Disclosed Chromium Security Bugs
←Back to DashboardDCOMPSurfaceRegistry race in Media Foundation DirectComposition
$4,000
7/17/2026
VP9 alpha plane use-after-free via show_existing_frame reuse of FrameBufferPool storage
$8,000
7/17/2026
Use-After-Free in DCOMPSurfaceRegistry due to data race on unsynchronized flat_map access in GPU Process
$11,000
7/17/2026
Integer truncation in ANGLE D3D11 VertexDataManager leads to heap OOB read from compromised renderer on Windows
$3,000
7/17/2026
iOS Chrome download origin spoof: spoofing downloaded file as it's from any legitimate site via data: URI
$2,000
7/17/2026
Integer overflow in ANGLE D3D11 compressed 3D texture deferred-init leads to heap OOB read in GPU process
$3,000
7/17/2026
Integer overflow in ruy pack kernel offset leads to heap OOB write in the GPU process via WebNN quantized Gemm
$11,000
7/16/2026
Integer overflow in ruy SumsBytes leads to heap OOB write in the GPU process via WebNN quantized Gemm
$11,000
7/16/2026
Security issue update: Heap-Buffer-Overflow in ResourceKey::Builder::finish via Canvas2D Dash Pattern Size Packing Truncation
$3,000
7/16/2026
Security: heap-use-after-free in gpu::SyncToken::operator=(gpu::SyncToken const&)
$7,000
7/15/2026