Disclosed Chromium Security Bugs

IO thread bound services in utility process can run before sandbox locked down

#430623995Reporter: wf...@chromium.org
$0
10/21/2025

use-after-poison in blink::MediaStreamAudioTrack::StopAndNotify(class base::OnceCallback<(void)>)

#426054987Reporter: m....@gmail.com
$8,000
10/21/2025

Security: Bypass the Protection of input fields cache (Autofill) Similar to (1358647 ,1395164 ,1108181) with Different Vector

#40074918Reporter: el...@gmail.com
$3,000
10/21/2025

Heap-use-after-free in dawn::native::vulkan::TextureView::DestroyImpl

#429112750Reporter: 24...@project.gserviceaccount.com
$0
10/19/2025

Chrome sandbox escape via libGLES_mali.so exploited in the wild

#427162086Reporter: he...@google.com
$0
10/18/2025

Service workers allowing redirects to data: URLs.

#379337758Reporter: nd...@protonmail.com
$4,000
10/18/2025

block MSG_OOB in renderer sandbox

#428177287Reporter: aj...@google.com
$0
10/18/2025

DCHECK failure in iterator_.current_offset() == continuation->last_continuation in maglev-graph-bu

#431076739Reporter: 24...@project.gserviceaccount.com
$0
10/18/2025

Debug check failed: IsInBounds(index)

#430344952Reporter: fa...@gmail.com
$8,000
10/18/2025

Security: Chrome Vulnerability Leaves Android One UI Users at Risk of Spoofing Attacks

#40063293Reporter: fa...@gmail.com
$1,000
10/18/2025
Showing 151-160 of 8821 bugs
1...151617...883