Disclosed Chromium Security Bugs

ANGLE Metal Stale mFormat Cache causes GPU OOB WRITE

#493256564Reporter: ci...@gmail.com
$77,000
7/1/2026

OOB read in ShapeResultView::ForEachGraphemeClusters via multi-glyph cluster skip logic

#492350406Reporter: je...@gmail.com
$3,000
7/1/2026

Potential OOB Read in VA-API Driver via Unvalidated JPEG Quantization Table Selector

#495530312Reporter: rj...@google.com
$0
7/1/2026

Potential Use-After-Free in SystemMediaControlsWin::SetThumbnail via raw 'this' capture

#495108488Reporter: er...@chromium.org
$0
7/1/2026

mruby:mruby_fuzzer: Heap-buffer-overflow in mrb_vm_exec

#527684725Reporter: 87...@developer.gserviceaccount.com
$0
6/30/2026

heap-use-after-free in v8_inspector::V8DebuggerAgentImpl::setBreakpointByUrl

#493631402Reporter: sa...@gmail.com
$3,000
6/30/2026

UAF in OnGpuControlReturnData

#486505678Reporter: he...@gmail.com
$8,000
6/30/2026

UAF in KEGLGetPoolBuffers cause chrome sandbox escape

#475396626Reporter: ha...@gmail.com
$25,000
6/30/2026

V8 sandbox violation in v8::internal::compiler::HeapObjectData::GetMapInstanceType

#494388119Reporter: 24...@project.gserviceaccount.com
$0
6/30/2026

DCHECK failure in has_parent() in wasm-objects-inl.h

#493529579Reporter: 24...@project.gserviceaccount.com
$0
6/30/2026
Showing 371-380 of 11332 bugs