Disclosed Chromium Security Bugs
←Back to DashboardOOB in GPU process: Missing negative length validation in Bucket::GetAsStrings.
$2,000
6/24/2026
TWA Origin Spoofing & UI Redressing via Intent Injection
$2,000
6/24/2026
Wrong CheckSmi elision because of CheckValueEqualsInt32
$0
6/24/2026
SubAppsServiceImpl::Remove() use-after-free: ReportBadMessageAndDeleteThis() mid-loop deletes `this`, next iteration accesses freed memory
$36,000
6/24/2026
Use-After-Free in ReadbackBufferShadowTracker via getBufferSubData with Non-Zero Offset
$11,000
6/24/2026
Heap-buffer-overflow in XNNPACK
$3,000
6/24/2026
OOB Write in GraphBuilderTflite::SerializeConv2d
$23,000
6/24/2026
Insufficient bounds check in ANGLE Metal UBO bool conversion leads to heap OOB read in GPU process on Mac
$3,000
6/24/2026
SharedStorage custom-data-origin authorization bypass via stale match state
$1,000
6/24/2026
GPU sandbox escape on macOS via lsd.modifydb > RCE
$0
6/24/2026