
Medium CVE-2021-21181: Side-channel information leakage in autofill. Medium CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on
#Google chrome update march 2021 free#
Medium CVE-2021-21180: Use after free in tab search. Medium CVE-2021-21179: Use after free in Network Internals. Medium CVE-2021-21178: Inappropriate implementation in Compositing. Medium CVE-2021-21177: Insufficient policy enforcement in Autofill.
#Google chrome update march 2021 full#
Medium CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on Medium CVE-2021-21175: Inappropriate implementation in Site isolation. Medium CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven on Medium CVE-2021-21173: Side-channel information leakage in Network Internals. Medium CVE-2021-21172: Insufficient policy enforcement in File System API.

Medium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Medium CVE-2021-21170: Incorrect security UI in Loader. Reported by Bohan Liu and Moon Liang of Tencent Security Xuanwu Lab on Medium CVE-2021-21169: Out of bounds memory access in V8.

Medium CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on Medium CVE-2021-21167: Use after free in bookmarks. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on High CVE-2021-21166: Object lifecycle issue in audio. High CVE-2021-21165: Object lifecycle issue in audio. Reported by Muneaki Nishimura (nishimunea) on High CVE-2021-21164: Insufficient data validation in Chrome for iOS. High CVE-2021-21163: Insufficient data validation in Reader Mode. High CVE-2021-21162: Use after free in WebRTC. High CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Marcin 'Icewall' Noga of Cisco Talos on High CVE-2021-21160: Heap buffer overflow in WebAudio. High CVE-2021-21159: Heap buffer overflow in TabStrip. Please see the Chrome Security Page for more information. Below, we highlight fixes that were contributed by external researchers. Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild. High CVE-2021-21193: Use after free in Blink. High CVE-2021-21192: Heap buffer overflow in tab groups. High CVE-2021-21191: Use after free in WebRTC. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Various fixes from internal audits, fuzzing and other initiatives We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.Īs usual, our ongoing internal security work was responsible for a wide range of fixes: Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi'anxin Group and Evangelos Foutras High CVE-2021-21199: Use Use after free in Aura. Reported by Mark Brand of Google Project Zero on High CVE-2021-21198: Out of bounds read in IPC. High CVE-2021-21197: Heap buffer overflow in TabStrip. High CVE-2021-21196: Heap buffer overflow in TabStrip. High CVE-2021-21194: Use after free in screen capture.

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
