Disclosed Chromium Security Bugs

heap-buffer-overflow : media::D3D11H264Accelerator::SubmitFrameMetadata

#40055401Reporter: cr...@system.gserviceaccount.com
$0
9/29/2021

Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode

#40056274Reporter: cl...@chromium.org
$6,000
9/29/2021

Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild

#40056280Reporter: cl...@chromium.org
$0
9/29/2021

Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild

#40056293Reporter: cl...@chromium.org
$0
9/29/2021

Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult

#40056124Reporter: cl...@chromium.org
$0
9/26/2021

Freelist Corruption with PartitionAlloc on 93.0.4541.0+ related to allocation of LayoutObjects/PaintLayers

#40056099Reporter: li...@chromium.org
$0
9/24/2021

Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent

#40056217Reporter: cl...@chromium.org
$0
9/24/2021

Crash in cppgc::internal::PageBackend::AllocateLargePageMemory

#40056246Reporter: cl...@chromium.org
$0
9/24/2021

Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices

#40056205Reporter: cl...@chromium.org
$0
9/23/2021

v8_wasm_fuzzer: DCHECK failure in 0 < code.size() in function-compiler.cc

#40056215Reporter: cl...@chromium.org
$0
9/23/2021
Showing 6161-6170 of 10940 bugs