



The Chrome team is pleased to announce the promotion of Chrome 91 to stable channels on Windows, Mac and Linux. It will be rolled out over the next few days / weeks.

Chrome 91.0.4472.77 contains some fixes and improvements. A list of changes can be found in the log. Keep an eye out for future Chrome and Chromium blog posts about the new features and major initiatives offered in 91.

Security fixes and rewards

Note: Bug details and access to links may remain restricted until the majority of users are updated with the fix. It also retains the limit if there is a bug in a third-party library that other projects depend on as well but have not yet been fixed.

This update contains 32 security fixes. The following highlights the modifications provided by outside researchers. See the Chrome security page for more information.

[$20000][1208721] High CVE-2021-30521: Autofill heap buffer overflow. Reported by Zhan Jia Song on 2021-05-13

[$7500][1176218] High CVE-2021-30522: Used after release by WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09

[$7500][1187797] High CVE-2021-30523: Used after release by WebRTC. Reported by Tollyan Korniltsev on 2021-03-13

[$TBD][1197146] High CVE-2021-30524: Used after release with TabStrip. Reported by David Erceg on 2021-04-08

[$TBD][1197888] High CVE-2021-30525: Used after release by Tab Groups. Reported by David Erceg on 2021-04-11

[$TBD][1198717] High CVE-2021-30526: Write to TabStrip out of range. Reported by David Erceg on 2021-04-13

[$TBD][1199198] High CVE-2021-30527: Used after release in WebUI. Reported by David Erceg on 2021-04-15

[$NA][1206329] High CVE-2021-30528: Used after release with WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06

[$7500][1195278] Medium CVE-2021-30529: Free to use with bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@ eternalsakura13) of 360 Alpha Lab on 2021-04-02

[$7500][1201033] Medium CVE-2021-30530: Memory access outside the scope of Web Audio. Reported by kkwon on 2021-04-21

[$5000][1115628] Medium CVE-2021-30531: Insufficient enforcement of content security policy. Reported by Philip Papurt on 2020-08-12

[$5000][1117687] Medium CVE-2021-30532: Insufficient enforcement of content security policy. Reported by Philip Papurt on 2020-08-18

[$5000][1145553] Medium CVE-2021-30533: Insufficient implementation of policy in PopupBlocker. Reported by Eliya Stein on 2020-11-04

[$3000][1151507] Medium CVE-2021-30534: Insufficient policy enforcement on iFrame Sandbox. Reported by Alesandro Ortiz on 2020-11-20

[$1000][1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan and cheneyxu of the WeChat Open Platform Security Team on 2021-04-01

[$500][1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of The Chinese University of Hong Kong on 2020-11-03

[$15000][1194358] Low CVE-2021-30536: Out of range read by V8. Reported by Chris Salls (@salls) on 2021-03-31

[$3000][830101] Low CVE-2021-30537: Insufficient cookie policy enforcement. Reported by Jun Kokatsu (@shhnjk) on April 6, 2018

[$3000][1115045] Low CVE-2021-30538: Insufficient enforcement of content security policy. Reported by Tianze Ding (@ D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11

[$1000][971231] Low CVE-2021-30539: Insufficient content security policy enforcement. Reported by an unnamed researcher on 2019-06-05

[$500][1184147] Low CVE-2021-30540: The payment security UI is incorrect. Reported by @ retsew0x01 on 2021-03-03

We would also like to thank all the security researchers who helped prevent security bugs from reaching stable channels during the development cycle. As always, ongoing internal security work was responsible for various fixes.

