Chrome - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Chrome
(Google)

Repositories	• https://github.com/googlei18n/sfntly • https://github.com/behdad/harfbuzz • https://github.com/uclouvain/openjpeg
#Vulnerabilities	3340

Date	Id	Summary	Products	Score	Patch	Annotated
2021-01-08	CVE-2020-16039	Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Chrome	8.8
2021-01-08	CVE-2020-16040	Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Chrome	6.5
2021-01-08	CVE-2020-16042	Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	Chrome	6.5
2021-02-09	CVE-2020-16044	Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.	Chrome	8.8
2021-02-09	CVE-2021-21139	Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	Chrome, Edge_chromium	6.5
2021-02-09	CVE-2021-21137	Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.	Chrome, Edge_chromium	6.5
2021-02-09	CVE-2021-21118	Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	Chrome, Edge_chromium	8.8
2020-11-03	CVE-2020-16011	Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	Debian_linux, Chrome, Backports_sle, Leap	9.6
2021-02-09	CVE-2021-21136	Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	Chrome, Edge_chromium	6.5
2021-02-09	CVE-2021-21135	Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	Chrome, Edge_chromium	6.5