Disclosed Chromium Security Bugs

WebNN DirectML Constant Tensor Use-After-Free

#484319071Reporter: ci...@gmail.com
$0
6/12/2026

Dawn QueueWriteBufferXl / QueueWriteTextureXl OOB Heap Read via GetSourceData() Fast Path

#487522152Reporter: gr...@gmail.com
$0
6/12/2026

Use-after-free in WebRTC dav1d AV1 decoder due to missing buffer lifetime management leads to heap read of freed memory

#486421953Reporter: je...@gmail.com
$11,000
6/12/2026

static `import` declarations in service workers do not respect `worker-src` CSP directive

#485785246Reporter: al...@gmail.com
$1,000
6/12/2026

css.ResolveValues() does not check validity of reserved values

#488270255Reporter: he...@gmail.com
$2,000
6/12/2026

Sandbox Escape: Arbitrary Local File Read via Missing CanReadRequestBody Validation in CreateNewWindow's opener_suppressed Path

#487768779Reporter: je...@gmail.com
$26,000
6/12/2026

VideoFrame Mojo deserialization accepts negative stride → OOB read in video encoders

#484547633Reporter: ha...@gmail.com
$0
6/12/2026

Heap UAF in `network::SharedDictionaryOnDisk::SetStat`

#488585488Reporter: sh...@gmail.com
$15,000
6/12/2026

Heap-use-after-free in base::OnceCallbackList during re-entrant Notify()

#489381399Reporter: ma...@google.com
$0
6/12/2026

Missing Payload Length Check in DTLS-SRTP Send Path Leads to Heap Out-of-Bounds Read in the Renderer Process

#485683099Reporter: je...@gmail.com
$2,000
6/12/2026
Showing 21-30 of 10721 bugs
1234...1073