Disclosed Chromium Security Bugs

DCHECK failure in Holder v8::internal::TrustedCast(Holder, SourceLocation) [To = v8::int

#465488602Reporter: 24...@project.gserviceaccount.com
$0
3/12/2026

V8: OOB memmove in FixedArray::MoveElements triggered via Array.shift leads to negative-size copy

#464459404Reporter: am...@gmail.com
$5,000
3/12/2026

V8 Sandbox Bypass: AAW/PC control via dispatch entry UAF during InstantiateAsmJs by hijacking start

#462217236Reporter: kr...@gmail.com
$20,000
3/12/2026

Integer Overflow leading to Buffer Overflow in tiny_ssim

#412867398Reporter: da...@gmail.com
$0
3/11/2026

glslang:compile_fuzzer: Heap-buffer-overflow in glslang::HlslGrammar::acceptDeclaration

#42528461Reporter: mo...@clusterfuzz-external.iam.gserviceaccount.com
$0
3/11/2026

radare2:ia_fuzz: Heap-buffer-overflow in dotnet_parse_version_info

#467965779Reporter: 87...@developer.gserviceaccount.com
$0
3/11/2026

V8 correctness failure in sources: 62

#464323255Reporter: 24...@project.gserviceaccount.com
$0
3/11/2026

DCHECK failure in !IsTheHole(*value, isolate_) in lookup.cc

#465206647Reporter: 24...@project.gserviceaccount.com
$0
3/11/2026

[WebGLOnWebGPU] Incorrect count passed to glUniformMatrix* functions

#464725735Reporter: le...@gmail.com
$2,000
3/11/2026

tinyobjloader:fuzz_ParseFromString: Heap-buffer-overflow in tinyobj::tryParseDouble

#490598877Reporter: 87...@developer.gserviceaccount.com
$0
3/10/2026
Showing 871-880 of 10782 bugs
1...878889...1079