Disclosed Chromium Security Bugs

Potential UAF via cross-thread data race on demuxer_stream_ in MediaFoundationStreamWrapper

#497985088Reporter: vm...@google.com
$0
7/10/2026

Maglev: unsound node replacement when inlining can lead to exploitable write barrier omission

#493534950Reporter: pj...@gmail.com
$55,000
7/10/2026

Uninitialized heap memory disclosure in OpenH264 encoder via oversized frames

#497952533Reporter: vm...@google.com
$0
7/10/2026

UAF in Metal LibraryCache

#497724490Reporter: he...@gmail.com
$16,000
7/10/2026

Potential Browser RCE via Type Confusion in BrowserAccessibilityComWin::get_hyperlink

#498401609Reporter: vm...@google.com
$0
7/10/2026

Site Isolation bypass via missing frame gate in LCPCriticalPathPredictorHost

#497341787Reporter: vm...@google.com
$0
7/10/2026

UXSS via Service Worker ID Collision in Synthetic Responses

#496632973Reporter: vm...@google.com
$0
7/10/2026

Off-thread cppgc::Persistent destruction in RTCRtpSender leads to heap corruption

#498753456Reporter: vm...@google.com
$0
7/10/2026

Potential Use-after-free in WebRtcAudioDeviceImpl::RenderData during WebRTC teardown

#498696266Reporter: rj...@google.com
$0
7/10/2026

Cross-origin Autofill data leak via TimestampedSameOriginQueue origin check bypass

#498396238Reporter: vm...@google.com
$0
7/10/2026
Showing 171-180 of 11332 bugs