Disclosed Chromium Security Bugs

DCHECK failure in source_map->map()->native_context() == *isolate->native_context() in ic.cc

#364422411Reporter: 24...@project.gserviceaccount.com
$0
12/26/2024

Crash in blink::V8Initializer::ExceptionPropagationCallback

#366783804Reporter: m....@gmail.com
$9,000
12/25/2024

Non-error pages can reuse the error page policy container

#364773822Reporter: ha...@gmail.com
$1,000
12/25/2024

V8 correctness failure in sources: 1e - Missing TypeError in inlined js-to-wasm wrapper for ref extern

#366635354Reporter: 24...@project.gserviceaccount.com
$0
12/25/2024

WASM type confusion due to imported tag signature subtyping

#365802567Reporter: se...@gmail.com
$55,000
12/25/2024

readstat:fuzz_format_sav: Heap-buffer-overflow in extract_mr_data

#369236552Reporter: 87...@developer.gserviceaccount.com
$0
12/24/2024

DCHECK failure in !done() in source-position-table.h

#366350753Reporter: 24...@project.gserviceaccount.com
$0
12/24/2024

GPU process crash via WebGPU shader - UAF in ScalarizePreciseVectorAlloca at DxilConditionalMem2Reg.cpp:275

#365254285Reporter: a7...@gmail.com
$10,000
12/24/2024

DCHECK failure in count > 0 in waiter-queue-node.cc

#366643711Reporter: 24...@project.gserviceaccount.com
$0
12/24/2024

jackson-databind:ObjectReaderRandomClassFuzzer: Security exception in com.github.javaparser.GeneratedJavaParser.jj_3R_480

#369003808Reporter: 87...@developer.gserviceaccount.com
$0
12/23/2024
Showing 2671-2680 of 10545 bugs
1...267268269...1055