Disclosed Chromium Security Bugs

Heap Buffer Overflow (READ) in TFLite + XNNPack via WebNN

#483971526Reporter: to...@gmail.com
$43,000
5/30/2026

ANGLE Vulkan reinitImageAsRenderable uint32 Overflow causes GPU OOB Write

#485622239Reporter: ci...@gmail.com
$33,000
5/30/2026

Heap OOB read in SpeechRecognizerImpl::AddAudioFromRenderer

#482828615Reporter: gr...@gmail.com
$36,000
5/29/2026

Heap Buffer Overflow in TFLite + XNNPack via WebNN

#483445078Reporter: to...@gmail.com
$33,000
5/29/2026

Heap-buffer-overflow in CSSUnparsedValue::FindVariableName

#484811719Reporter: he...@gmail.com
$11,000
5/29/2026

Security: Heap-use-after-free in SecureChannelImpl::OnDecryptedResponse

#485397279Reporter: me...@gmail.com
$11,000
5/29/2026

V8: Instruction Stream Corruption in Sparkplug+ via Missing `is_short_builtin_calls_enabled()` Guard in `Runtime_PatchLoadICUninitializedBaseline`

#484789568Reporter: ca...@gmail.com
$11,000
5/27/2026

Security Check failed: Cannot create a handle without a HandleScope in v8::HandleScope::CreateHandle()

#482839657Reporter: je...@gmail.com
$8,000
5/26/2026

V8: Integer Truncation in Turboshaft PhiOp input_count via WASM br_table

#481074858Reporter: ca...@gmail.com
$11,000
5/24/2026

UAF in ModelContext::ForEachScriptTool

#483853103Reporter: he...@gmail.com
$10,000
5/23/2026
Showing 1-10 of 998 bugs
1234...100