VuXML ID | Description |
2f22927f-26ea-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 20 security fixes:
- [1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12
- [1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23
- [1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09
- [1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02
- [1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31
- [1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01
- [1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29
- [1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19
- [1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19
- [1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18
- [1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06
Discovery 2023-07-19 Entry 2023-07-20 chromium
< 115.0.5790.98
ungoogled-chromium
< 115.0.5790.98
CVE-2023-3727
CVE-2023-3728
CVE-2023-3730
CVE-2023-3732
CVE-2023-3733
CVE-2023-3734
CVE-2023-3735
CVE-2023-3736
CVE-2023-3737
CVE-2023-3738
CVE-2023-3740
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html
|
07ee8c14-68f1-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 20 security fixes:
- [1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦æ³æ¹é 家 on 2023-09-27
- [1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17
- [1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11
- [1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30
- [1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17
- [1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28
- [1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20
- [1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15
- [1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09
- [1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02
- [1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12
- [1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13
- [1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29
- [1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18
Discovery 2023-10-10 Entry 2023-10-11 chromium
< 118.0.5993.70
ungoogled-chromium
< 118.0.5993.70
qt6-webengine
< 6.6.1
CVE-2023-5218
CVE-2023-5487
CVE-2023-5484
CVE-2023-5475
CVE-2023-5483
CVE-2023-5481
CVE-2023-5476
CVE-2023-5474
CVE-2023-5479
CVE-2023-5485
CVE-2023-5478
CVE-2023-5477
CVE-2023-5486
CVE-2023-5473
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
|
19047673-c680-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 3 security fixes:
- [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
- [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25
Discovery 2024-02-06 Entry 2024-02-08 chromium
< 121.0.6167.160
ungoogled-chromium
< 121.0.6167.160
qt5-webengine
< 5.15.16.p5_5
qt6-webengine
< 6.6.1_5
CVE-2024-1284
CVE-2024-1283
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
|
502c9f72-99b3-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 9 security fixes:
- [1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10
- [1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14
- [1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23
- [1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28
- [1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09
- [1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21
Discovery 2023-12-12 Entry 2023-12-13 chromium
< 120.0.6099.109
ungoogled-chromium
< 120.0.6099.109
CVE-2023-6702
CVE-2023-6703
CVE-2023-6704
CVE-2023-6705
CVE-2023-6706
CVE-2023-6707
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
|
8cdd38c7-8ebb-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 7 security fixes:
- [1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10
- [1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21
- [1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09
- [1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13
- [1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13
- [1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group on 2023-11-24
Discovery 2023-11-28 Entry 2023-11-29 chromium
< 119.0.6045.199
ungoogled-chromium
< 119.0.6045.199
qt5-webengine
< 5.15.16.p5_2
qt6-webengine
< 6.6.1_1
CVE-2023-6348
CVE-2023-6347
CVE-2023-6346
CVE-2023-6350
CVE-2023-6351
CVE-2023-6345
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
|
72d6d757-c197-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 17 security fixes:
- [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19
- [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24
- [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26
- [1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11
- [1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30
- [1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦æ³æ¹é 家 on 2023-11-25
- [1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01
- [1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03
- [1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21
- [1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31
Discovery 2024-01-23 Entry 2024-02-02 chromium
< 121.0.6167.85
ungoogled-chromium
< 121.0.6167.85
CVE-2024-0812
CVE-2024-0808
CVE-2024-0810
CVE-2024-0814
CVE-2024-0813
CVE-2024-0806
CVE-2024-0805
CVE-2024-0804
CVE-2024-0811
CVE-2024-0809
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
|
88754d55-521a-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 16 security fixes:
- [1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoüs Munk School on 2023-09-06
- [1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06
- [1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29
- [1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14
- [1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18
- [1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09
- [1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29
- [1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30
- [1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04
- [1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06
- [1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09
Discovery 2023-09-12 Entry 2023-09-13 chromium
< 117.0.5938.62
ungoogled-chromium
< 117.0.5938.62
CVE-2023-4863
CVE-2023-4900
CVE-2023-4901
CVE-2023-4902
CVE-2023-4903
CVE-2023-4904
CVE-2023-4905
CVE-2023-4906
CVE-2023-4907
CVE-2023-4908
CVE-2023-4909
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
|
df0a2fd1-4c92-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 4 security fixes:
- [1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28
- [1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16
- [1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03
- [1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20
Discovery 2023-09-05 Entry 2023-09-06 chromium
< 116.0.5845.179
ungoogled-chromium
< 116.0.5845.179
CVE-2023-4761
CVE-2023-4762
CVE-2023-4763
CVE-2023-4764
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
|
ad05a737-14bd-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 4 security fixes:
- [1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07
- [1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22
- [1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01
Discovery 2023-06-26 Entry 2023-06-27 chromium
< 114.0.5735.198
ungoogled-chromium
< 114.0.5735.198
CVE-2023-3420
CVE-2023-3421
CVE-2023-3422
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
|
fd87a250-ff78-11ed-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 16 security fixes:
- [1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25
- [1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08
- [1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10
- [1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11
- [1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyá»Â
n (@quangnh89) of Viettel Cyber Security and Nguyen Phuong on 2023-05-15
- [1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01
- [1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27
- [1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08
- [1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08
- [1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15
- [1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24
- [1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22
- [1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04
Discovery 2023-05-30 Entry 2023-05-31 chromium
< 114.0.5735.90
ungoogled-chromium
< 114.0.5735.90
CVE-2023-2929
CVE-2023-2930
CVE-2023-2931
CVE-2023-2932
CVE-2023-2933
CVE-2023-2934
CVE-2023-2935
CVE-2023-2936
CVE-2023-2937
CVE-2023-2938
CVE-2023-2939
CVE-2023-2940
CVE-2023-2941
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
|
22fffa69-46fa-11ee-8290-a8a1599412c6 | chromium -- use after free in MediaStream
Chrome Releases reports:
This update includes 1 security fix:
- [1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12
Discovery 2023-08-29 Entry 2023-08-30 chromium
< 116.0.5845.140
ungoogled-chromium
< 116.0.5845.140
CVE-2023-4472
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html
|
31bb1b8d-d6dc-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 4 security fixes:
- [324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11
- [323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05
Discovery 2024-02-27 Entry 2024-02-29 chromium
< 122.0.6261.94
ungoogled-chromium
< 122.0.6261.94
CVE-2024-1938
CVE-2024-1939
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
|
ec8e4040-afcd-11ee-86bb-a8a1599412c6 | chromium -- security fix
Chrome Releases reports:
This update includes 1 security fix:
- [1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20
Discovery 2024-01-09 Entry 2024-01-10 chromium
< 120.0.6099.216
ungoogled-chromium
< 120.0.6099.216
CVE-2024-0333
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
|
80815c47-e84f-11ee-8e76-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 12 security fixes:
- [327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01
- [40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22
- [41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21
- [41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03
- [41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02
- [41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07
- [41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29
Discovery 2024-03-19 Entry 2024-03-22 chromium
< 123.0.6312.58
ungoogled-chromium
< 123.0.6312.58
CVE-2024-2625
CVE-2024-2626
CVE-2024-2627
CVE-2024-2628
CVE-2024-2629
CVE-2024-2630
CVE-2024-2631
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
|
7314942b-0889-46f0-b02b-2c60aabe4a82 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 3 security fixes:
- [331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26
- [328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09
- [331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25
Discovery 2024-04-10 Entry 2024-04-12 chromium
< 123.0.6312.122
ungoogled-chromium
< 123.0.6312.122
CVE-2024-3157
CVE-2024-3516
CVE-2024-3515
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html
|
12741b1f-04f9-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 2 security fixes:
- [1450481] High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01
Discovery 2023-06-05 Entry 2023-06-07 chromium
< 114.0.5735.106
ungoogled-chromium
< 114.0.5735.106
CVE-2023-3079
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
|
db33e250-74f7-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 2 security fixes:
- [1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦æ³æ¹é 家 on 2023-10-10
Discovery 2023-10-24 Entry 2023-10-27 chromium
< 118.0.5993.117
ungoogled-chromium
< 118.0.5993.117
CVE-2023-5472
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html
|
a1e27775-7a61-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 15 security fixes:
- [1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
- [1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13
- [1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13
- [1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22
- [1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18
- [1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10
- [1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22
- [1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01
- [1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13
- [1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17
- [1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18
- [1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24
- [1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13
Discovery 2023-10-31 Entry 2023-11-03 chromium
< 119.0.6045.105
ungoogled-chromium
< 119.0.6045.105
qt6-webengine
< 6.6.1
CVE-2023-5480
CVE-2023-5482
CVE-2023-5849
CVE-2023-5850
CVE-2023-5851
CVE-2023-5852
CVE-2023-5853
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5858
CVE-2023-5859
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html
|
fd3401a1-b6df-4577-917a-2c22fee99d34 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 3 security fixes:
- [325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19
- [325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19
- [325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20
Discovery 2024-03-05 Entry 2024-03-06 chromium
< 122.0.6261.111
ungoogled-chromium
< 122.0.6261.111
CVE-2024-2173
CVE-2024-2174
CVE-2024-2176
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
|
3ee577a9-aad4-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 6 security fixes:
- [1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13
- [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24
- [1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25
- [1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01
Discovery 2024-01-03 Entry 2024-01-04 chromium
< 120.0.6099.199
ungoogled-chromium
< 120.0.6099.199
CVE-2024-0222
CVE-2024-0223
CVE-2024-0224
CVE-2024-0225
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
|
dc9e5237-c197-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 4 security fixes:
- [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14
- [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29
- [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13
Discovery 2024-01-30 Entry 2024-02-02 chromium
< 121.0.6167.139
ungoogled-chromium
< 121.0.6167.139
qt5-webengine
< 5.15.16.p5_5
qt6-webengine
< 6.6.1_5
CVE-2024-1060
CVE-2024-1059
CVE-2024-1077
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
|
6d9c6aae-5eb1-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 10 security fixes:
- [1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
- [1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
- [1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25
Discovery 2023-09-27 Entry 2023-09-29 chromium
< 117.0.5938.132
ungoogled-chromium
< 117.0.5938.132
qt6-webengine
< 6.6.1
CVE-2023-5217
CVE-2023-5186
CVE-2023-5187
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
|
90c48c04-d549-4fc0-a503-4775e32d438e | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 8 security fixes:
- [1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
- [1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
- [1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
Discovery 2023-04-20 Entry 2023-04-20 chromium
< 112.0.5615.165
ungoogled-chromium
< 112.0.5615.165
CVE-2023-2133
CVE-2023-2134
CVE-2023-2135
CVE-2023-2136
CVE-2023-2137
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
|
4a026b6c-f2b8-11ee-8e76-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 3 security fixes:
- [329130358] High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-03-12
- [329965696] High CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish on 2024-03-17
- [330760873] High CVE-2024-3159: Out of bounds memory access in V8. Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks, via Pwn2Own 2024 on 2024-03-22
Discovery 2024-04-02 Entry 2024-04-04 chromium
< 123.0.6312.105
ungoogled-chromium
< 123.0.6312.105
CVE-2024-3156
CVE-2024-3158
CVE-2024-3159
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html
|
bea52545-f4a7-11ed-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 12 security fixes:
- [1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10
- [1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14
- [1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21
- [1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14
- [1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04
- [1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03
Discovery 2023-05-16 Entry 2023-05-17 chromium
< 113.0.5672.126
ungoogled-chromium
< 113.0.5672.126
CVE-2023-2721
CVE-2023-2722
CVE-2023-2723
CVE-2023-2724
CVE-2023-2725
CVE-2023-2726
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
|
1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6 | chromium -- security fix
Chrome Releases reports:
This update includes 1 security fix:
- [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19
Discovery 2023-12-20 Entry 2023-12-21 chromium
< 120.0.6099.129
ungoogled-chromium
< 120.0.6099.129
CVE-2023-7024
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
|
5fa332b9-4269-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 5 security fixes:
- [1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
- [1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03
- [1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06
- [1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07
- [1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01
Discovery 2023-08-22 Entry 2023-08-24 chromium
< 116.0.5845.110
ungoogled-chromium
< 116.0.5845.110
CVE-2023-4430
CVE-2023-4429
CVE-2023-4428
CVE-2023-4427
CVE-2023-4431
https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
|
77fc311d-7e62-11ee-8290-a8a1599412c6 | chromium -- security update
Chrome Releases reports:
This update includes 1 security fix:
- [1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30
Discovery 2023-11-07 Entry 2023-11-08 chromium
< 119.0.6045.123
ungoogled-chromium
< 119.0.6045.123
CVE-2023-5996
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
|
4405e9ad-97fe-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 10 security fixes:
- [1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31
- [1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21
- [1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08
- [1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04
- [1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24
Discovery 2023-12-05 Entry 2023-12-11 chromium
< 120.0.6099.62
ungoogled-chromium
< 120.0.6099.62
qt5-webengine
< 5.15.16.p5_2
qt6-webengine
< 6.6.1_1
CVE-2023-6508
CVE-2023-6509
CVE-2023-6510
CVE-2023-6511
CVE-2023-6512
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
|
2a470712-d351-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 12 security fixes:
- [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26
- [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06
- [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03
- [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19
- [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11
- [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27
- [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by BartÃ
Âomiej Wacko on 2023-12-21
- [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21
Discovery 2024-02-20 Entry 2024-02-24 chromium
< 122.0.6261.57
ungoogled-chromium
< 122.0.6261.57
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
|
5666688f-803b-4cf0-9cb1-08c088f2225a | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 26 security fixes:
- [1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24
- [1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27
- [1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14
- [1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18
- [1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07
- [1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27
- [1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12
- [1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31
- [1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30
- [1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28
- [1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20
- [1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09
- [1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07
- [1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17
- [1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14
- [1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23
- [1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13
- [1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06
- [1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02
- [1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
- [1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
Discovery 2023-08-15 Entry 2023-08-17 chromium
< 116.0.5845.96
ungoogled-chromium
< 116.0.5845.96
CVE-2023-2312
CVE-2023-4349
CVE-2023-4350
CVE-2023-4351
CVE-2023-4352
CVE-2023-4353
CVE-2023-4354
CVE-2023-4355
CVE-2023-4356
CVE-2023-4357
CVE-2023-4358
CVE-2023-4359
CVE-2023-4360
CVE-2023-4361
CVE-2023-4362
CVE-2023-4363
CVE-2023-4364
CVE-2023-4365
CVE-2023-4366
CVE-2023-4367
CVE-2023-4368
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
|
4e45c45b-629e-11ee-8290-a8a1599412c6 | chromium -- type confusion in v8
Chrome Releases reports:
This update includes 1 security fix:
- [1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22
Discovery 2023-10-03 Entry 2023-10-04 chromium
< 117.0.5938.149
ungoogled-chromium
< 117.0.5938.149
CVE-2023-5346
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html
|
246174d3-e979-11ed-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 15 security fixes:
- [1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10
- [1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27
- [1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06
- [1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17
- [1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10
- [1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23
- [1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10
- [1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17
- [1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07
- [1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15
Discovery 2023-05-03 Entry 2023-05-03 chromium
< 113.0.5672.63
ungoogled-chromium
< 113.0.5672.63
CVE-2023-2459
CVE-2023-2460
CVE-2023-2461
CVE-2023-2462
CVE-2023-2463
CVE-2023-2464
CVE-2023-2465
CVE-2023-2466
CVE-2023-2467
CVE-2023-2468
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
|
6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 17 security fixes:
- [1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20
- [1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17
- [1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07
- [1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28
- [1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12
- [1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20
- [1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12
- [1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25
- [1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29
- [1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04
- [1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04
Discovery 2023-08-02 Entry 2023-08-04 chromium
< 115.0.5790.170
ungoogled-chromium
< 115.0.5790.170
CVE-2023-4068
CVE-2023-4069
CVE-2023-4070
CVE-2023-4071
CVE-2023-4072
CVE-2023-4073
CVE-2023-4074
CVE-2023-4075
CVE-2023-4076
CVE-2023-4077
CVE-2023-4078
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html
|
814af1be-ec63-11ee-8e76-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 7 security fixes:
- [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03
- [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11
- [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21
- [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21
Discovery 2024-03-26 Entry 2024-03-27 chromium
< 123.0.6312.86
ungoogled-chromium
< 123.0.6312.86
CVE-2024-2883
CVE-2024-2885
CVE-2024-2886
CVE-2024-2887
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
|
1567be8c-0a15-11ee-8290-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 5 security fixes:
- [1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01
- [1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17
- [1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31
- [1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01
Discovery 2023-06-13 Entry 2023-06-13 chromium
< 114.0.5735.133
ungoogled-chromium
< 114.0.5735.133
CVE-2023-3214
CVE-2023-3215
CVE-2023-3216
CVE-2023-3217
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html
|
1bc07be0-b514-11ee-86bb-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 4 security fixes:
- [1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
- [1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
- [1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11
Discovery 2024-01-16 Entry 2024-01-17 chromium
< 120.0.6099.224
ungoogled-chromium
< 120.0.6099.224
CVE-2024-0517
CVE-2024-0518
CVE-2024-0519
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
|
0da4db89-84bf-11ee-8290-a8a1599412c6 | chromium -- multiple security fixes
Chrome Releases reports:
This update includes 4 security fixes:
- [1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31
- [1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04
Discovery 2023-11-14 Entry 2023-11-16 chromium
< 119.0.6045.159
ungoogled-chromium
< 119.0.6045.159
qt5-webengine
< 5.15.16.p5
qt6-webengine
< 6.6.1
CVE-2023-5997
CVE-2023-6112
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
|
4edbea45-cb0c-11ee-86bb-a8a1599412c6 | chromium -- security fix
Chrome Releases reports:
This update includes 1 security fix.
Discovery 2024-02-13 Entry 2024-02-14 chromium
< 121.0.6167.184
ungoogled-chromium
< 121.0.6167.184
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
|
01ffd06a-36ed-11eb-b655-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1142331] High CVE-2020-16037: Use after free in clipboard.
Reported by Ryoya Tsukasaki on 2020-10-26
- [1138683] High CVE-2020-16038: Use after free in media.
Reported by Khalil Zhani on 2020-10-14
- [1149177] High CVE-2020-16039: Use after free in extensions.
Reported by Anonymous on 2020-11-15
- [1150649] High CVE-2020-16040: Insufficient data validation in
V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability
Research on 2020-11-19
- [1151865] Medium CVE-2020-16041: Out of bounds read in
networking. Reported by Sergei Glazunov and Mark Brand of Google
Project Zero on 2020-11-23
- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8.
Reported by André Bargull on 2020-11-2
Discovery 2020-12-02 Entry 2020-12-05 chromium
< 87.0.4280.88
CVE-2020-16037
CVE-2020-16038
CVE-2020-16039
CVE-2020-16040
CVE-2020-16041
CVE-2020-16042
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
|
abfc932e-1ba8-11e8-a944-54ee754af08e | chromium -- vulnerability
Google Chrome Releases reports:
1 security fix in this release:
- [806388] High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Discovery 2018-01-26 Entry 2018-02-27 chromium
< 64.0.3282.167
CVE-2018-6056
https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html
|
38c676bd-9def-11ea-a94c-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
This release includes 38 security fixes, including CVEs
CVE-2020-6465 through CVE-2020-6491.
Discovery 2020-05-19 Entry 2020-05-24 chromium
< 83.0.4103.61
CVE-2020-6465
CVE-2020-6466
CVE-2020-6467
CVE-2020-6468
CVE-2020-6469
CVE-2020-6470
CVE-2020-6471
CVE-2020-6472
CVE-2020-6473
CVE-2020-6474
CVE-2020-6475
CVE-2020-6476
CVE-2020-6477
CVE-2020-6478
CVE-2020-6479
CVE-2020-6480
CVE-2020-6481
CVE-2020-6482
CVE-2020-6483
CVE-2020-6484
CVE-2020-6485
CVE-2020-6486
CVE-2020-6487
CVE-2020-6488
CVE-2020-6489
CVE-2020-6490
CVE-2020-6491
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html
|
720590df-10eb-11e9-b407-080027ef1a23 | chromium -- Use after free in PDFium
Google Chrome Releases reports:
1 security fix contributed by external researches:
- High CVE-2018-17481: Use after free in PDFium
Discovery 2018-12-12 Entry 2019-01-05 chromium
< 71.0.3578.98
CVE-2018-17481
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html
|
bed5d41a-f2b4-11ea-a878-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 5 security fixes:
- [1116304] High CVE-2020-6573: Use after free in video. Reported
by Leecraso and Guang Gong of 360 Alpha Lab working with 360
BugCloud on 2020-08-14
- [1102196] High CVE-2020-6574: Insufficient policy
enforcement in installer. Reported by CodeColorist of
Ant-Financial LightYear Labs on 2020-07-05
- [1081874] High CVE-2020-6575: Race in Mojo. Reported by
Microsoft on 2020-05-12
- [1111737] High CVE-2020-6576: Use after free in offscreen
canvas. Reported by Looben Yang on 2020-07-31
- [1122684] High CVE-2020-15959: Insufficient policy enforcement
in networking. Reported by Eric Lawrence of Microsoft on
2020-08-27
Discovery 2020-09-08 Entry 2020-09-09 chromium
< 85.0.4183.102
CVE-2020-6573
CVE-2020-6574
CVE-2020-6575
CVE-2020-6576
CVE-2020-15969
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html
|
a2caf7bd-a719-11ea-a857-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 5 security fixes. Below, we highlight fixes
that were contributed by external researchers.
- [1082105] High CVE-2020-6493: Use after free in
WebAuthentication. Reported by Anonymous on 2020-05-13
- [1083972] High CVE-2020-6494: Incorrect security UI in payments.
Reported by Juho Nurminen on 2020-05-18
- [1072116] High CVE-2020-6495: Insufficient policy enforcement in
developer tools. Reported by David Erceg on 2020-04-18
- [1085990] High CVE-2020-6496: Use after free in payments.
Reported by Khalil Zhani on 2020-05-24
Discovery 2020-06-03 Entry 2020-06-05 chromium
< 83.0.4103.97
CVE-2020-6493
CVE-2020-6494
CVE-2020-6495
CVE-2020-6496
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
|
f4722927-1375-11eb-8711-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 5 security fixes:
- [1125337] High CVE-2020-16000: Inappropriate implementation in
Blink. Reported by amaebi_jp on 2020-09-06
- [1135018] High CVE-2020-16001: Use after free in media.
Reported by Khalil Zhani on 2020-10-05
- [1137630] High CVE-2020-16002: Use after free in PDFium.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
at Qi'anxin Group on 2020-10-13
- [1139963] High CVE-2020-15999: Heap buffer overflow in
Freetype. Reported by Sergei Glazunov of Google Project Zero on
2020-10-19
- [1134960] Medium CVE-2020-16003: Use after free in printing.
Reported by Khalil Zhani on 2020-10-04
Discovery 2020-10-20 Entry 2020-10-21 chromium
< 86.0.4240.111
CVE-2020-15999
CVE-2020-16000
CVE-2020-16001
CVE-2020-16002
CVE-2020-16003
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
|
8e986b2b-1baa-11e8-a944-54ee754af08e | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
Several security fixes in this release, including:
- [780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
- [787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
- [793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
- [784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
- [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on
2017-08-09
- [774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
- [775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
- [778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
- [760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
- [773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
- [785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
- [797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
- [799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
- [763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
- [771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
- [774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
- [774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
- [441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
- [615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
- [758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
- [797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
Discovery 2017-08-09 Entry 2018-02-27 chromium
< 64.0.3282.119
CVE-2018-6031
CVE-2018-6032
CVE-2018-6033
CVE-2018-6034
CVE-2018-6035
CVE-2018-6036
CVE-2018-6037
CVE-2018-6038
CVE-2018-6039
CVE-2018-6040
CVE-2018-6041
CVE-2018-6042
CVE-2018-6043
CVE-2018-6045
CVE-2018-6046
CVE-2018-6047
CVE-2018-6048
CVE-2017-15420
CVE-2018-6049
CVE-2018-6050
CVE-2018-6051
CVE-2018-6052
CVE-2018-6053
CVE-2018-6054
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
|
1110e286-dc08-11ea-beed-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 15 security fixes, including:
- [1107433] High CVE-2020-6542: Use after free in ANGLE.
Reported by Piotr Bania of Cisco Talos on 2020-07-20
- [1104046] High CVE-2020-6543: Use after free in task
scheduling. Reported by Looben Yang on 2020-07-10
- [1108497] High CVE-2020-6544: Use after free in media. Reported
by Tim Becker of Theori on 2020-07-22
- [1095584] High CVE-2020-6545: Use after free in audio. Reported
by Anonymous on 2020-06-16
- [1100280] High CVE-2020-6546: Inappropriate implementation in
installer. Reported by Andrew Hess (any1) on 2020-06-29
- [1102153] High CVE-2020-6547: Incorrect security UI in media.
Reported by David Albert on 2020-07-05
- [1103827] High CVE-2020-6548: Heap buffer overflow in Skia.
Reported by Choongwoo Han, Microsoft Browser Vulnerability
Research on 2020-07-09
- [1105426] High CVE-2020-6549: Use after free in media. Reported
by Sergei Glazunov of Google Project Zero on 2020-07-14
- [1106682] High CVE-2020-6550: Use after free in IndexedDB.
Reported by Sergei Glazunov of Google Project Zero on
2020-07-17
- [1107815] High CVE-2020-6551: Use after free in WebXR. Reported
by Sergei Glazunov of Google Project Zero on 2020-07-21
- [1108518] High CVE-2020-6552: Use after free in Blink. Reported
by Tim Becker of Theori on 2020-07-22
- [1111307] High CVE-2020-6553: Use after free in offline mode.
Reported by Alison Huffman, Microsoft Browser Vulnerability
Research on 2020-07-30
- [1094235] Medium CVE-2020-6554: Use after free in extensions.
Reported by Anonymous on 2020-06-12
- [1105202] Medium CVE-2020-6555: Out of bounds read in WebGL.
Reported by Marcin Towalski of Cisco Talos on 2020-07-13
Discovery 2020-08-10 Entry 2020-08-11 chromium
< 84.0.4147.125
CVE-2020-6542
CVE-2020-6543
CVE-2020-6544
CVE-2020-6545
CVE-2020-6546
CVE-2020-6547
CVE-2020-6548
CVE-2020-6549
CVE-2020-6550
CVE-2020-6551
CVE-2020-6552
CVE-2020-6553
CVE-2020-6554
CVE-2020-6555
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html
|
88d00176-058e-11ea-bd1c-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
Four security issues were fixed, including:
- [1021723] Various fixes from internal audits, fuzzing and other
initiatives
Discovery 2019-11-06 Entry 2019-11-12 chromium
< 78.0.3904.97
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop.html
|
546d4dd4-10ea-11e9-b407-080027ef1a23 | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
43 security fixes in this release, including:
- High CVE-2018-17480: Out of bounds write in V8
- High CVE-2018-17481: Use after free in PDFium
- High CVE-2018-18335: Heap buffer overflow in Skia
- High CVE-2018-18336: Use after free in PDFium
- High CVE-2018-18337: Use after free in Blink
- High CVE-2018-18338: Heap buffer overflow in Canvas
- High CVE-2018-18339: Use after free in WebAudio
- High CVE-2018-18340: Use after free in MediaRecorder
- High CVE-2018-18341: Heap buffer overflow in Blink
- High CVE-2018-18342: Out of bounds write in V8
- High CVE-2018-18343: Use after free in Skia
- High CVE-2018-18344: Inappropriate implementation in Extensions
- High To be allocated: Multiple issues in SQLite via WebSQL
- Medium CVE-2018-18345: Inappropriate implementation in Site Isolation
- Medium CVE-2018-18346: Incorrect security UI in Blink
- Medium CVE-2018-18347: Inappropriate implementation in Navigation
- Medium CVE-2018-18348: Inappropriate implementation in Omnibox
- Medium CVE-2018-18349: Insufficient policy enforcement in Blink
- Medium CVE-2018-18350: Insufficient policy enforcement in Blink
- Medium CVE-2018-18351: Insufficient policy enforcement in Navigation
- Medium CVE-2018-18352: Inappropriate implementation in Media
- Medium CVE-2018-18353: Inappropriate implementation in Network Authentication
- Medium CVE-2018-18354: Insufficient data validation in Shell Integration
- Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- Medium CVE-2018-18356: Use after free in Skia
- Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- Medium CVE-2018-18358: Insufficient policy enforcement in Proxy
- Medium CVE-2018-18359: Out of bounds read in V8
- Low To be allocated: Inappropriate implementation in PDFium
- Low To be allocated: Use after free in Extensions
- Low To be allocated: Inappropriate implementation in Navigation
- Low To be allocated: Inappropriate implementation in Navigation
- Low To be allocated: Insufficient policy enforcement in Navigation
- Low To be allocated: Insufficient policy enforcement in URL Formatter
- Medium To be allocated: Insufficient policy enforcement in Payments
- Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-12-04 Entry 2019-01-05 chromium
< 71.0.3578.80
CVE-2018-17480
CVE-2018-17481
CVE-2018-18335
CVE-2018-18336
CVE-2018-18337
CVE-2018-18338
CVE-2018-18339
CVE-2018-18340
CVE-2018-18341
CVE-2018-18342
CVE-2018-18343
CVE-2018-18344
CVE-2018-18345
CVE-2018-18346
CVE-2018-18347
CVE-2018-18348
CVE-2018-18349
CVE-2018-18350
CVE-2018-18351
CVE-2018-18352
CVE-2018-18353
CVE-2018-18354
CVE-2018-18355
CVE-2018-18356
CVE-2018-18357
CVE-2018-18358
CVE-2018-18359
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
|
3ae21918-31e3-11e8-927b-e8e0b747a45a | chromium -- vulnerability
Google Chrome Releases reports:
1 security fix in this release, including:
- [823553] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-03-20 Entry 2018-03-27 chromium
< 65.0.3325.181
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html
|
4cb49a23-6c89-11e8-8b33-e8e0b747a45a | chromium -- Incorrect handling of CSP header
Google Chrome Releases reports:
1 security fix contributed by external researchers:
- [845961] High CVE-2018-6148: Incorrect handling of CSP header. Reported by Michal Bentkowski on 2018-05-23
Discovery 2018-06-06 Entry 2018-06-10 chromium
< 67.0.3396.79
CVE-2018-6148
https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html
|
6a5d15b6-b661-11ea-8015-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 2 security fixes, including:
- [1092308] High CVE-2020-6509: Use after free in extensions.
Reported by Anonymous on 2020-06-08
Discovery 2020-06-22 Entry 2020-06-24 chromium
< 83.0.4103.116
CVE-2020-6509
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
|
48514901-711d-11eb-9846-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1138143] High CVE-2021-21149: Stack overflow in Data Transfer.
Reported by Ryoya Tsukasaki on 2020-10-14
- [1172192] High CVE-2021-21150: Use after free in Downloads.
Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29
- [1165624] High CVE-2021-21151: Use after free in Payments.
Reported by Khalil Zhani on 2021-01-12
- [1166504] High CVE-2021-21152: Heap buffer overflow in Media.
Reported by Anonymous on 2021-01-14
- [1155974] High CVE-2021-21153: Stack overflow in GPU Process.
Reported by Jan Ruge of ERNW GmbH on 2020-12-06
- [1173269] High CVE-2021-21154: Heap buffer overflow in Tab
Strip. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-02-01
- [1175500] High CVE-2021-21155: Heap buffer overflow in Tab
Strip. Reported by Khalil Zhani on 2021-02-07
- [1177341] High CVE-2021-21156: Heap buffer overflow in V8.
Reported by Sergei Glazunov of Google Project Zero on
2021-02-11
- [1170657] Medium CVE-2021-21157: Use after free in Web
Sockets. Reported by Anonymous on 2021-01-26
Discovery 2021-02-16 Entry 2021-02-17 chromium
< 88.0.4324.182
CVE-2021-21149
CVE-2021-21150
CVE-2021-21151
CVE-2021-21152
CVE-2021-21153
CVE-2021-21154
CVE-2021-21155
CVE-2021-21156
CVE-2021-21157
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
|
4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 36 security fixes, including:
- [1137179] Critical CVE-2021-21117: Insufficient policy
enforcement in Cryptohome. Reported by Rory McNamara on
2020-10-10
- [1161357] High CVE-2021-21118: Insufficient data validation in
V8. Reported by Tyler Nighswander (@tylerni7) of Theori on
2020-12-23
- [1160534] High CVE-2021-21119: Use after free in Media. Reported
by Anonymous on 2020-12-20
- [1160602] High CVE-2021-21120: Use after free in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha
Lab on 2020-12-21
- [1161143] High CVE-2021-21121: Use after free in Omnibox.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2020-12-22
- [1162131] High CVE-2021-21122: Use after free in Blink. Reported
by Renata Hodovan on 2020-12-28
- [1137247] High CVE-2021-21123: Insufficient data validation in
File System API. Reported by Maciej Pulikowski on 2020-10-11
- [1131346] High CVE-2021-21124: Potential user after free in
Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from
Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23
- [1152327] High CVE-2021-21125: Insufficient policy enforcement
in File System API. Reported by Ron Masas (Imperva) on
2020-11-24
- [1163228] High CVE-2020-16044: Use after free in WebRTC.
Reported by Ned Williamson of Project Zero on 2021-01-05
- [1108126] Medium CVE-2021-21126: Insufficient policy enforcement
in extensions. Reported by David Erceg on 2020-07-22
- [1115590] Medium CVE-2021-21127: Insufficient policy enforcement
in extensions. Reported by Jasminder Pal Singh, Web Services Point
WSP, Kotkapura on 2020-08-12
- [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.
Reported by Liang Dong on 2020-10-15
- [1140403] Medium CVE-2021-21129: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
- [1140410] Medium CVE-2021-21130: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
- [1140417] Medium CVE-2021-21131: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
- [1128206] Medium CVE-2021-21132: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-09-15
- [1157743] Medium CVE-2021-21133: Insufficient policy enforcement
in Downloads. Reported by wester0x01
(https://twitter.com/wester0x01) on 2020-12-11
- [1157800] Medium CVE-2021-21134: Incorrect security UI in Page
Info. Reported by wester0x01 (https://twitter.com/wester0x01) on
2020-12-11
- [1157818] Medium CVE-2021-21135: Inappropriate implementation in
Performance API. Reported by ndevtk on 2020-12-11
- [1038002] Low CVE-2021-21136: Insufficient policy enforcement in
WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad
Mohammed on 2019-12-27
- [1093791] Low CVE-2021-21137: Inappropriate implementation in
DevTools. Reported by bobblybear on 2020-06-11
- [1122487] Low CVE-2021-21138: Use after free in DevTools.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
at Qi'anxin Group on 2020-08-27
- [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported
by David Manouchehri on 2020-10-08
- [1140435] Low CVE-2021-21141: Insufficient policy enforcement in
File System API. Reported by Maciej Pulikowski on 2020-10-20
Discovery 2021-01-19 Entry 2021-01-22 chromium
< 88.0.4324.96
CVE-2020-16044
CVE-2021-21117
CVE-2021-21118
CVE-2021-21119
CVE-2021-21120
CVE-2021-21121
CVE-2021-21122
CVE-2021-21123
CVE-2021-21124
CVE-2021-21125
CVE-2021-21126
CVE-2021-21127
CVE-2021-21128
CVE-2021-21129
CVE-2021-21130
CVE-2021-21131
CVE-2021-21132
CVE-2021-21133
CVE-2021-21134
CVE-2021-21135
CVE-2021-21136
CVE-2021-21137
CVE-2021-21138
CVE-2021-21139
CVE-2021-21140
CVE-2021-21141
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
|
b81ad6d6-8633-11eb-99c5-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 5 security fixes, including:
- [1167357] High CVE-2021-21191: Use after free in WebRTC.
Reported by raven (@raid_akame) on 2021-01-15
- [1181387] High CVE-2021-21192: Heap buffer overflow in tab
groups. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-02-23
- [1186287] High CVE-2021-21193: Use after free in Blink.
Reported by Anonymous on 2021-03-09
Discovery 2021-03-12 Entry 2021-03-16 chromium
< 89.0.4389.90
CVE-2021-11191
CVE-2021-11192
CVE-2021-11193
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
|
479fdfda-6659-11eb-83e2-e09467587c17 | www/chromium -- multiple vulnerabilities
Chrome Releases reports:
This update include 6 security fixes:
- 1169317] Critical CVE-2021-21142: Use after free in Payments.
Reported by Khalil Zhani on 2021-01-21
- [1163504] High CVE-2021-21143: Heap buffer overflow in
Extensions. Reported by Allen Parker and Alex Morgan of MU on
2021-01-06
- [1163845] High CVE-2021-21144: Heap buffer overflow in Tab
Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-01-07
- [1154965] High CVE-2021-21145: Use after free in Fonts. Reported
by Anonymous on 2020-12-03
- [1161705] High CVE-2021-21146: Use after free in Navigation.
Reported by Alison Huffman and Choongwoo Han of Microsoft Browser
Vulnerability Research on 2020-12-24
- [1162942] Medium CVE-2021-21147: Inappropriate implementation in
Skia. Reported by Roman Starkov on 2021-01-04
Discovery 2021-02-02 Entry 2021-02-03 chromium
< 88.0.4324.146
CVE-2021-21142
CVE-2021-21143
CVE-2021-21144
CVE-2021-21145
CVE-2021-21146
CVE-2021-21147
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
|
3e01aad2-680e-11eb-83e2-e09467587c17 | chromium -- heap buffer overflow in V8
Chrome Releases reports:
[1170176] High CVE-2021-21148: Heap buffer overflow in V8.
Reported by Mattias Buelens on 2021-01-24. Google is aware of
reports that an exploit for CVE-2021-21148 exists in the wild.
Discovery 2021-02-04 Entry 2021-02-05 chromium
< 88.0.4324.150
CVE-2021-21148
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
|
006bee4e-4c49-11e8-9c32-54ee754af08e | chromium -- vulnerability
Google Chrome Releases reports:
3 security fixes in this release:
- [831963] Critical CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson on 2018-04-12
- [837635] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-04-12 Entry 2018-04-30 chromium
< 66.0.3359.139
CVE-2018-6118
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html
|
25efe05c-7ffc-11ea-b594-3065ec8fd3ec | chromium -- use after free
Google Chrome Releases reports:
[1067851] Critical CVE-2020-6457: Use after free in speech
recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo
360 on 2020-04-04
Discovery 2020-04-15 Entry 2020-04-16 chromium
< 81.0.4044.113
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
CVE-2020-6457
|
64575bb6-e188-11ea-beed-e09467587c17 | chromium -- heap buffer overflow
Chrome Releases reports:
This release contains one security fix:
- [1115345] High CVE-2020-6556: Heap buffer overflow in
SwiftShader. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2020-08-12
Discovery 2020-08-18 Entry 2020-08-18 chromium
< 84.0.4147.135
CVE-2020-6556
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html
|
e68d3db1-fd04-11ea-a67f-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release fixes 10 security issues, including:
- [1100136] High CVE-2020-15960: Out of bounds read in storage.
Reported by Anonymous on 2020-06-28
- [1114636] High CVE-2020-15961: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-10
- [1121836] High CVE-2020-15962: Insufficient policy
enforcement in serial. Reported by Leecraso and Guang Gong of 360
Alpha Lab working with 360 BugCloud on 2020-08-26
- [1113558] High CVE-2020-15963: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-06
- [1126249] High CVE-2020-15965: Out of bounds write in V8.
Reported by Lucas Pinheiro, Microsoft Browser Vulnerability
Research on 2020-09-08
- [1113565] Medium CVE-2020-15966: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-06
- [1121414] Low CVE-2020-15964: Insufficient data validation in
media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on
2020-08-25
Discovery 2020-09-21 Entry 2020-09-22 chromium
< 85.0.4183.121
CVE-2020-15960
CVE-2020-15961
CVE-2020-15962
CVE-2020-15963
CVE-2020-15964
CVE-2020-15965
CVE-2020-15966
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
|
9a447f78-d0f8-11ea-9837-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update contains 8 security fixes, including:
- [1105318] High CVE-2020-6537: Type Confusion in V8. Reported by
Alphalaab on 2020-07-14
- [1096677] High CVE-2020-6538: Inappropriate implementation in
WebView. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n)
of Tencent Security Xuanwu Lab on 2020-06-18
- [1104061] High CVE-2020-6532: Use after free in SCTP. Reported
by Anonymous on 2020-07-09
- [1105635] High CVE-2020-6539: Use after free in CSS. Reported
by Oriol Brufau on 2020-07-14
- [1105720] High CVE-2020-6540: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15
- [1106773] High CVE-2020-6541: Use after free in WebUSB. Reported
by Sergei Glazunov of Google Project Zero on 2020-07-17
Discovery 2020-07-27 Entry 2020-07-28 chromium
< 84.0.4147.105
CVE-2020-6532
CVE-2020-6537
CVE-2020-6538
CVE-2020-6539
CVE-2020-6540
CVE-2020-6541
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
|
555af074-22b9-11e8-9799-54ee754af08e | chromium -- vulnerability
Google Chrome Releases reports:
45 security fixes in this release:
- [758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
- [758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
- [780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02
- [794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12
- [780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31
- [789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30
- [792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07
- [798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03
- [808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01
- [799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05
- [779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
- [779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
- [799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08
- [668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25
- [777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23
- [791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01
- [804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20
- [809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06
- [608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03
- [758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24
- [778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26
- [793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10
- [788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24
- [792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05
- [797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24
- [767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21
- [771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04
Discovery 2016-05-03 Entry 2018-03-08 chromium
< 65.0.3325.146
CVE-2017-11215
CVE-2017-11225
CVE-2018-6060
CVE-2018-6061
CVE-2018-6060
CVE-2018-6061
CVE-2018-6062
CVE-2018-6057
CVE-2018-6063
CVE-2018-6064
CVE-2018-6065
CVE-2018-6066
CVE-2018-6067
CVE-2018-6069
CVE-2018-6070
CVE-2018-6071
CVE-2018-6072
CVE-2018-6073
CVE-2018-6074
CVE-2018-6075
CVE-2018-6076
CVE-2018-6077
CVE-2018-6078
CVE-2018-6079
CVE-2018-6080
CVE-2018-6081
CVE-2018-6082
CVE-2018-6083
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
|
e457978b-5484-11e8-9b85-54ee754af08e | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
4 security fixes in this release:
- [835887] Critical: Chain leading to sandbox escape.
Reported by Anonymous on 2018-04-23
- [836858] High CVE-2018-6121: Privilege Escalation in extensions
- [836141] High CVE-2018-6122: Type confusion in V8
- [833721] High CVE-2018-6120: Heap buffer overflow in PDFium.
Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17
- [841841] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-04-14 Entry 2018-05-11 chromium
< 66.0.3359.170
CVE-2018-6120
CVE-2018-6121
CVE-2018-6122
https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html
|
3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1138911] High CVE-2020-16004: Use after free in user interface.
Reported by Leecraso and Guang Gong of 360 Alpha Lab working with
360 BugCloud on 2020-10-15
- [1139398] High CVE-2020-16005: Insufficient policy enforcement
in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on
2020-10-16
- [1133527] High CVE-2020-16006: Inappropriate implementation in
V8. Reported by Bill Parks on 2020-09-29
- [1125018] High CVE-2020-16007: Insufficient data validation in
installer. Reported by Abdelhamid Naceri (halov) on
2020-09-04
- [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.
Reported by Tolya Korniltsev on 2020-10-01
- [1143772] High CVE-2020-16009: Inappropriate implementation in
V8. Reported by Clement Lecigne of Google's Threat Analysis Group
and Samuel Groà of Google Project Zero on 2020-10-29
- [1144489] High CVE-2020-16011: Heap buffer overflow in UI on
Windows. Reported by Sergei Glazunov of Google Project Zero on
2020-11-01
There are reports that an exploit for CVE-2020-16009 exists in the
wild.
Discovery 2020-11-02 Entry 2020-11-03 chromium
< 86.0.4240.183
CVE-2020-16004
CVE-2020-16005
CVE-2020-16006
CVE-2020-16007
CVE-2020-16008
CVE-2020-16009
CVE-2020-16011
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
|
64988354-0889-11eb-a01b-e09467587c17 | chromium -- multiple vulnerabilities
Chrome releases reports:
This release contains 35 security fixes, including:
- [1127322] Critical CVE-2020-15967: Use after free in payments.
Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11
- [1126424] High CVE-2020-15968: Use after free in Blink.
Reported by Anonymous on 2020-09-09
- [1124659] High CVE-2020-15969: Use after free in WebRTC.
Reported by Anonymous on 2020-09-03
- [1108299] High CVE-2020-15970: Use after free in NFC. Reported
by Man Yue Mo of GitHub Security Lab on 2020-07-22
- [1114062] High CVE-2020-15971: Use after free in printing.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on
2020-08-07
- [1115901] High CVE-2020-15972: Use after free in audio.
Reported by Anonymous on 2020-08-13
- [1133671] High CVE-2020-15990: Use after free in autofill.
Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on
2020-09-30
- [1133688] High CVE-2020-15991: Use after free in password
manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo
360 on 2020-09-30
- [1106890] Medium CVE-2020-15973: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-07-17
- [1104103] Medium CVE-2020-15974: Integer overflow in Blink.
Reported by Juno Im (junorouse) of Theori on 2020-07-10
- [1110800] Medium CVE-2020-15975: Integer overflow in
SwiftShader. Reported by Anonymous on 2020-07-29
- [1123522] Medium CVE-2020-15976: Use after free in WebXR.
Reported by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on
2020-08-31
- [1083278] Medium CVE-2020-6557: Inappropriate implementation
in networking. Reported by Matthias Gierlings and Marcus Brinkmann
(NDS Ruhr-University Bochum) on 2020-05-15
- [1097724] Medium CVE-2020-15977: Insufficient data validation
in dialogs. Reported by Narendra Bhati (@imnarendrabhati) on
2020-06-22
- [1116280] Medium CVE-2020-15978: Insufficient data validation
in navigation. Reported by Luan Herrera (@lbherrera_) on
2020-08-14
- [1127319] Medium CVE-2020-15979: Inappropriate implementation
in V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on
2020-09-11
- [1092453] Medium CVE-2020-15980: Insufficient policy
enforcement in Intents. Reported by Yongke Wang (@Rudykewang) and
Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
- [1123023] Medium CVE-2020-15981: Out of bounds read in audio.
Reported by Christoph Guttandin on 2020-08-28
- [1039882] Medium CVE-2020-15982: Side-channel information
leakage in cache. Reported by Luan Herrera (@lbherrera_) on
2020-01-07
- [1076786] Medium CVE-2020-15983: Insufficient data validation
in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-04-30
- [1080395] Medium CVE-2020-15984: Insufficient policy
enforcement in Omnibox. Reported by Rayyan Bijoora on
2020-05-07
- [1099276] Medium CVE-2020-15985: Inappropriate implementation
in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2020-06-25
- [1100247] Medium CVE-2020-15986: Integer overflow in media.
Reported by Mark Brand of Google Project Zero on 2020-06-29
- [1127774] Medium CVE-2020-15987: Use after free in WebRTC.
Reported by Philipp Hancke on 2020-09-14
- [1110195] Medium CVE-2020-15992: Insufficient policy
enforcement in networking. Reported by Alison Huffman, Microsoft
Browser Vulnerability Research on 2020-07-28
- [1092518] Low CVE-2020-15988: Insufficient policy enforcement
in downloads. Reported by Samuel Attard on 2020-06-08
- [1108351] Low CVE-2020-15989: Uninitialized Use in PDFium.
Reported by Gareth Evans (Microsoft) on 2020-07-22
Discovery 2020-10-06 Entry 2020-10-07 chromium
< 86.0.4240.75
CVE-2020-6557
CVE-2020-15967
CVE-2020-15968
CVE-2020-15969
CVE-2020-15970
CVE-2020-15971
CVE-2020-15972
CVE-2020-15973
CVE-2020-15974
CVE-2020-15975
CVE-2020-15976
CVE-2020-15977
CVE-2020-15978
CVE-2020-15979
CVE-2020-15980
CVE-2020-15981
CVE-2020-15982
CVE-2020-15983
CVE-2020-15984
CVE-2020-15985
CVE-2020-15986
CVE-2020-15987
CVE-2020-15988
CVE-2020-15989
CVE-2020-15990
CVE-2020-15991
CVE-2020-15992
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
|
870d59b0-c6c4-11ea-8015-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update contains 38 security fixes, including:
- [1103195] Critical CVE-2020-6510: Heap buffer overflow in
background fetch. Reported by Leecraso and Guang Gong of 360
Alpha Lab working with 360 BugCloud on 2020-07-08
- [1074317] High CVE-2020-6511: Side-channel information leakage
in content security policy. Reported by Mikhail Oblozhikhin on
2020-04-24
- [1084820] High CVE-2020-6512: Type Confusion in V8. Reported by
nocma, leogan, cheneyxu of WeChat Open Platform Security Team on
2020-05-20
- [1091404] High CVE-2020-6513: Heap buffer overflow in PDFium.
Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04
- [1076703] High CVE-2020-6514: Inappropriate implementation in
WebRTC. Reported by Natalie Silvanovich of Google Project Zero on
2020-04-30
- [1082755] High CVE-2020-6515: Use after free in tab strip.
Reported by DDV_UA on 2020-05-14
- [1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by
Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security
Xuanwu Lab on 2020-06-08
- [1095560] High CVE-2020-6517: Heap buffer overflow in history.
Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu
Lab on 2020-06-16
- [986051] Medium CVE-2020-6518: Use after free in developer
tools. Reported by David Erceg on 2019-07-20
- [1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported
by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25
- [1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08
- [1075734] Medium CVE-2020-6521: Side-channel information leakage
in autofill. Reported by Xu Lin (University of Illinois at
Chicago), Panagiotis Ilia (University of Illinois at Chicago),
Jason Polakis (University of Illinois at Chicago) on
2020-04-27
- [1052093] Medium CVE-2020-6522: Inappropriate implementation in
external protocol handlers. Reported by Eric Lawrence of Microsoft
on 2020-02-13
- [1080481] Medium CVE-2020-6523: Out of bounds write in Skia.
Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on
2020-05-08
- [1081722] Medium CVE-2020-6524: Heap buffer overflow in
WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona
State University on 2020-05-12
- [1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05
- [1074340] Low CVE-2020-6526: Inappropriate implementation in
iframe sandbox. Reported by Jonathan Kingston on 2020-04-24
- [992698] Low CVE-2020-6527: Insufficient policy enforcement in
CSP. Reported by Zhong Zhaochen of andsecurity.cn on
2019-08-10
- [1063690] Low CVE-2020-6528: Incorrect security UI in basic
auth. Reported by Rayyan Bijoora on 2020-03-22
- [978779] Low CVE-2020-6529: Inappropriate implementation in
WebRTC. Reported by kaustubhvats7 on 2019-06-26
- [1016278] Low CVE-2020-6530: Out of bounds memory access in
developer tools. Reported by myvyang on 2019-10-21
- [1042986] Low CVE-2020-6531: Side-channel information leakage in
scroll to text. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2020-01-17
- [1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by
Avihay Cohen @ SeraphicAlgorithms on 2020-04-11
- [1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC.
Reported by Anonymous on 2020-04-20
- [1073409] Low CVE-2020-6535: Insufficient data validation in
WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-04-22
- [1080934] Low CVE-2020-6536: Incorrect security UI in PWAs.
Reported by Zhiyang Zeng of Tencent security platform department
on 2020-05-09
Discovery 2020-07-14 Entry 2020-07-15 chromium
< 84.0.4147.89
CVE-2020-6528
CVE-2020-6510
CVE-2020-6511
CVE-2020-6512
CVE-2020-6513
CVE-2020-6514
CVE-2020-6515
CVE-2020-6516
CVE-2020-6517
CVE-2020-6518
CVE-2020-6519
CVE-2020-6520
CVE-2020-6521
CVE-2020-6522
CVE-2020-6523
CVE-2020-6524
CVE-2020-6525
CVE-2020-6526
CVE-2020-6527
CVE-2020-6529
CVE-2020-6530
CVE-2020-6531
CVE-2020-6533
CVE-2020-6534
CVE-2020-6535
CVE-2020-6536
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
|
6e3b700a-7ca3-11ea-b594-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
This updates includes 32 security fixes, including:
- [1019161] High CVE-2020-6454: Use after free in extensions.
Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on
2019-10-29
- [1043446] High CVE-2020-6423: Use after free in audio.
Reported by Anonymous on 2020-01-18
- [1059669] High CVE-2020-6455: Out of bounds read in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,
Qihoo 360 on 2020-03-09
- [1031479] Medium CVE-2020-6430: Type Confusion in V8.
Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06
- [1040755] Medium CVE-2020-6456: Insufficient validation of
untrusted input in clipboard. Reported by MichaÅ Bentkowski of
Securitum on 2020-01-10
- [852645] Medium CVE-2020-6431: Insufficient policy
enforcement in full screen. Reported by Luan Herrera (@lbherrera_)
on 2018-06-14
- [965611] Medium CVE-2020-6432: Insufficient policy
enforcement in navigations. Reported by David Erceg on
2019-05-21
- [1043965] Medium CVE-2020-6433: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-01-21
- [1048555] Medium CVE-2020-6434: Use after free in devtools.
Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04
- [1032158] Medium CVE-2020-6435: Insufficient policy
enforcement in extensions. Reported by Sergei Glazunov of Google
Project Zero on 2019-12-09
- [1034519] Medium CVE-2020-6436: Use after free in window
management. Reported by Igor Bukanov from Vivaldi on 2019-12-16
- [639173] Low CVE-2020-6437: Inappropriate implementation in
WebView. Reported by Jann Horn on 2016-08-19
- [714617] Low CVE-2020-6438: Insufficient policy enforcement in
extensions. Reported by Ng Yik Phang on 2017-04-24
- [868145] Low CVE-2020-6439: Insufficient policy enforcement in
navigations. Reported by remkoboonstra on 2018-07-26
- [894477] Low CVE-2020-6440: Inappropriate implementation in
extensions. Reported by David Erceg on 2018-10-11
- [959571] Low CVE-2020-6441: Insufficient policy enforcement in
omnibox. Reported by David Erceg on 2019-05-04
- [1013906] Low CVE-2020-6442: Inappropriate implementation in
cache. Reported by B@rMey on 2019-10-12
- [1040080] Low CVE-2020-6443: Insufficient data validation in
developer tools. Reported by @lovasoa (Ophir LOJKINE) on
2020-01-08
- [922882] Low CVE-2020-6444: Uninitialized Use in WebRTC.
Reported by mlfbrown on 2019-01-17
- [933171] Low CVE-2020-6445: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
- [933172] Low CVE-2020-6446: Insufficient policy enforcement in
trusted types. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2019-02-18
- [991217] Low CVE-2020-6447: Inappropriate implementation in
developer tools. Reported by David Erceg on 2019-08-06
- [1037872] Low CVE-2020-6448: Use after free in V8. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26
Discovery 2020-04-07 Entry 2020-04-12 chromium
< 81.0.4044.92
CVE-2020-6423
CVE-2020-6430
CVE-2020-6431
CVE-2020-6432
CVE-2020-6433
CVE-2020-6434
CVE-2020-6435
CVE-2020-6436
CVE-2020-6437
CVE-2020-6438
CVE-2020-6439
CVE-2020-6440
CVE-2020-6441
CVE-2020-6442
CVE-2020-6443
CVE-2020-6444
CVE-2020-6445
CVE-2020-6446
CVE-2020-6447
CVE-2020-6448
CVE-2020-6454
CVE-2020-6455
CVE-2020-6456
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
|
d73bc4e6-e7c4-11ea-a878-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 20 security fixes, including:
- [1109120] High CVE-2020-6558: Insufficient policy
enforcement in iOS. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2020-07-24
- [1116706] High CVE-2020-6559: Use after free in presentation
API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu
Lab on 2020-08-15
- [1108181] Medium CVE-2020-6560: Insufficient policy
enforcement in autofill. Reported by Nadja Ungethuem from
www.unnex.de on 2020-07-22
- [932892] Medium CVE-2020-6561: Inappropriate implementation
in Content Security Policy. Reported by Rob Wu on 2019-02-16
- [1086845] Medium CVE-2020-6562: Insufficient policy
enforcement in Blink. Reported by Masato Kinugawa on
2020-05-27
- [1104628] Medium CVE-2020-6563: Insufficient policy
enforcement in intent handling. Reported by Pedro Oliveira on
2020-07-12
- [841622] Medium CVE-2020-6564: Incorrect security UI in
permissions. Reported by Khalil Zhani on 2018-05-10
- [1029907] Medium CVE-2020-6565: Incorrect security UI in
Omnibox. Reported by Khalil Zhani on 2019-12-02
- [1065264] Medium CVE-2020-6566: Insufficient policy
enforcement in media. Reported by Jun Kokatsu, Microsoft Browser
Vulnerability Research on 2020-03-27
- [937179] Low CVE-2020-6567: Insufficient validation of
untrusted input in command line handling. Reported by Joshua
Graham of TSS on 2019-03-01
- [1092451] Low CVE-2020-6568: Insufficient policy enforcement
in intent handling. Reported by Yongke Wang(@Rudykewang) and
Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08
- [995732] Low CVE-2020-6569: Integer overflow in WebUSB.
Reported by guaixiaomei on 2019-08-20
- [1084699] Low CVE-2020-6570: Side-channel information leakage
in WebRTC. Reported by Signal/Tenable on 2020-05-19
- [1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.
Reported by Rayyan Bijoora on 2020-05-21
Discovery 2020-08-25 Entry 2020-08-26 chromium
< 85.0.4183.83
CVE-2020-6558
CVE-2020-6559
CVE-2020-6560
CVE-2020-6561
CVE-2020-6562
CVE-2020-6563
CVE-2020-6564
CVE-2020-6565
CVE-2020-6566
CVE-2020-6567
CVE-2020-6568
CVE-2020-6569
CVE-2020-6570
CVE-2020-6571
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
|
36ff7a74-47b1-11e8-a7d6-54e1ad544088 | chromium -- vulnerability
Google Chrome Releases reports:
62 security fixes in this release:
- [826626] Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
- [827492] Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
- [813876] High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
- [822091] High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
- [808838] High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
- [820913] High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
- [771933] High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
- [819869] High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
- [780435] Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
- [633030] Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
- [637098] Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
- [776418] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
- [806162] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
- [798892] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
- [808825] Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
- [811117] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
- [813540] Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
- [813814] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
- [816033] Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
- [820068] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
- [803571] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
- [805729] Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
- [808316] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
- [816769] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
- [710190] Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
- [777737] Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
- [780694] Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
- [798096] Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
- [805900] Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
- [811691] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
- [819809] Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
- [822266] Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
- [822465] Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
- [822424] Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
Discovery 2017-04-10 Entry 2018-04-24 chromium
< 66.0.3359.117
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
CVE-2018-6085
CVE-2018-6086
CVE-2018-6087
CVE-2018-6088
CVE-2018-6089
CVE-2018-6090
CVE-2018-6091
CVE-2018-6092
CVE-2018-6093
CVE-2018-6094
CVE-2018-6095
CVE-2018-6096
CVE-2018-6097
CVE-2018-6098
CVE-2018-6099
CVE-2018-6100
CVE-2018-6101
CVE-2018-6102
CVE-2018-6103
CVE-2018-6104
CVE-2018-6105
CVE-2018-6106
CVE-2018-6107
CVE-2018-6108
CVE-2018-6109
CVE-2018-6110
CVE-2018-6111
CVE-2018-6112
CVE-2018-6113
CVE-2018-6114
CVE-2018-6115
CVE-2018-6116
CVE-2018-6117
CVE-2018-6084
|
d4fc4599-8f75-11e9-8d9f-3065ec8fd3ec | chromium -- use after free
Google Chrome Releases reports:
[961413] High CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE Anonymous Bug Bounties https://bugfense.io on 2019-05-09
Discovery 2019-05-09 Entry 2019-06-15 chromium
< 75.0.3770.90
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html
CVE-2019-5842
|
d153c4d2-50f8-11eb-8046-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 16 security fixes, including:
- [1148749] High CVE-2021-21106: Use after free in autofill.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2020-11-13
- [1153595] High CVE-2021-21107: Use after free in drag and
drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2020-11-30
- [1155426] High CVE-2021-21108: Use after free in media.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2020-12-04
- [1152334] High CVE-2021-21109: Use after free in payments.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2020-11-24
- [1152451] High CVE-2021-21110: Use after free in safe
browsing. Reported by Anonymous on 2020-11-24
- [1149125] High CVE-2021-21111: Insufficient policy enforcement
in WebUI. Reported by Alesandro Ortiz on 2020-11-15
- [1151298] High CVE-2021-21112: Use after free in Blink.
Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on
2020-11-20
- [1155178] High CVE-2021-21113: Heap buffer overflow in Skia.
Reported by tsubmunu on 2020-12-03
- [1148309] High CVE-2020-16043: Insufficient data validation in
networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory
Vishnepolsky at Armis on 2020-11-12
- [1150065] High CVE-2021-21114: Use after free in audio.
Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17
- [1157790] High CVE-2020-15995: Out of bounds write in V8.
Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu
Lab on 2020-12-11
- [1157814] High CVE-2021-21115: Use after free in safe browsing.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2020-12-11
- [1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.
Reported by Alison Huffman, Microsoft Browser Vulnerability
Research on 2020-11-19
Discovery 2021-01-06 Entry 2021-01-07 chromium
< 87.0.4280.141
CVE-2020-15995
CVE-2020-16043
CVE-2021-21106
CVE-2021-21107
CVE-2021-21108
CVE-2021-21109
CVE-2021-21110
CVE-2021-21111
CVE-2021-21112
CVE-2021-21113
CVE-2021-21114
CVE-2021-21115
CVE-2021-21116
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
|
b9c525d9-9198-11e8-beba-080027ef1a23 | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
42 security fixes in this release, including:
- [850350] High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07
- [848914] High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01
- [842265] High CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-11
- [841962] High CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10
- [840536] High CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-07
- [812667] Medium CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu on 2018-02-15
- [805905] Medium CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu on 2018-01-25
- [805445] Medium CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu on 2018-01-24
- [841280] Medium CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin, Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-09
- [837275] Medium CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-04-26
- [839822] Medium CVE-2018-6160: URL spoof in Chrome on iOS. Reported by evi1m0 of Bilibili Security Team on 2018-05-04
- [826552] Medium CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu (@shhnjk) on 2018-03-27
- [804123] Medium CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair on 2018-01-21
- [849398] Medium CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-06-04
- [848786] Medium CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-06-01
- [847718] Medium CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-05-30
- [835554] Medium CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-21
- [833143] Medium CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-15
- [828265] Medium CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang of Princeton University, Frank Li of UC Berkeley on 2018-04-03
- [394518] Medium CVE-2018-6169: Permissions bypass in extension installation. Reported by Sam P on 2014-07-16
- [862059] Medium CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous on 2018-07-10
- [851799] Medium CVE-2018-6171: Use after free in WebBluetooth. Reported by amazon@mimetics.ca on 2018-06-12
- [847242] Medium CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-05-28
- [836885] Medium CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-04-25
- [835299] Medium CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-04-20
- [826019] Medium CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-26
- [666824] Medium CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn of Google Project Zero on 2016-11-18
- [826187] Low CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas (Imperva) on 2018-03-27
- [823194] Low CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani on 2018-03-19
- [816685] Low CVE-2018-6179: Local file information leak in Extensions. Reported by Anonymous on 2018-02-26
- [797461] Low CVE-2018-6044: Request privilege escalation in Extensions. Reported by Wob Wu on 2017-12-23
- [791324] Low CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - @AhsanEjazA on 2017-12-03
- [866821] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-07-24 Entry 2018-07-27 chromium
< 68.0.3440.75
CVE-2018-4117
CVE-2018-6044
CVE-2018-6150
CVE-2018-6151
CVE-2018-6152
CVE-2018-6153
CVE-2018-6154
CVE-2018-6155
CVE-2018-6156
CVE-2018-6157
CVE-2018-6158
CVE-2018-6159
CVE-2018-6160
CVE-2018-6161
CVE-2018-6162
CVE-2018-6163
CVE-2018-6164
CVE-2018-6165
CVE-2018-6166
CVE-2018-6167
CVE-2018-6168
CVE-2018-6169
CVE-2018-6170
CVE-2018-6171
CVE-2018-6172
CVE-2018-6173
CVE-2018-6174
CVE-2018-6175
CVE-2018-6176
CVE-2018-6177
CVE-2018-6178
CVE-2018-6179
https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
|
9cb57a06-7517-11ea-b594-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
This update contains 8 security fixes.
- [1062247] High CVE-2020-6450: Use after free in WebAudio.
Reported by Man Yue Mo of Semmle Security Research Team on
2020-03-17
- [1061018] High CVE-2020-6451: Use after free in WebAudio.
Reported by Man Yue Mo of Semmle Security Research Team on
2020-03-12
- [1059764] High CVE-2020-6452: Heap buffer overflow in media
Reported by asnine on 2020-03-09
- [1066247] Various fixes from internal audits, fuzzing and other
initiatives.
Discovery 2020-03-31 Entry 2020-04-02 chromium
< 80.0.3987.162
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
CVE-2020-6450
CVE-2020-6451
CVE-2020-6452
|
427b0f58-644c-11e8-9e1b-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
34 security fixes in this release, including:
- [835639] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22
- [840320] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07
- [818592] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05
- [844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18
- [842990] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15
- [841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09
- [838672] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01
- [838402] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30
- [826434] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27
- [839960] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04
- [817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28
- [797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23
- [823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19
- [831943] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12
- [835589] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21
- [810220] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by Francois Lajeunesse-Robert on 2018-02-08
- [805224] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24
- [798222] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01
- [796107] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on 2017-12-19
- [837939] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28
- [843022] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15
- [828049] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02
- [805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25
- [818133] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02
- [847542] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2018-05-29 Entry 2018-05-30 chromium
< 67.0.3396.62
CVE-2018-6123
CVE-2018-6124
CVE-2018-6125
CVE-2018-6126
CVE-2018-6127
CVE-2018-6128
CVE-2018-6129
CVE-2018-6130
CVE-2018-6131
CVE-2018-6132
CVE-2018-6133
CVE-2018-6134
CVE-2018-6135
CVE-2018-6136
CVE-2018-6137
CVE-2018-6138
CVE-2018-6139
CVE-2018-6140
CVE-2018-6141
CVE-2018-6142
CVE-2018-6143
CVE-2018-6144
CVE-2018-6145
CVE-2018-6147
https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html
|
40e2c35e-db99-11ec-b0cf-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 32 security fixes, including:
- [1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
- [1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
- [1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
- [1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
- [1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
- [1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
- [1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
- [1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
- [1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
- [1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
- [1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
- [1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
- [1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
- [1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
- [1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12
- [1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
- [1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
- [1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
- [1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
- [1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
- [1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
- [1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
- [1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
- [1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06
Discovery 2022-05-24 Entry 2022-05-24 chromium
< 102.0.5005.61
CVE-2022-1853
CVE-2022-1854
CVE-2022-1855
CVE-2022-1856
CVE-2022-1857
CVE-2022-1858
CVE-2022-1859
CVE-2022-1860
CVE-2022-1861
CVE-2022-1862
CVE-2022-1863
CVE-2022-1864
CVE-2022-1865
CVE-2022-1866
CVE-2022-1867
CVE-2022-1868
CVE-2022-1869
CVE-2022-1870
CVE-2022-1871
CVE-2022-1872
CVE-2022-1873
CVE-2022-1874
CVE-2022-1875
CVE-2022-1876
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
|
b59847e0-346d-11ed-8fe9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 11 security fixes, including:
- [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
- [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
- [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
- [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09
Discovery 2022-09-14 Entry 2022-09-14 chromium
< 105.0.5195.125
CVE-2022-3195
CVE-2022-3196
CVE-2022-3197
CVE-2022-3198
CVE-2022-3199
CVE-2022-3200
CVE-2022-3201
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
|
f3d86439-9def-11eb-97a0-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 37 security fixes, including:
- [1025683] High CVE-2021-21201: Use after free in permissions.
Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security
Lab on 2019-11-18
- [1188889] High CVE-2021-21202: Use after free in extensions.
Reported by David Erceg on 2021-03-16
- [1192054] High CVE-2021-21203: Use after free in Blink.
Reported by asnine on 2021-03-24
- [1189926] High CVE-2021-21204: Use after free in Blink.
Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily
Voigtlander of Seesaw on 2021-03-19
- [1165654] High CVE-2021-21205: Insufficient policy enforcement
in navigation. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2021-01-12
- [1195333] High CVE-2021-21221: Insufficient validation of
untrusted input in Mojo. Reported by Guang Gong of Alpha Lab,
Qihoo 360 on 2021-04-02
- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13)
of 360 Alpha Lab on 2021-03-08
- [1039539] Medium CVE-2021-21208: Insufficient data validation
in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on
2020-01-07
- [1143526] Medium CVE-2021-21209: Inappropriate implementation
in storage. Reported by Tom Van Goethem (@tomvangoethem) on
2020-10-29
- [1184562] Medium CVE-2021-21210: Inappropriate implementation
in Network. Reported by @bananabr on 2021-03-04
- [1103119] Medium CVE-2021-21211: Inappropriate implementation
in Navigation. Reported by Akash Labade (m0ns7er) on
2020-07-08
- [1145024] Medium CVE-2021-21212: Incorrect security UI in
Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the
Chinese University of Hong Kong on 2020-11-03
- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI.
Reported by raven (@raid_akame) on 2020-12-25
- [1170148] Medium CVE-2021-21214: Use after free in Network API.
Reported by Anonymous on 2021-01-24
- [1172533] Medium CVE-2021-21215: Inappropriate implementation
in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-01-30
- [1173297] Medium CVE-2021-21216: Inappropriate implementation
in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-02-02
- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-14
- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-14
- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-15
Discovery 2021-04-14 Entry 2021-04-15 chromium
< 90.0.4430.72
CVE-2021-21201
CVE-2021-21202
CVE-2021-21203
CVE-2021-21204
CVE-2021-21205
CVE-2021-21221
CVE-2021-21207
CVE-2021-21208
CVE-2021-21209
CVE-2021-21210
CVE-2021-21211
CVE-2021-21212
CVE-2021-21213
CVE-2021-21214
CVE-2021-21215
CVE-2021-21216
CVE-2021-21217
CVE-2021-21218
CVE-2021-21219
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
|
b8c0cbca-472d-11ec-83dc-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 25 security fixes, including:
- [1263620] High CVE-2021-38008: Use after free in media. Reported
by Marcin Towalski of Cisco Talos on 2021-10-26
- [1260649] High CVE-2021-38009: Inappropriate implementation in
cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
- [1240593] High CVE-2021-38006: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-08-17
- [1254189] High CVE-2021-38007: Type Confusion in V8. Reported by
Polaris Feng and SGFvamll at Singular Security Lab on
2021-09-29
- [1241091] High CVE-2021-38005: Use after free in loader.
Reported by Sergei Glazunov of Google Project Zero on
2021-08-18
- [1264477] High CVE-2021-38010: Inappropriate implementation in
service workers. Reported by Sergei Glazunov of Google Project
Zero on 2021-10-28
- [1268274] High CVE-2021-38011: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-11-09
- [1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported
by Yonghwi Jin (@jinmo123) on 2021-10-24
- [1242392] Medium CVE-2021-38013: Heap buffer overflow in
fingerprint recognition. Reported by raven (@raid_akame) on
2021-08-23
- [1248567] Medium CVE-2021-38014: Out of bounds write in
Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
- [957553] Medium CVE-2021-38015: Inappropriate implementation in
input. Reported by David Erceg on 2019-04-29
- [1244289] Medium CVE-2021-38016: Insufficient policy
enforcement in background fetch. Reported by Maurice Dauer on
2021-08-28
- [1256822] Medium CVE-2021-38017: Insufficient policy enforcement
in iframe sandbox. Reported by NDevTK on 2021-10-05
- [1197889] Medium CVE-2021-38018: Inappropriate implementation in
navigation. Reported by Alesandro Ortiz on 2021-04-11
- [1251179] Medium CVE-2021-38019: Insufficient policy enforcement
in CORS. Reported by Maurice Dauer on 2021-09-20
- [1259694] Medium CVE-2021-38020: Insufficient policy enforcement
in contacts picker. Reported by Luan Herrera (@lbherrera_) on
2021-10-13
- [1233375] Medium CVE-2021-38021: Inappropriate implementation in
referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on
2021-07-27
- [1248862] Low CVE-2021-38022: Inappropriate implementation in
WebAuthentication. Reported by Michal Kepkowski on 2021-09-13
Discovery 2021-11-15 Entry 2021-11-16 chromium
< 96.0.4664.45
CVE-2021-38005
CVE-2021-38006
CVE-2021-38007
CVE-2021-38008
CVE-2021-38009
CVE-2021-38010
CVE-2021-38011
CVE-2021-38012
CVE-2021-38013
CVE-2021-38014
CVE-2021-38015
CVE-2021-38016
CVE-2021-38017
CVE-2021-38018
CVE-2021-38019
CVE-2021-38020
CVE-2021-38021
CVE-2021-38022
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
|
fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 5 security fixes, including:
- [1263457] Critical CVE-2021-4098: Insufficient data validation
in Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-10-26
- [1270658] High CVE-2021-4099: Use after free in Swiftshader.
Reported by Aki Helin of Solita on 2021-11-16
- [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE.
Reported by Aki Helin of Solita on 2021-11-19
- [1262080] High CVE-2021-4101: Heap buffer overflow in
Swiftshader. Reported by Abraruddin Khan and Omair on
2021-10-21
- [1278387] High CVE-2021-4102: Use after free in V8. Reported by
Anonymous on 2021-12-09
Discovery 2021-12-13 Entry 2021-12-14 chromium
< 96.0.4664.110
CVE-2021-4098
CVE-2021-4099
CVE-2021-4100
CVE-2021-4101
CVE-2021-4102
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
|
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes, including:
- [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
Discovery 2023-01-24 Entry 2023-01-25 chromium
< 109.0.5414.119
ungoogled-chromium
< 109.0.5414.119
CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
|
9fba80e0-a771-11eb-97a0-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 9 security fixes, including:
- [1199345] High CVE-2021-21227: Insufficient data validation in
V8. Reported by Gengming Liu of Singular Security Lab on
2021-04-15
- [1175058] High CVE-2021-21232: Use after free in Dev Tools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-02-05
- [1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE.
Reported by Omair on 2021-02-26
- [1139156] Medium CVE-2021-21228: Insufficient policy enforcement
in extensions. Reported by Rob Wu on 2020-10-16
- [$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in
downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
- [1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported
by Manfred Paul on 2021-04-13
- [1198696] Low CVE-2021-21231: Insufficient data validation in
V8. Reported by Sergei Glazunov of Google Project Zero on
2021-04-13
Discovery 2021-04-26 Entry 2021-04-27 chromium
< 90.0.4430.93
CVE-2021-21227
CVE-2021-21228
CVE-2021-21229
CVE-2021-21230
CVE-2021-21231
CVE-2021-21232
CVE-2021-21233
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
|
cb13a765-a277-11eb-97a0-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Reelases reports:
This release includes 7 security fixes, including:
- 1194046] High CVE-2021-21222: Heap buffer overflow in V8.
Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30
- [1195308] High CVE-2021-21223: Integer overflow in Mojo.
Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02
- [1195777] High CVE-2021-21224: Type Confusion in V8. Reported
by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05
- [1195977] High CVE-2021-21225: Out of bounds memory access in
V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on
2021-04-05
- [1197904] High CVE-2021-21226: Use after free in navigation.
Reported by Brendon Tiszka (@btiszka) supporting the EFF on
2021-04-11
Discovery 2021-04-20 Entry 2021-04-21 chromium
< 90.0.4430.85
CVE-2021-21222
CVE-2021-21223
CVE-2021-21224
CVE-2021-21225
CVE-2021-21226
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
|
b6c875f1-1d76-11ec-ae80-704d7b472482 | chromium -- use after free in Portals
Chrome Releases reports:
][1251727] High CVE-2021-37973 : Use after free in Portals.
Reported by Clement Lecigne from Google TAG, with technical
assistance from Sergei Glazunov and Mark Brand from Google Project
Zero on 2021-09-21
Google is aware that an exploit for CVE-2021-37973 exists in the wild.
Discovery 2021-09-24 Entry 2021-09-24 chromium
< 94.0.4606.61
CVE-2021-37973
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
|
afdc7579-d023-11eb-bcad-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 4 security fixes, including:
- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported
by anonymous on 2021-06-15
- [1215029] High CVE-2021-30555: Use after free in Sharing.
Reported by David Erceg on 2021-06-01
- [1212599] High CVE-2021-30556: Use after free in WebAudio.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24
- [1202102] High CVE-2021-30557: Use after free in TabGroups.
Reported by David Erceg on 2021-04-23
Discovery 2021-06-17 Entry 2021-06-18 chromium
< 91.0.4472.114
CVE-2021-30554
CVE-2021-30555
CVE-2021-30556
CVE-2021-30557
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
|
6b04476f-601c-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
- [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
- [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
- [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
- [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
- [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01
Discovery 2022-11-08 Entry 2022-11-09 chromium
< 107.0.5304.110
ungoogled-chromium
< 107.0.5304.110
CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
|
96a41723-133a-11ed-be3b-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
- [1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
- [1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
- [1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
- [1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
- [1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
- [1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
- [1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
- [1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
- [1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
- [1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
- [1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
- [1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
- [1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
- [1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
- [1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
- [1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
- [1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
- [1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
- [1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
- [1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27
Discovery 2022-08-02 Entry 2022-08-03 chromium
< 104.0.5112.79
CVE-2022-2603
CVE-2022-2604
CVE-2022-2605
CVE-2022-2606
CVE-2022-2607
CVE-2022-2608
CVE-2022-2609
CVE-2022-2610
CVE-2022-2611
CVE-2022-2612
CVE-2022-2613
CVE-2022-2614
CVE-2022-2615
CVE-2022-2616
CVE-2022-2617
CVE-2022-2618
CVE-2022-2619
CVE-2022-2620
CVE-2022-2621
CVE-2022-2622
CVE-2022-2623
CVE-2022-2624
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
|
27cc4258-0805-11ed-8ac1-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14
- [1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13
- [1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
- [1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
- [1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
- [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
Discovery 2022-07-19 Entry 2022-07-20 chromium
< 103.0.5060.134
CVE-2022-2163
CVE-2022-2477
CVE-2022-2478
CVE-2022-2479
CVE-2022-2480
CVE-2022-2481
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
|
777edbbe-2230-11ec-8869-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases/Stable updates reports:
This release contains 4 security fixes, including:
- [1245578] High CVE-2021-37974: Use after free in Safe Browsing.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-09-01
- [1252918] High CVE-2021-37975: Use after free in V8. Reported by
Anonymous on 2021-09-24
- [1251787] Medium CVE-2021-37976: Information leak in core.
Reported by Clement Lecigne from Google TAG, with technical
assistance from Sergei Glazunov and Mark Brand from Google
Project Zero on 2021-09-21
Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976
exist in the wild.
Discovery 2021-09-30 Entry 2021-09-30 chromium
< 94.0.4606.71
CVE-2021-37974
CVE-2021-37975
CVE-2021-37976
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
|
ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1292261] High CVE-2022-1125: Use after free in Portals.
Reported by Khalil Zhani on 2022-01-29
- [1291891] High CVE-2022-1127: Use after free in QR Code
Generator. Reported by anonymous on 2022-01-28
- [1301920] High CVE-2022-1128: Inappropriate implementation in
Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
Shielder on 2022-03-01
- [1300253] High CVE-2022-1129: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2022-02-24
- [1142269] High CVE-2022-1130: Insufficient validation of
untrusted input in WebOTP. Reported by Sergey Toshin of
Oversecurity Inc. on 2020-10-25
- [1297404] High CVE-2022-1131: Use after free in Cast UI.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2022-02-15
- [1303410] High CVE-2022-1132: Inappropriate implementation in
Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
- [1305776] High CVE-2022-1133: Use after free in WebRTC.
Reported by Anonymous on 2022-03-13
- [1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2022-03-21
- [1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab on 2022-01-09
- [1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
Reported by Krace on 2021-12-15
- [1289846] Medium CVE-2022-1137: Inappropriate implementation in
Extensions. Reported by Thomas Orlita on 2022-01-22
- [1246188] Medium CVE-2022-1138: Inappropriate implementation in
Web Cursor. Reported by Alesandro Ortiz on 2021-09-03
- [1268541] Medium CVE-2022-1139: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-11-10
- [1303253] Medium CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab on 2022-03-05
- [1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
- [1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
- [1304145] Medium CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-08
- [1304545] Medium CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security on 2022-03-09
- [1290150] Low CVE-2022-1146: Inappropriate implementation in
Resource Timing. Reported by Sohom Datta on 2022-01-23
Discovery 2022-03-29 Entry 2022-03-29 chromium
< 100.0.4896.60
CVE-2022-1125
CVE-2022-1127
CVE-2022-1128
CVE-2022-1129
CVE-2022-1130
CVE-2022-1131
CVE-2022-1132
CVE-2022-1133
CVE-2022-1134
CVE-2022-1135
CVE-2022-1136
CVE-2022-1137
CVE-2022-1138
CVE-2022-1139
CVE-2022-1141
CVE-2022-1142
CVE-2022-1143
CVE-2022-1144
CVE-2022-1145
CVE-2022-1146
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
|
3551e106-1b17-11ec-a8a7-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update contains 19 security fixes, including:
- [1243117] High CVE-2021-37956: Use after free in Offline use.
Reported by Huyna at Viettel Cyber Security on 2021-08-24
- [1242269] High CVE-2021-37957: Use after free in WebGPU.
Reported by Looben Yang on 2021-08-23
- [1223290] High CVE-2021-37958: Inappropriate implementation in
Navigation. Reported by James Lee (@Windowsrcer) on
2021-06-24
- [1229625] High CVE-2021-37959: Use after free in Task Manager.
Reported by raven (@raid_akame) on 2021-07-15
- [1247196] High CVE-2021-37960: Inappropriate implementation in
Blink graphics. Reported by Atte Kettunen of OUSPG on
2021-09-07
- [1228557] Medium CVE-2021-37961: Use after free in Tab Strip.
Reported by Khalil Zhani on 2021-07-13
- [1231933] Medium CVE-2021-37962: Use after free in Performance
Manager. Reported by Sri on 2021-07-22
- [1199865] Medium CVE-2021-37963: Side-channel information
leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal,
University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv
University, Sioli O'Connell, University of Adelaide, and Jason
Kim, Georgia Institute of Technology on 2021-04-16
- [1203612] Medium CVE-2021-37964: Inappropriate implementation in
ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the
Chinese University of Hong Kong on 2021-04-28
- [1239709] Medium CVE-2021-37965: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-08-13
- [1238944] Medium CVE-2021-37966: Inappropriate implementation in
Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
- [1243622] Medium CVE-2021-37967: Inappropriate implementation in
Background Fetch API. Reported by SorryMybad (@S0rryMybad) of
Kunlun Lab on 2021-08-26
- [1245053] Medium CVE-2021-37968: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-08-30
- [1245879] Medium CVE-2021-37969: Inappropriate implementation in
Google Updater. Reported by Abdelhamid Naceri (halov) on
2021-09-02
- [1248030] Medium CVE-2021-37970: Use after free in File System
API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
2021-09-09
- [1219354] Low CVE-2021-37971: Incorrect security UI in Web
Browser UI. Reported by Rayyan Bijoora on 2021-06-13
- [1234259] Low CVE-2021-37972: Out of bounds read in
libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from
Panguite-Forensics-Lab of Qianxin on 2021-07-29
Discovery 2021-09-21 Entry 2021-09-21 chromium
< 94.0.4606.54
CVE-2021-37956
CVE-2021-37957
CVE-2021-37958
CVE-2021-37959
CVE-2021-37960
CVE-2021-37961
CVE-2021-37962
CVE-2021-37963
CVE-2021-37964
CVE-2021-37965
CVE-2021-37966
CVE-2021-37967
CVE-2021-37968
CVE-2021-37969
CVE-2021-37970
CVE-2021-37971
CVE-2021-37972
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
|
3cac007f-b27e-11eb-97a0-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 19 security fixes, including:
- [1180126] High CVE-2021-30506: Incorrect security UI in Web App
Installs. Reported by @retsew0x01 on 2021-02-19
- [1178202] High CVE-2021-30507: Inappropriate implementation in
Offline. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2021-02-14
- [1195340] High CVE-2021-30508: Heap buffer overflow in Media
Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-04-02
- [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.
Reported by David Erceg on 2021-04-06
- [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng
Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group
on 2021-04-09
- [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.
Reported by David Erceg on 2021-04-10
- [1200019] High CVE-2021-30512: Use after free in Notifications.
Reported by ZhanJia Song on 2021-04-17
- [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2021-04-19
- [1200766] High CVE-2021-30514: Use after free in Autofill.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of
360 Alpha Lab on 2021-04-20
- [1201073] High CVE-2021-30515: Use after free in File API.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-04-21
- [1201446] High CVE-2021-30516: Heap buffer overflow in History.
Reported by ZhanJia Song on 2021-04-22
- [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by
laural on 2021-04-27
- [1203590] High CVE-2021-30518: Heap buffer overflow in Reader
Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2021-04-28
- [1194058] Medium CVE-2021-30519: Use after free in Payments.
Reported by asnine on 2021-03-30
- [1193362] Medium CVE-2021-30520: Use after free in Tab Strip.
Reported by Khalil Zhani on 2021-04-03
Discovery 2021-05-10 Entry 2021-05-11 chromium
< 90.0.4430.212
CVE-2021-30506
CVE-2021-30507
CVE-2021-30508
CVE-2021-30509
CVE-2021-30510
CVE-2021-30511
CVE-2021-30512
CVE-2021-30513
CVE-2021-30514
CVE-2021-30515
CVE-2021-30516
CVE-2021-30517
CVE-2021-30518
CVE-2021-30519
CVE-2021-30520
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
|
18ac074c-579f-11ec-aac7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 22 security fixes, including:
- [1267661] High CVE-2021-4052: Use after free in web apps.
Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
- [1267791] High CVE-2021-4053: Use after free in UI. Reported by
Rox on 2021-11-08
- [1265806] High CVE-2021-4079: Out of bounds write in WebRTC.
Reported by Brendon Tiszka on 2021-11-01
- [1239760] High CVE-2021-4054: Incorrect security UI in autofill.
Reported by Alesandro Ortiz on 2021-08-13
- [1268738] High CVE-2021-4078: Type confusion in V8. Reported by
Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on
2021-11-09
- [1266510] High CVE-2021-4055: Heap buffer overflow in
extensions. Reported by Chen Rong on 2021-11-03
- [1260939] High CVE-2021-4056: Type Confusion in loader. Reported
by @__R0ng of 360 Alpha Lab on 2021-10-18
- [1262183] High CVE-2021-4057: Use after free in file API.
Reported by Sergei Glazunov of Google Project Zero on
2021-10-21
- [1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-06
- [1270990] High CVE-2021-4059: Insufficient data validation in
loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
- [1271456] High CVE-2021-4061: Type Confusion in V8. Reported by
Paolo Severini on 2021-11-18
- [1272403] High CVE-2021-4062: Heap buffer overflow in BFCache.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-22
- [1273176] High CVE-2021-4063: Use after free in developer tools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-11-23
- [1273197] High CVE-2021-4064: Use after free in screen capture.
Reported by @ginggilBesel on 2021-11-23
- [1273674] High CVE-2021-4065: Use after free in autofill.
Reported by 5n1p3r0010 on 2021-11-25
- [1274499] High CVE-2021-4066: Integer underflow in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
- [1274641] High CVE-2021-4067: Use after free in window manager.
Reported by @ginggilBesel on 2021-11-29
- [1265197] Low CVE-2021-4068: Insufficient validation of
untrusted input in new tab page. Reported by NDevTK on
2021-10-31
Discovery 2021-12-06 Entry 2021-12-07 chromium
< 96.0.4664.93
CVE-2021-4052
CVE-2021-4053
CVE-2021-4054
CVE-2021-4055
CVE-2021-4056
CVE-2021-4057
CVE-2021-4058
CVE-2021-4059
CVE-2021-4061
CVE-2021-4062
CVE-2021-4063
CVE-2021-4064
CVE-2021-4065
CVE-2021-4066
CVE-2021-4067
CVE-2021-4068
CVE-2021-4078
CVE-2021-4079
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
|
bdaecfad-3117-11ec-b3b0-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 19 security fixes, including:
- [1246631] High CVE-2021-37981: Heap buffer overflow in Skia.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
- [1248661] High CVE-2021-37982: Use after free in Incognito.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-09-11
- [1249810] High CVE-2021-37983: Use after free in Dev Tools.
Reported by Zhihua Yao of KunLun Lab on 2021-09-15
- [1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.
Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali
from Forcepoint on 2021-09-27
- [1241860] High CVE-2021-37985: Use after free in V8. Reported
by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
- [1242404] Medium CVE-2021-37986: Heap buffer overflow in
Settings. Reported by raven (@raid_akame) on 2021-08-23
- [1206928] Medium CVE-2021-37987: Use after free in Network APIs.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
- [1228248] Medium CVE-2021-37988: Use after free in Profiles.
Reported by raven (@raid_akame) on 2021-07-12
- [1233067] Medium CVE-2021-37989: Inappropriate implementation
in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
- [1247395] Medium CVE-2021-37990: Inappropriate implementation
in WebView. Reported by Kareem Selim of CyShield on
2021-09-07
- [1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel
Gross of Google Project Zero on 2021-09-17
- [1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.
Reported by sunburst@Ant Security Light-Year Lab on
2021-09-28
- [1255332] Medium CVE-2021-37993: Use after free in PDF
Accessibility. Reported by Cassidy Kim of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
- [1243020] Medium CVE-2021-37996: Insufficient validation of
untrusted input in Downloads. Reported by Anonymous on
2021-08-24
- [1100761] Low CVE-2021-37994: Inappropriate implementation in
iFrame Sandbox. Reported by David Erceg on 2020-06-30
- [1242315] Low CVE-2021-37995: Inappropriate implementation in
WebApp Installer. Reported by Terence Eden on 2021-08-23
Discovery 2021-10-19 Entry 2021-10-19 chromium
< 95.0.4638.54
CVE-2021-37981
CVE-2021-37982
CVE-2021-37983
CVE-2021-37984
CVE-2021-37985
CVE-2021-37986
CVE-2021-37987
CVE-2021-37988
CVE-2021-37989
CVE-2021-37990
CVE-2021-37991
CVE-2021-37992
CVE-2021-37993
CVE-2021-37994
CVE-2021-37995
CVE-2021-37996
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
|
ac91cf5e-d098-11ec-bead-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 13 security fixes, including:
- [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
- [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09
- [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26
- [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15
- [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31
- [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17
- [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19
- [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28
- [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10
Discovery 2022-05-10 Entry 2022-05-10 chromium
< 101.0.4951.64
CVE-2022-1633
CVE-2022-1634
CVE-2022-1635
CVE-2022-1636
CVE-2022-1637
CVE-2022-1638
CVE-2022-1639
CVE-2022-1640
CVE-2022-1641
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
|
857be71a-a4b0-11ec-95fc-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1299422] Critical CVE-2022-0971: Use after free in Blink
Layout. Reported by Sergei Glazunov of Google Project Zero on
2022-02-21
- [1301320] High CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero on
2022-02-28
- [1297498] High CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
- [1291986] High CVE-2022-0974: Use after free in Splitscreen.
Reported by @ginggilBesel on 2022-01-28
- [1295411] High CVE-2022-0975: Use after free in ANGLE. Reported
by SeongHwan Park (SeHwa) on 2022-02-09
- [1296866] High CVE-2022-0976: Heap buffer overflow in GPU.
Reported by Omair on 2022-02-13
- [1299225] High CVE-2022-0977: Use after free in Browser UI.
Reported by Khalil Zhani on 2022-02-20
- [1299264] High CVE-2022-0978: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-20
- [1302644] High CVE-2022-0979: Use after free in Safe Browsing.
Reported by anonymous on 2022-03-03
- [1302157] Medium CVE-2022-0980: Use after free in New Tab Page.
Reported by Krace on 2022-03-02
Discovery 2022-03-15 Entry 2022-03-15 chromium
< 98.0.4844.74
CVE-2022-0971
CVE-2022-0972
CVE-2022-0973
CVE-2022-0974
CVE-2022-0975
CVE-2022-0976
CVE-2022-0977
CVE-2022-0978
CVE-2022-0979
CVE-2022-0980
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
|
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 1 security fix:
- [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22
Google is aware that an exploit for CVE-2022-4135 exists in the wild.
Discovery 2022-11-24 Entry 2022-11-25 chromium
< 107.0.5304.121
ungoogled-chromium
< 107.0.5304.121
CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
|
26f2123b-c6c6-11ec-b66f-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 30 security fixes, including:
- [1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
- [1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
- [1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
- [1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
- [1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
- [1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
- [1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
- [1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
- [1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
- [1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
- [1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
- [1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
- [1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
- [1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
- [1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
- [1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11
- [1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
- [1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
- [1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
- [1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
- [1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
- [1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
- [1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
- [1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
- [1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02
Discovery 2022-04-26 Entry 2022-04-28 chromium
< 101.0.4951.41
CVE-2022-1477
CVE-2022-1478
CVE-2022-1479
CVE-2022-1480
CVE-2022-1481
CVE-2022-1482
CVE-2022-1483
CVE-2022-1484
CVE-2022-1485
CVE-2022-1486
CVE-2022-1487
CVE-2022-1488
CVE-2022-1489
CVE-2022-1490
CVE-2022-1491
CVE-2022-1492
CVE-2022-1493
CVE-2022-1494
CVE-2022-1495
CVE-2022-1496
CVE-2022-1497
CVE-2022-1498
CVE-2022-1499
CVE-2022-1500
CVE-2022-1501
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
|
e12432af-8e73-11ec-8bc4-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1290008] High CVE-2022-0603: Use after free in File Manager.
Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
- [1273397] High CVE-2022-0604: Heap buffer overflow in Tab
Groups. Reported by Krace on 2021-11-24
- [1286940] High CVE-2022-0605: Use after free in Webstore API.
Reported by Thomas Orlita on 2022-01-13
- [1288020] High CVE-2022-0606: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-01-17
- [1250655] High CVE-2022-0607: Use after free in GPU. Reported by
0x74960 on 2021-09-17
- [1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported
by Sergei Glazunov of Google Project Zero on 2021-11-16
- [1296150] High CVE-2022-0609: Use after free in Animation.
Reported by Adam Weidemann and Clément Lecigne of Google'
Threat Analysis Group on 2022-02-10
- [1285449] Medium CVE-2022-0610: Inappropriate implementation in
Gamepad API. Reported by Anonymous on 2022-01-08
Discovery 2022-02-14 Entry 2022-02-15 chromium
< 98.0.4758.102
CVE-2022-0603
CVE-2022-0604
CVE-2022-0605
CVE-2022-0606
CVE-2022-0607
CVE-2022-0608
CVE-2022-0609
CVE-2022-0610
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
|
b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11
- [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19
- [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29
- [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14
- [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30
- [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19
- [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
- [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10
- [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19
Discovery 2022-06-21 Entry 2022-06-22 chromium
< 103.0.5060.53
CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
|
6f0327d4-9902-4042-9b68-6fc2266944bc | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 2 security fixes:
- [1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11
Discovery 2023-04-14 Entry 2023-04-15 chromium
< 112.0.5615.121
ungoogled-chromium
< 112.0.5615.121
CVE-2023-2033
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
|
f00b65d8-7ccb-11eb-b3be-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 47 security fixes, including the below.
Google is aware of reports that an exploit for CVE-2021-21166 exists
in the wild. Please see URL for details.
Discovery 2021-03-02 Entry 2021-03-04 chromium
< 89.0.4389.72
CVE-2021-21159
CVE-2021-21160
CVE-2021-21161
CVE-2021-21162
CVE-2021-21163
CVE-2021-21164
CVE-2021-21165
CVE-2021-21166
CVE-2021-21167
CVE-2021-21168
CVE-2021-21169
CVE-2021-21170
CVE-2021-21171
CVE-2021-21172
CVE-2021-21173
CVE-2021-21174
CVE-2021-21175
CVE-2021-21176
CVE-2021-21177
CVE-2021-21178
CVE-2021-21179
CVE-2021-21180
CVE-2021-21181
CVE-2021-21182
CVE-2021-21183
CVE-2021-21184
CVE-2021-21185
CVE-2021-21186
CVE-2021-21187
CVE-2021-21188
CVE-2021-21189
CVE-2021-21190
CVE-2020-27844
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
|
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 20 security fixes, including:
- [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
- [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
- [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
- [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
- [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08
- [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29
- [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16
- [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04
- [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06
- [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20
- [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24
- [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05
- [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07
- [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24
- [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22
Discovery 2022-09-27 Entry 2022-09-27 chromium
< 106.0.5249.61
CVE-2022-3201
CVE-2022-3304
CVE-2022-3305
CVE-2022-3306
CVE-2022-3307
CVE-2022-3308
CVE-2022-3309
CVE-2022-3310
CVE-2022-3311
CVE-2022-3312
CVE-2022-3313
CVE-2022-3314
CVE-2022-3315
CVE-2022-3316
CVE-2022-3317
CVE-2022-3318
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
|
51496cbc-7a0e-11ec-a323-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 26 security fixes, including:
- [1284367] Critical CVE-2022-0289: Use after free in Safe
browsing. Reported by Sergei Glazunov of Google Project Zero on
2022-01-05
- [1260134][1260007] High CVE-2022-0290: Use after free in Site
isolation. Reported by Brendon Tiszka and Sergei Glazunov of
Google Project Zero on 2021-10-15
- [1281084] High CVE-2022-0291: Inappropriate implementation in
Storage. Reported by Anonymous on 2021-12-19
- [1270358] High CVE-2022-0292: Inappropriate implementation in
Fenced Frames. Reported by Brendon Tiszka on 2021-11-16
- [1283371] High CVE-2022-0293: Use after free in Web packaging.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-30
- [1273017] High CVE-2022-0294: Inappropriate implementation in
Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-11-23
- [1278180] High CVE-2022-0295: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-09
- [1283375] High CVE-2022-0296: Use after free in Printing.
Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability
Research Institute on 2021-12-30
- [1274316] High CVE-2022-0297: Use after free in Vulkan. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2021-11-28
- [1212957] High CVE-2022-0298: Use after free in Scheduling.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25
- [1275438] High CVE-2022-0300: Use after free in Text Input
Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-12-01
- [1276331] High CVE-2022-0301: Heap buffer overflow in DevTools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-12-03
- [1278613] High CVE-2022-0302: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-10
- [1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by
Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22
- [1282118] High CVE-2022-0304: Use after free in Bookmarks.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-22
- [1282354] High CVE-2022-0305: Inappropriate implementation in
Service Worker API. Reported by @uwu7586 on 2021-12-23
- [1283198] High CVE-2022-0306: Heap buffer overflow in PDFium.
Reported by Sergei Glazunov of Google Project Zero on
2021-12-29
- [1281881] Medium CVE-2022-0307: Use after free in Optimization
Guide. Reported by Samet Bekmezci @sametbekmezci on
2021-12-21
- [1282480] Medium CVE-2022-0308: Use after free in Data Transfer.
Reported by @ginggilBesel on 2021-12-24
- [1240472] Medium CVE-2022-0309: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2021-08-17
- [1283805] Medium CVE-2022-0310: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03
- [1283807] Medium CVE-2022-0311: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03
Discovery 2022-01-19 Entry 2022-01-20 chromium
< 97.0.4692.99
CVE-2022-0289
CVE-2022-0290
CVE-2022-0291
CVE-2022-0292
CVE-2022-0293
CVE-2022-0294
CVE-2022-0295
CVE-2022-0296
CVE-2022-0297
CVE-2022-0298
CVE-2022-0300
CVE-2022-0301
CVE-2022-0302
CVE-2022-0303
CVE-2022-0304
CVE-2022-0305
CVE-2022-0306
CVE-2022-0307
CVE-2022-0308
CVE-2022-0309
CVE-2022-0310
CVE-2022-0311
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
|
744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 4 security fixes, including:
- [1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- [1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- [1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
Discovery 2022-07-04 Entry 2022-07-07 chromium
< 103.0.5060.114
CVE-2022-2294
CVE-2022-2295
CVE-2022-2296
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
|
83eb9374-7b97-11ed-be8f-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
- [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
- [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
- [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
- [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09
Discovery 2022-12-13 Entry 2022-12-14 chromium
< 108.0.5359.124
ungoogled-chromium
< 108.0.5359.124
CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
|
1225c888-56ea-11ed-b5c3-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÃ
¡ek, Milánek, and Przemek Gmerek of Avast on 2022-10-25
Discovery 2022-10-27 Entry 2022-10-28 chromium
< 107.0.5304.87
ungoogled-chromium
< 107.0.5304.87
CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
|
4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 10 security fixes:
- [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13
- [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10
- [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22
- [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09
- [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27
- [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17
- [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05
- [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN
Discovery 2023-02-22 Entry 2023-02-22 chromium
< 110.0.5481.177
ungoogled-chromium
< 110.0.5481.177
CVE-2023-0941
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
|
310ca30e-a951-11ed-8314-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 15 security fixes, including:
- [1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18
- [1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03
- [1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25
- [1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06
- [1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26
- [1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05
- [1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14
- [1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07
- [1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18
- [1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11
Discovery 2023-02-07 Entry 2023-02-10 chromium
< 110.0.5481.77
ungoogled-chromium
< 110.0.5481.77
CVE-2023-0696
CVE-2023-0697
CVE-2023-0698
CVE-2023-0699
CVE-2023-0700
CVE-2023-0701
CVE-2023-0702
CVE-2023-0703
CVE-2023-0704
CVE-2023-0705
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
|
b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec | Chromium -- mulitple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
- [1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
- [1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
- [1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28
- [1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
- [1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
- [1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
- [1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
- [1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
- [1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09
Discovery 2022-04-11 Entry 2022-04-12 chromium
< 100.0.4896.88
CVE-2022-1305
CVE-2022-1306
CVE-2022-1307
CVE-2022-1308
CVE-2022-1309
CVE-2022-1310
CVE-2022-1311
CVE-2022-1312
CVE-2022-1313
CVE-2022-1314
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
|
e0914087-9a09-11ec-9e61-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE.
Reported by SeongHwan Park (SeHwa) on 2022-01-21
- [1274077] High CVE-2022-0790: Use after free in Cast UI.
Reported by Anonymous on 2021-11-26
- [1278322] High CVE-2022-0791: Use after free in Omnibox.
Reported by Zhihua Yao of KunLun Lab on 2021-12-09
- [1285885] High CVE-2022-0792: Out of bounds read in ANGLE.
Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11
- [1291728] High CVE-2022-0793: Use after free in Views. Reported
by Thomas Orlita on 2022-01-28
- [1294097] High CVE-2022-0794: Use after free in WebShare.
Reported by Khalil Zhani on 2022-02-04
- [1282782] High CVE-2022-0795: Type Confusion in Blink Layout.
Reported by 0x74960 on 2021-12-27
- [1295786] High CVE-2022-0796: Use after free in Media. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-10
- [1281908] High CVE-2022-0797: Out of bounds memory access in
Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-12-21
- [1283402] Medium CVE-2022-0798: Use after free in MediaStream.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-30
- [1279188] Medium CVE-2022-0799: Insufficient policy enforcement
in Installer. Reported by Abdelhamid Naceri (halov) on
2021-12-12
- [1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.
Reported by Khalil Zhani on 2021-08-24
- [1231037] Medium CVE-2022-0801: Inappropriate implementation in
HTML parser. Reported by Michal Bentkowski of Securitum on
2021-07-20
- [1270052] Medium CVE-2022-0802: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-14
- [1280233] Medium CVE-2022-0803: Inappropriate implementation in
Permissions. Reported by Abdulla Aldoseri on 2021-12-15
- [1264561] Medium CVE-2022-0804: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-10-29
- [1290700] Medium CVE-2022-0805: Use after free in Browser
Switcher. Reported by raven at KunLun Lab on 2022-01-25
- [1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by
Paril on 2021-12-31
- [1287364] Medium CVE-2022-0807: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2022-01-14
- [1292271] Medium CVE-2022-0808: Use after free in Chrome OS
Shell. Reported by @ginggilBesel on 2022-01-29
- [1293428] Medium CVE-2022-0809: Out of bounds memory access in
WebXR. Reported by @uwu7586 on 2022-02-03
Discovery 2022-03-01 Entry 2022-03-02 chromium
< 99.0.4844.51
CVE-2022-0789
CVE-2022-0790
CVE-2022-0791
CVE-2022-0792
CVE-2022-0793
CVE-2022-0794
CVE-2022-0795
CVE-2022-0796
CVE-2022-0797
CVE-2022-0798
CVE-2022-0799
CVE-2022-0800
CVE-2022-0801
CVE-2022-0802
CVE-2022-0803
CVE-2022-0804
CVE-2022-0805
CVE-2022-0806
CVE-2022-0807
CVE-2022-0808
CVE-2022-0809
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
|
976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1259864] High CVE-2021-37997 : Use after free in Sign-In.
Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
- [1259587] High CVE-2021-37998 : Use after free in Garbage
Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-10-13
- [1251541] High CVE-2021-37999 : Insufficient data validation in
New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
- [1249962] High CVE-2021-38000 : Insufficient validation of
untrusted input in Intents. Reported by Clement Lecigne, Neel
Mehta, and Maddie Stone of Google Threat Analysis Group on
2021-09-15
- [1260577] High CVE-2021-38001 : Type Confusion in V8. Reported
by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
- [1260940] High CVE-2021-38002 : Use after free in Web Transport.
Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on
2021-10-16
- [1263462] High CVE-2021-38003 : Inappropriate implementation in
V8. Reported by Clément Lecigne from Google TAG and Samuel Gross
from Google Project Zero on 2021-10-26
Google is aware that exploits for CVE-2021-38000 and
CVE-2021-38003 exist in the wild.
Discovery 2021-10-28 Entry 2021-10-29 chromium
< 95.0.4638.69
CVE-2021-37997
CVE-2021-37998
CVE-2021-37999
CVE-2021-38000
CVE-2021-38001
CVE-2021-38002
CVE-2021-38003
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
|
f12368a8-1e05-11ed-a1ef-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 11 security fixes, including:
- [1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
- [1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
- [1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
- [1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
- [1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
- [1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
- [1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
- [1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
- [1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
- [1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21
Discovery 2022-08-16 Entry 2022-08-17 chromium
< 104.0.5112.101
CVE-2022-2852
CVE-2022-2853
CVE-2022-2854
CVE-2022-2855
CVE-2022-2856
CVE-2022-2857
CVE-2022-2858
CVE-2022-2859
CVE-2022-2860
CVE-2022-2861
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
|
c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1227777] High CVE-2021-30590: Heap buffer overflow in
Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-07-09
- [1229298] High CVE-2021-30591: Use after free in File System
API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
2021-07-14
- [1209469] High CVE-2021-30592: Out of bounds write in Tab
Groups. Reported by David Erceg on 2021-05-15
- [1209616] High CVE-2021-30593: Out of bounds read in Tab Strip.
Reported by David Erceg on 2021-05-16
- [1218468] High CVE-2021-30594: Use after free in Page Info UI.
Reported by raven (@raid_akame) on 2021-06-10
- [1214481] Medium CVE-2021-30596: Incorrect security UI in
Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29
- [1232617] Medium CVE-2021-30597: Use after free in Browser UI.
Reported by raven (@raid_akame) on 2021-07-24
Discovery 2021-08-02 Entry 2021-08-03 chromium
< 92.0.4515.131
CVE-2021-30590
CVE-2021-30591
CVE-2021-30592
CVE-2021-30593
CVE-2021-30594
CVE-2021-30596
CVE-2021-30597
https://chromereleases.googleblog.com/search/label/Stable%20updates
|
7c0d71a9-9d48-11eb-97a0-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains two security fixes:
- [1196781] High CVE-2021-21206: Use after free in Blink. Reported
by Anonymous on 2021-04-07
- [1196683] High CVE-2021-21220: Insufficient validation of
untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_)
and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it)
via ZDI (ZDI-CAN-13569) on 2021-04-07>
Discovery 2021-04-13 Entry 2021-04-14 chromium
< 89.0.4389.128
CVE-2021-21206
CVE-2021-21220
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
|
674ed047-be0a-11eb-b927-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 32 security fixes, including:
- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.
Reported by ZhanJia Song on 2021-05-13
- [1176218] High CVE-2021-30522: Use after free in WebAudio.
Reported by Piotr Bania of Cisco Talos on 2021-02-09
- [1187797] High CVE-2021-30523: Use after free in WebRTC.
Reported by Tolyan Korniltsev on 2021-03-13
- [1197146] High CVE-2021-30524: Use after free in TabStrip.
Reported by David Erceg on 2021-04-08
- [1197888] High CVE-2021-30525: Use after free in TabGroups.
Reported by David Erceg on 2021-04-11
- [1198717] High CVE-2021-30526: Out of bounds write in
TabStrip. Reported by David Erceg on 2021-04-13
- [1199198] High CVE-2021-30527: Use after free in WebUI.
Reported by David Erceg on 2021-04-15
- [1206329] High CVE-2021-30528: Use after free in
WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on
2021-05-06
- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of
360 Alpha Lab on 2021-04-02
- [1201033] Medium CVE-2021-30530: Out of bounds memory access
in WebAudio. Reported by kkwon on 2021-04-21
- [1115628] Medium CVE-2021-30531: Insufficient policy
enforcement in Content Security Policy. Reported by Philip Papurt on
2020-08-12
- [1117687] Medium CVE-2021-30532: Insufficient policy
enforcement in Content Security Policy. Reported by Philip Papurt on
2020-08-18
- [1145553] Medium CVE-2021-30533: Insufficient policy
enforcement in PopupBlocker. Reported by Eliya Stein on
2020-11-04
- [1151507] Medium CVE-2021-30534: Insufficient policy
enforcement in iFrameSandbox. Reported by Alesandro Ortiz on
2020-11-20
- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported
by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on
2021-04-01
- [1145024] Medium CVE-2021-21212: Insufficient data validation
in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese
University of Hong Kong on 2020-11-03
- [1194358] Low CVE-2021-30536: Out of bounds read in V8.
Reported by Chris Salls (@salls) on 2021-03-31
- [830101] Low CVE-2021-30537: Insufficient policy enforcement
in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
- [1115045] Low CVE-2021-30538: Insufficient policy enforcement
in content security policy. Reported by Tianze Ding (@D1iv3) of
Tencent Security Xuanwu Lab on 2020-08-11
- [971231] Low CVE-2021-30539: Insufficient policy enforcement
in content security policy. Reported by unnamed researcher on
2019-06-05
- [1184147] Low CVE-2021-30540: Incorrect security UI in
payments. Reported by @retsew0x01 on 2021-03-03
Discovery 2021-05-25 Entry 2021-05-26 chromium
< 91.0.4472.77
CVE-2021-30521
CVE-2021-30522
CVE-2021-30523
CVE-2021-30524
CVE-2021-30525
CVE-2021-30526
CVE-2021-30527
CVE-2021-30528
CVE-2021-30529
CVE-2021-30530
CVE-2021-30531
CVE-2021-30532
CVE-2021-30533
CVE-2021-30534
CVE-2021-30535
CVE-2021-21212
CVE-2021-30536
CVE-2021-30537
CVE-2021-30538
CVE-2021-30539
CVE-2021-30540
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
|
20b3ab21-c9df-11eb-8558-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1212618] Critical CVE-2021-30544: Use after free in BFCache.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-05-24
- [1201031] High CVE-2021-30545: Use after free in Extensions.
Reported by kkwon with everpall and kkomdal on 2021-04-21
- [1206911] High CVE-2021-30546: Use after free in Autofill.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-05-08
- [1210414] High CVE-2021-30547: Out of bounds write in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2021-05-18
- [1210487] High CVE-2021-30548: Use after free in Loader.
Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team
on 2021-05-18
- [1212498] High CVE-2021-30549: Use after free in Spell check.
Reported by David Erceg on 2021-05-23
- [1212500] High CVE-2021-30550: Use after free in Accessibility.
Reported by David Erceg on 2021-05-23
- [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by
Sergei Glazunov of Google Project Zero on 2021-06-04
- [1200679] Medium CVE-2021-30552: Use after free in Extensions.
Reported by David Erceg on 2021-04-20
- [1209769] Medium CVE-2021-30553: Use after free in Network
service. Reported by Anonymous on 2021-05-17
Google is aware that an exploit for CVE-2021-30551 exists in the
wild.
Discovery 2021-06-10 Entry 2021-06-10 chromium
< 91.0.4472.101
CVE-2021-30544
CVE-2021-30545
CVE-2021-30546
CVE-2021-30547
CVE-2021-30548
CVE-2021-30549
CVE-2021-30550
CVE-2021-30551
CVE-2021-30552
CVE-2021-30553
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
|
d459c914-4100-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 3 security fixes, including:
- [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
- [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21
Discovery 2022-09-30 Entry 2022-09-30 chromium
< 106.0.5249.91
CVE-2022-3370
CVE-2022-3373
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
|
c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 7 security fixes, including:
- [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
- [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Discovery 2022-06-09 Entry 2022-06-09 chromium
< 102.0.5005.115
CVE-2022-2007
CVE-2022-2008
CVE-2022-2010
CVE-2022-2011
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
|
a25ea27b-bced-11ec-87b5-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 2 security fixes, including:
- [1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13
Discovery 2022-04-14 Entry 2022-04-15 chromium
< 100.0.4896.127
CVE-2022-1364
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
|
7d3d94d3-2810-11ec-9c51-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 4 security fixes, including:
- [1252878] High CVE-2021-37977: Use after free in Garbage
Collection. Reported by Anonymous on 2021-09-24
- [1236318] High CVE-2021-37978: Heap buffer overflow in Blink.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04
- [1247260] High CVE-2021-37979: Heap buffer overflow in WebRTC.
Reported by Marcin Towalski of Cisco Talos on 2021-09-07
- [1254631] High CVE-2021-37980: Inappropriate implementation in
Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30
Discovery 2021-10-07 Entry 2021-10-08 chromium
< 94.0.4606.81
CVE-2021-37977
CVE-2021-37978
CVE-2021-37979
CVE-2021-37980
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
|
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
- [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
- [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
- [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
- [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
- [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
- [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
- [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
- [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
- [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
- [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
- [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
- [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
- [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
- [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
- [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
- [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
- [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
- [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
- [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
- [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
- [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06
Discovery 2022-11-29 Entry 2022-11-30 chromium
< 108.0.5359.71
ungoogled-chromium
< 108.0.5359.71
CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
|
323f900d-ac6d-11ec-a0b8-3065ec8fd3ec | chromium -- V8 type confusion
Chrome Releases reports:
This release contains 1 security fix:
- [1309225] High CVE-2022-1096: Type Confusion in V8. Reported by
anonymous on 2022-03-23
Google is aware that an exploit for CVE-2022-1096 exists in the wild.
Discovery 2022-03-25 Entry 2022-03-25 chromium
< 99.0.4844.84
CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
|
2899da38-7300-11ed-92ce-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29
Google is aware that an exploit for CVE-2022-4262 exists in the wild.
Discovery 2022-12-02 Entry 2022-12-03 chromium
< 108.0.5359.94
ungoogled-chromium
< 108.0.5359.94
CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
|
bddadaa4-9227-11eb-99c5-e09467587c17 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update contains 8 security fixes, including:
- [1181228] High CVE-2021-21194: Use after free in screen capture.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-02-23
- [1182647] High CVE-2021-21195: Use after free in V8.
Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent
Security Xuanwu Lab on 2021-02-26
- [1175992] High CVE-2021-21196: Heap buffer overflow in
TabStrip. Reported by Khalil Zhani on 2021-02-08
- [1173903] High CVE-2021-21197: Heap buffer overflow in
TabStrip. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-02-03
- [1184399] High CVE-2021-21198: Out of bounds read in IPC.
Reported by Mark Brand of Google Project Zero on 2021-03-03
- [1179635] High CVE-2021-21199: Use Use after free in Aura.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group and Evangelos Foutras
Discovery 2021-03-31 Entry 2021-03-31 chromium
< 89.0.4389.114
CVE-2021-21194
CVE-2021-21195
CVE-2021-21196
CVE-2021-21197
CVE-2021-21198
CVE-2021-21199
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
|
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec | chromium -- mulitple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes:
- [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
- [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
- [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
- [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
- [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
- [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
Discovery 2022-10-11 Entry 2022-10-12 chromium
< 106.0.5249.119
ungoogled-chromium
< 106.0.5249.119
CVE-2022-3445
CVE-2022-3446
CVE-2022-3447
CVE-2022-3448
CVE-2022-3449
CVE-2022-3450
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
|
1ba21ff1-e672-11eb-a686-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1219082] High CVE-2021-30559: Out of bounds write in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2021-06-11
- [1214842] High CVE-2021-30541: Use after free in V8. Reported by
Richard Wheeldon on 2021-05-31
- [1219209] High CVE-2021-30560: Use after free in Blink XSLT.
Reported by Nick Wellnhofer on 2021-06-12
- [1219630] High CVE-2021-30561: Type Confusion in V8. Reported by
Sergei Glazunov of Google Project Zero on 2021-06-14
- [1220078] High CVE-2021-30562: Use after free in WebSerial.
Reported by Anonymous on 2021-06-15
- [1228407] High CVE-2021-30563: Type Confusion in V8. Reported by
Anonymous on 2021-07-12
- [1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR.
Reported by Ali Merchant, iQ3Connect VR Platform on
2021-06-17
Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.
Discovery 2021-07-15 Entry 2021-07-16 chromium
< 91.0.4472.164
CVE-2021-30541
CVE-2021-30559
CVE-2021-30560
CVE-2021-30561
CVE-2021-30562
CVE-2021-30563
CVE-2021-30564
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
|
7b929503-911d-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 17 security fixes, including:
- [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
- [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
- [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
- [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
- [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
- [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
- [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
- [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
- [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
- [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
- [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
- [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
- [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
- [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
Discovery 2023-01-10 Entry 2023-01-10 chromium
< 109.0.5414.74
ungoogled-chromium
< 109.0.5414.74
CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
|
a7732806-0b2a-11ec-836b-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1233975] High CVE-2021-30606: Use after free in Blink. Reported
by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360
Alpha Lab on 2021-07-28
- [1235949] High CVE-2021-30607: Use after free in Permissions.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-08-03
- [1219870] High CVE-2021-30608: Use after free in Web Share.
Reported by Huyna at Viettel Cyber Security on 2021-06-15
- [1239595] High CVE-2021-30609: Use after free in Sign-In.
Reported by raven (@raid_akame) on 2021-08-13
- [1200440] High CVE-2021-30610: Use after free in Extensions API.
Reported by Igor Bukanov from Vivaldi on 2021-04-19
- [1233942] Medium CVE-2021-30611: Use after free in WebRTC.
Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
360 Alpha Lab on 2021-07-28
- [1234284] Medium CVE-2021-30612: Use after free in WebRTC.
Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of
360 Alpha Lab on 2021-07-29
- [1209622] Medium CVE-2021-30613: Use after free in Base
internals. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-05-16
- [1207315] Medium CVE-2021-30614: Heap buffer overflow in
TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2021-05-10
- [1208614] Medium CVE-2021-30615: Cross-origin data leak in
Navigation. Reported by NDevTK on 2021-05-12
- [1231432] Medium CVE-2021-30616: Use after free in Media.
Reported by Anonymous on 2021-07-21
- [1226909] Medium CVE-2021-30617: Policy bypass in Blink.
Reported by NDevTK on 2021-07-07
- [1232279] Medium CVE-2021-30618: Inappropriate implementation in
DevTools. Reported by @DanAmodio and @mattaustin from Contrast
Security on 2021-07-23
- [1235222] Medium CVE-2021-30619: UI Spoofing in Autofill.
Reported by Alesandro Ortiz on 2021-08-02
- [1063518] Medium CVE-2021-30620: Insufficient policy enforcement
in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2020-03-20
- [1204722] Medium CVE-2021-30621: UI Spoofing in Autofill.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-04-30
- [1224419] Medium CVE-2021-30622: Use after free in WebApp
Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
Research on 2021-06-28
- [1223667] Low CVE-2021-30623: Use after free in Bookmarks.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-06-25
- [1230513] Low CVE-2021-30624: Use after free in Autofill.
Reported by Wei Yuan of MoyunSec VLab on 2021-07-19
Discovery 2021-08-31 Entry 2021-09-01 chromium
< 93.0.4577.63
CVE-2021-30606
CVE-2021-30607
CVE-2021-30608
CVE-2021-30609
CVE-2021-30610
CVE-2021-30611
CVE-2021-30612
CVE-2021-30613
CVE-2021-30614
CVE-2021-30615
CVE-2021-30616
CVE-2021-30617
CVE-2021-30618
CVE-2021-30619
CVE-2021-30620
CVE-2021-30621
CVE-2021-30622
CVE-2021-30623
CVE-2021-30624
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
|
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
- [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
- [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
- [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
- [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
- [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
- [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
- [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
- [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04
Discovery 2022-10-25 Entry 2022-10-25 chromium
< 107.0.5304.68
ungoogled-chromium
< 107.0.5304.68
CVE-2022-3652
CVE-2022-3653
CVE-2022-3654
CVE-2022-3655
CVE-2022-3656
CVE-2022-3657
CVE-2022-3658
CVE-2022-3659
CVE-2022-3660
CVE-2022-3661
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
|
fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release includes one security fix:
- [1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30
Discovery 2022-04-04 Entry 2022-04-05 chromium
< 100.0.4896.75
CVE-2022-1232
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html
|
e852f43c-846e-11ec-b043-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 27 security fixes, including:
- [1284584] High CVE-2022-0452: Use after free in Safe Browsing.
Reported by avaue at S.S.L. on 2022-01-05
- [1284916] High CVE-2022-0453: Use after free in Reader Mode.
Reported by Rong Jian of VRI on 2022-01-06
- [1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2022-01-17
- [1270593] High CVE-2022-0455: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-16
- [1289523] High CVE-2022-0456: Use after free in Web Search.
Reported by Zhihua Yao of KunLun Lab on 2022-01-21
- [1274445] High CVE-2022-0457: Type Confusion in V8. Reported by
rax of the Group0x58 on 2021-11-29
- [1267060] High CVE-2022-0458: Use after free in Thumbnail Tab
Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-05
- [1244205] High CVE-2022-0459: Use after free in Screen Capture.
Reported by raven (@raid_akame) on 2021-08-28
- [1250227] Medium CVE-2022-0460: Use after free in Window Dialog.
Reported by 0x74960 on 2021-09-16
- [1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported
by NDevTK on 2021-10-05
- [1270470] Medium CVE-2022-0462: Inappropriate implementation in
Scroll. Reported by Youssef Sammouda on 2021-11-16
- [1268240] Medium CVE-2022-0463: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-09
- [1270095] Medium CVE-2022-0464: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-14
- [1281941] Medium CVE-2022-0465: Use after free in Extensions.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-22
- [1115460] Medium CVE-2022-0466: Inappropriate implementation in
Extensions Platform. Reported by David Erceg on 2020-08-12
- [1239496] Medium CVE-2022-0467: Inappropriate implementation in
Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13
- [1252716] Medium CVE-2022-0468: Use after free in Payments.
Reported by Krace on 2021-09-24
- [1279531] Medium CVE-2022-0469: Use after free in Cast. Reported
by Thomas Orlita on 2021-12-14
- [1269225] Low CVE-2022-0470: Out of bounds memory access in V8.
Reported by Looben Yang on 2021-11-11
Discovery 2022-02-01 Entry 2022-02-02 chromium
< 98.0.4758.80
CVE-2022-0452
CVE-2022-0453
CVE-2022-0454
CVE-2022-0455
CVE-2022-0456
CVE-2022-0457
CVE-2022-0458
CVE-2022-0459
CVE-2022-0460
CVE-2022-0461
CVE-2022-0462
CVE-2022-0463
CVE-2022-0464
CVE-2022-0465
CVE-2022-0466
CVE-2022-0467
CVE-2022-0468
CVE-2022-0469
CVE-2022-0470
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
|
f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec | chromium -- insufficient data validation in Mojo
Chrome Releases reports:
This release contains 1 security fix:
- [1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
Google is aware that an exploit of CVE-2022-3075 exists in the wild.
Discovery 2022-09-02 Entry 2022-09-03 chromium
< 105.0.5195.102
CVE-2022-3075
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
|
3d5581ff-d388-11ed-8581-a8a1599412c6 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 16 security fixes:
- [1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08
- [1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01
- [1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22
- [1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10
- [1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18
- [1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10
- [1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08
- [1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22
- [1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24
- [1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12
- [1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17
- [1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07
- [1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by ê°Âì°짠on 2020-04-01
- [1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13
Discovery 2023-04-05 Entry 2023-04-05 chromium
< 112.0.5615.49
ungoogled-chromium
< 112.0.5615.49
CVE-2023-1810
CVE-2023-1811
CVE-2023-1812
CVE-2023-1813
CVE-2023-1814
CVE-2023-1815
CVE-2023-1816
CVE-2023-1817
CVE-2023-1818
CVE-2023-1819
CVE-2023-1820
CVE-2023-1821
CVE-2023-1822
CVE-2023-1823
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
|
c8b334e0-6e83-4575-81d1-f9d5803ceb07 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 8 security fixes:
- [1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07
- [1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27
- [1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27
- [1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13
- [1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03
- [1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07
- [1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08
Discovery 2023-03-21 Entry 2023-03-22 chromium
< 111.0.5563.110
ungoogled-chromium
< 111.0.5563.110
CVE-2023-1528
CVE-2023-1529
CVE-2023-1530
CVE-2023-1531
CVE-2023-1532
CVE-2023-1533
CVE-2023-1534
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
|
f2043ff6-2916-11ed-a1ef-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 24 security fixes, including:
- [1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
- [1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03
- [1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
- [1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16
- [1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
- [1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26
- [1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21
- [1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07
- [1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06
- [1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17
- [1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
- [1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18
- [1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21
- [1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
- [1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24
- [1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
- [1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26
- [1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
- [1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20
Discovery 2022-08-30 Entry 2022-08-31 chromium
< 105.0.5195.52
CVE-2022-3038
CVE-2022-3039
CVE-2022-3040
CVE-2022-3041
CVE-2022-3042
CVE-2022-3043
CVE-2022-3044
CVE-2022-3045
CVE-2022-3046
CVE-2022-3047
CVE-2022-3048
CVE-2022-3049
CVE-2022-3050
CVE-2022-3051
CVE-2022-3052
CVE-2022-3053
CVE-2022-3054
CVE-2022-3055
CVE-2022-3056
CVE-2022-3057
CVE-2022-3058
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
|
9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 37 security fixes, including:
- [$TBD][1275020] Critical CVE-2022-0096: Use after free in
Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-11-30
- [1117173] High CVE-2022-0097: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-08-17
- [1273609] High CVE-2022-0098: Use after free in Screen Capture.
Reported by @ginggilBesel on 2021-11-24
- [1245629] High CVE-2022-0099: Use after free in Sign-in.
Reported by Rox on 2021-09-01
- [1238209] High CVE-2022-0100: Heap buffer overflow in Media
streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-08-10
- [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
Reported by raven (@raid_akame) on 2021-09-14
- [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
Brendon Tiszka on 2021-10-14
- [1272266] High CVE-2022-0103: Use after free in SwiftShader.
Reported by Abraruddin Khan and Omair on 2021-11-21
- [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-25
- [1274376] High CVE-2022-0105: Use after free in PDF. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd. on 2021-11-28
- [1278960] High CVE-2022-0106: Use after free in Autofill.
Reported by Khalil Zhani on 2021-12-10
- [1248438] Medium CVE-2022-0107: Use after free in File Manager
API. Reported by raven (@raid_akame) on 2021-09-10
- [1248444] Medium CVE-2022-0108: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on
2021-09-10
- [1261689] Medium CVE-2022-0109: Inappropriate implementation in
Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
Seoul National University on 2021-10-20
- [1237310] Medium CVE-2022-0110: Incorrect security UI in
Autofill. Reported by Alesandro Ortiz on 2021-08-06
- [1241188] Medium CVE-2022-0111: Inappropriate implementation in
Navigation. Reported by garygreen on 2021-08-18
- [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
UI. Reported by Thomas Orlita on 2021-10-04
- [1039885] Medium CVE-2022-0113: Inappropriate implementation in
Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
- [1267627] Medium CVE-2022-0114: Out of bounds memory access in
Web Serial. Reported by Looben Yang on 2021-11-06
- [1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
Reported by Mark Brand of Google Project Zero on 2021-11-10
- [1272250] Medium CVE-2022-0116: Inappropriate implementation in
Compositing. Reported by Irvan Kurniawan (sourc7) on
2021-11-20
- [1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
Reported by Dongsung Kim (@kid1ng) on 2020-08-13
- [1238631] Low CVE-2022-0118: Inappropriate implementation in
WebShare. Reported by Alesandro Ortiz on 2021-08-11
- [1262953] Low CVE-2022-0120: Inappropriate implementation in
Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25
Discovery 2022-01-04 Entry 2022-01-05 chromium
< 97.0.4692.71
CVE-2022-0098
CVE-2022-0099
CVE-2022-0096
CVE-2022-0097
CVE-2022-0100
CVE-2022-0101
CVE-2022-0102
CVE-2022-0103
CVE-2022-0104
CVE-2022-0105
CVE-2022-0106
CVE-2022-0107
CVE-2022-0108
CVE-2022-0109
CVE-2022-0110
CVE-2022-0111
CVE-2022-0112
CVE-2022-0113
CVE-2022-0114
CVE-2022-0115
CVE-2022-0116
CVE-2022-0117
CVE-2022-0118
CVE-2022-0120
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
|
76487640-ea29-11eb-a686-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 35 security fixes, including:
- ][1210985] High CVE-2021-30565: Out of bounds write in Tab
Groups. Reported by David Erceg on 2021-05-19
- [1202661] High CVE-2021-30566: Stack buffer overflow in
Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-04-26
- [1211326] High CVE-2021-30567: Use after free in DevTools.
Reported by DDV_UA on 2021-05-20
- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15
- [1218707] High CVE-2021-30569: Use after free in sqlite.
Reported by Chris Salls (@salls) of Makai Security on
2021-06-11
- [1101897] High CVE-2021-30571: Insufficient policy enforcement
in DevTools. Reported by David Erceg on 2020-07-03
- [1214234] High CVE-2021-30572: Use after free in Autofill.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-05-28
- [1216822] High CVE-2021-30573: Use after free in GPU. Reported
by Security For Everyone Team - https://securityforeveryone.com on
2021-06-06
- [1227315] High CVE-2021-30574: Use after free in protocol
handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-07-08
- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-05-26
- [1194896] Medium CVE-2021-30576: Use after free in DevTools.
Reported by David Erceg on 2021-04-01
- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement
in Installer. Reported by Jan van der Put (REQON B.V) on
2021-05-01
- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.
Reported by Chaoyuan Peng on 2021-04-21
- [1207277] Medium CVE-2021-30579: Use after free in UI framework.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qi'anxin Group on 2021-05-10
- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement
in Android intents. Reported by @retsew0x01 on 2021-03-17
- [1194431] Medium CVE-2021-30581: Use after free in DevTools.
Reported by David Erceg on 2021-03-31
- [1205981] Medium CVE-2021-30582: Inappropriate implementation in
Animation. Reported by George Liu on 2021-05-05
- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement
in image handling on Windows. Reported by Muneaki Nishimura
(nishimunea) on 2021-02-17
- [1213350] Medium CVE-2021-30584: Incorrect security UI in
Downloads. Reported by @retsew0x01 on 2021-05-26
- [1023503] Medium CVE-2021-30585: Use after free in sensor
handling. Reported by niarci on 2019-11-11
- [1201032] Medium CVE-2021-30586: Use after free in dialog box
handling on Windows. Reported by kkomdal with kkwon and neodal on
2021-04-21
- [1204347] Medium CVE-2021-30587: Inappropriate implementation in
Compositing on Windows. Reported by Abdulrahman Alqabandi,
Microsoft Browser Vulnerability Research on 2021-04-30
- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by
Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04
- [1180510] Low CVE-2021-30589: Insufficient validation of
untrusted input in Sharing. Reported by Kirtikumar Anandrao
Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on
2021-02-20
Discovery 2021-07-20 Entry 2021-07-21 chromium
< 92.0.4515.107
CVE-2021-30565
CVE-2021-30566
CVE-2021-30567
CVE-2021-30568
CVE-2021-30569
CVE-2021-30571
CVE-2021-30572
CVE-2021-30573
CVE-2021-30574
CVE-2021-30575
CVE-2021-30576
CVE-2021-30577
CVE-2021-30578
CVE-2021-30579
CVE-2021-30580
CVE-2021-30581
CVE-2021-30582
CVE-2021-30583
CVE-2021-30584
CVE-2021-30585
CVE-2021-30586
CVE-2021-30587
CVE-2021-30588
CVE-2021-30589
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
|
47b571f2-157b-11ec-ae98-704d7b472482 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 11 security fixes, including:
- [1237533] High CVE-2021-30625: Use after free in Selection API.
Reported by Marcin Towalski of Cisco Talos on 2021-08-06
- [1241036] High CVE-2021-30626: Out of bounds memory access in
ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
- [1245786] High CVE-2021-30627: Type Confusion in Blink layout.
Reported by Aki Helin of OUSPG on 2021-09-01
- [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
- [1243646] High CVE-2021-30629: Use after free in Permissions.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
at Qi'anxin Group on 2021-08-26
- [1244568] High CVE-2021-30630: Inappropriate implementation in
Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on
2021-08-30
- [1246932] High CVE-2021-30631: Type Confusion in Blink layout.
Reported by Atte Kettunen of OUSPG on 2021-09-06
- [1247763] High CVE-2021-30632: Out of bounds write in V8.
Reported by Anonymous on 2021-09-08
- [1247766] High CVE-2021-30633: Use after free in Indexed DB API.
Reported by Anonymous on 2021-09-08
Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633
exist in the wild.
Discovery 2021-09-13 Entry 2021-09-14 chromium
< 93.0.4577.82
CVE-2021-30625
CVE-2021-30626
CVE-2021-30627
CVE-2021-30628
CVE-2021-30629
CVE-2021-30630
CVE-2021-30631
CVE-2021-30632
CVE-2021-30633
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
|
d357f6bb-0af4-4ac9-b096-eeec183ad829 | chromium -- multiple vulnerabilities
Chrome Releases reports:
This update includes 40 security fixes:
- [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
- [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
- [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
- [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
- [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
- [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
- [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
- [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
- [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
- [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
- [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
- [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
- [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
- [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
- [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
- [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
- [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
- [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
- [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
- [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
- [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
- [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
- [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
- [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14
Discovery 2023-03-08 Entry 2023-03-09 chromium
< 111.0.5563.64
ungoogled-chromium
< 111.0.5563.64
CVE-2023-1213
CVE-2023-1214
CVE-2023-1215
CVE-2023-1216
CVE-2023-1217
CVE-2023-1218
CVE-2023-1219
CVE-2023-1220
CVE-2023-1221
CVE-2023-1222
CVE-2023-1223
CVE-2023-1224
CVE-2023-1225
CVE-2023-1226
CVE-2023-1227
CVE-2023-1228
CVE-2023-1229
CVE-2023-1230
CVE-2023-1231
CVE-2023-1232
CVE-2023-1233
CVE-2023-1234
CVE-2023-1235
CVE-2023-1236
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
|
128deba6-ff56-11eb-8514-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 9 security fixes, including:
- [1234764] High CVE-2021-30598: Type Confusion in V8. Reported by
Manfred Paul on 2021-07-30
- [1234770] High CVE-2021-30599: Type Confusion in V8. Reported by
Manfred Paul on 2021-07-30
- [1231134] High CVE-2021-30600: Use after free in Printing.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-07-20
- [1234009] High CVE-2021-30601: Use after free in Extensions API.
Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of
360 Alpha Lab on 2021-07-28
- [1230767] High CVE-2021-30602: Use after free in WebRTC.
Reported by Marcin Towalski of Cisco Talos on 2021-07-19
- [1233564] High CVE-2021-30603: Race in WebAudio. Reported by
Sergei Glazunov of Google Project Zero on 2021-07-27
- [1234829] High CVE-2021-30604: Use after free in ANGLE. Reported
by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30
Discovery 2021-08-16 Entry 2021-08-17 chromium
< 92.0.4515.159
CVE-2021-30598
CVE-2021-30599
CVE-2021-30600
CVE-2021-30601
CVE-2021-30602
CVE-2021-30603
CVE-2021-30604
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
|