taitei.net

90.0.4430.212

This update includes 19 security fixes

[1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19

[1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14

[1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02

[1196309] High CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06

[1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-04-09

[1197875] High CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg on 2021-04-10

[1200019] High CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17

[1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19

[1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20

[1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21

[1201446] High CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song on 2021-04-22

[1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27

[1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28

[1194058] Medium CVE-2021-30519: Use after free in Payments. Reported by asnine on 2021-03-30

[1193362] Medium CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-03

90.0.4430.85

includes 7 security fixes

[1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30

[1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02

[1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05

[1195977] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05

[1197904] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11

90.0.4430.72

includes 37 security fixes

[1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen when working at Tencent KeenLab on 2019-11-18

[1188889] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16

[1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24

[1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19

[1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12

[1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02

[1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08

[1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07

[1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29

[1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04

[1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08

[1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03

[1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame)  on 2020-12-25

[1170148] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24

[1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30

[1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02

[1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

[1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

[1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15

89.0.4389.72 -> 89.0.4389.90

includes 47 security fixes + 5 security fixes

— .90

[1167357] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame)  on 2021-01-15

[1181387] High CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23

[1186287] High CVE-2021-21193: Use after free in Blink. Reported by Anonymous on 2021-03-09

— .72

[1171049] High CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-01-27

[1170531] High CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin ‘Icewall’ Noga of Cisco Talos on 2021-01-25

[1173702] High CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani on 2021-02-02

[1172054] High CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous on 2021-01-29

[1111239] High CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-30

[1164846] High CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported by Muneaki Nishimura (nishimunea) on 2021-01-11

[1174582] High CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-04

[1177465] High CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-11

[1161144] Medium CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22

[1152226] Medium CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera (@lbherrera_) on 2020-11-24

[1166138] Medium CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on 2021-01-13

[1111646] Medium CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg on 2020-07-31

[1152894] Medium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan (sourc7) on 2020-11-25

[1150810] Medium CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-11-19

[1154250] Medium CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven on 2020-12-01

[1158010] Medium CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble on 2020-12-11

[1146651] Medium CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-11-07

[1170584] Medium CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera (@lbherrera_) on 2021-01-26

[1173879] Medium CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-03

[1174186] Medium CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong on 2021-02-03

[1174943] Medium CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous on 2021-02-05

[1175507] Medium CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-07

[1177875] Medium CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean Campbell at Tableau on 2021-02-12

[1182767] Medium CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2021-02-26

[1049265] Low CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera (@lbherrera_) on 2020-02-05

[1105875] Low CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi (@y0n3uchy) on 2020-07-15

[1131929] Low CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig on 2020-09-24

[1100748] Low CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-06-30

[1153445] Low CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty on 2020-11-28

[1155516] Low CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani on 2020-12-04

[1161739] Low CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-12-24

[1165392] Low CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani on 2021-01-11

[1166091] Low CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-13

88.0.4324.150

1 security fix included

[1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24

88.0.4324.146

[1169317] Critical CVE-2021-21142: Use after free in Payments . Reported by Khalil Zhani on 2021-01-21

[1163504] High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan of MU on 2021-01-06

[1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07

[1154965] High CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03

[1161705] High CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24

[1162942] Medium CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov on 2021-01-04

88.0.4324.96

includes 36 security fixes

[1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10

[1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23

[1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20

[1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21

[1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22

[1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28

[1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11

[1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi’anxin Group on 2020-09-23

[1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24

[1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05

[1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22

[1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12

[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15

[1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

[1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

[1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

[1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15

[1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-12-11

[1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-12-11

[1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11

[1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27

[1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11

[1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2020-08-27

[937131] Low CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-01

[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08

[1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

87.0.4280.88

included 8 security fixes

[1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26

[1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14

[1149177] High CVE-2020-16039: Use after free in extensions. Reported by Anonymous on 2020-11-15

[1150649] High CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19

[1151865] Medium CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23

[1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull on 2020-11-23

87.0.4280.66

includes 33 security fixes

[1136078] High CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab on 2020-10-07

[1139408] High CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara on 2020-10-16

[1139411] High CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara on 2020-10-16

[1139414] High CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara on 2020-10-16

[1145680] High CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar on 2020-11-04

[1146673] High CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07

[1146675] High CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07

[1146761] High CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff on 2020-11-07

[1147430] High CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10

[1147431] High CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10

[$7500][1139153] Medium CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim (kkwon) on 2020-10-16

[1116444] Medium CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-08-14

[1138446] Medium CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine on 2020-10-14

[1134338] Medium CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous on 2020-10-01

[1141350] Medium CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum on 2020-10-22

[945997] Medium CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion (https://www.cyberpion.com) on 2019-03-26

[1133183] Medium CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-09-29

[1136714] Medium CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01(https://twitter.com/wester0x01) on 2020-10-09

[1143057] Medium CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani on 2020-10-28

[1137362] Medium CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by vvmute (Benjamin Petermaier) on 2020-10-12

[1139409] Medium CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara on 2020-10-16

[1088224] Low CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs on 2020-05-30

[830808] Low CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-09

86.0.4240.198

2 security fixes included

[1147206] High CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous on 2020-11-09

[1146709] High CVE-2020-16017: Use after free in site isolation. Reported by Anonymous on 2020-11-07