FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
857be71a-a4b0-11ec-95fc-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 11 security fixes, including: [1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21 [1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28 [1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15 [1291986] High CVE-2022-0974: Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28 [1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09 [1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13 [1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20 [1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20 [1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03 [1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02 Discovery 2022-03-15 Entry 2022-03-15 chromium < 98.0.4844.74 CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974 CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978 CVE-2022-0979 CVE-2022-0980 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
777edbbe-2230-11ec-8869-704d7b472482	chromium -- multiple vulnerabilities Chrome Releases/Stable updates reports: This release contains 4 security fixes, including: [1245578] High CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01 [1252918] High CVE-2021-37975: Use after free in V8. Reported by Anonymous on 2021-09-24 [1251787] Medium CVE-2021-37976: Information leak in core. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21 Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild. Discovery 2021-09-30 Entry 2021-09-30 chromium < 94.0.4606.71 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 14 security fixes, including: [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19 [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19 [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18 [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09 [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14 [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23 [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20 [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04 Discovery 2022-10-25 Entry 2022-10-25 chromium < 107.0.5304.68 ungoogled-chromium < 107.0.5304.68 CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661 https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
b59847e0-346d-11ed-8fe9-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 11 security fixes, including: [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31 [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30 [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30 [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23 [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22 [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22 [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09 Discovery 2022-09-14 Entry 2022-09-14 chromium < 105.0.5195.125 CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
b8c0cbca-472d-11ec-83dc-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 25 security fixes, including: [1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 [1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16 [1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17 [1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29 [1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18 [1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28 [1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09 [1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24 [1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23 [1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10 [957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29 [1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer on 2021-08-28 [1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05 [1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11 [1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20 [1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13 [1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27 [1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13 Discovery 2021-11-15 Entry 2021-11-16 chromium < 96.0.4664.45 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
47b571f2-157b-11ec-ae98-704d7b472482	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 11 security fixes, including: [1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06 [1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18 [1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01 [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18 [1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26 [1244568] High CVE-2021-30630: Inappropriate implementation in Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30 [1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06 [1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08 [1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08 Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild. Discovery 2021-09-13 Entry 2021-09-14 chromium < 93.0.4577.82 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 14 security fixes, including: [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11 [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19 [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29 [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14 [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30 [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19 [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21 [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by JosÃÂ© Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10 [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19 Discovery 2022-06-21 Entry 2022-06-22 chromium < 103.0.5060.53 CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec	chromium -- Type confusion in V8 Chrome Releases reports: This release includes one security fix: [1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30 Discovery 2022-04-04 Entry 2022-04-05 chromium < 100.0.4896.75 CVE-2022-1232 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
b6c875f1-1d76-11ec-ae80-704d7b472482	chromium -- use after free in Portals Chrome Releases reports: ][1251727] High CVE-2021-37973 : Use after free in Portals. Reported by Clement Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21 Google is aware that an exploit for CVE-2021-37973 exists in the wild. Discovery 2021-09-24 Entry 2021-09-24 chromium < 94.0.4606.61 CVE-2021-37973 https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
f2043ff6-2916-11ed-a1ef-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 24 security fixes, including: [1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28 [1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 [1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03 [1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20 [1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22 [1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16 [1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12 [1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26 [1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21 [1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07 [1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06 [1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17 [1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17 [1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18 [1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21 [1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08 [1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24 [1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11 [1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26 [1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16 [1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20 Discovery 2022-08-30 Entry 2022-08-31 chromium < 105.0.5195.52 CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 28 security fixes, including: [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27 [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04 [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08 [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28 [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18 [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24 [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26 [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09 [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28 [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22 [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01 [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10 [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21 [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04 [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30 [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15 [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27 [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12 [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14 [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19 [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03 [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06 Discovery 2022-11-29 Entry 2022-11-30 chromium < 108.0.5359.71 ungoogled-chromium < 108.0.5359.71 CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
e12432af-8e73-11ec-8bc4-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 11 security fixes, including: [1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22 [1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24 [1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13 [1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17 [1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17 [1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16 [1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and ClÃÂ©ment Lecigne of Google' Threat Analysis Group on 2022-02-10 [1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08 Discovery 2022-02-14 Entry 2022-02-15 chromium < 98.0.4758.102 CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
40e2c35e-db99-11ec-b0cf-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 32 security fixes, including: [1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 [1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27 [1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13 [1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11 [1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07 [1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05 [1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15 [1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16 [1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04 [1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01 [1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28 [1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20 [1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29 [1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12 [1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28 [1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23 [1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21 [1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26 [1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11 [1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21 [1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15 [1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06 Discovery 2022-05-24 Entry 2022-05-24 chromium < 102.0.5005.61 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
1225c888-56ea-11ed-b5c3-3065ec8fd3ec	chromium -- Type confusion in V8 Chrome Releases reports: This release contains 1 security fix: [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÃÂ¡ek, MilÃÂ¡nek, and Przemek Gmerek of Avast on 2022-10-25 Discovery 2022-10-27 Entry 2022-10-28 chromium < 107.0.5304.87 ungoogled-chromium < 107.0.5304.87 CVE-2022-3723 https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
6b04476f-601c-11ed-92ce-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 10 security fixes, including: [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24 [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10 [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08 [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16 [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01 [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01 Discovery 2022-11-08 Entry 2022-11-09 chromium < 107.0.5304.110 ungoogled-chromium < 107.0.5304.110 CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVE-2022-3890 https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
bdaecfad-3117-11ec-b3b0-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 19 security fixes, including: [1246631] High CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04 [1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11 [1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15 [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti LevomÃÂ¤ki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27 [1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20 [1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings. Reported by raven (@raid_akame) on 2021-08-23 [1206928] Medium CVE-2021-37987: Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08 [1228248] Medium CVE-2021-37988: Use after free in Profiles. Reported by raven (@raid_akame) on 2021-07-12 [1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26 [1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07 [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17 [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28 [1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02 [1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24 [1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30 [1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23 Discovery 2021-10-19 Entry 2021-10-19 chromium < 95.0.4638.54 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec	Chromium -- mulitple vulnerabilities Chrome Releases reports: This release contains 11 security fixes, including: [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21 [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01 [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28 [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17 [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18 [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28 [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30 [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16 [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09 Discovery 2022-04-11 Entry 2022-04-12 chromium < 100.0.4896.88 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 28 security fixes, including: [1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 [1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28 [1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01 [1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24 [1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25 [1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15 [1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07 [1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13 [1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21 [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09 [1280205] Medium CVE-2022-1136: Use after free in Tab Strip. Reported by Krace on 2021-12-15 [1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22 [1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03 [1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10 [1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05 [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07 [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07 [1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08 [1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09 [1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23 Discovery 2022-03-29 Entry 2022-03-29 chromium < 100.0.4896.60 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
323f900d-ac6d-11ec-a0b8-3065ec8fd3ec	chromium -- V8 type confusion Chrome Releases reports: This release contains 1 security fix: [1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild. Discovery 2022-03-25 Entry 2022-03-25 chromium < 99.0.4844.84 CVE-2022-1096 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
3551e106-1b17-11ec-a8a7-704d7b472482	chromium -- multiple vulnerabilities Chrome Releases reports: This update contains 19 security fixes, including: [1243117] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24 [1242269] High CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23 [1223290] High CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24 [1229625] High CVE-2021-37959: Use after free in Task Manager. Reported by raven (@raid_akame) on 2021-07-15 [1247196] High CVE-2021-37960: Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07 [1228557] Medium CVE-2021-37961: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13 [1231933] Medium CVE-2021-37962: Use after free in Performance Manager. Reported by Sri on 2021-07-22 [1199865] Medium CVE-2021-37963: Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O'Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology on 2021-04-16 [1203612] Medium CVE-2021-37964: Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28 [1239709] Medium CVE-2021-37965: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-13 [1238944] Medium CVE-2021-37966: Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11 [1243622] Medium CVE-2021-37967: Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26 [1245053] Medium CVE-2021-37968: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-08-30 [1245879] Medium CVE-2021-37969: Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02 [1248030] Medium CVE-2021-37970: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09 [1219354] Low CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13 [1234259] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29 Discovery 2021-09-21 Entry 2021-09-21 chromium < 94.0.4606.54 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
26f2123b-c6c6-11ec-b66f-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 30 security fixes, including: [1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06 [1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20 [1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10 [1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17 [1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04 [1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10 [1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08 [1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15 [1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22 [1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08 [1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09 [1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04 [1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25 [1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01 [1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12 [1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11 [1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01 [1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17 [1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28 [1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15 [1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29 [1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14 [1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04 [1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25 [1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02 Discovery 2022-04-26 Entry 2022-04-28 chromium < 101.0.4951.41 CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec	chromium -- mulitple vulnerabilities Chrome Releases reports: This release contains 6 security fixes: [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26 [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22 [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13 [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17 [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30 Discovery 2022-10-11 Entry 2022-10-12 chromium < 106.0.5249.119 ungoogled-chromium < 106.0.5249.119 CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
e0914087-9a09-11ec-9e61-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 28 security fixes, including: [1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21 [1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26 [1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09 [1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11 [1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28 [1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04 [1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27 [1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10 [1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21 [1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30 [1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12 [1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24 [1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michal Bentkowski of Securitum on 2021-07-20 [1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14 [1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15 [1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29 [1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25 [1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril on 2021-12-31 [1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14 [1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29 [1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03 Discovery 2022-03-01 Entry 2022-03-02 chromium < 99.0.4844.51 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
ac91cf5e-d098-11ec-bead-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 13 security fixes, including: [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09 [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26 [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15 [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31 [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17 [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19 [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28 [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10 Discovery 2022-05-10 Entry 2022-05-10 chromium < 101.0.4951.64 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 10 security fixes, including: [1227777] High CVE-2021-30590: Heap buffer overflow in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09 [1229298] High CVE-2021-30591: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14 [1209469] High CVE-2021-30592: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-15 [1209616] High CVE-2021-30593: Out of bounds read in Tab Strip. Reported by David Erceg on 2021-05-16 [1218468] High CVE-2021-30594: Use after free in Page Info UI. Reported by raven (@raid_akame) on 2021-06-10 [1214481] Medium CVE-2021-30596: Incorrect security UI in Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29 [1232617] Medium CVE-2021-30597: Use after free in Browser UI. Reported by raven (@raid_akame) on 2021-07-24 Discovery 2021-08-02 Entry 2021-08-03 chromium < 92.0.4515.131 CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593 CVE-2021-30594 CVE-2021-30596 CVE-2021-30597 https://chromereleases.googleblog.com/search/label/Stable%20updates
18ac074c-579f-11ec-aac7-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 22 security fixes, including: [1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07 [1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08 [1265806] High CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka on 2021-11-01 [1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13 [1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09 [1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03 [1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18 [1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21 [1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06 [1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17 [1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18 [1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22 [1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23 [1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23 [1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25 [1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29 [1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29 [1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31 Discovery 2021-12-06 Entry 2021-12-07 chromium < 96.0.4664.93 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 20 security fixes, including: [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22 Discovery 2022-09-27 Entry 2022-09-27 chromium < 106.0.5249.61 CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
128deba6-ff56-11eb-8514-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 9 security fixes, including: [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30 [1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20 [1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28 [1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-07-19 [1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27 [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30 Discovery 2021-08-16 Entry 2021-08-17 chromium < 92.0.4515.159 CVE-2021-30598 CVE-2021-30599 CVE-2021-30600 CVE-2021-30601 CVE-2021-30602 CVE-2021-30603 CVE-2021-30604 https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
96a41723-133a-11ed-be3b-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 27 security fixes, including: [1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10 [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22 [1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31 [1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11 [1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01 [1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22 [1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09 [1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28 [1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30 [1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13 [1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05 [1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10 [1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02 [1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31 [1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21 [1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04 [1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17 [1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07 [1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03 [1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20 [1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27 Discovery 2022-08-02 Entry 2022-08-03 chromium < 104.0.5112.79 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
7d3d94d3-2810-11ec-9c51-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 4 security fixes, including: [1252878] High CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous on 2021-09-24 [1236318] High CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04 [1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC. Reported by Marcin Towalski of Cisco Talos on 2021-09-07 [1254631] High CVE-2021-37980: Inappropriate implementation in Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30 Discovery 2021-10-07 Entry 2021-10-08 chromium < 94.0.4606.81 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
e852f43c-846e-11ec-b043-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 27 security fixes, including: [1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05 [1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06 [1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17 [1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16 [1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21 [1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29 [1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-05 [1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28 [1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16 [1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05 [1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16 [1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09 [1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14 [1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22 [1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12 [1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13 [1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24 [1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14 [1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11 Discovery 2022-02-01 Entry 2022-02-02 chromium < 98.0.4758.80 CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
d459c914-4100-11ed-9bc7-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 3 security fixes, including: [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22 [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21 Discovery 2022-09-30 Entry 2022-09-30 chromium < 106.0.5249.91 CVE-2022-3370 CVE-2022-3373 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 5 security fixes, including: [1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 [1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16 [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19 [1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21 [1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09 Discovery 2021-12-13 Entry 2021-12-14 chromium < 96.0.4664.110 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
2899da38-7300-11ed-92ce-3065ec8fd3ec	chromium -- Type confusion in V8 Chrome Releases reports: This release contains 1 security fix: [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29 Google is aware that an exploit for CVE-2022-4262 exists in the wild. Discovery 2022-12-02 Entry 2022-12-03 chromium < 108.0.5359.94 ungoogled-chromium < 108.0.5359.94 CVE-2022-4262 https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 8 security fixes, including: [1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 [1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13 [1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21 [1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15 [1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16 [1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on 2021-10-16 [1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by ClÃÂ©ment Lecigne from Google TAG and Samuel Gross from Google Project Zero on 2021-10-26 Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild. Discovery 2021-10-28 Entry 2021-10-29 chromium < 95.0.4638.69 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
27cc4258-0805-11ed-8ac1-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 11 security fixes, including: [1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14 [1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13 [1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28 [1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27 [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04 [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21 Discovery 2022-07-19 Entry 2022-07-20 chromium < 103.0.5060.134 CVE-2022-2163 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec	chromium -- insufficient data validation in Mojo Chrome Releases reports: This release contains 1 security fix: [1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 Google is aware that an exploit of CVE-2022-3075 exists in the wild. Discovery 2022-09-02 Entry 2022-09-03 chromium < 105.0.5195.102 CVE-2022-3075 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
f12368a8-1e05-11ed-a1ef-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 11 security fixes, including: [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02 [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18 [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16 [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21 [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05 [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04 [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19 [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22 [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18 [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21 Discovery 2022-08-16 Entry 2022-08-17 chromium < 104.0.5112.101 CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 37 security fixes, including: [$TBD][1275020] Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30 [1117173] High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17 [1273609] High CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24 [1245629] High CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01 [1238209] High CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10 [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14 [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14 [1272266] High CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21 [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25 [1274376] High CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28 [1278960] High CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10 [1248438] Medium CVE-2022-0107: Use after free in File Manager API. Reported by raven (@raid_akame) on 2021-09-10 [1248444] Medium CVE-2022-0108: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2021-09-10 [1261689] Medium CVE-2022-0109: Inappropriate implementation in Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2021-10-20 [1237310] Medium CVE-2022-0110: Incorrect security UI in Autofill. Reported by Alesandro Ortiz on 2021-08-06 [1241188] Medium CVE-2022-0111: Inappropriate implementation in Navigation. Reported by garygreen on 2021-08-18 [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita on 2021-10-04 [1039885] Medium CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07 [1267627] Medium CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by Looben Yang on 2021-11-06 [1268903] Medium CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero on 2021-11-10 [1272250] Medium CVE-2022-0116: Inappropriate implementation in Compositing. Reported by Irvan Kurniawan (sourc7) on 2021-11-20 [1115847] Low CVE-2022-0117: Policy bypass in Service Workers. Reported by Dongsung Kim (@kid1ng) on 2020-08-13 [1238631] Low CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11 [1262953] Low CVE-2022-0120: Inappropriate implementation in Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25 Discovery 2022-01-04 Entry 2022-01-05 chromium < 97.0.4692.71 CVE-2022-0098 CVE-2022-0099 CVE-2022-0096 CVE-2022-0097 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 4 security fixes, including: [1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 [1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 [1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 Discovery 2022-07-04 Entry 2022-07-07 chromium < 103.0.5060.114 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
a7732806-0b2a-11ec-836b-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 27 security fixes, including: [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28 [1235949] High CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-03 [1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15 [1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame) on 2021-08-13 [1200440] High CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi on 2021-04-19 [1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28 [1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29 [1209622] Medium CVE-2021-30613: Use after free in Base internals. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16 [1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10 [1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12 [1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21 [1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07 [1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23 [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02 [1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20 [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30 [1224419] Medium CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28 [1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25 [1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19 Discovery 2021-08-31 Entry 2021-09-01 chromium < 93.0.4577.63 CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
51496cbc-7a0e-11ec-a323-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 26 security fixes, including: [1284367] Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05 [1260134][1260007] High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15 [1281084] High CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous on 2021-12-19 [1270358] High CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka on 2021-11-16 [1283371] High CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30 [1273017] High CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23 [1278180] High CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09 [1283375] High CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30 [1274316] High CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28 [1212957] High CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25 [1275438] High CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-01 [1276331] High CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03 [1278613] High CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10 [1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22 [1282118] High CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22 [1282354] High CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586 on 2021-12-23 [1283198] High CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29 [1281881] Medium CVE-2022-0307: Use after free in Optimization Guide. Reported by Samet Bekmezci @sametbekmezci on 2021-12-21 [1282480] Medium CVE-2022-0308: Use after free in Data Transfer. Reported by @ginggilBesel on 2021-12-24 [1240472] Medium CVE-2022-0309: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2021-08-17 [1283805] Medium CVE-2022-0310: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03 [1283807] Medium CVE-2022-0311: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03 Discovery 2022-01-19 Entry 2022-01-20 chromium < 97.0.4692.99 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0303 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
a25ea27b-bced-11ec-87b5-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 2 security fixes, including: [1315901] High CVE-2022-1364: Type Confusion in V8. Reported by ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2022-0-13 Discovery 2022-04-14 Entry 2022-04-15 chromium < 100.0.4896.127 CVE-2022-1364 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 7 security fixes, including: [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19 [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13 [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31 Discovery 2022-06-09 Entry 2022-06-09 chromium < 102.0.5005.115 CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
ad05a737-14bd-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 4 security fixes: [1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 [1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 [1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01 Discovery 2023-06-26 Entry 2023-06-27 chromium < 114.0.5735.198 ungoogled-chromium < 114.0.5735.198 CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
310ca30e-a951-11ed-8314-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 15 security fixes, including: [1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18 [1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03 [1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25 [1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06 [1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26 [1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05 [1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14 [1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07 [1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18 [1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11 Discovery 2023-02-07 Entry 2023-02-10 chromium < 110.0.5481.77 ungoogled-chromium < 110.0.5481.77 CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
22fffa69-46fa-11ee-8290-a8a1599412c6	chromium -- use after free in MediaStream Chrome Releases reports: This update includes 1 security fix: [1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12 Discovery 2023-08-29 Entry 2023-08-30 chromium < 116.0.5845.140 ungoogled-chromium < 116.0.5845.140 CVE-2023-4472 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html
bea52545-f4a7-11ed-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 12 security fixes: [1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 [1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 [1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21 [1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14 [1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04 [1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03 Discovery 2023-05-16 Entry 2023-05-17 chromium < 113.0.5672.126 ungoogled-chromium < 113.0.5672.126 CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724 CVE-2023-2725 CVE-2023-2726 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
3ee577a9-aad4-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 6 security fixes: [1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13 [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24 [1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25 [1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01 Discovery 2024-01-03 Entry 2024-01-04 chromium < 120.0.6099.199 ungoogled-chromium < 120.0.6099.199 CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
a1e27775-7a61-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 15 security fixes: [1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14 [1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13 [1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13 [1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22 [1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18 [1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10 [1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22 [1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01 [1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13 [1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17 [1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18 [1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24 [1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13 Discovery 2023-10-31 Entry 2023-11-03 chromium < 119.0.6045.105 ungoogled-chromium < 119.0.6045.105 qt6-webengine < 6.6.1 CVE-2023-5480 CVE-2023-5482 CVE-2023-5849 CVE-2023-5850 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858 CVE-2023-5859 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html
88754d55-521a-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 16 security fixes: [1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of TorontoÃÂ¼s Munk School on 2023-09-06 [1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06 [1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29 [1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14 [1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18 [1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09 [1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29 [1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30 [1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04 [1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06 [1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09 Discovery 2023-09-12 Entry 2023-09-13 chromium < 117.0.5938.62 ungoogled-chromium < 117.0.5938.62 CVE-2023-4863 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 1 security fix: [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22 Google is aware that an exploit for CVE-2022-4135 exists in the wild. Discovery 2022-11-24 Entry 2022-11-25 chromium < 107.0.5304.121 ungoogled-chromium < 107.0.5304.121 CVE-2022-4135 https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
6f0327d4-9902-4042-9b68-6fc2266944bc	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 2 security fixes: [1432210] High CVE-2023-2033: Type Confusion in V8. Reported by ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2023-04-11 Discovery 2023-04-14 Entry 2023-04-15 chromium < 112.0.5615.121 ungoogled-chromium < 112.0.5615.121 CVE-2023-2033 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
502c9f72-99b3-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 9 security fixes: [1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10 [1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14 [1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23 [1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28 [1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09 [1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21 Discovery 2023-12-12 Entry 2023-12-13 chromium < 120.0.6099.109 ungoogled-chromium < 120.0.6099.109 CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
2f22927f-26ea-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 20 security fixes: [1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12 [1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23 [1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09 [1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02 [1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31 [1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01 [1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29 [1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19 [1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19 [1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18 [1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06 Discovery 2023-07-19 Entry 2023-07-20 chromium < 115.0.5790.98 ungoogled-chromium < 115.0.5790.98 CVE-2023-3727 CVE-2023-3728 CVE-2023-3730 CVE-2023-3732 CVE-2023-3733 CVE-2023-3734 CVE-2023-3735 CVE-2023-3736 CVE-2023-3737 CVE-2023-3738 CVE-2023-3740 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html
c8b334e0-6e83-4575-81d1-f9d5803ceb07	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 8 security fixes: [1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07 [1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27 [1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27 [1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13 [1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03 [1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07 [1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08 Discovery 2023-03-21 Entry 2023-03-22 chromium < 111.0.5563.110 ungoogled-chromium < 111.0.5563.110 CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
df0a2fd1-4c92-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 4 security fixes: [1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 [1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16 [1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03 [1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20 Discovery 2023-09-05 Entry 2023-09-06 chromium < 116.0.5845.179 ungoogled-chromium < 116.0.5845.179 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
0da4db89-84bf-11ee-8290-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 4 security fixes: [1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 [1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04 Discovery 2023-11-14 Entry 2023-11-16 chromium < 119.0.6045.159 ungoogled-chromium < 119.0.6045.159 qt5-webengine < 5.15.16.p5 qt6-webengine < 6.6.1 CVE-2023-5997 CVE-2023-6112 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6	chromium -- security fix Chrome Releases reports: This update includes 1 security fix: [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by ClÃÂ©ment Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19 Discovery 2023-12-20 Entry 2023-12-21 chromium < 120.0.6099.129 ungoogled-chromium < 120.0.6099.129 CVE-2023-7024 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 17 security fixes: [1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20 [1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17 [1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07 [1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28 [1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12 [1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20 [1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12 [1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25 [1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29 [1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04 [1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04 Discovery 2023-08-02 Entry 2023-08-04 chromium < 115.0.5790.170 ungoogled-chromium < 115.0.5790.170 CVE-2023-4068 CVE-2023-4069 CVE-2023-4070 CVE-2023-4071 CVE-2023-4072 CVE-2023-4073 CVE-2023-4074 CVE-2023-4075 CVE-2023-4076 CVE-2023-4077 CVE-2023-4078 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html
77fc311d-7e62-11ee-8290-a8a1599412c6	chromium -- security update Chrome Releases reports: This update includes 1 security fix: [1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30 Discovery 2023-11-07 Entry 2023-11-08 chromium < 119.0.6045.123 ungoogled-chromium < 119.0.6045.123 CVE-2023-5996 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
1bc07be0-b514-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 4 security fixes: [1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06 [1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03 [1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11 Discovery 2024-01-16 Entry 2024-01-17 chromium < 120.0.6099.224 ungoogled-chromium < 120.0.6099.224 CVE-2024-0517 CVE-2024-0518 CVE-2024-0519 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
d357f6bb-0af4-4ac9-b096-eeec183ad829	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 40 security fixes: [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30 [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17 [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21 [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03 [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07 [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13 [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17 [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16 [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24 [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07 [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25 [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20 [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10 [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31 [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18 [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20 [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30 [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30 [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24 [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25 [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03 [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03 [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14 Discovery 2023-03-08 Entry 2023-03-09 chromium < 111.0.5563.64 ungoogled-chromium < 111.0.5563.64 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
4e45c45b-629e-11ee-8290-a8a1599412c6	chromium -- type confusion in v8 Chrome Releases reports: This update includes 1 security fix: [1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22 Discovery 2023-10-03 Entry 2023-10-04 chromium < 117.0.5938.149 ungoogled-chromium < 117.0.5938.149 CVE-2023-5346 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html
3d5581ff-d388-11ed-8581-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 16 security fixes: [1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08 [1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01 [1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22 [1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10 [1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18 [1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10 [1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08 [1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22 [1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24 [1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12 [1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17 [1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07 [1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by ÃªÂ°ÂÃ¬ÂÂ°Ã¬Â§Â on 2020-04-01 [1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13 Discovery 2023-04-05 Entry 2023-04-05 chromium < 112.0.5615.49 ungoogled-chromium < 112.0.5615.49 CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 6 security fixes, including: [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19 [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06 [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03 [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14 Discovery 2023-01-24 Entry 2023-01-25 chromium < 109.0.5414.119 ungoogled-chromium < 109.0.5414.119 CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
8cdd38c7-8ebb-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 7 security fixes: [1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 [1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21 [1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09 [1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13 [1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13 [1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by BenoÃÂ®t Sevens and ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2023-11-24 Discovery 2023-11-28 Entry 2023-11-29 chromium < 119.0.6045.199 ungoogled-chromium < 119.0.6045.199 qt5-webengine < 5.15.16.p5_2 qt6-webengine < 6.6.1_1 CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351 CVE-2023-6345 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
4405e9ad-97fe-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 10 security fixes: [1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31 [1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 [1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08 [1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04 [1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24 Discovery 2023-12-05 Entry 2023-12-11 chromium < 120.0.6099.62 ungoogled-chromium < 120.0.6099.62 qt5-webengine < 5.15.16.p5_2 qt6-webengine < 6.6.1_1 CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
12741b1f-04f9-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 2 security fixes: [1450481] High CVE-2023-3079: Type Confusion in V8. Reported by ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2023-06-01 Discovery 2023-06-05 Entry 2023-06-07 chromium < 114.0.5735.106 ungoogled-chromium < 114.0.5735.106 CVE-2023-3079 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
7b929503-911d-11ed-a925-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 17 security fixes, including: [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30 [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05 [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17 [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26 [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10 [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24 [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18 [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12 Discovery 2023-01-10 Entry 2023-01-10 chromium < 109.0.5414.74 ungoogled-chromium < 109.0.5414.74 CVE-2023-0128 CVE-2023-0129 CVE-2023-0130 CVE-2023-0131 CVE-2023-0132 CVE-2023-0133 CVE-2023-0134 CVE-2023-0135 CVE-2023-0136 CVE-2023-0137 CVE-2023-0138 CVE-2023-0139 CVE-2023-0140 CVE-2023-0141 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 10 security fixes: [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13 [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10 [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22 [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09 [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27 [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17 [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05 [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN Discovery 2023-02-22 Entry 2023-02-22 chromium < 110.0.5481.177 ungoogled-chromium < 110.0.5481.177 CVE-2023-0941 CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
1567be8c-0a15-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 5 security fixes: [1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01 [1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17 [1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31 [1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01 Discovery 2023-06-13 Entry 2023-06-13 chromium < 114.0.5735.133 ungoogled-chromium < 114.0.5735.133 CVE-2023-3214 CVE-2023-3215 CVE-2023-3216 CVE-2023-3217 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html
ec8e4040-afcd-11ee-86bb-a8a1599412c6	chromium -- security fix Chrome Releases reports: This update includes 1 security fix: [1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20 Discovery 2024-01-09 Entry 2024-01-10 chromium < 120.0.6099.216 ungoogled-chromium < 120.0.6099.216 CVE-2024-0333 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
83eb9374-7b97-11ed-be8f-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 8 security fixes, including: [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30 [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07 [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22 [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09 Discovery 2022-12-13 Entry 2022-12-14 chromium < 108.0.5359.124 ungoogled-chromium < 108.0.5359.124 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
5666688f-803b-4cf0-9cb1-08c088f2225a	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 26 security fixes: [1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 [1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27 [1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14 [1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18 [1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07 [1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27 [1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12 [1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31 [1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30 [1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28 [1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20 [1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09 [1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07 [1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17 [1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14 [1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23 [1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13 [1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06 [1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02 [1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26 [1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26 Discovery 2023-08-15 Entry 2023-08-17 chromium < 116.0.5845.96 ungoogled-chromium < 116.0.5845.96 CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
db33e250-74f7-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 2 security fixes: [1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18Ã¦Â¥Â¼Ã¦Â¢Â¦Ã¦ÂÂ³Ã¦ÂÂ¹Ã©ÂÂ Ã¥Â®Â¶ on 2023-10-10 Discovery 2023-10-24 Entry 2023-10-27 chromium < 118.0.5993.117 ungoogled-chromium < 118.0.5993.117 CVE-2023-5472 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html
246174d3-e979-11ed-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 15 security fixes: [1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10 [1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27 [1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06 [1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17 [1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10 [1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23 [1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10 [1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17 [1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07 [1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15 Discovery 2023-05-03 Entry 2023-05-03 chromium < 113.0.5672.63 ungoogled-chromium < 113.0.5672.63 CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
5fa332b9-4269-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 5 security fixes: [1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02 [1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 [1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06 [1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07 [1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01 Discovery 2023-08-22 Entry 2023-08-24 chromium < 116.0.5845.110 ungoogled-chromium < 116.0.5845.110 CVE-2023-4430 CVE-2023-4429 CVE-2023-4428 CVE-2023-4427 CVE-2023-4431 https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
07ee8c14-68f1-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 20 security fixes: [1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18Ã¦Â¥Â¼Ã¦Â¢Â¦Ã¦ÂÂ³Ã¦ÂÂ¹Ã©ÂÂ Ã¥Â®Â¶ on 2023-09-27 [1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17 [1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11 [1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30 [1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17 [1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28 [1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20 [1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15 [1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09 [1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02 [1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12 [1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13 [1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29 [1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18 Discovery 2023-10-10 Entry 2023-10-11 chromium < 118.0.5993.70 ungoogled-chromium < 118.0.5993.70 qt6-webengine < 6.6.1 CVE-2023-5218 CVE-2023-5487 CVE-2023-5484 CVE-2023-5475 CVE-2023-5483 CVE-2023-5481 CVE-2023-5476 CVE-2023-5474 CVE-2023-5479 CVE-2023-5485 CVE-2023-5478 CVE-2023-5477 CVE-2023-5486 CVE-2023-5473 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
90c48c04-d549-4fc0-a503-4775e32d438e	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 8 security fixes: [1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 [1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30 [1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14 [1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2023-04-12 [1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05 Discovery 2023-04-20 Entry 2023-04-20 chromium < 112.0.5615.165 ungoogled-chromium < 112.0.5615.165 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
fd87a250-ff78-11ed-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 16 security fixes: [1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25 [1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 [1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10 [1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11 [1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang NguyÃ¡Â»Ân (@quangnh89) of Viettel Cyber Security and Nguyen Phuong on 2023-05-15 [1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01 [1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27 [1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08 [1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08 [1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15 [1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24 [1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22 [1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04 Discovery 2023-05-30 Entry 2023-05-31 chromium < 114.0.5735.90 ungoogled-chromium < 114.0.5735.90 CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
6d9c6aae-5eb1-11ee-8290-a8a1599412c6	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 10 security fixes: [1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by ClÃÂ©ment Lecigne of Google's Threat Analysis Group on 2023-09-25 [1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05 [1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25 Discovery 2023-09-27 Entry 2023-09-29 chromium < 117.0.5938.132 ungoogled-chromium < 117.0.5938.132 qt6-webengine < 6.6.1 CVE-2023-5217 CVE-2023-5186 CVE-2023-5187 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
b81ad6d6-8633-11eb-99c5-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 5 security fixes, including: [1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [1181387] High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23 [1186287] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09 Discovery 2021-03-12 Entry 2021-03-16 chromium < 89.0.4389.90 CVE-2021-11191 CVE-2021-11192 CVE-2021-11193 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
3e01aad2-680e-11eb-83e2-e09467587c17	chromium -- heap buffer overflow in V8 Chrome Releases reports: [1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. Discovery 2021-02-04 Entry 2021-02-05 chromium < 88.0.4324.150 CVE-2021-21148 https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 36 security fixes, including: [1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 [1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23 [1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20 [1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21 [1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22 [1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28 [1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11 [1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23 [1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24 [1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05 [1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22 [1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12 [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15 [1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 [1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 [1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 [1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15 [1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11 [1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11 [1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11 [1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27 [1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11 [1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27 [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08 [1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20 Discovery 2021-01-19 Entry 2021-01-22 chromium < 88.0.4324.96 CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
1110e286-dc08-11ea-beed-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 15 security fixes, including: [1107433] High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 [1104046] High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10 [1108497] High CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori on 2020-07-22 [1095584] High CVE-2020-6545: Use after free in audio. Reported by Anonymous on 2020-06-16 [1100280] High CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess (any1) on 2020-06-29 [1102153] High CVE-2020-6547: Incorrect security UI in media. Reported by David Albert on 2020-07-05 [1103827] High CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research on 2020-07-09 [1105426] High CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero on 2020-07-14 [1106682] High CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17 [1107815] High CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2020-07-21 [1108518] High CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori on 2020-07-22 [1111307] High CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30 [1094235] Medium CVE-2020-6554: Use after free in extensions. Reported by Anonymous on 2020-06-12 [1105202] Medium CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos on 2020-07-13 Discovery 2020-08-10 Entry 2020-08-11 chromium < 84.0.4147.125 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
427b0f58-644c-11e8-9e1b-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 34 security fixes in this release, including: [835639] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 [840320] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 [818592] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05 [844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18 [842990] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15 [841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09 [838672] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01 [838402] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30 [826434] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27 [839960] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04 [817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28 [797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23 [823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19 [831943] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12 [835589] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21 [810220] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by Francois Lajeunesse-Robert on 2018-02-08 [805224] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24 [798222] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01 [796107] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on 2017-12-19 [837939] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28 [843022] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15 [828049] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02 [805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25 [818133] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02 [847542] Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-05-29 Entry 2018-05-30 chromium < 67.0.3396.62 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
88d00176-058e-11ea-bd1c-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: Four security issues were fixed, including: [1021723] Various fixes from internal audits, fuzzing and other initiatives Discovery 2019-11-06 Entry 2019-11-12 chromium < 78.0.3904.97 https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop.html
546d4dd4-10ea-11e9-b407-080027ef1a23	chromium -- multiple vulnerabilities Google Chrome Releases reports: 43 security fixes in this release, including: High CVE-2018-17480: Out of bounds write in V8 High CVE-2018-17481: Use after free in PDFium High CVE-2018-18335: Heap buffer overflow in Skia High CVE-2018-18336: Use after free in PDFium High CVE-2018-18337: Use after free in Blink High CVE-2018-18338: Heap buffer overflow in Canvas High CVE-2018-18339: Use after free in WebAudio High CVE-2018-18340: Use after free in MediaRecorder High CVE-2018-18341: Heap buffer overflow in Blink High CVE-2018-18342: Out of bounds write in V8 High CVE-2018-18343: Use after free in Skia High CVE-2018-18344: Inappropriate implementation in Extensions High To be allocated: Multiple issues in SQLite via WebSQL Medium CVE-2018-18345: Inappropriate implementation in Site Isolation Medium CVE-2018-18346: Incorrect security UI in Blink Medium CVE-2018-18347: Inappropriate implementation in Navigation Medium CVE-2018-18348: Inappropriate implementation in Omnibox Medium CVE-2018-18349: Insufficient policy enforcement in Blink Medium CVE-2018-18350: Insufficient policy enforcement in Blink Medium CVE-2018-18351: Insufficient policy enforcement in Navigation Medium CVE-2018-18352: Inappropriate implementation in Media Medium CVE-2018-18353: Inappropriate implementation in Network Authentication Medium CVE-2018-18354: Insufficient data validation in Shell Integration Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter Medium CVE-2018-18356: Use after free in Skia Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter Medium CVE-2018-18358: Insufficient policy enforcement in Proxy Medium CVE-2018-18359: Out of bounds read in V8 Low To be allocated: Inappropriate implementation in PDFium Low To be allocated: Use after free in Extensions Low To be allocated: Inappropriate implementation in Navigation Low To be allocated: Inappropriate implementation in Navigation Low To be allocated: Insufficient policy enforcement in Navigation Low To be allocated: Insufficient policy enforcement in URL Formatter Medium To be allocated: Insufficient policy enforcement in Payments Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-12-04 Entry 2019-01-05 chromium < 71.0.3578.80 CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
25efe05c-7ffc-11ea-b594-3065ec8fd3ec	chromium -- use after free Google Chrome Releases reports: [1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04 Discovery 2020-04-15 Entry 2020-04-16 chromium < 81.0.4044.113 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html CVE-2020-6457
6e3b700a-7ca3-11ea-b594-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: This updates includes 32 security fixes, including: [1019161] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29 [1043446] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18 [1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09 [1031479] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06 [1040755] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by MichaÅ Bentkowski of Securitum on 2020-01-10 [852645] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14 [965611] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21 [1043965] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21 [1048555] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04 [1032158] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09 [1034519] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16 [639173] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19 [714617] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24 [868145] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26 [894477] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11 [959571] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04 [1013906] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12 [1040080] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08 [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17 [933171] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 [933172] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18 [991217] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06 [1037872] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26 Discovery 2020-04-07 Entry 2020-04-12 chromium < 81.0.4044.92 CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
d153c4d2-50f8-11eb-8046-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 16 security fixes, including: [1148749] High CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-11-13 [1153595] High CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30 [1155426] High CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-04 [1152334] High CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24 [1152451] High CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous on 2020-11-24 [1149125] High CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz on 2020-11-15 [1151298] High CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20 [1155178] High CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu on 2020-12-03 [1148309] High CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis on 2020-11-12 [1150065] High CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17 [1157790] High CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2020-12-11 [1157814] High CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11 [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-11-19 Discovery 2021-01-06 Entry 2021-01-07 chromium < 87.0.4280.141 CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
01ffd06a-36ed-11eb-b655-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 8 security fixes, including: [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26 [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14 [1149177] High CVE-2020-16039: Use after free in extensions. Reported by Anonymous on 2020-11-15 [1150649] High CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19 [1151865] Medium CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23 [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by AndrÃ© Bargull on 2020-11-2 Discovery 2020-12-02 Entry 2020-12-05 chromium < 87.0.4280.88 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
e68d3db1-fd04-11ea-a67f-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release fixes 10 security issues, including: [1100136] High CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous on 2020-06-28 [1114636] High CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-10 [1121836] High CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-26 [1113558] High CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06 [1126249] High CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-09-08 [1113565] Medium CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-08-06 [1121414] Low CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-08-25 Discovery 2020-09-21 Entry 2020-09-22 chromium < 85.0.4183.121 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
d4fc4599-8f75-11e9-8d9f-3065ec8fd3ec	chromium -- use after free Google Chrome Releases reports: [961413] High CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE Anonymous Bug Bounties https://bugfense.io on 2019-05-09 Discovery 2019-05-09 Entry 2019-06-15 chromium < 75.0.3770.90 https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html CVE-2019-5842
d73bc4e6-e7c4-11ea-a878-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 20 security fixes, including: [1109120] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24 [1116706] High CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15 [1108181] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22 [932892] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16 [1086845] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27 [1104628] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12 [841622] Medium CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani on 2018-05-10 [1029907] Medium CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-12-02 [1065264] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27 [937179] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01 [1092451] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08 [995732] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20 [1084699] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19 [1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora on 2020-05-21 Discovery 2020-08-25 Entry 2020-08-26 chromium < 85.0.4183.83 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
9cb57a06-7517-11ea-b594-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: This update contains 8 security fixes. [1062247] High CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-17 [1061018] High CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-12 [1059764] High CVE-2020-6452: Heap buffer overflow in media Reported by asnine on 2020-03-09 [1066247] Various fixes from internal audits, fuzzing and other initiatives. Discovery 2020-03-31 Entry 2020-04-02 chromium < 80.0.3987.162 https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html CVE-2020-6450 CVE-2020-6451 CVE-2020-6452
a2caf7bd-a719-11ea-a857-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. [1082105] High CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 [1083972] High CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen on 2020-05-18 [1072116] High CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-18 [1085990] High CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani on 2020-05-24 Discovery 2020-06-03 Entry 2020-06-05 chromium < 83.0.4103.97 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
870d59b0-c6c4-11ea-8015-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update contains 38 security fixes, including: [1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 [1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24 [1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20 [1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04 [1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30 [1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14 [1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08 [1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16 [986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20 [1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25 [1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08 [1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27 [1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13 [1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08 [1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12 [1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05 [1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24 [992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10 [1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22 [978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26 [1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21 [1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17 [1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11 [1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20 [1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22 [1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09 Discovery 2020-07-14 Entry 2020-07-15 chromium < 84.0.4147.89 CVE-2020-6528 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
9a447f78-d0f8-11ea-9837-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update contains 8 security fixes, including: [1105318] High CVE-2020-6537: Type Confusion in V8. Reported by Alphalaab on 2020-07-14 [1096677] High CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-18 [1104061] High CVE-2020-6532: Use after free in SCTP. Reported by Anonymous on 2020-07-09 [1105635] High CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau on 2020-07-14 [1105720] High CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15 [1106773] High CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17 Discovery 2020-07-27 Entry 2020-07-28 chromium < 84.0.4147.105 CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
64988354-0889-11eb-a01b-e09467587c17	chromium -- multiple vulnerabilities Chrome releases reports: This release contains 35 security fixes, including: [1127322] Critical CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11 [1126424] High CVE-2020-15968: Use after free in Blink. Reported by Anonymous on 2020-09-09 [1124659] High CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous on 2020-09-03 [1108299] High CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab on 2020-07-22 [1114062] High CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-08-07 [1115901] High CVE-2020-15972: Use after free in audio. Reported by Anonymous on 2020-08-13 [1133671] High CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30 [1133688] High CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2020-09-30 [1106890] Medium CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-17 [1104103] Medium CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im (junorouse) of Theori on 2020-07-10 [1110800] Medium CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous on 2020-07-29 [1123522] Medium CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on 2020-08-31 [1083278] Medium CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann (NDS Ruhr-University Bochum) on 2020-05-15 [1097724] Medium CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on 2020-06-22 [1116280] Medium CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera (@lbherrera_) on 2020-08-14 [1127319] Medium CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on 2020-09-11 [1092453] Medium CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08 [1123023] Medium CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin on 2020-08-28 [1039882] Medium CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera (@lbherrera_) on 2020-01-07 [1076786] Medium CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-30 [1080395] Medium CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora on 2020-05-07 [1099276] Medium CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2020-06-25 [1100247] Medium CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero on 2020-06-29 [1127774] Medium CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke on 2020-09-14 [1110195] Medium CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-28 [1092518] Low CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard on 2020-06-08 [1108351] Low CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans (Microsoft) on 2020-07-22 Discovery 2020-10-06 Entry 2020-10-07 chromium < 86.0.4240.75 CVE-2020-6557 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
bed5d41a-f2b4-11ea-a878-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 5 security fixes: [1116304] High CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-08-14 [1102196] High CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs on 2020-07-05 [1081874] High CVE-2020-6575: Race in Mojo. Reported by Microsoft on 2020-05-12 [1111737] High CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31 [1122684] High CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft on 2020-08-27 Discovery 2020-09-08 Entry 2020-09-09 chromium < 85.0.4183.102 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 CVE-2020-15969 https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html
3ae21918-31e3-11e8-927b-e8e0b747a45a	chromium -- vulnerability Google Chrome Releases reports: 1 security fix in this release, including: [823553] Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-03-20 Entry 2018-03-27 chromium < 65.0.3325.181 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html
006bee4e-4c49-11e8-9c32-54ee754af08e	chromium -- vulnerability Google Chrome Releases reports: 3 security fixes in this release: [831963] Critical CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson on 2018-04-12 [837635] Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-04-12 Entry 2018-04-30 chromium < 66.0.3359.139 CVE-2018-6118 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html
64575bb6-e188-11ea-beed-e09467587c17	chromium -- heap buffer overflow Chrome Releases reports: This release contains one security fix: [1115345] High CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-08-12 Discovery 2020-08-18 Entry 2020-08-18 chromium < 84.0.4147.135 CVE-2020-6556 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html
b9c525d9-9198-11e8-beba-080027ef1a23	chromium -- multiple vulnerabilities Google Chrome Releases reports: 42 security fixes in this release, including: [850350] High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 [848914] High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 [842265] High CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-11 [841962] High CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10 [840536] High CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-07 [812667] Medium CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu on 2018-02-15 [805905] Medium CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu on 2018-01-25 [805445] Medium CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu on 2018-01-24 [841280] Medium CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin, Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-09 [837275] Medium CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-04-26 [839822] Medium CVE-2018-6160: URL spoof in Chrome on iOS. Reported by evi1m0 of Bilibili Security Team on 2018-05-04 [826552] Medium CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu (@shhnjk) on 2018-03-27 [804123] Medium CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair on 2018-01-21 [849398] Medium CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-06-04 [848786] Medium CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-06-01 [847718] Medium CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-05-30 [835554] Medium CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-21 [833143] Medium CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-15 [828265] Medium CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang of Princeton University, Frank Li of UC Berkeley on 2018-04-03 [394518] Medium CVE-2018-6169: Permissions bypass in extension installation. Reported by Sam P on 2014-07-16 [862059] Medium CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous on 2018-07-10 [851799] Medium CVE-2018-6171: Use after free in WebBluetooth. Reported by amazon@mimetics.ca on 2018-06-12 [847242] Medium CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-05-28 [836885] Medium CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-04-25 [835299] Medium CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-04-20 [826019] Medium CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-26 [666824] Medium CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn of Google Project Zero on 2016-11-18 [826187] Low CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas (Imperva) on 2018-03-27 [823194] Low CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani on 2018-03-19 [816685] Low CVE-2018-6179: Local file information leak in Extensions. Reported by Anonymous on 2018-02-26 [797461] Low CVE-2018-6044: Request privilege escalation in Extensions. Reported by Wob Wu on 2017-12-23 [791324] Low CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - @AhsanEjazA on 2017-12-03 [866821] Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-07-24 Entry 2018-07-27 chromium < 68.0.3440.75 CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6160 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
4cb49a23-6c89-11e8-8b33-e8e0b747a45a	chromium -- Incorrect handling of CSP header Google Chrome Releases reports: 1 security fix contributed by external researchers: [845961] High CVE-2018-6148: Incorrect handling of CSP header. Reported by Michal Bentkowski on 2018-05-23 Discovery 2018-06-06 Entry 2018-06-10 chromium < 67.0.3396.79 CVE-2018-6148 https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html
6a5d15b6-b661-11ea-8015-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update includes 2 security fixes, including: [1092308] High CVE-2020-6509: Use after free in extensions. Reported by Anonymous on 2020-06-08 Discovery 2020-06-22 Entry 2020-06-24 chromium < 83.0.4103.116 CVE-2020-6509 https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
36ff7a74-47b1-11e8-a7d6-54e1ad544088	chromium -- vulnerability Google Chrome Releases reports: 62 security fixes in this release: [826626] Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 [827492] Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 [813876] High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20 [822091] High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15 [808838] High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04 [820913] High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12 [771933] High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05 [819869] High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08 [780435] Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01 [633030] Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01 [637098] Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11 [776418] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19 [806162] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26 [798892] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03 [808825] Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03 [811117] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11 [813540] Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19 [813814] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20 [816033] Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24 [820068] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08 [803571] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18 [805729] Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25 [808316] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02 [816769] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27 [710190] Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10 [777737] Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24 [780694] Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02 [798096] Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29 [805900] Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25 [811691] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13 [819809] Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07 [822266] Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15 [822465] Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15 [822424] Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15 Discovery 2017-04-10 Entry 2018-04-24 chromium < 66.0.3359.117 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6115 CVE-2018-6116 CVE-2018-6117 CVE-2018-6084
e457978b-5484-11e8-9b85-54ee754af08e	chromium -- multiple vulnerabilities Google Chrome Releases reports: 4 security fixes in this release: [835887] Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23 [836858] High CVE-2018-6121: Privilege Escalation in extensions [836141] High CVE-2018-6122: Type confusion in V8 [833721] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17 [841841] Various fixes from internal audits, fuzzing and other initiatives Discovery 2018-04-14 Entry 2018-05-11 chromium < 66.0.3359.170 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html
720590df-10eb-11e9-b407-080027ef1a23	chromium -- Use after free in PDFium Google Chrome Releases reports: 1 security fix contributed by external researches: High CVE-2018-17481: Use after free in PDFium Discovery 2018-12-12 Entry 2019-01-05 chromium < 71.0.3578.98 CVE-2018-17481 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html
479fdfda-6659-11eb-83e2-e09467587c17	www/chromium -- multiple vulnerabilities Chrome Releases reports: This update include 6 security fixes: 1169317] Critical CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani on 2021-01-21 [1163504] High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker and Alex Morgan of MU on 2021-01-06 [1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07 [1154965] High CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03 [1161705] High CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24 [1162942] Medium CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov on 2021-01-04 Discovery 2021-02-02 Entry 2021-02-03 chromium < 88.0.4324.146 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
f4722927-1375-11eb-8711-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 5 security fixes: [1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06 [1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05 [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-10-13 [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero on 2020-10-19 [1134960] Medium CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani on 2020-10-04 Discovery 2020-10-20 Entry 2020-10-21 chromium < 86.0.4240.111 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
48514901-711d-11eb-9846-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 10 security fixes, including: [1138143] High CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14 [1172192] High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29 [1165624] High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12 [1166504] High CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14 [1155974] High CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge of ERNW GmbH on 2020-12-06 [1173269] High CVE-2021-21154: Heap buffer overflow in Tab Strip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01 [1175500] High CVE-2021-21155: Heap buffer overflow in Tab Strip. Reported by Khalil Zhani on 2021-02-07 [1177341] High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11 [1170657] Medium CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous on 2021-01-26 Discovery 2021-02-16 Entry 2021-02-17 chromium < 88.0.4324.182 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 10 security fixes, including: [1138911] High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15 [1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16 [1133527] High CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks on 2020-09-29 [1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04 [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev on 2020-10-01 [1143772] High CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel GroÃ of Google Project Zero on 2020-10-29 [1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01 There are reports that an exploit for CVE-2020-16009 exists in the wild. Discovery 2020-11-02 Entry 2020-11-03 chromium < 86.0.4240.183 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
38c676bd-9def-11ea-a94c-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: This release includes 38 security fixes, including CVEs CVE-2020-6465 through CVE-2020-6491. Discovery 2020-05-19 Entry 2020-05-24 chromium < 83.0.4103.61 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
52f4b48b-4ac3-11e7-99aa-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome releases reports: 30 security fixes in this release Please reference CVE/URL list for details Discovery 2017-06-05 Entry 2017-06-06 chromium chromium-pulse < 59.0.3071.86 CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073 CVE-2017-5074 CVE-2017-5075 CVE-2017-5086 CVE-2017-5076 CVE-2017-5077 CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081 CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
3cac007f-b27e-11eb-97a0-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 19 security fixes, including: [1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19 [1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14 [1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02 [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06 [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09 [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg on 2021-04-10 [1200019] High CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17 [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19 [1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20 [1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21 [1201446] High CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song on 2021-04-22 [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27 [1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28 [1194058] Medium CVE-2021-30519: Use after free in Payments. Reported by asnine on 2021-03-30 [1193362] Medium CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-03 Discovery 2021-05-10 Entry 2021-05-11 chromium < 90.0.4430.212 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
ae9cb9b8-a203-11e6-a265-3065ec8fd3ec	chromium -- out-of-bounds memory access Google Chrome Releases reports: [659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative. Discovery 2016-11-01 Entry 2016-11-03 chromium chromium-npapi chromium-pulse < 54.0.2840.90 CVE-2016-5198 https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html
9c135c7e-9fa4-11e6-a265-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 3 security fixes in this release, including: [642496] High CVE-2016-5177: Use after free in V8. Credit to Anonymous [651092] CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. Discovery 2016-09-29 Entry 2016-10-31 chromium chromium-npapi chromium-pulse < 53.0.2785.143 CVE-2016-5177 CVE-2016-5178 https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html
674ed047-be0a-11eb-b927-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 32 security fixes, including: [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13 [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09 [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13 [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08 [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11 [1198717] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13 [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15 [1206329] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06 [1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02 [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21 [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12 [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18 [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04 [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20 [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01 [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03 [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31 [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06 [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11 [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05 [1184147] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03 Discovery 2021-05-25 Entry 2021-05-26 chromium < 91.0.4472.77 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528 CVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532 CVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-21212 CVE-2021-30536 CVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540 https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
d59ebed4-34be-11e6-be25-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 3 security fixes in this release, including: [620742] CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. Discovery 2016-06-16 Entry 2016-06-17 chromium chromium-npapi chromium-pulse < 51.0.2704.103 CVE-2016-1704 https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html
7d138476-7710-11e7-88a1-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome releases reports: 40 security fixes in this release Please reference CVE/URL list for details Discovery 2017-07-25 Entry 2017-08-01 chromium chromium-pulse < 60.0.3112.78 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-7000 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
f53dd5cc-527f-11e7-a772-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome releases reports: 5 security fixes in this release, including: [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22 [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06 [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michal Bentkowski on 2017-04-21 [732498] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-06-15 Entry 2017-06-16 chromium chromium-pulse < 59.0.3071.104 CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
769ba449-79e1-11e6-bf75-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 33 security fixes in this release Please reference CVE/URL list for details Discovery 2016-08-31 Entry 2016-09-13 chromium chromium-npapi chromium-pulse < 53.0.2785.92 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2016-5167 https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html
6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 48 security fixes in this release, including: [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone [605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives. Discovery 2016-07-20 Entry 2016-07-22 chromium chromium-npapi chromium-pulse < 52.0.2743.82 CVE-2016-1705 CVE-2016-1706 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html
82894193-ffd4-11e7-8b91-e8e0b747a45a	chromium -- out of bounds read Google Chrome Releases reports: 1 security fix in this release, including: [782145] High CVE-2017-15428: Out of bounds read in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-11-07 Discovery 2017-11-13 Entry 2018-01-23 chromium < 62.0.3202.94 CVE-2017-15428 https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
92e345d0-304d-11e7-8359-e8e0b747a45a	chromium -- race condition vulnerability Google Chrome Releases reports: 1 security fix in this release: [679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke Discovery 2017-05-02 Entry 2017-05-03 chromium < 58.0.3029.96 CVE-2017-5068 https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
1ba21ff1-e672-11eb-a686-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 8 security fixes, including: [1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11 [1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31 [1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12 [1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14 [1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15 [1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12 [1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17 Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild. Discovery 2021-07-15 Entry 2021-07-16 chromium < 91.0.4472.164 CVE-2021-30541 CVE-2021-30559 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564 https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
20b3ab21-c9df-11eb-8558-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 14 security fixes, including: [1212618] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24 [1201031] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21 [1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08 [1210414] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18 [1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18 [1212498] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23 [1212500] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23 [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04 [1200679] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20 [1209769] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17 Google is aware that an exploit for CVE-2021-30551 exists in the wild. Discovery 2021-06-10 Entry 2021-06-10 chromium < 91.0.4472.101 CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
a505d397-0758-11e7-8d8b-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 36 security fixes in this release Please reference CVE/URL list for details Discovery 2017-03-09 Entry 2017-03-12 chromium chromium-npapi chromium-pulse < 57.0.2987.98 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
958b9cee-79da-11e6-bf75-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 10 security fixes in this release, including: [629542] High CVE-2016-5141 Address bar spoofing. Credit to anonymous [626948] High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous [625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealien [619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu of Tencent's Xuanwu LAB [623406] Medium CVE-2016-5145 Same origin bypass for images in Blink. Credit to anonymous [619414] Medium CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal [618333] Medium CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal [633486] CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. Discovery 2016-08-03 Entry 2016-09-13 chromium chromium-npapi chromium-pulse < 52.0.2743.116 CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 CVE-2016-5145 CVE-2016-5146 https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html
abfc932e-1ba8-11e8-a944-54ee754af08e	chromium -- vulnerability Google Chrome Releases reports: 1 security fix in this release: [806388] High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26 Discovery 2018-01-26 Entry 2018-02-27 chromium < 64.0.3282.167 CVE-2018-6056 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html
7c0d71a9-9d48-11eb-97a0-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains two security fixes: [1196781] High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07 [1196683] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_) and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07> Discovery 2021-04-13 Entry 2021-04-14 chromium < 89.0.4389.128 CVE-2021-21206 CVE-2021-21220 https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
95a74a48-2691-11e7-9e2d-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 29 security fixes in this release, including: [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360 [694382] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani [684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah) [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University) [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman [713205] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-04-19 Entry 2017-04-21 chromium chromium-pulse < 58.0.3029.81 CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
555af074-22b9-11e8-9799-54ee754af08e	chromium -- vulnerability Google Chrome Releases reports: 45 security fixes in this release: [758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 [758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25 [780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02 [794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12 [780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31 [789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30 [792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07 [798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03 [808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01 [799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05 [779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30 [779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30 [799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08 [668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25 [777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23 [791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01 [804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20 [809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06 [608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03 [758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24 [778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26 [793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10 [788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24 [792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05 [797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24 [767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21 [771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04 Discovery 2016-05-03 Entry 2018-03-08 chromium < 65.0.3325.146 CVE-2017-11215 CVE-2017-11225 CVE-2018-6060 CVE-2018-6061 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6057 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
7cf058d8-158d-11e7-ba2c-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 5 security fixes in this release, including: [698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar [699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs [662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin [705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous [702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587) Discovery 2017-03-29 Entry 2017-03-30 chromium chromium-npapi chromium-pulse < 57.0.2987.133 CVE-2017-5055 CVE-2017-5054 CVE-2017-5052 CVE-2017-5056 CVE-2017-5053 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
76487640-ea29-11eb-a686-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 35 security fixes, including: ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19 [1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26 [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20 [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15 [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11 [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03 [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28 [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06 [1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08 [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26 [1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01 [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01 [1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21 [1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10 [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17 [1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31 [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05 [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17 [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26 [1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11 [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21 [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30 [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04 [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20 Discovery 2021-07-20 Entry 2021-07-21 chromium < 92.0.4515.107 CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568 CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573 CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577 CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581 CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585 CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589 https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
9118961b-9fa5-11e6-a265-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 21 security fixes in this release, including: [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN [645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous [630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous [621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer [639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent's Xuanwu Lab [644963] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab) [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes [642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96) [654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives Discovery 2016-10-12 Entry 2016-10-31 chromium chromium-npapi chromium-pulse < 54.0.2840.59 CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html
f3d86439-9def-11eb-97a0-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 37 security fixes, including: [1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 [1188889] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16 [1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24 [1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19 [1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12 [1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02 [1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08 [1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07 [1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29 [1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04 [1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08 [1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03 [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25 [1170148] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24 [1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30 [1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02 [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14 [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14 [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15 Discovery 2021-04-14 Entry 2021-04-15 chromium < 90.0.4430.72 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
1d951e85-ffdb-11e7-8b91-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 37 security fixes in this release, including: [778505] Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson on 2017-10-26 [762374] High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-09-06 [763972] High CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous on 2017-09-11 [765921] High CVE-2017-15410: Use after free in PDFium. Reported by Luat Nguyen of KeenLab, Tencent on 2017-09-16 [770148] High CVE-2017-15411: Use after free in PDFium. Reported by Luat Nguyen of KeenLab, Tencent on 2017-09-29 [727039] High CVE-2017-15412: Use after free in libXML. Reported by Nick Wellnhofer on 2017-05-27 [766666] High CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd. on 2017-09-19 [765512] Medium CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15 [779314] Medium CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson on 2017-10-28 [699028] Medium CVE-2017-15417: Cross origin information disclosure in Skia. Reported by Max May on 2017-03-07 [765858] Medium CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-09-15 [780312] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu on 2017-10-31 [777419] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-23 [774382] Medium CVE-2017-15422: Integer overflow in ICU. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13 [780484] Medium CVE-2017-15430: Unsafe navigation in Chromecast Plugin. Reported by jinmo123 on 2017-01-11 [778101] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson on 2017-10-25 [756226] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani on 2017-08-16 [756456] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-17 [757735] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-18 [768910] Low CVE-2017-15427: Insufficient blocking of Javascript in Omnibox. Reported by Junaid Farhan on 2017-09-26 [792099] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-12-06 Entry 2018-01-23 chromium < 63.0.3239.84 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15430 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
8e986b2b-1baa-11e8-a944-54ee754af08e	chromium -- multiple vulnerabilities Google Chrome Releases reports: Several security fixes in this release, including: [780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 [787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20 [793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09 [784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12 [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23 [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23 [753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09 [774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12 [775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17 [778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26 [760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29 [773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12 [785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16 [797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23 [798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31 [799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08 [763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08 [771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05 [774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13 [774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15 [441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11 [615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28 [758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23 [797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24 Discovery 2017-08-09 Entry 2018-02-27 chromium < 64.0.3282.119 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2017-15420 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
a3473f5a-a739-11e6-afaa-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 4 security fixes in this release, including: [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta [658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives Discovery 2016-11-09 Entry 2016-11-10 chromium chromium-npapi chromium-pulse < 54.0.2840.100 CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html
917e5519-9fdd-11e7-8b58-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome releases reports: 3 security fixes in this release, including: [765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14 [752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04 [767508] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-09-21 Entry 2017-09-22 chromium < 61.0.3163.100 CVE-2017-5121 CVE-2017-5122 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
a692bffe-b6ad-11e7-a1c2-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 35 security fixes in this release, including: [762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 [749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 [760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-08-30 [765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-09-14 [765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14 [765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15 [718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd. on 2017-05-05 [722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde on 2017-05-14 [744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16 [762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05 [752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03 [756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu on 2017-08-16 [756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17 [739621] Medium CVE-2017-15389: URL spoofing in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06 [750239] Medium CVE-2017-15390: URL spoofing in Omnibox. Reported by Haosheng Wang on 2017-07-28 [598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by Joao Lucas Melo Brasio on 2016-03-28 [714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu on 2017-04-22 [732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13 [745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam on 2017-07-18 [759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman on 2017-08-28 [775550] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-10-17 Entry 2017-10-21 chromium < 62.0.3202.62 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5132 CVE-2017-5130 CVE-2017-5131 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
f00b65d8-7ccb-11eb-b3be-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. Please see URL for details. Discovery 2021-03-02 Entry 2021-03-04 chromium < 89.0.4389.72 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21164 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2020-27844 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
cb13a765-a277-11eb-97a0-e09467587c17	chromium -- multiple vulnerabilities Chrome Reelases reports: This release includes 7 security fixes, including: 1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 [1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02 [1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05 [1195977] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05 [1197904] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11 Discovery 2021-04-20 Entry 2021-04-21 chromium < 90.0.4430.85 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
e264e74e-ffe0-11e7-8b91-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 2 security fixes in this release, including: [788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24 [794792] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-12-14 Entry 2018-01-23 chromium < 63.0.3239.108 CVE-2017-15429 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
afdc7579-d023-11eb-bcad-3065ec8fd3ec	chromium -- multiple vulnerabilities Chrome Releases reports: This release includes 4 security fixes, including: [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15 [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01 [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24 [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23 Discovery 2021-06-17 Entry 2021-06-18 chromium < 91.0.4472.114 CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
653a8059-7c49-11e6-9242-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: Several security fixes in this release, including: [641101] High CVE-2016-5170: Use after free in Blink.Credit to Anonymous [643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous [616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han [468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous [579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team [646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. Discovery 2016-09-13 Entry 2016-09-16 chromium chromium-npapi chromium-pulse < 53.0.2785.113 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_13.html
603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec	chromium -- multiple vulnerabilities Google Chrome Releases reports: 36 security fixes in this release Please reference CVE/URL list for details Discovery 2016-12-01 Entry 2016-12-05 chromium chromium-npapi chromium-pulse < 55.0.2883.75 CVE-2016-9651 CVE-2016-5208 CVE-2016-5207 CVE-2016-5206 CVE-2016-5205 CVE-2016-5204 CVE-2016-5209 CVE-2016-5203 CVE-2016-5210 CVE-2016-5212 CVE-2016-5211 CVE-2016-5213 CVE-2016-5214 CVE-2016-5216 CVE-2016-5215 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5220 CVE-2016-5222 CVE-2016-9650 CVE-2016-5223 CVE-2016-5226 CVE-2016-5225 CVE-2016-5224 CVE-2016-9652 https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html
f8e72cd4-c66a-11e7-bb17-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 2 security fixes in this release, including: [777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24 [776677] High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-10-20 Discovery 2017-11-06 Entry 2017-11-10 chromium < 62.0.3202.89 CVE-2017-15398 CVE-2017-15399 https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
9fba80e0-a771-11eb-97a0-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This release contains 9 security fixes, including: [1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15 [1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05 [1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair on 2021-02-26 [1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16 [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12 [1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13 [1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-04-13 Discovery 2021-04-26 Entry 2021-04-27 chromium < 90.0.4430.93 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
4b9ca994-e3d9-11e6-813d-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome Releases reports: 51 security fixes in this release Please reference CVE/URL list for details Discovery 2017-01-25 Entry 2017-01-26 chromium chromium-npapi chromium-pulse < 56.0.2924.76 CVE-2017-5007 CVE-2017-5006 CVE-2017-5008 CVE-2017-5010 CVE-2017-5011 CVE-2017-5009 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5019 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-2020 CVE-2017-2021 CVE-2017-2022 CVE-2017-2023 CVE-2017-2024 CVE-2017-2025 CVE-2017-2026 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
3cd46257-bbc5-11e7-a3bc-e8e0b747a45a	chromium -- Stack overflow in V8 Google Chrome Releases reports: 2 security fixes in this release, including: [770452] High CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30 [770450] Medium CVE-2017-15406: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30 Discovery 2017-10-26 Entry 2017-10-28 Modified 2018-01-23 chromium < 62.0.3202.75 CVE-2017-15396 CVE-2017-15406 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
e1100e63-92f7-11e7-bd95-e8e0b747a45a	chromium -- multiple vulnerabilities Google Chrome releases reports: 22 security fixes in this release, including: [737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27 [740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10 [747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20 [752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07 [744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17 [759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28 [739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein on 2017-07-04 [747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24 [725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22 [718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu on 2017-05-05 [762099] Various fixes from internal audits, fuzzing and other initiatives Discovery 2017-09-05 Entry 2017-09-06 chromium < 61.0.3163.79 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
bddadaa4-9227-11eb-99c5-e09467587c17	chromium -- multiple vulnerabilities Chrome Releases reports: This update contains 8 security fixes, including: [1181228] High CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23 [1182647] High CVE-2021-21195: Use after free in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-02-26 [1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-02-08 [1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03 [1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand of Google Project Zero on 2021-03-03 [1179635] High CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras Discovery 2021-03-31 Entry 2021-03-31 chromium < 89.0.4389.114 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
814af1be-ec63-11ee-8e76-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 7 security fixes: [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03 [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21 Discovery 2024-03-26 Entry 2024-03-27 chromium < 123.0.6312.86 ungoogled-chromium < 123.0.6312.86 CVE-2024-2883 CVE-2024-2885 CVE-2024-2886 CVE-2024-2887 https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
dc9e5237-c197-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 4 security fixes: [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29 [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13 Discovery 2024-01-30 Entry 2024-02-02 chromium < 121.0.6167.139 ungoogled-chromium < 121.0.6167.139 qt5-webengine < 5.15.16.p5_5 qt6-webengine < 6.6.1_5 CVE-2024-1060 CVE-2024-1059 CVE-2024-1077 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
4edbea45-cb0c-11ee-86bb-a8a1599412c6	chromium -- security fix Chrome Releases reports: This update includes 1 security fix. Discovery 2024-02-13 Entry 2024-02-14 chromium < 121.0.6167.184 ungoogled-chromium < 121.0.6167.184 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
31bb1b8d-d6dc-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 4 security fixes: [324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 [323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05 Discovery 2024-02-27 Entry 2024-02-29 chromium < 122.0.6261.94 ungoogled-chromium < 122.0.6261.94 CVE-2024-1938 CVE-2024-1939 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
fd3401a1-b6df-4577-917a-2c22fee99d34	chromium -- multiple security fixes Chrome Releases reports: This update includes 3 security fixes: [325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 [325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19 [325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20 Discovery 2024-03-05 Entry 2024-03-06 chromium < 122.0.6261.111 ungoogled-chromium < 122.0.6261.111 CVE-2024-2173 CVE-2024-2174 CVE-2024-2176 https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
80815c47-e84f-11ee-8e76-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 12 security fixes: [327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01 [40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22 [41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21 [41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03 [41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02 [41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07 [41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29 Discovery 2024-03-19 Entry 2024-03-22 chromium < 123.0.6312.58 ungoogled-chromium < 123.0.6312.58 CVE-2024-2625 CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2629 CVE-2024-2630 CVE-2024-2631 https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
2a470712-d351-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 12 security fixes: [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06 [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03 [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19 [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11 [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27 [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by BartÃÂomiej Wacko on 2023-12-21 [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21 Discovery 2024-02-20 Entry 2024-02-24 chromium < 122.0.6261.57 ungoogled-chromium < 122.0.6261.57 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
19047673-c680-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 3 security fixes: [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25 [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25 Discovery 2024-02-06 Entry 2024-02-08 chromium < 121.0.6167.160 ungoogled-chromium < 121.0.6167.160 qt5-webengine < 5.15.16.p5_5 qt6-webengine < 6.6.1_5 CVE-2024-1284 CVE-2024-1283 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
72d6d757-c197-11ee-86bb-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 17 security fixes: [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24 [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26 [1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11 [1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30 [1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18Ã¦Â¥Â¼Ã¦Â¢Â¦Ã¦ÂÂ³Ã¦ÂÂ¹Ã©ÂÂ Ã¥Â®Â¶ on 2023-11-25 [1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01 [1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03 [1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21 [1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31 Discovery 2024-01-23 Entry 2024-02-02 chromium < 121.0.6167.85 ungoogled-chromium < 121.0.6167.85 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814 CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811 CVE-2024-0809 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html