Disclosed Chromium Security Bugs

Type Confusion in AsyncIteratorPrototypeAsyncDispose() Leads to RCE

#380677637Reporter: hu...@gmail.com
$50,000
3/6/2025

mips64el: Debug check failed: src->rm() != at. in codegen/mips64/assembler-mips64.cc

#380604249Reporter: li...@gmail.com
$0
3/6/2025

Handle opaque initiator origin correctly in double keyed LCPP

#380105415Reporter: ch...@chromium.org
$0
3/5/2025

net_quic_session_pool_fuzzer: Heap-use-after-free in quic::QuicFramer::ProcessIetfAckFrame

#379262246Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

net_quic_session_pool_fuzzer: Heap-use-after-free in quic::QuicSentPacketManager::MarkPacketHandled

#373025985Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

V8 Sandbox violation during OSR tier-up if code on FeedbackVector is modified

#374812612Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

pdfium_fuzzer: Crash in fxcodec::JpegDecoder::InitDecode

#379259821Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

mediasource_MP2T_AVC_pipeline_integration_fuzzer: Crash in ff_put_h264_chroma_mc4_ssse3.next2rows

#379418979Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

pdf_ink_reader_fuzzer_PdfInkReaderFuzzer_CreateMeshFromPolylineDoesntCrash_fuzzer: Crash in pqHeapDelete

#379574871Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

GPU process crash via WebGPU shader - UAF in mesa gcm_schedule_early_instr at src/compiler/nir/nir_opt_gcm.c:477

#361027508Reporter: a7...@gmail.com
$10,000
2/28/2025
Showing 2481-2490 of 10541 bugs
1...248249250...1055