Disclosed Chromium Security Bugs

V8 TurboFan contextAccess depth truncation cause type confusion in Module Variable Access

#495273999Reporter: qy...@gmail.com
$11,000
7/2/2026

UAF in UpdateShapeActive of PDF Ink V2

#494644471Reporter: he...@gmail.com
$4,000
7/2/2026

Out-of-Bounds Write in Ruy Matrix Packing Due to int32 Overflow in Quantized Conv2d

#495096655Reporter: ni...@intel.com
$0
7/2/2026

Arbitrary file read in UI DevTools via path traversal

#496107456Reporter: vm...@google.com
$0
7/2/2026

DCHECK failure in i < this ->context_local_count() in scope-info-tq-inl.inc

#495888361Reporter: 24...@project.gserviceaccount.com
$0
7/2/2026

CHECK failure: scope_info.scope_type() != ScopeType::SCRIPT_SCOPE

#495923720Reporter: 24...@project.gserviceaccount.com
$0
7/2/2026

DCHECK failure in assigned == kMaybeAssigned in maglev-graph-builder.cc

#496074718Reporter: 24...@project.gserviceaccount.com
$0
7/2/2026

Clamp-merge optimization corrupts maxPool2d padding via union aliasing, causing heap OOB write in GPU process

#494823884Reporter: je...@gmail.com
$43,000
7/2/2026

Potential OOB Read in PostScriptMetaFile::SafePlayback via crafted EMF

#496196022Reporter: vi...@google.com
$0
7/2/2026

DCHECK failure in i::Is(*local_isolate->roots_table().handle_at(index_)) in maglev-ir.cc

#495923721Reporter: 24...@project.gserviceaccount.com
$0
7/2/2026
Showing 351-360 of 11332 bugs