Disclosed Chromium Security Bugs

Heap memory corruption due to overly large parameter count in WasmToJSWrapper tier-up

#394350433Reporter: se...@gmail.com
$11,000
5/16/2025

V8 Sandbox Bypass: AAW & Control flow hijack via RegExp pattern parse TOCTOU to RegExpCapture OOB

#394635429Reporter: se...@gmail.com
$20,000
5/16/2025

v8_wasm_compile_wasmgc_fuzzer: Crash in v8::internal::ScavengerCollector::CollectGarbage

#393420199Reporter: 24...@project.gserviceaccount.com
$0
5/16/2025

heap-use-after-free in content::RenderFrameHostImpl::ProcessBeforeUnloadCompleted in browser process

#391666328Reporter: 0x...@gmail.com
$5,000
5/15/2025

Stack-buffer-overflow in blink::CssValueKeywordID

#394371771Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

V8 Sandbox Bypass: OOB write in AstValueFactory::GetOneByteStringInternal

#392938085Reporter: v8...@gmail.com
$0
5/15/2025

CHECK failure: MachineRepresentation::kTagged == type.representation() || MachineRepresentation

#394120836Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

V8 sandbox violation in v8::internal::wasm::StructTypeBase::field

#394120667Reporter: 24...@project.gserviceaccount.com
$0
5/15/2025

base_persistent_histogram_allocator_fuzzer: Heap-buffer-overflow in base::PersistentHistogramAllocator::GetHistogram

#393742189Reporter: 24...@project.gserviceaccount.com
$0
5/14/2025

DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h

#393612656Reporter: 24...@project.gserviceaccount.com
$0
5/14/2025
Showing 331-340 of 8283 bugs
1...333435...829