Disclosed Chromium Security Bugs

[CWE-377][linux] Don't create named mojo sockets in /tmp

#499154022Reporter: yu...@google.com
$0
7/12/2026

DCHECK failure in !IsUndefined(*queue, isolate) in isolate.cc

#499329887Reporter: 24...@project.gserviceaccount.com
$0
7/12/2026

open62541:fuzz_config_json_15: Use-of-uninitialized-value in parseJSONConfig

#504148834Reporter: 87...@developer.gserviceaccount.com
$0
7/11/2026

javaparser:parseFuzzer: Security exception in com.github.javaparser.ast.expr.FieldAccessExpr.accept

#532827411Reporter: 87...@developer.gserviceaccount.com
$0
7/11/2026

SpeculationHostImpl::OnLCPPredicted() missing IsActive() and GetParent() checks - same class as S1 InitiatePreview bug #487987022

#489033320Reporter: so...@gmail.com
$0
7/11/2026

Potential cross-origin PWA identity spoofing via metadata and icon fallback bypass

#498353173Reporter: rj...@google.com
$0
7/11/2026

Potential Reentrancy in Windows Drag-and-Drop allows UI Spoofing/Arbitrary Data Drop

#498892595Reporter: vm...@google.com
$0
7/11/2026

Potential GPU OOB read and info leak in MediaFoundationVideoEncodeAccelerator due to stale queue

#499052720Reporter: vm...@google.com
$0
7/11/2026

Cross-origin info leak via stale LCPP hint during redirects

#497490364Reporter: vm...@google.com
$0
7/11/2026

FileSystem API access from PDF/sandboxed renderers via malformed opaque origin IPC

#497254383Reporter: vm...@google.com
$0
7/11/2026
Showing 131-140 of 11332 bugs