Disclosed Chromium Security Bugs

FrameState: polymorphic Wasm accessor lazy deopt type confusion lead to in-sandbox corruption

#497404188Reporter: pj...@gmail.com
$10,000
7/8/2026

GPU memory information leak via premature SetInitialized in BlitTextureToBuffer

#497594413Reporter: vm...@google.com
$0
7/8/2026

ChromeDriver Argument Sanitization Bypass — Positional Argument Injection

#494464734Reporter: ia...@gmail.com
$500
7/8/2026

Potential RCE in Browser Process via out-of-bounds read in MediaSessionImpl

#497412658Reporter: rj...@google.com
$0
7/8/2026

Integer overflow in ANGLE D3D11 TextureStorage11::setData() leads to heap buffer overflow via WebGL2

#491760376Reporter: yu...@gmail.com
$5,000
7/8/2026

Potential Use-After-Free in TargetHandler::AutoAttacherDestroyed

#497735587Reporter: rj...@google.com
$0
7/8/2026

Potential Use-After-Free and Double Free in MojoVideoDecoder::Stop()

#497292072Reporter: rj...@google.com
$0
7/8/2026

Potential Privilege Escalation via Unvalidated target_tree_id in Reading Mode

#495857582Reporter: vi...@google.com
$0
7/8/2026

Potential unauthenticated Expat DTD parsing in CRD signaling via libjingle_xmpp

#497828214Reporter: vm...@google.com
$0
7/8/2026

heap-buffer-overflow in ANGLE VertexArrayVk::convertVertexBufferCPU

#496503799Reporter: ki...@gmail.com
$16,000
7/8/2026
Showing 231-240 of 11332 bugs