edge

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Chromium: CVE-2021-30611 Use after free in WebRTC

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Chromium: CVE-2021-30612 Use after free in WebRTC

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Internet Explorer Memory Corruption Vulnerability

Chromium: CVE-2021-30624 Use after free in Autofill

Chromium: CVE-2021-30608 Use after free in Web Share

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Chromium: CVE-2021-30610 Use after free in Extensions API

Chromium: CVE-2021-30606 Use after free in Blink

An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

Chromium: CVE-2021-30616 Use after free in Media

Chromium: CVE-2021-30607 Use after free in Permissions

Chromium: CVE-2021-30613 Use after free in Base internals