Disclosed Chromium Security Bugs

Security: Cross-origin iframe can navigate top window to different site via same-site open redirect or XSS redirect

#40053936Reporter: al...@alesandroortiz.com
$3,000
9/22/2021

Heap-use-after-free in views::MenuController::ExitMenu

#40055016Reporter: cl...@chromium.org
$0
9/22/2021

bypass blocked autoredirects from cross-origin iframes

#40053780Reporter: el...@confiant.com
$5,000
9/21/2021

v8_wasm_code_fuzzer: DCHECK failure in exception_stack.back() == control_stack.size() - 1 in wasm-interpreter.cc

#40056207Reporter: cl...@chromium.org
$0
9/21/2021

Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent

#40056192Reporter: cl...@chromium.org
$0
9/19/2021

Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree

#40056128Reporter: cl...@chromium.org
$0
9/18/2021

Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers

#40056167Reporter: cl...@chromium.org
$0
9/18/2021

Heap-use-after-free in blink::StyleCrossfadeImage::ImageChanged

#40056172Reporter: cl...@chromium.org
$0
9/18/2021

Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices

#40056176Reporter: cl...@chromium.org
$0
9/18/2021

Heap-use-after-free in views::Widget::OnNativeWidgetDestroying

#40056025Reporter: cl...@chromium.org
$0
9/17/2021
Showing 6171-6180 of 10940 bugs