VuXML: chromium -- multiple vulnerabilities

VuXML ID	f3d86439-9def-11eb-97a0-e09467587c17
Discovery	2021-04-14
Entry	2021-04-15

Chrome Releases reports:

This release contains 37 security fixes, including:

[1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18

[1188889] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16

[1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24

[1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19

[1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12

[1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02

[1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08

[1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07

[1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29

[1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04

[1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08

[1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03

[1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25

[1170148] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24

[1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30

[1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02

[1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

[1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

[1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15

[source]

CVE Name	CVE-2021-21201
CVE Name	CVE-2021-21202
CVE Name	CVE-2021-21203
CVE Name	CVE-2021-21204
CVE Name	CVE-2021-21205
CVE Name	CVE-2021-21207
CVE Name	CVE-2021-21208
CVE Name	CVE-2021-21209
CVE Name	CVE-2021-21210
CVE Name	CVE-2021-21211
CVE Name	CVE-2021-21212
CVE Name	CVE-2021-21213
CVE Name	CVE-2021-21214
CVE Name	CVE-2021-21215
CVE Name	CVE-2021-21216
CVE Name	CVE-2021-21217
CVE Name	CVE-2021-21218
CVE Name	CVE-2021-21219
CVE Name	CVE-2021-21221
URL	https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html

chromium -- multiple vulnerabilities

Details

References