Disclosed Chromium Security Bugs

[Pwn2Own 2024] enum cache corruption + v8 heap sbx (umbrella bug)

#330759707Reporter: ga...@gmail.com
$0
1/1/1970

Sandboxify `Managed` Objects

#331237575Reporter: sa...@chromium.org
$0
1/1/1970

Integer overflow in img_alloc_helper of libaom

#332382766Reporter: bl...@gmail.com
$0
1/1/1970

V8 Sandbox Bypass: wrapper and call target mismatch in wasm

#336009921Reporter: ry...@gmail.com
$5,000
1/1/1970

V8 Sandbox Bypass: stack corruption due to parameter count mismatch

#338381304Reporter: pa...@gmail.com
$0
1/1/1970

V8 Sandbox Bypass: Interpreted Function Argument Mismatch

#341129593Reporter: ma...@gmail.com
$0
1/1/1970

V8 sandbox violation if SFI::formal_parameter_count doesn't match the parameter count of a function's code

#342297062Reporter: 24...@project.gserviceaccount.com
$0
1/1/1970

V8 Sandbox Bypass: control-flow hijacking via WASM Table Indirect call

#343407073Reporter: ed...@gmail.com
$5,000
1/1/1970

V8 Sandbox Bypass: AAR/W via generic JSToWasmWrapper type sbxcheck() bypass

#354355045Reporter: se...@gmail.com
$5,000
1/1/1970

chrome://blob-internals has a loose CSP

#367494611Reporter: aj...@google.com
$0
1/1/1970
Showing 10181-10190 of 10765 bugs
1...101810191020...1077