Disclosed Chromium Security Bugs

V8 Sandbox Bypass: AAR/W due to length-tracking TypedArray length double fetch

#390201806Reporter: se...@gmail.com
$20,000
5/31/2025

Tapjacking on Custom Tabs using animations

#376491759Reporter: ph...@gmail.com
$10,000
5/30/2025

Some Float16Array Built-ins Fail to Account for Side Effects Causing Array OOB Access

#397720949Reporter: hu...@gmail.com
$11,000
5/30/2025

llvm:llvm-dwarfdump-fuzzer: Use-of-uninitialized-value in llvm::object::COFFObjectFile::initialize

#420740525Reporter: 87...@developer.gserviceaccount.com
$0
5/28/2025

CHECK failure: Ref construction failed in heap-refs.cc

#396460423Reporter: 24...@project.gserviceaccount.com
$0
5/28/2025

DCHECK failure in (isolate) != nullptr in isolate-inl.h

#396813147Reporter: 24...@project.gserviceaccount.com
$0
5/28/2025

espeak-ng:ssml-fuzzer: Stack-buffer-overflow in utf8_in2

#399228595Reporter: 87...@developer.gserviceaccount.com
$0
5/27/2025

sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in nodeReaderNext

#394638747Reporter: vi...@chromium.org
$0
5/27/2025

the autofill prompt obscured by permission prompt lead to spoof

#388680893Reporter: sa...@gmail.com
$500
5/27/2025

DCHECK failure in arg_repr == ValueRepresentation::kTagged in maglev-graph-builder.cc

#396192870Reporter: 24...@project.gserviceaccount.com
$0
5/27/2025
Showing 1911-1920 of 10189 bugs
1...191192193...1019