0098
CVE-2022-0099
CVE-2022-0096
CVE-2022-0097
CVE-2022-0100
CVE-2022-0101
CVE-2022-0102
CVE-2022-0103
CVE-2022-0104
CVE-2022-0105
CVE-2022-0106
CVE-2022-0107
CVE-2022-0108
CVE-2022-0109
CVE-2022-0110
CVE-2022-0111
CVE-2022-0112
CVE-2022-0113
CVE-2022-0114
CVE-2022-0115
CVE-2022-0116
CVE-2022-0117
CVE-2022-0118
CVE-2022-0120
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
a7732806-0b2a-11ec-836b-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28
  • [1235949] High CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03
  • [1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15
  • [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13
  • [1200440] High CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi on 2021-04-19
  • [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28
  • [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29
  • [1209622] Medium CVE-2021-30613: Use after free in Base internals. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16
  • [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10
  • [1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12
  • [1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21
  • [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07
  • [1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23
  • [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02
  • [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20
  • [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30
  • [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28
  • [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25
  • [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19

Discovery 2021-08-31
Entry 2021-09-01
chromium
< 93.0.4577.63

CVE-2021-30606
CVE-2021-30607
CVE-2021-30608
CVE-2021-30609
CVE-2021-30610
CVE-2021-30611
CVE-2021-30612
CVE-2021-30613
CVE-2021-30614
CVE-2021-30615
CVE-2021-30616
CVE-2021-30617
CVE-2021-30618
CVE-2021-30619
CVE-2021-30620
CVE-2021-30621
CVE-2021-30622
CVE-2021-30623
CVE-2021-30624
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29
  • [1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28
  • [1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01
  • [1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24
  • [1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25
  • [1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15
  • [1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
  • [1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13
  • [1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21
  • [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09
  • [1280205] Medium CVE-2022-1136: Use after free in Tab Strip. Reported by Krace on 2021-12-15
  • [1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22
  • [1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03
  • [1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10
  • [1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05
  • [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07
  • [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07
  • [1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08
  • [1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09
  • [1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23

Discovery 2022-03-29
Entry 2022-03-29
chromium
< 100.0.4896.60

CVE-2022-1125
CVE-2022-1127
CVE-2022-1128
CVE-2022-1129
CVE-2022-1130
CVE-2022-1131
CVE-2022-1132
CVE-2022-1133
CVE-2022-1134
CVE-2022-1135
CVE-2022-1136
CVE-2022-1137
CVE-2022-1138
CVE-2022-1139
CVE-2022-1141
CVE-2022-1142
CVE-2022-1143
CVE-2022-1144
CVE-2022-1145
CVE-2022-1146
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
7d3d94d3-2810-11ec-9c51-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 4 security fixes, including:

  • [1252878] High CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24
  • [1236318] High CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04
  • [1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-09-07
  • [1254631] High CVE-2021-37980: Inappropriate implementation in Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30

Discovery 2021-10-07
Entry 2021-10-08
chromium
< 94.0.4606.81

CVE-2021-37977
CVE-2021-37978
CVE-2021-37979
CVE-2021-37980
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ecchromium -- insufficient data validation in Mojo

Chrome Releases reports:

This release contains 1 security fix:

  • [1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30

Google is aware that an exploit of CVE-2022-3075 exists in the wild.


Discovery 2022-09-02
Entry 2022-09-03
chromium
< 105.0.5195.102

CVE-2022-3075
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
3551e106-1b17-11ec-a8a7-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases reports:

This update contains 19 security fixes, including:

  • [1243117] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24
  • [1242269] High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23
  • [1223290] High CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24
  • [1229625] High CVE-2021-37959: Use after free in Task Manager. Reported by raven (@raid_akame) on 2021-07-15
  • [1247196] High CVE-2021-37960: Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07
  • [1228557] Medium CVE-2021-37961: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13
  • [1231933] Medium CVE-2021-37962: Use after free in Performance Manager. Reported by Sri on 2021-07-22
  • [1199865] Medium CVE-2021-37963: Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O'Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16
  • [1203612] Medium CVE-2021-37964: Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28
  • [1239709] Medium CVE-2021-37965: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13
  • [1238944] Medium CVE-2021-37966: Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
  • [1243622] Medium CVE-2021-37967: Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26
  • [1245053] Medium CVE-2021-37968: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30
  • [1245879] Medium CVE-2021-37969: Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02
  • [1248030] Medium CVE-2021-37970: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09
  • [1219354] Low CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13
  • [1234259] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29

Discovery 2021-09-21
Entry 2021-09-21
chromium
< 94.0.4606.54

CVE-2021-37956
CVE-2021-37957
CVE-2021-37958
CVE-2021-37959
CVE-2021-37960
CVE-2021-37961
CVE-2021-37962
CVE-2021-37963
CVE-2021-37964
CVE-2021-37965
CVE-2021-37966
CVE-2021-37967
CVE-2021-37968
CVE-2021-37969
CVE-2021-37970
CVE-2021-37971
CVE-2021-37972
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
ac91cf5e-d098-11ec-bead-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 13 security fixes, including:

  • [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
  • [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09
  • [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26
  • [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15
  • [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31
  • [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17
  • [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19
  • [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28
  • [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10

Discovery 2022-05-10
Entry 2022-05-10
chromium
< 101.0.4951.64

CVE-2022-1633
CVE-2022-1634
CVE-2022-1635
CVE-2022-1636
CVE-2022-1637
CVE-2022-1638
CVE-2022-1639
CVE-2022-1640
CVE-2022-1641
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
c80ce2dd-e831-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 7 security fixes, including:

  • [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
  • [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
  • [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
  • [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31

Discovery 2022-06-09
Entry 2022-06-09
chromium
< 102.0.5005.115

CVE-2022-2007
CVE-2022-2008
CVE-2022-2010
CVE-2022-2011
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
  • [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
  • [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
  • [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
  • [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
  • [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
  • [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
  • [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
  • [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
  • [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
  • [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
  • [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
  • [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
  • [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
  • [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
  • [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
  • [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
  • [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
  • [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
  • [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
  • [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
  • [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06

Discovery 2022-11-29
Entry 2022-11-30
chromium
< 108.0.5359.71

ungoogled-chromium
< 108.0.5359.71

CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
96a41723-133a-11ed-be3b-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
  • [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
  • [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
  • [1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
  • [1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
  • [1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
  • [1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
  • [1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
  • [1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
  • [1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
  • [1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
  • [1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
  • [1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
  • [1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
  • [1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
  • [1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
  • [1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
  • [1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
  • [1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
  • [1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
  • [1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27

Discovery 2022-08-02
Entry 2022-08-03
chromium
< 104.0.5112.79

CVE-2022-2603
CVE-2022-2604
CVE-2022-2605
CVE-2022-2606
CVE-2022-2607
CVE-2022-2608
CVE-2022-2609
CVE-2022-2610
CVE-2022-2611
CVE-2022-2612
CVE-2022-2613
CVE-2022-2614
CVE-2022-2615
CVE-2022-2616
CVE-2022-2617
CVE-2022-2618
CVE-2022-2619
CVE-2022-2620
CVE-2022-2621
CVE-2022-2622
CVE-2022-2623
CVE-2022-2624
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
f2043ff6-2916-11ed-a1ef-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 24 security fixes, including:

  • [1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
  • [1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
  • [1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03
  • [1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
  • [1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
  • [1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16
  • [1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
  • [1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26
  • [1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21
  • [1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07
  • [1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06
  • [1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17
  • [1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
  • [1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18
  • [1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21
  • [1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
  • [1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24
  • [1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
  • [1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26
  • [1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
  • [1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20

Discovery 2022-08-30
Entry 2022-08-31
chromium
< 105.0.5195.52

CVE-2022-3038
CVE-2022-3039
CVE-2022-3040
CVE-2022-3041
CVE-2022-3042
CVE-2022-3043
CVE-2022-3044
CVE-2022-3045
CVE-2022-3046
CVE-2022-3047
CVE-2022-3048
CVE-2022-3049
CVE-2022-3050
CVE-2022-3051
CVE-2022-3052
CVE-2022-3053
CVE-2022-3054
CVE-2022-3055
CVE-2022-3056
CVE-2022-3057
CVE-2022-3058
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
d459c914-4100-11ed-9bc7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 3 security fixes, including:

  • [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
  • [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21

Discovery 2022-09-30
Entry 2022-09-30
chromium
< 106.0.5249.91

CVE-2022-3370
CVE-2022-3373
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
bdaecfad-3117-11ec-b3b0-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 19 security fixes, including:

  • [1246631] High CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
  • [1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11
  • [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15
  • [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27
  • [1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
  • [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings. Reported by raven (@raid_akame) on 2021-08-23
  • [1206928] Medium CVE-2021-37987: Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
  • [1228248] Medium CVE-2021-37988: Use after free in Profiles. Reported by raven (@raid_akame) on 2021-07-12
  • [1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
  • [1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07
  • [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17
  • [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28
  • [1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
  • [1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24
  • [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30
  • [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23

Discovery 2021-10-19
Entry 2021-10-19
chromium
< 95.0.4638.54

CVE-2021-37981
CVE-2021-37982
CVE-2021-37983
CVE-2021-37984
CVE-2021-37985
CVE-2021-37986
CVE-2021-37987
CVE-2021-37988
CVE-2021-37989
CVE-2021-37990
CVE-2021-37991
CVE-2021-37992
CVE-2021-37993
CVE-2021-37994
CVE-2021-37995
CVE-2021-37996
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
fb9ba490-5cc4-11ec-aac7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 5 security fixes, including:

  • [1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
  • [1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
  • [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
  • [1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
  • [1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

Discovery 2021-12-13
Entry 2021-12-14
chromium
< 96.0.4664.110

CVE-2021-4098
CVE-2021-4099
CVE-2021-4100
CVE-2021-4101
CVE-2021-4102
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
18ac074c-579f-11ec-aac7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 22 security fixes, including:

  • [1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
  • [1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08
  • [1265806] High CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka on 2021-11-01
  • [1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13
  • [1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09
  • [1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03
  • [1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18
  • [1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21
  • [1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06
  • [1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
  • [1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18
  • [1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22
  • [1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23
  • [1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23
  • [1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25
  • [1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
  • [1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29
  • [1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31

Discovery 2021-12-06
Entry 2021-12-07
chromium
< 96.0.4664.93

CVE-2021-4052
CVE-2021-4053
CVE-2021-4054
CVE-2021-4055
CVE-2021-4056
CVE-2021-4057
CVE-2021-4058
CVE-2021-4059
CVE-2021-4061
CVE-2021-4062
CVE-2021-4063
CVE-2021-4064
CVE-2021-4065
CVE-2021-4066
CVE-2021-4067
CVE-2021-4068
CVE-2021-4078
CVE-2021-4079
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
fe15f30a-b4c9-11ec-94a3-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release includes one security fix:

  • [1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30

Discovery 2022-04-04
Entry 2022-04-05
chromium
< 100.0.4896.75

CVE-2022-1232
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
a25ea27b-bced-11ec-87b5-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 2 security fixes, including:

  • [1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13

Discovery 2022-04-14
Entry 2022-04-15
chromium
< 100.0.4896.127

CVE-2022-1364
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
1225c888-56ea-11ed-b5c3-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release contains 1 security fix:

  • [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÅ¡ek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

Discovery 2022-10-27
Entry 2022-10-28
chromium
< 107.0.5304.87

ungoogled-chromium
< 107.0.5304.87

CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 4 security fixes, including:

  • [1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
  • [1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
  • [1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19

Discovery 2022-07-04
Entry 2022-07-07
chromium
< 103.0.5060.114

CVE-2022-2294
CVE-2022-2295
CVE-2022-2296
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
f12368a8-1e05-11ed-a1ef-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
  • [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
  • [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
  • [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
  • [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
  • [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
  • [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
  • [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
  • [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21

Discovery 2022-08-16
Entry 2022-08-17
chromium
< 104.0.5112.101

CVE-2022-2852
CVE-2022-2853
CVE-2022-2854
CVE-2022-2855
CVE-2022-2856
CVE-2022-2857
CVE-2022-2858
CVE-2022-2859
CVE-2022-2860
CVE-2022-2861
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 14 security fixes, including:

  • [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11
  • [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19
  • [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29
  • [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14
  • [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30
  • [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19
  • [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
  • [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10
  • [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19

Discovery 2022-06-21
Entry 2022-06-22
chromium
< 103.0.5060.53

CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
b582a85a-ba4a-11ec-8d1e-3065ec8fd3ecChromium -- mulitple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
  • [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
  • [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
  • [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28
  • [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
  • [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
  • [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
  • [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
  • [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
  • [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09

Discovery 2022-04-11
Entry 2022-04-12
chromium
< 100.0.4896.88

CVE-2022-1305
CVE-2022-1306
CVE-2022-1307
CVE-2022-1308
CVE-2022-1309
CVE-2022-1310
CVE-2022-1311
CVE-2022-1312
CVE-2022-1313
CVE-2022-1314
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 20 security fixes, including:

  • [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
  • [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
  • [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
  • [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
  • [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
  • [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08
  • [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29
  • [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16
  • [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04
  • [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06
  • [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20
  • [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24
  • [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05
  • [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07
  • [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24
  • [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22

Discovery 2022-09-27
Entry 2022-09-27
chromium
< 106.0.5249.61

CVE-2022-3201
CVE-2022-3304
CVE-2022-3305
CVE-2022-3306
CVE-2022-3307
CVE-2022-3308
CVE-2022-3309
CVE-2022-3310
CVE-2022-3311
CVE-2022-3312
CVE-2022-3313
CVE-2022-3314
CVE-2022-3315
CVE-2022-3316
CVE-2022-3317
CVE-2022-3318
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 14 security fixes, including:

  • [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
  • [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
  • [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
  • [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
  • [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
  • [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
  • [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
  • [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
  • [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
  • [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

Discovery 2022-10-25
Entry 2022-10-25
chromium
< 107.0.5304.68

ungoogled-chromium
< 107.0.5304.68

CVE-2022-3652
CVE-2022-3653
CVE-2022-3654
CVE-2022-3655
CVE-2022-3656
CVE-2022-3657
CVE-2022-3658
CVE-2022-3659
CVE-2022-3660
CVE-2022-3661
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
40e2c35e-db99-11ec-b0cf-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 32 security fixes, including:

  • [1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
  • [1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
  • [1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
  • [1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
  • [1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
  • [1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
  • [1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
  • [1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
  • [1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
  • [1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
  • [1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
  • [1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
  • [1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
  • [1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
  • [1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12
  • [1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
  • [1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
  • [1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
  • [1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
  • [1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
  • [1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
  • [1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
  • [1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
  • [1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06

Discovery 2022-05-24
Entry 2022-05-24
chromium
< 102.0.5005.61

CVE-2022-1853
CVE-2022-1854
CVE-2022-1855
CVE-2022-1856
CVE-2022-1857
CVE-2022-1858
CVE-2022-1859
CVE-2022-1860
CVE-2022-1861
CVE-2022-1862
CVE-2022-1863
CVE-2022-1864
CVE-2022-1865
CVE-2022-1866
CVE-2022-1867
CVE-2022-1868
CVE-2022-1869
CVE-2022-1870
CVE-2022-1871
CVE-2022-1872
CVE-2022-1873
CVE-2022-1874
CVE-2022-1875
CVE-2022-1876
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
976d7bf9-38ea-11ec-b3b0-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
  • [1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13
  • [1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
  • [1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
  • [1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
  • [1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on 2021-10-16
  • [1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Gross from Google Project Zero on 2021-10-26

Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.


Discovery 2021-10-28
Entry 2021-10-29
chromium
< 95.0.4638.69

CVE-2021-37997
CVE-2021-37998
CVE-2021-37999
CVE-2021-38000
CVE-2021-38001
CVE-2021-38002
CVE-2021-38003
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
323f900d-ac6d-11ec-a0b8-3065ec8fd3ecchromium -- V8 type confusion

Chrome Releases reports:

This release contains 1 security fix:

  • [1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

Google is aware that an exploit for CVE-2022-1096 exists in the wild.


Discovery 2022-03-25
Entry 2022-03-25
chromium
< 99.0.4844.84

CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
51496cbc-7a0e-11ec-a323-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 26 security fixes, including:

  • [1284367] Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05
  • [1260134][1260007] High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15
  • [1281084] High CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous on 2021-12-19
  • [1270358] High CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka on 2021-11-16
  • [1283371] High CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30
  • [1273017] High CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23
  • [1278180] High CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09
  • [1283375] High CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30
  • [1274316] High CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
  • [1212957] High CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25
  • [1275438] High CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-01
  • [1276331] High CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03
  • [1278613] High CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10
  • [1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22
  • [1282118] High CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22
  • [1282354] High CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586 on 2021-12-23
  • [1283198] High CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29
  • [1281881] Medium CVE-2022-0307: Use after free in Optimization Guide. Reported by Samet Bekmezci @sametbekmezci on 2021-12-21
  • [1282480] Medium CVE-2022-0308: Use after free in Data Transfer. Reported by @ginggilBesel on 2021-12-24
  • [1240472] Medium CVE-2022-0309: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2021-08-17
  • [1283805] Medium CVE-2022-0310: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03
  • [1283807] Medium CVE-2022-0311: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03

Discovery 2022-01-19
Entry 2022-01-20
chromium
< 97.0.4692.99

CVE-2022-0289
CVE-2022-0290
CVE-2022-0291
CVE-2022-0292
CVE-2022-0293
CVE-2022-0294
CVE-2022-0295
CVE-2022-0296
CVE-2022-0297
CVE-2022-0298
CVE-2022-0300
CVE-2022-0301
CVE-2022-0302
CVE-2022-0303
CVE-2022-0304
CVE-2022-0305
CVE-2022-0306
CVE-2022-0307
CVE-2022-0308
CVE-2022-0309
CVE-2022-0310
CVE-2022-0311
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
b59847e0-346d-11ed-8fe9-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 11 security fixes, including:

  • [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
  • [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
  • [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
  • [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
  • [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
  • [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
  • [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09

Discovery 2022-09-14
Entry 2022-09-14
chromium
< 105.0.5195.125

CVE-2022-3195
CVE-2022-3196
CVE-2022-3197
CVE-2022-3198
CVE-2022-3199
CVE-2022-3200
CVE-2022-3201
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
e12432af-8e73-11ec-8bc4-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
  • [1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
  • [1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13
  • [1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
  • [1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
  • [1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
  • [1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google' Threat Analysis Group on 2022-02-10
  • [1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

Discovery 2022-02-14
Entry 2022-02-15
chromium
< 98.0.4758.102

CVE-2022-0603
CVE-2022-0604
CVE-2022-0605
CVE-2022-0606
CVE-2022-0607
CVE-2022-0608
CVE-2022-0609
CVE-2022-0610
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
777edbbe-2230-11ec-8869-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases/Stable updates reports:

This release contains 4 security fixes, including:

  • [1245578] High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01
  • [1252918] High CVE-2021-37975: Use after free in V8. Reported by Anonymous on 2021-09-24
  • [1251787] Medium CVE-2021-37976: Information leak in core. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.


Discovery 2021-09-30
Entry 2021-09-30
chromium
< 94.0.4606.71

CVE-2021-37974
CVE-2021-37975
CVE-2021-37976
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
857be71a-a4b0-11ec-95fc-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21
  • [1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28
  • [1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
  • [1291986] High CVE-2022-0974: Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28
  • [1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09
  • [1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13
  • [1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20
  • [1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20
  • [1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03
  • [1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02

Discovery 2022-03-15
Entry 2022-03-15
chromium
< 98.0.4844.74

CVE-2022-0971
CVE-2022-0972
CVE-2022-0973
CVE-2022-0974
CVE-2022-0975
CVE-2022-0976
CVE-2022-0977
CVE-2022-0978
CVE-2022-0979
CVE-2022-0980
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
e852f43c-846e-11ec-b043-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05
  • [1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06
  • [1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17
  • [1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16
  • [1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21
  • [1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29
  • [1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-05
  • [1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28
  • [1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16
  • [1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05
  • [1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16
  • [1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09
  • [1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14
  • [1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22
  • [1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12
  • [1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13
  • [1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24
  • [1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14
  • [1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11

Discovery 2022-02-01
Entry 2022-02-02
chromium
< 98.0.4758.80

CVE-2022-0452
CVE-2022-0453
CVE-2022-0454
CVE-2022-0455
CVE-2022-0456
CVE-2022-0457
CVE-2022-0458
CVE-2022-0459
CVE-2022-0460
CVE-2022-0461
CVE-2022-0462
CVE-2022-0463
CVE-2022-0464
CVE-2022-0465
CVE-2022-0466
CVE-2022-0467
CVE-2022-0468
CVE-2022-0469
CVE-2022-0470
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
7b929503-911d-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 17 security fixes, including:

  • [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
  • [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
  • [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
  • [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
  • [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
  • [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
  • [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
  • [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
  • [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
  • [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
  • [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
  • [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
  • [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
  • [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

Discovery 2023-01-10
Entry 2023-01-10
chromium
< 109.0.5414.74

ungoogled-chromium
< 109.0.5414.74

CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 1 security fix:

  • [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22

Google is aware that an exploit for CVE-2022-4135 exists in the wild.


Discovery 2022-11-24
Entry 2022-11-25
chromium
< 107.0.5304.121

ungoogled-chromium
< 107.0.5304.121

CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 6 security fixes, including:

  • [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
  • [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
  • [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
  • [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14

Discovery 2023-01-24
Entry 2023-01-25
chromium
< 109.0.5414.119

ungoogled-chromium
< 109.0.5414.119

CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
83eb9374-7b97-11ed-be8f-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
  • [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
  • [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
  • [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
  • [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09

Discovery 2022-12-13
Entry 2022-12-14
chromium
< 108.0.5359.124

ungoogled-chromium
< 108.0.5359.124

CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
afdc7579-d023-11eb-bcad-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 4 security fixes, including:

  • [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15
  • [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01
  • [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
  • [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

Discovery 2021-06-17
Entry 2021-06-18
chromium
< 91.0.4472.114

CVE-2021-30554
CVE-2021-30555
CVE-2021-30556
CVE-2021-30557
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
1ba21ff1-e672-11eb-a686-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11
  • [1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31
  • [1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12
  • [1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14
  • [1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15
  • [1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12
  • [1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.


Discovery 2021-07-15
Entry 2021-07-16
chromium
< 91.0.4472.164

CVE-2021-30541
CVE-2021-30559
CVE-2021-30560
CVE-2021-30561
CVE-2021-30562
CVE-2021-30563
CVE-2021-30564
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
76487640-ea29-11eb-a686-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 35 security fixes, including:

  • ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19
  • [1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26
  • [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20
  • [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15
  • [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11
  • [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03
  • [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28
  • [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06
  • [1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08
  • [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26
  • [1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01
  • [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01
  • [1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21
  • [1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10
  • [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17
  • [1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31
  • [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05
  • [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17
  • [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26
  • [1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11
  • [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21
  • [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30
  • [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04
  • [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20

Discovery 2021-07-20
Entry 2021-07-21
chromium
< 92.0.4515.107

CVE-2021-30565
CVE-2021-30566
CVE-2021-30567
CVE-2021-30568
CVE-2021-30569
CVE-2021-30571
CVE-2021-30572
CVE-2021-30573
CVE-2021-30574
CVE-2021-30575
CVE-2021-30576
CVE-2021-30577
CVE-2021-30578
CVE-2021-30579
CVE-2021-30580
CVE-2021-30581
CVE-2021-30582
CVE-2021-30583
CVE-2021-30584
CVE-2021-30585
CVE-2021-30586
CVE-2021-30587
CVE-2021-30588
CVE-2021-30589
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html