Disclosed Chromium Security Bugs

Check failed: !WriteBarrier::IsRequired(heap_object, Tagged(value)).

#446463984Reporter: je...@gmail.com
$10,000
1/3/2026

CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc

#447457117Reporter: 24...@project.gserviceaccount.com
$0
1/3/2026

DCHECK failure in !IsSnapshot() in maglev-ir.h

#446947241Reporter: 24...@project.gserviceaccount.com
$0
1/3/2026

heap-use-after-free in content::indexed_db::Database::connections_ when force_closing_ is true

#446722008Reporter: so...@gmail.com
$100,000
1/2/2026

Spoof on virtual keyboard

#446463993Reporter: sa...@gmail.com
$3,000
1/2/2026

Triggering screenshare from an unloading page in a cross-process navigation displays the wrong origin

#442860743Reporter: do...@gmail.com
$10,000
1/2/2026

heap-use-after-free in wl_proxy_marshal_array_flags

#433027577Reporter: yu...@gmail.com
$1,000
1/2/2026

DCHECK failure in v8_flags.assert_hole_checked_by_value implies !SafeIsAnyHole(obj) in heap-object

#447107750Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

V8 sandbox violation in v8::internal::maglev::VirtualObject::set

#447219812Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

Crash in v8::internal::MinorMarkSweepCollector::DrainMarkingWorklist

#447235294Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026
Showing 411-420 of 9745 bugs
1...414243...975