Disclosed Chromium Security Bugs

OOB read in TFLite TransposeConvV2

#492668885Reporter: he...@gmail.com
$3,000
6/26/2026

OOB Write in the TFLite Concatenation

#492421926Reporter: he...@gmail.com
$18,000
6/26/2026

Chromium / Chrome DevTools Protocol: WebSocket Endpoint Missing Host Header Validation (DNS Rebinding Bypass)

#491555187Reporter: ik...@gmail.com
$0
6/26/2026

V8 correctness failure in sources: d3

#490353576Reporter: 24...@project.gserviceaccount.com
$0
6/26/2026

Heap buffer overflow in TFLite StridedSlice via WebNN slice() due to float32 precision loss in output shape computation

#493310462Reporter: je...@gmail.com
$43,000
6/26/2026

Heap buffer overflow in TFLite pooling via WebNN Pool2d windowDimensions uint32-to-int32 truncation

#493310458Reporter: je...@gmail.com
$3,000
6/26/2026

Heap buffer overflow in TFLite FullyConnectedPerChannel via WebNN quantized GEMM with wrong per-axis quantization dimension

#493319454Reporter: je...@gmail.com
$43,000
6/26/2026

Crash with empty stacktrace

#493314948Reporter: 24...@project.gserviceaccount.com
$0
6/26/2026

libredwg:llvmfuzz: Heap-buffer-overflow in dxf_fixup_string

#525088817Reporter: 87...@developer.gserviceaccount.com
$0
6/25/2026

libredwg:llvmfuzz: Heap-buffer-overflow in dwg_geojson_object

#525088107Reporter: 87...@developer.gserviceaccount.com
$0
6/25/2026
Showing 421-430 of 11332 bugs