Disclosed Chromium Security Bugs

←Back to Dashboard

Search Titles

Sort By

Time Range

Reward Range

Bugs per Page

Extensions can hijack Gemini in the browser webview process to perform PE attacks by abusing DNR permissions, allowing stealing prompts, PII leakage, unrestricted access to camera-microphone and more

#463155954•Reporter: we...@gmail.com

$7,000

3/4/2026

Security: SEGV_ACCERR 000044332211 in V8

#460678755•Reporter: je...@gmail.com

$8,000

2/25/2026

DCHECK Fail when Maglev Generates Exception Handler Trampoline Instructions

#457351015•Reporter: hu...@gmail.com

$10,000

2/17/2026

V8 Sandbox Bypass: AAW/PC control via CallKnownJSFunction reduction for builtins

#454927471•Reporter: kr...@gmail.com

$22,000

2/7/2026

Maglev - CallBuiltin (input @0 = LoadHoleyFixedDoubleArrayElement) type HoleyFloat64 is not Tagged

#456547591•Reporter: sh...@gmail.com

$11,000

2/7/2026

V8 Sandbox Bypass: WasmCPT handle UAF by import dispatch table corruption (multiple variants of b/446113730)

#452605803•Reporter: se...@gmail.com

$20,000

2/6/2026

Incorrect Optimization of ArrayConstructor by Maglev Leads to Creation of Malformed JSArray Objects

#454485895•Reporter: hu...@gmail.com

$50,000

1/31/2026

V8 Sandbox Bypass: Wasm streaming compilation cache confusion via "double streaming"

#452605804•Reporter: se...@gmail.com

$20,000

1/31/2026

Security: Compromised renderer can control mouse after single tap (UXSS, sandbox escape, and more)

#447172715•Reporter: al...@alesandroortiz.com

$30,000

1/30/2026

Out-of-bound read in the jmp table of ActiveMediaSessionController leads to sandbox escape.

#453094710•Reporter: bl...@gmail.com

$250,000

1/28/2026

Showing 1-10 of 940 bugs

1 2 3 4...94