Disclosed Chromium Security Bugs

libssh:ssh_bind_config_fuzzer_nalloc: Heap-double-free in local_parse_glob

#449017557Reporter: 87...@developer.gserviceaccount.com
$0
1/1/2026

V8 Sandbox Bypass: WasmCPT handle UAF by import dispatch table growth

#446113730Reporter: se...@gmail.com
$20,000
1/1/2026

Heap-use-after-free in ui::AcceleratorManager::Process

#446986774Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Heap-use-after-free in ui::AcceleratorManager::Process

#446962939Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::compiler::ObjectData::IsBigInt

#446735537Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::Map::instance_type

#446725502Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::compiler::ObjectData::IsContext

#446944035Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::compiler::JSNativeContextSpecialization::InferRootMap

#446730213Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::compiler::HeapObjectRef::map

#446730212Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::compiler::ObjectData::IsJSFunction

#446561512Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026
Showing 101-110 of 9388 bugs
1...101112...939