Google Chrome Web browser

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77

CVE-2021-30543 8.8 - High - June 07, 2021

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77

CVE-2021-30542 8.8 - High - June 07, 2021

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77

CVE-2021-30540 6.5 - Medium - June 07, 2021

Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Improper Input Validation

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30539 5.4 - Medium - June 07, 2021

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77

CVE-2021-30530 8.8 - High - June 07, 2021

Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77

CVE-2021-30529 8.8 - High - June 07, 2021

Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebUI in Google Chrome prior to 91.0.4472.77

CVE-2021-30527 8.8 - High - June 07, 2021

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77

CVE-2021-30526 8.8 - High - June 07, 2021

Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

Memory Corruption

Use after free in TabGroups in Google Chrome prior to 91.0.4472.77

CVE-2021-30525 8.8 - High - June 07, 2021

Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in TabStrip in Google Chrome prior to 91.0.4472.77

CVE-2021-30524 8.8 - High - June 07, 2021

Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77

CVE-2021-30523 8.8 - High - June 07, 2021

Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Dangling pointer

Use after free in WebAudio in Google Chrome prior to 91.0.4472.77

CVE-2021-30522 8.8 - High - June 07, 2021

Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30538 4.3 - Medium - June 07, 2021

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77

CVE-2021-30536 8.1 - High - June 07, 2021

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

Out-of-bounds Read

Double free in ICU in Google Chrome prior to 91.0.4472.77

CVE-2021-30535 8.8 - High - June 07, 2021

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Double-free

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77

CVE-2021-30537 4.3 - Medium - June 07, 2021

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

AuthZ

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77

CVE-2021-30533 6.5 - Medium - June 07, 2021

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

AuthZ

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30531 6.5 - Medium - June 07, 2021

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30532 4.3 - Medium - June 07, 2021

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77

CVE-2021-30534 6.5 - Medium - June 07, 2021

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

AuthZ

Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212

CVE-2021-30520 8.8 - High - June 04, 2021

Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Payments in Google Chrome prior to 90.0.4430.212

CVE-2021-30519 8.8 - High - June 04, 2021

Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212

CVE-2021-30518 8.8 - High - June 04, 2021

Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 90.0.4430.212

CVE-2021-30517 8.8 - High - June 04, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212

CVE-2021-30509 8.8 - High - June 04, 2021

Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.

Memory Corruption

Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212

CVE-2021-30508 8.8 - High - June 04, 2021

Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212

CVE-2021-30516 8.8 - High - June 04, 2021

Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in File API in Google Chrome prior to 90.0.4430.212

CVE-2021-30515 8.8 - High - June 04, 2021

Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Autofill in Google Chrome prior to 90.0.4430.212

CVE-2021-30514 8.8 - High - June 04, 2021

Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 90.0.4430.212

CVE-2021-30513 8.8 - High - June 04, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Notifications in Google Chrome prior to 90.0.4430.212

CVE-2021-30512 8.8 - High - June 04, 2021

Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212

CVE-2021-30511 8.1 - High - June 04, 2021

Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

Out-of-bounds Read

Use after free in Aura in Google Chrome prior to 90.0.4430.212

CVE-2021-30510 8.8 - High - June 04, 2021

Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21230 8.8 - High - April 30, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93

CVE-2021-21232 8.8 - High - April 30, 2021

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21227 8.8 - High - April 30, 2021

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21231 8.8 - High - April 30, 2021

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient Verification of Data Authenticity

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93

CVE-2021-21228 4.3 - Medium - April 30, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

AuthZ

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21218 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Use of Uninitialized Resource

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72

CVE-2021-21215 6.5 - Medium - April 26, 2021

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21219 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Information Disclosure

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128

CVE-2021-21220 8.8 - High - April 26, 2021

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72

CVE-2021-21221 6.5 - Medium - April 26, 2021

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72

CVE-2021-21216 6.5 - Medium - April 26, 2021

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21217 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Information Disclosure

Use after free in navigation in Google Chrome prior to 90.0.4430.85

CVE-2021-21226 9.6 - Critical - April 26, 2021

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72

CVE-2021-21209 6.5 - Medium - April 26, 2021

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21211 6.5 - Medium - April 26, 2021

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72

CVE-2021-21212 6.5 - Medium - April 26, 2021

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72

CVE-2021-21213 8.8 - High - April 26, 2021

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Network API in Google Chrome prior to 90.0.4430.72

CVE-2021-21214 8.8 - High - April 26, 2021

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21222 6.5 - Medium - April 26, 2021

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Memory Corruption

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85

CVE-2021-21223 9.6 - Critical - April 26, 2021

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Integer Overflow or Wraparound

Type confusion in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21224 8.8 - High - April 26, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Object Type Confusion

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21225 8.8 - High - April 26, 2021

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21208 6.5 - Medium - April 26, 2021

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

Improper Input Validation

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72

CVE-2021-21207 8.6 - High - April 26, 2021

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Dangling pointer

Use after free in Blink in Google Chrome prior to 89.0.4389.128

CVE-2021-21206 8.8 - High - April 26, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21205 8.1 - High - April 26, 2021

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Use after free in Blink in Google Chrome prior to 90.0.4430.72

CVE-2021-21203 8.8 - High - April 26, 2021

Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in extensions in Google Chrome prior to 90.0.4430.72

CVE-2021-21202 8.6 - High - April 26, 2021

Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Dangling pointer

Use after free in permissions in Google Chrome prior to 90.0.4430.72

CVE-2021-21201 9.6 - Critical - April 26, 2021

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72

CVE-2021-21210 6.5 - Medium - April 26, 2021

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114

CVE-2021-21194 8.8 - High - April 09, 2021

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in V8 in Google Chrome prior to 89.0.4389.114

CVE-2021-21195 8.8 - High - April 09, 2021

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114

CVE-2021-21197 8.8 - High - April 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114

CVE-2021-21198 7.4 - High - April 09, 2021

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Out-of-bounds Read

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114

CVE-2021-21199 8.8 - High - April 09, 2021

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90

CVE-2021-21191 8.8 - High - March 16, 2021

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90

CVE-2021-21192 8.8 - High - March 16, 2021

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Blink in Google Chrome prior to 89.0.4389.90

CVE-2021-21193 8.8 - High - March 16, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21159 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72

CVE-2021-21160 8.8 - High - March 09, 2021

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21161 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72

CVE-2021-21162 8.8 - High - March 09, 2021

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21165 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21166 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72

CVE-2021-21167 8.8 - High - March 09, 2021

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72

CVE-2021-21168 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72

CVE-2021-21169 8.8 - High - March 09, 2021

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72

CVE-2021-21170 6.5 - Medium - March 09, 2021

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72

CVE-2021-21172 8.1 - High - March 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72

CVE-2021-21173 6.5 - Medium - March 09, 2021

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72

CVE-2021-21174 8.8 - High - March 09, 2021

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72

CVE-2021-21175 6.5 - Medium - March 09, 2021

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72

CVE-2021-21176 6.5 - Medium - March 09, 2021

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21177 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

authentification

Use after free in tab search in Google Chrome prior to 89.0.4389.72

CVE-2021-21180 8.8 - High - March 09, 2021

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21181 6.5 - Medium - March 09, 2021

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72

CVE-2021-21182 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

AuthZ

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21183 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21184 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72

CVE-2021-21185 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72

CVE-2021-21187 4.3 - Medium - March 09, 2021

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Use after free in Blink in Google Chrome prior to 89.0.4389.72

CVE-2021-21188 8.8 - High - March 09, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72

CVE-2021-21189 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

authentification

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72

CVE-2021-21190 8.8 - High - March 09, 2021

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Use of Uninitialized Resource

Use after free in Payments in Google Chrome prior to 88.0.4324.182

CVE-2021-21151 9.6 - Critical - February 22, 2021

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182

CVE-2021-21154 9.6 - Critical - February 22, 2021

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Memory Corruption

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182

CVE-2021-21156 8.8 - High - February 22, 2021

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.

Memory Corruption