Disclosed Chromium Security Bugs

Security DCHECK failure: dom_start_ <= dom_end_. 3 vs in offset_mapping.cc

#379254069Reporter: 24...@project.gserviceaccount.com
$0
3/11/2025

V8 Sandbox Bypass: AAR/W via WASM dispatch table index OOB from `WasmTableObject.uses`

#350628675Reporter: se...@gmail.com
$20,000
3/11/2025

Arbitrary Wasm type confusion due to improper fix of b/380397544

#381696874Reporter: se...@gmail.com
$55,000
3/11/2025

Arbitrary WASM type confusion due to improper fix of b/379009132

#380397544Reporter: se...@gmail.com
$55,000
3/11/2025

DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h

#379843860Reporter: 24...@project.gserviceaccount.com
$0
3/11/2025

Check if WasmImportData::call_origin allows sandbox escapes

#369748454Reporter: jk...@chromium.org
$0
3/11/2025

MemorySanitizer: SEGV v8/src/heap/remembered-set-inl.h:46:38 in heap::base::SlotCallbackResult v8::internal::UpdateTypedSlotHelper::UpdateTypedSlot(v8::internal::WritableJitAllocation&, v8::internal::Heap*, v8::internal::SlotType, unsigned long, v8::internal::Scavenger::ScavengePage(v8::internal::MutablePageMetadata*)::$_2)

#380474992Reporter: al...@goodmanemail.com
$0
3/11/2025

Memory corruption in TransitiveTypeFeedbackProcessor with --wasm-deopt and multi-instance modules

#381281318Reporter: ml...@chromium.org
$0
3/11/2025

bluez:fuzz_xml: Null-dereference READ in ubsan_GetStackTrace

#382927066Reporter: 87...@developer.gserviceaccount.com
$0
3/10/2025

Chrome: Crash Report - variations::VariationsSeedStore::local_state

#376892208Reporter: cr...@google.com
$0
3/8/2025
Showing 481-490 of 8283 bugs
1...484950...829