Disclosed Chromium Security Bugs

AddressSanitizer: heap-use-after-free in cc::LayerTreeHost::RemoveSurfaceRange

#397601495Reporter: m....@gmail.com
$26,000
6/1/2025

Crash in unsigned short v8::base::ReadUnalignedValue

#396666426Reporter: 24...@project.gserviceaccount.com
$0
5/31/2025

Debug check failed: index < length_ (2200 vs. 2200).

#397731718Reporter: ki...@gmail.com
$7,000
5/31/2025

V8 correctness failure in sources: 50

#396485545Reporter: 24...@project.gserviceaccount.com
$0
5/31/2025

V8 Sandbox Bypass: AAR/W due to length-tracking TypedArray length double fetch

#390201806Reporter: se...@gmail.com
$20,000
5/31/2025

Tapjacking on Custom Tabs using animations

#376491759Reporter: ph...@gmail.com
$10,000
5/30/2025

Some Float16Array Built-ins Fail to Account for Side Effects Causing Array OOB Access

#397720949Reporter: hu...@gmail.com
$11,000
5/30/2025

CHECK failure: Ref construction failed in heap-refs.cc

#396460423Reporter: 24...@project.gserviceaccount.com
$0
5/28/2025

DCHECK failure in (isolate) != nullptr in isolate-inl.h

#396813147Reporter: 24...@project.gserviceaccount.com
$0
5/28/2025

sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in nodeReaderNext

#394638747Reporter: vi...@chromium.org
$0
5/27/2025
Showing 291-300 of 8283 bugs
1...293031...829