Disclosed Chromium Security Bugs

Security: heap-use-after-free in gpu::SyncToken::operator=(gpu::SyncToken const&)

#495262779Reporter: zh...@gmail.com
$7,000
7/15/2026

UAF in WebRTC LibaomAv1Encoder sync issues triggered by frequent resolution changes

#495996858Reporter: he...@gmail.com
$7,000
7/15/2026

Dawn: heap-use-after-free and double-free in DeviceBase::GetErrorScopeStack() due to unsynchronized mErrorScopeStacks access

#498405314Reporter: ex...@gmail.com
$0
7/15/2026

Potential Browser-Process UAF in GtkUiPlatformWayland::OnHandleSetTransient

#500033878Reporter: vm...@google.com
$0
7/15/2026

Potential browser-process UAF in PermissionDialogJavaDelegate due to synchronous JNI re-entry

#499247910Reporter: vm...@google.com
$0
7/15/2026

Potential Use-After-Free in XRRuntimeManagerImpl during GPU Restart

#498702233Reporter: rj...@google.com
$0
7/15/2026

REFILE: Browser-Process UAF in FileSystemAccessChangeSource::DidInitialize (Reliability-Improved PoC)

#497880137Reporter: as...@gmail.com
$10,000
7/15/2026

Bypass of OS re-auth in Password Manager WebUI allows automated password changes via AI

#496183102Reporter: vm...@google.com
$0
7/15/2026

Potential V8 Sandbox Escape via TOCTOU in kScriptWrappableTagRange during DOM Serialization

#496580236Reporter: vi...@google.com
$0
7/15/2026

Heap-buffer-overflow in VertexArrayGL::streamAttributes via shiftInstancedArrayDataWithOffset

#497928952Reporter: ca...@gmail.com
$2,000
7/15/2026
Showing 81-90 of 11332 bugs
1...8910...1134