Disclosed Chromium Security Bugs

SEGV_ACCERR in V8

#449341185Reporter: je...@gmail.com
$8,000
1/14/2026

V8 Sandbox Bypass: In-sandbox corruption allows execution of dangerous / experimental code

#435630464Reporter: se...@gmail.com
$20,000
1/13/2026

Type confusion in inline cache prototype loading with Webassembly object prototype

#447613211Reporter: m-...@github.com
$50,000
1/13/2026

Sandbox violation: Still UAF in RemoveFromAsyncWaiterQueueList

#447307165Reporter: pi...@gmail.com
$5,000
1/13/2026

UAF in safe_browsing::RendererURLLoaderThrottle::WillRedirectRequest due to Mojo Remote being freed during resource load lifecycle

#447192722Reporter: 0x...@gmail.com
$7,000
1/13/2026

Debug check failed: has_latin1_bytecode().

#447613219Reporter: je...@gmail.com
$7,000
1/9/2026

out of bound in function ECPublicKeyFromBytes

#443196747Reporter: wx...@gmail.com
$5,000
1/6/2026

Check failed: !WriteBarrier::IsRequired(heap_object, Tagged(value)).

#446463984Reporter: je...@gmail.com
$10,000
1/3/2026

heap-use-after-free in content::indexed_db::Database::connections_ when force_closing_ is true

#446722008Reporter: so...@gmail.com
$100,000
1/2/2026

Triggering screenshare from an unloading page in a cross-process navigation displays the wrong origin

#442860743Reporter: do...@gmail.com
$10,000
1/2/2026
Showing 1-10 of 927 bugs
1234...93