Disclosed Chromium Security Bugs

Potential RCE in WebView via unvalidated massive shader variables in Validating Decoder

#498382884Reporter: vm...@google.com
$0
7/10/2026

setHTML() fails open on invalid SanitizerConfig, inserting unsanitized HTML with active scripts into the live DOM

#496524586Reporter: qw...@gmail.com
$2,000
7/10/2026

Arbitrary File Read Sandbox Escape in AuctionURLLoaderFactoryProxy

#498720754Reporter: vm...@google.com
$0
7/10/2026

ANGLE Metal Shadow Buffer Stale Size causes GPU OOB WRITE

#492249619Reporter: ci...@gmail.com
$18,000
7/10/2026

Potential Race Condition and UAF in CrOSComponentInstaller via ThreadPool mutation

#498959137Reporter: vm...@google.com
$0
7/10/2026

Sandbox escape via DevTools ws parameter filter bypass and arbitrary file read

#498292657Reporter: vm...@google.com
$0
7/10/2026

DevTools Target Confusion via Fenced Frame Token Collision

#497255035Reporter: vm...@google.com
$0
7/10/2026

Potential cross-tab tracking and policy bypass via Storage.setInterestGroupTracking

#496189510Reporter: vi...@google.com
$0
7/10/2026

Potential Use-After-Free write in DesktopNativeWidgetAura::HandleActivationChanged via AutoReset

#497577575Reporter: vm...@google.com
$0
7/10/2026

Potential unauthorized WebXR front-facing camera activation from compromised renderer

#497975477Reporter: vm...@google.com
$0
7/10/2026
Showing 161-170 of 11332 bugs