Disclosed Chromium Security Bugs

Security: Dangling pointer in Dawn::Buffer

#40060448Reporter: ti...@chromium.org
$0
9/21/2023

sql_recovery_fuzzer: Crash in sql::recover::VirtualCursor::AppendPageDecoder

#40062859Reporter: cl...@chromium.org
$0
9/21/2023

DCHECK failure in HasValue() in maglev-graph-builder.h

#40065747Reporter: cl...@chromium.org
$0
9/21/2023

freetype_truetype_render_fuzzer.exe: Int-overflow in T1_Face_Init

#40064860Reporter: cl...@chromium.org
$0
9/20/2023

Heap-use-after-free in ui::AXTreeSerializer::AnyDescendantWasReparented

#40065256Reporter: m....@gmail.com
$9,000
9/20/2023

Crash in v8::internal::DependentCode::SetDependentCode

#40065448Reporter: cl...@chromium.org
$0
9/20/2023

Security: Type confusion in v8 caused by incorrect side effect modelling of JSStackCheck

#40065473Reporter: m-...@github.com
$20,000
9/20/2023

CHECK failure: !descriptors.GetKey(i).IsInteresting(isolate) in objects-debug.cc

#40065486Reporter: cl...@chromium.org
$0
9/20/2023

DCHECK failure in owner == interpreter::Register::current_context() implies IsResumableFunction( b

#40065793Reporter: cl...@chromium.org
$0
9/20/2023

Regression: External protocol confirmation dialog may overlap with other origins

#40064442Reporter: zy...@gmail.com
$2,000
9/19/2023
Showing 4271-4280 of 10765 bugs
1...427428429...1077