Disclosed Chromium Security Bugs

libwebp:enc_fuzzer@Enc.EncTest: Use-of-uninitialized-value in AlphaReplace_SSE2

#454314139Reporter: 87...@developer.gserviceaccount.com
$0
10/31/2025

bloaty:fuzz_target: Crash in std::__1::basic_string, std::__1::allocator

#451333837Reporter: 87...@developer.gserviceaccount.com
$0
10/31/2025

V8 sandbox bypass due to NativeModule swapping while module instantiation was ongoing

#433407763Reporter: pv...@gmail.com
$20,000
10/31/2025

Command injection in "Copy as cURL (cmd)" due to improper sanitization

#427367145Reporter: am...@gmail.com
$1,500
10/31/2025

qemu:qemu-fuzz-i386-target-generic-fuzz-am53c974: Heap-buffer-overflow in scsi_cdb_length

#439878564Reporter: 87...@developer.gserviceaccount.com
$0
10/30/2025

arrow:arrow-csv-fuzz: Heap-use-after-free in arrow::Status arrow::csv::BlockParserImpl::ParseSpecialized

#452118314Reporter: 87...@developer.gserviceaccount.com
$0
10/30/2025

arrow:arrow-csv-fuzz: Heap-use-after-free in arrow::ConcatenateBuffers

#452079536Reporter: 87...@developer.gserviceaccount.com
$0
10/30/2025

openexr:openexr_exrcheck_fuzzer: Heap-buffer-overflow in generic_unpack

#456158449Reporter: 87...@developer.gserviceaccount.com
$0
10/30/2025

V8 Sandbox Bypass: InstantiateAsmJs builtin doesn't protect against mid-builtin dispatch handle swaps

#430960844Reporter: ma...@popax21.dev
$20,000
10/30/2025

v8_wasm_deopt_fuzzer: Crash in std::__Cr::pair v8::internal::MarkCompactCollector

#433469898Reporter: 24...@project.gserviceaccount.com
$0
10/30/2025
Showing 61-70 of 8802 bugs
1...678...881