Disclosed Chromium Security Bugs

User can unknowingly Execute External File Hidden behind PiP during Interaction

#363930141Reporter: fa...@gmail.com
$1,000
4/1/2026

Android fullscreen notification is not shown when Chrome is in split-screen

#373746918Reporter: fa...@gmail.com
$1,000
3/31/2026

Unintended File Upload via `webkitdirectory` triggered by Keyboard interactions on macOS Chrome

#366056651Reporter: fa...@gmail.com
$1,000
3/31/2026

JSON.parse(): Out-of-bounds access on DescriptorArray

#469143679Reporter: hu...@gmail.com
$4,000
3/27/2026

Security: Security UI Spoofing on Chrome for Android due to the tabstrip hiding the fullscreen notification

#40946724Reporter: ch...@gmail.com
$1,000
3/26/2026

Path traversal using \.. causes sourceMappingURL to still load UNC paths on Windows

#468027781Reporter: o....@gmail.com
$2,000
3/24/2026

KeyframeEffect constructor leaks UA shadow root.

#464173573Reporter: dr...@gmail.com
$2,000
3/21/2026

Mini bar not rendered when omnibox is hidden (similar to issue 461532432)

#467448811Reporter: ch...@gmail.com
$2,000
3/21/2026

WebAuthn Attestation dialog can hide the full-screen notification.

#333313912Reporter: ch...@gmail.com
$1,000
3/21/2026

Use-after-poison in base::MemoryConsumer::UpdateMemoryLimit

#467474391Reporter: m....@gmail.com
$9,000
3/20/2026
Showing 1-10 of 1691 bugs
1234...170