Disclosed Chromium Security Bugs

DCHECK failure in !argument.IsTheHole() in elements.cc

#40065968Reporter: cl...@chromium.org
$0
9/27/2023

DCHECK failure in !value->properties().is_conversion() in maglev-interpreter-frame-state.h

#40066048Reporter: cl...@chromium.org
$0
9/27/2023

DCHECK failure in IsPrimitiveMap() || instance_type() == WASM_NULL_TYPE in map-inl.h

#40066156Reporter: cl...@chromium.org
$0
9/27/2023

CHECK failure: predecessor in maglev-graph-builder.h

#40065996Reporter: cl...@chromium.org
$0
9/26/2023

Security: V8 Typer hardening bypass via ReduceArrayPrototypeAt

#40060174Reporter: ji...@gmail.com
$5,000
9/25/2023

DCHECK failure in source.IsValid() in js-heap-broker.cc

#40065513Reporter: cl...@chromium.org
$0
9/25/2023

CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsJSReceiver_NonInline(*

#40065572Reporter: cl...@chromium.org
$0
9/25/2023

CHECK failure: !available->IsEmpty() in macro-assembler-arm64.h

#40065878Reporter: cl...@chromium.org
$0
9/25/2023

DCHECK failure in !is_empty() in reglist-base.h

#40065940Reporter: cl...@chromium.org
$0
9/25/2023

DCHECK failure in bytecode_analysis().IsLoopHeader(offset) in maglev-graph-builder.h

#40065943Reporter: cl...@chromium.org
$0
9/25/2023
Showing 4251-4260 of 10765 bugs
1...425426427...1077