Disclosed Chromium Security Bugs

webnn_graph_impl_fuzzer_WebNNGraphImplFuzzer_SingleOpConv2d_fuzzer: Incorrect-function-pointer-type in pthreadpool_parallelize_5d

#498447225Reporter: 24...@project.gserviceaccount.com
$0
7/10/2026

janet:fuzz_dobytes: Heap-use-after-free in janet_ev_default_threaded_callback

#528620996Reporter: 87...@developer.gserviceaccount.com
$0
7/9/2026

Integer overflow in TFLite StridedSlice output dimension computation leads to heap buffer overflow in the GPU process

#495864183Reporter: je...@gmail.com
$43,000
7/9/2026

OOB and UAF in pdfium lcms

#498284498Reporter: he...@gmail.com
$7,000
7/9/2026

Heap-use-after-free in VerticalTabDragHandlerImpl::ContinueDrag

#490588145Reporter: ch...@gmail.com
$1,000
7/9/2026

V8 Sandbox Bypass: Fast API overload metadata corruption causes compiler-emitted mixed native call type confusion

#492077213Reporter: gu...@gmail.com
$5,000
7/9/2026

Potential GPU OOB Access via Integer Overflow in Dawn D3D12 Texture Allocation Workaround

#497565944Reporter: vm...@google.com
$0
7/9/2026

Potential Local File Disclosure via Drag-and-Drop Frame Confusion

#496393078Reporter: vm...@google.com
$0
7/9/2026

Potential Double-Free in BitmapInSharedMemory Deserialization via SkBitmap::installPixels

#497846428Reporter: rj...@google.com
$0
7/9/2026

Extensions without file URL access can use the `Page.navigate` CDP command to open `view-source:file:` URLs

#491766258Reporter: al...@gmail.com
$2,000
7/9/2026
Showing 191-200 of 11332 bugs