Disclosed Chromium Security Bugs

←Back to Dashboard

Search Titles

Sort By

Time Range

Reward Range

Bugs per Page

ipcz bug can allow renderer duplicate browser process handle to escape sandbox

#412578726•Reporter: ha...@gmail.com

$250,000

8/6/2025

V8 Sandbox Bypass: AAW via array length corruption in Turbofan spread call inlining

#395895382•Reporter: se...@gmail.com

$20,000

8/2/2025

GPU process crash via WebGPU shader - heap-buffer-overflow in Mesa brw_fs_opt_register_coalesce

#384531062•Reporter: a7...@gmail.com

$10,000

7/24/2025

GPU process crash via WebGPU shader - stack-buffer-overflow in Mesa nir_extract_bits

#408364839•Reporter: a7...@gmail.com

$10,000

7/23/2025

Buffer Overflow (GPU process) in Chrome Windows Media Foundation Encode Accelerator

#409619251•Reporter: el...@cryptosearch.tools

$15,000

7/19/2025

AddressSanitizer: heap-use-after-free on address 0x7da147715900 at pc 0x55baa6985542 bp 0x7ffe146adfd0 sp 0x7ffe146adfc8

#405292639•Reporter: zy...@gmail.com

$11,000

7/16/2025

Improper Error Handling in LateLoadElimination for String Map in Turboshaft Leads to RCE

#403211343•Reporter: hu...@gmail.com

$50,000

7/11/2025

V8 Sandbox Bypass: SP/PC control via Wasm JSPI central stack top confusion

#404285918•Reporter: se...@gmail.com

$20,000

7/11/2025

V8 Sandbox Bypass: Uninitialized read to switch-case OOB jump in Maglev JSGeneratorObject allocation inlining

#403600260•Reporter: se...@gmail.com

$25,000

7/2/2025

The maglev-pretenure-store-values feature leads to bypass of write barrier check

#400584607•Reporter: hu...@gmail.com

$10,000

6/25/2025

Showing 1-10 of 371 bugs

1 2 3 4...38