Disclosed Chromium Security Bugs

heap-use-after-free in wl_proxy_marshal_array_flags

#433027577Reporter: yu...@gmail.com
$1,000
1/2/2026

DCHECK failure in v8_flags.assert_hole_checked_by_value implies !SafeIsAnyHole(obj) in heap-object

#447107750Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

V8 sandbox violation in v8::internal::maglev::VirtualObject::set

#447219812Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

Crash in v8::internal::MinorMarkSweepCollector::DrainMarkingWorklist

#447235294Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h

#447004458Reporter: 24...@project.gserviceaccount.com
$0
1/2/2026

checkstyle:CheckstyleFuzzer: Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

#472084712Reporter: 87...@developer.gserviceaccount.com
$0
1/1/2026

libssh:ssh_bind_config_fuzzer_nalloc: Heap-double-free in local_parse_glob

#449017557Reporter: 87...@developer.gserviceaccount.com
$0
1/1/2026

V8 Sandbox Bypass: WasmCPT handle UAF by import dispatch table growth

#446113730Reporter: se...@gmail.com
$20,000
1/1/2026

Heap-use-after-free in ui::AcceleratorManager::Process

#446986774Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026

Heap-use-after-free in ui::AcceleratorManager::Process

#446962939Reporter: 24...@project.gserviceaccount.com
$0
1/1/2026
Showing 771-780 of 10158 bugs
1...777879...1016