Disclosed Chromium Security Bugs

Heap Buffer Overflow (READ) in TFLite + XNNPack via WebNN

#483971526Reporter: to...@gmail.com
$43,000
5/30/2026

ANGLE Vulkan reinitImageAsRenderable uint32 Overflow causes GPU OOB Write

#485622239Reporter: ci...@gmail.com
$33,000
5/30/2026

Heap OOB read in SpeechRecognizerImpl::AddAudioFromRenderer

#482828615Reporter: gr...@gmail.com
$36,000
5/29/2026

Heap Buffer Overflow in TFLite + XNNPack via WebNN

#483445078Reporter: to...@gmail.com
$33,000
5/29/2026

Heap-buffer-overflow in CSSUnparsedValue::FindVariableName

#484811719Reporter: he...@gmail.com
$11,000
5/29/2026

Security: Heap-use-after-free in SecureChannelImpl::OnDecryptedResponse

#485397279Reporter: me...@gmail.com
$11,000
5/29/2026

V8: Instruction Stream Corruption in Sparkplug+ via Missing `is_short_builtin_calls_enabled()` Guard in `Runtime_PatchLoadICUninitializedBaseline`

#484789568Reporter: ca...@gmail.com
$11,000
5/27/2026

V8: Integer Truncation in Turboshaft PhiOp input_count via WASM br_table

#481074858Reporter: ca...@gmail.com
$11,000
5/24/2026

UAF in ModelContext::ForEachScriptTool

#483853103Reporter: he...@gmail.com
$10,000
5/23/2026

Missing range validation on second_chroma_qp_index_offset in H.264 PPS parser (h264_parser.cc:1151) allows out-of-spec values to reach kernel GPU drivers

#482862710Reporter: lu...@icloud.com
$10,000
5/23/2026
Showing 1-10 of 454 bugs
1234...46