Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 8.8 - High - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Exposure of Resource to Wrong Sphere

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2021-36929 5.5 - Medium - August 26, 2021

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36931 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36928 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 7.5 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Media in Google Chrome prior to 88.0.4324.96

CVE-2021-21119 8.8 - High - February 09, 2021

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96

CVE-2021-21118 8.8 - High - February 09, 2021

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96

CVE-2021-21120 8.8 - High - February 09, 2021

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96

CVE-2021-21121 9.6 - Critical - February 09, 2021

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21122 8.8 - High - February 09, 2021

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21123 6.5 - Medium - February 09, 2021

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Improper Input Validation

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21124 9.6 - Critical - February 09, 2021

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96

CVE-2021-21125 8.1 - High - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21126 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21127 8.8 - High - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

authentification

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21128 8.8 - High - February 09, 2021

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21129 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21130 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21131 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21132 9.6 - Critical - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Clickjacking

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96

CVE-2021-21133 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

authentification

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96

CVE-2021-21134 6.5 - Medium - February 09, 2021

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96

CVE-2021-21135 6.5 - Medium - February 09, 2021

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21136 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21137 6.5 - Medium - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Information Disclosure

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96

CVE-2021-21139 6.5 - Medium - February 09, 2021

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Clickjacking