Disclosed Chromium Security Bugs

Browser Process UAF in PasswordFormManager::OnFetchCompleted

#499062376Reporter: vm...@google.com
$0
7/16/2026

GPU-to-Browser Sandbox Escape via Unvalidated get_offset in CommandBufferHelper

#498782145Reporter: vm...@google.com
$0
7/16/2026

Cross-domain password leak via manual-fallback preview in PasswordManualFallbackFlow

#498269651Reporter: vm...@google.com
$0
7/16/2026

Potential GPU Process OOB Read/Write via unvalidated IOSurface per-plane geometry

#495850837Reporter: vi...@google.com
$0
7/16/2026

Potential type confusion in CompoundImageBacking::GetSharedMemoryPixmaps

#498834967Reporter: vm...@google.com
$0
7/16/2026

TOCTOU in Storage Access bubble allows permission spoofing

#498397912Reporter: vm...@google.com
$0
7/16/2026

Cross-origin content spoofing in Lens via unguarded PdfHost

#499262832Reporter: vm...@google.com
$0
7/16/2026

Cross-thread destruction of cppgc::Persistent in WebRTC getStats

#498841456Reporter: vm...@google.com
$0
7/16/2026

Cross-origin info leak of JS settings via PluginInfoHost::GetPluginInfo

#497385823Reporter: vm...@google.com
$0
7/16/2026

Path traversal in CRD Linux native host allows arbitrary .json file deletion

#500541413Reporter: vm...@google.com
$0
7/16/2026
Showing 41-50 of 11332 bugs
1...456...1134