Google Chrome Web browser

Type confusion in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21230 8.8 - High - April 30, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93

CVE-2021-21232 8.8 - High - April 30, 2021

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21227 8.8 - High - April 30, 2021

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93

CVE-2021-21231 8.8 - High - April 30, 2021

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient Verification of Data Authenticity

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93

CVE-2021-21228 4.3 - Medium - April 30, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

AuthZ

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21218 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Use of Uninitialized Resource

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72

CVE-2021-21215 6.5 - Medium - April 26, 2021

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21219 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Information Disclosure

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128

CVE-2021-21220 8.8 - High - April 26, 2021

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72

CVE-2021-21221 6.5 - Medium - April 26, 2021

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72

CVE-2021-21216 6.5 - Medium - April 26, 2021

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72

CVE-2021-21217 5.5 - Medium - April 26, 2021

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Information Disclosure

Use after free in navigation in Google Chrome prior to 90.0.4430.85

CVE-2021-21226 9.6 - Critical - April 26, 2021

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72

CVE-2021-21209 6.5 - Medium - April 26, 2021

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21211 6.5 - Medium - April 26, 2021

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72

CVE-2021-21212 6.5 - Medium - April 26, 2021

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72

CVE-2021-21213 8.8 - High - April 26, 2021

Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Network API in Google Chrome prior to 90.0.4430.72

CVE-2021-21214 8.8 - High - April 26, 2021

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21222 6.5 - Medium - April 26, 2021

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Memory Corruption

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85

CVE-2021-21223 9.6 - Critical - April 26, 2021

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Integer Overflow or Wraparound

Type confusion in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21224 8.8 - High - April 26, 2021

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Object Type Confusion

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85

CVE-2021-21225 8.8 - High - April 26, 2021

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21208 6.5 - Medium - April 26, 2021

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

Improper Input Validation

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72

CVE-2021-21207 8.6 - High - April 26, 2021

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Dangling pointer

Use after free in Blink in Google Chrome prior to 89.0.4389.128

CVE-2021-21206 8.8 - High - April 26, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72

CVE-2021-21205 8.1 - High - April 26, 2021

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Use after free in Blink in Google Chrome prior to 90.0.4430.72

CVE-2021-21203 8.8 - High - April 26, 2021

Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in extensions in Google Chrome prior to 90.0.4430.72

CVE-2021-21202 8.6 - High - April 26, 2021

Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Dangling pointer

Use after free in permissions in Google Chrome prior to 90.0.4430.72

CVE-2021-21201 9.6 - Critical - April 26, 2021

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72

CVE-2021-21210 6.5 - Medium - April 26, 2021

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114

CVE-2021-21194 8.8 - High - April 09, 2021

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in V8 in Google Chrome prior to 89.0.4389.114

CVE-2021-21195 8.8 - High - April 09, 2021

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114

CVE-2021-21197 8.8 - High - April 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114

CVE-2021-21198 7.4 - High - April 09, 2021

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Out-of-bounds Read

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114

CVE-2021-21199 8.8 - High - April 09, 2021

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90

CVE-2021-21191 8.8 - High - March 16, 2021

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90

CVE-2021-21192 8.8 - High - March 16, 2021

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Blink in Google Chrome prior to 89.0.4389.90

CVE-2021-21193 8.8 - High - March 16, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21159 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72

CVE-2021-21160 8.8 - High - March 09, 2021

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21161 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72

CVE-2021-21162 8.8 - High - March 09, 2021

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21165 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21166 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72

CVE-2021-21167 8.8 - High - March 09, 2021

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72

CVE-2021-21168 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72

CVE-2021-21169 8.8 - High - March 09, 2021

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72

CVE-2021-21170 6.5 - Medium - March 09, 2021

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72

CVE-2021-21172 8.1 - High - March 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72

CVE-2021-21173 6.5 - Medium - March 09, 2021

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72

CVE-2021-21174 8.8 - High - March 09, 2021

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72

CVE-2021-21175 6.5 - Medium - March 09, 2021

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72

CVE-2021-21176 6.5 - Medium - March 09, 2021

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21177 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

authentification

Use after free in tab search in Google Chrome prior to 89.0.4389.72

CVE-2021-21180 8.8 - High - March 09, 2021

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21181 6.5 - Medium - March 09, 2021

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72

CVE-2021-21182 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

AuthZ

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21183 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21184 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72

CVE-2021-21185 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72

CVE-2021-21187 4.3 - Medium - March 09, 2021

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Use after free in Blink in Google Chrome prior to 89.0.4389.72

CVE-2021-21188 8.8 - High - March 09, 2021

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72

CVE-2021-21189 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

authentification

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72

CVE-2021-21190 8.8 - High - March 09, 2021

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Use of Uninitialized Resource

Use after free in Payments in Google Chrome prior to 88.0.4324.182

CVE-2021-21151 9.6 - Critical - February 22, 2021

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182

CVE-2021-21154 9.6 - Critical - February 22, 2021

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Memory Corruption

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182

CVE-2021-21156 8.8 - High - February 22, 2021

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.

Memory Corruption

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150

CVE-2021-21148 8.8 - High - February 09, 2021

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146

CVE-2021-21143 8.8 - High - February 09, 2021

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Memory Corruption

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146

CVE-2021-21144 8.8 - High - February 09, 2021

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Memory Corruption

Use after free in Fonts in Google Chrome prior to 88.0.4324.146

CVE-2021-21145 8.8 - High - February 09, 2021

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Navigation in Google Chrome prior to 88.0.4324.146

CVE-2021-21146 9.6 - Critical - February 09, 2021

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146

CVE-2021-21147 4.3 - Medium - February 09, 2021

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96

CVE-2020-16044 8.8 - High - February 09, 2021

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Dangling pointer

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96

CVE-2021-21117 7.8 - High - February 09, 2021

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

Improper Privilege Management

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96

CVE-2021-21118 8.8 - High - February 09, 2021

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Use after free in Media in Google Chrome prior to 88.0.4324.96

CVE-2021-21119 8.8 - High - February 09, 2021

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96

CVE-2021-21120 8.8 - High - February 09, 2021

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96

CVE-2021-21121 9.6 - Critical - February 09, 2021

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21122 8.8 - High - February 09, 2021

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21123 6.5 - Medium - February 09, 2021

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Improper Input Validation

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21124 9.6 - Critical - February 09, 2021

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96

CVE-2021-21125 8.1 - High - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21126 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21127 8.8 - High - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

authentification

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21128 8.8 - High - February 09, 2021

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21129 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21130 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21131 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21132 9.6 - Critical - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Clickjacking

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96

CVE-2021-21133 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

authentification

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96

CVE-2021-21135 6.5 - Medium - February 09, 2021

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21137 6.5 - Medium - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Information Disclosure

Use after free in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21138 8.6 - High - February 09, 2021

Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.

Dangling pointer

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96

CVE-2021-21139 6.5 - Medium - February 09, 2021

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Clickjacking

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96

CVE-2021-21140 6.8 - Medium - February 09, 2021

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

Buffer Overflow

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21141 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

authentification

Use after free in Media in Google Chrome prior to 81.0.4044.92

CVE-2020-6572 8.8 - High - January 14, 2021

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Dangling pointer

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66

CVE-2020-16012 4.3 - Medium - January 08, 2021

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198

CVE-2020-16013 8.8 - High - January 08, 2021

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption