Disclosed Chromium Security Bugs

←Back to Dashboard

Search Titles

Sort By

Time Range

Reward Range

Bugs per Page

heap-use-after-free in cc::LayerTreeHost::NotifyTransitionRequestsFinished

#411573532•Reporter: m....@gmail.com

$50,000

8/21/2025

ipcz bug can allow renderer duplicate browser process handle to escape sandbox

#412578726•Reporter: ha...@gmail.com

$250,000

8/6/2025

Improper Error Handling in LateLoadElimination for String Map in Turboshaft Leads to RCE

#403211343•Reporter: hu...@gmail.com

$50,000

7/11/2025

Arbitrary Wasm type confusion due to transient canonical index overflow

#400086889•Reporter: se...@gmail.com

$62,000

6/17/2025

Signal SIGTRAP in v8

#400052777•Reporter: ki...@gmail.com

$55,000

6/11/2025

WasmCode "resurrection" using the WasmImportWrapperCache can lead to JIT allocation UaF, causing memory corruption

#391907159•Reporter: ma...@popax21.dev

$55,000

5/10/2025

Incorrect WriteBarrier Optimization in ObjectAssign FastPath Leads to Exploitable UAF Vulnerability

#392521083•Reporter: hu...@gmail.com

$50,000

5/8/2025

WebAssembly out-of-bounds memory access due to broken memory64 guard page assumptions

#388290793•Reporter: se...@gmail.com

$55,000

4/18/2025

WasmGCTypeAnalyzer improperly revisits single-block loops, leading to type confusion

#383356864•Reporter: ma...@popax21.dev

$55,000

4/11/2025

Incorrect node replacement optimization during Maglev graph construction leads to RCE

#386565144•Reporter: hu...@gmail.com

$50,000

4/11/2025

Showing 1-10 of 25 bugs