Disclosed Chromium Security Bugs

Use-After-Free in WebAudio AudioNode::Dispose() during kInterrupted state

#497859275Reporter: vm...@google.com
$0
7/9/2026

SOP bypass in OffscreenCanvas resize with bitmaprenderer context

#497821223Reporter: vm...@google.com
$0
7/9/2026

ORB bypass via UTF-8 BOM allowing cross-site data leak

#497529290Reporter: vm...@google.com
$0
7/9/2026

Cross-Origin MHTML Content Overwrite via Shared File Descriptor

#496628298Reporter: vm...@google.com
$0
7/9/2026

Potential Heap UAF Write in SkiaImageDecoderBase via Stale already_started_frame_

#496282147Reporter: rj...@google.com
$0
7/9/2026

heap-use-after-free in XNNPACK widen_fp16_accumulators

#495864169Reporter: ki...@gmail.com
$43,000
7/9/2026

Use-after-free in InspectorWebMCPAgent due to missing CoreProbeSink cleanup on DevTools session detach

#497983833Reporter: je...@gmail.com
$0
7/9/2026

V8: Signed Integer Overflow in Maglev ValueNode use_count_

#496807872Reporter: ca...@gmail.com
$5,000
7/9/2026

DCHECK failure in !IsUndefined(*queue, isolate) in isolate.cc

#498464176Reporter: 24...@project.gserviceaccount.com
$0
7/9/2026

Potential unconsented macOS screen capture via picker ID collision and stale session

#497044629Reporter: vm...@google.com
$0
7/9/2026
Showing 211-220 of 11332 bugs