Disclosed Chromium Security Bugs

Permission element inner span height of 100% can be abused if no element in the parent chain has any height set.

#398803201Reporter: an...@google.com
$0
6/6/2025

heap-use-after-free in blink::LegacyDOMSnapshotAgent::VisitNode

#395032416Reporter: as...@gmail.com
$3,000
6/5/2025

Passing HeapNumbers to runtime functions is unsafe

#397187119Reporter: ma...@chromium.org
$0
6/5/2025

Security UI Bypass - Response Injection in Chrome Devtools AI Assistance - links are not sanitized

#395406957Reporter: ci...@gmail.com
$1,000
6/5/2025

OOB read in JsonStringifier::SerializeString

#398999390Reporter: ze...@gmail.com
$2,000
6/5/2025

Vulnerability: Upgrade @babel/traverse to 7.23.2 in GoB repo chromium/infra/infra/go/src/infra

#398735336Reporter: au...@google.com
$0
6/5/2025

CHECK failure: !is_on_heap() in heap-refs.cc

#399173688Reporter: 24...@project.gserviceaccount.com
$0
6/5/2025

Vulnerability: Upgrade deep-extend to 0.5.1 in GoB repo chromium/infra/infra/go/src/infra

#398734447Reporter: au...@google.com
$0
6/5/2025

Vulnerability: Upgrade immer to 9.0.6 in GoB repo chromium/infra/infra/go/src/infra

#398735550Reporter: au...@google.com
$0
6/5/2025

Always used bounded ranges (i.e., string_view) for strings parsed from the histogram shared memory region.

#393394360Reporter: ro...@google.com
$0
6/5/2025
Showing 271-280 of 8283 bugs
1...272829...829