Disclosed Chromium Security Bugs

DCHECK failure in v8_flags.assert_hole_checked_by_value implies !SafeIsAnyHole(obj) in heap-object

#446190088Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Crash in v8::internal::Map::instance_type

#446205020Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

checkstyle:CheckstyleFuzzer: Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

#467964460Reporter: 87...@developer.gserviceaccount.com
$0
12/31/2025

mruby:mruby_fuzzer: Use-of-uninitialized-value in scope_new

#472564069Reporter: 87...@developer.gserviceaccount.com
$0
12/31/2025

checkstyle:CheckstyleFuzzer: Security exception in com.puppycrawl.tools.checkstyle.JavaAstVisitor.getInnerBopAst

#472247330Reporter: 87...@developer.gserviceaccount.com
$0
12/31/2025

Wasm type confusion due to custom descriptors spec ambiguity in `ref.get_desc` exactness typing

#446124893Reporter: se...@gmail.com
$55,000
12/31/2025

Wasm type confusion due to missing exactness check on JS-Wasm boundary

#446124892Reporter: se...@gmail.com
$55,000
12/31/2025

Wasm type confusion due to wrong reachability analysis in `WasmGCTypeAnalyzer::ProcessBranchOnTarget()` with custom descriptor casts

#446122633Reporter: se...@gmail.com
$55,000
12/31/2025

Wasm type confusion due to custom descriptors spec unsoundness on `ref.func` exact typing

#446113731Reporter: se...@gmail.com
$55,000
12/31/2025

Wasm type confusion due to spec unsoundness in `cast_desc` operations

#446113732Reporter: se...@gmail.com
$55,000
12/31/2025
Showing 111-120 of 9388 bugs
1...111213...939