Disclosed Chromium Security Bugs

Handle opaque initiator origin correctly in double keyed LCPP

#380105415Reporter: ch...@chromium.org
$0
3/5/2025

net_quic_session_pool_fuzzer: Heap-use-after-free in quic::QuicFramer::ProcessIetfAckFrame

#379262246Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

net_quic_session_pool_fuzzer: Heap-use-after-free in quic::QuicSentPacketManager::MarkPacketHandled

#373025985Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

V8 Sandbox violation during OSR tier-up if code on FeedbackVector is modified

#374812612Reporter: 24...@project.gserviceaccount.com
$0
3/5/2025

pdfium_fuzzer: Crash in fxcodec::JpegDecoder::InitDecode

#379259821Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

mediasource_MP2T_AVC_pipeline_integration_fuzzer: Crash in ff_put_h264_chroma_mc4_ssse3.next2rows

#379418979Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

pdf_ink_reader_fuzzer_PdfInkReaderFuzzer_CreateMeshFromPolylineDoesntCrash_fuzzer: Crash in pqHeapDelete

#379574871Reporter: 24...@project.gserviceaccount.com
$0
3/2/2025

GPU process crash via WebGPU shader - UAF in mesa gcm_schedule_early_instr at src/compiler/nir/nir_opt_gcm.c:477

#361027508Reporter: a7...@gmail.com
$10,000
2/28/2025

Object-size in blink::mojom::blink::MediaDevicesDispatcherHost_GetAudioInputCapabilities_Forwar

#380107547Reporter: 24...@project.gserviceaccount.com
$0
2/28/2025

Use-after-free in GestureListenerManager if destroyed before RenderWidgetHost

#378464985Reporter: ol...@opera.com
$0
2/28/2025
Showing 501-510 of 8283 bugs