Disclosed Chromium Security Bugs
←Back to DashboardExtensions can hijack Gemini in the browser webview process to perform PE attacks by abusing DNR permissions, allowing stealing prompts, PII leakage, unrestricted access to camera-microphone and more
$7,000
3/4/2026
Bottom Minibar Fails to Display URL – Potential Phishing via Spoof Bar
$2,000
3/3/2026
Security: Heap-use-after-free in LoginStateChecker::OnExecutionResponseCallback
$3,000
2/28/2026
Cross thread stack corruption caused by RTCVideoDecoderAdapter::InitializeSync
$2,000
2/28/2026
Security: SEGV_ACCERR 000044332211 in V8
$8,000
2/25/2026
Extensions can run JS on any privileged origin by exploiting already-patched vulnerabilities under devtools:// scheme.
$4,000
2/24/2026
Bypass #443948855 - Allows Arbitrary Code Execution via "Copy as cURL (cmd)" in DevTools
$1,000
2/20/2026
DCHECK Fail when Maglev Generates Exception Handler Trampoline Instructions
$10,000
2/17/2026
Windows download logic flaw: % triggers double extension sanitization bypass (.lnk .lnk, .scf .scf)
$3,000
2/11/2026
Security: opens a new window at the same time as the previous window in fullscreen mode, (the window enters fullscreen mode which is closed by another new window) leads to spoof
$1,000
2/11/2026