Disclosed Chromium Security Bugs

use-after-poison write in WasmFunctionBuilder::WriteBody

#485152421Reporter: qy...@gmail.com
$10,000
6/2/2026

Heap-buffer-overflow in blink::FFTFrame 146.0.7670.0

#484088917Reporter: da...@gmail.com
$7,000
6/2/2026

Heap Buffer Overflow in BackgroundReadback GPU Readback with Non-Zero visibleRect Offset Leads to Renderer Process Memory Corruption

#485683110Reporter: je...@gmail.com
$50,000
6/2/2026

V8 Sandbox Bypass: controlled OOB write to `Isolate` via RegExp source corruption during tier-up.

#486084137Reporter: ma...@advert.com.au
$20,000
6/2/2026

Heap-buffer-overflow in Skia PathStencilCoverOp via AtlasPathRenderer integer overflow

#484983991Reporter: si...@gmail.com
$32,000
6/2/2026

Use-After-Free in Canvas2D beginLayer Filter Parsing Leads to Renderer Crash and Potential RCE

#485677960Reporter: je...@gmail.com
$50,000
6/2/2026

URL Spoofing on Block or allow pop-ups in Chrome

#483899628Reporter: mu...@gmail.com
$1,000
5/30/2026

HTML5 Sandbox Security Model Violation with auxiliary browsing contexts being created despite the lack of "allow-popups" keyword within iframes

#483771899Reporter: ci...@exploit.cat
$1,000
5/30/2026

Heap Buffer Overflow (READ) in TFLite + XNNPack via WebNN

#483971526Reporter: to...@gmail.com
$43,000
5/30/2026

Cross-origin PDF placeholder download misclassified as browser-initiated request

#481882038Reporter: po...@gmail.com
$1,000
5/30/2026
Showing 1-10 of 1782 bugs
1234...179