Disclosed Chromium Security Bugs

Security: Race Condition Double Free in i915_gem_set_tiling_ioctl

#40068575Reporter: yq...@gmail.com
$0
1/19/2024

Security: heap after free at `RenderFrameHostManager::GetFrameHostForNavigation`

#40073755Reporter: 18...@gmail.com
$1,000
1/19/2024

Security: UAF in blink::CanvasResourceDispatcher::OnBeginFrame

#40074673Reporter: ki...@gmail.com
$0
1/19/2024

tint_wgsl_fuzzer: Heap-buffer-overflow in tint::SymbolTable::RegisterInternal

#40074699Reporter: cl...@chromium.org
$0
1/19/2024

Security: heap-buffer-overflow vrend_write_to_iovec

#40071209Reporter: ph...@gmail.com
$250
1/18/2024

Security: SOP bypass: Portal activation bypasses same-page drag and drop source check

#40072334Reporter: st...@gmail.com
$3,000
1/18/2024

UAF in vk::Buffer::getOffsetPointer

#40073792Reporter: em...@gmail.com
$11,000
1/18/2024

Crash in blink::AXObjectCacheImpl::RemoveSubtreeWithFlatTraversal

#40074380Reporter: cl...@chromium.org
$0
1/18/2024

Security: Debug check failed: !can_be_invalid implies result.valid() in v8/src/compiler/turboshaft/optimization-phase.h:224

#40074390Reporter: al...@goodmanemail.com
$0
1/18/2024

Security: heap-use-after-free on BrandcodeConfigFetcher::OnSimpleLoaderComplete

#40935719Reporter: 18...@gmail.com
$3,000
1/18/2024
Showing 3771-3780 of 10609 bugs
1...377378379...1061