Disclosed Chromium Security Bugs

DCHECK failure in !IsSnapshot() in maglev-ir.h

#447702265Reporter: 24...@project.gserviceaccount.com
$0
1/5/2026

php:php-fuzz-execute: Heap-buffer-overflow in _zval_undefined_op1

#473243511Reporter: 87...@developer.gserviceaccount.com
$0
1/4/2026

imagemagick:encoder_ept_fuzzer: Use-of-uninitialized-value in TIFFReadDirectory

#467211915Reporter: 87...@developer.gserviceaccount.com
$0
1/4/2026

mruby:mruby_fuzzer: Heap-use-after-free in str_escape

#472567524Reporter: 87...@developer.gserviceaccount.com
$0
1/4/2026

poppler:qt_label_fuzzer: Use-of-uninitialized-value in XRef::readXRef

#472635023Reporter: 87...@developer.gserviceaccount.com
$0
1/3/2026

poppler:doc_fuzzer: Use-of-uninitialized-value in Parser::shift

#462673430Reporter: 87...@developer.gserviceaccount.com
$0
1/3/2026

poppler:qt_label_fuzzer: Use-of-uninitialized-value in Parser::getObj

#472312313Reporter: 87...@developer.gserviceaccount.com
$0
1/3/2026

mruby:mruby_fuzzer: Segv on unknown address in mrb_bint_reduce

#472538295Reporter: 87...@developer.gserviceaccount.com
$0
1/3/2026

Check failed: !WriteBarrier::IsRequired(heap_object, Tagged(value)).

#446463984Reporter: je...@gmail.com
$10,000
1/3/2026

CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc

#447457117Reporter: 24...@project.gserviceaccount.com
$0
1/3/2026
Showing 81-90 of 9388 bugs
1...8910...939