Disclosed Chromium Security Bugs

Heap-use-after-free in v8::Isolate::VisitHandlesWithClassIds

#40084289Reporter: th...@gmail.com
$3,500
8/18/2016

Heap-use-after-free in blink::DeferredTaskHandler::handleDirtyAudioNodeOutputs

#40084274Reporter: at...@gmail.com
$3,500
8/17/2016

Security: Heap-use-after-free in AutofillAgent::FillFieldWithValue

#40084205Reporter: ro...@robwu.nl
$1,000
8/15/2016

Bad-cast to v8::internal::AstNode from invalid vptr;wasm-js.cc:138:7

#40084144Reporter: cl...@chromium.org
$0
8/9/2016

Heap-use-after-free in blink::LayoutBoxModelObject::invalidateStickyConstraints

#40083992Reporter: at...@gmail.com
$3,500
7/12/2016

libANGLE buffer-overflow (part of pwn2own exploit)

#40083889Reporter: in...@chromium.org
$0
6/29/2016

Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer

#40083887Reporter: de...@googlemail.com
$3,500
6/24/2016

Internal object leak in ModuleSystem::RequireForJsInner => Universal XSS

#40083765Reporter: se...@gmail.com
$7,500
6/17/2016

Heap-use-after-free in blink::FrameView::performLayout

#40083779Reporter: cl...@chromium.org
$3,500
6/9/2016

ASSERTION FAILED: value.isPrimitiveValue()

#40083771Reporter: cl...@chromium.org
$0
6/7/2016
Showing 7031-7040 of 10939 bugs
1...703704705...1094