Disclosed Chromium Security Bugs
←Back to DashboardV8 TurboFan contextAccess depth truncation cause type confusion in Module Variable Access
$11,000
7/2/2026
UAF in UpdateShapeActive of PDF Ink V2
$4,000
7/2/2026
Out-of-Bounds Write in Ruy Matrix Packing Due to int32 Overflow in Quantized Conv2d
$0
7/2/2026
Arbitrary file read in UI DevTools via path traversal
$0
7/2/2026
DCHECK failure in i < this ->context_local_count() in scope-info-tq-inl.inc
$0
7/2/2026
CHECK failure: scope_info.scope_type() != ScopeType::SCRIPT_SCOPE
$0
7/2/2026
DCHECK failure in assigned == kMaybeAssigned in maglev-graph-builder.cc
$0
7/2/2026
Clamp-merge optimization corrupts maxPool2d padding via union aliasing, causing heap OOB write in GPU process
$43,000
7/2/2026
Potential OOB Read in PostScriptMetaFile::SafePlayback via crafted EMF
$0
7/2/2026
DCHECK failure in i::Is(*local_isolate->roots_table().handle_at(index_)) in maglev-ir.cc
$0
7/2/2026