Disclosed Chromium Security Bugs

Heap Buffer Overflow in TFLite Pad operator due to unhandled allocation failure

#494341335Reporter: ni...@intel.com
$0
6/28/2026

renderer_in_process_mojolpm_fuzzer: Heap-use-after-free in renderer_in_process_mojolpm_fuzzer

#487750530Reporter: 24...@project.gserviceaccount.com
$0
6/28/2026

DCHECK failure in HasOutputRegister(target) in maglev-graph-builder.h

#494626929Reporter: 24...@project.gserviceaccount.com
$0
6/28/2026

libredwg:llvmfuzz: Global-buffer-overflow in section_move_before

#528059079Reporter: 87...@developer.gserviceaccount.com
$0
6/27/2026

sqlite3:ossfuzz: Use-of-uninitialized-value in selectExpander

#499576219Reporter: 87...@developer.gserviceaccount.com
$0
6/27/2026

open5gs:nas_5gs_message_fuzz: Use-of-uninitialized-value in ogs_cpystrn

#527978938Reporter: 87...@developer.gserviceaccount.com
$0
6/27/2026

Use-After-Free in Dawn Wire Server Uncaptured-Error Callback via Incomplete Device Unregistration Cleanup

#491518608Reporter: se...@gmail.com
$70,000
6/27/2026

Type confusion in CSSRepeatValue via IsValueList() range check leads to renderer crash

#492735383Reporter: je...@gmail.com
$11,000
6/27/2026

OOB write in Skia MakeFromData

#492780653Reporter: he...@gmail.com
$0
6/27/2026

Use-after-free in shared WordBreakIteratorPool via Proofreader API

#492421936Reporter: je...@gmail.com
$11,000
6/27/2026
Showing 391-400 of 11332 bugs