FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 6 security fixes, including:

  • [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
  • [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
  • [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
  • [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14

Discovery 2023-01-24
Entry 2023-01-25
chromium
< 109.0.5414.119

ungoogled-chromium
< 109.0.5414.119

CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
2f22927f-26ea-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 20 security fixes:

  • [1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12
  • [1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23
  • [1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09
  • [1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02
  • [1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31
  • [1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01
  • [1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29
  • [1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19
  • [1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19
  • [1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18
  • [1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06

Discovery 2023-07-19
Entry 2023-07-20
chromium
< 115.0.5790.98

ungoogled-chromium
< 115.0.5790.98

CVE-2023-3727
CVE-2023-3728
CVE-2023-3730
CVE-2023-3732
CVE-2023-3733
CVE-2023-3734
CVE-2023-3735
CVE-2023-3736
CVE-2023-3737
CVE-2023-3738
CVE-2023-3740
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html
6d9c6aae-5eb1-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 10 security fixes:

  • [1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
  • [1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
  • [1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

Discovery 2023-09-27
Entry 2023-09-29
chromium
< 117.0.5938.132

ungoogled-chromium
< 117.0.5938.132

qt6-webengine
< 6.6.1

CVE-2023-5217
CVE-2023-5186
CVE-2023-5187
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
c8b334e0-6e83-4575-81d1-f9d5803ceb07chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 8 security fixes:

  • [1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07
  • [1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27
  • [1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27
  • [1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13
  • [1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03
  • [1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07
  • [1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08

Discovery 2023-03-21
Entry 2023-03-22
chromium
< 111.0.5563.110

ungoogled-chromium
< 111.0.5563.110

CVE-2023-1528
CVE-2023-1529
CVE-2023-1530
CVE-2023-1531
CVE-2023-1532
CVE-2023-1533
CVE-2023-1534
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
ad05a737-14bd-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 4 security fixes:

  • [1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07
  • [1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22
  • [1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01

Discovery 2023-06-26
Entry 2023-06-27
chromium
< 114.0.5735.198

ungoogled-chromium
< 114.0.5735.198

CVE-2023-3420
CVE-2023-3421
CVE-2023-3422
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
ec8e4040-afcd-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix:

  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20

Discovery 2024-01-09
Entry 2024-01-10
chromium
< 120.0.6099.216

ungoogled-chromium
< 120.0.6099.216

CVE-2024-0333
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
6f0327d4-9902-4042-9b68-6fc2266944bcchromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11

Discovery 2023-04-14
Entry 2023-04-15
chromium
< 112.0.5615.121

ungoogled-chromium
< 112.0.5615.121

CVE-2023-2033
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
fd87a250-ff78-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25
  • [1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08
  • [1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10
  • [1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11
  • [1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong on 2023-05-15
  • [1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01
  • [1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27
  • [1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08
  • [1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08
  • [1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15
  • [1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24
  • [1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22
  • [1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04

Discovery 2023-05-30
Entry 2023-05-31
chromium
< 114.0.5735.90

ungoogled-chromium
< 114.0.5735.90

CVE-2023-2929
CVE-2023-2930
CVE-2023-2931
CVE-2023-2932
CVE-2023-2933
CVE-2023-2934
CVE-2023-2935
CVE-2023-2936
CVE-2023-2937
CVE-2023-2938
CVE-2023-2939
CVE-2023-2940
CVE-2023-2941
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
310ca30e-a951-11ed-8314-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 15 security fixes, including:

  • [1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18
  • [1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03
  • [1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25
  • [1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06
  • [1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26
  • [1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05
  • [1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14
  • [1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07
  • [1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18
  • [1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11

Discovery 2023-02-07
Entry 2023-02-10
chromium
< 110.0.5481.77

ungoogled-chromium
< 110.0.5481.77

CVE-2023-0696
CVE-2023-0697
CVE-2023-0698
CVE-2023-0699
CVE-2023-0700
CVE-2023-0701
CVE-2023-0702
CVE-2023-0703
CVE-2023-0704
CVE-2023-0705
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix:

  • [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19

Discovery 2023-12-20
Entry 2023-12-21
chromium
< 120.0.6099.129

ungoogled-chromium
< 120.0.6099.129

CVE-2023-7024
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
22fffa69-46fa-11ee-8290-a8a1599412c6chromium -- use after free in MediaStream

Chrome Releases reports:

This update includes 1 security fix:

  • [1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12

Discovery 2023-08-29
Entry 2023-08-30
chromium
< 116.0.5845.140

ungoogled-chromium
< 116.0.5845.140

CVE-2023-4472
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html
502c9f72-99b3-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 9 security fixes:

  • [1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10
  • [1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14
  • [1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23
  • [1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28
  • [1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09
  • [1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21

Discovery 2023-12-12
Entry 2023-12-13
chromium
< 120.0.6099.109

ungoogled-chromium
< 120.0.6099.109

CVE-2023-6702
CVE-2023-6703
CVE-2023-6704
CVE-2023-6705
CVE-2023-6706
CVE-2023-6707
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 17 security fixes:

  • [1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20
  • [1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17
  • [1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07
  • [1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28
  • [1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12
  • [1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20
  • [1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12
  • [1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25
  • [1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29
  • [1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04
  • [1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04

Discovery 2023-08-02
Entry 2023-08-04
chromium
< 115.0.5790.170

ungoogled-chromium
< 115.0.5790.170

CVE-2023-4068
CVE-2023-4069
CVE-2023-4070
CVE-2023-4071
CVE-2023-4072
CVE-2023-4073
CVE-2023-4074
CVE-2023-4075
CVE-2023-4076
CVE-2023-4077
CVE-2023-4078
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html
1567be8c-0a15-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 5 security fixes:

  • [1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01
  • [1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17
  • [1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31
  • [1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01

Discovery 2023-06-13
Entry 2023-06-13
chromium
< 114.0.5735.133

ungoogled-chromium
< 114.0.5735.133

CVE-2023-3214
CVE-2023-3215
CVE-2023-3216
CVE-2023-3217
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html
07ee8c14-68f1-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 20 security fixes:

  • [1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27
  • [1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17
  • [1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11
  • [1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30
  • [1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17
  • [1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28
  • [1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20
  • [1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15
  • [1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09
  • [1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02
  • [1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12
  • [1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13
  • [1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29
  • [1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18

Discovery 2023-10-10
Entry 2023-10-11
chromium
< 118.0.5993.70

ungoogled-chromium
< 118.0.5993.70

qt6-webengine
< 6.6.1

CVE-2023-5218
CVE-2023-5487
CVE-2023-5484
CVE-2023-5475
CVE-2023-5483
CVE-2023-5481
CVE-2023-5476
CVE-2023-5474
CVE-2023-5479
CVE-2023-5485
CVE-2023-5478
CVE-2023-5477
CVE-2023-5486
CVE-2023-5473
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
3ee577a9-aad4-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 6 security fixes:

  • [1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13
  • [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24
  • [1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25
  • [1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01

Discovery 2024-01-03
Entry 2024-01-04
chromium
< 120.0.6099.199

ungoogled-chromium
< 120.0.6099.199

CVE-2024-0222
CVE-2024-0223
CVE-2024-0224
CVE-2024-0225
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
7b929503-911d-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 17 security fixes, including:

  • [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
  • [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
  • [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
  • [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
  • [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
  • [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
  • [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
  • [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
  • [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
  • [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
  • [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
  • [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
  • [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
  • [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

Discovery 2023-01-10
Entry 2023-01-10
chromium
< 109.0.5414.74

ungoogled-chromium
< 109.0.5414.74

CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
83eb9374-7b97-11ed-be8f-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
  • [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
  • [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
  • [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
  • [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09

Discovery 2022-12-13
Entry 2022-12-14
chromium
< 108.0.5359.124

ungoogled-chromium
< 108.0.5359.124

CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
bea52545-f4a7-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 12 security fixes:

  • [1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10
  • [1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14
  • [1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21
  • [1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14
  • [1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04
  • [1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03

Discovery 2023-05-16
Entry 2023-05-17
chromium
< 113.0.5672.126

ungoogled-chromium
< 113.0.5672.126

CVE-2023-2721
CVE-2023-2722
CVE-2023-2723
CVE-2023-2724
CVE-2023-2725
CVE-2023-2726
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
88754d55-521a-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
  • [1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06
  • [1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29
  • [1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14
  • [1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18
  • [1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09
  • [1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29
  • [1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30
  • [1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04
  • [1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06
  • [1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09

Discovery 2023-09-12
Entry 2023-09-13
chromium
< 117.0.5938.62

ungoogled-chromium
< 117.0.5938.62

CVE-2023-4863
CVE-2023-4900
CVE-2023-4901
CVE-2023-4902
CVE-2023-4903
CVE-2023-4904
CVE-2023-4905
CVE-2023-4906
CVE-2023-4907
CVE-2023-4908
CVE-2023-4909
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
4d6b5ea9-bc64-4e77-a7ee-d62ba68a80ddchromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 10 security fixes:

  • [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13
  • [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10
  • [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22
  • [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09
  • [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27
  • [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17
  • [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05
  • [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN

Discovery 2023-02-22
Entry 2023-02-22
chromium
< 110.0.5481.177

ungoogled-chromium
< 110.0.5481.177

CVE-2023-0941
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
3d5581ff-d388-11ed-8581-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08
  • [1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01
  • [1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22
  • [1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10
  • [1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18
  • [1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10
  • [1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08
  • [1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22
  • [1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24
  • [1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12
  • [1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17
  • [1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07
  • [1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진 on 2020-04-01
  • [1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13

Discovery 2023-04-05
Entry 2023-04-05
chromium
< 112.0.5615.49

ungoogled-chromium
< 112.0.5615.49

CVE-2023-1810
CVE-2023-1811
CVE-2023-1812
CVE-2023-1813
CVE-2023-1814
CVE-2023-1815
CVE-2023-1816
CVE-2023-1817
CVE-2023-1818
CVE-2023-1819
CVE-2023-1820
CVE-2023-1821
CVE-2023-1822
CVE-2023-1823
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
77fc311d-7e62-11ee-8290-a8a1599412c6chromium -- security update

Chrome Releases reports:

This update includes 1 security fix:

  • [1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30

Discovery 2023-11-07
Entry 2023-11-08
chromium
< 119.0.6045.123

ungoogled-chromium
< 119.0.6045.123

CVE-2023-5996
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
246174d3-e979-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 15 security fixes:

  • [1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10
  • [1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27
  • [1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06
  • [1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17
  • [1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10
  • [1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23
  • [1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10
  • [1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17
  • [1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07
  • [1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15

Discovery 2023-05-03
Entry 2023-05-03
chromium
< 113.0.5672.63

ungoogled-chromium
< 113.0.5672.63

CVE-2023-2459
CVE-2023-2460
CVE-2023-2461
CVE-2023-2462
CVE-2023-2463
CVE-2023-2464
CVE-2023-2465
CVE-2023-2466
CVE-2023-2467
CVE-2023-2468
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
a1e27775-7a61-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 15 security fixes:

  • [1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
  • [1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13
  • [1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13
  • [1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22
  • [1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18
  • [1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10
  • [1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22
  • [1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01
  • [1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13
  • [1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17
  • [1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18
  • [1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24
  • [1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13

Discovery 2023-10-31
Entry 2023-11-03
chromium
< 119.0.6045.105

ungoogled-chromium
< 119.0.6045.105

qt6-webengine
< 6.6.1

CVE-2023-5480
CVE-2023-5482
CVE-2023-5849
CVE-2023-5850
CVE-2023-5851
CVE-2023-5852
CVE-2023-5853
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5858
CVE-2023-5859
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html
0da4db89-84bf-11ee-8290-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31
  • [1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04

Discovery 2023-11-14
Entry 2023-11-16
chromium
< 119.0.6045.159

ungoogled-chromium
< 119.0.6045.159

qt5-webengine
< 5.15.16.p5

qt6-webengine
< 6.6.1

CVE-2023-5997
CVE-2023-6112
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
db33e250-74f7-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦想改造家 on 2023-10-10

Discovery 2023-10-24
Entry 2023-10-27
chromium
< 118.0.5993.117

ungoogled-chromium
< 118.0.5993.117

CVE-2023-5472
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html
4405e9ad-97fe-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 10 security fixes:

  • [1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31
  • [1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21
  • [1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08
  • [1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04
  • [1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24

Discovery 2023-12-05
Entry 2023-12-11
chromium
< 120.0.6099.62

ungoogled-chromium
< 120.0.6099.62

qt5-webengine
< 5.15.16.p5_2

qt6-webengine
< 6.6.1_1

CVE-2023-6508
CVE-2023-6509
CVE-2023-6510
CVE-2023-6511
CVE-2023-6512
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
90c48c04-d549-4fc0-a503-4775e32d438echromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 8 security fixes:

  • [1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
  • [1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
  • [1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
  • [1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
  • [1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05

Discovery 2023-04-20
Entry 2023-04-20
chromium
< 112.0.5615.165

ungoogled-chromium
< 112.0.5615.165

CVE-2023-2133
CVE-2023-2134
CVE-2023-2135
CVE-2023-2136
CVE-2023-2137
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
5666688f-803b-4cf0-9cb1-08c088f2225achromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 26 security fixes:

  • [1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24
  • [1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27
  • [1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14
  • [1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18
  • [1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07
  • [1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27
  • [1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12
  • [1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31
  • [1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30
  • [1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28
  • [1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20
  • [1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09
  • [1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07
  • [1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17
  • [1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14
  • [1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23
  • [1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13
  • [1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06
  • [1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02
  • [1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
  • [1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26

Discovery 2023-08-15
Entry 2023-08-17
chromium
< 116.0.5845.96

ungoogled-chromium
< 116.0.5845.96

CVE-2023-2312
CVE-2023-4349
CVE-2023-4350
CVE-2023-4351
CVE-2023-4352
CVE-2023-4353
CVE-2023-4354
CVE-2023-4355
CVE-2023-4356
CVE-2023-4357
CVE-2023-4358
CVE-2023-4359
CVE-2023-4360
CVE-2023-4361
CVE-2023-4362
CVE-2023-4363
CVE-2023-4364
CVE-2023-4365
CVE-2023-4366
CVE-2023-4367
CVE-2023-4368
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
8cdd38c7-8ebb-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 7 security fixes:

  • [1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10
  • [1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21
  • [1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09
  • [1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13
  • [1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13
  • [1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group on 2023-11-24

Discovery 2023-11-28
Entry 2023-11-29
chromium
< 119.0.6045.199

ungoogled-chromium
< 119.0.6045.199

qt5-webengine
< 5.15.16.p5_2

qt6-webengine
< 6.6.1_1

CVE-2023-6348
CVE-2023-6347
CVE-2023-6346
CVE-2023-6350
CVE-2023-6351
CVE-2023-6345
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
d357f6bb-0af4-4ac9-b096-eeec183ad829chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 40 security fixes:

  • [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
  • [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
  • [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
  • [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
  • [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
  • [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
  • [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
  • [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
  • [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
  • [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
  • [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
  • [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
  • [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
  • [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
  • [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
  • [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
  • [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
  • [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
  • [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
  • [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
  • [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
  • [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
  • [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
  • [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14

Discovery 2023-03-08
Entry 2023-03-09
chromium
< 111.0.5563.64

ungoogled-chromium
< 111.0.5563.64

CVE-2023-1213
CVE-2023-1214
CVE-2023-1215
CVE-2023-1216
CVE-2023-1217
CVE-2023-1218
CVE-2023-1219
CVE-2023-1220
CVE-2023-1221
CVE-2023-1222
CVE-2023-1223
CVE-2023-1224
CVE-2023-1225
CVE-2023-1226
CVE-2023-1227
CVE-2023-1228
CVE-2023-1229
CVE-2023-1230
CVE-2023-1231
CVE-2023-1232
CVE-2023-1233
CVE-2023-1234
CVE-2023-1235
CVE-2023-1236
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
5fa332b9-4269-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 5 security fixes:

  • [1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
  • [1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03
  • [1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06
  • [1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07
  • [1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01

Discovery 2023-08-22
Entry 2023-08-24
chromium
< 116.0.5845.110

ungoogled-chromium
< 116.0.5845.110

CVE-2023-4430
CVE-2023-4429
CVE-2023-4428
CVE-2023-4427
CVE-2023-4431
https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
12741b1f-04f9-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1450481] High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01

Discovery 2023-06-05
Entry 2023-06-07
chromium
< 114.0.5735.106

ungoogled-chromium
< 114.0.5735.106

CVE-2023-3079
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
df0a2fd1-4c92-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 4 security fixes:

  • [1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28
  • [1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16
  • [1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03
  • [1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20

Discovery 2023-09-05
Entry 2023-09-06
chromium
< 116.0.5845.179

ungoogled-chromium
< 116.0.5845.179

CVE-2023-4761
CVE-2023-4762
CVE-2023-4763
CVE-2023-4764
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
4e45c45b-629e-11ee-8290-a8a1599412c6chromium -- type confusion in v8

Chrome Releases reports:

This update includes 1 security fix:

  • [1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22

Discovery 2023-10-03
Entry 2023-10-04
chromium
< 117.0.5938.149

ungoogled-chromium
< 117.0.5938.149

CVE-2023-5346
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 1 security fix:

  • [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22

Google is aware that an exploit for CVE-2022-4135 exists in the wild.


Discovery 2022-11-24
Entry 2022-11-25
chromium
< 107.0.5304.121

ungoogled-chromium
< 107.0.5304.121

CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
4edbea45-cb0c-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix.


Discovery 2024-02-13
Entry 2024-02-14
chromium
< 121.0.6167.184

ungoogled-chromium
< 121.0.6167.184

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
80815c47-e84f-11ee-8e76-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 12 security fixes:

  • [327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01
  • [40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22
  • [41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21
  • [41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03
  • [41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02
  • [41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07
  • [41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29

Discovery 2024-03-19
Entry 2024-03-22
chromium
< 123.0.6312.58

ungoogled-chromium
< 123.0.6312.58

CVE-2024-2625
CVE-2024-2626
CVE-2024-2627
CVE-2024-2628
CVE-2024-2629
CVE-2024-2630
CVE-2024-2631
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
72d6d757-c197-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 17 security fixes:

  • [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19
  • [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24
  • [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26
  • [1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11
  • [1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30
  • [1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25
  • [1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01
  • [1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03
  • [1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21
  • [1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31

Discovery 2024-01-23
Entry 2024-02-02
chromium
< 121.0.6167.85

ungoogled-chromium
< 121.0.6167.85

CVE-2024-0812
CVE-2024-0808
CVE-2024-0810
CVE-2024-0814
CVE-2024-0813
CVE-2024-0806
CVE-2024-0805
CVE-2024-0804
CVE-2024-0811
CVE-2024-0809
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
fd3401a1-b6df-4577-917a-2c22fee99d34chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

  • [325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19
  • [325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19
  • [325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20

Discovery 2024-03-05
Entry 2024-03-06
chromium
< 122.0.6261.111

ungoogled-chromium
< 122.0.6261.111

CVE-2024-2173
CVE-2024-2174
CVE-2024-2176
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
31bb1b8d-d6dc-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11
  • [323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05

Discovery 2024-02-27
Entry 2024-02-29
chromium
< 122.0.6261.94

ungoogled-chromium
< 122.0.6261.94

CVE-2024-1938
CVE-2024-1939
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
814af1be-ec63-11ee-8e76-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 7 security fixes:

  • [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03
  • [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11
  • [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21
  • [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21

Discovery 2024-03-26
Entry 2024-03-27
chromium
< 123.0.6312.86

ungoogled-chromium
< 123.0.6312.86

CVE-2024-2883
CVE-2024-2885
CVE-2024-2886
CVE-2024-2887
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
2a470712-d351-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 12 security fixes:

  • [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26
  • [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06
  • [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03
  • [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19
  • [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11
  • [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27
  • [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21
  • [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21

Discovery 2024-02-20
Entry 2024-02-24
chromium
< 122.0.6261.57

ungoogled-chromium
< 122.0.6261.57

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
1bc07be0-b514-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
  • [1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11

Discovery 2024-01-16
Entry 2024-01-17
chromium
< 120.0.6099.224

ungoogled-chromium
< 120.0.6099.224

CVE-2024-0517
CVE-2024-0518
CVE-2024-0519
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
19047673-c680-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

  • [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
  • [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25

Discovery 2024-02-06
Entry 2024-02-08
chromium
< 121.0.6167.160

ungoogled-chromium
< 121.0.6167.160

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1284
CVE-2024-1283
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
dc9e5237-c197-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14
  • [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29
  • [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13

Discovery 2024-01-30
Entry 2024-02-02
chromium
< 121.0.6167.139

ungoogled-chromium
< 121.0.6167.139

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1060
CVE-2024-1059
CVE-2024-1077
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
bddadaa4-9227-11eb-99c5-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update contains 8 security fixes, including:

  • [1181228] High CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23
  • [1182647] High CVE-2021-21195: Use after free in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26
  • [1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-02-08
  • [1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03
  • [1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand of Google Project Zero on 2021-03-03
  • [1179635] High CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras

Discovery 2021-03-31
Entry 2021-03-31
chromium
< 89.0.4389.114

CVE-2021-21194
CVE-2021-21195
CVE-2021-21196
CVE-2021-21197
CVE-2021-21198
CVE-2021-21199
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
674ed047-be0a-11eb-b927-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 32 security fixes, including:

  • [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13
  • [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09
  • [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13
  • [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08
  • [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11
  • [1198717] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13
  • [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15
  • [1206329] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06
  • [1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02
  • [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21
  • [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12
  • [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18
  • [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04
  • [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20
  • [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01
  • [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03
  • [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31
  • [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
  • [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11
  • [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05
  • [1184147] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03

Discovery 2021-05-25
Entry 2021-05-26
chromium
< 91.0.4472.77

CVE-2021-30521
CVE-2021-30522
CVE-2021-30523
CVE-2021-30524
CVE-2021-30525
CVE-2021-30526
CVE-2021-30527
CVE-2021-30528
CVE-2021-30529
CVE-2021-30530
CVE-2021-30531
CVE-2021-30532
CVE-2021-30533
CVE-2021-30534
CVE-2021-30535
CVE-2021-21212
CVE-2021-30536
CVE-2021-30537
CVE-2021-30538
CVE-2021-30539
CVE-2021-30540
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
f00b65d8-7ccb-11eb-b3be-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. Please see URL for details.


Discovery 2021-03-02
Entry 2021-03-04
chromium
< 89.0.4389.72

CVE-2021-21159
CVE-2021-21160
CVE-2021-21161
CVE-2021-21162
CVE-2021-21163
CVE-2021-21164
CVE-2021-21165
CVE-2021-21166
CVE-2021-21167
CVE-2021-21168
CVE-2021-21169
CVE-2021-21170
CVE-2021-21171
CVE-2021-21172
CVE-2021-21173
CVE-2021-21174
CVE-2021-21175
CVE-2021-21176
CVE-2021-21177
CVE-2021-21178
CVE-2021-21179
CVE-2021-21180
CVE-2021-21181
CVE-2021-21182
CVE-2021-21183
CVE-2021-21184
CVE-2021-21185
CVE-2021-21186
CVE-2021-21187
CVE-2021-21188
CVE-2021-21189
CVE-2021-21190
CVE-2020-27844
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
1ba21ff1-e672-11eb-a686-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11
  • [1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31
  • [1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12
  • [1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14
  • [1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15
  • [1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12
  • [1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.


Discovery 2021-07-15
Entry 2021-07-16
chromium
< 91.0.4472.164

CVE-2021-30541
CVE-2021-30559
CVE-2021-30560
CVE-2021-30561
CVE-2021-30562
CVE-2021-30563
CVE-2021-30564
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
afdc7579-d023-11eb-bcad-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 4 security fixes, including:

  • [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15
  • [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01
  • [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
  • [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

Discovery 2021-06-17
Entry 2021-06-18
chromium
< 91.0.4472.114

CVE-2021-30554
CVE-2021-30555
CVE-2021-30556
CVE-2021-30557
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
9fba80e0-a771-11eb-97a0-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 9 security fixes, including:

  • [1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15
  • [1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05
  • [1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair on 2021-02-26
  • [1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16
  • [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
  • [1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13
  • [1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-04-13

Discovery 2021-04-26
Entry 2021-04-27
chromium
< 90.0.4430.93

CVE-2021-21227
CVE-2021-21228
CVE-2021-21229
CVE-2021-21230
CVE-2021-21231
CVE-2021-21232
CVE-2021-21233
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
20b3ab21-c9df-11eb-8558-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 14 security fixes, including:

  • [1212618] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24
  • [1201031] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21
  • [1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08
  • [1210414] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18
  • [1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18
  • [1212498] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23
  • [1212500] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23
  • [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04
  • [1200679] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20
  • [1209769] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17

Google is aware that an exploit for CVE-2021-30551 exists in the wild.


Discovery 2021-06-10
Entry 2021-06-10
chromium
< 91.0.4472.101

CVE-2021-30544
CVE-2021-30545
CVE-2021-30546
CVE-2021-30547
CVE-2021-30548
CVE-2021-30549
CVE-2021-30550
CVE-2021-30551
CVE-2021-30552
CVE-2021-30553
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
7c0d71a9-9d48-11eb-97a0-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains two security fixes:

  • [1196781] High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07
  • [1196683] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_) and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07>

Discovery 2021-04-13
Entry 2021-04-14
chromium
< 89.0.4389.128

CVE-2021-21206
CVE-2021-21220
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
76487640-ea29-11eb-a686-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 35 security fixes, including:

  • ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19
  • [1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26
  • [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20
  • [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15
  • [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11
  • [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03
  • [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28
  • [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06
  • [1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08
  • [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26
  • [1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01
  • [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01
  • [1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21
  • [1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10
  • [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17
  • [1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31
  • [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05
  • [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17
  • [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26
  • [1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11
  • [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21
  • [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30
  • [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04
  • [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20

Discovery 2021-07-20
Entry 2021-07-21
chromium
< 92.0.4515.107

CVE-2021-30565
CVE-2021-30566
CVE-2021-30567
CVE-2021-30568
CVE-2021-30569
CVE-2021-30571
CVE-2021-30572
CVE-2021-30573
CVE-2021-30574
CVE-2021-30575
CVE-2021-30576
CVE-2021-30577
CVE-2021-30578
CVE-2021-30579
CVE-2021-30580
CVE-2021-30581
CVE-2021-30582
CVE-2021-30583
CVE-2021-30584
CVE-2021-30585
CVE-2021-30586
CVE-2021-30587
CVE-2021-30588
CVE-2021-30589
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
3cac007f-b27e-11eb-97a0-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 19 security fixes, including:

  • [1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19
  • [1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14
  • [1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02
  • [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06
  • [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09
  • [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg on 2021-04-10
  • [1200019] High CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17
  • [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19
  • [1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20
  • [1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21
  • [1201446] High CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song on 2021-04-22
  • [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27
  • [1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28
  • [1194058] Medium CVE-2021-30519: Use after free in Payments. Reported by asnine on 2021-03-30
  • [1193362] Medium CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-03

Discovery 2021-05-10
Entry 2021-05-11
chromium
< 90.0.4430.212

CVE-2021-30506
CVE-2021-30507
CVE-2021-30508
CVE-2021-30509
CVE-2021-30510
CVE-2021-30511
CVE-2021-30512
CVE-2021-30513
CVE-2021-30514
CVE-2021-30515
CVE-2021-30516
CVE-2021-30517
CVE-2021-30518
CVE-2021-30519
CVE-2021-30520
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
cb13a765-a277-11eb-97a0-e09467587c17chromium -- multiple vulnerabilities

Chrome Reelases reports:

This release includes 7 security fixes, including:

  • 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30
  • [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02
  • [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05
  • [1195977] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05
  • [1197904] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11

Discovery 2021-04-20
Entry 2021-04-21
chromium
< 90.0.4430.85

CVE-2021-21222
CVE-2021-21223
CVE-2021-21224
CVE-2021-21225
CVE-2021-21226
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
f3d86439-9def-11eb-97a0-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 37 security fixes, including:

  • [1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18
  • [1188889] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16
  • [1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24
  • [1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19
  • [1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12
  • [1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02
  • [1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08
  • [1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07
  • [1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29
  • [1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04
  • [1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08
  • [1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03
  • [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25
  • [1170148] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24
  • [1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30
  • [1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02
  • [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14
  • [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14
  • [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15

Discovery 2021-04-14
Entry 2021-04-15
chromium
< 90.0.4430.72

CVE-2021-21201
CVE-2021-21202
CVE-2021-21203
CVE-2021-21204
CVE-2021-21205
CVE-2021-21221
CVE-2021-21207
CVE-2021-21208
CVE-2021-21209
CVE-2021-21210
CVE-2021-21211
CVE-2021-21212
CVE-2021-21213
CVE-2021-21214
CVE-2021-21215
CVE-2021-21216
CVE-2021-21217
CVE-2021-21218
CVE-2021-21219
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
976d7bf9-38ea-11ec-b3b0-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
  • [1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13
  • [1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
  • [1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
  • [1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
  • [1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on 2021-10-16
  • [1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Gross from Google Project Zero on 2021-10-26

Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.


Discovery 2021-10-28
Entry 2021-10-29
chromium
< 95.0.4638.69

CVE-2021-37997
CVE-2021-37998
CVE-2021-37999
CVE-2021-38000
CVE-2021-38001
CVE-2021-38002
CVE-2021-38003
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
b59847e0-346d-11ed-8fe9-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 11 security fixes, including:

  • [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
  • [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
  • [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
  • [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
  • [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
  • [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
  • [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09

Discovery 2022-09-14
Entry 2022-09-14
chromium
< 105.0.5195.125

CVE-2022-3195
CVE-2022-3196
CVE-2022-3197
CVE-2022-3198
CVE-2022-3199
CVE-2022-3200
CVE-2022-3201
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 14 security fixes, including:

  • [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11
  • [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19
  • [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29
  • [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14
  • [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30
  • [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19
  • [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
  • [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10
  • [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19

Discovery 2022-06-21
Entry 2022-06-22
chromium
< 103.0.5060.53

CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
ac91cf5e-d098-11ec-bead-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 13 security fixes, including:

  • [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
  • [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09
  • [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26
  • [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15
  • [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31
  • [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17
  • [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19
  • [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28
  • [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10

Discovery 2022-05-10
Entry 2022-05-10
chromium
< 101.0.4951.64

CVE-2022-1633
CVE-2022-1634
CVE-2022-1635
CVE-2022-1636
CVE-2022-1637
CVE-2022-1638
CVE-2022-1639
CVE-2022-1640
CVE-2022-1641
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
b8c0cbca-472d-11ec-83dc-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 25 security fixes, including:

  • [1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26
  • [1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
  • [1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17
  • [1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29
  • [1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18
  • [1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28
  • [1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09
  • [1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24
  • [1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23
  • [1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
  • [957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29
  • [1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer on 2021-08-28
  • [1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05
  • [1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11
  • [1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20
  • [1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13
  • [1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27
  • [1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13

Discovery 2021-11-15
Entry 2021-11-16
chromium
< 96.0.4664.45

CVE-2021-38005
CVE-2021-38006
CVE-2021-38007
CVE-2021-38008
CVE-2021-38009
CVE-2021-38010
CVE-2021-38011
CVE-2021-38012
CVE-2021-38013
CVE-2021-38014
CVE-2021-38015
CVE-2021-38016
CVE-2021-38017
CVE-2021-38018
CVE-2021-38019
CVE-2021-38020
CVE-2021-38021
CVE-2021-38022
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
a25ea27b-bced-11ec-87b5-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 2 security fixes, including:

  • [1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13

Discovery 2022-04-14
Entry 2022-04-15
chromium
< 100.0.4896.127

CVE-2022-1364
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
1225c888-56ea-11ed-b5c3-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release contains 1 security fix:

  • [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÅ¡ek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

Discovery 2022-10-27
Entry 2022-10-28
chromium
< 107.0.5304.87

ungoogled-chromium
< 107.0.5304.87

CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
857be71a-a4b0-11ec-95fc-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21
  • [1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28
  • [1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
  • [1291986] High CVE-2022-0974: Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28
  • [1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09
  • [1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13
  • [1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20
  • [1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20
  • [1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03
  • [1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02

Discovery 2022-03-15
Entry 2022-03-15
chromium
< 98.0.4844.74

CVE-2022-0971
CVE-2022-0972
CVE-2022-0973
CVE-2022-0974
CVE-2022-0975
CVE-2022-0976
CVE-2022-0977
CVE-2022-0978
CVE-2022-0979
CVE-2022-0980
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
b582a85a-ba4a-11ec-8d1e-3065ec8fd3ecChromium -- mulitple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
  • [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
  • [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
  • [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28
  • [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
  • [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
  • [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
  • [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
  • [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
  • [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09

Discovery 2022-04-11
Entry 2022-04-12
chromium
< 100.0.4896.88

CVE-2022-1305
CVE-2022-1306
CVE-2022-1307
CVE-2022-1308
CVE-2022-1309
CVE-2022-1310
CVE-2022-1311
CVE-2022-1312
CVE-2022-1313
CVE-2022-1314
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
f12368a8-1e05-11ed-a1ef-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
  • [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
  • [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
  • [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
  • [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
  • [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
  • [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
  • [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
  • [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21

Discovery 2022-08-16
Entry 2022-08-17
chromium
< 104.0.5112.101

CVE-2022-2852
CVE-2022-2853
CVE-2022-2854
CVE-2022-2855
CVE-2022-2856
CVE-2022-2857
CVE-2022-2858
CVE-2022-2859
CVE-2022-2860
CVE-2022-2861
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
e0914087-9a09-11ec-9e61-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21
  • [1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26
  • [1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09
  • [1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11
  • [1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28
  • [1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04
  • [1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27
  • [1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10
  • [1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21
  • [1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30
  • [1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12
  • [1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24
  • [1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michal Bentkowski of Securitum on 2021-07-20
  • [1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14
  • [1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15
  • [1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29
  • [1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25
  • [1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril on 2021-12-31
  • [1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14
  • [1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29
  • [1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03

Discovery 2022-03-01
Entry 2022-03-02
chromium
< 99.0.4844.51

CVE-2022-0789
CVE-2022-0790
CVE-2022-0791
CVE-2022-0792
CVE-2022-0793
CVE-2022-0794
CVE-2022-0795
CVE-2022-0796
CVE-2022-0797
CVE-2022-0798
CVE-2022-0799
CVE-2022-0800
CVE-2022-0801
CVE-2022-0802
CVE-2022-0803
CVE-2022-0804
CVE-2022-0805
CVE-2022-0806
CVE-2022-0807
CVE-2022-0808
CVE-2022-0809
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ecchromium -- mulitple vulnerabilities

Chrome Releases reports:

This release contains 6 security fixes:

  • [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
  • [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
  • [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
  • [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
  • [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
  • [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30

Discovery 2022-10-11
Entry 2022-10-12
chromium
< 106.0.5249.119

ungoogled-chromium
< 106.0.5249.119

CVE-2022-3445
CVE-2022-3446
CVE-2022-3447
CVE-2022-3448
CVE-2022-3449
CVE-2022-3450
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
323f900d-ac6d-11ec-a0b8-3065ec8fd3ecchromium -- V8 type confusion

Chrome Releases reports:

This release contains 1 security fix:

  • [1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

Google is aware that an exploit for CVE-2022-1096 exists in the wild.


Discovery 2022-03-25
Entry 2022-03-25
chromium
< 99.0.4844.84

CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
96a41723-133a-11ed-be3b-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
  • [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
  • [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
  • [1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
  • [1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
  • [1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
  • [1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
  • [1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
  • [1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
  • [1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
  • [1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
  • [1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
  • [1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
  • [1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
  • [1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
  • [1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
  • [1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
  • [1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
  • [1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
  • [1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
  • [1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27

Discovery 2022-08-02
Entry 2022-08-03
chromium
< 104.0.5112.79

CVE-2022-2603
CVE-2022-2604
CVE-2022-2605
CVE-2022-2606
CVE-2022-2607
CVE-2022-2608
CVE-2022-2609
CVE-2022-2610
CVE-2022-2611
CVE-2022-2612
CVE-2022-2613
CVE-2022-2614
CVE-2022-2615
CVE-2022-2616
CVE-2022-2617
CVE-2022-2618
CVE-2022-2619
CVE-2022-2620
CVE-2022-2621
CVE-2022-2622
CVE-2022-2623
CVE-2022-2624
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
6b04476f-601c-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
  • [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
  • [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
  • [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
  • [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
  • [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

Discovery 2022-11-08
Entry 2022-11-09
chromium
< 107.0.5304.110

ungoogled-chromium
< 107.0.5304.110

CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
a7732806-0b2a-11ec-836b-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28
  • [1235949] High CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03
  • [1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15
  • [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13
  • [1200440] High CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi on 2021-04-19
  • [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28
  • [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29
  • [1209622] Medium CVE-2021-30613: Use after free in Base internals. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16
  • [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10
  • [1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12
  • [1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21
  • [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07
  • [1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23
  • [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02
  • [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20
  • [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30
  • [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28
  • [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25
  • [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19

Discovery 2021-08-31
Entry 2021-09-01
chromium
< 93.0.4577.63

CVE-2021-30606
CVE-2021-30607
CVE-2021-30608
CVE-2021-30609
CVE-2021-30610
CVE-2021-30611
CVE-2021-30612
CVE-2021-30613
CVE-2021-30614
CVE-2021-30615
CVE-2021-30616
CVE-2021-30617
CVE-2021-30618
CVE-2021-30619
CVE-2021-30620
CVE-2021-30621
CVE-2021-30622
CVE-2021-30623
CVE-2021-30624
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
c3c6c4a3-f47d-11eb-b632-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1227777] High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09
  • [1229298] High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14
  • [1209469] High CVE-2021-30592: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-15
  • [1209616] High CVE-2021-30593: Out of bounds read in Tab Strip. Reported by David Erceg on 2021-05-16
  • [1218468] High CVE-2021-30594: Use after free in Page Info UI. Reported by raven (@raid_akame) on 2021-06-10
  • [1214481] Medium CVE-2021-30596: Incorrect security UI in Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29
  • [1232617] Medium CVE-2021-30597: Use after free in Browser UI. Reported by raven (@raid_akame) on 2021-07-24

Discovery 2021-08-02
Entry 2021-08-03
chromium
< 92.0.4515.131

CVE-2021-30590
CVE-2021-30591
CVE-2021-30592
CVE-2021-30593
CVE-2021-30594
CVE-2021-30596
CVE-2021-30597
https://chromereleases.googleblog.com/search/label/Stable%20updates
26f2123b-c6c6-11ec-b66f-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 30 security fixes, including:

  • [1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
  • [1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
  • [1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
  • [1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
  • [1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
  • [1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
  • [1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
  • [1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
  • [1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
  • [1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
  • [1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
  • [1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
  • [1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
  • [1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
  • [1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
  • [1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11
  • [1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
  • [1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
  • [1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
  • [1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
  • [1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
  • [1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
  • [1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
  • [1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
  • [1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02

Discovery 2022-04-26
Entry 2022-04-28
chromium
< 101.0.4951.41

CVE-2022-1477
CVE-2022-1478
CVE-2022-1479
CVE-2022-1480
CVE-2022-1481
CVE-2022-1482
CVE-2022-1483
CVE-2022-1484
CVE-2022-1485
CVE-2022-1486
CVE-2022-1487
CVE-2022-1488
CVE-2022-1489
CVE-2022-1490
CVE-2022-1491
CVE-2022-1492
CVE-2022-1493
CVE-2022-1494
CVE-2022-1495
CVE-2022-1496
CVE-2022-1497
CVE-2022-1498
CVE-2022-1499
CVE-2022-1500
CVE-2022-1501
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
9eeccbf3-6e26-11ec-bb10-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 37 security fixes, including:

  • [$TBD][1275020] Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30
  • [1117173] High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17
  • [1273609] High CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24
  • [1245629] High CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01
  • [1238209] High CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10
  • [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14
  • [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14
  • [1272266] High CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21
  • [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25
  • [1274376] High CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
  • [1278960] High CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10
  • [1248438] Medium CVE-2022-0107: Use after free in File Manager API. Reported by raven (@raid_akame) on 2021-09-10
  • [1248444] Medium CVE-2022-0108: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2021-09-10
  • [1261689] Medium CVE-2022-0109: Inappropriate implementation in Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2021-10-20
  • [1237310] Medium CVE-2022-0110: Incorrect security UI in Autofill. Reported by Alesandro Ortiz on 2021-08-06
  • [1241188] Medium CVE-2022-0111: Inappropriate implementation in Navigation. Reported by garygreen on 2021-08-18
  • [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita on 2021-10-04
  • [1039885] Medium CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
  • [1267627] Medium CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by Looben Yang on 2021-11-06
  • [1268903] Medium CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero on 2021-11-10
  • [1272250] Medium CVE-2022-0116: Inappropriate implementation in Compositing. Reported by Irvan Kurniawan (sourc7) on 2021-11-20
  • [1115847] Low CVE-2022-0117: Policy bypass in Service Workers. Reported by Dongsung Kim (@kid1ng) on 2020-08-13
  • [1238631] Low CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11
  • [1262953] Low CVE-2022-0120: Inappropriate implementation in Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25

Discovery 2022-01-04
Entry 2022-01-05
chromium
< 97.0.4692.71

CVE-2022-0098
CVE-2022-0099
CVE-2022-0096
CVE-2022-0097
CVE-2022-0100
CVE-2022-0101
CVE-2022-0102
CVE-2022-0103
CVE-2022-0104
CVE-2022-0105
CVE-2022-0106
CVE-2022-0107
CVE-2022-0108
CVE-2022-0109
CVE-2022-0110
CVE-2022-0111
CVE-2022-0112
CVE-2022-0113
CVE-2022-0114
CVE-2022-0115
CVE-2022-0116
CVE-2022-0117
CVE-2022-0118
CVE-2022-0120
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
c80ce2dd-e831-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 7 security fixes, including:

  • [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
  • [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
  • [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
  • [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31

Discovery 2022-06-09
Entry 2022-06-09
chromium
< 102.0.5005.115

CVE-2022-2007
CVE-2022-2008
CVE-2022-2010
CVE-2022-2011
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
e852f43c-846e-11ec-b043-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 27 security fixes, including:

  • [1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05
  • [1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06
  • [1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17
  • [1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16
  • [1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21
  • [1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29
  • [1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-05
  • [1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28
  • [1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16
  • [1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05
  • [1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16
  • [1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09
  • [1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14
  • [1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22
  • [1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12
  • [1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13
  • [1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24
  • [1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14
  • [1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11

Discovery 2022-02-01
Entry 2022-02-02
chromium
< 98.0.4758.80

CVE-2022-0452
CVE-2022-0453
CVE-2022-0454
CVE-2022-0455
CVE-2022-0456
CVE-2022-0457
CVE-2022-0458
CVE-2022-0459
CVE-2022-0460
CVE-2022-0461
CVE-2022-0462
CVE-2022-0463
CVE-2022-0464
CVE-2022-0465
CVE-2022-0466
CVE-2022-0467
CVE-2022-0468
CVE-2022-0469
CVE-2022-0470
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
3551e106-1b17-11ec-a8a7-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases reports:

This update contains 19 security fixes, including:

  • [1243117] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24
  • [1242269] High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23
  • [1223290] High CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24
  • [1229625] High CVE-2021-37959: Use after free in Task Manager. Reported by raven (@raid_akame) on 2021-07-15
  • [1247196] High CVE-2021-37960: Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07
  • [1228557] Medium CVE-2021-37961: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13
  • [1231933] Medium CVE-2021-37962: Use after free in Performance Manager. Reported by Sri on 2021-07-22
  • [1199865] Medium CVE-2021-37963: Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O'Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16
  • [1203612] Medium CVE-2021-37964: Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28
  • [1239709] Medium CVE-2021-37965: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13
  • [1238944] Medium CVE-2021-37966: Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
  • [1243622] Medium CVE-2021-37967: Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26
  • [1245053] Medium CVE-2021-37968: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30
  • [1245879] Medium CVE-2021-37969: Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02
  • [1248030] Medium CVE-2021-37970: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09
  • [1219354] Low CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13
  • [1234259] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29

Discovery 2021-09-21
Entry 2021-09-21
chromium
< 94.0.4606.54

CVE-2021-37956
CVE-2021-37957
CVE-2021-37958
CVE-2021-37959
CVE-2021-37960
CVE-2021-37961
CVE-2021-37962
CVE-2021-37963
CVE-2021-37964
CVE-2021-37965
CVE-2021-37966
CVE-2021-37967
CVE-2021-37968
CVE-2021-37969
CVE-2021-37970
CVE-2021-37971
CVE-2021-37972
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29
  • [1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28
  • [1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01
  • [1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24
  • [1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25
  • [1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15
  • [1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
  • [1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13
  • [1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21
  • [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09
  • [1280205] Medium CVE-2022-1136: Use after free in Tab Strip. Reported by Krace on 2021-12-15
  • [1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22
  • [1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03
  • [1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10
  • [1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05
  • [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07
  • [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07
  • [1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08
  • [1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09
  • [1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23

Discovery 2022-03-29
Entry 2022-03-29
chromium
< 100.0.4896.60

CVE-2022-1125
CVE-2022-1127
CVE-2022-1128
CVE-2022-1129
CVE-2022-1130
CVE-2022-1131
CVE-2022-1132
CVE-2022-1133
CVE-2022-1134
CVE-2022-1135
CVE-2022-1136
CVE-2022-1137
CVE-2022-1138
CVE-2022-1139
CVE-2022-1141
CVE-2022-1142
CVE-2022-1143
CVE-2022-1144
CVE-2022-1145
CVE-2022-1146
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
d459c914-4100-11ed-9bc7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 3 security fixes, including:

  • [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
  • [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21

Discovery 2022-09-30
Entry 2022-09-30
chromium
< 106.0.5249.91

CVE-2022-3370
CVE-2022-3373
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
e12432af-8e73-11ec-8bc4-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
  • [1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
  • [1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13
  • [1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
  • [1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
  • [1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
  • [1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google' Threat Analysis Group on 2022-02-10
  • [1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

Discovery 2022-02-14
Entry 2022-02-15
chromium
< 98.0.4758.102

CVE-2022-0603
CVE-2022-0604
CVE-2022-0605
CVE-2022-0606
CVE-2022-0607
CVE-2022-0608
CVE-2022-0609
CVE-2022-0610
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ecchromium -- insufficient data validation in Mojo

Chrome Releases reports:

This release contains 1 security fix:

  • [1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30

Google is aware that an exploit of CVE-2022-3075 exists in the wild.


Discovery 2022-09-02
Entry 2022-09-03
chromium
< 105.0.5195.102

CVE-2022-3075
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
47b571f2-157b-11ec-ae98-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 11 security fixes, including:

  • [1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
  • [1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
  • [1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
  • [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
  • [1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26
  • [1244568] High CVE-2021-30630: Inappropriate implementation in Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
  • [1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
  • [1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
  • [1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.


Discovery 2021-09-13
Entry 2021-09-14
chromium
< 93.0.4577.82

CVE-2021-30625
CVE-2021-30626
CVE-2021-30627
CVE-2021-30628
CVE-2021-30629
CVE-2021-30630
CVE-2021-30631
CVE-2021-30632
CVE-2021-30633
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
777edbbe-2230-11ec-8869-704d7b472482chromium -- multiple vulnerabilities

Chrome Releases/Stable updates reports:

This release contains 4 security fixes, including:

  • [1245578] High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01
  • [1252918] High CVE-2021-37975: Use after free in V8. Reported by Anonymous on 2021-09-24
  • [1251787] Medium CVE-2021-37976: Information leak in core. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.


Discovery 2021-09-30
Entry 2021-09-30
chromium
< 94.0.4606.71

CVE-2021-37974
CVE-2021-37975
CVE-2021-37976
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
51496cbc-7a0e-11ec-a323-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 26 security fixes, including:

  • [1284367] Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05
  • [1260134][1260007] High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15
  • [1281084] High CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous on 2021-12-19
  • [1270358] High CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka on 2021-11-16
  • [1283371] High CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30
  • [1273017] High CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23
  • [1278180] High CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09
  • [1283375] High CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30
  • [1274316] High CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
  • [1212957] High CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25
  • [1275438] High CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-01
  • [1276331] High CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03
  • [1278613] High CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10
  • [1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22
  • [1282118] High CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22
  • [1282354] High CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586 on 2021-12-23
  • [1283198] High CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29
  • [1281881] Medium CVE-2022-0307: Use after free in Optimization Guide. Reported by Samet Bekmezci @sametbekmezci on 2021-12-21
  • [1282480] Medium CVE-2022-0308: Use after free in Data Transfer. Reported by @ginggilBesel on 2021-12-24
  • [1240472] Medium CVE-2022-0309: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2021-08-17
  • [1283805] Medium CVE-2022-0310: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03
  • [1283807] Medium CVE-2022-0311: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03

Discovery 2022-01-19
Entry 2022-01-20
chromium
< 97.0.4692.99

CVE-2022-0289
CVE-2022-0290
CVE-2022-0291
CVE-2022-0292
CVE-2022-0293
CVE-2022-0294
CVE-2022-0295
CVE-2022-0296
CVE-2022-0297
CVE-2022-0298
CVE-2022-0300
CVE-2022-0301
CVE-2022-0302
CVE-2022-0303
CVE-2022-0304
CVE-2022-0305
CVE-2022-0306
CVE-2022-0307
CVE-2022-0308
CVE-2022-0309
CVE-2022-0310
CVE-2022-0311
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
128deba6-ff56-11eb-8514-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 9 security fixes, including:

  • [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30
  • [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30
  • [1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20
  • [1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28
  • [1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-07-19
  • [1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27
  • [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30

Discovery 2021-08-16
Entry 2021-08-17
chromium
< 92.0.4515.159

CVE-2021-30598
CVE-2021-30599
CVE-2021-30600
CVE-2021-30601
CVE-2021-30602
CVE-2021-30603
CVE-2021-30604
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
f2043ff6-2916-11ed-a1ef-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 24 security fixes, including:

  • [1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
  • [1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
  • [1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03
  • [1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
  • [1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
  • [1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16
  • [1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
  • [1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26
  • [1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21
  • [1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07
  • [1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06
  • [1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17
  • [1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
  • [1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18
  • [1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21
  • [1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
  • [1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24
  • [1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
  • [1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26
  • [1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
  • [1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20

Discovery 2022-08-30
Entry 2022-08-31
chromium
< 105.0.5195.52

CVE-2022-3038
CVE-2022-3039
CVE-2022-3040
CVE-2022-3041
CVE-2022-3042
CVE-2022-3043
CVE-2022-3044
CVE-2022-3045
CVE-2022-3046
CVE-2022-3047
CVE-2022-3048
CVE-2022-3049
CVE-2022-3050
CVE-2022-3051
CVE-2022-3052
CVE-2022-3053
CVE-2022-3054
CVE-2022-3055
CVE-2022-3056
CVE-2022-3057
CVE-2022-3058
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
27cc4258-0805-11ed-8ac1-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 11 security fixes, including:

  • [1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14
  • [1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13
  • [1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
  • [1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
  • [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
  • [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21

Discovery 2022-07-19
Entry 2022-07-20
chromium
< 103.0.5060.134

CVE-2022-2163
CVE-2022-2477
CVE-2022-2478
CVE-2022-2479
CVE-2022-2480
CVE-2022-2481
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
b6c875f1-1d76-11ec-ae80-704d7b472482chromium -- use after free in Portals

Chrome Releases reports:

][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

Google is aware that an exploit for CVE-2021-37973 exists in the wild.


Discovery 2021-09-24
Entry 2021-09-24
chromium
< 94.0.4606.61

CVE-2021-37973
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
bdaecfad-3117-11ec-b3b0-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 19 security fixes, including:

  • [1246631] High CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
  • [1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11
  • [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15
  • [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27
  • [1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
  • [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings. Reported by raven (@raid_akame) on 2021-08-23
  • [1206928] Medium CVE-2021-37987: Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
  • [1228248] Medium CVE-2021-37988: Use after free in Profiles. Reported by raven (@raid_akame) on 2021-07-12
  • [1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
  • [1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07
  • [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17
  • [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28
  • [1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
  • [1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24
  • [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30
  • [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23

Discovery 2021-10-19
Entry 2021-10-19
chromium
< 95.0.4638.54

CVE-2021-37981
CVE-2021-37982
CVE-2021-37983
CVE-2021-37984
CVE-2021-37985
CVE-2021-37986
CVE-2021-37987
CVE-2021-37988
CVE-2021-37989
CVE-2021-37990
CVE-2021-37991
CVE-2021-37992
CVE-2021-37993
CVE-2021-37994
CVE-2021-37995
CVE-2021-37996
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
40e2c35e-db99-11ec-b0cf-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 32 security fixes, including:

  • [1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
  • [1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
  • [1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
  • [1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
  • [1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
  • [1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
  • [1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
  • [1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
  • [1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
  • [1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
  • [1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
  • [1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
  • [1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
  • [1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
  • [1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12
  • [1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
  • [1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
  • [1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
  • [1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
  • [1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
  • [1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
  • [1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
  • [1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
  • [1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06

Discovery 2022-05-24
Entry 2022-05-24
chromium
< 102.0.5005.61

CVE-2022-1853
CVE-2022-1854
CVE-2022-1855
CVE-2022-1856
CVE-2022-1857
CVE-2022-1858
CVE-2022-1859
CVE-2022-1860
CVE-2022-1861
CVE-2022-1862
CVE-2022-1863
CVE-2022-1864
CVE-2022-1865
CVE-2022-1866
CVE-2022-1867
CVE-2022-1868
CVE-2022-1869
CVE-2022-1870
CVE-2022-1871
CVE-2022-1872
CVE-2022-1873
CVE-2022-1874
CVE-2022-1875
CVE-2022-1876
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
  • [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
  • [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
  • [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
  • [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
  • [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
  • [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
  • [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
  • [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
  • [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
  • [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
  • [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
  • [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
  • [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
  • [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
  • [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
  • [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
  • [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
  • [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
  • [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
  • [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
  • [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06

Discovery 2022-11-29
Entry 2022-11-30
chromium
< 108.0.5359.71

ungoogled-chromium
< 108.0.5359.71

CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 14 security fixes, including:

  • [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
  • [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
  • [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
  • [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
  • [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
  • [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
  • [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
  • [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
  • [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
  • [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

Discovery 2022-10-25
Entry 2022-10-25
chromium
< 107.0.5304.68

ungoogled-chromium
< 107.0.5304.68

CVE-2022-3652
CVE-2022-3653
CVE-2022-3654
CVE-2022-3655
CVE-2022-3656
CVE-2022-3657
CVE-2022-3658
CVE-2022-3659
CVE-2022-3660
CVE-2022-3661
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 20 security fixes, including:

  • [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
  • [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
  • [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
  • [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
  • [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
  • [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08
  • [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29
  • [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16
  • [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04
  • [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06
  • [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20
  • [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24
  • [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05
  • [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07
  • [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24
  • [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22

Discovery 2022-09-27
Entry 2022-09-27
chromium
< 106.0.5249.61

CVE-2022-3201
CVE-2022-3304
CVE-2022-3305
CVE-2022-3306
CVE-2022-3307
CVE-2022-3308
CVE-2022-3309
CVE-2022-3310
CVE-2022-3311
CVE-2022-3312
CVE-2022-3313
CVE-2022-3314
CVE-2022-3315
CVE-2022-3316
CVE-2022-3317
CVE-2022-3318
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
fb9ba490-5cc4-11ec-aac7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 5 security fixes, including:

  • [1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
  • [1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
  • [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
  • [1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
  • [1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09

Discovery 2021-12-13
Entry 2021-12-14
chromium
< 96.0.4664.110

CVE-2021-4098
CVE-2021-4099
CVE-2021-4100
CVE-2021-4101
CVE-2021-4102
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
2899da38-7300-11ed-92ce-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release contains 1 security fix:

  • [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29

Google is aware that an exploit for CVE-2022-4262 exists in the wild.


Discovery 2022-12-02
Entry 2022-12-03
chromium
< 108.0.5359.94

ungoogled-chromium
< 108.0.5359.94

CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
7d3d94d3-2810-11ec-9c51-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 4 security fixes, including:

  • [1252878] High CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24
  • [1236318] High CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04
  • [1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-09-07
  • [1254631] High CVE-2021-37980: Inappropriate implementation in Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30

Discovery 2021-10-07
Entry 2021-10-08
chromium
< 94.0.4606.81

CVE-2021-37977
CVE-2021-37978
CVE-2021-37979
CVE-2021-37980
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 4 security fixes, including:

  • [1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
  • [1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
  • [1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19

Discovery 2022-07-04
Entry 2022-07-07
chromium
< 103.0.5060.114

CVE-2022-2294
CVE-2022-2295
CVE-2022-2296
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
fe15f30a-b4c9-11ec-94a3-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release includes one security fix:

  • [1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30

Discovery 2022-04-04
Entry 2022-04-05
chromium
< 100.0.4896.75

CVE-2022-1232
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
18ac074c-579f-11ec-aac7-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 22 security fixes, including:

  • [1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
  • [1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08
  • [1265806] High CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka on 2021-11-01
  • [1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13
  • [1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09
  • [1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03
  • [1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18
  • [1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21
  • [1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06
  • [1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
  • [1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18
  • [1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22
  • [1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23
  • [1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23
  • [1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25
  • [1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
  • [1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29
  • [1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31

Discovery 2021-12-06
Entry 2021-12-07
chromium
< 96.0.4664.93

CVE-2021-4052
CVE-2021-4053
CVE-2021-4054
CVE-2021-4055
CVE-2021-4056
CVE-2021-4057
CVE-2021-4058
CVE-2021-4059
CVE-2021-4061
CVE-2021-4062
CVE-2021-4063
CVE-2021-4064
CVE-2021-4065
CVE-2021-4066
CVE-2021-4067
CVE-2021-4068
CVE-2021-4078
CVE-2021-4079
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
4ed0e43c-5cef-11eb-bafd-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 36 security fixes, including:

  • [1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10
  • [1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23
  • [1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20
  • [1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21
  • [1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22
  • [1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28
  • [1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11
  • [1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23
  • [1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24
  • [1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05
  • [1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22
  • [1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12
  • [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15
  • [1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
  • [1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
  • [1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
  • [1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15
  • [1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11
  • [1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11
  • [1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11
  • [1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27
  • [1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11
  • [1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27
  • [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08
  • [1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

Discovery 2021-01-19
Entry 2021-01-22
chromium
< 88.0.4324.96

CVE-2020-16044
CVE-2021-21117
CVE-2021-21118
CVE-2021-21119
CVE-2021-21120
CVE-2021-21121
CVE-2021-21122
CVE-2021-21123
CVE-2021-21124
CVE-2021-21125
CVE-2021-21126
CVE-2021-21127
CVE-2021-21128
CVE-2021-21129
CVE-2021-21130
CVE-2021-21131
CVE-2021-21132
CVE-2021-21133
CVE-2021-21134
CVE-2021-21135
CVE-2021-21136
CVE-2021-21137
CVE-2021-21138
CVE-2021-21139
CVE-2021-21140
CVE-2021-21141
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
01ffd06a-36ed-11eb-b655-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26
  • [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14
  • [1149177] High CVE-2020-16039: Use after free in extensions. Reported by Anonymous on 2020-11-15
  • [1150649] High CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19
  • [1151865] Medium CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23
  • [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull on 2020-11-2

Discovery 2020-12-02
Entry 2020-12-05
chromium
< 87.0.4280.88

CVE-2020-16037
CVE-2020-16038
CVE-2020-16039
CVE-2020-16040
CVE-2020-16041
CVE-2020-16042
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
3ec6ab59-1e0c-11eb-a428-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1138911] High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15
  • [1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16
  • [1133527] High CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks on 2020-09-29
  • [1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04
  • [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev on 2020-10-01
  • [1143772] High CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29
  • [1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01

There are reports that an exploit for CVE-2020-16009 exists in the wild.


Discovery 2020-11-02
Entry 2020-11-03
chromium
< 86.0.4240.183

CVE-2020-16004
CVE-2020-16005
CVE-2020-16006
CVE-2020-16007
CVE-2020-16008
CVE-2020-16009
CVE-2020-16011
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
d153c4d2-50f8-11eb-8046-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 16 security fixes, including:

  • [1148749] High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13
  • [1153595] High CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30
  • [1155426] High CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-04
  • [1152334] High CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24
  • [1152451] High CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous on 2020-11-24
  • [1149125] High CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz on 2020-11-15
  • [1151298] High CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20
  • [1155178] High CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu on 2020-12-03
  • [1148309] High CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis on 2020-11-12
  • [1150065] High CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17
  • [1157790] High CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2020-12-11
  • [1157814] High CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11
  • [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-11-19

Discovery 2021-01-06
Entry 2021-01-07
chromium
< 87.0.4280.141

CVE-2020-15995
CVE-2020-16043
CVE-2021-21106
CVE-2021-21107
CVE-2021-21108
CVE-2021-21109
CVE-2021-21110
CVE-2021-21111
CVE-2021-21112
CVE-2021-21113
CVE-2021-21114
CVE-2021-21115
CVE-2021-21116
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
48514901-711d-11eb-9846-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1138143] High CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14
  • [1172192] High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29
  • [1165624] High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12
  • [1166504] High CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14
  • [1155974] High CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge of ERNW GmbH on 2020-12-06
  • [1173269] High CVE-2021-21154: Heap buffer overflow in Tab Strip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01
  • [1175500] High CVE-2021-21155: Heap buffer overflow in Tab Strip. Reported by Khalil Zhani on 2021-02-07
  • [1177341] High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11
  • [1170657] Medium CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous on 2021-01-26

Discovery 2021-02-16
Entry 2021-02-17
chromium
< 88.0.4324.182

CVE-2021-21149
CVE-2021-21150
CVE-2021-21151
CVE-2021-21152
CVE-2021-21153
CVE-2021-21154
CVE-2021-21155
CVE-2021-21156
CVE-2021-21157
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
25efe05c-7ffc-11ea-b594-3065ec8fd3ecchromium -- use after free

Google Chrome Releases reports:

[1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04


Discovery 2020-04-15
Entry 2020-04-16
chromium
< 81.0.4044.113

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
CVE-2020-6457
e68d3db1-fd04-11ea-a67f-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release fixes 10 security issues, including:

  • [1100136] High CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous on 2020-06-28
  • [1114636] High CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-10
  • [1121836] High CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-26
  • [1113558] High CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06
  • [1126249] High CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-09-08
  • [1113565] Medium CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06
  • [1121414] Low CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-08-25

Discovery 2020-09-21
Entry 2020-09-22
chromium
< 85.0.4183.121

CVE-2020-15960
CVE-2020-15961
CVE-2020-15962
CVE-2020-15963
CVE-2020-15964
CVE-2020-15965
CVE-2020-15966
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
38c676bd-9def-11ea-a94c-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491.


Discovery 2020-05-19
Entry 2020-05-24
chromium
< 83.0.4103.61

CVE-2020-6465
CVE-2020-6466
CVE-2020-6467
CVE-2020-6468
CVE-2020-6469
CVE-2020-6470
CVE-2020-6471
CVE-2020-6472
CVE-2020-6473
CVE-2020-6474
CVE-2020-6475
CVE-2020-6476
CVE-2020-6477
CVE-2020-6478
CVE-2020-6479
CVE-2020-6480
CVE-2020-6481
CVE-2020-6482
CVE-2020-6483
CVE-2020-6484
CVE-2020-6485
CVE-2020-6486
CVE-2020-6487
CVE-2020-6488
CVE-2020-6489
CVE-2020-6490
CVE-2020-6491
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
f4722927-1375-11eb-8711-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 5 security fixes:

  • [1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06
  • [1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05
  • [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-10-13
  • [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero on 2020-10-19
  • [1134960] Medium CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani on 2020-10-04

Discovery 2020-10-20
Entry 2020-10-21
chromium
< 86.0.4240.111

CVE-2020-15999
CVE-2020-16000
CVE-2020-16001
CVE-2020-16002
CVE-2020-16003
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
9cb57a06-7517-11ea-b594-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

This update contains 8 security fixes.

  • [1062247] High CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-17
  • [1061018] High CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-12
  • [1059764] High CVE-2020-6452: Heap buffer overflow in media Reported by asnine on 2020-03-09
  • [1066247] Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2020-03-31
Entry 2020-04-02
chromium
< 80.0.3987.162

https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
CVE-2020-6450
CVE-2020-6451
CVE-2020-6452
b81ad6d6-8633-11eb-99c5-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release includes 5 security fixes, including:

  • [1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15
  • [1181387] High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23
  • [1186287] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09

Discovery 2021-03-12
Entry 2021-03-16
chromium
< 89.0.4389.90

CVE-2021-11191
CVE-2021-11192
CVE-2021-11193
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
64988354-0889-11eb-a01b-e09467587c17chromium -- multiple vulnerabilities

Chrome releases reports:

This release contains 35 security fixes, including:

  • [1127322] Critical CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11
  • [1126424] High CVE-2020-15968: Use after free in Blink. Reported by Anonymous on 2020-09-09
  • [1124659] High CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous on 2020-09-03
  • [1108299] High CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab on 2020-07-22
  • [1114062] High CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-08-07
  • [1115901] High CVE-2020-15972: Use after free in audio. Reported by Anonymous on 2020-08-13
  • [1133671] High CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30
  • [1133688] High CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30
  • [1106890] Medium CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-17
  • [1104103] Medium CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im (junorouse) of Theori on 2020-07-10
  • [1110800] Medium CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous on 2020-07-29
  • [1123522] Medium CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on 2020-08-31
  • [1083278] Medium CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann (NDS Ruhr-University Bochum) on 2020-05-15
  • [1097724] Medium CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on 2020-06-22
  • [1116280] Medium CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera (@lbherrera_) on 2020-08-14
  • [1127319] Medium CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on 2020-09-11
  • [1092453] Medium CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
  • [1123023] Medium CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin on 2020-08-28
  • [1039882] Medium CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
  • [1076786] Medium CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-30
  • [1080395] Medium CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora on 2020-05-07
  • [1099276] Medium CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2020-06-25
  • [1100247] Medium CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero on 2020-06-29
  • [1127774] Medium CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke on 2020-09-14
  • [1110195] Medium CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-28
  • [1092518] Low CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard on 2020-06-08
  • [1108351] Low CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans (Microsoft) on 2020-07-22

Discovery 2020-10-06
Entry 2020-10-07
chromium
< 86.0.4240.75

CVE-2020-6557
CVE-2020-15967
CVE-2020-15968
CVE-2020-15969
CVE-2020-15970
CVE-2020-15971
CVE-2020-15972
CVE-2020-15973
CVE-2020-15974
CVE-2020-15975
CVE-2020-15976
CVE-2020-15977
CVE-2020-15978
CVE-2020-15979
CVE-2020-15980
CVE-2020-15981
CVE-2020-15982
CVE-2020-15983
CVE-2020-15984
CVE-2020-15985
CVE-2020-15986
CVE-2020-15987
CVE-2020-15988
CVE-2020-15989
CVE-2020-15990
CVE-2020-15991
CVE-2020-15992
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
64575bb6-e188-11ea-beed-e09467587c17chromium -- heap buffer overflow

Chrome Releases reports:

This release contains one security fix:

  • [1115345] High CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12

Discovery 2020-08-18
Entry 2020-08-18
chromium
< 84.0.4147.135

CVE-2020-6556
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html
3e01aad2-680e-11eb-83e2-e09467587c17chromium -- heap buffer overflow in V8

Chrome Releases reports:

[1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.


Discovery 2021-02-04
Entry 2021-02-05
chromium
< 88.0.4324.150

CVE-2021-21148
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
6e3b700a-7ca3-11ea-b594-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

This updates includes 32 security fixes, including:

  • [1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29
  • [1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18
  • [1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09
  • [1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
  • [1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-01-10
  • [852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14
  • [965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21
  • [1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21
  • [1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
  • [1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09
  • [1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
  • [639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19
  • [714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24
  • [868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26
  • [894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11
  • [959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
  • [1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12
  • [1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08
  • [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17
  • [933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
  • [933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18
  • [991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
  • [1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26

Discovery 2020-04-07
Entry 2020-04-12
chromium
< 81.0.4044.92

CVE-2020-6423
CVE-2020-6430
CVE-2020-6431
CVE-2020-6432
CVE-2020-6433
CVE-2020-6434
CVE-2020-6435
CVE-2020-6436
CVE-2020-6437
CVE-2020-6438
CVE-2020-6439
CVE-2020-6440
CVE-2020-6441
CVE-2020-6442
CVE-2020-6443
CVE-2020-6444
CVE-2020-6445
CVE-2020-6446
CVE-2020-6447
CVE-2020-6448
CVE-2020-6454
CVE-2020-6455
CVE-2020-6456
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
479fdfda-6659-11eb-83e2-e09467587c17www/chromium -- multiple vulnerabilities

Chrome Releases reports:

This update include 6 security fixes:

  • 1169317] Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21
  • [1163504] High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06
  • [1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07
  • [1154965] High CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03
  • [1161705] High CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24
  • [1162942] Medium CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov on 2021-01-04

Discovery 2021-02-02
Entry 2021-02-03
chromium
< 88.0.4324.146

CVE-2021-21142
CVE-2021-21143
CVE-2021-21144
CVE-2021-21145
CVE-2021-21146
CVE-2021-21147
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
6a5d15b6-b661-11ea-8015-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes, including:

  • [1092308] High CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08

Discovery 2020-06-22
Entry 2020-06-24
chromium
< 83.0.4103.116

CVE-2020-6509
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
870d59b0-c6c4-11ea-8015-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update contains 38 security fixes, including:

  • [1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08
  • [1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24
  • [1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20
  • [1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04
  • [1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30
  • [1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14
  • [1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
  • [1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16
  • [986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20
  • [1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25
  • [1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08
  • [1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27
  • [1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13
  • [1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08
  • [1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12
  • [1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05
  • [1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24
  • [992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10
  • [1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22
  • [978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26
  • [1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21
  • [1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17
  • [1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11
  • [1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20
  • [1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22
  • [1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09

Discovery 2020-07-14
Entry 2020-07-15
chromium
< 84.0.4147.89

CVE-2020-6528
CVE-2020-6510
CVE-2020-6511
CVE-2020-6512
CVE-2020-6513
CVE-2020-6514
CVE-2020-6515
CVE-2020-6516
CVE-2020-6517
CVE-2020-6518
CVE-2020-6519
CVE-2020-6520
CVE-2020-6521
CVE-2020-6522
CVE-2020-6523
CVE-2020-6524
CVE-2020-6525
CVE-2020-6526
CVE-2020-6527
CVE-2020-6529
CVE-2020-6530
CVE-2020-6531
CVE-2020-6533
CVE-2020-6534
CVE-2020-6535
CVE-2020-6536
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
9a447f78-d0f8-11ea-9837-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update contains 8 security fixes, including:

  • [1105318] High CVE-2020-6537: Type Confusion in V8. Reported by Alphalaab on 2020-07-14
  • [1096677] High CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-18
  • [1104061] High CVE-2020-6532: Use after free in SCTP. Reported by Anonymous on 2020-07-09
  • [1105635] High CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau on 2020-07-14
  • [1105720] High CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15
  • [1106773] High CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17

Discovery 2020-07-27
Entry 2020-07-28
chromium
< 84.0.4147.105

CVE-2020-6532
CVE-2020-6537
CVE-2020-6538
CVE-2020-6539
CVE-2020-6540
CVE-2020-6541
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
a2caf7bd-a719-11ea-a857-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers.

  • [1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13
  • [1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18
  • [1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18
  • [1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24

Discovery 2020-06-03
Entry 2020-06-05
chromium
< 83.0.4103.97

CVE-2020-6493
CVE-2020-6494
CVE-2020-6495
CVE-2020-6496
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
1110e286-dc08-11ea-beed-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 15 security fixes, including:

  • [1107433] High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20
  • [1104046] High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10
  • [1108497] High CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori on 2020-07-22
  • [1095584] High CVE-2020-6545: Use after free in audio. Reported by Anonymous on 2020-06-16
  • [1100280] High CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess (any1) on 2020-06-29
  • [1102153] High CVE-2020-6547: Incorrect security UI in media. Reported by David Albert on 2020-07-05
  • [1103827] High CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09
  • [1105426] High CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero on 2020-07-14
  • [1106682] High CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17
  • [1107815] High CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2020-07-21
  • [1108518] High CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori on 2020-07-22
  • [1111307] High CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30
  • [1094235] Medium CVE-2020-6554: Use after free in extensions. Reported by Anonymous on 2020-06-12
  • [1105202] Medium CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos on 2020-07-13

Discovery 2020-08-10
Entry 2020-08-11
chromium
< 84.0.4147.125

CVE-2020-6542
CVE-2020-6543
CVE-2020-6544
CVE-2020-6545
CVE-2020-6546
CVE-2020-6547
CVE-2020-6548
CVE-2020-6549
CVE-2020-6550
CVE-2020-6551
CVE-2020-6552
CVE-2020-6553
CVE-2020-6554
CVE-2020-6555
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
d73bc4e6-e7c4-11ea-a878-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 20 security fixes, including:

  • [1109120] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24
  • [1116706] High CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15
  • [1108181] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22
  • [932892] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16
  • [1086845] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27
  • [1104628] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12
  • [841622] Medium CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani on 2018-05-10
  • [1029907] Medium CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-12-02
  • [1065264] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27
  • [937179] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01
  • [1092451] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
  • [995732] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20
  • [1084699] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19
  • [1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora on 2020-05-21

Discovery 2020-08-25
Entry 2020-08-26
chromium
< 85.0.4183.83

CVE-2020-6558
CVE-2020-6559
CVE-2020-6560
CVE-2020-6561
CVE-2020-6562
CVE-2020-6563
CVE-2020-6564
CVE-2020-6565
CVE-2020-6566
CVE-2020-6567
CVE-2020-6568
CVE-2020-6569
CVE-2020-6570
CVE-2020-6571
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
bed5d41a-f2b4-11ea-a878-e09467587c17chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 5 security fixes:

  • [1116304] High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14
  • [1102196] High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs on 2020-07-05
  • [1081874] High CVE-2020-6575: Race in Mojo. Reported by Microsoft on 2020-05-12
  • [1111737] High CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31
  • [1122684] High CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft on 2020-08-27

Discovery 2020-09-08
Entry 2020-09-09
chromium
< 85.0.4183.102

CVE-2020-6573
CVE-2020-6574
CVE-2020-6575
CVE-2020-6576
CVE-2020-15969
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html