Disclosed Chromium Security Bugs

CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h

#40056507Reporter: cl...@chromium.org
$0
10/19/2021

Cross-origin download bypasses SameSite cookie

#40091708Reporter: s....@gmail.com
$1,000
10/18/2021

CHECK failure: kind() == CodeKind::BASELINE

#40056495Reporter: cl...@chromium.org
$0
10/18/2021

Container-overflow in cc::draw_property_utils::LayerShouldBeSkippedForDrawPropertiesComputation

#40056414Reporter: cl...@chromium.org
$0
10/17/2021

Container-overflow in cc::LayerImpl::LayerPropertyChangedFromPropertyTrees

#40056415Reporter: cl...@chromium.org
$0
10/17/2021

Container-overflow in cc::draw_property_utils::CalculateDrawProperties

#40056410Reporter: cl...@chromium.org
$0
10/16/2021

CHECK failure: addr + size <= chunk_->area_end()

#40056243Reporter: cl...@chromium.org
$0
10/15/2021

Security: Security DCHECK failed i < length() in WTF::StringView::operator[]

#40056413Reporter: ho...@gmail.com
$2,000
10/15/2021

Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper

#40056447Reporter: cl...@chromium.org
$0
10/15/2021

CHECK failure: JSFunctionRef construction failed

#40056456Reporter: cl...@chromium.org
$0
10/15/2021
Showing 6121-6130 of 10939 bugs