Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.
f016c2cc33607e475f4fb0feaf3b97c31f557eea1cb21d5c1b76fc4fa4ad9003
Chrome suffers from a heap use-after-free vulnerability in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails. Versions affected include Google Chrome 96.0.4664.110 (Official Build) (64-bit) and Chromium 99.0.4807.0 (Developer Build) (64-bit).
abc96b3ccb6e22768b4210d82c4a8f2e4acb93ed93b406ea11be905b7b11fd03
Chrome suffers from a heap buffer overflow vulnerability in chrome_pdf::PDFiumEngine::RequestThumbnail.
bd3fa3d2b549b50b402df051a6cd94824b4d90a629f0814051f738170796b1e5
Chrome suffers from an integer overflow vulnerability in HandleTable::AddDispatchersFromTransit that can lead to memory corruption.
0ef0d4da3c4dc9fb06483f95973add0c92d39c6c630ce2e22e5798641135e44a
Chrome suffers from a state tracking issue in RenderFrameHostImpl that leads to a use-after-free vulnerability.
d581673d0c71222578b61244ffc597f2d89dd9ee51ee889782cd5588f7d54bf9
Chrome suffers from a memory corruption vulnerability in IPC::ChannelAssociatedGroupController due to interface ID reuse.
23b2104d82495d408d6c49e60967e71884e4e77854a1cebb576ccad92a937b92
Chrome suffers from a heap use-after-free vulnerability in storage::BlobURLStoreImpl::Revoke.
08933f6422b86ae33f009b22a331db75fb1ea7da60743243cb0e1fc0c82a0af2
XNU suffers from a heap use-after-free vulnerability in inm_merge.
7157a72995dfa18e7979cab877bfb5645e4f20d9554478a6b0c26d6daae56123
Chrome suffers from a site isolation bypass vulnerability in NavigationPreloadRequest.
c9ae23bee94814ab6b61e9a833062d8e293e2578a25f1bb12700b1b43ab9d235
Chrome suffers from a heap use-after-free vulnerability in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread.
71808e6bb0dde08cb3a27713b43d7dc091dfb113ccf137e1c64ebecc641c8d58
Chrome suffers from a heap use-after-free vulnerability in blink::NativeIOFile::DoRead.
c59d2ce9fc476860bcf31c9b55f9ea51508a55eab0465bddfe51b527a15f6556
WebKit suffers from a heap use-after-free vulnerability in DOMWindow::open.
1ce53d65a9cc597e9e50a3e264ce0d880897dd9133738769858924fe26e913a5
WebKit suffers from a heap use-after-free vulnerability in EventHandler::keyEvent.
7eabdea043659a894f5b12f74294c859932c851d4c626dd836dd8073af4422d8
WebKit suffers from a heap use-after-free vulnerability in PointerCaptureController::processPendingPointerCapture.
6ce184daf47d381bec0f093becdd7a23020d24e4485f1163f06267303f984ecc
Chrome suffers from a HRTFDatabaseLoader::WaitForLoaderThreadCompletion data race condition.
cbbb7af067da8a18782b6edada6db9b1b563f5bccf566cd7d4b1fd025dae8f61
WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.
32ce340e9e7aafa598cb7a3f4f8b409cd814f55d9df9e771b2d4767d0216dbcb
WebKit suffers from a heap use-after-free vulnerability in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy.
3bbacfe61c3afe8fcb813221566bd0ea237ec718789ecbd4ffc4394dbe1d0f85
Chrome suffers from a JS object corruption vulnerability in WasmJs::InstallConditionalFeatures.
d93338742f0e327b777564c42e9113eddcd2f7b0558ef38e888cff53702c978b
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.
ae2637e1d681177334781f4a6b614cf249946bb30e4223a9dc2793a92ea03f86
Chrome suffers from a heap buffer overflow in ClipboardWin::WriteBitmap.
00d0d7de79dfd2a0e8af3e64476bfeea5656be5943122e02c9eadfa963aff5f6
Chrome suffers from a heap buffer overflow vulnerability in SkBitmapOperations::UnPreMultiply.
a1fa0bec38c455f136cc9c048e1b5feae4bf948524c83deab91febf19e15a0ec
Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.
6cc96d681acbe2353993f9686bff12b65ff3403d9d2f2e1174221ff43dfd1572
FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
3e74cc76bab0b12102b081d5d5527d7a09ac96232ae08096c3cc4702512988b9
Chrome suffers from a use-after-free vulnerability in USB::OnServiceConnectionError.
af571cd7b73348569916874836e7fa9cbd595fe40acbf341f94227122d3a1e75
Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.
8e21afeab54923d3de27189a323803a9161f7809d6877e69a623691087435de9