Disclosed Chromium Security Bugs

Security: Debug check failed: use->opcode() == IrOpcode::kLoopExitEffect || use->opcode() == IrOpcode::kLoopExitValue.

#40948441Reporter: je...@gmail.com
$8,000
3/14/2024

Security: Debug check failed: idx.offset() / sizeof(OperationStorageSlot) < size(), leading to segment fault.

#40948927Reporter: je...@gmail.com
$11,000
3/14/2024

Security: Debug check failed: !can_be_invalid implies result.valid().

#40948479Reporter: je...@gmail.com
$10,000
3/14/2024

GPU failure in blink::AXObject::ParentObject

#40948951Reporter: cl...@chromium.org
$0
3/13/2024

Trap in Builtins_FlattenIntoArrayWithMapFn

#40948111Reporter: cl...@chromium.org
$0
3/13/2024

DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h

#40947204Reporter: cl...@chromium.org
$0
3/13/2024

Security: AddressSanitizer: heap-use-after-free on address 0x11f602026080 at pc 0x7ffc02e5a899 bp 0x000bbe7fed80 sp 0x000bbe7fedc8

#40945774Reporter: 18...@gmail.com
$1,000
3/12/2024

Security: Bypass and Semi Regression of Issue 1472404 fix which Bypass the Protection of input fields cache (Autofill)

#40075980Reporter: el...@gmail.com
$2,000
3/12/2024

Security: chrome.debugger API can capture cookies of host blocked by Enterprise Policy

#40075672Reporter: fa...@gmail.com
$2,000
3/12/2024

UAF in SharedImageManager of GPU

#40062056Reporter: he...@gmail.com
$5,000
3/12/2024
Showing 3581-3590 of 10591 bugs
1...358359360...1060