VuXML: chromium -- multiple vulnerabilities

VuXML ID	bdaecfad-3117-11ec-b3b0-3065ec8fd3ec
Discovery	2021-10-19
Entry	2021-10-19

Chrome Releases reports:

This release contains 19 security fixes, including:

[1246631] High CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04

[1248661] High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11

[1249810] High CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15

[1253399] High CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja andChristian Jali from Forcepoint on 2021-09-27

[1241860] High CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20

[1242404] Medium CVE-2021-37986: Heap buffer overflow in Settings. Reported by raven (@raid_akame) on 2021-08-23

[1206928] Medium CVE-2021-37987: Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08

[1228248] Medium CVE-2021-37988: Use after free in Profiles. Reported by raven (@raid_akame) on 2021-07-12

[1233067] Medium CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26

[1247395] Medium CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07

[1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel Gross of Google Project Zero on 2021-09-17

[1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28

[1255332] Medium CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02

[1243020] Medium CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24

[1100761] Low CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30

[1242315] Low CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23

[source]

CVE Name	CVE-2021-37981
CVE Name	CVE-2021-37982
CVE Name	CVE-2021-37983
CVE Name	CVE-2021-37984
CVE Name	CVE-2021-37985
CVE Name	CVE-2021-37986
CVE Name	CVE-2021-37987
CVE Name	CVE-2021-37988
CVE Name	CVE-2021-37989
CVE Name	CVE-2021-37990
CVE Name	CVE-2021-37991
CVE Name	CVE-2021-37992
CVE Name	CVE-2021-37993
CVE Name	CVE-2021-37994
CVE Name	CVE-2021-37995
CVE Name	CVE-2021-37996
URL	https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html

chromium -- multiple vulnerabilities

Details

References