Disclosed Chromium Security Bugs

V8 Sandbox Bypass: AAW/PC control via JSDispatchEntry UAF

#443772809Reporter: kr...@gmail.com
$20,000
12/24/2025

V8 Sandbox Bypass: Argument count inconsistency due to bound args double-fetch in Generate_PushBoundArguments

#441949792Reporter: se...@gmail.com
$5,000
12/24/2025

joni:RegexMatcherFuzzer: Security exception in org.joni.Parser.parseCharClass

#470800149Reporter: 87...@developer.gserviceaccount.com
$0
12/23/2025

flex:fuzz-main: Global-buffer-overflow in flexscan

#443345187Reporter: 87...@developer.gserviceaccount.com
$0
12/23/2025

V8: Integer overflow in TryEmitLoadForLoadWord64AndShiftRight leading to out-of-bounds read

#444049512Reporter: bi...@google.com
$0
12/23/2025

Crash in v8::internal::maglev::MaglevReducer::G

#444963445Reporter: 24...@project.gserviceaccount.com
$0
12/23/2025

DCHECK failure in Heap::InFromPage(target) in scavenger.cc

#444761299Reporter: 24...@project.gserviceaccount.com
$0
12/23/2025

ffmpeg:ffmpeg_dem_IAMF_fuzzer: Heap-buffer-overflow in scalable_channel_layout_config

#468760722Reporter: 87...@developer.gserviceaccount.com
$0
12/22/2025

ffmpeg:ffmpeg_AV_CODEC_ID_DCA_DEC_fuzzer: Use-of-uninitialized-value in get_rice

#451655450Reporter: 87...@developer.gserviceaccount.com
$0
12/22/2025

ffmpeg:ffmpeg_AV_CODEC_ID_FFV1_fuzzer: Use-of-uninitialized-value in encode_slice

#460333808Reporter: 87...@developer.gserviceaccount.com
$0
12/22/2025
Showing 171-180 of 9388 bugs
1...171819...939