Disclosed Chromium Security Bugs

video_capture_host_mojolpm_fuzzer: Heap-use-after-free in base::RepeatingCallback

#382135228Reporter: 24...@project.gserviceaccount.com
$0
3/23/2025

Incorrect implementation of the fast path in Object.assign() lead to memory corruption.

#383647255Reporter: hu...@gmail.com
$20,000
3/23/2025

webnn_graph_mojolpm_fuzzer: Crash in tflite::impl::InterpreterBuilder::ParseTensors

#383373317Reporter: 24...@project.gserviceaccount.com
$0
3/23/2025

DCHECK failure in TranslatedValue::kAllocated == child_slot->materialization_state() in translated

#383397477Reporter: 24...@project.gserviceaccount.com
$0
3/22/2025

DedicatedOrSharedWorkerFetchContextImpl::accept_languages_watcher_ is a raw_ptr... to a GarbageCollected class

#379869752Reporter: cd...@chromium.org
$0
3/21/2025

DCHECK failure in mutable_heap_number->IsHeapNumber() in maglev-graph-builder.cc

#382547590Reporter: 24...@project.gserviceaccount.com
$0
3/21/2025

audio_decoder_fuzzer: Heap-buffer-overflow in mov_read_trun

#383454674Reporter: 24...@project.gserviceaccount.com
$0
3/21/2025

heap-use-after-free cc\tiles\gpu_image_decode_cache.cc:2469 in cc::GpuImageDecodeCache::DecodeImageIfNecessary

#368222741Reporter: m....@gmail.com
$4,000
3/20/2025

DCHECK failure in IsTrustedObject(object) in heap-visitor-inl.h

#383187492Reporter: 24...@project.gserviceaccount.com
$0
3/20/2025

DCHECK failure in kSize == map->instance_size() in objects-body-descriptors.h

#383195003Reporter: 24...@project.gserviceaccount.com
$0
3/20/2025
Showing 451-460 of 8283 bugs
1...454647...829