Disclosed Chromium Security Bugs

VP9 alpha plane use-after-free via show_existing_frame reuse of FrameBufferPool storage

#500066234Reporter: je...@gmail.com
$8,000
7/17/2026

Use-After-Free in DCOMPSurfaceRegistry due to data race on unsynchronized flat_map access in GPU Process

#490251701Reporter: se...@gmail.com
$11,000
7/17/2026

Integer overflow in ruy pack kernel offset leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497159159Reporter: je...@gmail.com
$11,000
7/16/2026

Integer overflow in ruy SumsBytes leads to heap OOB write in the GPU process via WebNN quantized Gemm

#497202425Reporter: je...@gmail.com
$11,000
7/16/2026

Security: heap-use-after-free in gpu::SyncToken::operator=(gpu::SyncToken const&)

#495262779Reporter: zh...@gmail.com
$7,000
7/15/2026

UAF in WebRTC LibaomAv1Encoder sync issues triggered by frequent resolution changes

#495996858Reporter: he...@gmail.com
$7,000
7/15/2026

REFILE: Browser-Process UAF in FileSystemAccessChangeSource::DidInitialize (Reliability-Improved PoC)

#497880137Reporter: as...@gmail.com
$10,000
7/15/2026

UAF in SVC reconfiguration of AV1 encoder

#495477995Reporter: he...@gmail.com
$8,000
7/15/2026

OOB Write in V8 TryMatchLoadStoreShift on Mac arm64 (OOB read on non-Mac arm64)

#499606101Reporter: he...@gmail.com
$11,000
7/15/2026

OOB write in PDFium TIFF decoder via lossless JPEG data precision mismatch

#496907110Reporter: se...@gmail.com
$50,000
7/15/2026
Showing 1-10 of 1105 bugs