Disclosed Chromium Security Bugs

GPU process crash via WebGPU shader - global-buffer-overflow in Mesa lower_mem_store

#425271170Reporter: a7...@gmail.com
$1,000
10/3/2025

V8 Sandbox Bypass: OOB write in JsonParser due to dangling GC callback

#425121216Reporter: vs...@gmail.com
$1,000
10/3/2025

DCHECK failure in !InFastCCall() in frames.cc

#424905890Reporter: 24...@project.gserviceaccount.com
$0
10/3/2025

[0-day] delete construct leaking TheHole

#427663123Reporter: cl...@google.com
$0
10/3/2025

Security: Side-channel attack allows accessing the browsing history

#40064616Reporter: is...@oy.ne.ro
$1,000
10/3/2025

Chrome on IOS ignores Content-Type header (and nosniff) when rendering XHTML content

#335611025Reporter: jo...@gmail.com
$1,000
10/3/2025

Debug check failed: dominating_frame_state.valid() in src/compiler/turboshaft/graph-builder.cc, line 2059

#424205788Reporter: al...@goodmanemail.com
$0
10/3/2025

Debug check failed: predecessors_so_far_ < predecessor_count_ (2 vs. 2). in v8

#426157225Reporter: ki...@gmail.com
$0
10/3/2025

DCHECK failure in handle.value() == index << kJSDispatchHandleShift in js-dispatch-table.h

#424627229Reporter: 24...@project.gserviceaccount.com
$0
10/2/2025

Save As file dialog steal focus behind the PictureinPictureAPI save malicious file at arbitrary path

#384050903Reporter: pu...@gmail.com
$1,000
10/2/2025
Showing 1-10 of 8577 bugs
1234...858