Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by Ned Williamson of Project Zero on High CVE-2020-16044: Use after free in WebRTC. High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Chaoyang from Codesafe Team of Legendsec at Qi'anxin Group on High CVE-2021-21124: Potential user after free in Speech Recognizer. High CVE-2021-21123: Insufficient data validation in File System API.
High CVE-2021-21122: Use after free in Blink. Reported by Leecraso and Guang Gong of 360 Alpha Lab on High CVE-2021-21121: Use after free in Omnibox. Reported by Nan and Guang Gong of 360 Alpha Lab on High CVE-2021-21120: Use after free in WebSQL.
High CVE-2021-21119: Use after free in Media.
Reported by Tyler Nighswander of Theori on High CVE-2021-21118: Insufficient data validation in V8. Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Please see the Chrome Security Page for more information. Below, we highlight fixes that were contributed by external researchers. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
