Disclosed Chromium Security Bugs

Differential fuzz: Type Confusion in Maglev JIT via Non-transitive IsEscaping Checks

#495751197Reporter: rj...@google.com
$0
7/3/2026

Dawn: Heap Use-After-Free in AsyncTaskManager::RunTask via premature WaitableEvent nullification

#493900619Reporter: sw...@gmail.com
$10,000
7/3/2026

Potential UAF in AwDrawFnImpl leading to Sandbox Escape

#495507390Reporter: rj...@google.com
$0
7/3/2026

Phi untagging invalidates BuildCheckHeapObject's type refinement

#495679730Reporter: ma...@chromium.org
$0
7/3/2026

Permission bypass in WebRequest API allows compromised renderer to intercept general traffic

#496279876Reporter: vm...@google.com
$0
7/3/2026

Potential Use-After-Free in NavigationEntryImpl via duplicate frame unique_names

#495931147Reporter: rj...@google.com
$0
7/3/2026

Potential DOM tree corruption via iframe unload in variadic DOM mutations

#496281816Reporter: rj...@google.com
$0
7/3/2026

Potential UAF in RenderWidgetHostNSViewBridge::SetTextSelection via nested-loop reentrancy

#496217775Reporter: vm...@google.com
$0
7/3/2026

Potential cross-origin ViewTransition snapshot leak via same-site prerender redirect

#495890000Reporter: vi...@google.com
$0
7/3/2026

UXSS via unvalidated javascript: URI in Enterprise Search Aggregator

#496379792Reporter: vm...@google.com
$0
7/3/2026
Showing 321-330 of 11332 bugs