Disclosed Chromium Security Bugs

Heap-use-after-free in ash::DesksBarView::FinalizeDragDesk

#40056290Reporter: cl...@chromium.org
$0
11/2/2021

use after free content::FontAccessManagerImpl::DidChooseLocalFonts

#40056362Reporter: wx...@gmail.com
$20,000
11/2/2021

Security: SkAbort_FileLine Assert Failed

#40056376Reporter: ha...@gmail.com
$0
11/2/2021

CHECK failure: addr + size <= chunk_->area_end()

#40056482Reporter: cl...@chromium.org
$0
11/2/2021

tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::ExtractBindingRemapperInputs

#40056608Reporter: cl...@chromium.org
$0
11/2/2021

tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::Reader::string

#40056610Reporter: cl...@chromium.org
$0
11/2/2021

Redirects should be handled by CSP form-action in a spec-compliant way

#40085903Reporter: lu...@chromium.org
$0
10/30/2021

Referrer Policy bypass with javascript URL

#40090848Reporter: s....@gmail.com
$1,000
10/30/2021

Security: Possible to escape sandbox via devtools_page (alternative method)

#40052752Reporter: de...@gmail.com
$5,000
10/30/2021

dawn_wire_server_and_d3d12_backend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::InjectDevice::::__invoke

#40056327Reporter: cl...@chromium.org
$0
10/29/2021
Showing 6081-6090 of 10939 bugs
1...608609610...1094