VuXML ID | Description |
7b929503-911d-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 17 security fixes, including:
- [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
- [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
- [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
- [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
- [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
- [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
- [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
- [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
- [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
- [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
- [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
- [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
- [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
- [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
Discovery 2023-01-10 Entry 2023-01-10 chromium
< 109.0.5414.74
ungoogled-chromium
< 109.0.5414.74
CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
|
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes, including:
- [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
Discovery 2023-01-24 Entry 2023-01-25 chromium
< 109.0.5414.119
ungoogled-chromium
< 109.0.5414.119
CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
|
83eb9374-7b97-11ed-be8f-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
- [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
- [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
- [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
- [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09
Discovery 2022-12-13 Entry 2022-12-14 chromium
< 108.0.5359.124
ungoogled-chromium
< 108.0.5359.124
CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
|
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 1 security fix:
- [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22
Google is aware that an exploit for CVE-2022-4135 exists in the wild.
Discovery 2022-11-24 Entry 2022-11-25 chromium
< 107.0.5304.121
ungoogled-chromium
< 107.0.5304.121
CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
|
3551e106-1b17-11ec-a8a7-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update contains 19 security fixes, including:
- [1243117] High CVE-2021-37956: Use after free in Offline use.
Reported by Huyna at Viettel Cyber Security on 2021-08-24
- [1242269] High CVE-2021-37957: Use after free in WebGPU.
Reported by Looben Yang on 2021-08-23
- [1223290] High CVE-2021-37958: Inappropriate implementation in
Navigation. Reported by James Lee (@Windowsrcer) on
2021-06-24
- [1229625] High CVE-2021-37959: Use after free in Task Manager.
Reported by raven (@raid_akame) on 2021-07-15
- [1247196] High CVE-2021-37960: Inappropriate implementation in
Blink graphics. Reported by Atte Kettunen of OUSPG on
2021-09-07
- [1228557] Medium CVE-2021-37961: Use after free in Tab Strip.
Reported by Khalil Zhani on 2021-07-13
- [1231933] Medium CVE-2021-37962: Use after free in Performance
Manager. Reported by Sri on 2021-07-22
- [1199865] Medium CVE-2021-37963: Side-channel information
leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal,
University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv
University, Sioli O'Connell, University of Adelaide, and Jason
Kim, Georgia Institute of Technology on 2021-04-16
- [1203612] Medium CVE-2021-37964: Inappropriate implementation in
ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the
Chinese University of Hong Kong on 2021-04-28
- [1239709] Medium CVE-2021-37965: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-08-13
- [1238944] Medium CVE-2021-37966: Inappropriate implementation in
Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
- [1243622] Medium CVE-2021-37967: Inappropriate implementation in
Background Fetch API. Reported by SorryMybad (@S0rryMybad) of
Kunlun Lab on 2021-08-26
- [1245053] Medium CVE-2021-37968: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-08-30
- [1245879] Medium CVE-2021-37969: Inappropriate implementation in
Google Updater. Reported by Abdelhamid Naceri (halov) on
2021-09-02
- [1248030] Medium CVE-2021-37970: Use after free in File System
API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
2021-09-09
- [1219354] Low CVE-2021-37971: Incorrect security UI in Web
Browser UI. Reported by Rayyan Bijoora on 2021-06-13
- [1234259] Low CVE-2021-37972: Out of bounds read in
libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from
Panguite-Forensics-Lab of Qianxin on 2021-07-29
Discovery 2021-09-21 Entry 2021-09-21 chromium
< 94.0.4606.54
CVE-2021-37956
CVE-2021-37957
CVE-2021-37958
CVE-2021-37959
CVE-2021-37960
CVE-2021-37961
CVE-2021-37962
CVE-2021-37963
CVE-2021-37964
CVE-2021-37965
CVE-2021-37966
CVE-2021-37967
CVE-2021-37968
CVE-2021-37969
CVE-2021-37970
CVE-2021-37971
CVE-2021-37972
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
|
47b571f2-157b-11ec-ae98-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 11 security fixes, including:
- [1237533] High CVE-2021-30625: Use after free in Selection API.
Reported by Marcin Towalski of Cisco Talos on 2021-08-06
- [1241036] High CVE-2021-30626: Out of bounds memory access in
ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
- [1245786] High CVE-2021-30627: Type Confusion in Blink layout.
Reported by Aki Helin of OUSPG on 2021-09-01
- [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
- [1243646] High CVE-2021-30629: Use after free in Permissions.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
at Qi'anxin Group on 2021-08-26
- [1244568] High CVE-2021-30630: Inappropriate implementation in
Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
2021-08-30
- [1246932] High CVE-2021-30631: Type Confusion in Blink layout.
Reported by Atte Kettunen of OUSPG on 2021-09-06
- [1247763] High CVE-2021-30632: Out of bounds write in V8.
Reported by Anonymous on 2021-09-08
- [1247766] High CVE-2021-30633: Use after free in Indexed DB API.
Reported by Anonymous on 2021-09-08
Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633
exist in the wild.
Discovery 2021-09-13 Entry 2021-09-14 chromium
< 93.0.4577.82
CVE-2021-30625
CVE-2021-30626
CVE-2021-30627
CVE-2021-30628
CVE-2021-30629
CVE-2021-30630
CVE-2021-30631
CVE-2021-30632
CVE-2021-30633
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
|
f12368a8-1e05-11ed-a1ef-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
- [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
- [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
- [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
- [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
- [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
- [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
- [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
- [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
- [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21
Discovery 2022-08-16 Entry 2022-08-17 chromium
< 104.0.5112.101
CVE-2022-2852
CVE-2022-2853
CVE-2022-2854
CVE-2022-2855
CVE-2022-2856
CVE-2022-2857
CVE-2022-2858
CVE-2022-2859
CVE-2022-2860
CVE-2022-2861
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
|
a25ea27b-bced-11ec-87b5-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 2 security fixes, including:
- [1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13
Discovery 2022-04-14 Entry 2022-04-15 chromium
< 100.0.4896.127
CVE-2022-1364
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
|
2899da38-7300-11ed-92ce-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29
Google is aware that an exploit for CVE-2022-4262 exists in the wild.
Discovery 2022-12-02 Entry 2022-12-03 chromium
< 108.0.5359.94
ungoogled-chromium
< 108.0.5359.94
CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
|
7d3d94d3-2810-11ec-9c51-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 4 security fixes, including:
- [1252878] High CVE-2021-37977: Use after free in Garbage
Collection. Reported by Anonymous on 2021-09-24
- [1236318] High CVE-2021-37978: Heap buffer overflow in Blink.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04
- [1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC.
Reported by Marcin Towalski of Cisco Talos on 2021-09-07
- [1254631] High CVE-2021-37980: Inappropriate implementation in
Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30
Discovery 2021-10-07 Entry 2021-10-08 chromium
< 94.0.4606.81
CVE-2021-37977
CVE-2021-37978
CVE-2021-37979
CVE-2021-37980
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
|
6b04476f-601c-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
- [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
- [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
- [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
- [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
- [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01
Discovery 2022-11-08 Entry 2022-11-09 chromium
< 107.0.5304.110
ungoogled-chromium
< 107.0.5304.110
CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
|
e852f43c-846e-11ec-b043-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1284584] High CVE-2022-0452: Use after free in Safe Browsing.
Reported by avaue at S.S.L. on 2022-01-05
- [1284916] High CVE-2022-0453: Use after free in Reader Mode.
Reported by Rong Jian of VRI on 2022-01-06
- [1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2022-01-17
- [1270593] High CVE-2022-0455: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-16
- [1289523] High CVE-2022-0456: Use after free in Web Search.
Reported by Zhihua Yao of KunLun Lab on 2022-01-21
- [1274445] High CVE-2022-0457: Type Confusion in V8. Reported by
rax of the Group0x58 on 2021-11-29
- [1267060] High CVE-2022-0458: Use after free in Thumbnail Tab
Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-05
- [1244205] High CVE-2022-0459: Use after free in Screen Capture.
Reported by raven (@raid_akame) on 2021-08-28
- [1250227] Medium CVE-2022-0460: Use after free in Window Dialog.
Reported by 0x74960 on 2021-09-16
- [1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported
by NDevTK on 2021-10-05
- [1270470] Medium CVE-2022-0462: Inappropriate implementation in
Scroll. Reported by Youssef Sammouda on 2021-11-16
- [1268240] Medium CVE-2022-0463: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-09
- [1270095] Medium CVE-2022-0464: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-14
- [1281941] Medium CVE-2022-0465: Use after free in Extensions.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-22
- [1115460] Medium CVE-2022-0466: Inappropriate implementation in
Extensions Platform. Reported by David Erceg on 2020-08-12
- [1239496] Medium CVE-2022-0467: Inappropriate implementation in
Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13
- [1252716] Medium CVE-2022-0468: Use after free in Payments.
Reported by Krace on 2021-09-24
- [1279531] Medium CVE-2022-0469: Use after free in Cast. Reported
by Thomas Orlita on 2021-12-14
- [1269225] Low CVE-2022-0470: Out of bounds memory access in V8.
Reported by Looben Yang on 2021-11-11
Discovery 2022-02-01 Entry 2022-02-02 chromium
< 98.0.4758.80
CVE-2022-0452
CVE-2022-0453
CVE-2022-0454
CVE-2022-0455
CVE-2022-0456
CVE-2022-0457
CVE-2022-0458
CVE-2022-0459
CVE-2022-0460
CVE-2022-0461
CVE-2022-0462
CVE-2022-0463
CVE-2022-0464
CVE-2022-0465
CVE-2022-0466
CVE-2022-0467
CVE-2022-0468
CVE-2022-0469
CVE-2022-0470
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
|
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
- [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
- [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
- [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
- [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
- [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
- [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
- [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
- [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
- [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
- [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
- [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
- [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
- [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
- [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
- [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
- [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
- [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
- [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
- [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
- [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
- [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06
Discovery 2022-11-29 Entry 2022-11-30 chromium
< 108.0.5359.71
ungoogled-chromium
< 108.0.5359.71
CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
|
ac91cf5e-d098-11ec-bead-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 13 security fixes, including:
- [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
- [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09
- [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26
- [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15
- [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31
- [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17
- [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19
- [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28
- [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10
Discovery 2022-05-10 Entry 2022-05-10 chromium
< 101.0.4951.64
CVE-2022-1633
CVE-2022-1634
CVE-2022-1635
CVE-2022-1636
CVE-2022-1637
CVE-2022-1638
CVE-2022-1639
CVE-2022-1640
CVE-2022-1641
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
|
51496cbc-7a0e-11ec-a323-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 26 security fixes, including:
- [1284367] Critical CVE-2022-0289: Use after free in Safe
browsing. Reported by Sergei Glazunov of Google Project Zero on
2022-01-05
- [1260134][1260007] High CVE-2022-0290: Use after free in Site
isolation. Reported by Brendon Tiszka and Sergei Glazunov of
Google Project Zero on 2021-10-15
- [1281084] High CVE-2022-0291: Inappropriate implementation in
Storage. Reported by Anonymous on 2021-12-19
- [1270358] High CVE-2022-0292: Inappropriate implementation in
Fenced Frames. Reported by Brendon Tiszka on 2021-11-16
- [1283371] High CVE-2022-0293: Use after free in Web packaging.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-30
- [1273017] High CVE-2022-0294: Inappropriate implementation in
Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-11-23
- [1278180] High CVE-2022-0295: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-09
- [1283375] High CVE-2022-0296: Use after free in Printing.
Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability
Research Institute on 2021-12-30
- [1274316] High CVE-2022-0297: Use after free in Vulkan. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2021-11-28
- [1212957] High CVE-2022-0298: Use after free in Scheduling.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25
- [1275438] High CVE-2022-0300: Use after free in Text Input
Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-12-01
- [1276331] High CVE-2022-0301: Heap buffer overflow in DevTools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-12-03
- [1278613] High CVE-2022-0302: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-10
- [1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by
Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22
- [1282118] High CVE-2022-0304: Use after free in Bookmarks.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-22
- [1282354] High CVE-2022-0305: Inappropriate implementation in
Service Worker API. Reported by @uwu7586 on 2021-12-23
- [1283198] High CVE-2022-0306: Heap buffer overflow in PDFium.
Reported by Sergei Glazunov of Google Project Zero on
2021-12-29
- [1281881] Medium CVE-2022-0307: Use after free in Optimization
Guide. Reported by Samet Bekmezci @sametbekmezci on
2021-12-21
- [1282480] Medium CVE-2022-0308: Use after free in Data Transfer.
Reported by @ginggilBesel on 2021-12-24
- [1240472] Medium CVE-2022-0309: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2021-08-17
- [1283805] Medium CVE-2022-0310: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03
- [1283807] Medium CVE-2022-0311: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03
Discovery 2022-01-19 Entry 2022-01-20 chromium
< 97.0.4692.99
CVE-2022-0289
CVE-2022-0290
CVE-2022-0291
CVE-2022-0292
CVE-2022-0293
CVE-2022-0294
CVE-2022-0295
CVE-2022-0296
CVE-2022-0297
CVE-2022-0298
CVE-2022-0300
CVE-2022-0301
CVE-2022-0302
CVE-2022-0303
CVE-2022-0304
CVE-2022-0305
CVE-2022-0306
CVE-2022-0307
CVE-2022-0308
CVE-2022-0309
CVE-2022-0310
CVE-2022-0311
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
|
e12432af-8e73-11ec-8bc4-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1290008] High CVE-2022-0603: Use after free in File Manager.
Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
- [1273397] High CVE-2022-0604: Heap buffer overflow in Tab
Groups. Reported by Krace on 2021-11-24
- [1286940] High CVE-2022-0605: Use after free in Webstore API.
Reported by Thomas Orlita on 2022-01-13
- [1288020] High CVE-2022-0606: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-01-17
- [1250655] High CVE-2022-0607: Use after free in GPU. Reported by
0x74960 on 2021-09-17
- [1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported
by Sergei Glazunov of Google Project Zero on 2021-11-16
- [1296150] High CVE-2022-0609: Use after free in Animation.
Reported by Adam Weidemann and Clément Lecigne of Google'
Threat Analysis Group on 2022-02-10
- [1285449] Medium CVE-2022-0610: Inappropriate implementation in
Gamepad API. Reported by Anonymous on 2022-01-08
Discovery 2022-02-14 Entry 2022-02-15 chromium
< 98.0.4758.102
CVE-2022-0603
CVE-2022-0604
CVE-2022-0605
CVE-2022-0606
CVE-2022-0607
CVE-2022-0608
CVE-2022-0609
CVE-2022-0610
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
|
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
- [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
- [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
- [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
- [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
- [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
- [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
- [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
- [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04
Discovery 2022-10-25 Entry 2022-10-25 chromium
< 107.0.5304.68
ungoogled-chromium
< 107.0.5304.68
CVE-2022-3652
CVE-2022-3653
CVE-2022-3654
CVE-2022-3655
CVE-2022-3656
CVE-2022-3657
CVE-2022-3658
CVE-2022-3659
CVE-2022-3660
CVE-2022-3661
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
|
b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11
- [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19
- [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29
- [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14
- [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30
- [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19
- [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
- [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10
- [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19
Discovery 2022-06-21 Entry 2022-06-22 chromium
< 103.0.5060.53
CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
|
18ac074c-579f-11ec-aac7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 22 security fixes, including:
- [1267661] High CVE-2021-4052: Use after free in web apps.
Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
- [1267791] High CVE-2021-4053: Use after free in UI. Reported by
Rox on 2021-11-08
- [1265806] High CVE-2021-4079: Out of bounds write in WebRTC.
Reported by Brendon Tiszka on 2021-11-01
- [1239760] High CVE-2021-4054: Incorrect security UI in autofill.
Reported by Alesandro Ortiz on 2021-08-13
- [1268738] High CVE-2021-4078: Type confusion in V8. Reported by
Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on
2021-11-09
- [1266510] High CVE-2021-4055: Heap buffer overflow in
extensions. Reported by Chen Rong on 2021-11-03
- [1260939] High CVE-2021-4056: Type Confusion in loader. Reported
by @__R0ng of 360 Alpha Lab on 2021-10-18
- [1262183] High CVE-2021-4057: Use after free in file API.
Reported by Sergei Glazunov of Google Project Zero on
2021-10-21
- [1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-06
- [1270990] High CVE-2021-4059: Insufficient data validation in
loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
- [1271456] High CVE-2021-4061: Type Confusion in V8. Reported by
Paolo Severini on 2021-11-18
- [1272403] High CVE-2021-4062: Heap buffer overflow in BFCache.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-22
- [1273176] High CVE-2021-4063: Use after free in developer tools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-11-23
- [1273197] High CVE-2021-4064: Use after free in screen capture.
Reported by @ginggilBesel on 2021-11-23
- [1273674] High CVE-2021-4065: Use after free in autofill.
Reported by 5n1p3r0010 on 2021-11-25
- [1274499] High CVE-2021-4066: Integer underflow in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
- [1274641] High CVE-2021-4067: Use after free in window manager.
Reported by @ginggilBesel on 2021-11-29
- [1265197] Low CVE-2021-4068: Insufficient validation of
untrusted input in new tab page. Reported by NDevTK on
2021-10-31
Discovery 2021-12-06 Entry 2021-12-07 chromium
< 96.0.4664.93
CVE-2021-4052
CVE-2021-4053
CVE-2021-4054
CVE-2021-4055
CVE-2021-4056
CVE-2021-4057
CVE-2021-4058
CVE-2021-4059
CVE-2021-4061
CVE-2021-4062
CVE-2021-4063
CVE-2021-4064
CVE-2021-4065
CVE-2021-4066
CVE-2021-4067
CVE-2021-4068
CVE-2021-4078
CVE-2021-4079
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
|
f2043ff6-2916-11ed-a1ef-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 24 security fixes, including:
- [1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
- [1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03
- [1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
- [1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16
- [1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
- [1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26
- [1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21
- [1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07
- [1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06
- [1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17
- [1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
- [1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18
- [1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21
- [1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
- [1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24
- [1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
- [1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26
- [1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
- [1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20
Discovery 2022-08-30 Entry 2022-08-31 chromium
< 105.0.5195.52
CVE-2022-3038
CVE-2022-3039
CVE-2022-3040
CVE-2022-3041
CVE-2022-3042
CVE-2022-3043
CVE-2022-3044
CVE-2022-3045
CVE-2022-3046
CVE-2022-3047
CVE-2022-3048
CVE-2022-3049
CVE-2022-3050
CVE-2022-3051
CVE-2022-3052
CVE-2022-3053
CVE-2022-3054
CVE-2022-3055
CVE-2022-3056
CVE-2022-3057
CVE-2022-3058
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
|
857be71a-a4b0-11ec-95fc-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1299422] Critical CVE-2022-0971: Use after free in Blink
Layout. Reported by Sergei Glazunov of Google Project Zero on
2022-02-21
- [1301320] High CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero on
2022-02-28
- [1297498] High CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
- [1291986] High CVE-2022-0974: Use after free in Splitscreen.
Reported by @ginggilBesel on 2022-01-28
- [1295411] High CVE-2022-0975: Use after free in ANGLE. Reported
by SeongHwan Park (SeHwa) on 2022-02-09
- [1296866] High CVE-2022-0976: Heap buffer overflow in GPU.
Reported by Omair on 2022-02-13
- [1299225] High CVE-2022-0977: Use after free in Browser UI.
Reported by Khalil Zhani on 2022-02-20
- [1299264] High CVE-2022-0978: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-20
- [1302644] High CVE-2022-0979: Use after free in Safe Browsing.
Reported by anonymous on 2022-03-03
- [1302157] Medium CVE-2022-0980: Use after free in New Tab Page.
Reported by Krace on 2022-03-02
Discovery 2022-03-15 Entry 2022-03-15 chromium
< 98.0.4844.74
CVE-2022-0971
CVE-2022-0972
CVE-2022-0973
CVE-2022-0974
CVE-2022-0975
CVE-2022-0976
CVE-2022-0977
CVE-2022-0978
CVE-2022-0979
CVE-2022-0980
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
|
27cc4258-0805-11ed-8ac1-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14
- [1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13
- [1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
- [1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
- [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
- [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
Discovery 2022-07-19 Entry 2022-07-20 chromium
< 103.0.5060.134
CVE-2022-2163
CVE-2022-2477
CVE-2022-2478
CVE-2022-2479
CVE-2022-2480
CVE-2022-2481
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
|
d459c914-4100-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 3 security fixes, including:
- [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
- [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21
Discovery 2022-09-30 Entry 2022-09-30 chromium
< 106.0.5249.91
CVE-2022-3370
CVE-2022-3373
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
|
9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 37 security fixes, including:
- [$TBD][1275020] Critical CVE-2022-0096: Use after free in
Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-11-30
- [1117173] High CVE-2022-0097: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-08-17
- [1273609] High CVE-2022-0098: Use after free in Screen Capture.
Reported by @ginggilBesel on 2021-11-24
- [1245629] High CVE-2022-0099: Use after free in Sign-in.
Reported by Rox on 2021-09-01
- [1238209] High CVE-2022-0100: Heap buffer overflow in Media
streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-08-10
- [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
Reported by raven (@raid_akame) on 2021-09-14
- [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
Brendon Tiszka on 2021-10-14
- [1272266] High CVE-2022-0103: Use after free in SwiftShader.
Reported by Abraruddin Khan and Omair on 2021-11-21
- [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-25
- [1274376] High CVE-2022-0105: Use after free in PDF. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd. on 2021-11-28
- [1278960] High CVE-2022-0106: Use after free in Autofill.
Reported by Khalil Zhani on 2021-12-10
- [1248438] Medium CVE-2022-0107: Use after free in File Manager
API. Reported by raven (@raid_akame) on 2021-09-10
- [1248444] Medium CVE-2022-0108: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on
2021-09-10
- [1261689] Medium CVE-2022-0109: Inappropriate implementation in
Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
Seoul National University on 2021-10-20
- [1237310] Medium CVE-2022-0110: Incorrect security UI in
Autofill. Reported by Alesandro Ortiz on 2021-08-06
- [1241188] Medium CVE-2022-0111: Inappropriate implementation in
Navigation. Reported by garygreen on 2021-08-18
- [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
UI. Reported by Thomas Orlita on 2021-10-04
- [1039885] Medium CVE-2022-0113: Inappropriate implementation in
Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
- [1267627] Medium CVE-2022-0114: Out of bounds memory access in
Web Serial. Reported by Looben Yang on 2021-11-06
- [1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
Reported by Mark Brand of Google Project Zero on 2021-11-10
- [1272250] Medium CVE-2022-0116: Inappropriate implementation in
Compositing. Reported by Irvan Kurniawan (sourc7) on
2021-11-20
- [1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
Reported by Dongsung Kim (@kid1ng) on 2020-08-13
- [1238631] Low CVE-2022-0118: Inappropriate implementation in
WebShare. Reported by Alesandro Ortiz on 2021-08-11
- [1262953] Low CVE-2022-0120: Inappropriate implementation in
Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25
Discovery 2022-01-04 Entry 2022-01-05 chromium
< 97.0.4692.71
CVE-2022-0098
CVE-2022-0099
CVE-2022-0096
CVE-2022-0097
CVE-2022-0100
CVE-2022-0101
CVE-2022-0102
CVE-2022-0103
CVE-2022-0104
CVE-2022-0105
CVE-2022-0106
CVE-2022-0107
CVE-2022-0108
CVE-2022-0109
CVE-2022-0110
CVE-2022-0111
CVE-2022-0112
CVE-2022-0113
CVE-2022-0114
CVE-2022-0115
CVE-2022-0116
CVE-2022-0117
CVE-2022-0118
CVE-2022-0120
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
|
976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1259864] High CVE-2021-37997 : Use after free in Sign-In.
Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
- [1259587] High CVE-2021-37998 : Use after free in Garbage
Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-10-13
- [1251541] High CVE-2021-37999 : Insufficient data validation in
New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
- [1249962] High CVE-2021-38000 : Insufficient validation of
untrusted input in Intents. Reported by Clement Lecigne, Neel
Mehta, and Maddie Stone of Google Threat Analysis Group on
2021-09-15
- [1260577] High CVE-2021-38001 : Type Confusion in V8. Reported
by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
- [1260940] High CVE-2021-38002 : Use after free in Web Transport.
Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on
2021-10-16
- [1263462] High CVE-2021-38003 : Inappropriate implementation in
V8. Reported by Clément Lecigne from Google TAG and Samuel Gross
from Google Project Zero on 2021-10-26
Google is aware that exploits for CVE-2021-38000 and
CVE-2021-38003 exist in the wild.
Discovery 2021-10-28 Entry 2021-10-29 chromium
< 95.0.4638.69
CVE-2021-37997
CVE-2021-37998
CVE-2021-37999
CVE-2021-38000
CVE-2021-38001
CVE-2021-38002
CVE-2021-38003
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
|
b59847e0-346d-11ed-8fe9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 11 security fixes, including:
- [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
- [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
- [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
- [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09
Discovery 2022-09-14 Entry 2022-09-14 chromium
< 105.0.5195.125
CVE-2022-3195
CVE-2022-3196
CVE-2022-3197
CVE-2022-3198
CVE-2022-3199
CVE-2022-3200
CVE-2022-3201
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
|
26f2123b-c6c6-11ec-b66f-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 30 security fixes, including:
- [1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
- [1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
- [1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
- [1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
- [1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
- [1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
- [1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
- [1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
- [1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
- [1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
- [1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
- [1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
- [1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
- [1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
- [1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
- [1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11
- [1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
- [1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
- [1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
- [1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
- [1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
- [1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
- [1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
- [1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
- [1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02
Discovery 2022-04-26 Entry 2022-04-28 chromium
< 101.0.4951.41
CVE-2022-1477
CVE-2022-1478
CVE-2022-1479
CVE-2022-1480
CVE-2022-1481
CVE-2022-1482
CVE-2022-1483
CVE-2022-1484
CVE-2022-1485
CVE-2022-1486
CVE-2022-1487
CVE-2022-1488
CVE-2022-1489
CVE-2022-1490
CVE-2022-1491
CVE-2022-1492
CVE-2022-1493
CVE-2022-1494
CVE-2022-1495
CVE-2022-1496
CVE-2022-1497
CVE-2022-1498
CVE-2022-1499
CVE-2022-1500
CVE-2022-1501
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
|
c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 7 security fixes, including:
- [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
- [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Discovery 2022-06-09 Entry 2022-06-09 chromium
< 102.0.5005.115
CVE-2022-2007
CVE-2022-2008
CVE-2022-2010
CVE-2022-2011
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
|
b6c875f1-1d76-11ec-ae80-704d7b472482 | chromium -- use after free in Portals
Chrome Releases reports:
][1251727] High CVE-2021-37973 : Use after free in Portals.
Reported by Clement Lecigne from Google TAG, with technical
assistance from Sergei Glazunov and Mark Brand from Google Project
Zero on 2021-09-21
Google is aware that an exploit for CVE-2021-37973 exists in the wild.
Discovery 2021-09-24 Entry 2021-09-24 chromium
< 94.0.4606.61
CVE-2021-37973
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
|
96a41723-133a-11ed-be3b-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
- [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
- [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
- [1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
- [1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
- [1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
- [1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
- [1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
- [1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
- [1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
- [1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
- [1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
- [1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
- [1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
- [1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
- [1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
- [1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
- [1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
- [1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
- [1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
- [1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27
Discovery 2022-08-02 Entry 2022-08-03 chromium
< 104.0.5112.79
CVE-2022-2603
CVE-2022-2604
CVE-2022-2605
CVE-2022-2606
CVE-2022-2607
CVE-2022-2608
CVE-2022-2609
CVE-2022-2610
CVE-2022-2611
CVE-2022-2612
CVE-2022-2613
CVE-2022-2614
CVE-2022-2615
CVE-2022-2616
CVE-2022-2617
CVE-2022-2618
CVE-2022-2619
CVE-2022-2620
CVE-2022-2621
CVE-2022-2622
CVE-2022-2623
CVE-2022-2624
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
|
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 20 security fixes, including:
- [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
- [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
- [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
- [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
- [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08
- [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29
- [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16
- [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04
- [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06
- [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20
- [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24
- [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05
- [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07
- [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24
- [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22
Discovery 2022-09-27 Entry 2022-09-27 chromium
< 106.0.5249.61
CVE-2022-3201
CVE-2022-3304
CVE-2022-3305
CVE-2022-3306
CVE-2022-3307
CVE-2022-3308
CVE-2022-3309
CVE-2022-3310
CVE-2022-3311
CVE-2022-3312
CVE-2022-3313
CVE-2022-3314
CVE-2022-3315
CVE-2022-3316
CVE-2022-3317
CVE-2022-3318
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
|
777edbbe-2230-11ec-8869-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases/Stable updates reports:
This release contains 4 security fixes, including:
- [1245578] High CVE-2021-37974: Use after free in Safe Browsing.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-09-01
- [1252918] High CVE-2021-37975: Use after free in V8. Reported by
Anonymous on 2021-09-24
- [1251787] Medium CVE-2021-37976: Information leak in core.
Reported by Clement Lecigne from Google TAG, with technical
assistance from Sergei Glazunov and Mark Brand from Google
Project Zero on 2021-09-21
Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976
exist in the wild.
Discovery 2021-09-30 Entry 2021-09-30 chromium
< 94.0.4606.71
CVE-2021-37974
CVE-2021-37975
CVE-2021-37976
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
|
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec | chromium -- mulitple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes:
- [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
- [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
- [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
- [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
- [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
- [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
Discovery 2022-10-11 Entry 2022-10-12 chromium
< 106.0.5249.119
ungoogled-chromium
< 106.0.5249.119
CVE-2022-3445
CVE-2022-3446
CVE-2022-3447
CVE-2022-3448
CVE-2022-3449
CVE-2022-3450
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
|
f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec | chromium -- insufficient data validation in Mojo
Chrome Releases reports:
This release contains 1 security fix:
- [1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
Google is aware that an exploit of CVE-2022-3075 exists in the wild.
Discovery 2022-09-02 Entry 2022-09-03 chromium
< 105.0.5195.102
CVE-2022-3075
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
|
744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 4 security fixes, including:
- [1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- [1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- [1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
Discovery 2022-07-04 Entry 2022-07-07 chromium
< 103.0.5060.114
CVE-2022-2294
CVE-2022-2295
CVE-2022-2296
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
|
e0914087-9a09-11ec-9e61-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE.
Reported by SeongHwan Park (SeHwa) on 2022-01-21
- [1274077] High CVE-2022-0790: Use after free in Cast UI.
Reported by Anonymous on 2021-11-26
- [1278322] High CVE-2022-0791: Use after free in Omnibox.
Reported by Zhihua Yao of KunLun Lab on 2021-12-09
- [1285885] High CVE-2022-0792: Out of bounds read in ANGLE.
Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11
- [1291728] High CVE-2022-0793: Use after free in Views. Reported
by Thomas Orlita on 2022-01-28
- [1294097] High CVE-2022-0794: Use after free in WebShare.
Reported by Khalil Zhani on 2022-02-04
- [1282782] High CVE-2022-0795: Type Confusion in Blink Layout.
Reported by 0x74960 on 2021-12-27
- [1295786] High CVE-2022-0796: Use after free in Media. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-10
- [1281908] High CVE-2022-0797: Out of bounds memory access in
Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-12-21
- [1283402] Medium CVE-2022-0798: Use after free in MediaStream.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-30
- [1279188] Medium CVE-2022-0799: Insufficient policy enforcement
in Installer. Reported by Abdelhamid Naceri (halov) on
2021-12-12
- [1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.
Reported by Khalil Zhani on 2021-08-24
- [1231037] Medium CVE-2022-0801: Inappropriate implementation in
HTML parser. Reported by Michal Bentkowski of Securitum on
2021-07-20
- [1270052] Medium CVE-2022-0802: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-14
- [1280233] Medium CVE-2022-0803: Inappropriate implementation in
Permissions. Reported by Abdulla Aldoseri on 2021-12-15
- [1264561] Medium CVE-2022-0804: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-10-29
- [1290700] Medium CVE-2022-0805: Use after free in Browser
Switcher. Reported by raven at KunLun Lab on 2022-01-25
- [1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by
Paril on 2021-12-31
- [1287364] Medium CVE-2022-0807: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2022-01-14
- [1292271] Medium CVE-2022-0808: Use after free in Chrome OS
Shell. Reported by @ginggilBesel on 2022-01-29
- [1293428] Medium CVE-2022-0809: Out of bounds memory access in
WebXR. Reported by @uwu7586 on 2022-02-03
Discovery 2022-03-01 Entry 2022-03-02 chromium
< 99.0.4844.51
CVE-2022-0789
CVE-2022-0790
CVE-2022-0791
CVE-2022-0792
CVE-2022-0793
CVE-2022-0794
CVE-2022-0795
CVE-2022-0796
CVE-2022-0797
CVE-2022-0798
CVE-2022-0799
CVE-2022-0800
CVE-2022-0801
CVE-2022-0802
CVE-2022-0803
CVE-2022-0804
CVE-2022-0805
CVE-2022-0806
CVE-2022-0807
CVE-2022-0808
CVE-2022-0809
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
|
1225c888-56ea-11ed-b5c3-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÃ
¡ek, Milánek, and Przemek Gmerek of Avast on 2022-10-25
Discovery 2022-10-27 Entry 2022-10-28 chromium
< 107.0.5304.87
ungoogled-chromium
< 107.0.5304.87
CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
|
a7732806-0b2a-11ec-836b-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1233975] High CVE-2021-30606: Use after free in Blink. Reported
by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360
Alpha Lab on 2021-07-28
- [1235949] High CVE-2021-30607: Use after free in Permissions.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-08-03
- [1219870] High CVE-2021-30608: Use after free in Web Share.
Reported by Huyna at Viettel Cyber Security on 2021-06-15
- [1239595] High CVE-2021-30609: Use after free in Sign-In.
Reported by raven (@raid_akame) on 2021-08-13
- [1200440] High CVE-2021-30610: Use after free in Extensions API.
Reported by Igor Bukanov from Vivaldi on 2021-04-19
- [1233942] Medium CVE-2021-30611: Use after free in WebRTC.
Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
360 Alpha Lab on 2021-07-28
- [1234284] Medium CVE-2021-30612: Use after free in WebRTC.
Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
360 Alpha Lab on 2021-07-29
- [1209622] Medium CVE-2021-30613: Use after free in Base
internals. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-05-16
- [1207315] Medium CVE-2021-30614: Heap buffer overflow in
TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10
- [1208614] Medium CVE-2021-30615: Cross-origin data leak in
Navigation. Reported by NDevTK on 2021-05-12
- [1231432] Medium CVE-2021-30616: Use after free in Media.
Reported by Anonymous on 2021-07-21
- [1226909] Medium CVE-2021-30617: Policy bypass in Blink.
Reported by NDevTK on 2021-07-07
- [1232279] Medium CVE-2021-30618: Inappropriate implementation in
DevTools. Reported by @DanAmodio and @mattaustin from Contrast
Security on 2021-07-23
- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill.
Reported by Alesandro Ortiz on 2021-08-02
- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement
in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-03-20
- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-04-30
- [1224419] Medium CVE-2021-30622: Use after free in WebApp
Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2021-06-28
- [1223667] Low CVE-2021-30623: Use after free in Bookmarks.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-06-25
- [1230513] Low CVE-2021-30624: Use after free in Autofill.
Reported by Wei Yuan of MoyunSec VLab on 2021-07-19
Discovery 2021-08-31 Entry 2021-09-01 chromium
< 93.0.4577.63
CVE-2021-30606
CVE-2021-30607
CVE-2021-30608
CVE-2021-30609
CVE-2021-30610
CVE-2021-30611
CVE-2021-30612
CVE-2021-30613
CVE-2021-30614
CVE-2021-30615
CVE-2021-30616
CVE-2021-30617
CVE-2021-30618
CVE-2021-30619
CVE-2021-30620
CVE-2021-30621
CVE-2021-30622
CVE-2021-30623
CVE-2021-30624
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
|
b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec | Chromium -- mulitple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
- [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
- [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
- [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28
- [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
- [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
- [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
- [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
- [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
- [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09
Discovery 2022-04-11 Entry 2022-04-12 chromium
< 100.0.4896.88
CVE-2022-1305
CVE-2022-1306
CVE-2022-1307
CVE-2022-1308
CVE-2022-1309
CVE-2022-1310
CVE-2022-1311
CVE-2022-1312
CVE-2022-1313
CVE-2022-1314
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
|
bdaecfad-3117-11ec-b3b0-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 19 security fixes, including:
- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
- [1248661] High CVE-2021-37982: Use after free in Incognito.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-09-11
- [1249810] High CVE-2021-37983: Use after free in Dev Tools.
Reported by Zhihua Yao of KunLun Lab on 2021-09-15
- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.
Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali
from Forcepoint on 2021-09-27
- [1241860] High CVE-2021-37985: Use after free in V8. Reported
by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
- [1242404] Medium CVE-2021-37986: Heap buffer overflow in
Settings. Reported by raven (@raid_akame) on 2021-08-23
- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
- [1228248] Medium CVE-2021-37988: Use after free in Profiles.
Reported by raven (@raid_akame) on 2021-07-12
- [1233067] Medium CVE-2021-37989: Inappropriate implementation
in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
- [1247395] Medium CVE-2021-37990: Inappropriate implementation
in WebView. Reported by Kareem Selim of CyShield on
2021-09-07
- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel
Gross of Google Project Zero on 2021-09-17
- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.
Reported by sunburst@Ant Security Light-Year Lab on
2021-09-28
- [1255332] Medium CVE-2021-37993: Use after free in PDF
Accessibility. Reported by Cassidy Kim of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
- [1243020] Medium CVE-2021-37996: Insufficient validation of
untrusted input in Downloads. Reported by Anonymous on
2021-08-24
- [1100761] Low CVE-2021-37994: Inappropriate implementation in
iFrame Sandbox. Reported by David Erceg on 2020-06-30
- [1242315] Low CVE-2021-37995: Inappropriate implementation in
WebApp Installer. Reported by Terence Eden on 2021-08-23
Discovery 2021-10-19 Entry 2021-10-19 chromium
< 95.0.4638.54
CVE-2021-37981
CVE-2021-37982
CVE-2021-37983
CVE-2021-37984
CVE-2021-37985
CVE-2021-37986
CVE-2021-37987
CVE-2021-37988
CVE-2021-37989
CVE-2021-37990
CVE-2021-37991
CVE-2021-37992
CVE-2021-37993
CVE-2021-37994
CVE-2021-37995
CVE-2021-37996
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
|
b8c0cbca-472d-11ec-83dc-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 25 security fixes, including:
- [1263620] High CVE-2021-38008: Use after free in media. Reported
by Marcin Towalski of Cisco Talos on 2021-10-26
- [1260649] High CVE-2021-38009: Inappropriate implementation in
cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
- [1240593] High CVE-2021-38006: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-08-17
- [1254189] High CVE-2021-38007: Type Confusion in V8. Reported by
Polaris Feng and SGFvamll at Singular Security Lab on
2021-09-29
- [1241091] High CVE-2021-38005: Use after free in loader.
Reported by Sergei Glazunov of Google Project Zero on
2021-08-18
- [1264477] High CVE-2021-38010: Inappropriate implementation in
service workers. Reported by Sergei Glazunov of Google Project
Zero on 2021-10-28
- [1268274] High CVE-2021-38011: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-11-09
- [1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported
by Yonghwi Jin (@jinmo123) on 2021-10-24
- [1242392] Medium CVE-2021-38013: Heap buffer overflow in
fingerprint recognition. Reported by raven (@raid_akame) on
2021-08-23
- [1248567] Medium CVE-2021-38014: Out of bounds write in
Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
- [957553] Medium CVE-2021-38015: Inappropriate implementation in
input. Reported by David Erceg on 2019-04-29
- [1244289] Medium CVE-2021-38016: Insufficient policy
enforcement in background fetch. Reported by Maurice Dauer on
2021-08-28
- [1256822] Medium CVE-2021-38017: Insufficient policy enforcement
in iframe sandbox. Reported by NDevTK on 2021-10-05
- [1197889] Medium CVE-2021-38018: Inappropriate implementation in
navigation. Reported by Alesandro Ortiz on 2021-04-11
- [1251179] Medium CVE-2021-38019: Insufficient policy enforcement
in CORS. Reported by Maurice Dauer on 2021-09-20
- [1259694] Medium CVE-2021-38020: Insufficient policy enforcement
in contacts picker. Reported by Luan Herrera (@lbherrera_) on
2021-10-13
- [1233375] Medium CVE-2021-38021: Inappropriate implementation in
referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on
2021-07-27
- [1248862] Low CVE-2021-38022: Inappropriate implementation in
WebAuthentication. Reported by Michal Kepkowski on 2021-09-13
Discovery 2021-11-15 Entry 2021-11-16 chromium
< 96.0.4664.45
CVE-2021-38005
CVE-2021-38006
CVE-2021-38007
CVE-2021-38008
CVE-2021-38009
CVE-2021-38010
CVE-2021-38011
CVE-2021-38012
CVE-2021-38013
CVE-2021-38014
CVE-2021-38015
CVE-2021-38016
CVE-2021-38017
CVE-2021-38018
CVE-2021-38019
CVE-2021-38020
CVE-2021-38021
CVE-2021-38022
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
|
fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release includes one security fix:
- [1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30
Discovery 2022-04-04 Entry 2022-04-05 chromium
< 100.0.4896.75
CVE-2022-1232
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
|
40e2c35e-db99-11ec-b0cf-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 32 security fixes, including:
- [1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
- [1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
- [1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
- [1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
- [1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
- [1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
- [1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
- [1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
- [1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
- [1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
- [1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
- [1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
- [1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
- [1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
- [1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12
- [1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
- [1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
- [1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
- [1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
- [1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
- [1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
- [1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
- [1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
- [1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06
Discovery 2022-05-24 Entry 2022-05-24 chromium
< 102.0.5005.61
CVE-2022-1853
CVE-2022-1854
CVE-2022-1855
CVE-2022-1856
CVE-2022-1857
CVE-2022-1858
CVE-2022-1859
CVE-2022-1860
CVE-2022-1861
CVE-2022-1862
CVE-2022-1863
CVE-2022-1864
CVE-2022-1865
CVE-2022-1866
CVE-2022-1867
CVE-2022-1868
CVE-2022-1869
CVE-2022-1870
CVE-2022-1871
CVE-2022-1872
CVE-2022-1873
CVE-2022-1874
CVE-2022-1875
CVE-2022-1876
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
|
ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1292261] High CVE-2022-1125: Use after free in Portals.
Reported by Khalil Zhani on 2022-01-29
- [1291891] High CVE-2022-1127: Use after free in QR Code
Generator. Reported by anonymous on 2022-01-28
- [1301920] High CVE-2022-1128: Inappropriate implementation in
Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
Shielder on 2022-03-01
- [1300253] High CVE-2022-1129: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2022-02-24
- [1142269] High CVE-2022-1130: Insufficient validation of
untrusted input in WebOTP. Reported by Sergey Toshin of
Oversecurity Inc. on 2020-10-25
- [1297404] High CVE-2022-1131: Use after free in Cast UI.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2022-02-15
- [1303410] High CVE-2022-1132: Inappropriate implementation in
Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
- [1305776] High CVE-2022-1133: Use after free in WebRTC.
Reported by Anonymous on 2022-03-13
- [1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2022-03-21
- [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab on 2022-01-09
- [1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
Reported by Krace on 2021-12-15
- [1289846] Medium CVE-2022-1137: Inappropriate implementation in
Extensions. Reported by Thomas Orlita on 2022-01-22
- [1246188] Medium CVE-2022-1138: Inappropriate implementation in
Web Cursor. Reported by Alesandro Ortiz on 2021-09-03
- [1268541] Medium CVE-2022-1139: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-11-10
- [1303253] Medium CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab on 2022-03-05
- [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
- [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
- [1304145] Medium CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-08
- [1304545] Medium CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security on 2022-03-09
- [1290150] Low CVE-2022-1146: Inappropriate implementation in
Resource Timing. Reported by Sohom Datta on 2022-01-23
Discovery 2022-03-29 Entry 2022-03-29 chromium
< 100.0.4896.60
CVE-2022-1125
CVE-2022-1127
CVE-2022-1128
CVE-2022-1129
CVE-2022-1130
CVE-2022-1131
CVE-2022-1132
CVE-2022-1133
CVE-2022-1134
CVE-2022-1135
CVE-2022-1136
CVE-2022-1137
CVE-2022-1138
CVE-2022-1139
CVE-2022-1141
CVE-2022-1142
CVE-2022-1143
CVE-2022-1144
CVE-2022-1145
CVE-2022-1146
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
|
323f900d-ac6d-11ec-a0b8-3065ec8fd3ec | chromium -- V8 type confusion
Chrome Releases reports:
This release contains 1 security fix:
- [1309225] High CVE-2022-1096: Type Confusion in V8. Reported by
anonymous on 2022-03-23
Google is aware that an exploit for CVE-2022-1096 exists in the wild.
Discovery 2022-03-25 Entry 2022-03-25 chromium
< 99.0.4844.84
CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
|
fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 5 security fixes, including:
- [1263457] Critical CVE-2021-4098: Insufficient data validation
in Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-10-26
- [1270658] High CVE-2021-4099: Use after free in Swiftshader.
Reported by Aki Helin of Solita on 2021-11-16
- [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE.
Reported by Aki Helin of Solita on 2021-11-19
- [1262080] High CVE-2021-4101: Heap buffer overflow in
Swiftshader. Reported by Abraruddin Khan and Omair on
2021-10-21
- [1278387] High CVE-2021-4102: Use after free in V8. Reported by
Anonymous on 2021-12-09
Discovery 2021-12-13 Entry 2021-12-14 chromium
< 96.0.4664.110
CVE-2021-4098
CVE-2021-4099
CVE-2021-4100
CVE-2021-4101
CVE-2021-4102
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
|