Disclosed Chromium Security Bugs

poppler:annot_fuzzer: Heap-use-after-free in g_type_check_instance_is_fundamentally_a

#476973662Reporter: 87...@developer.gserviceaccount.com
$0
1/22/2026

TDZ check elision leading to hole leak

#450618029Reporter: ry...@gmail.com
$50,000
1/22/2026

LPE - Arbitrary File Write in Google Chrome Enterprise (MacOS): The GoogleUpdater, which is executed by root, follows symlinks when writing the file settings.dat in the user folder

#448113221Reporter: jo...@gmail.com
$3,000
1/22/2026

Signature check for fast API calls too loose - [was: DCHECK failure in BelongsToThisGraph(i) in graph.h]

#450652935Reporter: 24...@project.gserviceaccount.com
$0
1/22/2026

Audit remaining uses of GetIsolateFromHeapObject and Heap::FromWritableHeapObject

#431584880Reporter: cl...@chromium.org
$0
1/22/2026

kde-thumbnailers:blenderthumbnail_fuzzer: Heap-buffer-overflow in QImage::rgbSwapped_helper

#476224464Reporter: 87...@developer.gserviceaccount.com
$0
1/21/2026

gpac:fuzz_probe_analyze: Heap-buffer-overflow in img_process

#476810012Reporter: 87...@developer.gserviceaccount.com
$0
1/21/2026

DCHECK failure in base::IsInRange(cp_offset, kMinCPOffset, kMaxCPOffset) in regexp-macro-assembler

#451663011Reporter: 24...@project.gserviceaccount.com
$0
1/21/2026

DCHECK failure in use_count_ > 0 in maglev-ir.h

#451658193Reporter: 24...@project.gserviceaccount.com
$0
1/21/2026

ghostscript:gs_device_pdfwrite_fuzzer: Crash in gs_cmap_ToUnicode_add_pair

#476170120Reporter: 87...@developer.gserviceaccount.com
$0
1/20/2026
Showing 301-310 of 9745 bugs
1...303132...975