Disclosed Chromium Security Bugs

DCHECK failure in index < length_ in vector.h

#394644268Reporter: 24...@project.gserviceaccount.com
$0
5/16/2025

Heap memory corruption due to overly large parameter count in WasmToJSWrapper tier-up

#394350433Reporter: se...@gmail.com
$11,000
5/16/2025

V8 Sandbox Bypass: AAW & Control flow hijack via RegExp pattern parse TOCTOU to RegExpCapture OOB

#394635429Reporter: se...@gmail.com
$20,000
5/16/2025

v8_wasm_compile_wasmgc_fuzzer: Crash in v8::internal::ScavengerCollector::CollectGarbage

#393420199Reporter: 24...@project.gserviceaccount.com
$0
5/16/2025

heap-use-after-free in content::RenderFrameHostImpl::ProcessBeforeUnloadCompleted in browser process

#391666328Reporter: 0x...@gmail.com
$5,000
5/15/2025

Stack-buffer-overflow in blink::CssValueKeywordID

#394371771Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

V8 Sandbox Bypass: OOB write in AstValueFactory::GetOneByteStringInternal

#392938085Reporter: v8...@gmail.com
$0
5/15/2025

CHECK failure: MachineRepresentation::kTagged == type.representation() || MachineRepresentation

#394120836Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

V8 sandbox violation in v8::internal::wasm::StructTypeBase::field

#394120667Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

imagemagick:encoder_dng_fuzzer: Use-of-uninitialized-value in LibRaw::parse_makernote_ADDRESS

#396172323Reporter: 87...@developer.gserviceaccount.com
$0
5/14/2025
Showing 1951-1960 of 10189 bugs
1...195196197...1019