The most serious of these flaws is CVE-2021-37981, a heap buffer overflow in Skia for which Google awarded a $20,000 prize, according to a Google advisory. Next in line are CVE-2021-37982 (incognito component use-after-free problem) and CVE-2021-37983 (incognito component use-after-free issue) (use-after-free error in Dev Tools). Google claims to have paid a $10,000 bounty for information on each of these issues. CVE-2021-37984 (heap buffer overflow in PDFium) and CVE-2021-37985 (use-after-free in V8) are the two remaining high-severity bugs corrected in this browser release, for which Google paid $7,500 and $5,000, respectively. A heap buffer overflow in Settings, inappropriate implementations in Blink and WebView, a race in V8, and an out-of-bounds read in WebAudio all have a medium severity rating, as do three other use-after-free vulnerabilities addressed with the release of Chrome 95 (in Network APIs, Profiles, and PDF Accessibility). Inappropriate implementation errors in iFrame Sandbox and WebApp Installer are the two low-severity vulnerabilities fixed this week. Separately, Google stated that it improved Chrome’s overall security by deleting support for the TLS 1.0/1.1 and FTP protocols, as well as support for URLs with non-IPv4 hostnames ending in numbers and the U2F (Universal 2nd Factor) standard. The latest browser version also imposes cookie size restrictions.
