Disclosed Chromium Security Bugs

ANGLE WebGL2: Missing Per-Layer Init Tracking in TEXTURE_2D_ARRAY Leaves Layers Uninitialized, Leads to Cross-Origin GPU Texture Data Leak

#492131521Reporter: sw...@gmail.com
$3,000
6/27/2026

Vulnerability: CVE-2026-25210 affecting GitOnBorg::chromium::chromium::src

#492812194Reporter: au...@google.com
$0
6/27/2026

Use-After-Free in ipcz message deserialization via overlapping DriverObjectData handle ranges

#483956252Reporter: ps...@gmail.com
$25,000
6/27/2026

Missing output channel divisibility check in grouped convolution leads to heap OOB read in the GPU process via WebNN

#493708165Reporter: je...@gmail.com
$3,000
6/27/2026

Missing size validation in WebNN TFLite quantize parameter serialization leads to out-of-bounds read in the GPU process

#494089502Reporter: je...@gmail.com
$43,000
6/27/2026

heap-use-after-free READ in ElementRuleCollector InputRules path, page load, MiraclePtr unprotected

#493952652Reporter: nn...@gmail.com
$5,000
6/27/2026

Integer overflow in ANGLE D3D11 streaming vertex buffer leads to massive heap OOB write in the GPU process on Windows

#489791424Reporter: je...@gmail.com
$3,000
6/27/2026

Vulnerability: multiple vulnerabilities affecting GitOnBorg::chromium::chromium::src

#494347521Reporter: au...@google.com
$0
6/27/2026

Crash in v8::internal::maglev::NodeBase::opcode

#494359288Reporter: 24...@project.gserviceaccount.com
$0
6/27/2026

grok:grk_decompress_fuzzer: Bad-cast to IStream from grk::TileComponentWindow in grk::MarkerParser::setStream

#505688298Reporter: 87...@developer.gserviceaccount.com
$0
6/26/2026
Showing 401-410 of 11332 bugs