1193390 | gpu_raster_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init | - | 2022-05-26 |
1276002 | Security: fencedframe element bypass the security policy restrictions of the devtools preview limit | $3000 | 2022-05-26 |
1296120 | Security: ChromeOS root privilege escalation (arcvm_server_proxy, cups, arc-create-data) | $30000 | 2022-05-26 |
1227636 | Security: [SkPixmap] pdfium SEGV on getColor() | - | 2022-05-25 |
1280852 | Security: Stack-Buffer-Overflow in WebRtcPcm16b_Decode | $5000 | 2022-05-25 |
1292271 | Security: heap-use-after-free on ash/wm/desks/desks_controller.cc (chromeOS) | $7000 | 2022-05-25 |
1296407 | Heap-use-after-free in content::SavePackage::ContinueGetSaveInfo | - | 2022-05-25 |
1297269 | Security: Chrome Enterprise MSI installer Elevation of Privileges Vulnerability | $20000 | 2022-05-25 |
1297541 | Heap-use-after-free in cppgc::internal::BasicPersistent<blink::NGLayoutResult const, cppgc::internal::S | - | 2022-05-25 |
1297764 | Defense in depth: Remove TMP directory fallback for installer payload | - | 2022-05-25 |
1253281 | Security: UAF in SQLite renameTokenCheckAll | - | 2022-05-24 |
1281908 | Security: DeserializeFromMessage should validate the message header | - | 2022-05-24 |
1292333 | DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc | - | 2022-05-24 |
1295786 | uaf in blink::MediaInspectorContextImpl::CullPlayers(blink::WebString const&) | $5000 | 2022-05-24 |
1263825 | Heap-use-after-free in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse | - | 2022-05-23 |
1267318 | SameSite cookies leak via embedded browsing context | $500 | 2022-05-23 |
1291735 | Security: Sharesheet dialog doesn't show the origin elided from the right | $500 | 2022-05-23 |
1295699 | Residual UAF in token fetcher code | $1000 | 2022-05-23 |
1195549 | dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn_native::vulkan::Device::PrepareRecordingContext | - | 2022-05-21 |
1270117 | [iOS] CSP Bypass via Service Worker | $500 | 2022-05-21 |
1294723 | dawn_wire_server_and_frontend_fuzzer: Crash in tint::diag::Formatter::format | - | 2022-05-21 |
1296526 | Heap-use-after-free in history_clusters::OnDeviceClusteringBackend::ClusterVisitsOnBackgroundThread | - | 2022-05-21 |
1285885 | Security: [ANGLE] Vulkan : Out-of-bounds memory can be accessed using bound offsets | $7000 | 2022-05-20 |
1290150 | Security: redirect detection via Performance API | $1000 | 2022-05-20 |
1294097 | Security: Heap-use-after-free in NearbyShareAction::HandleKeyboardEvent | $7000 | 2022-05-20 |
1295087 | Bad-cast to blink::LayoutBlock from blink::LayoutImage in blink::LayoutBlock& blink::To<blink::LayoutBlock, blink::LayoutObject> | - | 2022-05-20 |
1296150 | Security: [0-day] Use-After-Free in UpdateAnimationTiming | - | 2022-05-20 |
1077756 | Security: sandbox doesn't prevent setgid("disk") in shill process tree | - | 2022-05-19 |
1290700 | uaf in BrowserSwitchHandler::OnLaunchFinished | $2000 | 2022-05-19 |
1295999 | renderer_proto_tree_fuzzer: Use-of-uninitialized-value in blink::NGLayoutResult::NGLayoutResult | - | 2022-05-19 |
1289394 | file_system_manager_mojolpm_fuzzer: Heap-use-after-free in storage::ObfuscatedFileUtil::GetDirectoryForStorageKey | - | 2022-05-18 |
1292537 | Crash in memfd:swiftshader_jit | - | 2022-05-18 |
1295221 | Security: Variant analysis of UAF in AccessiblePaneView | - | 2022-05-18 |
1264561 | Security: Chrome for Android Hide Entering Fullscreen Notification Toast using Multiple Toast from Failed to Copy | $2500 | 2022-05-16 |
1266631 | Cross-site information leak - CSP Violation reports contain blockedURI's hostname | $2000 | 2022-05-16 |
1288919 | tint_wgsl_reader_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run | - | 2022-05-15 |
1289116 | Heap-use-after-free in rx::vk::GarbageObject::destroy | - | 2022-05-15 |
1292829 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in tint::diag::Formatter::format | - | 2022-05-15 |
1293906 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-05-14 |
1142269 | Security: Chromium doesn't conform to SMS Verification APIs leading to potential Access to app protected components vulnerability | $1000 | 2022-05-13 |
1291482 | Chrome should ignore responses with http status code 1** | - | 2022-05-13 |
1270005 | Heap-buffer-overflow in flatbuffers::EscapeString | - | 2022-05-12 |
1283546 | Security: UAF in ProtocolHandlerThrottle using PlzDedicatedWorker | $20000 | 2022-05-12 |
1291109 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-05-12 |
1291471 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-05-12 |
1156237 | heap-use-after-free : __72+[NSRemoteViewMarshal _addFreeWindow:parameters:listenerEndpoint:reply:]_block_invoke | - | 2022-05-11 |
1246188 | Security: Compromised renderer can set custom cursor up to 1024px over browser UI and other windows | $2000 | 2022-05-11 |
1273397 | Security: Heap-buffer-overflow in tabgroup | $7000 | 2022-05-11 |
1279665 | Security DCHECK failed: IsA<Derived>(from) in ng_layout_input_node.cc:96 blink::NGLayoutInputNode::TableCellColspan | $5000 | 2022-05-11 |
1284293 | AddressSanitizer: heap-use-after-free in TryProcess ui/base/accelerators/accelerator_manager.cc:152:17 | $7000 | 2022-05-11 |
1285601 | Security: heap-use-after-use in DiscountURLLoader::NavigateToDiscountURL | $16000 | 2022-05-11 |
1286940 | Security: heap-use-after-free in ProfileImpl::IsSameOrParent | $7000 | 2022-05-11 |
1288020 | heap buffer overflow in sw::Blitter::fastResolve | $7000 | 2022-05-11 |
1289507 | dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::OwnedCompilationMessages::AddMessages | - | 2022-05-11 |
1291728 | Security: heap-use-after-free in base::ObserverList::RemoveObserver | $10000 | 2022-05-11 |
1293248 | css_parser_fast_paths_fuzzer: Use-of-uninitialized-value in bool blink::ParsePercentage<unsigned char> | - | 2022-05-11 |
1268448 | Fix unsafe use of lambdas in BaseRenderingContext2D | - | 2022-05-10 |
1269999 | Heap-use-after-free in xmlAddNextSibling | - | 2022-05-10 |
1287864 | Security: iOS Webkit can leak IndexedDB names | - | 2022-05-09 |
1290008 | UAF in printing | $15000 | 2022-05-09 |
1283402 | Heap-use-after-free in ChromePermissionsClient::OverrideCanonicalOrigin | $15000 | 2022-05-06 |
1289383 | Security: [ANGLE] Heap-buffer-overflow in ImageHelper::SubresourceUpdate::isUpdateToLayers | $10000 | 2022-05-06 |
1289846 | Security: CSS keylogger extension using PageStateMatcher and chrome.action.openPopup() | $5000 | 2022-05-06 |
1290107 | tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run | - | 2022-05-06 |
1035344 | API: parameterized overload of GetPropertyNames promises more flexibility than it actually supports | - | 2022-05-05 |
1280132 | Security DCHECK failed: IsA<Derived>(from) in ng_block_node.cc:1032 blink::NGBlockNode::FirstChild | $5000 | 2022-05-05 |
1280233 | Origin spoofing in WebUSB | $3000 | 2022-05-05 |
1285636 | gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sse3::store_NUMBER | - | 2022-05-05 |
1288251 | AddressSanitizer: heap-use-after-free asan-linux-release-960248 content::StoragePartitionImpl::GetLockManager() content/browser/storage_partition_impl.cc:1493 | $15000 | 2022-05-05 |
1288881 | gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in GrDirectContextPriv::validPMUPMConversionExists | - | 2022-05-05 |
1289678 | v8_wasm_compile_fuzzer: DCHECK failure in 3 == element_size_log2(kind) in liftoff-assembler-x64.h | - | 2022-05-05 |
1289715 | Security: heap-use-after-free in ExtensionFunction::Shutdown | $15000 | 2022-05-05 |
1290587 | DCHECK failure in !scope_info_.is_null() in scopes.cc | - | 2022-05-05 |
1250655 | #Summary SUMMARY: AddressSanitizer: heap-use-after-free in gpu::CommandBufferProxyImpl::OnDisconnect | $7000 | 2022-05-03 |
1269996 | Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned int, 4u> const> hb_array_t<OT::IntType<unsigned | - | 2022-05-03 |
1270333 | Security: Integer overflow in HandleTable::AddDispatchersFromTransit leading to memory corruption | - | 2022-05-03 |
1289378 | heap-use-after-free : media_router::CastActivityManager::TerminateSession | - | 2022-05-03 |
1289384 | Security: might be possible to UaF JavaScriptIsolatedWorldRequest | - | 2022-05-03 |
1289798 | Heap-use-after-free in blink::NGBoxFragmentBuilder::PropagateBreakInfo | - | 2022-05-03 |
1290079 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::SpillRegisterAtMerge | - | 2022-05-03 |
1242962 | Security: heap-buffer-overflow in SelectFileDialogImpl::OnSelectFileExecuted | $7000 | 2022-05-02 |
1270052 | Security: Chrome for Android Hide Entering Fullscreen Notification Toast with HTML Select Dropdown | $3000 | 2022-05-02 |
1270470 | Security: Scrolls are detectable cross-site upon using the Scroll to text fragment feature. | $2000 | 2022-05-02 |
1278322 | Security: heap-use-after-free in TemplateURLRef::ParseHostAndSearchTermKey | $7000 | 2022-05-02 |
1284916 | Security: UAF in DistilledPagePrefs::SetFontScaling | $20000 | 2022-05-02 |
1289523 | Security: heap-use-after-free in TemplateURLFetcher::RequestDelegate::OnTemplateURLParsed | $7000 | 2022-05-02 |
1289802 | Use-of-uninitialized-value in v8::internal::JSFunction::EnsureFeedbackVector | - | 2022-05-02 |
1286816 | WebUSB out-of-bound access to selected_alternates_ in usb_device if the device has non-sequential alternative interface number | - | 2022-04-29 |
1285759 | Security: double-free in content::RenderFrameHostImpl::ResetNavigationRequests | $5000 | 2022-04-28 |
1288130 | tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run | - | 2022-04-28 |
1288769 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-04-28 |
1057296 | COOP isn't inherited to Blob URL | - | 2022-04-27 |
1253155 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1266771 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1268369 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1268803 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1273811 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1276679 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1277921 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1281941 | Heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext | $1000 | 2022-04-27 |
1283018 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-04-27 |
1286110 | Security: heap-buffer-overflow swiftshader Image::copy 3D | - | 2022-04-27 |
1287364 | Page can use EyeDropper API to bypass mouse movement/keyboard input requirements for autofill (bypass of issue 1240472 fix) | $2000 | 2022-04-27 |
1287962 | Security: [ANGLE] Heap-buffer-overflow in TextureVk::prepareForGenerateMipmap | $12000 | 2022-04-27 |
1283434 | A GPU crash (or anything that causes loss of GPU support for Chrome) will create framebuffer ghosting with ImageBitmap | $1000 | 2022-04-26 |
1287843 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-04-26 |
1285622 | tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run | - | 2022-04-24 |
1281078 | Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl | $7000 | 2022-04-23 |
1282480 | Security: AddressSanitizer: heap-use-after-free on drag_drop_controller.cc (chromeOS and Lacros) | $2000 | 2022-04-23 |
1244205 | uaf in content::DesktopCaptureDevice::Core::AllocateAndStart | $10000 | 2022-04-22 |
1252716 | Security: heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar | $10000 | 2022-04-22 |
1260007 | Security: State tracking issue in RenderFrameHostImpl leading to UaF | - | 2022-04-22 |
1274445 | Security: v8 Debug check failed: target_inobject < GetInObjectProperties(). | $5000 | 2022-04-22 |
1278375 | Security: stack-buffer-overflow in views::ScrollView::OnMouseWheel(ui::MouseWheelEvent const&) in the browser process | $3000 | 2022-04-22 |
1280941 | pdf_jpx_fuzzer: Trap in pdfium::base::AlignedAlloc | - | 2022-04-22 |
1283609 | Security: UAF in OOBEUI | $7000 | 2022-04-22 |
1284584 | Security: UAF in safe_browsing::DownloadRequestMaker::Start | $20000 | 2022-04-22 |
1285116 | Security: heap-use-after-free in web_app::ShortcutInfoForExtensionAndProfile | $2000 | 2022-04-22 |
1286837 | Global-buffer-overflow in blink::CompositeOperatorName | - | 2022-04-22 |
1287342 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-04-22 |
1262902 | Security: Heap-use-after-free in AccessibilityUIMessageHandler::RequestWebContentsTree | $7000 | 2022-04-21 |
1274113 | Security: mojo race NodeName reuse to leak messages | - | 2022-04-21 |
1212957 | AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers | $8500 | 2022-04-20 |
1280743 | Security: JBIG2_Context.cpp arithmetic looks prone to overflow. | - | 2022-04-20 |
1283077 | Security: heap-buffer-overflow in webui tabstrip | - | 2022-04-20 |
1232866 | Security: Heap UAF in media_gpu!media::VideoProcessorProxy::VideoProcessorBlt | $7000 | 2022-04-19 |
1251065 | Chrome downgrades long-running requests from HTTPS to HTTP after 3 s. | $3000 | 2022-04-19 |
1275438 | Security: UAF in DateTimeChooserAndroid::ReplaceDateTime | $25000 | 2022-04-19 |
1281763 | Security: UAF in GoogleSearchDomainMixingMetricsEmitter | $10000 | 2022-04-19 |
1282118 | Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded | $10000 | 2022-04-19 |
1285596 | Crash in cppgc::internal::MemberBase::MemberBase | - | 2022-04-19 |
1285882 | Crash in blink::LayoutObject::RemoveChild | - | 2022-04-19 |
1273017 | Security: Inappropriate implementation in PushMessaging | $10000 | 2022-04-18 |
1282320 | Security: use-after-poison in blink::InspectorAccessibilityAgent::RefreshFrontendNodes | $500 | 2022-04-18 |
1283124 | AddressSanitizer: use-after-poison cc\layers\texture_layer.cc:169 in cc::TextureLayer::Update | $5000 | 2022-04-18 |
1285007 | DCHECK failure in reg.ToInt() < register_data_.size() in mid-tier-register-allocator.cc | - | 2022-04-18 |
1281859 | CrOS: Vulnerability reported in sys-libs/binutils-libs | - | 2022-04-17 |
1277917 | heap-use-after-free : mojo::DataPipeDrainer::WaitComplete | - | 2022-04-16 |
1283375 | UAF in PrintViewManagerBase | $15000 | 2022-04-16 |
1284138 | heap-use-after-free base/memory/scoped_refptr.h:261:43 in operator bool (chromeOS) | $7000 | 2022-04-16 |
1249964 | intent:// URIs can launch BROWSABLE non-exported activities in the sending app | - | 2022-04-15 |
1267748 | sqlite3_fts3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeExec | - | 2022-04-15 |
1270593 | Security: Chrome for Android Delay Navigate then requestFullScreen will Hide Omnibox | $7500 | 2022-04-15 |
1271896 | CrOS: Vulnerability reported in dev-libs/gmp | - | 2022-04-15 |
1275531 | CrOS: Vulnerability reported in net-wireless/bluez | - | 2022-04-15 |
1275622 | file_system_manager_mojolpm_fuzzer.exe: Heap-use-after-free in storage::ObfuscatedFileUtil::InitOriginDatabase | - | 2022-04-15 |
1277328 | Security: heap-use-after-free in ui::AXTree::NotifyNodeWillBeReparentedOrDeleted | $7000 | 2022-04-15 |
1279188 | Security: Elevation of Privileges in chrome installer when removing scoped directory during updates | $10000 | 2022-04-15 |
1279531 | heap-use-after-free in media_router::CastMediaSinkService::StartMdnsDiscovery | $7000 | 2022-04-15 |
1282651 | dawn_wire_server_and_vulkan_backend_fuzzer: Container-overflow in dawn_native::OwnedCompilationMessages::AddMessage | - | 2022-04-15 |
1282782 | Type Confuse Security DCHECK failed: !node || IsTextControl(*node) text_control_element.h(268) | $5000 | 2022-04-15 |
1283090 | heap-use-after-free : DefaultPrefStore::~DefaultPrefStore | - | 2022-04-15 |
1283371 | Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles | $15000 | 2022-04-15 |
1283805 | Heap-buffer-overflow in TableView::OnItemsRemoved | - | 2022-04-15 |
1283807 | Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds | - | 2022-04-15 |
1284367 | Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails | - | 2022-04-15 |
1284509 | tint_regex_hlsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run | - | 2022-04-15 |
1284742 | freetype_truetype_fuzzer: Heap-buffer-overflow in tt_face_vary_cvt | - | 2022-04-15 |
1285122 | v8_inspector_fuzzer: DCHECK failure in IsInvalid(c0_) || base::IsInRange(c0_, 0u, unibrow::Utf16::kMaxNonSurrogateCharC | - | 2022-04-15 |
1249626 | heap-use-after-free : void exo::wayland::DestroyUserData<exo::wayland::`anonymous namespace'::WaylandPointerStylusDelegate> | - | 2022-04-13 |
1250227 | SUMMARY: AddressSanitizer: heap-use-after-free web_view_impl.cc:1020 in blink::WebViewImpl::ClosePagePopup | $7500 | 2022-04-13 |
1254422 | Intent selectors allow intents from the web to bypass intent filter requirements | - | 2022-04-13 |
1282224 | v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register | - | 2022-04-13 |
1282645 | Container-overflow in content::RenderFrameHostImpl::OnBackForwardCacheDisablingFeatureRemoved | - | 2022-04-13 |
1283042 | v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register | - | 2022-04-13 |
1283681 | Security: UAF in heap-use-after-free inin DevToolsWindow::Show(browser process) | $3000 | 2022-04-13 |
1261713 | Security: Heap-use-after-free in feedback::FeedbackData::SendReport | $1000 | 2022-04-12 |
1279368 | AddressSanitizer: use-after-poison local_frame_view.cc:818 in blink::LocalFrameView::PerformLayout | - | 2022-04-12 |
1283255 | heap-use-after-free : DownloadItemView::DropdownButtonPressed | - | 2022-04-09 |
1283198 | Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail | - | 2022-04-07 |
1278960 | Security: Heap-use-after-free in autofill::EditAddressProfileView::WindowClosing | $7000 | 2022-04-05 |
1282272 | Google Chrome Browser Private key leaks on github | - | 2022-04-03 |
1274323 | Crash in SkArenaAllocWithReset::reset | $6000 | 2022-04-01 |
1268240 | Security: UaF in AccessibilityUIMessageHandler::Callback | $1000 | 2022-03-31 |
1275020 | SUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState<void (content::StorageNotificationService::*)(url::Origin), UnretainedWrapper<content::StorageNotificationService> | $20000 | 2022-03-31 |
1277327 | Security: heap-use-after-free ui::AXEventRecorder::OnEvent | $7000 | 2022-03-31 |
1280456 | Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop | $3000 | 2022-03-31 |
1281881 | Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase | $2000 | 2022-03-31 |
1276331 | Security: heap-buffer-overflow around blink::mojom::WidgetInputHandlerProxy::DispatchEvent | - | 2022-03-30 |
1281800 | UAF crash may happen on child_process_launcher_android.cc | - | 2022-03-30 |
1270358 | Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins | $17000 | 2022-03-29 |
1270498 | heap-buffer-underflow : ash::ScrollableShelfView::GetTargetScreenBoundsOfItemIcon | - | 2022-03-29 |
1278988 | Security DCHECK failed: IsA<Derived>(from) in blink::LayoutTableSection::AddCell layout_table_section.cc:277 | - | 2022-03-29 |
1264196 | heap-use-after-free : ash::ShelfID::IsNull | - | 2022-03-27 |
1271538 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::AllocateInput | - | 2022-03-27 |
1280822 | Use-after-poison in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers | - | 2022-03-27 |
1274316 | uaf in rx::vk::CommandBufferHelper::bufferWrite | $5000 | 2022-03-24 |
1278180 | Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId | $10000 | 2022-03-24 |
1209467 | CrOS: Vulnerability reported in net-fs/samba | - | 2022-03-23 |
1231037 | Security: invalid parsing of HTML by tree_builder_simulator leading to mutation XSS | $5000 | 2022-03-23 |
1261790 | CrOS: Vulnerability reported in sys-libs/ldb | - | 2022-03-23 |
1261791 | CrOS: Vulnerability reported in net-fs/samba | - | 2022-03-23 |
1249426 | heap buffer overflow in BookmarkManagerPrivateDropFunction::RunOnReady | $1000 | 2022-03-22 |
1261689 | Security: scrollTop of ListBox autofill preview discloses sensitive information | $4000 | 2022-03-22 |
1272967 | Security: UAF in P2PSocketTcpServer::DoAccept | $5000 | 2022-03-22 |
1276203 | heap-use-after-free : ash::DeskActivationAnimation::EndSwipeAnimation | - | 2022-03-22 |
1279147 | Heap-use-after-free in CPDF_AnnotContext::~CPDF_AnnotContext | - | 2022-03-22 |
1279151 | crash in v8 heap(--js-flags=--experimental-wasm-gc) | $5000 | 2022-03-22 |
1279383 | DCHECK failure in IsAligned(result, kAlignmentInBytes) in zone.cc | - | 2022-03-22 |
1238209 | container-overflow in blink::UserMediaProcessor::DetermineExistingAudioSessionId | $5000 | 2022-03-21 |
1132124 | Security: SODA is provided a privileged URLLoaderFactory | - | 2022-03-19 |
1272266 | Security: swiftshader heap-use-after-free in getOffsetPointer | $5000 | 2022-03-19 |
1242339 | CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc | - | 2022-03-18 |
1247389 | Security: Possible to see the user's system environment variables like secrets, tokens or keys | $10000 | 2022-03-18 |
1268903 | Security: Use of uninitialized on-stack pointer in storage::BlobBuilderFromStream | - | 2022-03-18 |
1276850 | UAF in AutofillPopupControllerImpl::HandleKeyPressEvent | $20000 | 2022-03-18 |
1278589 | Security: Certificate Viewer remotely expoitable with large DSA and RSA-PSS signatures on Linux/ChromeOS (before 98.0.4714.0) | - | 2022-03-18 |
1259557 | Security: mojo AddBrokerClient can be sent to non-broker nodes (node<->node mitm) | - | 2022-03-17 |
1276715 | Heap-use-after-free in content::TestRunnerBindings::InvokeV8Callback | - | 2022-03-17 |
1262080 | Security: heap-buffer-overflow swiftshader Image::copy | $5000 | 2022-03-16 |
1262676 | SUMMARY: AddressSanitizer: access-violation regexp-interpreter.cc:461 in v8::internal::`anonymous namespace'::RawMatch<unsigned char> | $5000 | 2022-03-16 |
1263457 | Security: Interface ID reuse leading to memory corruption in IPC::ChannelAssociatedGroupController | - | 2022-03-16 |
1273537 | heap-use-after-free : chromeos::AppDownloadingScreenHandler::Bind | - | 2022-03-16 |
1273661 | Security: webgl global-buffer-overflow in getIncompleteTexture | $5000 | 2022-03-16 |
1274248 | wayland_buffer_fuzzer: Crash in libwayland-server.so.0 | - | 2022-03-16 |
1276923 | Security: Debug Check failed in HAS_WEAK_HEAP_OBJECT_TAG | - | 2022-03-16 |
1272068 | Security: Wild read with renderbuffers | $5000 | 2022-03-13 |
1270095 | Security: Use after Free in content::AccessibilityEventRecorderWin::AccessibleObjectFromWindowWrapper | $1000 | 2022-03-12 |
1274376 | uaf in chrome_pdf::PdfViewPluginBase::LoadAccessibility | $5000 | 2022-03-12 |
1240472 | Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill | $3000 | 2022-03-11 |
1241585 | Security: Page can use space key input to cause autofill prompt to render under cursor, bypasses mouse movement/designated keyboard input requirements for autofill | $1000 | 2022-03-11 |
1270007 | Heap-buffer-overflow in int flatbuffers::ReadScalar<int> | - | 2022-03-11 |
1270658 | Security: use after free in swiftshader | $5000 | 2022-03-11 |
1274499 | Security: [ANGLE] D3D11 : Integer Underflow in ElementsInBuffer results in wild copy | $7500 | 2022-03-11 |
1275431 | code_cache_host_mojolpm_fuzzer: Segv on unknown address in content::GeneratedCodeCache::IssueNextOperation | - | 2022-03-11 |
1275559 | dcsctp_socket_fuzzer: Use-of-uninitialized-value in crc32c::ExtendSse42 | - | 2022-03-11 |
1275892 | Security: UAF in ScreenCaptureMachineAndroid::OnActivityResult | $15000 | 2022-03-11 |
1270014 | UNKNOWN READ in WelsDec::WelsMarkAsRef | - | 2022-03-10 |
1115460 | Security: Possible for extension to escape sandbox via Input.dispatchKeyEvent and devtools_page | $15000 | 2022-03-09 |
1201032 | Security: Use-After-Free in SelectFileDialog | $25000 | 2022-03-09 |
1252562 | heap-use-after-free : content::ViewsWidgetVideoCaptureDeviceMac::UIThreadDelegate::OnScopedCGWindowIDMouseMoved | - | 2022-03-09 |
1271747 | heap-use-after-free : safe_browsing::SafeBrowsingPrimaryAccountTokenFetcher::OnTokenFetched | - | 2022-03-09 |
1272250 | Security: CSS transform and backface-visibility: hidden allow to render over Chrome UI | $1000 | 2022-03-09 |
1273197 | heap-use-after-free window_dimmer.cc (chromeOS) | $7000 | 2022-03-09 |
1273395 | Container-overflow in blink::DisplayLockContext::DetachDescendantTopLayerElements | - | 2022-03-09 |
1273674 | uaf in local_card_migration_dialog_view | $7500 | 2022-03-09 |
1274061 | Security: UAF in BluetoothPrefStateObserver | - | 2022-03-09 |
1265806 | Security: webrtc: out-of-bounds write in audio channel processing | $8500 | 2022-03-08 |
1267426 | Deleting broker decoder in error callback path is risky | - | 2022-03-08 |
1270990 | Performance API is not consistent for preloaded requests which can be used to leak the size of cross-origin resources | $2000 | 2022-03-08 |
1271853 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-03-08 |
1272208 | Security: heap-use-after-free in the media::AudioManagerBase in the browser process | $15000 | 2022-03-08 |
1272403 | Security: HeapOverflow in PageLoadMetrics | $15000 | 2022-03-08 |
1273609 | heap-use-after-free video_recording_watcher.cc:673:7 | $10000 | 2022-03-08 |
1274641 | Security: UaF on DesksBarView::EndDragDesk in desks_bar_view.cc:663:5 | $7000 | 2022-03-08 |
1260939 | Security: TFC 2021 loader bug | $10000 | 2022-03-07 |
1263417 | Non-positive-vla-bound-value in blink::CanvasPath::roundRect | $1000 | 2022-03-07 |
1267496 | Security: webgl heap-buffer-overflow LoadCompressedToNative | $2000 | 2022-03-07 |
1274322 | Bad-cast to views::FootnoteContainerView from views::BubbleFrameView in views::BubbleFrameView::ViewHierarchyChanged | - | 2022-03-07 |
1274324 | Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewBase in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed | - | 2022-03-07 |
1274044 | Bad-cast to void *(unsigned long) in xmlAllocParserInputBuffer | - | 2022-03-06 |
1271835 | CHECK failure: marking_state_->IsBlackOrGrey(heap_object) | - | 2022-03-04 |
1273001 | Segv on unknown address in tint::writer::msl::Options::operator= | - | 2022-03-04 |
1273140 | Security: heap-use-after-free in DevToolsWindow::ActivateWindow | - | 2022-03-04 |
1273176 | Security: heap-use-after-free in DevToolsWindow::Show | - | 2022-03-04 |
1273593 | Crash in blink::NGInlineItemsBuilderTemplate<blink::EmptyOffsetMappingBuilder>::AppendTex | - | 2022-03-04 |
1273705 | CHECK failure: (location_) != nullptr in maybe-handles.h | - | 2022-03-04 |
1177652 | The destruction timing issue between RenderFrameHostImpl and DedicatedWorkerHost/DedicatedWorkerHostFactoryImpl | - | 2022-03-03 |
1239496 | Security: Pointer lock can be used to bypass mouse movement/keyboard input requirements for autofill | $3000 | 2022-03-03 |
1239760 | Security: Autofill prompt for a page can render over different origin, allows spoofing of autofill context origin | $5000 | 2022-03-03 |
1261415 | webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_encode_tiles_row_mt | - | 2022-03-03 |
1268400 | Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers() | $1000 | 2022-03-03 |
1267791 | [ozone/wayland]use-after-free in WaylandWindow | $10000 | 2022-03-03 |
1272269 | Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleViewDelegate::IsBubbleVisible | $7000 | 2022-03-03 |
1273344 | Null-dereference READ in rx::vk::QueryHelper::writeTimestamp | - | 2022-03-03 |
1272180 | webcodecs_image_decoder_fuzzer: Crash in mv_projection | - | 2022-03-02 |
1115847 | Security: SameSite policy bypassed with Service Worker FetchEvent | - | 2022-03-01 |
1266510 | Security: container-overflow in ExtensionsToolbarContainer::SetExtensionIconVisibility | $1000 | 2022-03-01 |
1271384 | Security: Debug check failed: receiver->IsJSReceiver() | - | 2022-03-01 |
1272181 | Bad-cast to content::ServiceVideoCaptureProvider::ServiceProcessObserver from invalid vptr in base::internal::UnretainedWrapper<content::ServiceVideoCaptureProvider::ServiceP | - | 2022-03-01 |
1113812 | Security: Linux Kernel shift-out-of-bounds in arch/x86/kvm/vmx/pmu_intel.c:365:45 | - | 2022-02-27 |
1117173 | Security: Possible for extension to escape sandbox via Input.synthesizeTapGesture | $10000 | 2022-02-27 |
1269151 | Security: Extension can automatically start Crostini on log-in | - | 2022-02-27 |
1271456 | Access violation with --turbo_inline_js_wasm_calls | - | 2022-02-27 |
1272076 | pdf_formcalc_context_fuzzer: DCHECK failure in marking_support_ != MarkingType::kAtomic in heap.cc | - | 2022-02-27 |
661852 | CSP form-action checks full URL on redirects | - | 2022-02-24 |
1027592 | Security: Chrome for ios crash when selecting long message with special characters | - | 2022-02-24 |
1245629 | heap-use-after-free in OnBrowserSetLastActive | $5000 | 2022-02-24 |
1255713 | Security: UI spoofing using a very long URL | $3000 | 2022-02-24 |
1259899 | heap-use-after-free : blink::RTCVideoEncoder::Impl::EncodeFrameFinished | - | 2022-02-24 |
1267661 | Security: heap-use-after-free in content::WebContentsObserver::web_contents | $15000 | 2022-02-24 |
1267811 | UAF on nearby_share_contact_downloader_impl.cc | $10000 | 2022-02-24 |
1268738 | V8 debug check failed: new_target->IsConstructor() | $5000 | 2022-02-24 |
1269344 | uaf in content::BroadcastChannelService::ConnectToChannel | $20000 | 2022-02-24 |
1270817 | CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc | - | 2022-02-24 |
1270826 | Crash in v8::internal::MarkCompactCollector::ProcessMarkingWorklist<0> | - | 2022-02-24 |
1230444 | Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS) | $1000 | 2022-02-22 |
1262525 | CrOS: Vulnerability reported in net-vpn/strongswan | - | 2022-02-22 |
1264705 | Crash in hsw::lowp::gather_NUMBER | - | 2022-02-22 |
1266688 | Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer | - | 2022-02-22 |
1269307 | Security: Use after free in WebApkIconHasher | $20000 | 2022-02-22 |
1270356 | DCHECK failure in !scope_info_.is_null() in scopes.h | - | 2022-02-22 |
1242424 | Security: History Cached Page of the Lens region search cause url spoof | $2000 | 2022-02-21 |
1267514 | DCHECK failure in !scope_info_.is_null() in scopes.h | - | 2022-02-21 |
1269225 | Security: Memory corruption in renderer process | - | 2022-02-19 |
1171997 | heap-use-after-free : UnloadController::ProcessPendingTabs | - | 2022-02-18 |
1265570 | DCHECK failure in shared_info->HasBytecodeArray() in js-objects.cc | - | 2022-02-18 |
1268682 | mediasource_MP4_AV1_pipeline_integration_fuzzer: Crash in dav1d_refmvs_load_tmvs | - | 2022-02-18 |
1268759 | Security: Use After Free AppServiceContextMenu::ExecuteCommand | $15000 | 2022-02-18 |
1248289 | Service worker can use web assembly without unsafe-eval. | - | 2022-02-17 |
1263741 | Security: libjxl has security bugs | - | 2022-02-17 |
1267627 | Security: Web Serial - Out of bound read in SerialPortUnderlyingSink::WriteData(). | $7500 | 2022-02-17 |
1269315 | DCHECK failure in old_code_pages->size() == new_code_pages->size() + 1 in isolate.cc | - | 2022-02-17 |
1011497 | Security: Remote debug can be used to access protected profile data (e.g. cookies) | - | 2022-02-16 |
1202970 | Security: Sanitizer API bypass | - | 2022-02-16 |
1240593 | Security: heap-use-after-free in blink::NativeIOFile::DoRead | - | 2022-02-16 |
1262953 | Improper restriction in password saving form, while navigation from one site to another site | - | 2022-02-16 |
1262183 | Security: heap-use-after-free in storage::BlobURLStoreImpl::Revoke | - | 2022-02-16 |
1264873 | Security: SOP bypass using drag and drop | - | 2022-02-16 |
1265197 | XSS from chrome-untrusted://new-tab-page URL parsing | $500 | 2022-02-16 |
1267276 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2022-02-16 |
1267624 | Security: Wild write in angle | $5000 | 2022-02-16 |
1268274 | Security: Storage Foundation read()/write() access DOMArrayBufferView off the heap's thread | - | 2022-02-16 |
1241188 | Security: "Origin" header incorrectly set for cross-site request via service worker | $3000 | 2022-02-15 |
1267027 | Security: webgl heap-use-after-free in BitSetT | $5000 | 2022-02-15 |
1267420 | CrOS: Vulnerability reported in net-libs/libmicrohttpd | - | 2022-02-15 |
1267424 | Security: webgl heap-buffer-overflow getDrawSubresourceSerial | $5000 | 2022-02-15 |
1241091 | Security: heap-use-after-free in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread | - | 2022-02-14 |
1254189 | Primitive type confusion in ia32 AssembleCodePhase | $7500 | 2022-02-14 |
1266293 | Security: heap-use-after-free in BluetoothSerialDeviceEnumerator::OnGotClassicAdapter | - | 2022-02-14 |
1266437 | Use after free in getSamplerTexture | $5000 | 2022-02-14 |
1267674 | v8_regexp_parser_fuzzer: DCHECK failure in index < length() / kUInt16Size in fixed-array-inl.h | - | 2022-02-14 |
1238631 | Security: Share dialog on Windows can render over address bar, window controls | - | 2022-02-12 |
1264584 | heap-use-after-free : location::nearby::chrome::SubmittableExecutor::RunTask | - | 2022-02-12 |
1264988 | Security: ASan reports wild reads in swiftshader | $5000 | 2022-02-12 |
1264703 | Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::~SharingHubBubbleController | $5000 | 2022-02-11 |
1259170 | Unsafe uses of uninitialized graphics memory | - | 2022-02-09 |
1264477 | Security: Site Isolation bypass via NavigationPreloadRequest | - | 2022-02-09 |
1264508 | v8_regexp_parser_fuzzer: DCHECK failure in r.to() < kMaxUInt16 in regexp-macro-assembler.cc | - | 2022-02-09 |
1168553 | Security: host root command execution | - | 2022-02-08 |
1260649 | Leaking size of cross-origin resources by using Range Requests, Service Workers, Fetch API, and the Cache API | $2000 | 2022-02-08 |
1260783 | Use after free in gl::VertexArray::setDependentDirtyBit | $5000 | 2022-02-08 |
1262791 | Security: Type confusion in UnderlyingSinkBase::start | $15000 | 2022-02-08 |
1264013 | Trap in Builtins_CheckTurbofanType | - | 2022-02-08 |
1264282 | Security: UAF in SharingHub | $5000 | 2022-02-08 |
1265275 | CHECK failure: function_literal_id < script->shared_function_info_count() in objects.cc | - | 2022-02-08 |
1237310 | Security: Autofill prompt can render over permission prompts after they have opened | $3000 | 2022-02-05 |
1248963 | CrOS: Vulnerability reported in app-editors/vim | - | 2022-02-05 |
1260858 | Heap-use-after-free in color input on switching screens (MacOS) | $10000 | 2022-02-05 |
1263620 | Google Chrome MediaStreamTrackGenerator use after free vulnerability (TALOS-2021-1398) | $7500 | 2022-02-05 |
1139417 | arc-setup: ArcMounterImpl::LoopMount() can be raced | - | 2022-02-03 |
1254113 | heap-use-after-free : crosapi::DriveIntegrationServiceAsh::~DriveIntegrationServiceAsh | - | 2022-02-03 |
1256822 | Sandbox escape: bypass allow-popups-to-escape-sandbox | $2500 | 2022-02-03 |
1259694 | Contact dialog can be shown over a cross-origin page which might confuse a user into leaking sensitive information to an attacker | $1000 | 2022-02-03 |
1262091 | Security: heap-use-after-free swiftshader getCurrentViewCount | $5000 | 2022-02-03 |
1262208 | Security: Write setgid_resetriction policy files | - | 2022-02-03 |
1248444 | Guessing the URL a cross-origin iframe was redirected to by listening to the load event | $5000 | 2022-02-02 |
1258932 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2022-02-02 |
1263462 | Security: JSON.stringify leaks TheHole value, leading to RCE | - | 2022-02-02 |
1263486 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2022-02-02 |
1263961 | Use-of-uninitialized-value in v8::internal::StackGuard::PopInterruptsScope | - | 2022-02-02 |
1264015 | CHECK failure: push_segment_ implies push_segment_->IsEmpty() | - | 2022-02-02 |
1248438 | uaf in FileManagerPrivateInternalComputeChecksumFunction::Run | $10000 | 2022-02-01 |
1258809 | Security: UaF in extension management policy parsing | - | 2022-02-01 |
1263327 | v8_regexp_parser_fuzzer: DCHECK failure in !ranges->is_empty() in regexp-compiler.cc | - | 2022-02-01 |
1260621 | Security: PDFium Use-After-Free in v8::internal::ArrayBufferExtension::Mark | $1000 | 2022-01-31 |
1251567 | Heap-buffer-overflow in rx::ProgramExecutableVk::updateBuffersDescriptorSet | - | 2022-01-30 |
1261542 | freetype_cff_ftengine_fuzzer: Use-of-uninitialized-value in ft_mem_free | - | 2022-01-28 |
1261728 | freetype_type1_render_fuzzer: Use-of-uninitialized-value in T1_Get_MM_Var | - | 2022-01-28 |
1261762 | freetype_type1_fuzzer: Use-of-uninitialized-value in T1_Set_MM_Design | - | 2022-01-28 |
1262112 | dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_native::AbslFormatConvert | - | 2022-01-28 |
1197889 | Security: Origin spoof in external protocol dialogs via server-side redirect to external protocol | $2000 | 2022-01-27 |
1261343 | freetype_colrv1_fuzzer: Use-of-uninitialized-value in ft_mem_free | - | 2022-01-27 |
1261450 | freetype_truetype_fuzzer: Use-of-uninitialized-value in FT_Get_Gasp | - | 2022-01-27 |
1227170 | Security: Another autocomplete preview text leak | $5000 | 2022-01-26 |
1242667 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2022-01-26 |
1248889 | CSP Violation reports contain blockedURI's hostname | $1000 | 2022-01-26 |
1253038 | Security: negative-size-param in image_editor::ScreenshotFlow::RemoveUIOverlay | $5000 | 2022-01-26 |
1253101 | Security: font side-channel attack against <input> and <textarea> autofill preview discloses sensitive information | - | 2022-01-26 |
1254746 | SUMMARY: AddressSanitizer: stack-use-after-scope renderer11_utils.cpp:2299 in rx::d3d11::SetDebugName | $5000 | 2022-01-26 |
1259022 | Security: UAF when sending tab to device in android | - | 2022-01-26 |
1260577 | Security: TianfuCup RCE bug Type confusion in LoadIC::ComputeHandler | - | 2022-01-26 |
1260606 | gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in vk::DescriptorSet::ParseDescriptors | - | 2022-01-26 |
1260690 | Segv on unknown address in sh::OutputSPIRVTraverser::visitConstantUnion | - | 2022-01-26 |
1260940 | Security: TFC WebTransport bug | - | 2022-01-26 |
1167028 | Security: WPA2-Enterprise/EAP Subject Matching Vulnerability | $3000 | 2022-01-24 |
1243279 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2022-01-24 |
1249962 | Security: In-the-wild using intents to redirect to other browsers | - | 2022-01-24 |
1251673 | Security: Continued AddEventListener GC problems | $5000 | 2022-01-24 |
1260189 | PotentiallyDanglingMarkup() lost when removing fragment identifier | - | 2022-01-24 |
1039885 | Dangling markup attack through background attribute allows data exfiltration | $1000 | 2022-01-22 |
1256885 | Security: Page.addCompilationCache devtools API could lead to arbitrary machine code execution | - | 2022-01-21 |
1259864 | Security: heap-use-after-free in ForceSigninVerifier::SendRequestIfNetworkAvailable | $10000 | 2022-01-21 |
1259587 | Security: UAP on creating WebAssembly memories on document reload | $7500 | 2022-01-20 |
1258398 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2022-01-19 |
1244289 | Security: SameSite Cookie Bypass via BackgroundFetch | $3000 | 2022-01-18 |
1257891 | heap-buffer-overflow in WebMediaPlayerMSCompositor::ReplaceCurrentFrameWithACopyInternal() | $7500 | 2022-01-18 |
1258603 | DCHECK failure in function->shared().HasFeedbackMetadata() in js-function.cc | - | 2022-01-18 |
1258663 | CHECK failure: !field_type.NowStable() || field_type.NowContains(value) | - | 2022-01-18 |
1258839 | freetype_type1_fuzzer: Heap-buffer-overflow in ps_parser_skip_spaces | - | 2022-01-18 |
1259045 | freetype_type1_ftengine_fuzzer: Use-of-uninitialized-value in t1_decoder_parse_metrics | - | 2022-01-18 |
1249491 | use after free in ash::sharesheet::SharesheetBubbleView::CloseBubble | $7500 | 2022-01-17 |
1255464 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2022-01-16 |
1251073 | Container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop | - | 2022-01-15 |
1258235 | Bad-cast to blink::HTMLSlotElement from blink::HTMLStyleElement in blink::HTMLDetailsElement::ManuallyAssignSlots | - | 2022-01-15 |
906200 | Security: XSS in chromium-cq-status.appspot.com | - | 2022-01-14 |
1255332 | UaF in PDF accessibility due to relayout | $5000 | 2022-01-14 |
1257254 | Use-after-poison in mojo::InterfaceEndpointClient::NotifyError | - | 2022-01-14 |
957553 | Security: Extension messages can indefinitely extend user activation expiry and repeatedly use of it | $3000 | 2022-01-13 |
1222498 | Sanitize CompositorFrame for shared element directives. | - | 2022-01-13 |
1253746 | Security: WebAudio oob read in AudioDelayDSPKernel::ProcessKRate | $2000 | 2022-01-13 |
1255314 | hb_subset_fuzzer: Crash in BEInt<unsigned short, 2>::operator unsigned short | - | 2022-01-13 |
1237730 | Security: v8 CHECK Failed IsStruct_NonInline in Torgue Struct-Tq-Inl | $5000 | 2022-01-12 |
1249810 | Security: Use After Free in DevToolsFileHelper::GetFileSystems | $10000 | 2022-01-12 |
1250904 | tint_regex_spv_writer_fuzzer: Crash in LLVMFuzzerCustomMutator | - | 2022-01-12 |
1254656 | hb_subset_fuzzer: Heap-buffer-overflow in bool OT::OffsetTo<OT::MathGlyphAssembly, OT::IntType<unsigned short, 2u>, true>: | - | 2022-01-12 |
1255152 | pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc | - | 2022-01-12 |
1255368 | DCHECK failure in first_const_pool_32_use_ == -1 in assembler-arm.cc | - | 2022-01-12 |
1256835 | hb_subset_fuzzer: Heap-buffer-overflow in OT::MathValueRecord* hb_serialize_context_t::embed<OT::MathValueRecord> | - | 2022-01-12 |
1236318 | AddressSanitizer: heap-buffer-overflow mojo::internal::Serializer<BigBufferDataView,BigBufferView>::Serialize | $7500 | 2022-01-10 |
1238309 | Security: Chrome incorrectly interprets newlines in HTTP headers in HTTP/3, allowing for some header splitting possibilities | - | 2022-01-10 |
1247260 | Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability (TALOS-2021-1372) | $7500 | 2022-01-10 |
1254704 | v8_regexp_parser_fuzzer: Use-of-uninitialized-value in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char> | - | 2022-01-10 |
1255354 | CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc | - | 2022-01-10 |
1255330 | Trap in Builtins_CheckNumberInRange | - | 2022-01-10 |
1252074 | Security: ChromeOS root command persistence | $15000 | 2022-01-08 |
1252878 | use after poison in blink::Element::DidMoveToNewDocument | $10000 | 2022-01-08 |
1254675 | CHECK failure: thrower->error() | - | 2022-01-08 |
1251664 | tint_ast_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError | - | 2022-01-07 |
1252858 | Security: mojo OnIntroduce doesn't validate peer node (node<->node mitm) | - | 2022-01-07 |
1254131 | Security: Crash when closing tab with sending tab to device dialog | - | 2022-01-07 |
1254631 | Security: Chrome 94 does not correctly set Integrity level of all processes to Untrusted | $3000 | 2022-01-07 |
1255123 | Crash in PreflightLoader::HandleResponseHeader on failed preflight | - | 2022-01-07 |
1252354 | Security: UAF in IdentityDialogController::ShowIdProviderWindow | $25000 | 2022-01-05 |
1251179 | Security: Fetch leaks information about cross-origin redirects | $1000 | 2022-01-05 |
1253399 | Security: pdfium heap buffer overflow in cfx_dibbase.cpp | $7500 | 2022-01-05 |
1253976 | DCHECK failure in \\' == current() in regexp-parser.cc | - | 2022-01-05 |
1254396 | Segv on unknown address in device::PlatformSensorFusion::Factory::SensorCreated | - | 2022-01-05 |
1241860 | SUMMARY: AddressSanitizer: heap-use-after-free Runtime.cpp:439 in v8_inspector::protocol::Runtime::Frontend::exceptionThrown | $5000 | 2022-01-04 |
1252148 | Security: Arbitrary bind mount | - | 2022-01-04 |
1252620 | Heap-use-after-free in v8::internal::TurboAssemblerBase::set_root_array_available | - | 2022-01-03 |
1253041 | DCHECK failure in header->IsMarked() in pointer-policies.cc | - | 2022-01-02 |
1245578 | Security: heap-use-after-free in PPAPIDownloadRequest::AllowlistCheckComplete | $20000 | 2022-01-01 |
1252634 | pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc | - | 2022-01-01 |
1252729 | tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint_all_transforms_fuzzer.cc | - | 2022-01-01 |
1252795 | tint_vertex_pulling_fuzzer: Use-of-uninitialized-value in tint::fuzzers::DataBuilder::string | - | 2022-01-01 |
1252942 | tint_wgsl_reader_msl_writer_fuzzer: Use-of-uninitialized-value in tint::writer::msl::Sanitize | - | 2022-01-01 |
1040837 | Security: open an evil exe file via a "shortcut" in chrome://downloads/ | $500 | 2021-12-31 |
1233375 | Referrer Spoof using <base href> and <style> | $500 | 2021-12-30 |
1248567 | SEGV in vk::Image::clear() | $5000 | 2021-12-30 |
1252351 | tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::RandomGenerator::CalculateSeed | - | 2021-12-30 |
1233566 | Cryptohome ephemeral mounts lack nosymfollow | - | 2021-12-29 |
1251787 | Security: ASLR bypass via memory_instrumentation.mojom.Coordinator | - | 2021-12-29 |
1251727 | Security: heap-use-after-free in content::RenderFrameHostImpl::delegate | - | 2021-12-29 |
1108714 | Security: WPA2-Enterprise/EAP WiFi Connection UI Discrepancy | $3000 | 2021-12-28 |
1195566 | crash in ModalCloseWatcher::Close | - | 2021-12-28 |
1240921 | Symlink traversal in network driver modprobe script | $20000 | 2021-12-28 |
1250660 | Potential race condition during concurrent JIT compilation | - | 2021-12-28 |
1250730 | h264_bitstream_parser_fuzzer: Crash in webrtc::BitstreamReader::ReadExponentialGolomb | - | 2021-12-28 |
1250775 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-12-28 |
1251010 | vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::LibvpxVp9Encoder::SetSvcRates | - | 2021-12-28 |
1248435 | SUMMARY: AddressSanitizer: use-after-poison event_listener_map.cc:144 in blink::EventListenerMap::Add | $7500 | 2021-12-27 |
1152952 | Security: Cast tab can appear after navigation to a different origin | $1000 | 2021-12-25 |
1085762 | Security: Improper Theme name sanitization in theme manager. | $500 | 2021-12-24 |
1182188 | Chromium: Vulnerability reported in third_party/xstream | - | 2021-12-24 |
1206928 | use-after-poison network_state_notifier.cc:314 in blink::NetworkStateNotifier::NotifyObserversOnTaskRunner | $5000 | 2021-12-24 |
1245607 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2021-12-24 |
1248665 | Null-dereference READ in ubsan_GetStackTrace | - | 2021-12-24 |
1249602 | tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-12-24 |
1244348 | Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers | $15000 | 2021-12-23 |
1246728 | dawn_wire_server_and_vulkan_backend_fuzzer.exe: Heap-use-after-free in tint::transform::DataMap::Add<tint::transform::SingleEntryPoint::Config,const | - | 2021-12-23 |
1248661 | Security: heap-use-after-free in app_controller_mac.mm | $10000 | 2021-12-23 |
1094945 | Security: Speculative type confusion - [1/3 - eBPF] | $10000 | 2021-12-22 |
1182687 | Executable libraries could be loaded from noexec partitions | - | 2021-12-22 |
1241643 | Crash in memfd:swiftshader_jit | - | 2021-12-22 |
1246631 | SUMMARY: AddressSanitizer: heap-buffer-overflow SkPixmap.cpp:321 in SkPixmap::getColor | $20000 | 2021-12-22 |
1246692 | skia_image_filter_deserialize_fuzzer: Illegal-instruction in SkSL::DSLParser::swizzle | - | 2021-12-22 |
1193196 | CrOS: Vulnerability reported in dev-libs/glib | - | 2021-12-21 |
1218099 | Yoga commit may be a security fix | - | 2021-12-21 |
1238944 | Android Chrome & Chromium Browsers Address Bar Spoofing | $3000 | 2021-12-21 |
1242392 | heap buffer overflow iin FingerprintHandler::HandleGetEnrollmentLabel | $10000 | 2021-12-21 |
1247395 | Security: WebView's CookieManager APIs fix up URLs incorrectly, potentially allowing cookie theft | - | 2021-12-21 |
1248768 | Heap-use-after-free in blink::ElementRuleCollector::CollectMatchingRules | - | 2021-12-21 |
456994 | Extension Debugger API restrictions are trivially circumvented | - | 2021-12-20 |
1246394 | Security: heap-use-after-free C:\b\s\w\ir\cache\builder\src\chrome\browser\ui\views\media_router\web_contents_display_observer_view.cc:56:22 in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive(class Browser *) | $15000 | 2021-12-20 |
1248514 | Heap buffer overflow in PasswordSpecFetcher | - | 2021-12-20 |
1248030 | Security: Use After Free in FileSystemAccessManagerImpl | $15000 | 2021-12-19 |
1141803 | Heap-use-after-free in content::RenderFrameImpl::GetLocalRootRenderWidget | - | 2021-12-17 |
1234050 | Nearby Share UI incorrectly appears in non-ChromeOS browsers: causes UAF | $15000 | 2021-12-17 |
1241123 | Security: [ANGLE] Stack buffer overwrite in rx::StateManager11::syncVertexBuffersAndInputLayout | $7500 | 2021-12-16 |
1242257 | Heap-use-after-free in ui::SendDamagedRectsRecursive | $16000 | 2021-12-16 |
1245879 | Security: Incomplete fix for CVE-2021-30577 | $10000 | 2021-12-16 |
1246163 | tint_first_index_offset_fuzzer: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-12-16 |
1246301 | angle_translator_fuzzer: Use-of-uninitialized-value in sh::StructNameString | - | 2021-12-16 |
1246612 | Use-after-poison in base::internal::WeakReferenceOwner::Invalidate | - | 2021-12-16 |
1246652 | Bad-cast to SkSL::dsl::DSLGlobalVar from invalid vptr in SkTArray<SkSL::dsl::DSLGlobalVar, false>::checkRealloc | - | 2021-12-16 |
1246705 | Crash in cppgc::internal::ConcurrentMarkingTask::Run | - | 2021-12-16 |
1246780 | SUMMARY: AddressSanitizer: use-after-poison timer.cc:217 in base::internal::TimerBase::OnScheduledTaskInvoked | $7500 | 2021-12-16 |
1246919 | Use-after-poison in blink::LayoutGrid::LayoutPositionedObjects | - | 2021-12-16 |
1247182 | rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::ParseCompoundPacket | - | 2021-12-16 |
1247686 | Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc | - | 2021-12-16 |
1240952 | Security: [Chrome OS Readiness Tool] Public tracking bug: Service installer assigns wrong permissions to DCOM objects | - | 2021-12-14 |
1243318 | M94 Merge Request for crbug.com/dawn/1065 | - | 2021-12-14 |
1244568 | Security: Cross-Origin information leak or delete in ContentIndex | $5000 | 2021-12-14 |
1246748 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize | - | 2021-12-14 |
1245881 | AddressSanitizer: use-after-poison execution_context_lifecycle_observer.cc:40 in blink::ExecutionContextLifecycleObserver::GetExecutionContext | $5000 | 2021-12-13 |
1246606 | Security DCHECK failure: i < length() in string_view.h | - | 2021-12-13 |
1246619 | Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc | - | 2021-12-13 |
1244408 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in sw::PixelRoutine::PixelRoutine | - | 2021-12-11 |
1245141 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit | - | 2021-12-11 |
1245605 | Chromium: Vulnerability reported in third_party/xstream | - | 2021-12-11 |
1245786 | Security: Security DCHECK failure at blink::LayoutInline | $5000 | 2021-12-11 |
1246412 | code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace | - | 2021-12-11 |
1240538 | BluetoothRemoteGattCharacteristicTestWinrtOnly.StartNotifySessionDisconnectOnError failing on builder "win-asan" | - | 2021-12-10 |
1240884 | Security: UAF in EditAddressProfileView::WindowClosing | $17000 | 2021-12-10 |
1241036 | Chrome ANGLE Out-of-Bound in texStorage3D | $7500 | 2021-12-10 |
1243117 | Security: UAF in AvailableOfflineContentProvider | $15000 | 2021-12-10 |
1243622 | Security: Cross-Origin information leak in GetDeveloperIdsTask | $2000 | 2021-12-10 |
1243535 | Security: AddressSanitizer: heap-use-after-free on address 0x11de0a00f100 SkPathEffectBase::asPoints and AddressSanitizer: heap-use-after-free on address 0x119b5ac92cd8 base::circular_deque | - | 2021-12-10 |
1244490 | [sparkplug]Security: jit code memory corruption after use the generated baseline code to optimiztion the machine code | - | 2021-12-10 |
1245053 | Security: Cross-Origin Response Size Leak Via BackgroundFetch | $3000 | 2021-12-10 |
1245870 | DCHECK failure in (class_variable_) == nullptr in scopes.cc | - | 2021-12-10 |
1245907 | Heap-use-after-free in chromeos::LoginApiDataForNextLoginAttemptPrefCleaner::~LoginApiDataForNextLoginA | - | 2021-12-10 |
1246158 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize | - | 2021-12-10 |
1234284 | Use-after-Free in AudioDebugRecordingsHandler::StartAudioDebugRecordings | $20000 | 2021-12-09 |
1242404 | oob in function StartupPagesHandler::HandleEditStartupPage | $6000 | 2021-12-09 |
1242742 | Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl | $10000 | 2021-12-09 |
1243646 | Security: container-overflow in RecordEngagementMetric | $20000 | 2021-12-09 |
1245046 | tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-12-09 |
1246065 | DCHECK failure in storage_.is_populated_ in optional.h | - | 2021-12-09 |
1214199 | Security: Heap-use-after-free in BackgroundFetchDelegateBase::CancelDownload | $10000 | 2021-12-08 |
1232279 | Security: Security: Clickjacking RCE of Chrome headless with Remote Debugging | $3000 | 2021-12-08 |
1233942 | Use-after-Free on AudioDebugRecordingsHandler::StopAudioDebugRecordings | $20000 | 2021-12-08 |
1239516 | use after free in sharing_hub::ScreenshotCapturedBubbleController::Capture | $10000 | 2021-12-08 |
1239709 | Security: Insufficient CORS Check Leads to Cross-Origin Size Leak via BackgroundFetch API | $3000 | 2021-12-08 |
1243733 | virgl_venus_fuzzer: Use-of-uninitialized-value in vn_decode_VkFormatProperties2_pnext_partial_temp | - | 2021-12-08 |
1243989 | Use-after-poison in v8::internal::Scope::AllocateVariablesRecursively | - | 2021-12-08 |
1244254 | Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvInRegister_NoBuiltinExit | - | 2021-12-08 |
1244435 | DCHECK failure in header->IsMarked() in pointer-policies.cc | - | 2021-12-08 |
1245003 | CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc | - | 2021-12-08 |
1245079 | CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add | - | 2021-12-08 |
1245145 | CHECK failure: map_object.IsMap() in mark-compact-inl.h | - | 2021-12-08 |
1245357 | CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc | - | 2021-12-08 |
1245405 | CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add | - | 2021-12-08 |
1242269 | Security: Blink - Use After Free of DawnCallback. | $7500 | 2021-12-04 |
1243562 | WebGPU mapped buffer range ArrayBuffers can be transferred | - | 2021-12-04 |
1243920 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-12-04 |
1244134 | tint_spirv_tools_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-12-04 |
1203612 | Chrome OS cannot handle multiple/wildcard server names for "SubjectMatch" in .onc profiles, opening doors to impersonation attacks and credential thefts | $3000 | 2021-12-03 |
1233932 | CrOS: Vulnerability reported in app-arch/libarchive | - | 2021-12-03 |
1242315 | Security: Manifest.json can display overlay on non-origin tabs | $1000 | 2021-12-03 |
1242841 | Security: UAF in WebAppIdentityUpdate | $7000 | 2021-12-03 |
1242865 | tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor | - | 2021-12-03 |
1243944 | tint_renamer_fuzzer: Stack-use-after-return in tint::sem::Pointer::Pointer | - | 2021-12-03 |
1072444 | Security: cryptohomed file system interactions with less-privileged chronos user at /home/chronos/u-<hash> | - | 2021-12-02 |
1100761 | Security: Possible to download files from sandboxed frames | $3000 | 2021-12-02 |
1239910 | Security: Web GPU - Out of bound object manupilation in WebGPUImplementation::OnGpuControlReturnData() | $7500 | 2021-12-02 |
1242862 | Heap-use-after-free in base::UnguessableToken const& base::internal::FunctorTraits<base::UnguessableTok | - | 2021-12-02 |
1203399 | gpu_swangle_passthrough_fuzzer: Crash in gpu::gles2::GLES2DecoderPassthroughImpl::DoBindTexture | - | 2021-12-01 |
1228248 | Feedback WebUIDialog does not observe Profile lifetime | $5000 | 2021-12-01 |
1234544 | Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper | - | 2021-12-01 |
1238108 | Heap-use-after-free in content::WebAXObjectProxy::ActiveDescendant | - | 2021-12-01 |
1241193 | tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-12-01 |
1242650 | Heap-use-after-free in content::MediaStreamDispatcherHost::OnWebContentsFocused | - | 2021-12-01 |
1233067 | Security: Overlong iframe CSP attribute allows you to send near-arbitrary length headers to a server and induce server errors | $2000 | 2021-11-30 |
1237533 | TALOS-2021-1352: Google Chrome Blink setBaseAndExtent use after free vulnerability | $7500 | 2021-11-30 |
1238158 | heap-use-after-free : ChromeAppDelegate::OnHide | - | 2021-11-30 |
1238178 | heap-use-after-free : WebUIAllowlist::GetRuleIterator | - | 2021-11-30 |
1241024 | uaf in sharing_hub::ScreenshotCapturedBubble::DownloadButtonPressed | - | 2021-11-30 |
1241606 | M94 Merge Request for crbug.com/dawn/837 | - | 2021-11-30 |
1241912 | media_h265_decoder_fuzzer: Heap-buffer-overflow in media::H265Decoder::CalcRefPicPocs | - | 2021-11-30 |
1241687 | crash in qrcode_generator::QRCodeGeneratorBubbleController::UpdateIcon | - | 2021-11-30 |
1241913 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!(!concurrent_search) || (array->IsS | - | 2021-11-30 |
1242666 | CrOS: Vulnerability reported in dev-libs/nettle | - | 2021-11-30 |
1242669 | CrOS: Vulnerability reported in net-misc/curl | - | 2021-11-30 |
1202613 | Security: Stack overflow in nested message loops | - | 2021-11-29 |
1242319 | Security: CVE-2021-3560 local privilege escalation through polkit | - | 2021-11-29 |
1239895 | Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc | - | 2021-11-28 |
1239057 | Security: UaF in TabStripModel::MoveWebContentsAtImpl | $10000 | 2021-11-26 |
1239472 | Security: UAF in dav1d_get_bits function | $5000 | 2021-11-26 |
1240033 | Heap-use-after-free in ash::AppDragIconProxy::GetBoundsInScreen | - | 2021-11-26 |
1241192 | vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::ReadBits | - | 2021-11-26 |
1241297 | vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::PeekBits | - | 2021-11-26 |
1221913 | cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send | - | 2021-11-25 |
1232095 | CHECK failure: args[0].IsJSPromise() | - | 2021-11-25 |
1232658 | Security: ChromeOS root privilege escalation (pita, vm_concierge, arc-setup, DBus) | $30000 | 2021-11-25 |
1232875 | CHECK failure: static_cast<uintptr_t>(caller_frame_top_) > stack_guard->real_jslimit() in deopt | - | 2021-11-25 |
1233570 | Risky mkdirs and chowns in vm_tools init | - | 2021-11-25 |
1234701 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in memfd:swiftshader_jit | - | 2021-11-25 |
1235949 | Security: heap-use-after-free in ~PermissionRequestChip | $10000 | 2021-11-25 |
1236209 | cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send | - | 2021-11-25 |
1240670 | v8_wasm_compile_fuzzer: Crash in v8::internal::WasmArray::GcSafeSizeFor | - | 2021-11-25 |
1213238 | heap-use-after-free : media_router::MediaRouterAndroidBridge::DetachRoute | - | 2021-11-24 |
1234491 | Security: ChromeOS root privilege escalation (cups, crash-reporter, ghostscript, Upstart) | $30000 | 2021-11-24 |
1234882 | Security: cupsd.conf Upstart root file write target | - | 2021-11-24 |
1239595 | use after free in DiceTurnSyncOnHelperDelegateImpl::ShowEnterpriseAccountConfirmation( | $5000 | 2021-11-24 |
1240714 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName_NonInline(*this)) in name-tq- | - | 2021-11-24 |
1235165 | Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView | - | 2021-11-23 |
1235316 | use after free in blink::FrameLoader::DetachDocument | $7500 | 2021-11-23 |
1240548 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice | - | 2021-11-23 |
1239522 | DCHECK failure in native_module == current_native_module_ in code-space-access.cc | - | 2021-11-22 |
1239820 | DCHECK failure in !header->IsFree() in pointer-policies.cc | - | 2021-11-22 |
1238406 | cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send | - | 2021-11-20 |
1238466 | hb_subset_fuzzer: Crash in OT::CPALV1Tail::serialize | - | 2021-11-20 |
1239116 | v8_wasm_code_fuzzer: Crash in v8::internal::Simulator::LoadStoreHelper | - | 2021-11-20 |
1237069 | Heap-use-after-free in ui::AXNode::GetUnignoredParent | - | 2021-11-18 |
1238469 | hb_subset_fuzzer: Use-of-uninitialized-value in TrySubset | - | 2021-11-18 |
1238731 | paint_op_buffer_fuzzer: Heap-use-after-free in SkCanvas::internalRestore | - | 2021-11-18 |
1232914 | Security: Heap-use-after-free in AutofillManager::OnLoadedServerPredictions | $1000 | 2021-11-17 |
1234878 | Security: Arbitrary code execution in ghostscript | - | 2021-11-17 |
1234880 | Security: crash-reporter dirty root write | - | 2021-11-17 |
1238268 | Security: heap-use-after-free in in download::NetworkStatusListenerImpl::OnNetworkStatusReady | $20000 | 2021-11-17 |
1083337 | URL spoofing on iOS by repeatedly navigating a new window | $500 | 2021-11-16 |
1221914 | cras_rclient_message_fuzzer: Use-of-uninitialized-value in volume_gain | - | 2021-11-16 |
1230767 | Google Chrome WebRTC addIceCandidate use after free vulnerability (TALOS-2021-1348) | $22000 | 2021-11-16 |
1232628 | uaf in display::DisplayList::GetCurrentDisplay (chromeos version) | $15000 | 2021-11-16 |
1234259 | Security: a READ memory access in jsimd_huff_encode_one_block_sse2 | $5000 | 2021-11-16 |
1234829 | Security: [ANGLE] Heap use-after-free in TextureD3D::releaseTexStorage | $9500 | 2021-11-16 |
1236701 | Security: UAF in Screens::UpdateScreenInfos due to iterator invalidation | $7500 | 2021-11-16 |
1236958 | v8_wasm_compile_fuzzer: DCHECK failure in node->InputAt(1) == loop_header in loop-analysis.cc | - | 2021-11-16 |
1209469 | Security: OOB write after creating pinned tab that's also in a group | $10000 | 2021-11-15 |
1209616 | Security: OOB read when window is closed while a link is being dragged over the tab strip | $5000 | 2021-11-15 |
1223388 | hb_subset_fuzzer: Heap-buffer-overflow in OT::CPALV1Tail::serialize | - | 2021-11-15 |
1230932 | libaom_av1_dec_fuzzer: Use-of-uninitialized-value in aom_lowbd_blend_a64_d16_mask_c | - | 2021-11-15 |
1231650 | tint_spv_reader_wgsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-11-15 |
1232808 | libaom_av1_dec_fuzzer: Use-of-uninitialized-value in av1_dist_wtd_convolve_2d_copy_c | - | 2021-11-15 |
1236809 | Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent | - | 2021-11-15 |
1237387 | CHECK failure: Ref construction failed in heap-refs.cc | - | 2021-11-15 |
999110 | CrOS: Vulnerability reported in net-wireless/hostapd | - | 2021-11-12 |
1199865 | Security: spook.js attacks on site vs origin isolation; extensions | $3000 | 2021-11-12 |
1221068 | heap-use-after-free : content::NativeIOManager::OnDeleteOriginDataCompleted | - | 2021-11-12 |
1228557 | Security: UaF in TabGroupEditorBubbleView::UpdateGroup() | $10000 | 2021-11-12 |
1233564 | Security: Data race in HRTFDatabaseLoader::WaitForLoaderThreadCompletion | - | 2021-11-12 |
1233585 | vm_concierge init allows bind mounting over symlinks | - | 2021-11-12 |
1235222 | Security: Autofill prompt can render over browser UI (bypasses of recent reports) | $3000 | 2021-11-12 |
1236563 | CHECK failure: Ref construction failed | - | 2021-11-12 |
1236614 | DCHECK failure in FLAG_flush_baseline_code || FLAG_flush_bytecode in heap-inl.h | - | 2021-11-12 |
1236694 | Security: BigInt ToStringFormatter Crash | $5000 | 2021-11-12 |
1237073 | CHECK failure: Ref construction failed in heap-refs.cc | - | 2021-11-12 |
1004112 | CVE-2019-16234 CrOS: Vulnerability reported in Linux kernel | - | 2021-11-09 |
1209622 | AddressSanitizer: heap-use-after-free scoped_blocking_call_internal.cc:208 in base::internal::IOJankMonitoringWindow::OnBlockingCallCompleted | $15000 | 2021-11-09 |
1234764 | v8/Turbofan: Invalid rotate-right optimization + Typer hardening bypass | $21000 | 2021-11-09 |
1234770 | v8/Turbofan: Wrong optimization of bitfield checks | $21000 | 2021-11-09 |
1231933 | Security: UAF in perfromance_manager's site_data_impl.cc | $10000 | 2021-11-08 |
1234009 | Use-after-Free in FileSystemChooseEntryFunction::FilesSelected | $20000 | 2021-11-08 |
1234321 | Security: blink_platform!blink::CreateImageFromVideoFrame checkfailed | - | 2021-11-08 |
1235072 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice | - | 2021-11-08 |
1232617 | use after free in IsIndeterminate (chromeos version) | $15000 | 2021-11-07 |
1234676 | Stack-use-after-return in blink::StyleVariables::GetValue | - | 2021-11-07 |
1231877 | tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor | - | 2021-11-05 |
1233975 | Use-after-Free on HandleOnPerformDrop | $20000 | 2021-11-05 |
1022790 | Security: SameSite=Lax cookie sent with cross-origin request inside iframe | $1000 | 2021-11-04 |
1217396 | trunks_tpm_pinweaver_fuzzer: Global-buffer-overflow in google::protobuf::internal::EpsCopyInputStream::ReadString | - | 2021-11-04 |
1230128 | tint_inspector_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-11-04 |
1231134 | UAF in PrintViewManager | $20000 | 2021-11-04 |
1233354 | Heap-buffer-overflow in CJS_Field::setFocus | - | 2021-11-04 |
1233430 | Type confusion in blink::StyleBuilderConverterBase::ConvertFontSize Security DCHECK failed: IsA<Derived>(from). | $5000 | 2021-11-04 |
1233572 | dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Server from invalid vptr in dawn_wire::server::Server::InjectDevice | - | 2021-11-04 |
1233707 | sqlite3_select_printf_lpm_fuzzer: Use-of-uninitialized-value in fixDistinctOpenEph | - | 2021-11-04 |
1234206 | CHECK failure: !map.is_dictionary_map() implies map.is_stable() | - | 2021-11-04 |
1234357 | dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Serverdawn_wire::server::Server::InjectDevice in dawn_native::LoggingCallbackTask::HandleShutDown | - | 2021-11-04 |
1190550 | Security: UAF in InputHandler::InputInjector::InjectKeyboardEvent | $10000 | 2021-11-02 |
1216898 | Security: heap-buffer-overflow in TabStripModel::IsTabBlocked | - | 2021-11-02 |
1219354 | URL spoofing using tel: | $1000 | 2021-11-02 |
1222120 | Heap-use-after-free in ash::DesksBarView::FinalizeDragDesk | - | 2021-11-02 |
1224238 | use after free content::FontAccessManagerImpl::DidChooseLocalFonts | $20000 | 2021-11-02 |
1224753 | Security: SkAbort_FileLine Assert Failed | - | 2021-11-02 |
1228036 | CHECK failure: addr + size <= chunk_->area_end() | - | 2021-11-02 |
1231369 | tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::ExtractBindingRemapperInputs | - | 2021-11-02 |
1231503 | tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::Reader::string | - | 2021-11-02 |
1231950 | v8_wasm_async_fuzzer: Crash in v8::internal::LogicVRegister::ReadUintFromMem | - | 2021-11-02 |
1232733 | DCHECK failure in chars[i] != bigint::kStringZapValue in bigint.cc | - | 2021-11-02 |
1233397 | Security: Out of bounds memory access in BigInt | $15000 | 2021-11-02 |
1251541 | Security: Universal Cross-Site Scripting (UXSS) - completing previously searched text in NTP | $1000 | 2021-11-01 |
663512 | Redirects should be handled by CSP form-action in a spec-compliant way | - | 2021-10-30 |
823241 | Referrer Policy bypass with javascript URL | $1000 | 2021-10-30 |
923648 | CrOS: Vulnerability reported in sys-apps/busybox | - | 2021-10-30 |
1101897 | Security: Possible to escape sandbox via devtools_page (alternative method) | $5000 | 2021-10-30 |
1215711 | v8_inspector_fuzzer: Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit | - | 2021-10-29 |
1223390 | dawn_wire_server_and_d3d12_backend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::InjectDevice::<lambda_1>::__invoke | - | 2021-10-29 |
1223603 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice | - | 2021-10-29 |
1227777 | Security: HeapOverflow in RecentlyUsedFoldersComboModel | $20000 | 2021-10-29 |
1227933 | Heap-use-after-free in blink::NGOutOfFlowLayoutPart::SaveStaticPositionOnPaintLayer | - | 2021-10-29 |
1228134 | dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return | - | 2021-10-29 |
1228672 | CrOS: Vulnerability reported in dev-libs/libxml2 | - | 2021-10-29 |
1229298 | Security: Chrome: UAF in BindFileUtilitiesHost | $20000 | 2021-10-29 |
1229516 | Security: WebShare from ephemeral tab triggers browser crash | - | 2021-10-29 |
1229625 | TaskManager fails to keep Profile alive leading to UAF in CreateNativeWidget | $1000 | 2021-10-29 |
1230369 | webcodecs_audio_encoder_fuzzer: Use-of-uninitialized-value in media::AudioOpusEncoder::OnFifoOutput | - | 2021-10-29 |
1230409 | webcodecs_image_decoder_fuzzer: Heap-buffer-overflow in media::DownShiftHighbitVideoFrame | - | 2021-10-29 |
1230431 | DCHECK failure in IsNumber() in objects-inl.h | - | 2021-10-29 |
1230530 | Security: heap-use-after-free in the PaymentCredential in the browser process | $20000 | 2021-10-29 |
1230513 | Security: heap-use-after-free in WebDataRequestManager::RequestCompletedOnThread | $10000 | 2021-10-29 |
1231117 | CHECK failure: proto.map().oddball_type() == OddballType::kNull in compilation-dependencies.cc | - | 2021-10-29 |
1231169 | tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::AddPlatformIndependentPasses | - | 2021-10-29 |
1231432 | use after poison in ImageDecoderExternal | $5000 | 2021-10-29 |
1231704 | Crash in v8::internal::ClearStaleLeftTrimmedHandlesVisitor::FixHandle | - | 2021-10-29 |
1231705 | DCHECK failure in current.map_word(kRelaxedLoad).IsForwardingAddress() || current.IsFixedArrayBase | - | 2021-10-29 |
1231952 | CHECK failure: Promise::kPending == promise->status() in objects.cc | - | 2021-10-29 |
1232115 | garcon_mime_types_parser_fuzzer: Use-of-uninitialized-value in ReadInt | - | 2021-10-29 |
1221130 | CrOS: Vulnerability reported in dev-libs/libgcrypt | - | 2021-10-26 |
1226373 | Security: Clickjacking | $500 | 2021-10-26 |
1229196 | code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace | - | 2021-10-26 |
1230324 | tint_ast_clone_fuzzer: Illegal-instruction in TintInternalCompilerErrorReporter | - | 2021-10-26 |
1230784 | Crash in cppgc::internal::PageBackend::FreeLargePageMemory | - | 2021-10-26 |
1230936 | DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-compil | - | 2021-10-26 |
1203880 | heap-use-after-free : system_media_permissions::`anonymous namespace'::CheckSystemMediaCapturePermission | - | 2021-10-25 |
1227351 | v8_wasm_fuzzer: DCHECK failure in force_emit || !require_jump in assembler-arm.cc | - | 2021-10-25 |
1230239 | vp9_replay_fuzzer.exe: Illegal-instruction in webrtc::vp9::BitstreamReader::IfNextBoolean | - | 2021-10-25 |
1230265 | Trap in v8::internal::__RT_impl_Runtime_AbortCSAAssert | - | 2021-10-25 |
1230266 | tint_all_transforms_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read | - | 2021-10-25 |
1197196 | tint_spv_reader_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter | - | 2021-10-24 |
1218468 | heap use after free in ChromePageInfoDelegate::OpenConnectionHelpCenterPage | - | 2021-10-24 |
1230139 | Security: heap-buffer-overflow in libavif's avifImageScale() function | - | 2021-10-24 |
1205883 | COOP is ignored on navigation errors followed by reloads | - | 2021-10-22 |
1220692 | BrlTTY allows for arbitrary chmod 777 | - | 2021-10-22 |
1220696 | BrlTTY allows for arbitrary root write | - | 2021-10-22 |
1226909 | Security: crossOriginIsolated bypass | $3000 | 2021-10-22 |
1228720 | v8_wasm_async_fuzzer: DCHECK failure in pc_offset() <= first_const_pool_32_use_ + kMaxDistToIntPool in assembler-arm.h | - | 2021-10-22 |
1220237 | Null-dereference READ in ubsan_GetStackTrace | - | 2021-10-21 |
1226318 | virgl_fuzzer: Use-of-uninitialized-value in vrend_destroy_shader_object | - | 2021-10-21 |
1228233 | DCHECK failure in effect_edges > 0 in verifier.cc | - | 2021-10-21 |
1228669 | tint_robustness_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError | - | 2021-10-21 |
1229198 | Heap-use-after-free in blink::LayoutObject::PropagateStyleToAnonymousChildren | - | 2021-10-21 |
1227315 | Security: HeapOverflow in ProtocolHandler | $20000 | 2021-10-20 |
1227979 | Security DCHECK failure: as_image_observer_count_ > 0u in layout_object.cc | - | 2021-10-20 |
1228643 | zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X86Traits>::MakeReadAbs32 | - | 2021-10-20 |
1228641 | zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations | - | 2021-10-20 |
1228730 | Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::SplitFlow | - | 2021-10-20 |
1228950 | zucchini_imposed_ensemble_matcher_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X64Traits>::MakeReadAbs32 | - | 2021-10-20 |
1229001 | Crash in blink::LayoutObject::SlowLastChild | - | 2021-10-20 |
1229004 | Heap-use-after-free in blink::Text::RecalcTextStyle | - | 2021-10-20 |
1229031 | Heap-use-after-free in blink::HasRenderedNonAnonymousDescendantsWithHeight | - | 2021-10-20 |
1229056 | Crash in blink::LayoutListItem* blink::DynamicTo<blink::LayoutListItem, blink::LayoutObje | - | 2021-10-20 |
1229032 | Heap-use-after-free in blink::NGBlockNode::FirstChild | - | 2021-10-20 |
1229071 | Heap-use-after-free in blink::LayoutObject::SetNeedsLayoutAndFullPaintInvalidation | - | 2021-10-20 |
1229201 | Heap-use-after-free in blink::LocalFrameView::UpdateDocumentAnnotatedRegions | - | 2021-10-20 |
1163124 | arc-sensor.conf can be used to break out the user namespace when creating /dev/.arc_sensor_ready | - | 2021-10-19 |
1193925 | Security: Overflow in handwriting | - | 2021-10-19 |
1217064 | v8_wasm_code_fuzzer: CHECK failure: interpreter_result.result() == result_compiled | - | 2021-10-19 |
1228069 | tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor | - | 2021-10-19 |
1228365 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h | - | 2021-10-19 |
854424 | Cross-origin download bypasses SameSite cookie | $1000 | 2021-10-18 |
1209154 | zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations | - | 2021-10-18 |
1224142 | Debug check failed: scheduled_exception() == ReadOnlyRoots(heap()).termination_exception() | - | 2021-10-18 |
1228229 | CHECK failure: kind() == CodeKind::BASELINE | - | 2021-10-18 |
1226337 | Container-overflow in cc::draw_property_utils::LayerShouldBeSkippedForDrawPropertiesComputation | - | 2021-10-17 |
1226357 | Container-overflow in cc::LayerImpl::LayerPropertyChangedFromPropertyTrees | - | 2021-10-17 |
1174491 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2021-10-16 |
1214481 | (Chrome & Chromium Browsers) Blank Address Bar Temporary Spoof | $1000 | 2021-10-16 |
1223426 | gpu_raster_passthrough_fuzzer: Crash in CopyRow_C | - | 2021-10-16 |
1226890 | Security: Use-After-Free in FileSystemAccessManager.GetEntryFromDataTransferToken | - | 2021-10-16 |
1226298 | Container-overflow in cc::draw_property_utils::CalculateDrawProperties | - | 2021-10-16 |
936397 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2021-10-15 |
1220810 | CHECK failure: addr + size <= chunk_->area_end() | - | 2021-10-15 |
1219994 | Chromium: Vulnerability reported in third_party/libxml | - | 2021-10-15 |
1225929 | Security: Web pages can use ProcessInternals and ConversionInternals Mojo interfaces | - | 2021-10-15 |
1226323 | Security: Security DCHECK failed i < length() in WTF::StringView::operator[] | $2000 | 2021-10-15 |
1227241 | Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper | - | 2021-10-15 |
1227596 | CHECK failure: JSFunctionRef construction failed | - | 2021-10-15 |
1259077 | Security: form-action's blocking of redirects allows top-navigation XSLeak | - | 2021-10-15 |
1214234 | Security: Heap-use-after-free in CreditCardAccessManager::FetchCreditCard | $20000 | 2021-10-14 |
1216822 | Security: An <option> with a long label causes browser crash | $6000 | 2021-10-14 |
1221880 | Invalid-free in base::TaskAnnotator::RunTask | - | 2021-10-14 |
1219995 | CrOS: Vulnerability reported in dev-libs/libxml2 | - | 2021-10-14 |
1224419 | UAF in WebAppInternalsPageHandlerImpl::GetExternallyInstalledWebAppPrefs | - | 2021-10-14 |
1226659 | Use-after-poison in blink::ImageResourceContent::ShouldPauseAnimation | - | 2021-10-14 |
1226988 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h | - | 2021-10-14 |
1227228 | heap-use-after-free : IOSurfaceNotifierNotifyFunc | - | 2021-10-14 |
1226360 | Segv on unknown address in blink::ScriptState::From | - | 2021-10-13 |
1190493 | Heap-use-after-free in vk::Buffer::getOffsetPointer | $6000 | 2021-10-12 |
1225607 | DCHECK failure in object->FitsRepresentation(representation) in objects.cc | - | 2021-10-12 |
1223839 | DCHECK failure in is_liftoff() || tier() == ExecutionTier::kTurbofan in wasm-code-manager.cc | - | 2021-10-11 |
1226056 | Crash in MergeUVRow_SSE2 | - | 2021-10-10 |
1219082 | Security: [ANGLE] Out-of-bounds write in Renderer11::blitRenderbufferRect | $7500 | 2021-10-09 |
1225786 | DCHECK failure in !broker->IsMainThread() in heap-refs.cc | - | 2021-10-09 |
1197149 | Add FTPS to request port blocklist to combat ALPACA attack | - | 2021-10-07 |
1200995 | heap-use-after-free : extensions::ChromeAppSorting::FixNTPOrdinalCollisions | - | 2021-10-07 |
1204722 | Security: Autofill suggestion UI should dismiss permissions UI | - | 2021-10-07 |
1219870 | Security: Use-after-free in NavigatorShare::OnConnectionError | $7500 | 2021-10-07 |
1223667 | Security: HeapOverflow in BookmarkBarView | $10000 | 2021-10-07 |
1207839 | tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read | - | 2021-10-05 |
1214842 | Security: GC freeing reachable objects in JSON parser | $5000 | 2021-10-05 |
1217598 | Heap-use-after-free in blink::TextPainterBase::CreateDrawLooper | - | 2021-10-05 |
1219209 | Security: Use-after-free with XSLT strip-space | $2000 | 2021-10-05 |
1219630 | Security: JS object corruption in WasmJs::InstallConditionalFeatures | - | 2021-10-05 |
1219886 | AddressSanitizer: heap-buffer-overflow on gpu::CopyArraysToBuffer transfer_buffer_cmd_copy_helpers.h:80 | $8500 | 2021-10-05 |
1220250 | Crash in GL_GenerateMipmap method. | $7500 | 2021-10-05 |
1221309 | OpenXR VR session exits with Samsung mixed reality controllers | $500 | 2021-10-05 |
1221406 | heap-use-after-free in task_manager | $15000 | 2021-10-05 |
1224041 | Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor | - | 2021-10-05 |
1219199 | dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue | - | 2021-10-02 |
1223103 | cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send | - | 2021-10-02 |
1223459 | virgl_fuzzer: Segv on unknown address in virgl_renderer_context_destroy | - | 2021-10-02 |
1127594 | CrOS: Vulnerability reported in dev-libs/libxml2 | - | 2021-10-01 |
1194959 | CrOS: Vulnerability reported in app-arch/tar | - | 2021-10-01 |
1211312 | CrOS: Vulnerability reported in dev-libs/libxml2 | - | 2021-10-01 |
1215243 | counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput | - | 2021-10-01 |
1216022 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize | - | 2021-10-01 |
1220068 | DCHECK fail in webaudio worklet | - | 2021-10-01 |
1221221 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2021-10-01 |
1221890 | Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc | - | 2021-10-01 |
1223191 | Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode | - | 2021-10-01 |
1223549 | ec_pchg_fuzzer: Global-buffer-overflow in test_fuzz_one_input | - | 2021-10-01 |
1223584 | CHECK failure: args.Length() == 2 in d8-test.cc | - | 2021-10-01 |
1223740 | heap-use-after-free : blink::PaintController::FinishCycle | - | 2021-10-01 |
1206407 | tint_single_entry_point_fuzzer: Illegal-instruction in tint::fuzzers::ValidityErrorReporter | - | 2021-09-30 |
1210550 | gpu_raster_passthrough_fuzzer: Crash in CopyRow_ERMS | - | 2021-09-30 |
1210985 | Security: OOB write after moving pinned tab into a group | $15000 | 2021-09-30 |
1218973 | Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView | - | 2021-09-30 |
1219377 | Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView | - | 2021-09-30 |
1194689 | heap-buffer-overflow : media::D3D11H264Accelerator::SubmitFrameMetadata | - | 2021-09-29 |
1209517 | sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge | - | 2021-09-29 |
1218707 | Security: UAF in websql | $500 | 2021-09-29 |
1218974 | Security: ChromeOS root privilege escalation (brltty, vpn-manager, cros_camera_server) | $30000 | 2021-09-29 |
1220754 | skia_path_fuzzer: Crash in blit_aaa_trapezoid_row | - | 2021-09-29 |
1221897 | Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild | - | 2021-09-29 |
1221840 | Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode | $6000 | 2021-09-29 |
1222160 | Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild | - | 2021-09-29 |
1178183 | cups_ipp_t_fuzzer: Crash in ippDelete | - | 2021-09-28 |
1202102 | Security: UAF when attempting to move tab group in restored window | $10000 | 2021-09-28 |
1212599 | AddressSanitizer: heap-use-after-free fft_frame_pffft.cc:81 in blink::FFTFrame::FFTSetupForSize | $7500 | 2021-09-28 |
1214641 | Heap-use-after-free in blink::IsLayoutObjectRelevantForAccessibility | - | 2021-09-28 |
1215029 | Security: UAF when sending tab to device | $10000 | 2021-09-28 |
1221812 | DCHECK failure in details.representation().Equals( map.GetPropertyDetails(descriptor).representati | - | 2021-09-28 |
1216678 | Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult | - | 2021-09-26 |
1215912 | Freelist Corruption with PartitionAlloc on 93.0.4541.0+ related to allocation of LayoutObjects/PaintLayers | - | 2021-09-24 |
1219925 | Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent | - | 2021-09-24 |
1221031 | Crash in cppgc::internal::PageBackend::AllocateLargePageMemory | - | 2021-09-24 |
1221062 | heap-use-after-free : disk_cache::SparseControl::GetAvailableRange | - | 2021-09-24 |
1212612 | Security: Use after free in Payments | $20000 | 2021-09-23 |
1219539 | Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices | - | 2021-09-23 |
1219898 | v8_wasm_fuzzer: DCHECK failure in 0 < code.size() in function-compiler.cc | - | 2021-09-23 |
1151507 | Security: Cross-origin iframe can navigate top window to different site via same-site open redirect or XSS redirect | $3000 | 2021-09-22 |
1183440 | Heap-use-after-free in views::MenuController::ExitMenu | - | 2021-09-22 |
1195278 | UAF in bookmark | $7500 | 2021-09-22 |
1200679 | Security: Double-free when extension is uninstalled while uninstall dialog is being shown | $10000 | 2021-09-22 |
1201033 | Security: Out-of-bounds access in WebAudio | $7500 | 2021-09-22 |
1206458 | heap-use-after-free : resource_coordinator::TabLifecycleUnitSource::TabLifecycleUnit::SetFocused | - | 2021-09-22 |
1145553 | bypass blocked autoredirects from cross-origin iframes | $5000 | 2021-09-21 |
1181522 | CrOS: Intel graphics drivers advisory INTEL-SA-00438 | - | 2021-09-21 |
1194899 | BigInt toLocaleString free invalid pointer | $1000 | 2021-09-21 |
1211308 | Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView | - | 2021-09-21 |
1213350 | Security: Incorrect Security UI in downloads | $3000 | 2021-09-21 |
1219101 | Security: Simplified Lowering DCHECK restriction type | - | 2021-09-21 |
1219634 | v8_wasm_code_fuzzer: DCHECK failure in exception_stack.back() == control_stack.size() - 1 in wasm-interpreter.cc | - | 2021-09-21 |
1214699 | Null-dereference READ in ubsan_GetStackTrace | - | 2021-09-20 |
1216941 | Null-dereference READ in content::BrowserContext::GetDefaultStoragePartition | - | 2021-09-19 |
1219231 | Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent | - | 2021-09-19 |
1216837 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2021-09-18 |
1218439 | Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers | - | 2021-09-18 |
1218587 | Heap-use-after-free in blink::StyleCrossfadeImage::ImageChanged | - | 2021-09-18 |
1218811 | Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices | - | 2021-09-18 |
1219036 | Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor | - | 2021-09-18 |
1210487 | AddressSanitizer: use-after-poison long_task_detector.cc:46 in blink::LongTaskDetector::DidProcessTask | $7500 | 2021-09-17 |
1214140 | Heap-use-after-free in views::Widget::OnNativeWidgetDestroying | - | 2021-09-17 |
1214584 | Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd | - | 2021-09-17 |
1215504 | CrOS: Vulnerability reported in net-nds/openldap | - | 2021-09-17 |
1217741 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError | - | 2021-09-17 |
1206911 | Security: heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing | - | 2021-09-16 |
1209558 | Breakpoint with empty stacktrace | - | 2021-09-16 |
1209769 | uaf in browser process DestroyURLLoader(network::cors::CorsURLLoaderFactory) | $15000 | 2021-09-16 |
1210547 | dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue | - | 2021-09-16 |
1211215 | DCHECK failure in *p != to_check_ in heap.cc | - | 2021-09-16 |
1212498 | Security: UAF after user clicks help link in enhanced spell check dialog | $10000 | 2021-09-16 |
1212500 | Security: UAF after use clicks help link in accessibility labels dialog | $10000 | 2021-09-16 |
1212618 | Security: UAF in ServiceWorker with bfcache | $25000 | 2021-09-16 |
1212862 | Security: Crash in Zenith dialog | - | 2021-09-16 |
1216437 | Security: Unexpected JS execution in GetScriptableObjectProperty leads to JS object corruption | - | 2021-09-16 |
1176218 | Security: TALOS-2021-1241 Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability | $7500 | 2021-09-15 |
1187797 | Security: UAF in usrsctp on sctp_association->str_reset | $7500 | 2021-09-15 |
1191778 | policy_fuzzer: Heap-use-after-free in base::JoinString | - | 2021-09-15 |
1197146 | Security: UAF when extension removes tab group during drag | $10000 | 2021-09-15 |
1198717 | Security: OOB write after extension pins tab during drag | $10000 | 2021-09-15 |
1199198 | Security: UAF caused by some WebUIMessageHandlers when OnJavascriptDisallowed() is not called before destruction | $15000 | 2021-09-15 |
1202598 | Security: Heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl | $10000 | 2021-09-15 |
1203693 | dawn_wire_server_and_frontend_fuzzer: Container-overflow in tint::diag::Formatter::format | - | 2021-09-15 |
1204814 | sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare | - | 2021-09-15 |
1206631 | Chrome: Crash Report - base::CancelableTaskTracker::Untrack | - | 2021-09-15 |
1215974 | CrOS: Vulnerability reported in x11-libs/gdk-pixbuf | - | 2021-09-15 |
1216212 | hb_subset_fuzzer: Crash in OT::hb_colrv1_closure_context_t::return_t OT::Paint::dispatch<OT::hb_colrv1_clos | - | 2021-09-15 |
1140831 | harbfuzz is affected by unfixed upstream bugs | - | 2021-09-14 |
1201073 | Security: UAP in FileReader | $7500 | 2021-09-14 |
1202534 | v8_inspector_fuzzer: DCHECK failure in enabled() in v8-debugger-agent-impl.cc | - | 2021-09-14 |
1209444 | Trap in Builtins_JSEntryTrampoline | - | 2021-09-14 |
1211782 | CrOS: Vulnerability reported in net-fs/samba | - | 2021-09-14 |
1212460 | CrOS: Vulnerability reported in net-fs/samba | - | 2021-09-14 |
1215250 | paint_op_buffer_fuzzer: Use-of-uninitialized-value in cc::PaintOpReader::ReadRecordPaintFilter | - | 2021-09-14 |
1215808 | DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc | - | 2021-09-14 |
1215976 | Memcpy-param-overlap in v8::base::Memcpy | - | 2021-09-14 |
1216595 | Attaching an inner contents that has already created a platform RenderWidgetHostView causes a bad cast on Mac and Android | - | 2021-09-14 |
1216928 | code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace | - | 2021-09-14 |
1217311 | DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc | - | 2021-09-14 |
1210823 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2021-09-12 |
1202661 | Security: Stack overflow in printing | $10000 | 2021-09-11 |
1201031 | Security: Use-after-free in extension install dialog | $20000 | 2021-09-10 |
1209802 | tint_ast_clone_fuzzer: Illegal-instruction in tint_ast_clone_fuzzer.cc | - | 2021-09-10 |
1210414 | Security: [ANGLE] Out-of-bound write in rx::Image11::GenerateMipmap | $7500 | 2021-09-10 |
1216021 | counters_service_fuzzer: Use-of-uninitialized-value in patchpanel::ParseOutput | - | 2021-09-10 |
1216215 | DCHECK failure in (optimizing_compile_dispatcher_) != nullptr in isolate.h | - | 2021-09-10 |
1211326 | SUMMARY: AddressSanitizer: heap-use-after-free devtools_agent_host_impl.h:84 in std::__1::vector<content::protocol::TargetHandler*, std::__1::allocator<content::protocol::TargetHandler*> > content::DevToolsAgentHostImpl::HandlersByName<content::protocol::TargetHandler>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) | $10000 | 2021-09-09 |
1213313 | Security: HeapOverflow in FillPhoneCountryCode | $15000 | 2021-09-09 |
1214280 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in sw::SpirvShader::Operand::Float | - | 2021-09-09 |
921607 | Cross-Origin URL steal using Fetch and no-cors requests on iOS Chrome. | $2000 | 2021-09-08 |
1070399 | Security: URL spoofing using 'very-long-hostname' URL in the Suggestion box | $500 | 2021-09-08 |
1200440 | ExtensionFunction::browser_context() and deleted private profiles | - | 2021-09-08 |
1180210 | Security: CVE-2020-12362: Privilege escalation vulnerability in i915 GuC firmware | - | 2021-09-06 |
1181227 | Security: Failure to enforce EC is booted from RO when performing dev mode transitions on dedede, volteer | - | 2021-09-06 |
1213770 | CHECK failure: unregister_token().IsUndefined(isolate) implies key_list_prev().IsUndefined(isol | - | 2021-09-05 |
1214311 | counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput | - | 2021-09-05 |
1195722 | Security: UAP in JS Self-Profiling API | $5000 | 2021-09-04 |
1195431 | Security: UAF in Android-specific (not in upstream Linux) xt_qtaguid kernel module | - | 2021-09-04 |
1213709 | DCHECK failure in 0 < number_of_all_descriptors in factory-base.cc | - | 2021-09-04 |
1201938 | DCHECK failure in descriptor_number.as_int() < number_of_descriptors() in descriptor-array-inl.h | - | 2021-09-02 |
1206404 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2021-09-02 |
1208264 | Security: Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive | $15000 | 2021-09-02 |
1208782 | DCHECK failure in IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize) in atomicops.h | - | 2021-09-02 |
1210394 | crash in canvas filter | $5000 | 2021-09-02 |
1212694 | Security: libxml CVE-2021-3541 | - | 2021-09-02 |
1213476 | Heap-use-after-free in blink::mojom::CodeCacheHostStubDispatch::Accept | - | 2021-09-02 |
1213678 | DCHECK failure in that == nullptr || v8::internal::Object( *reinterpret_cast<const v8::internal::A | - | 2021-09-02 |
1213764 | Crash in v8::internal::Map::instance_type | - | 2021-09-02 |
1213851 | CHECK failure: ReadOnlyRoots(isolate).empty_descriptor_array() == *this | - | 2021-09-02 |
1023503 | Security: PlatformSensorReaderWin32 use after free bug | - | 2021-09-01 |
1094449 | CrOS: Vulnerability reported in sys-apps/dbus | - | 2021-09-01 |
1204811 | Security: Local Elevation of Privilege vulnerability in Google Update Service | $10000 | 2021-09-01 |
1210593 | CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc | - | 2021-09-01 |
1212206 | Heap-use-after-free in rx::FramebufferVk::startNewRenderPass | - | 2021-09-01 |
1212321 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-09-01 |
1212733 | Security: expat vulnerable to CVE-2013-0340? | $500 | 2021-09-01 |
538562 | Chrome inherits window name from sandboxed iframe, enabling global variable confusion | - | 2021-08-31 |
1129379 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2021-08-31 |
1207277 | Security: heap-use-after-free in BrowserView::ProcessFullscreen | $7500 | 2021-08-31 |
1207334 | CrOS: Vulnerability reported in sys-libs/binutils-libs | - | 2021-08-31 |
1209798 | CHECK failure: Ref construction failed | - | 2021-08-31 |
1212582 | DCHECK failure in !node->op()->HasProperty(Operator::kNoThrow) in simplified-lowering.cc | - | 2021-08-31 |
1172694 | Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd | - | 2021-08-28 |
1197431 | Bad-cast to rx::RenderTargetVk from invalid vptr in rx::FramebufferVk::startNewRenderPass | - | 2021-08-28 |
1203607 | Security: Heap-use-after-free in TabStripLayoutHelper::CalculateMinimumWidth | $7500 | 2021-08-28 |
1184954 | Security: Heap-use-after-free in TabStrip::GetSizeNeededForViews | $10000 | 2021-08-27 |
1196480 | Security: Multiple Bugs in WebP | - | 2021-08-27 |
1196773 | Security: heap-use-after-free in libwebp ConvertBGRAToRGB_SSE41 | - | 2021-08-27 |
1196775 | Security: heap-buffer-overflow in libwebp PlanarTo24b_SSE41 | - | 2021-08-27 |
1196777 | Security: heap-buffer-overflow in libwebp VP8YuvToRgb | - | 2021-08-27 |
1196778 | Security: heap-buffer-overflow in libwebp UpsampleRgbLinePair_SSE41 | - | 2021-08-27 |
1206289 | CHECK failure: function->closure_feedback_cell_array().length() == function->shared().feedback_ | - | 2021-08-27 |
1211711 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize | - | 2021-08-27 |
1178202 | Security: X-Chrome-offline allows arbitrary file reads from compromised renderer. | - | 2021-08-26 |
1196232 | CrOS: Vulnerability reported in sys-libs/binutils-libs | - | 2021-08-26 |
1197199 | gpu_raster_swangle_passthrough_fuzzer: Heap-use-after-free in libvk_swiftshader.so | - | 2021-08-26 |
1196309 | Security: OOB vector insertion when extension highlights tab during drag | $10000 | 2021-08-26 |
1197875 | Security: OOB read when attempting to add tab to group after groups have changed | $11000 | 2021-08-26 |
1201340 | DCHECK failure in offset_imm <= std::numeric_limits<int32_t>::max() in liftoff-assembler-ia32.h | - | 2021-08-26 |
1201446 | Security: heap-buffer-overflow in CreateFaviconImageSkia | $20000 | 2021-08-26 |
1203590 | container-overflow in dom_distiller::TaskTracker::NotifyViewersAndCallbacks | - | 2021-08-26 |
1209118 | SUMMARY: AddressSanitizer: heap-use-after-free (Chromium/asan-mac-release-876501/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/92.0.4491.0/Chromium Framework:x86_64+0x1958102f) in blink::ComputedAccessibleNode::checked() | $5000 | 2021-08-26 |
1185801 | Remove header sizes from ResourceTiming transferSize | - | 2021-08-25 |
1194431 | Security: UAF in TracingHandler | $5000 | 2021-08-25 |
1194896 | Security: UAF after moving tab associated with undocked devtools instance into another browser window | $10000 | 2021-08-25 |
1200766 | UAF in AutofillPopupControllerImpl | $20000 | 2021-08-25 |
1203674 | AddressSanitizer: heap-use-after-free in dom_distiller::UMAHelper::LogTimeOnDistillablePage | - | 2021-08-25 |
1205059 | video_capture_host_mojolpm_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in media::FakeV4L2Impl::ioctl | - | 2021-08-25 |
1208414 | render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout | - | 2021-08-25 |
1208721 | Security: heap-over-flow in AutofillPopupControllerImpl::RemoveSuggestion | $20000 | 2021-08-25 |
1209178 | render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout | - | 2021-08-25 |
1209638 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2021-08-25 |
1206623 | DCHECK failure in StackFrame::IsTypeMarker(marker) in frames.cc | - | 2021-08-23 |
1177325 | libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2 | - | 2021-08-22 |
1190030 | Crash in rx::IOSurfaceSurfaceVkMac::releaseTexImage | - | 2021-08-21 |
1200246 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError | - | 2021-08-21 |
1204347 | Security: 3d css can still glitch onto native browser UI | - | 2021-08-21 |
1206131 | Security: PresentationRequest dialog can appear over the wrong tab | $1000 | 2021-08-21 |
1208984 | Heap-buffer-overflow in GrPathUtils::generateQuadraticPoints | - | 2021-08-21 |
1189110 | Crash in sw::SpirvShader::getImageSampler | - | 2021-08-20 |
1205981 | Visited links leak via CSS transitions and the transitionrun event (Windows 10, Linux) | $5000 | 2021-08-20 |
1207078 | v8_inspector_fuzzer: DCHECK failure in has_scheduled_exception() in isolate-inl.h | - | 2021-08-20 |
1208865 | zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerElfIntel<zucchini::Elf32IntelTraits>::MakeReadAbs32 | - | 2021-08-20 |
1194058 | Security: heap-use-after-free in the payment dialog in the browser process | $15000 | 2021-08-19 |
1195340 | Security: HeapOverflow in MediaFeeds | $15000 | 2021-08-19 |
1195573 | Security: UAF when WebContents being dragged is destroyed | $1000 | 2021-08-19 |
1197436 | Security: heap-use-after-free in DesktopWindowTreeHostPlatform::SetFullscreen | $10000 | 2021-08-19 |
1200019 | Security: heap-buffer-overflow in PlatformNotificationServiceImpl::CreateNotificationFromData | $20000 | 2021-08-19 |
1206329 | UAF in InternalAuthenticatorAndroid::InvokeIsUserVerifyingPlatformAuthenticatorAvailableResponse | - | 2021-08-19 |
1207992 | Heap-use-after-free in viz::SkiaRenderer::DrawRenderPassQuad | - | 2021-08-19 |
1153363 | Security: With full pointers, a wrong SmiUntag() operation on a TaggedIndex value can cause operating on the wrong feedback slot. | - | 2021-08-18 |
1198216 | sqlite3_dbfuzz2_fuzzer.exe: Heap-buffer-overflow in insertCell | - | 2021-08-18 |
1200490 | 0 and -0 confusion in SpeculativeNumberMultiply | - | 2021-08-18 |
1203593 | Static-imported scripts are wrongly considered main scripts during service worker update | - | 2021-08-18 |
1204071 | Segv on unknown address in Builtins_InterpreterEntryTrampoline | - | 2021-08-18 |
1206674 | Heap-use-after-free in hsw::run_program | - | 2021-08-18 |
1206822 | Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit | - | 2021-08-18 |
1207680 | CHECK failure: Ref construction failed | - | 2021-08-18 |
1194829 | use after poison write in mojo::InterfaceEndpointClient::NotifyError when deal with WebBundle | $5000 | 2021-08-17 |
1205670 | CVE-2021-31829 - Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory | - | 2021-08-17 |
1206754 | DCHECK failure in !__isolate__->has_pending_exception() in ic.cc | - | 2021-08-17 |
1206994 | CHECK failure: promise_result.is_null() == promise_->GetIsolate()->has_pending_exception() | - | 2021-08-17 |
1207679 | CHECK failure: storage_.is_populated_ | - | 2021-08-17 |
1205752 | tint_spv_reader_wgsl_writer_fuzzer: Bad-cast to const tint::ast::Pointer from tint::ast::Vector in tint::typ::TypePair<tint::ast::Pointer, tint::sem::Pointer> tint::typ::Call_type | - | 2021-08-15 |
1149086 | gstoraster_fuzzer: Use-of-uninitialized-value in gp_pwrite_impl | - | 2021-08-14 |
1164941 | Heap-buffer-overflow in sw::SpirvShader::getImageSampler | - | 2021-08-14 |
1198369 | Security: ink refers to non-existent upstream | - | 2021-08-14 |
1204484 | tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::ExtractFirstIndexOffsetInputs | - | 2021-08-14 |
1171630 | gstoraster_fuzzer: Use-of-uninitialized-value in cf_decode_2d | - | 2021-08-13 |
1172655 | gstoraster_fuzzer: Use-of-uninitialized-value in template_compose_group | - | 2021-08-13 |
1201501 | Bad-cast to content::ChildThreadImpl from invalid vptr in content::ChildThreadImpl::OnFieldTrialGroupFinalized | - | 2021-08-13 |
1201710 | gstoraster_fuzzer: Segv on unknown address in stream_dct_end_passthrough | - | 2021-08-13 |
1202506 | gstoraster_fuzzer: Heap-use-after-free in real_param | - | 2021-08-13 |
1203122 | Security: Type confusion bug in LoadSuperIC | $20000 | 2021-08-13 |
1168081 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2021-08-12 |
1193233 | Security: Arbitrary file read when caching file using CallAsSelfAndImpersonate2 | $5000 | 2021-08-12 |
1200017 | Heap-use-after-free in gl::GLFenceNV::~GLFenceNV | - | 2021-08-12 |
1201074 | Security: use-of-uninitialized-value in libavif when decode the crafted avif file | $7500 | 2021-08-12 |
1202203 | Heap-buffer-overflow in vk::Buffer::getOffsetPointer | - | 2021-08-12 |
1201772 | FLEDGE passes privileged url_loader_factory to utility process | - | 2021-08-11 |
1203240 | freetype_cidtype1_render_ftengine_fuzzer: Use-of-uninitialized-value in cf2_interpT2CharString | - | 2021-08-11 |
1203738 | freetype_cidtype1_fuzzer: Use-of-uninitialized-value in cid_read_subrs | - | 2021-08-11 |
1204829 | Heap-use-after-free in cricket::AllocationSequence::Init | - | 2021-08-11 |
1197786 | sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare | - | 2021-08-10 |
1194021 | CrOS: Vulnerability reported in x11-libs/cairo | - | 2021-08-09 |
1203060 | freetype_bdf_fuzzer: Use-of-uninitialized-value in inflate | - | 2021-08-07 |
1204313 | Heap-use-after-free in viz::SkiaRenderer::PrepareRenderPassOverlay | - | 2021-08-07 |
1177875 | Security: Openjpeg security fix may be missing | $500 | 2021-08-04 |
1198705 | Security: Range miscalculation for nodes of type SpeculativeSafeIntegerAdd in v8's TurboFan | $7500 | 2021-08-04 |
1199345 | missing the -0 case in VisitSpeculativeIntegerAdditiveOp | $15000 | 2021-08-04 |
1202736 | DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h | - | 2021-08-04 |
1139156 | Security: chrome.debugger API bypasses the runtime_blocked_hosts Enterprise policy | $5000 | 2021-08-03 |
1195331 | Trap in v8::internal::Map::UpdateFieldType | - | 2021-08-03 |
1198854 | use after poison inMediaStreamAudioTrack::StopAndNotify | $5000 | 2021-08-03 |
1202119 | Stack-use-after-return in SkRect::x | $6000 | 2021-08-03 |
1202609 | incorrect range constraint converting {u,}int64_t to double | - | 2021-08-03 |
1180510 | security: click-to-call across devices has inconsistent escaping & URL validation | $3000 | 2021-08-02 |
1163228 | Security: Missing usrsctp fixes | - | 2021-07-31 |
1201537 | vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::FrameValidator::OnEncodedImage | - | 2021-07-31 |
1195650 | Security: v8 SIGTRAP in optimized code | $5000 | 2021-07-30 |
1199402 | Security: Remote Code Execution? | - | 2021-07-30 |
1200231 | Crash in v8::internal::compiler::Operator1<v8::internal::Handle<v8::internal::HeapObject> | - | 2021-07-30 |
1110036 | gstoraster_fuzzer: Use-of-uninitialized-value in parse_dict | - | 2021-07-29 |
1107972 | gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params | - | 2021-07-29 |
1157498 | gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph | - | 2021-07-29 |
1159499 | gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token | - | 2021-07-29 |
1160913 | gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params | - | 2021-07-29 |
1198895 | use-after-poison in blink::ImageDecoderExternal::OnMetadata | $7500 | 2021-07-29 |
1200184 | v8_wasm_compile_fuzzer: Trap in v8::internal::wasm::fuzzer::InterpretAndExecuteModule | - | 2021-07-29 |
1201113 | Crash in v8::internal::Simulator::LoadStoreHelper | - | 2021-07-29 |
1201432 | Crash in Builtins_RunMicrotasks | - | 2021-07-29 |
1175058 | Security: heap-use-after-free using Presentation API | - | 2021-07-28 |
1175522 | sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt | - | 2021-07-28 |
1181276 | sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip | - | 2021-07-28 |
1188889 | Security: UAF in PageHandler::Navigate | $10000 | 2021-07-28 |
1194046 | Security: Site isolation break because of double fetch of shared buffer | $15000 | 2021-07-28 |
1194491 | Security: Potential out-of-bound write, origin confusion, permission type confusion in PermissionManager | - | 2021-07-28 |
1195308 | Security: Integer Overflow leads to heap buffer overflow in the function | $20000 | 2021-07-28 |
1195686 | Security: Heap-use-after-free in constrained_window::CreateWebModalDialogViews | $5000 | 2021-07-28 |
1195777 | Security: Incorrect representation change from Word64 to Word32 | $20000 | 2021-07-28 |
1196654 | CrOS: Vulnerability reported in net-misc/curl | - | 2021-07-28 |
1197829 | [cros] Device unlocked after resume from sleep | - | 2021-07-28 |
1197904 | Security: UAF in NavigationPredictor | $27000 | 2021-07-28 |
1198165 | (Chrome & Chromium Browsers) File Download Pop-up Origin Spoof | $7500 | 2021-07-28 |
1198696 | Harden ArrayPrototypePop and ArrayPrototypeShift against typer bugs | - | 2021-07-28 |
1199662 | v8_wasm_compile_fuzzer: DCHECK failure in 0 == four_lanes & in code-generator-arm.cc | - | 2021-07-28 |
1200162 | freetype_colrv1_fuzzer: Use-of-uninitialized-value in tt_face_get_paint | - | 2021-07-28 |
1172533 | Security: Autofill suggestion drop-down can cover browser UI | - | 2021-07-26 |
1173297 | Security: Autofill dropdown can be made hidden | - | 2021-07-26 |
1198611 | freetype_colrv1_fuzzer: Crash in tt_face_get_paint | - | 2021-07-26 |
1185732 | UAF in indexeddb database | $5000 | 2021-07-24 |
1195579 | DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h | - | 2021-07-24 |
1025683 | Permission Service Use After Free | $20000 | 2021-07-23 |
1192552 | heap-use-after-free : views::HWNDMessageHandler::OnDisplayChange | - | 2021-07-23 |
1195333 | Security: The Browser Process wrongly handle ACCEPT_BROKER_CLIENT message | $15000 | 2021-07-23 |
1199526 | v8_wasm_compile_fuzzer: Trap in V8_Dcheck | - | 2021-07-23 |
1195977 | Security: v8 Array.concat IterateElements OOB access leads to RCE | $22000 | 2021-07-22 |
1197759 | Segv on unknown address in HistoryClustersTabHelper::OnOmniboxUrlCopied | - | 2021-07-22 |
1197852 | Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8 | - | 2021-07-22 |
1198385 | heap-buffer-overflow : metal::`anonymous namespace'::TestShaderNow | - | 2021-07-22 |
1198871 | Abrt in blink::FontCache::GetLastResortFallbackFont | - | 2021-07-22 |
830101 | SameSite cookie bypass via redirect | $3000 | 2021-07-21 |
1166502 | Known vulnerability detected in third_party/unrar | - | 2021-07-21 |
1175503 | Security: same-to-cross-to-same-origin redirects are allowed for dedicated module workers | - | 2021-07-21 |
1178032 | heap-use-after-free : PermissionBubbleMediaAccessHandler::ProcessQueuedAccessRequest | - | 2021-07-21 |
1196683 | Security: 2021 pwn2own entry | - | 2021-07-21 |
1196803 | iframe sandbox escape using incognito intent fallback URLs | - | 2021-07-21 |
1197492 | Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut | - | 2021-07-21 |
1197839 | Chromium: Vulnerability reported in third_party/xstream | - | 2021-07-21 |
1072486 | Security: udev: root file write -> command execution privilege escalation | - | 2021-07-20 |
1161806 | potential uaf in webmidi | - | 2021-07-20 |
1166012 | Heap-buffer-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop | - | 2021-07-20 |
1166496 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1166497 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1166498 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1166499 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1166500 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1166501 | Known vulnerability detected in third_party/unrar | - | 2021-07-20 |
1181688 | Security: UAF in Ozone Clipboard | $20000 | 2021-07-20 |
1184294 | Security: xdgmime missing security-relevant commits | - | 2021-07-20 |
1190525 | Heap-buffer-overflow in SkScalerContext_FreeType_Base::generateGlyphImage | - | 2021-07-20 |
1197393 | Stack-buffer-overflow in void v8::internal::compiler::VisitBinop<v8::internal::compiler::BinopMatcher<v8: | - | 2021-07-20 |
448539 | Autofill should not fill hidden fields | - | 2021-07-19 |
1197819 | Bad-cast to int (const char *, void *) in xdg_run_command_on_dirs | - | 2021-07-19 |
1197910 | Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView | - | 2021-07-19 |
1195552 | Crash in v8::internal::Isolate::embedded_blob_code | - | 2021-07-16 |
1195615 | Crash in blink::HTMLPopupElement::hide | - | 2021-07-16 |
1168541 | Security: cryptohome chronos-access chgrp | - | 2021-07-15 |
1168549 | Security: Cryptohome chown chronos | - | 2021-07-15 |
1190519 | Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView | - | 2021-07-15 |
1193739 | heap-use-after-free : media::MojoVideoDecoder::OnVideoFrameDecoded | - | 2021-07-15 |
1194358 | Security: OOB in v8 | $15000 | 2021-07-15 |
1195356 | Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8 | - | 2021-07-15 |
1157030 | CrOS: Vulnerability reported in app-text/poppler | - | 2021-07-14 |
1165654 | Security: 30x Redirect On Reload Can Navigate to Unsafe URLs / Cause Spoofing Issues | - | 2021-07-14 |
1195370 | Trap in v8::internal::Handle<v8::internal::JSFunctionOrBoundFunction> const v8::internal | - | 2021-07-14 |
1196503 | Crash in v8::base::Relaxed_Load | - | 2021-07-14 |
1184929 | v8_wasm_async_fuzzer: DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc | - | 2021-07-13 |
1194417 | Security: PermissionControllerImpl::UnsubscribePermissionStatusChange UAF | - | 2021-07-13 |
1195343 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2021-07-13 |
1193327 | freetype_colrv1_fuzzer: Heap-buffer-overflow in tt_face_get_paint | - | 2021-07-11 |
1189926 | Aww snap crash when editing canvas text | $1000 | 2021-07-10 |
1191389 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in dawn_native::ValidateImageCopyTexture | - | 2021-07-10 |
1192574 | Security: 30x to data URI aren't blocked on iOS | - | 2021-07-10 |
1192789 | Security: upgrade to openssl 1.1.1k. | - | 2021-07-10 |
1156531 | Security: IDN Spoofing | - | 2021-07-09 |
1175992 | Security: Heap-buffer-overflow in TabStripModel::IsTabPinned | $10000 | 2021-07-08 |
1184399 | Security: Legacy ipc::Message passed via shared memory. | - | 2021-07-08 |
1190462 | CrOS: Vulnerability reported in net-libs/gnutls | - | 2021-07-08 |
1192054 | Security: heap-use-after-free in blink::InvalidatableInterpolation::MaybeConvertPairwise | $5000 | 2021-07-08 |
1192313 | v8_wasm_compile_fuzzer: Negative-size-param in v8::internal::wasm::WasmFullDecoder< | - | 2021-07-08 |
1193257 | webcodecs_audio_decoder_fuzzer: Bad-cast to media::MediaLog from invalid vptr in media::LogHelper::~LogHelper | - | 2021-07-08 |
1194784 | v8_wasm_code_fuzzer: DCHECK failure in this->ok() in function-body-decoder-impl.h | - | 2021-07-08 |
1194669 | Trap in v8::internal::FunctionLiteral::GetDebugName | - | 2021-07-08 |
1161379 | kCanvasReadback is used for two fingerprint surfaces | - | 2021-07-07 |
1161847 | Trap in Builtins_InterpreterEntryTrampoline | - | 2021-07-07 |
1173903 | Security: container-overflow in TabStrip | - | 2021-07-07 |
1181228 | Security: UAF in DesktopCapture | $20000 | 2021-07-07 |
1182647 | Security: Use after free in V8 | $15000 | 2021-07-07 |
1185463 | DCHECK failure in PropertyConstness::kMutable == old_descriptors_->GetDetails(modified_descriptor_ | - | 2021-07-07 |
1185482 | Security: use-after-free in WindowTreeHostPlatform::OnBoundsChanged | $1000 | 2021-07-07 |
1186641 | Security: heap-use-after-free in Blink | $7500 | 2021-07-07 |
1192311 | Use-after-poison in blink::AXObjectCacheImpl::Dispose | - | 2021-07-07 |
1193098 | gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize | - | 2021-07-07 |
1193209 | pdf_codec_jbig2_fuzzer: Stack-use-after-scope in fxcrt::UnownedPtr<std::__Cr::list<std::__Cr::pair<std::__Cr::pair<unsigned int, | - | 2021-07-07 |
1193493 | CHECK failure: !available->IsEmpty() in macro-assembler-arm64.cc | - | 2021-07-07 |
1193728 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h | - | 2021-07-07 |
1194316 | DCHECK failure in this->ok() in function-body-decoder-impl.h | - | 2021-07-07 |
1177419 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree [LayoutNG only] | - | 2021-07-06 |
1187210 | sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt | - | 2021-07-06 |
1169049 | Security: ARM GPU driver vulnerabilities | - | 2021-07-05 |
1192926 | Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock | - | 2021-07-05 |
1193116 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2021-07-04 |
1193210 | Heap-use-after-free in blink::AXLayoutObject::GetDocument | - | 2021-07-04 |
1188407 | Security: ChromeOS: missing path restriction in arc-obb-mounter | - | 2021-07-03 |
1189576 | crash in VideoFrame | $2000 | 2021-07-03 |
1190554 | Use-of-uninitialized-value in media::MediaMetricsProvider::~MediaMetricsProvider | - | 2021-07-03 |
1191853 | v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc | - | 2021-07-03 |
1192418 | Segv on unknown address in blink::Node::parentNode | - | 2021-07-03 |
1192456 | Use-of-uninitialized-value in blink::AXLayoutObject::CanHaveChildren | - | 2021-07-03 |
1192569 | Heap-use-after-free in blink::AXLayoutObject::GetDocument | - | 2021-07-03 |
1190290 | v8_inspector_fuzzer: DCHECK failure in has_exception == isolate->has_pending_exception() in execution.cc | - | 2021-06-30 |
1106907 | uaf in WebRTC_Network | $5000 | 2021-06-29 |
1176510 | Use-of-uninitialized-value in GURL::SchemeIs | - | 2021-06-29 |
1189890 | Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper | - | 2021-06-29 |
1184562 | Security: NAT Slipstreaming via RTSP(TCP/554) allows attacker to access local udp ports | $3000 | 2021-06-27 |
1185611 | Heap-use-after-free in libvk_swiftshader.dylib | $6000 | 2021-06-27 |
1187217 | Security DCHECK failure: IsTextControl(node) in text_control_element.h | - | 2021-06-27 |
1187896 | v8_wasm_code_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i | - | 2021-06-27 |
1190077 | Container-overflow in views::View::Layout | - | 2021-06-27 |
1000248 | Using the CSS Layout API and contenteditable causes the page to crash | $5000 | 2021-06-24 |
1100748 | Security: Possible for extensions to access chrome.cloudPrintPrivate API | $1000 | 2021-06-24 |
1115045 | CSP frame-src bypass using: window.open + javascript-url + about:srcdoc + doubly-nested-iframe. | $3000 | 2021-06-24 |
1116869 | Security: heap-buffer-overflow in "SkiaState::AdjustClip" function | $5000 | 2021-06-24 |
1145024 | Security&UI: WPA2-Enterprise/EAP WiFi Connection "Default" UI Discrepancy | $500 | 2021-06-24 |
1161891 | Security: Reloading iframes with data: src causes partial CSP bypass | $500 | 2021-06-24 |
1166091 | Security: Use of conditionally uninitialised stack variable may leak stack state | $500 | 2021-06-24 |
1166462 | Security: Use of conditionally uninitialised stack variable may leak stack state | $500 | 2021-06-24 |
1166478 | Security: Use of conditionally uninitialised stack variable may leak stack state | $500 | 2021-06-24 |
1166972 | Security: Use of conditionally uninitialised stack variable may leak stack state | $500 | 2021-06-24 |
1167507 | Security: Offline view bypasses Content-Security-Policy of the original page | $3000 | 2021-06-24 |
1167629 | Security: Context menu "Open" on a javascript: link bypasses Content-Security-Policy | $1000 | 2021-06-24 |
1180588 | Memcpy-param-overlap in mojo::core::Channel::Message::ExtendPayload | - | 2021-06-24 |
1182767 | Security: Amended fix for Side-channel attack against Autofill Preview | $5000 | 2021-06-24 |
1184037 | Container-overflow in blink::LocalFrameView::PushPaintArtifactToCompositor | - | 2021-06-24 |
1184147 | Security: Incorrect Security UI in payment | $500 | 2021-06-24 |
1185735 | [spark-plug]SharedFunctionInfo pending execption error which can lead to RCE | - | 2021-06-24 |
1188868 | DCHECK failure in 0 == result in mutex.cc | - | 2021-06-24 |
1189396 | CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc | - | 2021-06-24 |
1189467 | Use-of-uninitialized-value in v8::internal::compiler::Schedule::block | - | 2021-06-24 |
1146813 | Crash in v8::internal::Builtins::builtin_handle | - | 2021-06-23 |
1166138 | Security: Debug check failed: kMinCPOffset <= by (-32768 vs. -65536). | $5000 | 2021-06-23 |
1187203 | Security: SandboxedUnpacker unsafe use of shared memory. | - | 2021-06-23 |
1187403 | Heap-use-after-free in CurrentTabDesktopMediaList::Refresh | $15000 | 2021-06-23 |
1187826 | CrOS: Vulnerability reported in media-libs/tiff | - | 2021-06-23 |
1187836 | v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h | - | 2021-06-23 |
1188483 | DCHECK failure in invalidated_object.map().IsMap() in invalidated-slots-inl.h | - | 2021-06-23 |
1188974 | DCHECK failure in !is_linked() in label.h | - | 2021-06-23 |
1186603 | v8_wasm_async_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder< | - | 2021-06-22 |
1167357 | potential uaf in rtc_peer_connection | $500 | 2021-06-18 |
1179915 | heap-use-after-free : ui::EventTarget::RemovePreTargetHandler | - | 2021-06-18 |
1181387 | Security: container-overflow in TabGroups | - | 2021-06-18 |
1182109 | Security: dPWAs can change their icons after installation | - | 2021-06-18 |
1187170 | DCHECK failure in IsPrimitiveMap() in map-inl.h | - | 2021-06-18 |
1177674 | Security: Site Isolation bypass after BrowsingInstance state deleted | - | 2021-06-17 |
1185829 | v8_wasm_compile_fuzzer: DCHECK failure in source.stack_height() == target.stack_height() in liftoff-assembler.cc | - | 2021-06-17 |
1186802 | v8_wasm_compile_fuzzer: DCHECK failure in sig->return_count() <= cache_state_.stack_height() in liftoff-assembler.cc | - | 2021-06-17 |
1040988 | media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals | - | 2021-06-16 |
1152226 | Leaking the URL of any cross-origin redirect through AppCache's network section | $5000 | 2021-06-16 |
1152334 | Security: UAF in PaymentResponseHelper::GeneratePaymentResponse | $15000 | 2021-06-16 |
1174493 | CrOS: Vulnerability reported in dev-python/jinja | - | 2021-06-16 |
1185512 | cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate | - | 2021-06-16 |
1185999 | v8_wasm_code_fuzzer: DCHECK failure in (cond) != nullptr in wasm-compiler.cc | - | 2021-06-16 |
916326 | CSP bypass via wrong inheritance | - | 2021-06-15 |
1097480 | CrOS: Vulnerability reported in dev-libs/libpcre | - | 2021-06-15 |
1146651 | X-Frame-Options console error leaks cross-origin redirect information to a cross-site renderer process | - | 2021-06-15 |
1161144 | Security: UAF in Bookmark OpenAll | $10000 | 2021-06-15 |
1173879 | Security: Autofill preview suggestion value can be made to persist | - | 2021-06-15 |
1175507 | Security: heap-use-after-free in TabSearchPageHandler::CloseTab | - | 2021-06-15 |
1175975 | WebCodecs VideoFrame allows tainting bypass for ImageBitmaps. | - | 2021-06-15 |
1181131 | CrOS: Multiple vulnerabilities in dev-libs/openssl | - | 2021-06-15 |
1182571 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2021-06-15 |
1183026 | v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc | - | 2021-06-15 |
1184182 | Heap-use-after-free in aura::Window::~Window | - | 2021-06-15 |
1184928 | DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h | - | 2021-06-15 |
1184964 | DCHECK failure in !cache_state_.stack_state.empty() in liftoff-assembler.cc | - | 2021-06-15 |
1184966 | CHECK failure: Node::New() Error: #743:Phi[0] is nullptr in node.cc | - | 2021-06-15 |
1184991 | DCHECK failure in (val.node) != nullptr in graph-builder-interface.cc | - | 2021-06-15 |
1185072 | DCHECK failure in (location_) != nullptr in handles.cc | - | 2021-06-15 |
1185322 | DCHECK failure in kBottom != kind in value-type.h | - | 2021-06-15 |
1185579 | CHECK failure: Node::New() Error: #287:Float32LessThanOrEqual[1] is nullptr in node.cc | - | 2021-06-15 |
1178181 | cups_ipp_t_fuzzer: Crash in create_item | - | 2021-06-12 |
583058 | Security: root->kernel scribble in cros_ec_dev:ec_device_ioctl_xcmd on 32bit | $5000 | 2021-06-11 |
957606 | Security: CSP restrictions aren't applied when navigating a frame to about:blank | $7500 | 2021-06-11 |
971231 | Chrome Content security Policy bypass | $1000 | 2021-06-11 |
1075734 | Security: Side-channel attack against Autofill Preview that can steal user's data (e.g., credit card number). | $500 | 2021-06-11 |
1115298 | Full CSP bypass by opening a blob URL in a new tab and reloading it with history.back | $3000 | 2021-06-11 |
1115628 | Security: Full CSP bypass through blob: URIs | $5000 | 2021-06-11 |
1117687 | Security: Full CSP bypass through filesystem URIs | $5000 | 2021-06-11 |
1154250 | Security: determining size of CORB/CORP'd cross-origin responses | $500 | 2021-06-11 |
1155302 | Security: UaF in V4L2VideoEncodeAccelerator | - | 2021-06-11 |
1158010 | Security: Referrer Header Spoofing Vulnerability via <base> tags | $500 | 2021-06-11 |
1170584 | UI/URL Spoofing by putting the page into fullscreen when a user opens the emoji dialog | $1000 | 2021-06-11 |
1174943 | uaf in DestroyURLLoader(network::cors::CorsURLLoaderFactory) | $15000 | 2021-06-11 |
1175436 | uaf in CrossOriginEmbedderPolicyReporter(browser) | $15000 | 2021-06-11 |
1178165 | cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate | - | 2021-06-11 |
1181701 | CrOS: Vulnerability reported in dev-libs/glib | - | 2021-06-11 |
1183192 | Use-of-uninitialized-value in blink::LayoutGrid::FirstLineBoxBaseline | - | 2021-06-11 |
1184441 | Racy UAF when handling usrsctp notification on timer thread | - | 2021-06-11 |
1173311 | Security: Backport futex fix to older kernels | - | 2021-06-09 |
1181673 | noopener not applied to popups opened from a cross origin iframe in a cross-origin-isolated environment | - | 2021-06-09 |
1181684 | v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy | - | 2021-06-09 |
1183122 | Heap-use-after-free in blink::GridLayoutUtils::FlowAwareDirectionForChild | - | 2021-06-09 |
1181676 | Security: UAF in ClipboardHistory | $20000 | 2021-06-08 |
1182572 | Heap-buffer-overflow in mojo::core::Channel::Message::ExtendPayload | - | 2021-06-05 |
1013133 | CHECK failure: API call returned invalid object in api-arguments-inl.h | - | 2021-06-04 |
1181310 | Container-overflow in blink::LocalVideoCapturerSource::OnLog | - | 2021-06-04 |
1181125 | Container-overflow in blink::LocalVideoCapturerSource::OnLog | - | 2021-06-04 |
1181599 | sanitizer_api_fuzzer: Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-06-04 |
996770 | Security: [xfa] pdfium SEGV on RelocateTableRowCells | $5000 | 2021-06-02 |
1180435 | Crash in v8::internal::Simulator::DecodeType2 | - | 2021-06-01 |
1180871 | Heap-use-after-free in storage::DataPipeTransportStrategy::OnDataPipeReadable | - | 2021-06-01 |
1180129 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut | - | 2021-05-30 |
1180563 | Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New | - | 2021-05-30 |
1180579 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut | - | 2021-05-30 |
1177623 | Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New | - | 2021-05-29 |
1177812 | Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New | - | 2021-05-29 |
1180181 | v8_wasm_fuzzer: Segv on unknown address in v8::internal::Simulator::LoadStoreHelper | - | 2021-05-29 |
1180157 | tint_spv_reader_wgsl_writer_fuzzer: Use-of-uninitialized-value in tint::ValidatorImpl::Validate | - | 2021-05-29 |
1159255 | cras_rclient_message_fuzzer: Crash in cras_system_state_stream_added | - | 2021-05-28 |
1160414 | heapoverflow in web gpu | $5000 | 2021-05-28 |
1179120 | Known vulnerability detected in third_party/harfbuzz-ng | - | 2021-05-28 |
1179118 | Known vulnerability detected in third_party/harfbuzz-ng | - | 2021-05-28 |
1179182 | v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy | - | 2021-05-28 |
1179292 | Heap-buffer-overflow in base::internal::VectorBuffer<char>::RangesOverlap | - | 2021-05-28 |
1179545 | v8_wasm_compile_fuzzer: Stack-use-after-scope in v8::internal::wasm::fuzzer::WasmGenerator::BlockScope::BlockScope | - | 2021-05-28 |
1179595 | [sparkplug]baseline optimize function PrologueFillFrame register_count can be 0 .which can lead to code execution | $5000 | 2021-05-28 |
1179677 | Heap-use-after-free in base::ScopedMultiSourceObservation<aura::WindowTreeHost, aura::WindowTreeHostObs | - | 2021-05-28 |
1179948 | wayland_fuzzer: Heap-use-after-free in decltype | - | 2021-05-28 |
1144074 | Heap-use-after-free in EGL_DestroyContext | - | 2021-05-27 |
1160218 | dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal | - | 2021-05-27 |
1160258 | crash in gpu::gles2::GLES2Implementation::ReadPixels | $5000 | 2021-05-27 |
1176728 | Security: Does eigen3 need updating? | - | 2021-05-27 |
1178219 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-05-27 |
1179336 | Heap-buffer-overflow in base::circular_deque<char>::MoveBuffer | - | 2021-05-27 |
1143526 | Security: leak cross-site response size - countermeasure bypass | $3000 | 2021-05-26 |
1168544 | Security: crash-reporter chmod 660 | - | 2021-05-26 |
1171049 | Security: container-overflow in TabStrip::SetSelection | $10000 | 2021-05-26 |
1174373 | UAP in MojoWatcher::OnHandleReady | $2000 | 2021-05-26 |
1177593 | heap-buffer-overflow : blink::H264Encoder::EncodeOnEncodingTaskRunner | - | 2021-05-26 |
1178008 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-05-26 |
1178136 | Chromium: Vulnerability reported in third_party/libzip | - | 2021-05-26 |
1179025 | DCHECK failure in !pinned.has(reg) in liftoff-assembler.h | - | 2021-05-26 |
1172054 | UaF in WebRTC P2PSocketManagerProxy::CreateSocket | $5000 | 2021-05-25 |
1174626 | datapath_fuzzer: Use-of-uninitialized-value in patchpanel::IPv6AddressToString | - | 2021-05-25 |
1178224 | Bad-cast to blink::LayoutTableSection from blink::LayoutNGTableSection in blink::LayoutTable::AddChild | - | 2021-05-25 |
1178263 | Heap-buffer-overflow in blink::LayoutTable::AddColumn | $6000 | 2021-05-25 |
1128895 | CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc | - | 2021-05-24 |
1178455 | Test report from guest gmail account | - | 2021-05-24 |
1176909 | Heap-use-after-free in blink::DisplayItemClient::IsJustCreated | - | 2021-05-23 |
1177273 | Heap-use-after-free in blink::PaintLayer::RemoveAncestorScrollContainerLayer | - | 2021-05-23 |
1178142 | Crash in blink::LayoutTable::AddCaption | - | 2021-05-23 |
1178074 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-05-23 |
1111646 | Security: Possible to spoof URL after renderer crash | $3000 | 2021-05-22 |
1174186 | CSS 3D transform intersection glitch in Chrome / Windows | $500 | 2021-05-22 |
1177684 | Use-of-uninitialized-value in blink::LayoutTable::AddCaption | - | 2021-05-22 |
1177832 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-05-22 |
1178007 | Crash in blink::LayoutObjectChildList::RemoveChildNode | - | 2021-05-22 |
1174582 | Security: ScriptProcessorNode allows write of Float32Array across threads | - | 2021-05-21 |
1176606 | Heap-use-after-free in ash::NotificationCounterView::~NotificationCounterView | - | 2021-05-21 |
1177341 | Security: Insufficient fix for CVE-2021-21148 | - | 2021-05-21 |
1155819 | gpu_raster_swiftshader_fuzzer: Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt | - | 2021-05-20 |
1176557 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-05-20 |
1177070 | Crash in v8::internal::interpreter::BytecodeArrayAccessor::Advance | - | 2021-05-20 |
1170531 | Talos Security Advisory for Google Chrome browser (TALOS-2021-1235) | $7500 | 2021-05-19 |
1170776 | Security: V8 Incorrect array bounds calculation | - | 2021-05-19 |
1176318 | DCHECK failure in CanTransitionTo(new_details, *new_value) in property-cell-inl.h | - | 2021-05-19 |
1035260 | libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_SSSE3 | - | 2021-05-18 |
1172819 | Heap-buffer-overflow in blink::NGTableLayoutAlgorithm::Layout | - | 2021-05-18 |
1175222 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-05-18 |
1175500 | Security: Heap-buffer-overflow in TabStripModel::GroupTab (Windows-only) | $7500 | 2021-05-18 |
1174551 | Heap-buffer-overflow in unsigned int v8::internal::StringHasher::HashSequentialString<char> | - | 2021-05-17 |
1174900 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-05-17 |
1165724 | CrOS: Vulnerability reported in sys-libs/e2fsprogs-libs | - | 2021-05-15 |
1168545 | Security: Arbitrary code execution in ghostscript | - | 2021-05-15 |
1168555 | Security: android-root persistence | - | 2021-05-14 |
1173269 | Security: heap-buffer-overflow in TabStripModel | - | 2021-05-14 |
1173702 | Security: Heap buffer overflow in Tab Groups | $7500 | 2021-05-14 |
1174641 | ANGLE: Out-of-bounds read for emulated compressed texture formats in 3D textures | - | 2021-05-14 |
1166932 | Security: ChromeOS root privilege escalation and android-root persistence | $45000 | 2021-05-13 |
1173925 | Use-of-uninitialized-value in blink::PaintPropertyTreeBuilder::UpdateForSelf | - | 2021-05-13 |
1160459 | AddressSanitizer: access-violation on unknown address 0x000000000000 | - | 2021-05-12 |
1170826 | Third party apps and web pages can switch Chrome tabs | - | 2021-05-12 |
1171785 | Heap-use-after-free in blink::LocalFrameView::PerformPreLayoutTasks | - | 2021-05-12 |
1172192 | Security: UAF in Drag and Drop Download | $20000 | 2021-05-12 |
1098582 | Security: allow-top-navigation-by-user-activation bypasses via message event listeners on iOS | $5000 | 2021-05-11 |
1164655 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2021-05-11 |
1168552 | Security: host root file write | - | 2021-05-11 |
1171954 | DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod | - | 2021-05-11 |
1172121 | v8_inspector_fuzzer: DCHECK failure in host_import_module_dynamically_callback_ != nullptr == host_import_module_dynami | - | 2021-05-11 |
1172591 | Heap-use-after-free in views::ColorChooser::OnViewClosing | - | 2021-05-11 |
1172687 | Use-of-uninitialized-value in blink::LayoutObject::SetNeedsOverflowRecalc | - | 2021-05-11 |
1172885 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-05-11 |
1172912 | v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffAssembler::MergeFullStackWith | - | 2021-05-11 |
1171846 | v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim | - | 2021-05-10 |
1171759 | v8_multi_return_fuzzer: DCHECK failure in stack_decrement == kSystemPointerSize in code-generator-arm.cc | - | 2021-05-09 |
1171956 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-05-08 |
1172117 | Bad-cast to blink::LayoutTableCol from blink::LayoutNGTableColumn in blink::HTMLTableColElement::ParseAttribute | - | 2021-05-08 |
1172118 | Heap-buffer-overflow in blink::NGTablePainter::PaintBoxDecorationBackground | - | 2021-05-08 |
1094642 | gstoraster_fuzzer: Segv on unknown address in s_DCTD_process | - | 2021-05-06 |
1160665 | Requests for script sent even when main document is text/plain | $500 | 2021-05-06 |
1161759 | DCHECK failure in 0 == Heap::GetFillToAlign(obj->address(), HeapObject::RequiredAlignment(*map)) i | - | 2021-05-06 |
1166504 | heap bufferoverflow in VideoFrameYUVConverter | $5000 | 2021-05-06 |
1170657 | use after poison in DOMWebSocket | $5000 | 2021-05-06 |
1170933 | garcon_ini_parse_util_fuzzer: Heap-buffer-overflow in vm_tools::garcon::ExtractKeyLocale | - | 2021-05-06 |
1171195 | DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparse-d | - | 2021-05-06 |
1171327 | Security: Sudo vulnerability | - | 2021-05-06 |
1171600 | DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc | - | 2021-05-06 |
1171441 | tint_spv_reader_hlsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-05-06 |
1158376 | Security: Browser process heap-use-after-free in the portal element | $15000 | 2021-05-05 |
1169317 | Security: UaF in payments::SecurePaymentConfirmationAppFactory | $20000 | 2021-05-05 |
1170615 | garcon_ini_parse_util_fuzzer: Use-of-uninitialized-value in vm_tools::garcon::ExtractKeyLocale | - | 2021-05-05 |
1170990 | CHECK failure: serialized_prototype_ in js-heap-broker.cc | - | 2021-05-05 |
1165624 | Security: UaF in chrome!payments::PaymentRequestSheetController::UpdateHeaderView | $15000 | 2021-05-04 |
1170112 | tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-05-04 |
1168116 | v8_wasm_async_fuzzer.exe: Null-dereference in v8::base::Thread::Start | - | 2021-05-02 |
1155974 | Security: WebGL Shader Stack Exhaustion leading to PC control in llvmpipe | $1000 | 2021-05-01 |
1168550 | Security: mediadrm command injection | - | 2021-05-01 |
1156170 | Security: Oilpan: Use After Poision in IsInConstruction<>() with chrome/xfa | - | 2021-04-30 |
1161739 | Security: UAP in animate | - | 2021-04-30 |
1167337 | tint_spv_reader_spv_writer_fuzzer: Segv on unknown address in tint::fuzzers::CommonFuzzer::Run | - | 2021-04-30 |
1167759 | tint_spv_reader_msl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-04-30 |
1168408 | tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-04-30 |
1168725 | tint_spv_reader_spv_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-04-30 |
1138542 | gstoraster_fuzzer: Heap-buffer-overflow in mem_mapped4_copy_mono | - | 2021-04-29 |
1155426 | Security: UAF in MediaStreamCapture | $20000 | 2021-04-29 |
1162942 | Security: website is able to draw over protected UI elements (URL, padlock, tab list, titlebar) using 3D CSS transforms | $5000 | 2021-04-29 |
1167242 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-04-29 |
1166549 | v8_inspector_fuzzer: DCHECK failure in isolate->has_pending_exception() != result in bootstrapper.cc | - | 2021-04-29 |
1167277 | Lacros 3D Canvas can leak outside of iFrame | - | 2021-04-29 |
1167918 | DCHECK failure in HasRemainingBytes(kUint8Size) in preparse-data-impl.h | - | 2021-04-29 |
1167981 | CHECK failure: Bytecode mismatch at offset 2 in interpreter.cc | - | 2021-04-29 |
1167988 | DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc | - | 2021-04-29 |
1168055 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h | - | 2021-04-29 |
1169077 | tint_spv_reader_hlsl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run | - | 2021-04-29 |
1167709 | DCHECK failure in !done() in state-values-utils.cc | - | 2021-04-27 |
1161705 | Security: heap-user-after-free in SearchTabHelper::DidStartNavigation | - | 2021-04-26 |
1167505 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-04-26 |
1167430 | Heap-use-after-free in content::RenderWidgetHostViewAura::ForwardKeyboardEventWithLatencyInfo | - | 2021-04-25 |
1138143 | segmentation fault in mojom::clipboard | $20000 | 2021-04-24 |
1154965 | use after poison in blink::TimerBase::RunInternal | $7500 | 2021-04-24 |
1163504 | Security: heap-buffer-overflow in extension | $10000 | 2021-04-24 |
1163845 | Security: HeapOverflow in TabStripModel | $10000 | 2021-04-24 |
1158381 | Security: Bypass iframe security policy in the portal element | $500 | 2021-04-23 |
1159377 | CrOS: Vulnerability reported in net-misc/curl | - | 2021-04-23 |
1162123 | heap-use-after-free : web_app::WebAppMetrics::~WebAppMetrics | - | 2021-04-23 |
1165966 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2021-04-23 |
1166354 | Use-of-uninitialized-value in v8::internal::RootScavengeVisitor::VisitRootPointers | - | 2021-04-22 |
1160952 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-04-21 |
1162303 | Security: ChromeOS chronos privilege escalation to root | $30000 | 2021-04-21 |
1164055 | Security: Blink web_test fonts unowned | - | 2021-04-21 |
1164816 | Security: chrome://settings ImportData out-of-bounds READ | - | 2021-04-21 |
1152894 | Security: WebView and Chromium based browser Omnibar Spoofing with Race Condition | $3000 | 2021-04-19 |
1163184 | DCHECK failure in !code.marked_for_deoptimization() in compiler.cc | - | 2021-04-19 |
1161654 | v8_wasm_fuzzer: DCHECK failure in has(reg.low()) == has(reg.high()) in liftoff-register.h | - | 2021-04-17 |
1164158 | Security: PDFIum (XFA) Heap Overflow in RelocateTableRowCells | $5000 | 2021-04-17 |
1164187 | Heap-use-after-free in ash::tray::TimeTrayItemView::~TimeTrayItemView | - | 2021-04-17 |
1164326 | wayland_fuzzer: Heap-use-after-free in decltype | - | 2021-04-17 |
1157818 | performance API reveals information about redirects (XS-Leak) | - | 2021-04-16 |
1160448 | uaf in webgpu | - | 2021-04-16 |
1162131 | Security: heap-use-after-free in IsBox | $5000 | 2021-04-16 |
1163122 | Security: /run/arc/host_generated allows chronos to configure any Android system properties | - | 2021-04-16 |
1163882 | Chromium: Vulnerability reported in third_party/binutils | - | 2021-04-16 |
1147416 | uaf in dawn_wire::server::Server::OnBufferMapAsyncCallback(--enable-unsafe-webgpu) | - | 2021-04-15 |
1160602 | Security: Use After Free in WebSQL | $5000 | 2021-04-15 |
1161357 | Security: Debug check failed: code == topmost_ implies safe_to_deopt_ | $16000 | 2021-04-15 |
1161943 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return | - | 2021-04-15 |
1162156 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2021-04-15 |
1162198 | heap-use-after-free : mojo::core::NodeController::DropPeer | - | 2021-04-15 |
1156904 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-04-14 |
1157743 | Security: spoof download on any websites | $500 | 2021-04-14 |
1162036 | UAF in MediaStreamTrackProcessor | $5000 | 2021-04-14 |
1162834 | Heap-use-after-free in blink::ShadowList::CreateDrawLooper | - | 2021-04-14 |
1161954 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2021-04-13 |
1162400 | v8_wasm_compile_fuzzer: Crash in Builtins_JSEntryTrampoline | - | 2021-04-13 |
1150012 | gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token | - | 2021-04-10 |
1062941 | libyuv_scale_fuzzer: Heap-buffer-overflow in ScaleFilterCols_16_C | - | 2021-04-07 |
1161048 | Upgrade SQLite to 3.34.0 | - | 2021-04-07 |
1160225 | CrOS: Vulnerability reported in dev-util/glib-utils | - | 2021-04-06 |
1160224 | CrOS: Vulnerability reported in dev-libs/glib | - | 2021-04-05 |
1151727 | spvtools_opt_size_fuzzer: Heap-buffer-overflow in spvtools::opt::analysis::IntConstant::GetU64BitValue | - | 2021-04-02 |
1159663 | uaf in media::learning::MojoLearningTaskControllerService::PredictDistribution | $15000 | 2021-04-01 |
1128206 | Security: Possible for extension to escape sandbox via devtools_page and intentionally crashed renderer | $10000 | 2021-03-30 |
1131346 | Potential UAF in Speech Recognizer | - | 2021-03-30 |
1099985 | Heap-use-after-free for desks widget in bool ui::PropertyHandler::GetProperty<bool> | - | 2021-03-29 |
1153993 | Security: Skia etc1 missing an uninitialized data fix | - | 2021-03-29 |
1158266 | uaf in use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc) | $500 | 2021-03-29 |
1137607 | dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency | - | 2021-03-28 |
1159267 | Security: URL bar spoofing in Payments API | $500 | 2021-03-27 |
1160286 | Use-of-uninitialized-value in base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, | - | 2021-03-27 |
1155876 | cgpt_fuzzer: Use-of-uninitialized-value in Crc32 | - | 2021-03-26 |
1159763 | CrOS: Vulnerability reported in net-misc/curl | - | 2021-03-26 |
1137247 | Security: Spoofing download filename extension in 86 chrome - showSaveFilePicker | $1000 | 2021-03-25 |
1159164 | Use-of-uninitialized-value in v8::internal::PerfJitLogger::LogWriteDebugInfo | - | 2021-03-25 |
1159679 | dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal | - | 2021-03-25 |
1152645 | Security: Race condition on destruction of GpuMemoryBufferFactoryNativePixmap may cause use after free | - | 2021-03-24 |
1157800 | Incomplete fix for auth dialog spoof in iOS | $500 | 2021-03-24 |
1157814 | Security: UAF in PasswordProtectionRequest | $20000 | 2021-03-24 |
1158774 | ots_fuzzer: Use-of-uninitialized-value in ots::OpenTypeGLYF::ParseSimpleGlyph | - | 2021-03-24 |
1157790 | Security: Out of Bounds in V8 | $1000 | 2021-03-23 |
1157799 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2021-03-23 |
1157994 | DCHECK failure in !SharedStringAccessGuardIfNeeded::IsNeeded(*this) in string-inl.h | - | 2021-03-22 |
1158071 | Bad-cast to mojo::InterfaceEndpointClient from content::RenderFrameImpl in mojo::internal::AssociatedInterfacePtrStateBase::~AssociatedInterfacePtrStateBas | - | 2021-03-21 |
1153516 | Heap-buffer-overflow in SkAnalyticEdge::setLine | $6000 | 2021-03-19 |
1154468 | use after poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents | $5000 | 2021-03-19 |
1155854 | CrOS: Vulnerability reported in net-fs/samba | - | 2021-03-19 |
1156431 | v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim | - | 2021-03-19 |
1157324 | v8_wasm_compile_fuzzer: DCHECK failure in caller->CanTailCall(callee) in instruction-selector.cc | - | 2021-03-19 |
1020667 | Security: Insecure Memory Copy in Trousers | $500 | 2021-03-18 |
1101961 | Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult | - | 2021-03-18 |
1150810 | Security: File System Access API - getFileHandle() allowing to save .lnk files | $1000 | 2021-03-18 |
1151726 | Heap-use-after-free in printing::PrintManager::GetPrintRenderFrame | - | 2021-03-18 |
1156513 | pdf_codec_jpeg_fuzzer: Use-of-uninitialized-value in decompress_smooth_data | - | 2021-03-18 |
831761 | SameSite cookie bypass via Custom Scheme | $1000 | 2021-03-17 |
1148749 | Double free/UAF in RegionDataLoaderImpl::DeleteThis | $20000 | 2021-03-17 |
1150065 | UaF in AudioHandler::ProcessIfNecessary | - | 2021-03-17 |
1153658 | uaf in AudioNodeOutput::Pull | $6000 | 2021-03-17 |
1155710 | Iterating a directory with the File System Access API does not check current permissions. | - | 2021-03-17 |
1156510 | Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized | $5000 | 2021-03-17 |
957042 | Security: Possible to partially break sandbox restrictions imposed upon popup windows | $1000 | 2021-03-16 |
1105875 | Security: XS-Leak with Resource Timing API and CSP Embedded Enforcement | $1000 | 2021-03-16 |
1131929 | [Resource Timing] Missing PerformanceResourceTiming entries for iframe Requests that don't receive a Response | $1000 | 2021-03-16 |
1149171 | Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject | - | 2021-03-16 |
1149895 | Security: OpenSSL certificate blocklist isn't installed in images | - | 2021-03-16 |
1151069 | Security: heap-buffer-overflow in AudioWorkletProcessor::CopyParamValueMapToObject | - | 2021-03-16 |
1151298 | Security: Use-After-Free in DeflateTransformer | $7500 | 2021-03-16 |
1154936 | webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in init_encode_frame_mb_context | - | 2021-03-16 |
1155497 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2021-03-16 |
1155959 | DCHECK failure in kCanBeWeak || (!IsSmi() == (((static_cast<i::Tagged_t>(ptr_) & ::i::kHeapObjectT | - | 2021-03-15 |
1156001 | Crash in v8::internal::HandleBase::IsDereferenceAllowed | - | 2021-03-15 |
1140435 | Security: showSaveFilePicker allowing to save file extension with space at the end - cannot delete file on windows | - | 2021-03-13 |
1140403 | Security: Hide real extension of file by many white spaces - showSaveFilePicker | $1000 | 2021-03-13 |
1140410 | Security: Hide real extension of file by RTL - showSaveFilePicker | $1000 | 2021-03-12 |
1140417 | Security: showSaveFilePicker allowing to save .lnk and .local files on windows! | $1000 | 2021-03-12 |
1146855 | Heap-use-after-free in blink::AggregatingSampleCollector::Flush | - | 2021-03-12 |
1150249 | Index-out-of-bounds in blink::AudioArray<float>::Allocate | - | 2021-03-12 |
1150798 | Security: UAF in the views::DialogDelegate in the browser process | $5000 | 2021-03-12 |
1152327 | Security: File System Access API & Symlinks | - | 2021-03-12 |
1153595 | Security: UAF in Drag-and-drop | $20000 | 2021-03-12 |
1155178 | Security: Skia GPU bug | $6000 | 2021-03-12 |
1149125 | Security: Some WebUI pages enable MojoJS bindings for the subsequently-navigated site | $7500 | 2021-03-10 |
1150772 | Index-out-of-bounds in blink::NGPhysicalBoxFragment::Create | - | 2021-03-10 |
1152387 | Crash in icu_68::RuleBasedBreakIterator::handleNext | - | 2021-03-10 |
1153442 | DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h | - | 2021-03-10 |
1154439 | DCHECK failure in num_locals_ == local_types_.size() in function-body-decoder-impl.h | - | 2021-03-10 |
1114062 | heap-use-after-free in is_null | - | 2021-03-09 |
1149204 | Security: heap-buffer-overflow in blink::WebGLRenderingContextBase::MakeXrCompatibleSync | $5000 | 2021-03-09 |
1110751 | Security: GoogleCrashHandler exist Any process DOS vulnerability | - | 2021-03-08 |
1149115 | Heap-buffer-overflow in v8::internal::Simulator::WriteW | - | 2021-03-08 |
1152937 | v8_wasm_fuzzer: DCHECK failure in decoder->ok() in graph-builder-interface.cc | - | 2021-03-05 |
1049265 | Extensions with no special privileges are allowed to navigate to devtools:// scheme pages. | $1000 | 2021-03-04 |
1108126 | Security: Chrome Apps can access chrome.storage for other extensions via webview | $3000 | 2021-03-04 |
1150371 | Security: OOBW in the icu_68::FormattedStringBuilder::insert | $5000 | 2021-03-04 |
1151865 | Security: OOB-read in network DataElement struct traits. | - | 2021-03-04 |
1151890 | Security: Uninitialised memory read with BigInt right-shift | $3000 | 2021-03-04 |
1143412 | Security: Pixelbook reveals windows underneath lock screen when external display is plugged in | - | 2021-03-03 |
1151684 | webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_enc_setup_mi | - | 2021-03-03 |
1151799 | heap-buffer-overflow in MoveWebContentsAtImpl(extension) | $15000 | 2021-03-03 |
978798 | Security: Possible to fake the lock or login screen in full screen mode to phish user passwords | - | 2021-03-02 |
1142024 | heap-use-after-free : gpu::SharedImageRepresentationDawnIOSurface::EndAccess | - | 2021-03-02 |
1146872 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-03-02 |
1149586 | v8_inspector_fuzzer: DCHECK failure in ThreadId::Current() == isolate->thread_id() in compiler.cc | - | 2021-03-02 |
1150649 | DCHECK failure in 0 <= length && length <= kMaxSafeInteger in builtins-array.cc | - | 2021-03-02 |
1151270 | Heap-buffer-overflow in avx::rect_memset32 | - | 2021-03-02 |
1151248 | Crash in hsw::load_NUMBER_dst | - | 2021-03-02 |
1151294 | Crash in erms::rect_memset32 | - | 2021-03-02 |
1151320 | Crash in hsw::load_NUMBER_dst | - | 2021-03-02 |
1151322 | Crash in hsw::blit_row_s32a_opaque | - | 2021-03-02 |
1151460 | Crash in SkARGB32_Black_Blitter::blitAntiH | - | 2021-03-02 |
1151532 | Heap-buffer-overflow in ssse3::blit_mask_d32_a8 | - | 2021-03-02 |
1151551 | Heap-buffer-overflow in hsw::lowp::load_NUMBER_dst | - | 2021-03-02 |
1151601 | Heap-use-after-free in hsw::blit_row_s32a_opaque | - | 2021-03-02 |
1151602 | Use-after-poison in v8::internal::AstRawString::Compare | - | 2021-03-02 |
1151611 | Heap-buffer-overflow in hsw::S32_alpha_D32_filter_DX | - | 2021-03-02 |
709946 | Security: <link rel='prerender'> causes same-site cookies to be sent along with cross-site requests | $2000 | 2021-02-26 |
1038002 | Unintended Data Leakage Through HTTP Request Headers | $2000 | 2021-02-26 |
1149692 | Security: Heap-use-after-free in BluetoothChooserController::AddOrUpdateDevice | $15000 | 2021-02-26 |
1150317 | Security: Potential remote code exec from web content in u2fd | - | 2021-02-26 |
1138683 | Security: Use-after-free in MediaStreamCaptureIndicator::WebContentsDeviceUsage::AddDevices() | $10000 | 2021-02-24 |
1141376 | Security: --experimental-wasm-gc array length allocation wraps on 32bit | - | 2021-02-24 |
1147357 | Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant | - | 2021-02-24 |
1146670 | TFC chrome full chain | - | 2021-02-22 |
1142331 | Security: use-after-poison in blink::FileReaderLoader::OnReceivedData | $5000 | 2021-02-20 |
1148504 | media_h265_decoder_fuzzer: Stack-buffer-overflow in media::H265Decoder::BuildRefPicLists | - | 2021-02-20 |
1148657 | Use-after-poison in blink::MediaInspectorContextImpl::RemovePlayer | - | 2021-02-20 |
1106424 | gstoraster_fuzzer: Use-of-uninitialized-value in s_A85D_process | - | 2021-02-19 |
1130226 | gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph | - | 2021-02-19 |
1141062 | gstoraster_fuzzer: Use-of-uninitialized-value in aes_setkey_enc | - | 2021-02-19 |
1142020 | heap-buffer-overflow : gfx::internal::StyleIterator::GetTextBreakingRange | - | 2021-02-19 |
1143662 | use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc) | $5000 | 2021-02-19 |
1146025 | Content-Security-Policy headers are lost when the page is restored from bfcache | - | 2021-02-19 |
1144646 | NAT Slipstream: Overlong usernames in TURN credentials | - | 2021-02-19 |
1146068 | Crash in icu_68::FormattedValueStringBuilderImpl::nextPositionImpl | - | 2021-02-19 |
1147430 | Security: Heap-buffer-overflow in SkBitmapOperations::UnPreMultiply | - | 2021-02-19 |
1147516 | airscan_query_fuzzer: Index-out-of-bounds in log_message | - | 2021-02-19 |
1147944 | airscan_query_fuzzer: Use-of-uninitialized-value in trace_unref | - | 2021-02-19 |
1147943 | DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent | - | 2021-02-19 |
1148772 | media_h265_decoder_fuzzer: Crash in base::AtomicRefCount::Decrement | - | 2021-02-19 |
1146654 | media_h265_parser_fuzzer: Stack-buffer-overflow in media::H265Parser::ParseStRefPicSet | - | 2021-02-17 |
1146673 | Security: type confusion in wasm cache | - | 2021-02-17 |
1146709 | Security: Browser UAF when detaching a provisional frame | - | 2021-02-17 |
1146714 | DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent | - | 2021-02-17 |
1147431 | Security: Heap-buffer-overflow in ClipboardWin::WriteBitmap | - | 2021-02-17 |
1147623 | media_h265_decoder_fuzzer: Stack-buffer-overflow in scoped_refptr<media::H265Picture>::swap | - | 2021-02-17 |
1128479 | Heap-buffer-overflow in cc::TransformTree::StickyPositionOffset | - | 2021-02-16 |
1137606 | Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd | - | 2021-02-16 |
1142069 | heap-use-after-free : content::DownloadManagerImpl::GetDownload | - | 2021-02-16 |
1145906 | heap-use-after-free : ProfileInfoCache::NotifyProfileAuthInfoChanged | - | 2021-02-16 |
1146675 | Security: UAF in PepperFileIOHost | - | 2021-02-16 |
1146761 | Security: UAF in ImageDecoderExternal due to ArrayBuffer Neuter | $7500 | 2021-02-16 |
1146789 | Bad-cast to blink::LayoutBox from blink::LayoutTextFragment in blink::LayoutBox::LastChildBox | - | 2021-02-16 |
1146861 | DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h | - | 2021-02-16 |
1146873 | net_host_resolver_manager_fuzzer: Heap-buffer-overflow in net::ServiceFormHttpsRecordRdata::IsEqual | - | 2021-02-16 |
1147331 | Bad-cast to int () in x11::InitXlib | - | 2021-02-16 |
1136078 | UaF in PaymentCredential::DidDownloadFavicon | - | 2021-02-15 |
1137362 | Security: Chrome Browser Policy Bypass "Allow invocation of file selection dialogs" | $500 | 2021-02-15 |
1146728 | DCHECK failure in vector->optimization_tier() == OptimizationTier::kNone || (vector->optimization_ | - | 2021-02-15 |
1144017 | Use-of-uninitialized-value in policy::UserCloudPolicyManager::IsFirstPolicyLoadComplete | - | 2021-02-14 |
1146679 | Security: WeakPtr checks are optimized out | - | 2021-02-14 |
1139411 | Security: cryptohomed skeleton copy can be raced to chown things to user chronos | - | 2021-02-12 |
1139414 | Security: imageburner path check can be raced | - | 2021-02-12 |
1144489 | Security: OSExchangeDataProviderWin::SetDragImage | - | 2021-02-11 |
1144603 | v8_wasm_code_fuzzer: DCHECK failure in array_buffer->is_shared() in isolate.cc | - | 2021-02-11 |
1146013 | DCHECK failure in function->is_compiled() in compiler.cc | - | 2021-02-11 |
1137104 | uaf in load4 SkRasterPipeline_opts.h | $5000 | 2021-02-10 |
1137179 | Security: Root priv escalation through cryptohomed, imageburner, arc-obb-mounter | $30000 | 2021-02-10 |
1140376 | neteq_rtp_fuzzer: Use-of-uninitialized-value in webrtc::test::NetEqTest::RunToNextGetAudio | - | 2021-02-10 |
1143448 | Heap-use-after-free in ScopedObserver<views::Widget, views::WidgetObserver, & | - | 2021-02-10 |
1144449 | cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client | - | 2021-02-10 |
1116444 | Security: Extensions can capture contents of local files using Page.captureScreenshot | $5000 | 2021-02-09 |
1125362 | Security: Possible for extension to escape sandbox via chrome.debugger API and error page | $10000 | 2021-02-09 |
1140949 | CrOS: Vulnerability reported in net-wireless/bluez | - | 2021-02-09 |
1143057 | Security: WebUSB permission dialog can appear over the wrong tab | $500 | 2021-02-09 |
1145124 | Bad-cast to icu_68::UVector from invalid vptr in icu_68::AliasReplacer::outputToString | - | 2021-02-09 |
1144368 | Security: ConvertToJavaBitmap heap-buffer-overflow. | - | 2021-02-07 |
1144070 | mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in float media::FloatSampleTypeTraits<float>::From<float> | - | 2021-02-06 |
1119873 | Security: UAF in CSSLayout worklet | $5000 | 2021-02-05 |
1143772 | Security: V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion | - | 2021-02-05 |
1084649 | dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in libvulkan.so.1 | - | 2021-02-04 |
1137581 | cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item | - | 2021-02-04 |
1137604 | Heap-use-after-free in ScopedObserver<aura::Window, aura::WindowObserver, & | - | 2021-02-04 |
1143053 | v8_wasm_code_fuzzer: Crash in v8::internal::TaggedField<v8::internal::WasmModuleObject, 112>::load | - | 2021-02-04 |
1141350 | Security: Yet another universal XSS via copy&paste | $3000 | 2021-02-03 |
1142675 | uaf in VideoFrame::CreateImageBitmap | $5000 | 2021-02-03 |
1134107 | Security: stack buffer overflow write in RtcEventLogEncoderLegacy::EncodeRtcpPacket | $1000 | 2021-02-02 |
1137594 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h | - | 2021-02-02 |
1137603 | Heap-use-after-free in blink::PropertyTreeStateOrAlias::Unalias | - | 2021-02-02 |
1139409 | Security: cros-disks will mount local loop devices | - | 2021-02-02 |
1093791 | Security: Chrome's insecure construction of curl commands allows untrusted websites to retrieve local files from the user's system | $500 | 2021-02-01 |
1140549 | v8_wasm_compile_fuzzer: DCHECK failure in src.is_byte_register() in assembler-ia32.cc | - | 2021-01-30 |
1141868 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2021-01-30 |
1132954 | Security: Root priv escalation through shill, arc-setup, and upstart | $30000 | 2021-01-29 |
1133047 | Security: arc-setup should validate /run/arc/oem/etc/media_profiles.xml is not a symlink | - | 2021-01-29 |
1136714 | Incorrect security UI at screen share API | $500 | 2021-01-29 |
1138878 | Possible UAF in SctpTransport's sctp_inpcb_free | - | 2021-01-29 |
1141743 | Use-of-uninitialized-value in blink::IsOperatorWithSpecialShaping | - | 2021-01-29 |
1125018 | Arbitrary file deletion in google chrome updater in master/chrome/updater/installer.cc | $1000 | 2021-01-28 |
1127595 | Chromium: Vulnerability reported in third_party/libxml | - | 2021-01-28 |
1138190 | pdfium CompositeRow_8bppRgb2Rgb_NoBlend_RgbByteOrder heap-buffer-overflow | - | 2021-01-28 |
1139153 | Security: Heap-use-after-free in WebRTC | $7500 | 2021-01-28 |
1139825 | pdfium heapoverflow CompositeRow_Argb2Argb_RgbByteOrder | - | 2021-01-28 |
1141256 | Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect | - | 2021-01-28 |
1097499 | pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc | - | 2021-01-27 |
1137580 | Bad-cast to content::AgentSchedulingGroup from invalid vptr in content::RenderFrameImpl::Send | - | 2021-01-27 |
1138942 | Bad-cast to content::AgentSchedulingGroup from invalid vptr in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn | - | 2021-01-27 |
1139398 | Security: [ANGLE] Invalid memory access in libglesv2!rx::IndexDataManager::streamIndexData | $15000 | 2021-01-27 |
1037839 | pdf_scanlinecompositor_fuzzer: Crash in RGB_Blend | - | 2021-01-26 |
1128340 | CVE-2020-25211 CrOS: Vulnerability reported in Linux kernel | - | 2021-01-26 |
1134261 | Security: UAF in Skia SkContourMeasureIter caused by SkPath::shrinkToFit | - | 2021-01-26 |
1137608 | v8_wasm_compile_fuzzer: DCHECK failure in 0 <= offset in assembler-arm.cc | - | 2021-01-26 |
1138877 | Security: heap-buffer-overflow in window.find | $2000 | 2021-01-26 |
1138911 | Security: UAF in TabStrip | $15000 | 2021-01-26 |
1139786 | CHECK failure: Type cast failed in CAST(p->receiver()) at ../../src/ic/accessor-assembler.cc:25 | - | 2021-01-26 |
1140197 | Security: Apply fix for freetype heap buffer overflow to Chrome OS | - | 2021-01-26 |
1137583 | DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-x64.h | - | 2021-01-25 |
1137584 | Bad-cast to blink::DrawingDisplayItem from blink::DisplayItem in blink::ConversionContext::Convert | - | 2021-01-25 |
1137591 | Heap-use-after-free in blink::PaintArtifactCompositor::UpdateDebugInfo | - | 2021-01-25 |
1139408 | arc-media-removable-{read,write} are not using noexec | - | 2021-01-25 |
945997 | Using Flash's ProgressEvent to extract the length of cross-site responses | $1000 | 2021-01-24 |
1138446 | Security: webrtc container-overflow in the browser process | $5000 | 2021-01-24 |
1139163 | Security DCHECK failure: tree_order < tree_scopes_.size() in match_result.h | - | 2021-01-24 |
830808 | SameSite cookie bypass via openWindow | $500 | 2021-01-22 |
1115590 | CSP Bypass via Chrome Extension | $3000 | 2021-01-22 |
1133527 | Security: Debug check failed: IsFound() || !holder_->HasFastProperties(isolate_) | $5000 | 2021-01-22 |
1135594 | Security: woff2 missing upstream fix for integer overflow | - | 2021-01-22 |
1137630 | Security: PDFium heap-use-after-free in CPWL_ListBox::~CPWL_ListBox() | $7500 | 2021-01-22 |
1125614 | UaF in Payment (Android) | - | 2021-01-21 |
1135018 | Security: UaF in TabSharingUI | $15000 | 2021-01-21 |
1137586 | DCHECK failure in effect_edges > 0 in verifier.cc | - | 2021-01-21 |
1137590 | Crash in blink::NGBlockLayoutAlgorithm::CreateConstraintSpaceForChild | - | 2021-01-21 |
1137609 | Crash in blink::ShapeResultView::CreateShapeResult | - | 2021-01-21 |
1137650 | Crash in blink::ComputedStyleBase::MutableFilterInternal | - | 2021-01-21 |
1138577 | Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl | - | 2021-01-21 |
1138776 | CHECK failure: fixed_size_above_fp + in deoptimizer.cc | - | 2021-01-21 |
1138915 | DCHECK failure in effect_edges > 0 in verifier.cc | - | 2021-01-21 |
1107970 | gstoraster_fuzzer: Use-of-uninitialized-value in clip_runs_enumerate | - | 2021-01-20 |
1116729 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2021-01-20 |
1125240 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace | - | 2021-01-20 |
1137578 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder< | - | 2021-01-20 |
1137579 | Crash in cc::DroppedFrameCounter::ReportFrames | - | 2021-01-20 |
1137582 | DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h | - | 2021-01-20 |
1137588 | Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl | - | 2021-01-20 |
1137587 | ndproxy_fuzzer: Use-of-uninitialized-value in patchpanel::NDProxy::GetPrefixInfoOption | - | 2021-01-20 |
1137596 | v8_wasm_compile_fuzzer: Crash in unsigned int v8::base::ReadUnalignedValue<unsigned int> | - | 2021-01-20 |
1137597 | CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc | - | 2021-01-20 |
1137598 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2021-01-20 |
1137601 | CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc | - | 2021-01-20 |
1137600 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::kValidate,v8::i | - | 2021-01-20 |
1137602 | Crash in Builtins_TestEqualStrictHandler | - | 2021-01-20 |
1137605 | Crash in Builtins_TypeOfHandler | - | 2021-01-20 |
1137652 | Bad-cast to float (float) noexcept in skvx::Vec<sizeof... | - | 2021-01-20 |
1137668 | PDFium(XFA) Heap-use-after-free in ProbeForLowSeverityLifetimeIssue | - | 2021-01-20 |
1138197 | DCHECK failure in 2 == args.length() in builtins-reflect.cc | - | 2021-01-20 |
1133009 | Security: login_manager symlink attack | - | 2021-01-19 |
1134338 | Security: Incorrect Handling of XFrameOptions with mailMsg in the PDF Viewer | $3000 | 2021-01-19 |
1136327 | Security: Use of use-of-uninitialized-value in UsbDeviceHandleUsbfs | - | 2021-01-19 |
1137595 | Bad-cast to content::AgentSchedulingGroup from mojo::core::UserMessageImpl in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn | - | 2021-01-19 |
1133210 | DCHECK failure in !IsJSGlobalObject(isolate) in js-objects-inl.h | $5000 | 2021-01-18 |
1133635 | Security: UAF in PasswordGenerationPopupControllerImpl::PasswordAccepted | $20000 | 2021-01-18 |
1135835 | DialURLFetcher::Start may bypass Sec-Fetch-Site | - | 2021-01-18 |
1125337 | Portrait photos (taken by Pixel3aXL) with EXIF crash on Desktop | $500 | 2021-01-15 |
1128270 | Security: UAF in UrlLoaderFactoryProxyImpl | $20000 | 2021-01-14 |
1132998 | CrosDisks accepts arbitrary bind mount parameters | - | 2021-01-14 |
1134960 | Security: Use-after-free with using print dialog | $3000 | 2021-01-14 |
1135857 | Security: UAF in USBDevice | $10000 | 2021-01-14 |
1133006 | Security: network_diag does not validate multiline input | - | 2021-01-12 |
1134983 | CrOS: Vulnerability reported in net-fs/samba | - | 2021-01-12 |
1110195 | Security: Method field allows injection of HTTP requests | - | 2021-01-09 |
1122487 | UAF in devtools | $500 | 2021-01-08 |
1133183 | Incorrect Security UI when using Tab preview | $500 | 2021-01-08 |
1133275 | CrOS: Vulnerability reported in sys-libs/ldb | - | 2021-01-08 |
1133668 | Use after free triggered from mojo::SyncEventWatcher | - | 2021-01-08 |
1133671 | Security: UAF in AutofillPopupControllerImpl::HandleKeyPressEvent | $20000 | 2021-01-08 |
1133688 | Security: UAF in PasswordGenerationPopupControllerImpl::HandleKeyPressEvent | $20000 | 2021-01-08 |
1133983 | Security: UaF in printing::PrintRenderFrameHelper::PreviewPageRendered() | $5000 | 2021-01-08 |
1124661 | Bad-cast to blink::LayoutInline from blink::LayoutBlockFlow in blink::NGInlineNode::ComputeOffsetMapping | - | 2021-01-06 |
1124963 | Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject | - | 2021-01-06 |
1128657 | audio.captureStream() may allow cross-origin resource theft | - | 2021-01-06 |
1133000 | ArcObbMounter mounts without noexec | - | 2021-01-06 |
1133001 | Security: ArcObbMounterInterface.MountObb takes arbitrary gid offset | - | 2021-01-06 |
960357 | Chrome v74 JS dialog description Spoof vulnerability on IOS | $500 | 2021-01-05 |
1127322 | UaF in ServiceWorkerPaymentApp | - | 2021-01-05 |
1129850 | uaf in browser process(ServiceWorkerScriptLoaderFactory()) | - | 2021-01-05 |
1127620 | DCHECK failure in OperatorProperties::GetTotalInputCount(node->op()) == node->InputCount() in veri | - | 2021-01-05 |
1132641 | Security: out of bounds write in CanonicalizeTimeZoneID | - | 2021-01-05 |
1132926 | Step "browser_tests" failing on builder "Linux ChromiumOS MSan Tests" | - | 2021-01-05 |
1080395 | Android/iOS: URL spoofing using long sub-domain for blob:URL | $3000 | 2021-01-04 |
1126881 | CrOS: Vulnerability reported in net-libs/gnutls | - | 2021-01-02 |
1131040 | Check secure payment confirmation feature state in browser process. | - | 2021-01-02 |
1125294 | cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion | - | 2020-12-31 |
1073063 | Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine | - | 2020-12-30 |
1101509 | Security: UAF in RawClipboardHostImpl | $30000 | 2020-12-30 |
1116280 | Self-XSS / Crash via window.open and delayed navigation | $5000 | 2020-12-30 |
1129705 | Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext | - | 2020-12-30 |
1129840 | CrOS: Vulnerability reported in x11-libs/libX11 | - | 2020-12-30 |
1130111 | Heap-use-after-free in views::View::GetPreferredSize | - | 2020-12-30 |
1130489 | CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc | - | 2020-12-30 |
1125871 | Crash in v8::internal::Simulator::LoadStoreHelper | - | 2020-12-29 |
1128318 | Chrome: UAF in SessionStorageImpl | - | 2020-12-29 |
1130127 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-12-29 |
1113565 | Security: Extensions can use chrome.debugger API to access contents of local files | $5000 | 2020-12-28 |
1128994 | Unknown exception in CrashForExceptionInNonABICompliantCodeRange | - | 2020-12-27 |
1129422 | h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk | - | 2020-12-26 |
1129598 | Heap-use-after-free in blink::NGInlineCursor::MoveTo | - | 2020-12-26 |
1129706 | v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc | - | 2020-12-26 |
1127520 | .well-known/change-password NavigationThrottle should only be instantiated for main frame navigations | - | 2020-12-25 |
1129359 | webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi | - | 2020-12-25 |
1129568 | Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock | - | 2020-12-25 |
1129842 | CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-25 |
1125199 | heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse | - | 2020-12-24 |
1127112 | Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar | - | 2020-12-24 |
1127610 | CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj | - | 2020-12-24 |
1128343 | CrOS: Vulnerability reported in net-libs/gnutls | - | 2020-12-24 |
1128756 | Bad-cast to const char *() in ui::CursorPathFromLibXcursor | - | 2020-12-24 |
1129515 | Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal | - | 2020-12-24 |
1129285 | Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal | - | 2020-12-24 |
1092130 | v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc | - | 2020-12-23 |
1111149 | video.captureStream() may allow cross-origin resource theft | - | 2020-12-23 |
1124723 | CHECK failure: parse_success in experimental.cc | - | 2020-12-23 |
1127496 | Security: Screen share clickjacking secondary issue | - | 2020-12-23 |
1128267 | Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread | - | 2020-12-23 |
1128342 | CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-23 |
1127405 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h | - | 2020-12-22 |
1127407 | Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem | - | 2020-12-22 |
1128301 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h | - | 2020-12-22 |
1128341 | CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-22 |
1126249 | Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger | - | 2020-12-21 |
1127310 | CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-21 |
1127319 | Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()). | $5000 | 2020-12-21 |
1102153 | Security: Information disclosure through screenshare with clickjacking | $2000 | 2020-12-19 |
1123883 | Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree | - | 2020-12-19 |
1125210 | heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory | - | 2020-12-19 |
1126522 | Crash in marl::Scheduler::Worker::runUntilIdle | - | 2020-12-19 |
1127158 | Heap-use-after-free in views::MenuController::ExitMenu | - | 2020-12-19 |
1106612 | heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z | - | 2020-12-18 |
1124782 | DCHECK failure in top() >= original_top_ in new-spaces.h | - | 2020-12-18 |
1126769 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h | - | 2020-12-18 |
1100136 | heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process) | $15000 | 2020-12-17 |
1121414 | Security: Missing IsContextDestroyed in MediaKeys | - | 2020-12-17 |
1122848 | DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc | - | 2020-12-17 |
1121836 | Security: HeapOverflow in SerialHandle | $10000 | 2020-12-16 |
1124776 | transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString | - | 2020-12-16 |
1125187 | Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone | - | 2020-12-16 |
1125354 | Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture | - | 2020-12-16 |
1125951 | DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc | - | 2020-12-16 |
1124646 | DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag | - | 2020-12-15 |
1124677 | CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu | - | 2020-12-15 |
1124696 | Crash in Builtins_InterpreterEntryTrampoline | - | 2020-12-15 |
1125386 | Security: chrome dev tools frontend cloud container is leaking | - | 2020-12-15 |
1126106 | Security: ignore this | - | 2020-12-15 |
1125887 | Crash in Builtins_RegExpMatchFast | - | 2020-12-15 |
1126108 | Security: ignore this | - | 2020-12-15 |
1124997 | Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered | - | 2020-12-14 |
1125144 | Crash in marl::Scheduler::Worker::runUntilIdle | - | 2020-12-14 |
1125504 | Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox | - | 2020-12-14 |
1106890 | Security: Possible for apps to access http/https sites outside of a webview context via blob URLs | $15000 | 2020-12-12 |
1111685 | Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap | - | 2020-12-12 |
1114114 | CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-12 |
1119532 | mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair | - | 2020-12-12 |
1123023 | Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay. | $3000 | 2020-12-12 |
1124477 | DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h | - | 2020-12-12 |
1124617 | Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty | $3000 | 2020-12-12 |
1124754 | Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset | - | 2020-12-12 |
1111737 | Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal() | $7500 | 2020-12-08 |
1112155 | DCHECK failure in address % 4 == 0 in simulator-arm.cc | - | 2020-12-08 |
1113558 | Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API | $5000 | 2020-12-08 |
1123522 | Security: Use-After-Poison in XRFrameProvider | $7500 | 2020-12-08 |
1099390 | Security: ChromeOS chronos privilege escalation to root | $30000 | 2020-12-07 |
1122917 | Security: UAF in DirectSocketsServiceImpl | $20000 | 2020-12-07 |
1123379 | DCHECK failure in effect_edges > 0 in verifier.cc | - | 2020-12-07 |
1088224 | Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images | $5000 | 2020-12-06 |
1123258 | cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion | - | 2020-12-06 |
1114636 | Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget | $15000 | 2020-12-05 |
1116123 | cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion | - | 2020-12-05 |
1115662 | Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport) | $30000 | 2020-12-04 |
1116505 | cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item | - | 2020-12-04 |
1116903 | container-overflow in blink::MediaStreamSource | $2000 | 2020-12-04 |
1117258 | Segv on unknown address in v8::internal::JSPromise::Fulfill | - | 2020-12-04 |
1120729 | CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc | - | 2020-12-04 |
1114458 | ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data | - | 2020-12-03 |
1115945 | CrOS: Vulnerability reported in x11-libs/libX11 | - | 2020-12-03 |
1116304 | Security: UAF in VideoCapture | $20000 | 2020-12-03 |
1119331 | mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure | - | 2020-12-03 |
1119400 | Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer | - | 2020-12-03 |
1119419 | v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline | - | 2020-12-03 |
1121156 | Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext | - | 2020-12-03 |
1122560 | CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-03 |
1115963 | Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos | - | 2020-12-02 |
1115977 | Security: BackupArcBugReport file write vulnerability | - | 2020-12-02 |
1121898 | webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection | - | 2020-12-02 |
1121982 | CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-02 |
1119865 | Security: UAF in StopProfiler | $7500 | 2020-12-01 |
1120924 | webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone | - | 2020-12-01 |
1121642 | CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel | - | 2020-12-01 |
1120956 | Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout | - | 2020-11-30 |
1117367 | Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358? | $500 | 2020-11-28 |
1120825 | webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput | - | 2020-11-28 |
1116019 | v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32 | - | 2020-11-27 |
1114556 | Security: UaF in views::View::UpdateTooltip | $5000 | 2020-11-25 |
1116706 | Security: Use After Free in PresentationConnectionCallbacks::OnSuccess | $7500 | 2020-11-25 |
1081874 | Double free on NodeChannel | - | 2020-11-24 |
1099670 | CrOS: Vulnerability reported in dev-libs/libpcre | - | 2020-11-24 |
1092518 | Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly | $500 | 2020-11-21 |
1108511 | heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged | - | 2020-11-21 |
1108892 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2020-11-21 |
1109120 | Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page | - | 2020-11-21 |
1113209 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace | - | 2020-11-21 |
1113554 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2020-11-21 |
1114066 | Potential UAF when closing chrome://cellular-setup | - | 2020-11-21 |
1114398 | crash in Builtins_StaCurrentContextSlotHandler | $5000 | 2020-11-21 |
1114500 | gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER | - | 2020-11-21 |
1115345 | Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect | - | 2020-11-21 |
1115354 | DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h | - | 2020-11-21 |
1115693 | Heap-use-after-free in blink::Element::AttributeChanged | - | 2020-11-21 |
1115902 | Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged | - | 2020-11-21 |
1112206 | Security: pdfium Debug check failed | - | 2020-11-18 |
1092453 | Restrictions on navigation to the content scheme can be bypassed on Android | $3000 | 2020-11-17 |
1114803 | wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int> | - | 2020-11-17 |
1104628 | Security: Private file upload (data exfiltration) | $1000 | 2020-11-16 |
1114326 | Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner | - | 2020-11-15 |
1038208 | canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed | - | 2020-11-14 |
1113710 | Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint | - | 2020-11-14 |
1102361 | Security: Arbitrary command execution vulnerability in patchpanel | - | 2020-11-13 |
1113226 | Security: Heap overflow in libavif | - | 2020-11-13 |
1114005 | CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc | - | 2020-11-13 |
1114006 | DCHECK failure in 0 <= length in factory-base.cc | - | 2020-11-13 |
937179 | Security: Malicious link opens multiple tabs via URI handler | $500 | 2020-11-12 |
1034224 | CrOS: Vulnerability reported in dev-libs/libxslt | - | 2020-11-12 |
1039058 | CrOS: Vulnerability reported in dev-libs/libxml2 | - | 2020-11-12 |
1108116 | heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions | - | 2020-11-12 |
1110207 | Security: Use after free in Payments | $20000 | 2020-11-12 |
1112440 | gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param | - | 2020-11-12 |
1112442 | gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group | - | 2020-11-12 |
1112474 | gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc | - | 2020-11-12 |
1112477 | gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc | - | 2020-11-12 |
1108181 | Security: bypas of the protection of input field cache | $5000 | 2020-11-11 |
1108518 | Security: UAF in ScriptPromiseProperty due to iterator invalidation | $7500 | 2020-11-11 |
1100280 | Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation | $500 | 2020-11-10 |
1103827 | Security: heap-buffer-overflow in TextDetection detect | - | 2020-11-10 |
1106590 | Step "blink_web_tests" failing on builder "WebKit Linux MSAN" | - | 2020-11-10 |
1112642 | Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint | - | 2020-11-10 |
841622 | Security: Speech permission request UI spoof | $500 | 2020-11-09 |
1104046 | Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner(). | $7500 | 2020-11-09 |
1100286 | Chromium: Vulnerability reported in third_party/requests | - | 2020-11-08 |
1108535 | Security: UAF in ImageDecoderExternal due to iterator invalidation | $7500 | 2020-11-07 |
1110432 | mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles | - | 2020-11-07 |
1111831 | Crash in v8::internal::Heap::CreateFillerObjectAt | - | 2020-11-07 |
1111972 | Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers | - | 2020-11-07 |
1112025 | DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top | - | 2020-11-07 |
1112039 | Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint | - | 2020-11-07 |
1107433 | Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability | $10000 | 2020-11-06 |
1111015 | v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i | - | 2020-11-06 |
1111307 | Security: UAF in OfflinePageTabHelper::LoadData | - | 2020-11-06 |
1012955 | Security: Reader mode needs improved sanitization | - | 2020-11-05 |
1107104 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2020-11-05 |
1110749 | net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<< | - | 2020-11-05 |
1110991 | zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence | - | 2020-11-05 |
1110992 | net_spdy_session_fuzzer: Heap-use-after-free in base::operator<< | - | 2020-11-05 |
1145680 | Ports 5060 and 5061 should be blocked | - | 2020-11-04 |
1092385 | Security: heap-use-after-free / double-free in blink::CanvasResourceProvider | $5000 | 2020-11-04 |
1106342 | Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent | - | 2020-11-04 |
1106507 | Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper | - | 2020-11-04 |
1107824 | Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self' | - | 2020-11-04 |
1108091 | Race condition in NativeFileSystemWriter close logic | - | 2020-11-04 |
1109467 | Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask | - | 2020-11-04 |
1110564 | v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc | - | 2020-11-04 |
1090352 | Security: no user interaction: URL spoofing using blob + @ (iOS) | $1000 | 2020-11-03 |
1106299 | CrOS: Vulnerability reported in net-fs/samba | - | 2020-11-03 |
1108351 | Security: Use of conditionally uninitialised stack variable may leak stack state | - | 2020-11-03 |
1108472 | Security: UAF in RTCQuicTransport due to iterator invalidation | $7500 | 2020-11-03 |
1110214 | DCHECK failure in !result.IsRetry() in new-spaces.cc | - | 2020-11-03 |
1102196 | Security: Keystone for macOS should use auditToken to validate incoming XPC message | $10000 | 2020-11-02 |
1108299 | UaF in NFCHost::GetNFC | - | 2020-11-02 |
1108497 | Security: UAF in RemotePlayback due to iterator invalidation (Android only) | $7500 | 2020-11-02 |
931013 | Extension has an ability to execute script in New Tab Page | $500 | 2020-10-31 |
1109108 | pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect() | $7500 | 2020-10-31 |
1109461 | CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel | - | 2020-10-31 |
1099276 | Security: Cursor hijacking mitigation bypass | - | 2020-10-30 |
1105426 | Security: Use-after-free in MediaElementEventListener::UpdateSources | - | 2020-10-30 |
1106091 | Security: Sending uninitialized bytes between processes | - | 2020-10-30 |
1106234 | Security: heap-user-after-free in HidService | - | 2020-10-30 |
1106682 | Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList | - | 2020-10-30 |
1107815 | Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers | - | 2020-10-30 |
1108639 | openh264 is vulnerable to a known vulnerability | - | 2020-10-30 |
1105720 | Security: heap-buffer-overflow in SkReader32::readInt | - | 2020-10-28 |
1139963 | Security: Heap buffer overflow due to integer truncation in FreeType | - | 2020-10-28 |
1039882 | Leaking size of cross-origin resource by caching it twice | $2000 | 2020-10-27 |
1103839 | DCHECK failure in pc_ <= end_ in decoder.h | - | 2020-10-27 |
1104061 | UAF in sctp_transport | $7500 | 2020-10-27 |
1106773 | Security: Use-after-free in USB::OnServiceConnectionError | - | 2020-10-27 |
1102151 | Security: heap-use-after-free in AllowFrom | $5000 | 2020-10-26 |
1104053 | v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc | - | 2020-10-26 |
1105283 | Heap-use-after-free in blink::NGPhysicalFragment::PostLayout | - | 2020-10-26 |
1076923 | vtest_fuzzer: Crash in try_setup_line | - | 2020-10-25 |
1105198 | Heap-use-after-free in blink::LayoutObject::OutlineRects | - | 2020-10-25 |
1100669 | Security: missing WDS fix | - | 2020-10-24 |
1104322 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2020-10-24 |
1105635 | Security: use-after-poison when using CSS var() with revert as fallback | - | 2020-10-24 |
1105723 | Security: heap-buffer-overflow in Skia | - | 2020-10-24 |
1106285 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2020-10-24 |
1077761 | Security: TOCTOU race in cupsd.conf init script | - | 2020-10-23 |
1015310 | Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs | - | 2020-10-22 |
1086896 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-10-22 |
1087362 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-10-22 |
1101152 | pdfium_embeddertests triggers a use-after-poison in V8 | - | 2020-10-22 |
1101756 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-10-22 |
1104103 | Security: Insufficient data validation in deserialize TransformStream | $7500 | 2020-10-22 |
1105815 | DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h | - | 2020-10-22 |
1106357 | Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size | - | 2020-10-22 |
958521 | gstoraster: Use-of-uninitialized-value in register_x86_crypto | - | 2020-10-21 |
1104608 | Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access | $5000 | 2020-10-20 |
1067854 | Chromium: Vulnerability reported in third_party/binutils | - | 2020-10-19 |
1103195 | Security: HeapOverflow in BackgroundFetch | $15000 | 2020-10-19 |
1104528 | Heap-use-after-free in ui::LayerAnimator::OnScheduled | - | 2020-10-19 |
1104533 | Security DCHECK failure: i < length() in string_view.h | $6000 | 2020-10-19 |
1099568 | Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable | - | 2020-10-16 |
1102860 | cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client | - | 2020-10-16 |
1082717 | CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel | - | 2020-10-15 |
1101304 | DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h | - | 2020-10-15 |
1102408 | Heap-use-after-free in blink::LayoutBox::FindAutoscrollable | - | 2020-10-15 |
1103557 | Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed | - | 2020-10-15 |
1094699 | CrOS: Vulnerability reported in sys-libs/glibc | - | 2020-10-14 |
1097308 | cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create | - | 2020-10-14 |
1100247 | Security: Potential UAF in AndroidCdmFactory | - | 2020-10-14 |
1101818 | Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved | $6000 | 2020-10-14 |
1102083 | Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc | $6000 | 2020-10-14 |
1102127 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2020-10-14 |
1102137 | Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h | - | 2020-10-14 |
1102161 | CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc | - | 2020-10-14 |
1102609 | Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed | - | 2020-10-14 |
1105202 | Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123) | $1000 | 2020-10-13 |
1101883 | Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc | - | 2020-10-12 |
1102054 | Disable (or fix) YUV image decoding before M86 due to use after free | - | 2020-10-10 |
1096677 | WebView: Cross-domain content can be fetched from resources loaded by the content scheme | - | 2020-10-09 |
1101629 | v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h | - | 2020-10-09 |
1076786 | Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer | - | 2020-10-08 |
1091790 | dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout | - | 2020-10-08 |
1096170 | dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback | - | 2020-10-08 |
1029907 | Security: URL bar spoofing with prompt dialog on iOS | $500 | 2020-10-07 |
1030927 | Site Isolation Bypass: ClientHints doesn't properly check origin from renderer | - | 2020-10-07 |
1094453 | Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal() | - | 2020-10-07 |
1095560 | Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted | $5000 | 2020-10-07 |
1097484 | Use-of-uninitialized-value in base::internal::WeakReference::IsValid | - | 2020-10-07 |
1099621 | dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer | - | 2020-10-07 |
1099945 | Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture | - | 2020-10-07 |
1099990 | Security: pdfium heap-buffer-overflow with experimental skia back end | - | 2020-10-07 |
1100900 | Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine | - | 2020-10-07 |
1101079 | Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr | - | 2020-10-07 |
1100079 | Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout | - | 2020-10-05 |
1094235 | uaf in extensions | $5000 | 2020-10-03 |
1094655 | Heap-buffer-overflow in vk::Image::copy | - | 2020-10-03 |
1098179 | Use-of-uninitialized-value in send_delete_event | - | 2020-10-03 |
1099974 | Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock | - | 2020-10-03 |
1094644 | gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so | - | 2020-10-02 |
1098606 | WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent. | - | 2020-10-02 |
1099446 | Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function | $2000 | 2020-10-02 |
1010756 | Crash in sw::Renderer::executeTask | - | 2020-10-01 |
1090543 | heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed | - | 2020-09-30 |
1097483 | Heap-buffer-overflow in sw::Blitter::fastClear | - | 2020-09-30 |
1092449 | Cross-domain content can be fetched from resources loaded by the content scheme | $20000 | 2020-09-29 |
1096002 | Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers | - | 2020-09-29 |
1097442 | v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h | - | 2020-09-29 |
1097467 | v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate | - | 2020-09-29 |
1097595 | Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc | - | 2020-09-29 |
1098243 | CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-29 |
1084699 | [WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue | - | 2020-09-28 |
1097416 | Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult> | - | 2020-09-27 |
1017558 | pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder | - | 2020-09-26 |
1037980 | pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray | - | 2020-09-26 |
1058716 | pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc | - | 2020-09-26 |
967204 | Security: dangling markup protection bypass with <portal> element | $500 | 2020-09-25 |
997412 | Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA) | - | 2020-09-25 |
1082755 | Heap UaF in TabStrip::CloseTab | $5000 | 2020-09-25 |
1086009 | Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8 | $500 | 2020-09-25 |
1086845 | Security: Blob ignores charset specified in type attribute | $1000 | 2020-09-25 |
1087282 | XSS in interstitial_common.js leading to UXSS | - | 2020-09-25 |
1088187 | Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason | - | 2020-09-25 |
1090835 | Security: Full screen notification overlap on Windows and Linux (take two) | $500 | 2020-09-25 |
1093719 | Container-overflow in content::responsiveness::Watcher::DidRunTask | - | 2020-09-25 |
1094363 | Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset | - | 2020-09-25 |
1094442 | Background tab can launch PWA or play store page when interacting with any page. | - | 2020-09-25 |
1095709 | Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void | - | 2020-09-25 |
1095760 | Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void | - | 2020-09-25 |
1095927 | Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio | - | 2020-09-25 |
1096079 | Heap-use-after-free in blink::ImageResourceContent::NotifyObservers | - | 2020-09-25 |
1097028 | CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-25 |
1092451 | Multiple-file download restrictions can be bypassed using Android intents | $500 | 2020-09-23 |
1076703 | Security: WebRTC: usrsctp is called with pointer as network address | - | 2020-09-22 |
1095102 | Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc | - | 2020-09-22 |
1095589 | CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-22 |
1072841 | heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer | - | 2020-09-21 |
1092059 | v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm. | - | 2020-09-21 |
995732 | Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit) | - | 2020-09-18 |
1090519 | Security: Missing microcode for some Intel platforms | - | 2020-09-18 |
1092308 | uaf in extensions | $20000 | 2020-09-18 |
1093902 | paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte | - | 2020-09-18 |
1086796 | Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg | $7500 | 2020-09-17 |
1087921 | gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER | - | 2020-09-17 |
1083128 | Security: Out-of-bounds write browser crash | $5000 | 2020-09-16 |
1092274 | Security: global-buffer-overflow in bytesPerVertex | $1000 | 2020-09-16 |
1084820 | DCHECK failure in value.IsHeapObject() in objects-debug.cc | $5000 | 2020-09-15 |
1091461 | DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc | - | 2020-09-15 |
1092553 | Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8: | - | 2020-09-15 |
967202 | Security: bypass file download restrictions using <portal> element | - | 2020-09-14 |
1083213 | CrOS: Vulnerability reported in net-vpn/openvpn | - | 2020-09-14 |
1090173 | Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf | - | 2020-09-14 |
1091670 | Security: heap-buffer-overflow in sk_careful_memcpy | - | 2020-09-14 |
1091404 | Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092 | $2000 | 2020-09-12 |
1065264 | No validation of origin in initializing CDM | - | 2020-09-11 |
1082716 | CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-11 |
1087158 | Crash in FidoDiscoveryFactory::ResetRequestState() | - | 2020-09-11 |
1091180 | heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions | - | 2020-09-11 |
1091214 | CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-11 |
1039062 | CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-10 |
1083819 | Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target | $15000 | 2020-09-10 |
1091213 | CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel | - | 2020-09-10 |
1080953 | CrOS: Vulnerability reported in net-nds/openldap | - | 2020-09-09 |
980116 | Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray | $3000 | 2020-09-08 |
980172 | Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView | $2000 | 2020-09-08 |
1080622 | CrOS: Vulnerability reported in net-fs/samba | - | 2020-09-08 |
1082186 | CrOS: Vulnerability reported in net-fs/samba | - | 2020-09-08 |
1087968 | heap-use-after-free in adhd in asan builds | - | 2020-09-08 |
1085507 | v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc | - | 2020-09-06 |
1086890 | Security: Missing array size check in NewFixedArray | - | 2020-09-06 |
1081350 | Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*) | $15000 | 2020-09-05 |
1085718 | Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame | - | 2020-09-05 |
1087629 | Upgrade SQLite to 3.32.1 | - | 2020-09-05 |
921015 | Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator | - | 2020-09-04 |
1033897 | Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function | - | 2020-09-04 |
1067382 | Security: Sandbox escape via chrome.input.ime | $5000 | 2020-09-04 |
1072116 | Security: Possible for extensions to escape sandbox via devtools watch expressions | $10000 | 2020-09-04 |
1080481 | Security: Skia: Integer Overflow in GrTextBlob::Make | - | 2020-09-04 |
1081040 | gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8 | - | 2020-09-04 |
1085989 | pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator | - | 2020-09-04 |
1086124 | Security: UAF in ChromeOS Login | $5000 | 2020-09-04 |
1086798 | V8 Potential Use after free in the function ToPropertyDescriptorFastPath | - | 2020-09-04 |
944944 | Infra: Outdated set of root certificates | - | 2020-09-02 |
1072467 | Security: arc-setup to be more cautious when moving android data directories | - | 2020-09-02 |
1075457 | Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default | - | 2020-09-02 |
1084839 | Heap-use-after-free in blink::PaintLayer::~PaintLayer | - | 2020-09-02 |
1086470 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin | - | 2020-09-02 |
1052093 | Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist | - | 2020-09-01 |
1080444 | v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h | - | 2020-09-01 |
1085704 | gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES | - | 2020-09-01 |
1085846 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES | - | 2020-09-01 |
1085990 | Security: Browser_crash - heap-use-after-free in Payments API | - | 2020-09-01 |
1056754 | Security: Browsable Activities expose insecure behaviors on Android | - | 2020-08-28 |
1074317 | Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script> | $5000 | 2020-08-28 |
1084151 | v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc | - | 2020-08-28 |
1085315 | URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C) | - | 2020-08-28 |
1085738 | CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-28 |
1082105 | uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest | $20000 | 2020-08-26 |
1083793 | Crash in v8::Isolate::GetCurrentContext | - | 2020-08-26 |
932892 | Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field | $1000 | 2020-08-25 |
999310 | Security: OOB Access in V8 | $10000 | 2020-08-24 |
1016261 | Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN | - | 2020-08-24 |
1083157 | Crash in blink::ReadExifDirectory | - | 2020-08-24 |
1078375 | Heap-use-after-free in gl::State::reset | - | 2020-08-23 |
795595 | Security: chrome.devtools.inspectedWindow.eval executes within privileged pages | $2000 | 2020-08-22 |
1082990 | CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc | - | 2020-08-22 |
1083525 | CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp | - | 2020-08-22 |
1065122 | heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor | - | 2020-08-21 |
1067869 | Chromium: Vulnerability reported in third_party/guava | - | 2020-08-21 |
1077200 | CrOS: Vulnerability reported in dev-vcs/git | - | 2020-08-21 |
1080616 | CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1080618 | CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1080951 | CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1081086 | Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren | - | 2020-08-21 |
1081722 | Security: memcpy-param-overlap in AudioBuffer::copyFromChannel | - | 2020-08-21 |
1082597 | pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus | $7500 | 2020-08-21 |
1082727 | Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct | - | 2020-08-21 |
1083210 | CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1083211 | CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1083212 | CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-21 |
1083250 | CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc | - | 2020-08-21 |
999311 | Security: Use after free in MojoCdmService | $30000 | 2020-08-20 |
1052492 | Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer | - | 2020-08-18 |
1074340 | Security: javascript URI sandbox flags aren't propagated in a blank string case | $1000 | 2020-08-17 |
1079449 | v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h | - | 2020-08-17 |
1081081 | Security: URL spoofing using slow page loading on iOS | $500 | 2020-08-17 |
1073015 | Security: UAF in DistillerJavaScriptService (Android) | $20000 | 2020-08-15 |
1077491 | Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues | $3000 | 2020-08-15 |
1079398 | gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler | - | 2020-08-15 |
1080936 | Container-overflow in base::internal::Invoker<base::internal::BindState<void | - | 2020-08-15 |
1080950 | CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-15 |
1066731 | Security: Wrong account password captured | - | 2020-08-14 |
1072165 | libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace | - | 2020-08-14 |
1075496 | Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout | - | 2020-08-14 |
1077203 | Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX | - | 2020-08-14 |
1077301 | Security: SELinux/netlink missing access check | - | 2020-08-14 |
1077477 | mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace | - | 2020-08-14 |
1077531 | Security: ChromeOS shill breakout and privilege escalation to root | $30000 | 2020-08-14 |
1077754 | Security: cmd injection into pppd config | - | 2020-08-14 |
1077780 | Security: run_oci will execute hooks from config.json on writable file systems | - | 2020-08-14 |
1078236 | Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation | $6000 | 2020-08-14 |
1078336 | CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-14 |
1078671 | Security: UAF in CaptionHostImpl | $20000 | 2020-08-14 |
1078865 | trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256 | - | 2020-08-14 |
1078867 | cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts | - | 2020-08-14 |
1078913 | DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc | - | 2020-08-14 |
1079066 | DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc | - | 2020-08-14 |
1080447 | trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256 | - | 2020-08-14 |
1080617 | CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-14 |
1080620 | CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-14 |
1080621 | CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-14 |
946156 | Security: Chrome (Mac OS X) - Arbitrary File Permission Modification | $500 | 2020-08-12 |
1077501 | Segv on unknown address in blink::StyleCascade::ApplyInterpolation | - | 2020-08-12 |
1078399 | v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h | - | 2020-08-12 |
1050003 | CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel | - | 2020-08-11 |
1071311 | Security: OOB Write In SkBitSet::set | - | 2020-08-11 |
1071729 | Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com) | - | 2020-08-11 |
1076708 | OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor | $7500 | 2020-08-11 |
1072474 | Security: cros_disks sshfs allows injection of symlinks | - | 2020-08-10 |
1001870 | gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group | - | 2020-08-07 |
1036706 | gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new | - | 2020-08-07 |
1076030 | hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area | - | 2020-08-07 |
1065731 | audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header | - | 2020-08-06 |
1070066 | Security: Displaying a page action popup from the omnibox prevents an infobar from displaying | $500 | 2020-08-06 |
1075719 | v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable | - | 2020-08-06 |
1076442 | DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h | - | 2020-08-06 |
1029569 | sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0 | $3000 | 2020-08-05 |
1072233 | Security: ChromeOS root privilege escalation and persistence | $45000 | 2020-08-05 |
1072276 | login_manager command execution via policy-injected flags | - | 2020-08-05 |
1073602 | SCTP stack buffer overflow from malicious AUTH chunks | - | 2020-08-05 |
1074586 | DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h | - | 2020-08-05 |
1074706 | uaf in TabSharingInfoBarDelegate | $15000 | 2020-08-05 |
1074655 | Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity | - | 2020-08-05 |
1075953 | DCHECK failure in *available != 0 in assembler-arm.cc | - | 2020-08-05 |
1007343 | vtest_fuzzer: Crash in try_setup_line | - | 2020-08-04 |
1069246 | iOS: Omnibox doesn't display blob: origin for long URL | $1500 | 2020-08-04 |
1069964 | Security: Check failed: receiver.IsJSFunction(). | - | 2020-08-04 |
1070094 | ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev | - | 2020-08-04 |
1070480 | Security: use-of-uninitialized-value in sse2::lowp::gather | - | 2020-08-04 |
1072253 | Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos | $30000 | 2020-08-04 |
1072470 | Security: cups shouldn't be running with gid=0 | - | 2020-08-04 |
1074532 | minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process | - | 2020-08-04 |
1075777 | ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev | - | 2020-08-04 |
1075952 | ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std | - | 2020-08-04 |
1073553 | Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1> | - | 2020-08-03 |
1074621 | DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h | - | 2020-08-03 |
843095 | Chrome Url Spoofing via Interstitial content overwrite | $2000 | 2020-08-01 |
978779 | Chromium uses expired certificate for Baltimore CyberTrust | - | 2020-08-01 |
1074190 | net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata | - | 2020-08-01 |
961644 | Heap-buffer-overflow in courgette::Read32LittleEndian | - | 2020-07-31 |
1073981 | DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl. | - | 2020-07-31 |
1073409 | XSS on chrome://histograms/ with a compromised renderer | - | 2020-07-30 |
985551 | Crash in sw::Thread::Thread | - | 2020-07-29 |
1057441 | sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode | - | 2020-07-29 |
1072171 | Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax | $7500 | 2020-07-29 |
1072885 | Security: arcvm-server-proxy command injection | - | 2020-07-29 |
1072983 | use-after-free in BlobRegistryImpl(browser process) | $20000 | 2020-07-29 |
1073263 | DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc | - | 2020-07-29 |
1064676 | full CSP bypass while evaluating a javascript-URL in iframe. | $3000 | 2020-07-29 |
634183 | Malformed CSP is not reported in the console and protection is disabled. | - | 2020-07-28 |
1071059 | Security: Blink - Type Confusion with Custom Element | $7500 | 2020-07-28 |
873178 | Security: Chrome allows setting arbitrary HTTP headers | - | 2020-07-28 |
633348 | CSP can be abused to disclose line/column numbers across origins | - | 2020-07-27 |
992698 | Security: Bypass the CSP when popup with "javascript:"-URL | $500 | 2020-07-27 |
1072115 | v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode | - | 2020-07-27 |
1016278 | Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand | - | 2020-07-25 |
1042986 | iframe in victim page can detect Scroll To Text Fragment activation | - | 2020-07-25 |
1071711 | v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h | - | 2020-07-25 |
986051 | Security: Use-after-free of CommandLineAPIScope object | $3000 | 2020-07-24 |
1070609 | Security: UAF in the blink.mojom.SmsReceiverPtr interface | $10000 | 2020-07-24 |
1071454 | Security DCHECK failure: IsA<Derived>(from) in casting.h | $6000 | 2020-07-24 |
1025302 | Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes | - | 2020-07-23 |
1040490 | CrOS: Vulnerability reported in net-dns/dnsmasq | - | 2020-07-23 |
1049040 | dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init | - | 2020-07-23 |
1062861 | heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry | - | 2020-07-23 |
1063690 | Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing | $500 | 2020-07-23 |
1064891 | use after free in mojom::ClipboardHost | $10000 | 2020-07-23 |
1068084 | Security: Use after free in WebRTC | $7500 | 2020-07-23 |
1068531 | Security: Character “⠀” (U+2800) should be converted into code. | $500 | 2020-07-23 |
1068609 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace | - | 2020-07-23 |
1069079 | dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl | - | 2020-07-23 |
1069757 | CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel | - | 2020-07-23 |
1070012 | Chromium: Vulnerability reported in third_party/sqlite | - | 2020-07-23 |
1070199 | [wasm] Disable native module cache to fix stability issue on M-81 | - | 2020-07-23 |
967925 | Security: BLE Hijacking with Smart Unlock/Magic Tether | - | 2020-07-21 |
1069700 | Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot | $5000 | 2020-07-21 |
1069789 | Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown | $7500 | 2020-07-21 |
1070054 | Security: input audio html5 tag makes chrome ios crashes | - | 2020-07-21 |
1065298 | UAF in base::SupportsUserData::SetUserData | $20000 | 2020-07-18 |
1068542 | CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel | - | 2020-07-18 |
1055933 | heap-use-after-free : ProfileIOData::FromResourceContext | - | 2020-07-16 |
1064519 | Security: DevTools doesn't fully validate channel messages it receives | $3000 | 2020-07-16 |
1068395 | Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost | - | 2020-07-16 |
1067851 | Security: UAF in Speech Recognizer | $25000 | 2020-07-15 |
1068466 | dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus | - | 2020-07-15 |
840361 | Security: mount-encrypted may leak stateful encryption key across dev mode transition | - | 2020-07-14 |
1016543 | Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo | - | 2020-07-14 |
1053939 | V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt | - | 2020-07-14 |
1057461 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback | - | 2020-07-14 |
1068509 | CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc | - | 2020-07-14 |
1055583 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get | - | 2020-07-13 |
1061687 | dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl | - | 2020-07-13 |
1067980 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-07-13 |
1010770 | Crash in hsw::lowp::gather_NUMBER | - | 2020-07-12 |
1055746 | Security: CVE-2020-2732: Nested VMX vulnerability | - | 2020-07-12 |
1059577 | Security: Possible to escape sandbox via devtools_page | $3000 | 2020-07-11 |
1060023 | Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239 | - | 2020-07-10 |
1065186 | UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture | $5000 | 2020-07-10 |
1065761 | Security: Copy & paste XSS via noscript | $5000 | 2020-07-10 |
981114 | Security: BT Classic Pairing Hijack | - | 2020-07-08 |
1059955 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit | - | 2020-07-08 |
1061933 | aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion | - | 2020-07-08 |
1061235 | Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor | - | 2020-07-07 |
1064429 | Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar | - | 2020-07-07 |
1065704 | Security: UAF in WebSocket Network Service | $20000 | 2020-07-07 |
1065772 | ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator() | - | 2020-07-07 |
1058895 | Security: Slow Read HTTP Attack | $500 | 2020-07-06 |
1040755 | Security: Another "universal" XSS via copy&paste | $2000 | 2020-07-03 |
1062868 | heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount | - | 2020-07-03 |
1064898 | Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput | - | 2020-07-03 |
978632 | heap-use-after-free : sctp_release_pr_sctp_chunk | - | 2020-07-02 |
990581 | Security: Security: CSP does not propagate to blob: URIs | $500 | 2020-07-02 |
1060559 | [Web NFC] Block YubiKeys | - | 2020-07-02 |
1061682 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-07-02 |
1019161 | UAF In ProcessManager | $7500 | 2020-07-01 |
1064112 | Segv on unknown address in blink::Internals::getAgentId | - | 2020-07-01 |
1067270 | Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044) | $5000 | 2020-07-01 |
1063177 | Declarative Net Request: Potential use after free while reindexing rulesets. | - | 2020-06-30 |
1054229 | media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec | - | 2020-06-28 |
1059764 | Security: container-overflow in MediaStream mojo | - | 2020-06-26 |
1060549 | Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA) | $7500 | 2020-06-26 |
1062247 | Incomplete fix of 1055788 and 1057627 | - | 2020-06-26 |
1032531 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1034223 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1035370 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1037730 | Security: Full screen notification overlap on Windows and Linux | $500 | 2020-06-25 |
1038580 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1038884 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1040055 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1040488 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-06-25 |
1052647 | Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate) | - | 2020-06-24 |
1061878 | dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy | - | 2020-06-24 |
1059533 | use-after-free in web_graphics_context_3d_provider_wrapper | $2000 | 2020-06-23 |
933171 | Trusted Types bypass with blob and meta refresh | - | 2020-06-20 |
933172 | Trusted Type bypass with SVG | - | 2020-06-20 |
1004106 | Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs | $7500 | 2020-06-20 |
1020026 | Security: 'Press Esc to exit fullscreen' covered up by a popup page | $1000 | 2020-06-20 |
1030901 | Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer | - | 2020-06-20 |
1042210 | Security: fullscreen notification spoof (repro issue 882812) | $500 | 2020-06-20 |
1045787 | Security: ChromeDriver is vulnerable to CSRF attack | - | 2020-06-20 |
1055303 | Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange | - | 2020-06-20 |
1059669 | Out-of-bounds read in WebSQL | $3000 | 2020-06-20 |
1059686 | UaF in DeferredTaskHandler::BreakConnections(2) | - | 2020-06-20 |
1060548 | CrOS: Vulnerability reported in app-arch/libarchive | - | 2020-06-20 |
1060647 | Security: WebRTC certificate parsing | - | 2020-06-20 |
1061018 | UaF in DeferredTaskHandler::ProcessAutomaticPullNodes | - | 2020-06-20 |
1061154 | gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo | - | 2020-06-20 |
1061231 | net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime | - | 2020-06-20 |
1061389 | gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl | - | 2020-06-20 |
1058515 | Chrome fetches DevTools stuff using insecure http protocol | - | 2020-06-16 |
1059349 | Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init | - | 2020-06-16 |
1059472 | v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h | - | 2020-06-16 |
1030909 | Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer | - | 2020-06-15 |
1046021 | CrOS: Vulnerability reported in media-libs/opencv | - | 2020-06-15 |
1055524 | Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated | - | 2020-06-15 |
1056222 | MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF | - | 2020-06-15 |
785159 | Wrong origin shown for permission prompts after navigations that lead to interstitials | $500 | 2020-06-13 |
1054966 | Policy page opens a file dialogue even if the AllowFileSelectionDialogs policy is set to false | $500 | 2020-06-13 |
1059187 | Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable | - | 2020-06-13 |
1057418 | skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y | - | 2020-06-12 |
1058653 | Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA) | $5000 | 2020-06-12 |
1054732 | Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole | - | 2020-06-10 |
1055869 | Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText | $5000 | 2020-06-10 |
1057593 | UaF in DeferredTaskHandler::BreakConnections | - | 2020-06-10 |
1057627 | UaP in AudioScheduledSourceHandler::NotifyEnded | - | 2020-06-10 |
1038527 | cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free | - | 2020-06-09 |
1054260 | heap-use-after-free : content::FileChooserImpl::~FileChooserImpl | - | 2020-06-09 |
1057309 | use-after-move in BinaryUploadService::UploadForDeepScanning | - | 2020-06-09 |
1057369 | Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision | - | 2020-06-09 |
1055131 | Crash in Builtins_ArgumentsAdaptorTrampoline | - | 2020-06-07 |
1056273 | Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject | - | 2020-06-06 |
1056154 | Chromium: Vulnerability reported in third_party/sqlite | - | 2020-06-05 |
1056440 | Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider | - | 2020-06-05 |
986108 | Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState | $1000 | 2020-06-04 |
1035315 | iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions | $1000 | 2020-06-04 |
1055788 | UaP in IIRFilterHandler::Process | - | 2020-06-04 |
1056152 | CrOS: Vulnerability reported in app-arch/libarchive | - | 2020-06-04 |
1056153 | CrOS: Vulnerability reported in dev-libs/libpcre2 | - | 2020-06-04 |
965611 | Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open | $1000 | 2020-06-03 |
976767 | Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget | - | 2020-06-03 |
1034519 | Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost | - | 2020-06-03 |
1041406 | UAF in chrome!content::FrameTreeNode::~FrameTreeNode | $20000 | 2020-06-03 |
1054466 | v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h | - | 2020-06-03 |
1055124 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-06-03 |
1055142 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-06-03 |
1055223 | Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing | - | 2020-06-03 |
1055338 | Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue | - | 2020-06-03 |
1055692 | v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push | - | 2020-06-03 |
1056044 | ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads | - | 2020-06-03 |
949913 | Use-after-free in CXFA_FFComboBox::OnProcessEvent | $3000 | 2020-06-02 |
1054765 | Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute | - | 2020-06-02 |
1055128 | Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian | - | 2020-06-02 |
1055221 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-06-02 |
1055393 | UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode | $20000 | 2020-06-02 |
1055713 | Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily | - | 2020-06-02 |
1054139 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect | - | 2020-05-30 |
982193 | Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent | $5000 | 2020-05-29 |
1026991 | pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget | $5000 | 2020-05-29 |
1045803 | rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo | - | 2020-05-29 |
1047838 | Missing browser-process permission checks for WebNFC | - | 2020-05-29 |
1050046 | ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array)) | - | 2020-05-29 |
1054733 | Use-after-poison in blink::LayoutObject::ViewRect | - | 2020-05-29 |
1054785 | Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument | - | 2020-05-29 |
990897 | Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus | $7500 | 2020-05-28 |
1031152 | cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le | - | 2020-05-28 |
1031153 | cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create | - | 2020-05-28 |
1040329 | heap use-after-free in CFDE_TextEditEngine::Insert | $7500 | 2020-05-28 |
1051748 | Use-after-poison in WebGLRenderingContextBase | $8500 | 2020-05-28 |
1052651 | Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar | $7500 | 2020-05-28 |
1052786 | Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData | $7500 | 2020-05-28 |
1053617 | Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA) | $7500 | 2020-05-28 |
1054429 | Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA) | - | 2020-05-28 |
453937 | Cross origin access with exception object + full exploit | $25633 | 2020-05-27 |
583431 | Universal XSS in DocumentLoader::createWriterFor + full-chain exploit | $25633 | 2020-05-27 |
1041749 | Security: tel: protocal spoofing 2 | $500 | 2020-05-27 |
1050996 | Security: MediaElementAudioSourceNode bypasses CORS checks | $1000 | 2020-05-27 |
1051017 | Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi | - | 2020-05-27 |
1042566 | Security: Use After Free in Deserializer::DeserializeDeferredObjects | - | 2020-05-26 |
1051368 | navigator.sendBeacon doesn't make CORS preflight request | - | 2020-05-26 |
1051439 | Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS | - | 2020-05-26 |
1034023 | Check Raw Clipboard permission and feature flag browser-side | - | 2020-05-24 |
1041330 | Security: use-of-uninitialized-value in containsNoEmptyCheck | - | 2020-05-24 |
1040046 | Security: Investigate "Zero length" BIOS write protect range UMA reports | - | 2020-05-24 |
1045931 | Security: General check for streams not checking states correctly | - | 2020-05-24 |
1048555 | Use after free in CodeSerializer::Deserialize | $500 | 2020-05-24 |
1050011 | Security: URL Spoof in Android PageInfo | - | 2020-05-24 |
1051075 | libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String | - | 2020-05-24 |
1051564 | libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std:: | - | 2020-05-24 |
1051912 | DCHECK failure in 1 == map_.count(key) in wasm-engine.cc | - | 2020-05-24 |
1052442 | Windows: Potential UaF In Job Object Notification. | - | 2020-05-24 |
1052576 | CHECK failure: locale__value.IsString() in class-verifiers-tq.cc | - | 2020-05-24 |
995566 | Heap-use-after-free in ChromePasswordManagerClient::OnPaste | - | 2020-05-21 |
1048038 | Use after free in Logger::MapEvent | $500 | 2020-05-21 |
1003501 | PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent | $6000 | 2020-05-20 |
1044277 | Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame | $500 | 2020-05-20 |
1049510 | Unexpected reveal of service worker interception by using nextHopProtocol | $2000 | 2020-05-20 |
1050419 | Security: Use-after-poison in AudioWorkletNode | $7500 | 2020-05-20 |
1051462 | CrOS: Vulnerability reported in app-text/poppler | - | 2020-05-20 |
1049581 | Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0) | - | 2020-05-19 |
1050756 | Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access | $500 | 2020-05-19 |
1033972 | Segv on unknown address in views::FocusSearch::FindNextFocusableView | - | 2020-05-16 |
1050090 | Fix security vulnerability in PaintController on subsequence under-invalidation | - | 2020-05-16 |
925834 | Security: seneschal allows bind-mounting arbitrary paths into 9p subtree | - | 2020-05-15 |
1043603 | use-after-poison in mojo::MessageDispatcher | $5000 | 2020-05-15 |
1048473 | Use-after-destroy in WebAudio | $7500 | 2020-05-15 |
1049129 | rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul> | - | 2020-05-15 |
998514 | Security: buffer overflow in modprobe | - | 2020-05-14 |
1036373 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2020-05-14 |
1036376 | CrOS: Vulnerability reported in dev-libs/openssl | - | 2020-05-14 |
1044570 | Security: SEGV_MAPERR with Intl.ListFormat and long strings | $5000 | 2020-05-14 |
1047942 | CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-14 |
1031670 | ☂ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts") | - | 2020-05-13 |
1045386 | CrOS: Vulnerability reported in sys-fs/e2fsprogs | - | 2020-05-13 |
1047911 | rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo | - | 2020-05-13 |
1047914 | pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems | $1000 | 2020-05-13 |
1047932 | rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor | - | 2020-05-13 |
1048005 | rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject | - | 2020-05-13 |
1048013 | rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader | - | 2020-05-13 |
1048024 | rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate | - | 2020-05-13 |
1032158 | Security of some component extensions relies on untrustworthy MessageSender.id | - | 2020-05-12 |
1040700 | heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew | - | 2020-05-12 |
1047285 | Security of media-router built-in extension relies on untrustworthy MessageSender.id | - | 2020-05-12 |
1048241 | v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg | - | 2020-05-12 |
966507 | Possible Sec-Fetch-Site bypass via PaymentRequest | - | 2020-05-11 |
1046019 | CrOS: Vulnerability reported in app-arch/libarchive | - | 2020-05-11 |
639322 | Automation API leaks tab URLs | $500 | 2020-05-09 |
1010844 | CXFA_FFPageView Use After Free | $5000 | 2020-05-09 |
1041190 | CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-09 |
1042915 | pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect | $1000 | 2020-05-09 |
1043965 | Security: Possible to navigate to extension resources not listed in web_accessible_resources | $1000 | 2020-05-09 |
1045225 | v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg | - | 2020-05-09 |
1045487 | rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs | - | 2020-05-09 |
1045738 | sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64 | - | 2020-05-09 |
1046995 | rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader | - | 2020-05-09 |
1047024 | rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9 | - | 2020-05-09 |
1047054 | heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner | - | 2020-05-09 |
1047095 | rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate | - | 2020-05-09 |
1047097 | PDFium: Apply fix for CVE-2020-8112 | - | 2020-05-09 |
1047156 | CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-09 |
1047165 | rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9 | - | 2020-05-09 |
1047264 | rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor | - | 2020-05-09 |
1047355 | Crash in v8::internal::StringHasher::HashSequentialString<char> | - | 2020-05-09 |
1047368 | DCHECK failure in name->IsFlat() in factory.cc | - | 2020-05-09 |
851302 | UI/URL Spoofing by opening popups and putting the background page into fullscreen | $3000 | 2020-05-07 |
852645 | requestFullscreen should consume user activation to prevent UI/URL spoofing | $1000 | 2020-05-07 |
977872 | pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert | - | 2020-05-07 |
1047074 | DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_ | - | 2020-05-07 |
1006012 | Security: URL bar spoofing on iOS | $500 | 2020-05-06 |
1034225 | CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-06 |
1034228 | CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-06 |
1043443 | CrOS: Vulnerability reported in net-analyzer/tcpdump | - | 2020-05-06 |
1044331 | Use-after-poison in blink::SecurityContextInit::SecurityContextInit | - | 2020-05-06 |
1045812 | Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets | - | 2020-05-06 |
1045797 | Use-of-uninitialized-value in v8::internal::JSFunction::ToString | - | 2020-05-06 |
1045874 | Security: OOB access in ReadableStream::Close | - | 2020-05-06 |
1046026 | vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch | - | 2020-05-06 |
1046098 | Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership | - | 2020-05-06 |
1046321 | CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-06 |
1045703 | transfer_cache_fuzzer: Crash in GrConvertPixels | - | 2020-05-03 |
1045719 | gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16> | - | 2020-05-03 |
1045721 | gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16 | - | 2020-05-03 |
1045722 | gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy | - | 2020-05-03 |
1045723 | transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy | - | 2020-05-03 |
1045757 | gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer< | - | 2020-05-03 |
1043070 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-05-02 |
1043095 | dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor | - | 2020-05-02 |
868145 | Security: Loading mixed content without insecure warning | $500 | 2020-05-01 |
1033824 | Security: Unquoted Path in user Chrome Updater registry key | - | 2020-05-01 |
1035271 | Security: 3D CSS transform and drop-shadow can draw over address bar | $3000 | 2020-05-01 |
1045388 | CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel | - | 2020-05-01 |
1035399 | Security: Site Isolation bypass in BlobURLStoreImpl::Register | - | 2020-04-30 |
1041828 | Potential UaF in NavigationPredicator | - | 2020-04-30 |
1042091 | Warn Chrome on downloads of for all .HTA files | - | 2020-04-30 |
1042145 | Null-dereference READ in sqlite3VdbeExec | - | 2020-04-30 |
1042578 | Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results) | - | 2020-04-30 |
1042700 | Security: SQLite CVE-2019-19926 | $500 | 2020-04-30 |
1042879 | Security: Data race in AudioArray::Allocate can lead to OOB access | - | 2020-04-30 |
1042956 | pdfium (XFA): UAF in CXFA_Node::HasFlag | $5000 | 2020-04-30 |
1043508 | pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList | $5000 | 2020-04-30 |
1043510 | pdfium (XFA): wild-addr-read in GetWordBreakProperty | $7500 | 2020-04-30 |
1044379 | Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup | - | 2020-04-30 |
1031479 | Security: Debug check failed: has_feedback_vector() | $2000 | 2020-04-28 |
1041222 | Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin | - | 2020-04-28 |
1042535 | Security: webrtc: out-of-bounds write in FEC extension processing | - | 2020-04-28 |
1042933 | Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension | - | 2020-04-28 |
1039241 | Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically | - | 2020-04-27 |
1043530 | Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea | - | 2020-04-27 |
1025521 | Security: <portal>s with an autofocus element get focus | $500 | 2020-04-24 |
1029437 | pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap | $5000 | 2020-04-24 |
1041411 | heap-buffer-overflow in HRTFKernel | $500 | 2020-04-24 |
1041546 | Security: linux shell has all inheritable capabilities set by default | - | 2020-04-24 |
1042254 | Security: More UaFs in WebAudio | - | 2020-04-24 |
1029829 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit | - | 2020-04-23 |
1030167 | Crash in v8::internal::Simulator::LoadStorePairHelper | - | 2020-04-23 |
1038828 | Heap-use-after-free in net::URLRequestContext::CreateRequest | - | 2020-04-23 |
1039470 | Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants | - | 2020-04-23 |
1039869 | Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards | $5000 | 2020-04-23 |
1040883 | Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed | - | 2020-04-23 |
1041174 | Heap-use-after-free in views::NativeWidgetAura::Close | - | 2020-04-23 |
1031909 | SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline) | $2000 | 2020-04-21 |
1033771 | Security: Debug check failed: is_valid(value). | - | 2020-04-21 |
1034695 | third_party/sqlite version 3.30.1 is vulnerable | - | 2020-04-21 |
1037889 | From secure page it is navigating to insecure page. | $1000 | 2020-04-21 |
1038036 | Security: Cross-Origin (Partial) Status Code Leakage | $1000 | 2020-04-21 |
1040325 | CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc | $2000 | 2020-04-21 |
1040489 | CrOS: Vulnerability reported in app-editors/vim | - | 2020-04-21 |
1041210 | CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc | - | 2020-04-21 |
1041240 | DCHECK failure in 0 <= length in factory.cc | - | 2020-04-21 |
1041303 | pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget | $500 | 2020-04-21 |
1041616 | DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac | - | 2020-04-21 |
1062091 | Security: UAF in InstalledAppProviderImpl (Desktop) | $25000 | 2020-04-20 |
894477 | Security: Extensions can continue to temporarily execute code and access file after being uninstalled | $500 | 2020-04-18 |
997515 | Security: Use-after-free in CXFA_FFDocView::SetFocus | $5000 | 2020-04-18 |
1018677 | Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort | $5000 | 2020-04-18 |
1020745 | Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118 | $500 | 2020-04-18 |
1031679 | Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin | - | 2020-04-18 |
1030415 | DCHECK failure in !HasOptimizedCode() in js-objects.cc | - | 2020-04-18 |
1032677 | Crash in v8::internal::Isolate::GetCodeTracer | - | 2020-04-18 |
1033461 | sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator | - | 2020-04-18 |
1037703 | Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame | - | 2020-04-18 |
1036667 | Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant | - | 2020-04-18 |
1037872 | Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo | - | 2020-04-18 |
1038243 | Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr | - | 2020-04-18 |
1038489 | pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object | - | 2020-04-18 |
1038863 | Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925 | - | 2020-04-18 |
1039059 | CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel | - | 2020-04-18 |
1039159 | mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals | - | 2020-04-18 |
1040080 | Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution | $500 | 2020-04-18 |
1040403 | DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO | - | 2020-04-18 |
1040444 | DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO | - | 2020-04-18 |
1040493 | CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel | - | 2020-04-18 |
633352 | Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically. | $1000 | 2020-04-15 |
803365 | Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site | $2000 | 2020-04-15 |
959194 | Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse | - | 2020-04-15 |
995081 | Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus | $5000 | 2020-04-15 |
1029865 | heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder | - | 2020-04-15 |
1038019 | Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost | - | 2020-04-15 |
1038178 | Security: Missing deoptimization information for OptimizedFrame::Summarize | - | 2020-04-15 |
1039629 | Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged | $7500 | 2020-04-15 |
710190 | Security: Reloading the content of a changed file | - | 2020-04-14 |
809350 | Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache | - | 2020-04-14 |
991217 | Security: Memory access violations when setting a breakpoint at a specific location | - | 2020-04-14 |
991899 | Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus | $7500 | 2020-04-14 |
1014371 | Security: iframe sandbox can be worked around via javascript: links and window.opener | $3000 | 2020-04-14 |
1035464 | Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run | - | 2020-04-14 |
1021871 | cras_rclient_message_fuzzer: Null-dereference READ in pthread_create | - | 2020-04-13 |
1031697 | AutofillAssistantFacade.callerIsOnWhitelist() is not secure | - | 2020-04-13 |
609527 | Make sure active mixed content and broken-https subresources do something reasonable on weird origins | - | 2020-04-11 |
1034299 | media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals | - | 2020-04-11 |
1034480 | CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid | - | 2020-04-11 |
1030411 | JavaScript injection via malicious WebExtension in CWS | $5000 | 2020-04-10 |
1030892 | Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer | - | 2020-04-10 |
1033795 | UAF in blink::PaintLayer::CommonAncestor | $5000 | 2020-04-10 |
1035058 | Security: Autocomplete preview text leak #4: using ::first-line pseudo-element | $5000 | 2020-04-10 |
1036697 | CrOS: Vulnerability reported in dev-db/sqlite | - | 2020-04-09 |
1031142 | Security: ☂ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed | - | 2020-04-08 |
999114 | CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel | - | 2020-04-07 |
999115 | CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel | - | 2020-04-07 |
1034563 | Heap-use-after-free in views::BoundsAnimator::AnimationProgressed | - | 2020-04-07 |
1036604 | CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel | - | 2020-03-30 |
714617 | Security: chrome.tabs.executeScript can reveal Chrome's profile path | $500 | 2020-03-28 |
1035779 | Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal | - | 2020-03-28 |
639173 | ignored TLS errors propagate from webview to main browser | $500 | 2020-03-27 |
959571 | Security: Mixed content state reset when navigating back | $500 | 2020-03-27 |
1033407 | Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent | $2000 | 2020-03-27 |
1035371 | Chromium: Two Vulnerabilities reported in sqlite 3.30.1 | - | 2020-03-27 |
571546 | Security: Prompt boxes steal focus in popups | - | 2020-03-26 |
1025700 | CrOS: Vulnerability reported in media-libs/tiff | - | 2020-03-26 |
1028722 | sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint | $3000 | 2020-03-26 |
1029002 | sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty | - | 2020-03-26 |
1029027 | sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint | - | 2020-03-26 |
1029210 | sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge | - | 2020-03-26 |
1029506 | sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop | - | 2020-03-26 |
1031112 | CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel | - | 2020-03-26 |
1032170 | Use browser-side URL to verify if extension messaging connection is allowed | - | 2020-03-26 |
1033395 | Security:Wrong assumption lead to Use After Free in deserializer.cc | $500 | 2020-03-26 |
1034745 | Security: QuicStreamFactory incorrectly installs NullDecrypter | - | 2020-03-26 |
1035331 | DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h | - | 2020-03-26 |
1035373 | CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel | - | 2020-03-26 |
1035723 | Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay | - | 2020-03-26 |
1032090 | pdfium: use-of-uninitialized-value in CRYPT_AESSetKey | $2000 | 2020-03-24 |
1033841 | Security: Debug check failed: IsNumber(). | - | 2020-03-23 |
1034394 | A null pointer dereference has been discovered in V8 compiler which affects the latest version. | $5000 | 2020-03-23 |
1015693 | net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody | - | 2020-03-21 |
1032422 | Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent | $5000 | 2020-03-21 |
1033974 | DCHECK failure in 0 <= at_least_space_for in objects.cc | - | 2020-03-21 |
1034167 | DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc | - | 2020-03-21 |
1023810 | use-after-poison in webaudio | $10000 | 2020-03-20 |
1029462 | use-after-free in AudioWorklet | $7500 | 2020-03-20 |
1029530 | CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen | - | 2020-03-20 |
1032548 | Security: heap-buffer-overflow in AudioDelayDSPKernel::Process | - | 2020-03-20 |
1033260 | Heap-use-after-free in net::VerifyWithGivenFlags | - | 2020-03-20 |
1026546 | Security: Steal any local picture when open a local html file | $1000 | 2020-03-19 |
1029375 | Security: extensions with downloads.open permission can execute code on the device using .fileloc files | $500 | 2020-03-19 |
1031895 | Security: ReadableStream::pipeTo do not check IsLockedStream | - | 2020-03-19 |
1032054 | Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment) | - | 2020-03-19 |
1032906 | Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence | - | 2020-03-19 |
1033092 | mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals | - | 2020-03-19 |
1013906 | Security: expose stored (in cache) cross-site response's size | $500 | 2020-03-18 |
1029612 | audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals | - | 2020-03-18 |
1030381 | Crash in cc::LayerTreeImpl::TotalScrollOffset | - | 2020-03-18 |
1031653 | Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed | - | 2020-03-18 |
1019732 | Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process | - | 2020-03-17 |
1032534 | CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel | - | 2020-03-17 |
922882 | Security: Possible load of unitialized memory in WebRtcAec_Create | - | 2020-03-16 |
1022044 | cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString | - | 2020-03-14 |
1029054 | cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc | - | 2020-03-14 |
1030660 | CrOS: Vulnerability reported in net-analyzer/tcpdump | - | 2020-03-14 |
1031102 | CrOS: Vulnerability reported in app-arch/libarchive | - | 2020-03-14 |
1031523 | pdfium (XFA): oob read in HTMLSTR2Code | $2500 | 2020-03-14 |
875503 | Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction | $500 | 2020-03-13 |
968303 | heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle | - | 2020-03-13 |
1027408 | Security: tel: URL scheme reference origin spoof on Windows and Linux | $2000 | 2020-03-12 |
1029414 | Security: The sharing dialog can appear over the wrong tab (spoof) | $2000 | 2020-03-12 |
1030583 | Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword | $500 | 2020-03-12 |
1030912 | v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long> | - | 2020-03-12 |
1029565 | pdfium (XFA): oob read in EncodeXML | $2000 | 2020-03-11 |
1029576 | Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount(). | - | 2020-03-11 |
1029617 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT | - | 2020-03-11 |
1018629 | Use-of-uninitialized-value in SkPngEncoder::onEncodeRows | - | 2020-03-10 |
1025470 | Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read) | - | 2020-03-10 |
1025471 | Security: Negative size passed to memcpy() in fts3IncrmergePush | - | 2020-03-10 |
1025472 | Security: Memory leak in fts4, matchinfo() | - | 2020-03-10 |
1027426 | Security: UaF in BrowserTabStripController::AddNewTabInGroup() | - | 2020-03-10 |
1028152 | Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex | $3000 | 2020-03-10 |
1028208 | DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc | - | 2020-03-10 |
1029338 | DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h | - | 2020-03-10 |
1025463 | Security: TFC2019 - Multiple issues in sqlite (Tracking Bug) | - | 2020-03-09 |
1028863 | v8: Wrong JIT code that triggers SIGTRAP at runtime | $5000 | 2020-03-09 |
1029129 | Crash in cc::LayerTreeImpl::TotalScrollOffset | - | 2020-03-09 |
1026911 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false> | - | 2020-03-07 |
1027065 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT | - | 2020-03-07 |
1027470 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate | - | 2020-03-07 |
1023807 | Update WHL microcode to enable kernel TAA mitigations | - | 2020-03-06 |
1025489 | use-after-poison in base::internal::WeakReferenceOwner::Invalidate() | $5000 | 2020-03-06 |
1028862 | Trap in Builtins_InterpreterEntryTrampoline | $5000 | 2020-03-06 |
1017871 | Security: Injecting styles via copy-and-paste | $10000 | 2020-03-05 |
1021431 | Heap-use-after-free in content::GpuBenchmarking::Freeze | - | 2020-03-05 |
1022278 | render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText | - | 2020-03-05 |
1023843 | CVE-2019-2201: libjpeg-turbo: code execution | - | 2020-03-05 |
1024182 | Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155) | - | 2020-03-05 |
1028172 | agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio | - | 2020-03-05 |
1029174 | DCHECK failure in *result == *match_info in js-regexp.cc | - | 2020-03-05 |
1029200 | Crash in v8::internal::OrderedHashSet::ConvertToKeysArray | - | 2020-03-05 |
708595 | Security: Print Preview allows spoofing on other tab | $500 | 2020-03-04 |
1026994 | Security: EC host commands leaking stack to AP userspace | - | 2020-03-04 |
1027025 | DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed | - | 2020-03-04 |
1027176 | Check feature policy for payment in the browser. | - | 2020-03-04 |
1028809 | audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16 | - | 2020-03-04 |
1028614 | audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write | - | 2020-03-04 |
990428 | Tighten IDN policy for Kana + Latin domains | - | 2020-03-03 |
1016506 | heap-buffer-overflow : WebRtcSpl_DownsampleFastC | - | 2020-03-03 |
1023095 | zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan | - | 2020-03-03 |
1023183 | zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned | - | 2020-03-03 |
1025255 | hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage | - | 2020-03-03 |
1025464 | Security: SQLite defense-in-depth bypass | - | 2020-03-03 |
1025465 | Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext | - | 2020-03-03 |
1025466 | Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad | - | 2020-03-03 |
1026729 | DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h | - | 2020-03-03 |
1026909 | DCHECK failure in name.IsUniqueName() in stub-cache.cc | - | 2020-03-03 |
1027109 | DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc | - | 2020-03-03 |
1027498 | CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc | - | 2020-03-03 |
1027926 | Security: v8 Debug check failed: ResumeJumpTargetsAreValid(). | - | 2020-03-03 |
1028092 | agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain | - | 2020-03-03 |
1028181 | DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc | - | 2020-03-03 |
1028191 | CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc | - | 2020-03-03 |
1028207 | Security: Debug check failed: !Heap::InYoungGeneration(name) | - | 2020-03-03 |
1028396 | CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o | - | 2020-03-03 |
1028475 | DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc | - | 2020-03-03 |
968809 | Security: Clear rollback info from FPMCU stack when accessed | - | 2020-02-29 |
1026918 | pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData | $2000 | 2020-02-29 |
1027410 | DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h | - | 2020-02-29 |
1027650 | net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode | - | 2020-02-29 |
1027707 | transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy | - | 2020-02-29 |
1021677 | Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc | - | 2020-02-28 |
1024741 | transfer_cache_fuzzer: Crash in SkRectMemcpy | - | 2020-02-28 |
1025209 | net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode | - | 2020-02-28 |
1025467 | 2 Vulnerabilities in websql & sqlite (Tracking Bug) | $2000 | 2020-02-28 |
1025911 | transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels | - | 2020-02-28 |
1026354 | gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8> | - | 2020-02-28 |
1027152 | Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted | - | 2020-02-28 |
1027292 | Security: import maps are executed as classic scripts when the import map's flag is disabled | - | 2020-02-28 |
884693 | Security: IDN URL Spoofing with using "ы" | $500 | 2020-02-27 |
896453 | Domain spoof using unicode characters that look like numbers | - | 2020-02-27 |
1025442 | Security: IDN spoof with Latin Middle Dot (U+00B7) | - | 2020-02-27 |
1025468 | DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr | - | 2020-02-27 |
1026500 | Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt | - | 2020-02-27 |
1027045 | Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf | - | 2020-02-27 |
930683 | Security: Broadcom Bluetooth firmware vulnerability | - | 2020-02-26 |
954207 | Heap-buffer-overflow in s_RLE_process | - | 2020-02-26 |
1015518 | spvtools_as_fuzzer: Bad-free in spvBinaryDestroy | - | 2020-02-26 |
1015697 | spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp | - | 2020-02-26 |
1024256 | Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input | - | 2020-02-26 |
1025067 | UaF in BluetoothAdapter::OnDiscoveryChangeComplete | $20000 | 2020-02-26 |
1025109 | Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer | - | 2020-02-26 |
1026479 | CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c | - | 2020-02-26 |
1053604 | Security: Incorrect side effect modelling for JSCreate | - | 2020-02-26 |
1024758 | Security: OOB Write in ReduceRegExpPrototypeTest | $7500 | 2020-02-25 |
1025502 | gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8> | - | 2020-02-25 |
1018493 | ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum | - | 2020-02-24 |
1022695 | Crash in Builtins_InterpreterEntryTrampoline | - | 2020-02-24 |
1023144 | ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame | - | 2020-02-24 |
1024736 | transfer_cache_fuzzer: Crash in GrConvertPixels | - | 2020-02-22 |
1024762 | gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8> | - | 2020-02-22 |
881675 | Chrome v69 URL Spoof via FILE_SCHEME | $500 | 2020-02-21 |
1022466 | render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65 | - | 2020-02-21 |
1023853 | use after poison in rtc_rtp_sender_impl.cc | $5000 | 2020-02-21 |
1024099 | CHECK failure: bytes <= NUMBER in runtime-typedarray.cc | - | 2020-02-21 |
1024116 | Out-of-bounds access in WebBluetoothServiceImpl | $20000 | 2020-02-21 |
1025089 | Security: Fix number of arguments being passed when setting the thread name on Windows. | - | 2020-02-21 |
999956 | Security: U2F misses reloading hardware binding secrets after deep sleep | - | 2020-02-20 |
1013669 | Security: USBGuard accepts D-Bus messages from any | - | 2020-02-20 |
1019616 | wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate | - | 2020-02-20 |
1022554 | render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText | - | 2020-02-20 |
1022598 | render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged | - | 2020-02-20 |
1022855 | Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read. | $3000 | 2020-02-20 |
1022893 | render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged | - | 2020-02-20 |
1023442 | ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator | - | 2020-02-20 |
1023941 | heap-use-after-free : views::View::SetBackground | - | 2020-02-20 |
1024121 | Heap-use-after-free in WebBluetoothServiceImpl | $20000 | 2020-02-20 |
1016106 | hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage | - | 2020-02-19 |
1017793 | vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock | - | 2020-02-19 |
1021855 | Download Protection bypass | - | 2020-02-19 |
1023351 | Use-after-poison in blink::EventListenerMap::Find | - | 2020-02-19 |
1023972 | DCHECK failure in 4 == kSystemPointerSize in code-generator.cc | - | 2020-02-19 |
1016703 | DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array- | - | 2020-02-18 |
1007414 | Security: Tracking Chrome OS running e2fsck on an untrusted file system? | - | 2020-02-17 |
1020031 | CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar | - | 2020-02-17 |
699342 | Security: //components/search_engine appears to be parsing arbitrary XML in the browser process | - | 2020-02-15 |
754304 | UI Spoofing in External Protocol confirmation | $1000 | 2020-02-15 |
947876 | pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum | $2500 | 2020-02-15 |
968505 | Security: Domain name spoofing on Unicode top-level domains | - | 2020-02-15 |
984513 | The Permission for an important activity is set to null, as the result it can launched by any app. | $1000 | 2020-02-15 |
997724 | trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace | - | 2020-02-15 |
1005596 | Security: tel: URL scheme reference origin spoof | $2000 | 2020-02-15 |
1013882 | Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font | $5000 | 2020-02-15 |
1015872 | libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse | - | 2020-02-15 |
1015858 | libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array | - | 2020-02-15 |
1015881 | zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned | - | 2020-02-15 |
1016092 | hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area | - | 2020-02-15 |
1016099 | arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch | - | 2020-02-15 |
1016103 | runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc | - | 2020-02-15 |
1016168 | libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature | - | 2020-02-15 |
1016813 | cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree | - | 2020-02-15 |
1017020 | heap-use-after-free : libusb_get_next_timeout | - | 2020-02-15 |
1017494 | Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA) | $7500 | 2020-02-15 |
1017256 | cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString | - | 2020-02-15 |
1017707 | Security: Phishing with Unicode Domains | $500 | 2020-02-15 |
1017797 | cgpt_fuzzer: Use-of-uninitialized-value in Crc32 | - | 2020-02-15 |
1017961 | Heap-use-after-free in blink::AudioNodeOutput::Pull | - | 2020-02-15 |
1018512 | ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame | - | 2020-02-15 |
1019648 | v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val | - | 2020-02-15 |
1020533 | DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc | - | 2020-02-15 |
1020906 | ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame | - | 2020-02-15 |
1021457 | Security: Out of bounds index in array in function parameters | $3000 | 2020-02-15 |
1021919 | Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult | - | 2020-02-15 |
1022558 | Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted | - | 2020-02-15 |
856927 | Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled. | - | 2020-02-06 |
925035 | CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|. | - | 2020-02-06 |
1017695 | spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run | - | 2020-02-06 |
1018528 | Flickering WebGL with {alpha:false} on mali-400 | $500 | 2020-02-06 |
1018871 | DCHECK failure in !has_pending_exception() in isolate.cc | - | 2020-02-06 |
1000887 | Crash in v8::internal::Simulator::LoadStorePairHelper | - | 2020-02-05 |
1014607 | Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState | - | 2020-02-05 |
1017441 | Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document | $5000 | 2020-02-05 |
1019226 | Security - UAF in OfflineAudioContext | $13370 | 2020-02-05 |
1019544 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT | - | 2020-02-05 |
1019553 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false> | - | 2020-02-05 |
1019565 | gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate | - | 2020-02-05 |
1008312 | heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy | - | 2020-02-04 |
1010526 | Security: URL bar spoofing with using a file:/// URL | $500 | 2020-02-04 |
1017918 | Heap-buffer-overflow in hsw::store_NUMBER | - | 2020-02-04 |
1008470 | Security: AV in blink::ReadableStreamNative::Trace | - | 2020-02-03 |
1018565 | Use-of-uninitialized-value in v8::internal::compiler::Hints::Add | - | 2020-02-03 |
1011600 | PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context | $500 | 2020-01-31 |
1016167 | powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of | - | 2020-01-31 |
1016169 | vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString | - | 2020-01-31 |
1017564 | Security: URL bar spoofing on iOS with a very long URL | $2000 | 2020-01-31 |
1016061 | Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker | - | 2020-01-30 |
1016100 | ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum | - | 2020-01-30 |
1016109 | ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message | - | 2020-01-30 |
1016111 | ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame | - | 2020-01-30 |
1016393 | v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp | - | 2020-01-30 |
1016436 | Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext | - | 2020-01-30 |
1017061 | v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc | - | 2020-01-30 |
1015864 | trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t | - | 2020-01-29 |
1016166 | dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice | - | 2020-01-29 |
1016450 | DCHECK failure in HAS_SMI_TAG(ptr) in smi.h | - | 2020-01-29 |
993706 | Security: Possible to obtain results of queryObjects using custom devtools formatters | - | 2020-01-28 |
1016038 | Security: IndexedDB transactions should be inactive during structured serialization | - | 2020-01-28 |
1016165 | Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process | - | 2020-01-28 |
1016515 | Unknown signal in Builtins_InterpreterEntryTrampoline | - | 2020-01-28 |
1010581 | Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork | - | 2020-01-27 |
1015945 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio | - | 2020-01-27 |
1013868 | Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList | $7500 | 2020-01-25 |
1015070 | net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange | - | 2020-01-25 |
1015129 | net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage | - | 2020-01-25 |
1015567 | Null-dereference READ in v8::internal::VariableProxy::var | - | 2020-01-25 |
971917 | Site Isolation: Multiple restriction bypasses in registerProtocolHandler | $3000 | 2020-01-24 |
1011950 | Security: "universal" XSS via copy&paste | $2000 | 2020-01-24 |
1013418 | Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton | - | 2020-01-24 |
1015042 | chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal | - | 2020-01-24 |
1015256 | rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli | - | 2020-01-24 |
1015791 | Use-of-uninitialized-value in v8::internal::Scope::Scope | - | 2020-01-24 |
696208 | Security: Chrome extension is disabled by crafted chrome-extension:// URL | $500 | 2020-01-23 |
853670 | SameSite cookies leakage via child browsing context | $1000 | 2020-01-23 |
1013823 | zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan | - | 2020-01-23 |
1013871 | zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned | - | 2020-01-23 |
1014834 | v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp | - | 2020-01-23 |
1010518 | Security: AbsentPlaster bug on Chrome OS | - | 2020-01-22 |
1013490 | Heap-use-after-free in blink::LayoutObject::IsDescendantOf | - | 2020-01-22 |
944619 | Security: CORB not enforced for WebSocket requests | $10000 | 2020-01-21 |
1013920 | Security: Debug check failed: is_wasm_memory_. | - | 2020-01-21 |
1010569 | Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl | - | 2020-01-20 |
467329 | Popups can be moved below the taskbar in windows | $500 | 2020-01-18 |
990867 | Cross-origin-read attack by using an audio tag to download a cross-origin resource | $500 | 2020-01-18 |
1012055 | Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo: | - | 2020-01-18 |
1012579 | CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t | - | 2020-01-18 |
1012663 | Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe | - | 2020-01-18 |
1012727 | Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker | - | 2020-01-18 |
1013048 | Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes | - | 2020-01-18 |
1013485 | Heap-use-after-free in performance_manager::GraphImpl::AddNewNode | - | 2020-01-18 |
981100 | Security: ChromeVox exposes browser text from locked screen | - | 2020-01-17 |
999932 | Security: Possible to spoof URL through use of document.open | $500 | 2020-01-17 |
1001503 | Security: UaF in Aura | $20000 | 2020-01-17 |
1004212 | Security: Insecure Chrome download allows malicious software to change downloaded file integrity | - | 2020-01-17 |
1004458 | Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste | - | 2020-01-17 |
1005218 | Security: Multiple file download protection bypass 2 | $1000 | 2020-01-17 |
1007334 | Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0) | $2000 | 2020-01-17 |
1010765 | Security: URL in Omnibox doesn't always match page content on iOS | - | 2020-01-17 |
1013013 | CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h | - | 2020-01-17 |
1013042 | Security: Debug check failed: Smi::IsValid(value) | $5000 | 2020-01-17 |
1013058 | DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in | - | 2020-01-17 |
1013135 | DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl. | - | 2020-01-17 |
954219 | Heap-use-after-free in pdf14_decrement_smask_color | - | 2020-01-15 |
984327 | gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark | - | 2020-01-15 |
993415 | Use-after-poison in blink::Node::EnsureEventTargetData | $3000 | 2020-01-15 |
1003316 | CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel | - | 2020-01-15 |
1008947 | Heap-use-after-free in AvatarMenu::~AvatarMenu | - | 2020-01-15 |
1011596 | javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h | - | 2020-01-15 |
1011677 | heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter | - | 2020-01-15 |
1011980 | DCHECK failure in effect_edges > 0 in verifier.cc | - | 2020-01-15 |
1012580 | Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect | - | 2020-01-15 |
1001854 | CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel | - | 2020-01-14 |
1003325 | CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel | - | 2020-01-14 |
1003326 | CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel | - | 2020-01-14 |
1010379 | Security DCHECK failure: !object || (object->IsBox()) in layout_box.h | - | 2020-01-12 |
1010477 | Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h | - | 2020-01-12 |
1010759 | Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers | - | 2020-01-12 |
1011267 | Heap-use-after-free in blink::PaintLayer::CompositingContainer | - | 2020-01-12 |
1011603 | Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation | - | 2020-01-12 |
1010690 | Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged | - | 2020-01-11 |
1010703 | dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl | - | 2020-01-11 |
1010706 | Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers | - | 2020-01-11 |
1011294 | net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver | - | 2020-01-11 |
1007194 | Security: Use after free in MojoCdmProxyService | $5000 | 2020-01-09 |
1009458 | Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue> | - | 2020-01-09 |
918674 | Security: CVE-2018-19664 in libjpeg-turbo | - | 2020-01-08 |
948445 | Security: multiple issues in SafeSetID LSM | - | 2020-01-08 |
957314 | ClientNativePixmap implelementations don't validate handles | - | 2020-01-08 |
974375 | ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size | - | 2020-01-08 |
1005251 | Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription | $7500 | 2020-01-08 |
1005635 | transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER | - | 2020-01-08 |
1010026 | Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe | - | 2020-01-08 |
981649 | Use-of-uninitialized-value in send_delete_event | - | 2020-01-07 |
1004341 | Security: Upgrade expat to 2.2.8 | $500 | 2020-01-07 |
1005615 | transfer_cache_fuzzer: Heap-buffer-overflow in load2 | - | 2020-01-07 |
1005630 | transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16 | - | 2020-01-07 |
1005948 | Security: Headers are processed for aborted requests when passed through service worker | $500 | 2020-01-07 |
1008419 | Crash in blink::MarkingVisitorBase::Visit | - | 2020-01-07 |
1008632 | Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0) | - | 2020-01-07 |
1009207 | Crash in blink::HeapObjectHeader::CheckHeader | - | 2020-01-07 |
1009260 | pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free | - | 2020-01-07 |
1009278 | Crash in blink::DOMWrapperWorld::Current | - | 2020-01-07 |
1009382 | Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks | - | 2020-01-07 |
1008414 | CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc | - | 2020-01-06 |
1008714 | Crash in blink::IsCallbackFunctionRunnableInternal | - | 2020-01-06 |
1007423 | Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork | - | 2020-01-05 |
974648 | Use-of-uninitialized-value in uint64divmod | - | 2020-01-04 |
1000543 | Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer | - | 2020-01-03 |
1007866 | Security DCHECK failure: IsA<Derived>(from) in casting.h | - | 2020-01-03 |
1008216 | Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal | - | 2020-01-03 |
1008316 | Crash in blink::EventListenerMap::Contains | - | 2020-01-03 |
1008506 | Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible | - | 2020-01-03 |
1008610 | Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible | - | 2020-01-03 |
1008631 | DCHECK failure in index < length_ in vector.h | - | 2020-01-03 |
1008709 | Use-of-uninitialized-value in hsw::blit_row_s32a_opaque | - | 2020-01-03 |
985499 | third_party/liblouis version 3.2.0 is vulnerable | - | 2020-01-02 |
990234 | sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash | - | 2020-01-02 |
991888 | SOP & Site Isolation bypass with Reader mode | $5000 | 2020-01-02 |
1005753 | Security: UAF in indexed_db_cursor.cc | $20500 | 2020-01-02 |
1006544 | Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX | $4000 | 2020-01-02 |
1006545 | Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition | - | 2020-01-02 |
1006763 | Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code | - | 2020-01-02 |
824715 | Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing | $3000 | 2020-01-01 |
1006435 | spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand | - | 2020-01-01 |