Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html