Disclosed Chromium Security Bugs

GPU process crash via WebGPU shader - wild-deref in Mesa try_opt_exclusive_scan_to_inclusive

#425390965Reporter: a7...@gmail.com
$10,000
10/1/2025

GPU process crash via WebGPU shader - heap-buffer-overflow in Mesa anv_nir_compute_push_layout

#421399969Reporter: a7...@gmail.com
$10,000
9/23/2025

Deoptimize: inconsistency in materialization can insert unexpected value to the interpreter stack frame

#423050527Reporter: ak...@gmail.com
$10,000
9/17/2025

V8 Sandbox Bypass: AAW via clobbered i32 high word on return value in Liftoff

#421403261Reporter: se...@gmail.com
$20,000
9/10/2025

V8 Sandbox Bypass: Stack corruption via signature mismatch during call baseline code

#417636716Reporter: iw...@gmail.com
$20,000
8/26/2025

heap-use-after-free in cc::LayerTreeHost::NotifyTransitionRequestsFinished

#411573532Reporter: m....@gmail.com
$50,000
8/21/2025

ipcz bug can allow renderer duplicate browser process handle to escape sandbox

#412578726Reporter: ha...@gmail.com
$250,000
8/6/2025

V8 Sandbox Bypass: AAW via array length corruption in Turbofan spread call inlining

#395895382Reporter: se...@gmail.com
$20,000
8/2/2025

GPU process crash via WebGPU shader - heap-buffer-overflow in Mesa brw_fs_opt_register_coalesce

#384531062Reporter: a7...@gmail.com
$10,000
7/24/2025

GPU process crash via WebGPU shader - stack-buffer-overflow in Mesa nir_extract_bits

#408364839Reporter: a7...@gmail.com
$10,000
7/23/2025
Showing 1-10 of 377 bugs
1234...38