Disclosed Chromium Security Bugs

Extensions can run JS on any privileged origin by exploiting already-patched vulnerabilities under devtools:// scheme.

#439058242Reporter: le...@gmail.com
$4,000
2/24/2026

Vulnerability: Insecure usage of .NET. Central Package Management disabled or deprecated project format. affecting rpc://chromium/chromium%2Fchromium

#454767153Reporter: au...@google.com
$0
2/24/2026

ffmpeg:ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer: Use-of-uninitialized-value in jpegNUMBER_bitbuf_refill_backwards

#482494999Reporter: 87...@developer.gserviceaccount.com
$0
2/23/2026

assimp:assimp_fuzzer: Segv on unknown address in aiAnimation::~aiAnimation

#483188619Reporter: 87...@developer.gserviceaccount.com
$0
2/23/2026

assimp:assimp_fuzzer: Heap-buffer-overflow in ___interceptor_strtol

#476180586Reporter: 87...@developer.gserviceaccount.com
$0
2/22/2026

apache-poi:POIHSSFFuzzer: Security exception in POIHSSFFuzzer

#486483562Reporter: 87...@developer.gserviceaccount.com
$0
2/22/2026

apache-poi:POIHSLFFuzzer: Security exception in org.apache.poi.ddf.EscherRecord.serialize

#485091380Reporter: 87...@developer.gserviceaccount.com
$0
2/22/2026

libical:libicalvcard_fuzzer: Segv on unknown address in icalarray_append

#481635423Reporter: 87...@developer.gserviceaccount.com
$0
2/22/2026

Security: site isolation bypass: Cross-origin URL disclosure via OnReceiveRedirect

#40095391Reporter: if...@google.com
$0
2/22/2026

mruby:mruby_fuzzer: Segv on unknown address in mrb_word_boxing_value_float

#486253226Reporter: 87...@developer.gserviceaccount.com
$0
2/21/2026
Showing 351-360 of 10084 bugs
1...353637...1009