Disclosed Chromium Security Bugs

Use-After-Free in DCOMPSurfaceRegistry due to data race on unsynchronized flat_map access in GPU Process

#490251701Reporter: se...@gmail.com
$11,000
7/17/2026

Integer overflow in ruy pack kernel offset leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497159159Reporter: je...@gmail.com
$11,000
7/16/2026

Integer overflow in ruy SumsBytes leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497202425Reporter: je...@gmail.com
$11,000
7/16/2026

REFILE: Browser-Process UAF in FileSystemAccessChangeSource::DidInitialize (Reliability-Improved PoC)

#497880137Reporter: as...@gmail.com
$10,000
7/15/2026

OOB Write in V8 TryMatchLoadStoreShift on Mac arm64 (OOB read on non-Mac arm64)

#499606101Reporter: he...@gmail.com
$11,000
7/15/2026

OOB write in PDFium TIFF decoder via lossless JPEG data precision mismatch

#496907110Reporter: se...@gmail.com
$50,000
7/15/2026

ANGLE Metal Shadow Buffer Stale Size causes GPU OOB WRITE

#492249619Reporter: ci...@gmail.com
$18,000
7/10/2026

Maglev: unsound node replacement when inlining can lead to exploitable write barrier omission

#493534950Reporter: pj...@gmail.com
$55,000
7/10/2026

UAF in Metal LibraryCache

#497724490Reporter: he...@gmail.com
$16,000
7/10/2026

Integer overflow in TFLite StridedSlice output dimension computation leads to heap buffer overflow in the GPU process

#495864183Reporter: je...@gmail.com
$43,000
7/9/2026
Showing 1-10 of 532 bugs