Disclosed Chromium Security Bugs

Potential Origin Poisoning in Picture-in-Picture Service bypasses Compute Pressure focus gate

#497406748Reporter: rj...@google.com
$0
7/9/2026

Potential Renderer-to-Browser Sandbox Escape via Touch Exploration Anchor Spoofing

#497480712Reporter: rj...@google.com
$0
7/9/2026

Potential OOB Read in XNNPACK MMapWeightCacheProvider allows sandbox persistence/info leak

#497947056Reporter: vm...@google.com
$0
7/9/2026

Potential enterprise version pin bypass via inconsistent IwaVersion comparison operators

#497628367Reporter: vm...@google.com
$0
7/9/2026

Potential Fenced Frame privacy bypass via unpartitioned Accept-CH persistence

#498363574Reporter: rj...@google.com
$0
7/9/2026

libreoffice:sftfuzzer: Crash in vcl::ConvertCFFfontToType1

#513301090Reporter: 87...@developer.gserviceaccount.com
$0
7/8/2026

wolfssl:cryptofuzz-sp-math-all: Heap-buffer-overflow in sp_tohex

#520938073Reporter: 87...@developer.gserviceaccount.com
$0
7/8/2026

Use-after-free in Wasm: missing memory cache reload after WasmFX switch in Turboshaft

#497667917Reporter: th...@gmail.com
$0
7/8/2026

SpeechSynthesis audio can appear to originate from another domain after fast redirect (UI/Audio Spoofing – may trick users / tricky victim)

#489624550Reporter: ec...@gmail.com
$1,000
7/8/2026

OOB Read in ANGLE Metal Backend During Block-Compressed PBO Texture Upload Crashes GPU Process on Mac

#489579953Reporter: je...@gmail.com
$3,000
7/8/2026
Showing 221-230 of 11332 bugs