Disclosed Chromium Security Bugs

DCOMPSurfaceRegistry race in Media Foundation DirectComposition

#493315759Reporter: ke...@gmail.com
$4,000
7/17/2026

VP9 alpha plane use-after-free via show_existing_frame reuse of FrameBufferPool storage

#500066234Reporter: je...@gmail.com
$8,000
7/17/2026

Use-After-Free in DCOMPSurfaceRegistry due to data race on unsynchronized flat_map access in GPU Process

#490251701Reporter: se...@gmail.com
$11,000
7/17/2026

Integer truncation in ANGLE D3D11 VertexDataManager leads to heap OOB read from compromised renderer on Windows

#489369089Reporter: je...@gmail.com
$3,000
7/17/2026

iOS Chrome download origin spoof: spoofing downloaded file as it's from any legitimate site via data: URI

#394997959Reporter: pr...@gmail.com
$2,000
7/17/2026

Integer overflow in ANGLE D3D11 compressed 3D texture deferred-init leads to heap OOB read in GPU process

#497896137Reporter: se...@gmail.com
$3,000
7/17/2026

Integer overflow in ruy pack kernel offset leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497159159Reporter: je...@gmail.com
$11,000
7/16/2026

Integer overflow in ruy SumsBytes leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497202425Reporter: je...@gmail.com
$11,000
7/16/2026

Security issue update: Heap-Buffer-Overflow in ResourceKey::Builder::finish via Canvas2D Dash Pattern Size Packing Truncation

#495700484Reporter: se...@gmail.com
$3,000
7/16/2026

Security: heap-use-after-free in gpu::SyncToken::operator=(gpu::SyncToken const&)

#495262779Reporter: zh...@gmail.com
$7,000
7/15/2026
Showing 1-10 of 1957 bugs