Disclosed Chromium Security Bugs

Stale pointer in WebCore::Document::recalcStyleSelector

#40090157Reporter: ma...@gmail.com
$0
10/1/2016

WebCore::InspectorBackendDispatcher::Runtime_evaluate user after free

#40090232Reporter: ku...@gmail.com
$0
10/1/2016

Use after free when removing elements with reflections

#40090534Reporter: in...@chromium.org
$0
10/1/2016

CSSSelector double frees

#40090536Reporter: in...@chromium.org
$0
10/1/2016

Merge http://trac.webkit.org/changeset/85693

#40090761Reporter: in...@chromium.org
$0
10/1/2016

Need to merge WebKit 64-bit issue http://trac.webkit.org/changeset/86106

#40090776Reporter: sc...@gmail.com
$0
10/1/2016

write-after-free in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h:58

#40090893Reporter: kc...@chromium.org
$0
10/1/2016

Merge http://trac.webkit.org/changeset/87959 and http://trac.webkit.org/changeset/87756 for documentloader use after frees

#40091569Reporter: in...@chromium.org
$0
10/1/2016

ZDI-CAN-1283: Webkit fontface Invalid Font Family Remote Code Execution Vulnerability

#40092498Reporter: in...@chromium.org
$0
10/1/2016

Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak

#40092925Reporter: in...@chromium.org
$0
10/1/2016
Showing 6971-6980 of 10940 bugs