Disclosed Chromium Security Bugs

OOB write in PDFium TIFF decoder via lossless JPEG data precision mismatch

#496907110Reporter: se...@gmail.com
$50,000
7/15/2026

Maglev: unsound node replacement when inlining can lead to exploitable write barrier omission

#493534950Reporter: pj...@gmail.com
$55,000
7/10/2026

ANGLE BlitGL copySubTextureCPUReadback Controlled Heap Overflow via Unsynchronized PACK_ROW_LENGTH

#490170083Reporter: ci...@gmail.com
$90,000
7/7/2026

ANGLE Metal Stale mFormat Cache causes GPU OOB WRITE

#493256564Reporter: ci...@gmail.com
$77,000
7/1/2026

Use-After-Free in Dawn Wire Server Uncaptured-Error Callback via Incomplete Device Unregistration Cleanup

#491518608Reporter: se...@gmail.com
$70,000
6/27/2026

Heap buffer overflow in BufferMtl shadow copy sync during bufferData leads to GPU process memory corruption in macOS

#489494022Reporter: je...@gmail.com
$77,000
6/24/2026

Wasm Liftoff stack corruption on eager compilation + JS interop prototype setup optimization

#489109716Reporter: se...@gmail.com
$50,000
6/17/2026

Arbitrary Memory Read/Write via WebGLBuffer Created During Context Loss Combined with PBO Operations

#485935305Reporter: je...@gmail.com
$90,000
6/11/2026

Use-after-free in CreateNewWindow via SINGLETON_TAB disposition leads to sandbox escape

#487338366Reporter: je...@gmail.com
$90,000
6/5/2026

Incorrect Maglev assumption leading to SIGSEGV

#486657483Reporter: er...@gmail.com
$55,000
6/4/2026
Showing 1-10 of 51 bugs