Disclosed Chromium Security Bugs

Security: Unretained() can be used for objects on the Oilpan heap

#40061815Reporter: vm...@gmail.com
$3,000
3/2/2023

Negative-size-param in ipcz::BlockAllocator::InitializeRegion

#40061821Reporter: cl...@chromium.org
$0
3/2/2023

Crash in Builtins_ConstructProxy

#40061864Reporter: cl...@chromium.org
$0
3/2/2023

CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k

#40061876Reporter: cl...@chromium.org
$0
3/2/2023

DCHECK failure in receiver_mode_ != ConvertReceiverMode::kNullOrUndefined in maglev-graph-builder.

#40061879Reporter: cl...@chromium.org
$0
3/2/2023

Optimization bug in TurboShaft::MachineOptimizationReducer::ReduceSignedDiv

#40061881Reporter: kw...@gmail.com
$10,000
3/2/2023

DCHECK failure at blink::WebFrameWidgetImpl::DragTargetDragEnter

#40059378Reporter: rz...@gmail.com
$1,500
3/1/2023

Security: heap-buffer-overflow in network::ThrottlingNetworkInterceptor::UpdateThrottledRecords

#40061636Reporter: 0x...@gmail.com
$2,000
3/1/2023

UAF in CartHandler

#40061782Reporter: ha...@gmail.com
$2,500
3/1/2023

substring_set_matcher_fuzzer: Crash in base::SubstringSetMatcher::AhoCorasickNode::SetEdge

#40061866Reporter: cl...@chromium.org
$0
3/1/2023
Showing 4911-4920 of 10816 bugs
1...491492493...1082