Disclosed Chromium Security Bugs

IndexedDBBucketContext::OnMemoryDump() may crash when backing_store_ is nullptr

#328588664Reporter: st...@microsoft.com
$0
6/20/2024

DCHECK failure in IsPrimitiveMap(*this) || instance_type() == WASM_NULL_TYPE in map-inl.h

#328868985Reporter: 24...@project.gserviceaccount.com
$0
6/19/2024

DCHECK failure in id_ != kInvalidNodeId in maglev-ir.h

#328676408Reporter: 24...@project.gserviceaccount.com
$0
6/19/2024

CHECK failure: elements_slot->kind() == TranslatedValue::kTagged in translated-state.cc

#328868984Reporter: 24...@project.gserviceaccount.com
$0
6/19/2024

CHECK failure: length == previously_materialized_objects->length()

#328680228Reporter: 24...@project.gserviceaccount.com
$0
6/19/2024

Security: Local cards can be retrieved in chrome://settings/payments when Payments Mandatory Re-auth is turned on through DevTools.

#40073089Reporter: vi...@google.com
$0
6/19/2024

heap-use-after-free heap-use-after-free media\audio\audio_renderer_mixer_manager.cc:228 in blink::AudioRendererMixerManager::ReturnMixer

#328918906Reporter: m....@gmail.com
$8,000
6/19/2024

chrome://whats-new/ CSP allows loading any HTTPS page

#328690293Reporter: je...@gmail.com
$1,000
6/18/2024

Security: `Android` Top-level redirect from cross-origin iframe by setting `Content-Security-Policy: sandbox allow-top-navigation` Bypass of Issue 1251790

#41493458Reporter: el...@gmail.com
$3,000
6/18/2024

CHECK failure: !translated_values->IsMaterializedObject() in frames.cc

#328676392Reporter: 24...@project.gserviceaccount.com
$0
6/18/2024
Showing 3291-3300 of 10574 bugs
1...329330331...1058