taitei.net

96.0.4664.45

This update includes 25 security fixes

[1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26

[1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16

[1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17

[1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29

[1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18

[1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28

[1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09

[1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24

[1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23

[1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10

[957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29

[1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer  on 2021-08-28

[1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05

[1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11

[1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20

[1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13

[1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27

[1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13

95.0.4638.54 

includes 19 security fixes

[1246631] High CVE-2021-37981 : Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04

[1248661] High CVE-2021-37982 : Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-09-11

[1249810] High CVE-2021-37983 : Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15

[1253399] High CVE-2021-37984 : Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint on 2021-09-27

[1241860] High CVE-2021-37985 : Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20

[1242404] Medium CVE-2021-37986 : Heap buffer overflow in Settings. Reported by raven (@raid_akame)  on 2021-08-23

[1206928] Medium CVE-2021-37987 : Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08

[1228248] Medium CVE-2021-37988 : Use after free in Profiles. Reported by raven (@raid_akame)  on 2021-07-12

[1233067] Medium CVE-2021-37989 : Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26

[1247395] Medium CVE-2021-37990 : Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07

[1250660] Medium CVE-2021-37991 : Race in V8. Reported by Samuel Groß of Google Project Zero on 2021-09-17

[1253746] Medium CVE-2021-37992 : Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28

[1255332] Medium CVE-2021-37993 : Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02

[1243020] Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24

[1100761] Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30

[1242315] Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23

94.0.4606.71

4 security fixes included

[1245578] High CVE-2021-37974 : Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-09-01

[1252918] High CVE-2021-37975 : Use after free in V8. Reported by Anonymous on 2021-09-24

[1251787] Medium CVE-2021-37976 : Information leak in core. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21

94.0.4606.54

includes 19 security fixes

[1243117] High CVE-2021-37956: Use after free in Offline use. Reported by Huyna at Viettel Cyber Security on 2021-08-24

[1242269] High CVE-2021-37957 : Use after free in WebGPU. Reported by Looben Yang on 2021-08-23

[1223290] High CVE-2021-37958 : Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24

[1229625] High CVE-2021-37959 : Use after free in Task Manager. Reported by raven (@raid_akame)  on 2021-07-15

[1247196] High CVE-2021-37960 : Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07

[1228557] Medium CVE-2021-37961 : Use after free in Tab Strip. Reported by Khalil Zhani on 2021-07-13

[1231933] Medium CVE-2021-37962 : Use after free in Performance Manager. Reported by Sri on 2021-07-22

[1199865] Medium CVE-2021-37963 : Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O’Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology  on 2021-04-16

[1203612] Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2021-04-28

[1239709] Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer  on 2021-08-13

[1238944] Medium CVE-2021-37966 : Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639)  on 2021-08-11

[1243622] Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-26

[1245053] Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer  on 2021-08-30

[1245879] Medium CVE-2021-37969 : Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02

[1248030] Medium CVE-2021-37970 : Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-09-09

[1219354] Low CVE-2021-37971 : Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora on 2021-06-13

[1234259] Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin on 2021-07-29

93.0.4577.63

includes 27 security fixes

[1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[1235949] High CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-03

[1219870] High CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security on 2021-06-15

[1239595] High CVE-2021-30609: Use after free in Sign-In. Reported by raven (@raid_akame)  on 2021-08-13

[1200440] High CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi on 2021-04-19

[1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29

[1209622] Medium CVE-2021-30613: Use after free in Base internals. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16

[1207315] Medium CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.  on 2021-05-10

[1208614] Medium CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12

[1231432] Medium CVE-2021-30616: Use after free in Media. Reported by Anonymous on 2021-07-21

[1226909] Medium CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK on 2021-07-07

[1232279] Medium CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security on 2021-07-23

[1235222] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz on 2021-08-02

[1063518] Medium CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-20

[1204722] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

[1224419] Medium CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28

[1223667] Low CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25

[1230513] Low CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab on 2021-07-19

92.0.4515.159

9 security fixes included

[1234764] High CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30

[1234770] High CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul on 2021-07-30

[1231134] High CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20

[1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28

[1230767] High CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos  on 2021-07-19

[1233564] High CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2021-07-27

[1234829] High CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30

92.0.4515.107

includes 35 security fixes

[1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19

[1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26

[1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20

[1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15

[1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11

[1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03

[1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-05-28

[1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team – https://securityforeveryone.com on 2021-06-06

[1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08

[1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26

[1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01

[1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01

[1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng  on 2021-04-21

[1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-05-10

[1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17

[1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31

[1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu  on 2021-05-05

[1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17

[1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26

[1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11

[1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21

[1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

[1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04

[1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20

91.0.4472.164

includes 8 security fixes

[1219082] High CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11

[1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31

[1219209] High CVE-2021-30560: Use after free in Blink XSLT. Reported by Nick Wellnhofer on 2021-06-12

[1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14

[1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15

[1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12

[1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR. Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17