Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2020

Options
#Summary$$$Disclosure date
962815Potential use after free in CPDFSDK_FormFillEnvironment::ClearAllFocusedAnnots (XFA)-2022-09-29
1329460'unsafe-inline' is not ignored even though 'strict-dynamic' is specified in dafault-src.$30002022-09-29
1336014Security: WebGPU UAF leading to OOB read/write in the renderer process-2022-09-29
1268580Security: Continued cookie bypasses$40002022-09-28
1330775Security: Heap-use-after-free in ash::OverviewGrid::OnDesksTemplatesGridFadedOut$30002022-09-28
1336057dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in sw::Blitter::clear-2022-09-28
1336334Security DCHECK failure: IsA<Derived>(from) in casting.h$60002022-09-28
1336622Security: UAF in CacheAliasSearchPrefetchURLLoader::StartPrefetchRequest$10002022-09-28
1336865Trap in v8::internal::Intl::NumberFieldToType-2022-09-28
1337388Security: heap-use-after-free chrome/browser/profiles/profile_destroyer.cc:137:16 (chromeOS)$10002022-09-28
1337524tint_regex_spv_writer_fuzzer: Illegal-instruction in c:\clusterfuzz\bot\builds\chromium-browser-libfuzzer_win32-release_x64-asan_4834-2022-09-28
1336266Security: Use After Free in JavaScriptDialogHelper::OnPermissionResponse$160002022-09-27
1337523Use-after-poison in blink::NGGridNode::GridItemsIncludingSubgridded-2022-09-26
1287804render_text_api_fuzzer: Heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange-2022-09-23
1334963Test failures in AppNotificationsWebNotificationTest.PersistentNotificationWhenInstallAndUninstallApp on Linux Chromium OS ASan LSan Tests bot-2022-09-23
1335013CrOS: Vulnerability reported in net-misc/curl-2022-09-23
1336869Security: Misuse of CanCover$75002022-09-23
1308422Security: Abuse the user's system environment variables in <a> download attribute may cause DLL Hijacking or Path Interception$20002022-09-22
1316368Security: WebGL uniform integer overflows-2022-09-22
1329541Security: Web Share dialog URL is not elided correctly on Android$5002022-09-22
1335655<foreignObject> should collect inlines when unicode-bidi attribute/CSS property changed-2022-09-22
1335861Security: heap-use-after-free in SearchNameNodeByNameInternal$75002022-09-22
1336449freetype_colrv1_fuzzer: Use-of-uninitialized-value in sfnt_load_face-2022-09-22
1330125Security: heap-after-free on components/exo/extended_drag_source.cc (Lacros)$30002022-09-20
1332392Diagcab file extension is not blocklisted to prevent users from downloading harmful files$10002022-09-20
1335195DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2022-09-20
1303278libfuzzer_chrome_ubsan is behind by four weeks-2022-09-19
1307656Type confuse in blink::To<blink::LayoutTableSection,blink::LayoutObject> layout_table.cc:175$60002022-09-19
1325699AddressSanitizer: heap-use-after-free location_bar\permission_request_chip.cc:127 in PermissionReque$150002022-09-19
1329879Security: Remote code execution vulnerability in YouTube Embedded SDK-2022-09-19
1335458Security: raw_ptr broke implicit scoped_refptr for receivers in base::Bind.-2022-09-19
1335523Security: V8: GenericJsToWasmWrapper is broken, creates type confusion on the stack-2022-09-19
1329945Security: ChromeOS root privilege escalation (debugd, shill-scripts, minijail0, authpolicyd)$375002022-09-16
1333374Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::GetNamedDestination$75002022-09-16
1333977Security: Unsafe pivot root in authpolicyd init script-2022-09-16
1335054DCHECK failure in *p != to_check_ in heap.cc-2022-09-16
1158375Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut$50002022-09-15
1264288views::Combobox(ui::ComboboxModel*) is prone to UAF-2022-09-15
1290098Security: Autofill prompt can render over different origin in extension-created popup, allows spoofing of autofill context origin and browser UI$20002022-09-15
1306450Security: Sanitizer API bypass via prototype pollution$10002022-09-15
1327087Security: Heap-use-after-free in ash::SavedDeskDialogController::CreateDialogWidget$30002022-09-15
1330042Security: Heap-use-after-free in ash::OverviewItem::DestroyPhantomsForDragging$30002022-09-15
1335021Heap-use-after-free in ash::CalendarEventListView::~CalendarEventListView-2022-09-15
1278255Security: BackgroundFetch leaks URL of cross-origin redirects$80002022-09-14
1332613tint_renamer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2022-09-14
1332881Security: XSS in Chrome UI (password settings) with malicious extension name$20002022-09-14
1333180dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in std::Cr::__hash_const_iterator<std::Cr::__hash_node<std::Cr::__hash_value_type<s-2022-09-14
1334483Heap-use-after-free in rx::vk::BindingPointer<rx::vk::ObjectAndSerial<rx::vk::ShaderModule>>::valid-2022-09-14
1334487Segv on unknown address in rx::GraphicsPipelineCache::getPipeline-2022-09-14
1280901CrOS: Vulnerability reported in dev-libs/nss-2022-09-13
1280903CrOS: Vulnerability reported in app-crypt/nss-2022-09-13
1323564Security: UAF in SystemExtensionsInternalsPageHandler::InstallSystemExtensionFromDownloadsDir-2022-09-13
1327927AddressSanitizer: heap-use-after-free storage::QuotaDatabase::CreateBucketInternal quota_database.cc$160002022-09-13
1328664Heap-use-after-free in [thunk]:-2022-09-13
1332385v8_wasm_compile_fuzzer: Trap in v8::internal::compiler::WasmTyper::Reduce-2022-09-13
1332438QuickAnswersControllerTest.* cause use after free on ASAN builds.-2022-09-13
1333333Use-after-poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$60002022-09-13
1302159Security: Extension can obscure active window with an inactive window, user can interact with sensitive UI using keyboard without being aware$30002022-09-12
1329875AddressSanitizer: heap-buffer-overflow in content::BucketManagerHost::DidGetBucket content/browser/b$210002022-09-12
1330039Security: Set NoNewPrivs in ShillScriptsTool-2022-09-11
982361Compromised web renderer should be unable to spoof MessageSender.id if it never run a content script from the given extension-2022-09-10
1297283Security: use after free in JS self-profiling API-2022-09-10
1316578GPU failure in content::CreateChildProcessCrashWatcher-2022-09-10
1324563CrOS: Vulnerability reported in dev-libs/libxml2-2022-09-10
1327241CrOS: Vulnerability reported in dev-libs/libxslt-2022-09-10
1327872angle_translator_fuzzer: Use-of-uninitialized-value in sh::OutputHLSL::header-2022-09-10
1330289Security: heap-use-after-free in views::DialogDelegate::CancelDialog$30002022-09-10
1331087dcsctp_socket_fuzzer: Use-of-uninitialized-value in dcsctp::OutstandingData::ExtractChunksThatCanFit-2022-09-10
1331309CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc-2022-09-10
1313429CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1313885CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1317673Security: webgl2 CompileShader Heap Corruption$70002022-09-08
1317714use after free in SendQueuedMediaEvents$50002022-09-08
1320700CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1321096CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1324561Chromium: Vulnerability reported in third_party/libxml-2022-09-08
1326857CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1330083tint_robustness_fuzzer: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2022-09-08
1206235Crash in icu_69::UnicodeString::isBogus-2022-09-07
1296934dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn::native::vulkan::VulkanInstance::RegisterDebugUtils-2022-09-07
1321698dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-09-07
1325298Security: PaintImage deserialization OOB-read-2022-09-07
1326928CHECK failure: GetLength() <= JSTypedArray::kMaxLength-2022-09-07
1327312Security: UAF in InterestGroupPermissionsChecker::OnRequestComplete$200002022-09-07
1328045AddressSanitizer: heap-use-after-free in content::ScreenlockMonitor::RemoveObserver content/browser/$110002022-09-07
1329298Security: PageSpeed Insights: DDOS via Blind XSS$5002022-09-07
1329417Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2022-09-07
1329766CHECK failure: external_backing_store_bytes[t] == ExternalBackingStoreBytes(t) in large-spaces.-2022-09-07
1330379Security: Heap use-after-free when bind/unbind TransformFeedback after deleting buffer$120002022-09-07
1330405Use-of-uninitialized-value in v8::internal::Runtime_NotifyDeoptimized-2022-09-07
1330410Crash in v8::internal::ReadOnlyHeap::Contains-2022-09-07
1330423CHECK failure: kind == DeoptimizeKind::kLazy-2022-09-07
1330452DCHECK failure in !done() in bytecode-array-iterator.h-2022-09-07
1330454Index-out-of-bounds in v8::internal::interpreter::Bytecodes::Size-2022-09-07
1330456dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in dawn::native::vulkan::GatherGlobalInfo-2022-09-07
1330484CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc-2022-09-07
1330486Crash in Builtins_AsyncFromSyncIteratorPrototypeThrow-2022-09-07
1330545Crash in v8::internal::DeoptAllOsrLoopsContainingDeoptExit-2022-09-07
1330584DCHECK failure in !IsCleared() in tagged-impl-inl.h-2022-09-07
1320538Security: Chrome on Android Hide Fullscreen Notification Toast When Multiple Times Enter and Exit Fullscreen$50002022-08-31
1329064DCHECK failure in !heap_->memory_allocator()->unmapper()->IsRunning() in mark-compact.cc-2022-08-31
1017145iOS Chrome javascript: URI nonce based CSP bypass$30002022-08-30
1306751mediasource_MP2T_AVC_pipeline_integration_fuzzer: Heap-buffer-overflow in ff_h264_update_thread_context-2022-08-30
1321899DCHECK failure in !transition_map->is_access_check_needed() in handler-configuration.cc-2022-08-30
1328808DCHECK failure in IsStackSlot() || IsFPStackSlot() in instruction.h-2022-08-30
1308341UAF in std::__Cr::vector<base::internal::CheckedObserverAdapter$70002022-08-29
1319227UAF in ChromeScanningAppDelegate$50002022-08-27
1323841DCHECK failure in merged == unmerged in maglev-interpreter-frame-state.h-2022-08-27
1322873[Region Capture] cropTo a non self-capture video track should reject-2022-08-26
1323595Security: Share hub dialog doesn't show the origin elided from the right$5002022-08-26
1324407Security: ProcessLock can change from allows_any_site to is_locked_to_site after process loads content-2022-08-26
1325636gpu_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sw::PixelProcessor::setBlendConstant-2022-08-26
1301203Security: Extension can move window off screen, user can interact with sensitive UI using keyboard without being aware$30002022-08-25
1310790Security: kNativeDataProperty case for SuperIC can have type confusion-2022-08-25
1321078Security: Debug check failed: marking_state_->IsBlackOrGrey(heap_object).$75002022-08-25
1326749Container-overflow in tint::resolver::DependencyScanner::TraverseExpression-2022-08-25
1297209Security: memory bug on webui tab dragging$30002022-08-24
1325615Security: heap-after-free on iOS 15.4 simulator + Chromium Dev Asan$20002022-08-24
1326210Security: Use-after-free in WebGPU$100002022-08-24
1325664Security: pdfium use-after-free in v8 cppgc::internal::GCInvoker::GCInvokerImpl::GCTask::Run()-2022-08-23
1291060CSP is bypassed for status code 100, 101, and 102 pages.$10002022-08-22
1316846Security: Heap-use-after-free in location::nearby::chrome::ScheduledExecutor::PendingTaskWithTimer$30002022-08-22
1320051Security: ChromeOS root privilege escalation (debugd GetPerfOutput eBPF)$350002022-08-22
1320917Security: ChromeOS cras D-Bus SetPlayerIdentity memory corruption$250002022-08-22
1321086AddressSanitizer: heap-use-after-free in PermissionPromptBubbleView::ClosingPermission-2022-08-22
1325341Security: UAF in WebAuthnIconView$100002022-08-22
1325259AddressSanitizer: use-after-poison blink\renderer\bindings\core\v8\script_promise_resolver.h:164 in$60002022-08-21
1305406Security: nosymfollow bind mount bypass-2022-08-20
1323605tint_ast_wgsl_writer_fuzzer: Heap-buffer-overflow in tint::writer::spirv::Builder::GenerateBuiltinCall-2022-08-20
1323738Global-buffer-overflow in v8::internal::Simulator::DecodeType2-2022-08-20
1324864AddressSanitizer: heap-use-after-free __memory/unique_ptr.h:312:28 in mojo::Connector::HandleError(b$210002022-08-20
1303614Security: HeapOverflow in Diagnostics$50002022-08-19
1320181Security: Heap-use-after-free in ReadAnythingToolbarView$30002022-08-19
1321013DCHECK failure in !is_length_tracking() in js-array-buffer-inl.h-2022-08-19
1321980DCHECK failure in byte_capacity_ >= max_byte_length_ in backing-store.cc-2022-08-19
1323690DCHECK failure in frame->is_unoptimized() in frames.h-2022-08-19
1324067Crash in int v8::base::AsAtomicImpl<int>::Relaxed_Load<int>-2022-08-19
1227995Security: Ability to mask file type with another extention. IE JPEG$20002022-08-18
1307930Security: .url files can redirect showSaveFilePicker into an arbitrary file$20002022-08-18
1323239Security: UAF in UserEducationInternalsPageHandlerImpl::GetFeaturePromos$30002022-08-18
1302494audio_decoder_g722_fuzzer: Use-of-uninitialized-value in WebRtc_g722_decode-2022-08-17
1320624Use-after-Free on BuildWebAppInternalsJson$50002022-08-17
1324302Heap-use-after-free in blink::NGHighlightPainter::NGHighlightPainter$60002022-08-17
1323236Security: UAF in AppServiceInternalsPageHandlerImpl::GetPreferredApps$30002022-08-16
1323553Security: heap-use-after-free ash/shelf/hotseat_widget.cc (chromeOS)$10002022-08-16
1320024Security: [ANGLE] Heap use-after-free when deleting TransformFeedback$100002022-08-15
1322552paint_op_buffer_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::Read-2022-08-13
1322744Security: UAF in DiscardsGraphDumpImpl$10002022-08-13
1312144Security: heap-use-after-free in content::WebContentsViewAura::StartDragging$150002022-08-12
1314998Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-08-12
1290713Uaf in OmniboxPopup$30002022-08-11
1320854DecodeStringMessage is missing bounds checks-2022-08-11
1322554transfer_cache_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::ReadSize-2022-08-11
1305117Security: Lockscreen leaks stored words in on-screen keyboard$10002022-08-10
1317746Security: container-overflow in ui::Compositor::StopThroughtputTracker$30002022-08-10
1319217Crash in v8::internal::HeapObject::SizeFromMap-2022-08-09
1320614v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2022-08-09
1321827CHECK failure: heap()->concurrent_marking()->IsStopped()-2022-08-09
1321841CHECK failure: object.Size() == size in heap.cc-2022-08-09
1316889heap-use-after-free in DevToolsWindow::ActivateWindow$30002022-08-08
1320278Unreachable code in objects-body-descriptors-inl.h-2022-08-08
1320408Security: heap-buffer-overflow ui/views/view_model.h:83:28 in ViewAtBase (chromeOS)$5002022-08-08
1320894CHECK failure: object.Size() == size in heap.cc-2022-08-08
1321349CHECK failure: object.Size() == size-2022-08-08
1316946[v8] Integer overflow leading to OOB/CHECK in icu_71::FormattedStringBuilder::prepareForInsertHelper$50002022-08-06
1319797AddressSanitizer: heap-use-after-free in PermissionRequestChip::CreateBubble$30002022-08-06
1228661AddressSanitizer: use-after-poison connector.cc:546 in mojo::Connector::DispatchMessageW$75002022-08-05
1319841Security: Type Confusion in Portal::ActivateImpl$200002022-08-05
1320592Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::OnBubbleClosed$30002022-08-05
1320896CHECK failure: local_weak_objects() ->discovered_ephemerons_local.IsLocalAndGlobalEmpty()-2022-08-05
1311683Android Chrome FullScreen Notification Can be Overlapped by Pop-up Blocker Notification$30002022-08-04
1314908Security: Heap-use-after-free in remote_cocoa::NativeWidgetNSWindowBridge::SetVisibilityState$30002022-08-04
1315563Security: navigator.clipboard.read() can lead to mutation XSS$30002022-08-04
1316990Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleView::CloseWidgetWithReason$50002022-08-04
1318610heap-buffer-overflow : device::BluetoothAdapterMac::LowEnergyCentralManagerUpdatedState-2022-08-04
1318792dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn::native::DeviceBase::DestroyObjects-2022-08-04
1316740Security: heap-use-after-free in views::View::GetEffectiveViewTargeter$50002022-08-03
1319302heap-use-after-free on content::DevToolsAgentHostImpl::ForceDetachAllSessions$30002022-08-03
1320007CHECK failure: object.Size() == size in heap.cc-2022-08-03
1223475Security: Content-Security-Policy bypass via Console API CSS-formatted messages$5002022-08-02
1248059Security: heap-use-after-free in the views::Widget::GetNativeTheme in the browser process$30002022-08-02
1268445Security: Bypassing of security interstitials using debugger API$10002022-08-02
1315102UAF in SupportToolMessageHandler$100002022-08-02
1318181DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated--2022-08-02
1319081Heap-use-after-free in reporting::NetworkConditionService::NetworkConditionServiceObserver::RegisterRTT-2022-08-02
1319265Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern-2022-08-02
1319855CHECK failure: object.Size() == size in heap.cc-2022-08-02
1116450Security: Extensions can capture contents of local files using Page.captureScreenshot with fromSurface set to false$30002022-08-01
1317650Security: [ANGLE] Heap use-after-free caused by State::detachBuffer$100002022-08-01
1317875Security: Heap-use-after-free in ash::ScopedOverviewTransformWindow::~ScopedOverviewTransformWindow$30002022-08-01
1318673Heap-buffer-overflow in CJBig2_Context::ParseSymbolDict-2022-07-31
1308968Use-after-free crash in WaylandWindow when tabdrag source window gets destroyed-2022-07-30
1318013Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern-2022-07-30
1250993Security: URL spoofing using LATIN SMALL LETTER L WITH STROKE$5002022-07-29
1312563heap-use-after-free : media::VTVideoEncodeAccelerator::GetSupportedProfiles-2022-07-29
1313977Security: heap-buffer-overflow on ash/wm/window_animations.cc (chromeOS)$30002022-07-29
1314310Tab reliably crashing with STATUS_ACCESS_VIOLATION with reproduction steps$10002022-07-29
1315080Security: Segv on unknown address in views::internal::NativeWidgetPrivate::ReparentNativeView$30002022-07-29
1298867gpu_angle_passthrough_fuzzer: Crash in rx::BufferNULL::setSubData-2022-07-28
1301071CrOS: Vulnerability reported in app-editors/vim-2022-07-28
1309843CrOS: Vulnerability reported in app-editors/vim-2022-07-28
1311820Security: Browser-side origin confusion for javascript/data URLs opened in a new window/tab by cross-origin iframe$200002022-07-28
1312790Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-07-28
1317725DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated--2022-07-28
1311814Security: heap-use-after-free ash/accessibility/chromevox/touch_exploration_manager.cc$30002022-07-27
1317054Heap-use-after-free in PrintDialogGtk::OnResponse-2022-07-27
1317681DCHECK failure in U_SUCCESS(status) in intl-objects.cc-2022-07-27
1018669Security: binder: UAF write from context manager via transaction-to-self-2022-07-26
1304987clang-analyzer-core.uninitialized.Branch in third_party/blink/renderer/platform/graphics/gpu/webgl_image_conversion.cc-2022-07-26
1307515DCHECK failure in U_SUCCESS(status) in intl-objects.cc-2022-07-26
1313600Security: heap-buffer-overflow on components/ui_devtools/views/devtools_server_util.cc-2022-07-25
1306861Security: Incomplete patch for issue 1246631 (CVE-2021-37981) and inaccurate scaling in EyeDropperView$70002022-07-22
1316113Heap-use-after-free in policy::RebootNotificationsScheduler::~RebootNotificationsScheduler-2022-07-22
1316278dawn_wire_server_and_vulkan_backend_fuzzer: Check failed in CheckUnwind-2022-07-22
1315901Security: [0-day] JIT optimisation issue-2022-07-21
1305394Leaking window.length without opener reference.$20002022-07-20
1312270heap-buffer-overflow on ui_devtools::UIElement::ReorderChild$20002022-07-20
1312419Security: heap-use-after-free on components/global_media_controls/public/views/media_item_ui_list_view.cc$30002022-07-20
1312799gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap-2022-07-20
1313905Security: [ANGLE] Heap use-after-free in ContextVk::onBeginTransformFeedback$100002022-07-20
1314383bad free in gpu ~PackedEnumMap$70002022-07-20
1314616Security: JS object corruption in WasmJS::InstallConditionFeatures (CVE-2021-30561 variant)$75002022-07-20
1314676Security: UAF in SegmentationPlatformServiceImpl$30002022-07-20
1314754Security: Missing bounds check in WebGPUDecoderImpl::DoRequestDevice-2022-07-20
1315031Heap-use-after-free in ash::SearchResultView::PreferredHeight-2022-07-20
1315040Security: Drag and Drop XSS$20002022-07-20
1315192Security: oob read in AudioDelayDSPKernel::ProcessKRate$20002022-07-20
1303552hb_shape_fuzzer: Use-of-uninitialized-value in OT::hb_ot_apply_context_t::skipping_iterator_t::prev-2022-07-18
1314363DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2022-07-18
1314658Security: heap-use-after-free in PDFium CPDFSDK_AppStream::Write$50002022-07-17
1312699AddressSanitizer: heap-use-after-free element.cc:3611 in blink::Element::RecalcOwnStyle$50002022-07-16
1314536DCHECK failure in !IsInProgress(function->tiering_state()) in runtime-compiler.cc-2022-07-16
1302949Security: Heap-use-after-free in send_tab_to_self::SendTabToSelfBubbleController::OnBubbleClosed$50002022-07-15
1310717Use-after-Free on crostini::CrostiniExportImport::OpenFileDialog$70002022-07-15
1311923CHECK failure: (location_) != nullptr in maybe-handles.h-2022-07-15
1314184v8_wasm_compile_fuzzer: Null-dereference WRITE in v8::internal::Simulator::WriteW-2022-07-15
1314644DCHECK failure in osr_cache->FindEntry(*shared, osr_offset) == -1 in osr-optimized-code-cache.cc-2022-07-15
1289192Security: UAF in BookmarkDragHelper$30002022-07-14
1300995Heap-use-after-free under ash::HandleToggleOverview in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse-2022-07-14
1304884Security: use after free in cups_printers_handler$30002022-07-14
1305068Security: UAF in SelectFileDialogExtension::NotifyListener$50002022-07-14
1306391Security: Use-After-Free in SelectFileDialog$10002022-07-14
1309467Type confusion in handling of accessor in ReduceNamedAccess-2022-07-14
1313983DCHECK failure in !try_catch.HasCaught() in d8.cc-2022-07-14
1311903Security: heap-use-after-free on ash/capture_mode/capture_mode_session.cc-2022-07-13
1312838DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2022-07-13
1313172Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability - TALOS-2022-1508$100002022-07-13
1106456Security: Possible to escape sandbox via devtools_page and Feedback app$150002022-07-12
1270539heap-use-after-free in TabGroupModel::GetTabGroup$30002022-07-12
1292870Security: UAF after adding undocked DevTools tab to a group$50002022-07-12
1300561Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop$20002022-07-12
1305267Security: ChromeOS root privilege escalation (arcvm, arcvm_server_proxy, vm_concierge, arc-create-data)$300002022-07-12
1305834gpu_angle_fuzzer: Trap in gpu::CommandBufferSetup::LogGLDebugMessage-2022-07-12
1311701Security: UAF in DumpDatabaseHandler$150002022-07-12
1307445transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap-2022-07-10
1302959Security: Extension permission escalation$50002022-07-09
1312022CHECK failure: !HasJobs() in optimizing-compile-dispatcher.h-2022-07-09
1307603v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2022-07-08
1311641Security: Incomplete fix for CVE-2022-1096-2022-07-08
1101001Security: UAF Read in Content process$150002022-07-07
1292308Security: UAF in CalendarView 2$60002022-07-07
1303330Security: heap-use-after-free in ui::EventTarget::RemovePreTargetHandler$150002022-07-07
1304660CrOS: Vulnerability reported in dev-libs/libxml2-2022-07-07
1310295Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-07-07
1305190[ANGLE] Vulkan Use After Free in onBeginTransformFeedback$70002022-07-06
1305900Security:SEGV on unknown address in ash::DeskPreviewView::RecreateDeskContentsMirrorLayers()$30002022-07-06
1307946v8_wasm_compile_fuzzer: Segv on unknown address in v8::internal::MarkCompactCollector::RootMarkingVisitor::VisitRootPointer-2022-07-06
1308199Security: Chrome Apps: Possible to read environment variables using suggestedName in chrome.fileSystem.chooseEntry$70002022-07-06
1234267Bad-cast to ui::Layer from cc::PictureLayer in ui::SendDamagedRectsRecursive-2022-07-05
1268541Security: Another Cross-Origin Response Size Leak Via BackgroundFetch$30002022-07-05
1281808Security: UAF in AXVirtualViewWrapper$150002022-07-05
1285234AddressSanitizer: heap-use-after-free in blink::BlobBytesProvider::AppendData$60002022-07-05
1292905Security DCHECK failure: IsA<Derived>(from) in casting.h$60002022-07-05
1301180Security: Bypass Apk Warning In Andriod$10002022-07-05
1305423Security: installer: encrypted_import: Disk access to root command execution-2022-07-05
1310461Security: chrome.downloads.download could be abused to steal user's environment variables like secrets, tokens or keys on windows.$70002022-07-05
1310597Chromium: Vulnerability reported in third_party/liblouis-2022-07-05
1283050Heap-use-after-free in RenderViewHostImpl::ActivatePrerenderedPage-2022-07-04
1278608Security: CA certificate import exploitable with large DSA and RSA-PSS signatures on Linux/ChromeOS-2022-07-02
1299211Use After Free in TextureVk::releaseAndDeleteImageAndViews$100002022-07-02
1301148Security: heap UaF in DesksTemplates dialog-2022-07-02
1305403Security: mnt_concierge semi-arbitrary bind mount-2022-07-02
1236325Security: Extensions with debugger permission can list URLs and send commands to incognito tabs and other profile tabs$50002022-07-01
1251588Security: download protection bypass on macOS with .inetloc$5002022-07-01
1301873Security: Chrome for Android Hide Custom Fullscreen Toast View with Repeated Exit Enter Fullscreen Request$30002022-07-01
1308360Type confusion when using simple api call accessors with SuperIC-2022-07-01
1305401Security: Arcvm custom init-2022-06-30
1306768Security: UAF in SelectFileDialogLacros::OnSelected (lacros-chrome)$30002022-06-30
1308178DCHECK failure in HasBytecodeArray() in shared-function-info-inl.h-2022-06-30
1309767DCHECK failure in string.length() == source.length() in string-table.cc-2022-06-30
1309842CrOS: Vulnerability reported in dev-libs/openssl-2022-06-30
1306458Security: Potential UAF in ChromeDesksTemplatesDelegate::OnLacrosChromeUrlsReturned$10002022-06-29
1306443getThumbnail() CHECK leaks number of available PDF pages$5002022-06-29
1308253Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-29
1309023Illegal-instruction in permissions::PermissionRequestManager::FinalizeCurrentRequests-2022-06-29
1270008OS Command Injection in node-opencv-2022-06-28
1297643Security: heap-use-after-free ash/drag_drop/drag_drop_tracker.cc:109$30002022-06-28
1304075uaf in FrameSinkVideoCaptureDevice::OnLog$5002022-06-28
1306507AddressSanitizer: heap-use-after-free components/history/core/browser/history_backend.cc:2542:22 in history::HistoryBackend::KillHistoryDatabase()$160002022-06-28
1307667Bad-cast to blink::MathMLSpaceElement from blink::MathMLElement in blink::MathMLSpaceElement* blink::DynamicTo<blink::MathMLSpaceElement, blink::El-2022-06-28
1266953Tricking a user into a same-page drag-and-drop can disclose data to cross-origin frames-2022-06-27
1293357Security: Samba vulnerabilities CVE-2021-44141, CVE-2021-44142, CVE-2022-0336-2022-06-27
1300507CrOS: Vulnerability reported in net-fs/samba-2022-06-27
1300508CrOS: Vulnerability reported in sys-libs/ldb-2022-06-27
1302431CrOS: Vulnerability reported in net-fs/samba-2022-06-27
1307610Security: RegExp[@@replace] missing write barrier, leading to RCE$200002022-06-27
1305706uaf in BookmarkBarView::OnTabGroupButtonPressed$20002022-06-25
1299287Video escapes content area$30002022-06-24
1299743Security: heap-use-after-free in FileSystemAccessRegularFileDelegate::DoFlush$75002022-06-24
1300253Security: Chrome for Android Cancel Enter Fullscreen able to Hide Omnibox$30002022-06-24
1304658Security: Debug check failed: type.representation() == MachineRepresentation::kFloat64 || type.representation() == MachineRepresentation::kTagged.$85002022-06-24
1275600Security: UAF in ViewsAXTreeManager$200002022-06-23
1282384Security: UAF in FocusController::SetFocusedWindow$200002022-06-23
1299261Security: [ANGLE] Heap overflow read in vk::IndexBuffer::getIndexBuffers$70002022-06-23
1302321gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2022-06-23
1303410Security: ChromeOS - Lockscreen leaks clipboard contents, i.a.$50002022-06-23
1305776AddressSanitizer: use-after-poison in blink::WebrtcVideoPerfReporter::InitializeOnTaskRunner webrtc_video_perf_reporter.cc:36$60002022-06-23
1297138Security: leak user html content using Dangling Markup injection when http upgrade to https$5002022-06-22
1298122Security: TrustedTypes does not block assignment when modifying existing attribute value via nodeValue/textContent$10002022-06-22
1304545Security: Potential Use After Free in ManagedValueStoreCache::OnPolicyUpdated$10002022-06-22
1301134Security: heap-use-after-free ash/wm/overview/overview_highlightable_view.cc:17:18 in ash::OverviewHighlightableView::SetHighlightVisibility(bool)$30002022-06-21
1303458[TurboFan]v8 crashed when compling optimization$50002022-06-21
1304368Security: UAF in ui/ozone/platform/wayland/host/wayland_window.cc$70002022-06-20
1275414Security: heap-use-after-free in network::server::HttpServer::FindConnection$10002022-06-18
1297404Security: heap-use-after-free in global_media_controls::MediaItemManagerImpl::HideItem-2022-06-17
1304045Security: AddressSanitizer: heap-use-after-free ui/views/window/dialog_delegate.cc:419:26 in views::DialogDelegate::AcceptDialog()-2022-06-17
1304145Security: UAF in ScanningHandler$50002022-06-17
1162424Security: racing UAF during usrsctp_close in usrsctp in webrtc$50002022-06-16
1303253use after free in SelectFileDialogExtension::ExtensionTerminated$30002022-06-16
1303613Security: HeapOverflow in ScanningHandler$30002022-06-16
1303615Security: HeapOverflow in CertificatesHandler$30002022-06-16
1304659Chromium: Vulnerability reported in third_party/libxml-2022-06-16
1301920Security: Web Share API allows to write in UNC paths and/or in C:/Users/<username>/AppData/Local/Temp/ on Windows$50002022-06-15
1302644Security: Use After Free in ChromePasswordProtectionService::HandleUserActionOnModalWarning$160002022-06-15
1303919Security: libtiff CVE vulnerabilities in 4.2.0 (from pdfium)-2022-06-15
1297429[WebUI] StartupPagesHandler does not adequately verify arguments from JS$75002022-06-14
1299264use after free in rx::FramebufferVk::startNewRenderPass$70002022-06-14
1302157Security: Heap-use-after-free in ~ExtensionUninstallDialogViews$30002022-06-14
1301320Security: heap-use-after-free in extensions::ExtensionApiFrameIdMap::GetFrameId-2022-06-11
1180745stack over flow in swiftshader$75002022-06-10
1284582CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1285554CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1287844CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1290799CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1291951CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1292966CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1294201CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1294503CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1295411Security: [ANGLE] Heap use-after-free in CommandBufferHelperCommon::bufferWrite$70002022-06-10
1296101CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1296866Security: heap-buffer-overflow in getImageActualFormat$70002022-06-10
1299225Security: Heap-use-after-free in QuickAnswersUiController::CloseQuickAnswersView$30002022-06-10
1301840uaf in browser_switcher::`anonymous namespace'::OpenBrowserSwitchPage$20002022-06-10
1302625DCHECK failure in lhs.Is(Type::Number()) in operation-typer.cc-2022-06-10
1264543Security: Popup with noopener does not consume user activation-2022-06-09
1292360Security: UAF in CalendarView 3$70002022-06-09
1296467Security: [ANGLE] Heap use-after-free in BufferHelper::recordReadBarrier$70002022-06-09
1302280wayland_fuzzer: Heap-use-after-free in destroy_queued_closure-2022-06-09
1280205Security: Heap-use-after-free in TabStrip::OnGroupCreated$70002022-06-08
1299422Security: heap-use-after-free in content::DisplayCutoutHostImpl::SendSafeAreaToFrame-2022-06-08
1207335Chromium: Vulnerability reported in third_party/binutils-2022-06-07
1292304Security: UAF in CalendarView$50002022-06-07
1301209dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-06-07
1233333v8_inspector_fuzzer: Use-of-uninitialized-value in v8_crdtp::cbor::CBOREncoder::HandleInt32-2022-06-06
1292261Security: Heap-use-after-free in BrowserList::AddBrowser$70002022-06-06
1295654CrOS: Vulnerability reported in net-vpn/strongswan-2022-06-06
1298986dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-06-06
1273841AddressSanitizer: heap-use-after-free in blink::Screen::AreWebExposedScreenPropertiesEqual$50002022-06-04
1290586Calling stopTrack() in a worker fails a To<> cast DCHECK-2022-06-04
1291472MediaStreamTrackinWorker fails Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-04
1291891Uaf in qrcode_generator::QRCodeGeneratorBubbleController::OnBubbleClosed$50002022-06-04
1296841CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1296876v8_wasm_code_fuzzer: Crash in Builtins_GenericJSToWasmWrapper-2022-06-04
1300139CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1298884CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1291986Security heap-use-after-free ash/wm/splitview/split_view_divider.cc (chromeOS)$70002022-06-03
1296334heap-use-after-free : safe_browsing::VerdictCacheManager::CacheRealTimeUrlVerdict-2022-06-03
1297498UAF in ThreatDetailsCacheCollector::OpenEntry$150002022-06-03
1299259freetype_type1_fuzzer: Crash in cf2_interpT2CharString-2022-06-03
1000408getOriginFromUrl in cryptotoken component extension doesn't use real origin-2022-06-02
1292004Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-01
1294612uaf in AppLaunchHandler::LaunchApp-2022-06-01
1298015Security: heap-use-after-free in base::SupportsUserData::GetUserData$70002022-06-01
1299814CHECK failure: !isolate->concurrent_osr_enabled()-2022-06-01
1279775Security: Stack-Buffer-Overflow in g711_interface.c-2022-05-31
1280851Security: Stack-Buffer-Overflow in WebRtc_g722_decode-2022-05-31
1299418CHECK failure: !isolate->concurrent_osr_enabled() in runtime-test.cc-2022-05-31
1299438CHECK failure: !isolate->concurrent_osr_enabled()-2022-05-31
1083835heap-use-after-free : rlz::RLZTracker::GetAccessPointRlzImpl-2022-05-29
1293191Propagating inertness into nested browsing contexts leaks information, privacy concern?-2022-05-29
1298149Use-after-poison in mojo::internal::InterfacePtrStateBase::Bind-2022-05-29
1298213heap-use-after-free : ash::`anonymous namespace'::EncodeBitmapToPNG-2022-05-29
1193390gpu_raster_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init-2022-05-26
1276002Security: fencedframe element bypass the security policy restrictions of the devtools preview limit$30002022-05-26
1296120Security: ChromeOS root privilege escalation (arcvm_server_proxy, cups, arc-create-data)$300002022-05-26
1227636Security: [SkPixmap] pdfium SEGV on getColor()-2022-05-25
1280852Security: Stack-Buffer-Overflow in WebRtcPcm16b_Decode$50002022-05-25
1292271Security: heap-use-after-free on ash/wm/desks/desks_controller.cc (chromeOS)$70002022-05-25
1296407Heap-use-after-free in content::SavePackage::ContinueGetSaveInfo-2022-05-25
1297269Security: Chrome Enterprise MSI installer Elevation of Privileges Vulnerability$200002022-05-25
1297541Heap-use-after-free in cppgc::internal::BasicPersistent<blink::NGLayoutResult const, cppgc::internal::S-2022-05-25
1297764Defense in depth: Remove TMP directory fallback for installer payload-2022-05-25
1253281Security: UAF in SQLite renameTokenCheckAll-2022-05-24
1281908Security: DeserializeFromMessage should validate the message header-2022-05-24
1292333DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc-2022-05-24
1295786uaf in blink::MediaInspectorContextImpl::CullPlayers(blink::WebString const&)$50002022-05-24
1263825Heap-use-after-free in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse-2022-05-23
1267318SameSite cookies leak via embedded browsing context$5002022-05-23
1291735Security: Sharesheet dialog doesn't show the origin elided from the right$5002022-05-23
1295699Residual UAF in token fetcher code$10002022-05-23
1195549dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn_native::vulkan::Device::PrepareRecordingContext-2022-05-21
1270117[iOS] CSP Bypass via Service Worker$5002022-05-21
1294723dawn_wire_server_and_frontend_fuzzer: Crash in tint::diag::Formatter::format-2022-05-21
1296526Heap-use-after-free in history_clusters::OnDeviceClusteringBackend::ClusterVisitsOnBackgroundThread-2022-05-21
1285885Security: [ANGLE] Vulkan : Out-of-bounds memory can be accessed using bound offsets$70002022-05-20
1290150Security: redirect detection via Performance API$10002022-05-20
1294097Security: Heap-use-after-free in NearbyShareAction::HandleKeyboardEvent$70002022-05-20
1295087Bad-cast to blink::LayoutBlock from blink::LayoutImage in blink::LayoutBlock& blink::To<blink::LayoutBlock, blink::LayoutObject>-2022-05-20
1296150Security: [0-day] Use-After-Free in UpdateAnimationTiming-2022-05-20
1077756Security: sandbox doesn't prevent setgid("disk") in shill process tree-2022-05-19
1290700uaf in BrowserSwitchHandler::OnLaunchFinished$20002022-05-19
1295999renderer_proto_tree_fuzzer: Use-of-uninitialized-value in blink::NGLayoutResult::NGLayoutResult-2022-05-19
1289394file_system_manager_mojolpm_fuzzer: Heap-use-after-free in storage::ObfuscatedFileUtil::GetDirectoryForStorageKey-2022-05-18
1292537Crash in memfd:swiftshader_jit-2022-05-18
1295221Security: Variant analysis of UAF in AccessiblePaneView-2022-05-18
1264561Security: Chrome for Android Hide Entering Fullscreen Notification Toast using Multiple Toast from Failed to Copy$25002022-05-16
1266631Cross-site information leak - CSP Violation reports contain blockedURI's hostname$20002022-05-16
1288919tint_wgsl_reader_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-05-15
1289116Heap-use-after-free in rx::vk::GarbageObject::destroy-2022-05-15
1292829dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in tint::diag::Formatter::format-2022-05-15
1293906Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-14
1142269Security: Chromium doesn't conform to SMS Verification APIs leading to potential Access to app protected components vulnerability$10002022-05-13
1291482Chrome should ignore responses with http status code 1**-2022-05-13
1270005Heap-buffer-overflow in flatbuffers::EscapeString-2022-05-12
1283546Security: UAF in ProtocolHandlerThrottle using PlzDedicatedWorker$200002022-05-12
1291109Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-12
1291471Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-12
1156237heap-use-after-free : __72+[NSRemoteViewMarshal _addFreeWindow:parameters:listenerEndpoint:reply:]_block_invoke-2022-05-11
1246188Security: Compromised renderer can set custom cursor up to 1024px over browser UI and other windows$20002022-05-11
1273397Security: Heap-buffer-overflow in tabgroup$70002022-05-11
1279665Security DCHECK failed: IsA<Derived>(from) in ng_layout_input_node.cc:96 blink::NGLayoutInputNode::TableCellColspan$50002022-05-11
1284293AddressSanitizer: heap-use-after-free in TryProcess ui/base/accelerators/accelerator_manager.cc:152:17$70002022-05-11
1285601Security: heap-use-after-use in DiscountURLLoader::NavigateToDiscountURL$160002022-05-11
1286940Security: heap-use-after-free in ProfileImpl::IsSameOrParent$70002022-05-11
1288020heap buffer overflow in sw::Blitter::fastResolve$70002022-05-11
1289507dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::OwnedCompilationMessages::AddMessages-2022-05-11
1291728Security: heap-use-after-free in base::ObserverList::RemoveObserver$100002022-05-11
1293248css_parser_fast_paths_fuzzer: Use-of-uninitialized-value in bool blink::ParsePercentage<unsigned char>-2022-05-11
1268448Fix unsafe use of lambdas in BaseRenderingContext2D-2022-05-10
1269999Heap-use-after-free in xmlAddNextSibling-2022-05-10
1287864Security: iOS Webkit can leak IndexedDB names-2022-05-09
1290008UAF in printing$150002022-05-09
1283402Heap-use-after-free in ChromePermissionsClient::OverrideCanonicalOrigin$150002022-05-06
1289383Security: [ANGLE] Heap-buffer-overflow in ImageHelper::SubresourceUpdate::isUpdateToLayers$100002022-05-06
1289846Security: CSS keylogger extension using PageStateMatcher and chrome.action.openPopup()$50002022-05-06
1290107tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-05-06
1035344API: parameterized overload of GetPropertyNames promises more flexibility than it actually supports-2022-05-05
1280132Security DCHECK failed: IsA<Derived>(from) in ng_block_node.cc:1032 blink::NGBlockNode::FirstChild$50002022-05-05
1280233Origin spoofing in WebUSB$30002022-05-05
1285636gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sse3::store_NUMBER-2022-05-05
1288251AddressSanitizer: heap-use-after-free asan-linux-release-960248 content::StoragePartitionImpl::GetLockManager() content/browser/storage_partition_impl.cc:1493$150002022-05-05
1288881gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in GrDirectContextPriv::validPMUPMConversionExists-2022-05-05
1289678v8_wasm_compile_fuzzer: DCHECK failure in 3 == element_size_log2(kind) in liftoff-assembler-x64.h-2022-05-05
1289715Security: heap-use-after-free in ExtensionFunction::Shutdown$150002022-05-05
1290587DCHECK failure in !scope_info_.is_null() in scopes.cc-2022-05-05
1250655#Summary SUMMARY: AddressSanitizer: heap-use-after-free in gpu::CommandBufferProxyImpl::OnDisconnect$70002022-05-03
1269996Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned int, 4u> const> hb_array_t<OT::IntType<unsigned-2022-05-03
1270333Security: Integer overflow in HandleTable::AddDispatchersFromTransit leading to memory corruption-2022-05-03
1289378heap-use-after-free : media_router::CastActivityManager::TerminateSession-2022-05-03
1289384Security: might be possible to UaF JavaScriptIsolatedWorldRequest-2022-05-03
1289798Heap-use-after-free in blink::NGBoxFragmentBuilder::PropagateBreakInfo-2022-05-03
1290079v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::SpillRegisterAtMerge-2022-05-03
1242962Security: heap-buffer-overflow in SelectFileDialogImpl::OnSelectFileExecuted$70002022-05-02
1270052Security: Chrome for Android Hide Entering Fullscreen Notification Toast with HTML Select Dropdown$30002022-05-02
1270470Security: Scrolls are detectable cross-site upon using the Scroll to text fragment feature.$20002022-05-02
1278322Security: heap-use-after-free in TemplateURLRef::ParseHostAndSearchTermKey$70002022-05-02
1284916Security: UAF in DistilledPagePrefs::SetFontScaling$200002022-05-02
1289523Security: heap-use-after-free in TemplateURLFetcher::RequestDelegate::OnTemplateURLParsed$70002022-05-02
1289802Use-of-uninitialized-value in v8::internal::JSFunction::EnsureFeedbackVector-2022-05-02
1286816WebUSB out-of-bound access to selected_alternates_ in usb_device if the device has non-sequential alternative interface number-2022-04-29
1285759Security: double-free in content::RenderFrameHostImpl::ResetNavigationRequests$50002022-04-28
1288130tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-28
1288769Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-28
1057296COOP isn't inherited to Blob URL-2022-04-27
1253155CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1266771CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1268369CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1268803CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1273811CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1276679CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1277921CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1281941Heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext$10002022-04-27
1283018CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1286110Security: heap-buffer-overflow swiftshader Image::copy 3D-2022-04-27
1287364Page can use EyeDropper API to bypass mouse movement/keyboard input requirements for autofill (bypass of issue 1240472 fix)$20002022-04-27
1287962Security: [ANGLE] Heap-buffer-overflow in TextureVk::prepareForGenerateMipmap$120002022-04-27
1283434A GPU crash (or anything that causes loss of GPU support for Chrome) will create framebuffer ghosting with ImageBitmap$10002022-04-26
1287843Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-26
1285622tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-24
1281078Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$70002022-04-23
1282480Security: AddressSanitizer: heap-use-after-free on drag_drop_controller.cc (chromeOS and Lacros)$20002022-04-23
1244205uaf in content::DesktopCaptureDevice::Core::AllocateAndStart$100002022-04-22
1252716Security: heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar$100002022-04-22
1260007Security: State tracking issue in RenderFrameHostImpl leading to UaF-2022-04-22
1274445Security: v8 Debug check failed: target_inobject < GetInObjectProperties().$50002022-04-22
1278375Security: stack-buffer-overflow in views::ScrollView::OnMouseWheel(ui::MouseWheelEvent const&) in the browser process$30002022-04-22
1280941pdf_jpx_fuzzer: Trap in pdfium::base::AlignedAlloc-2022-04-22
1283609Security: UAF in OOBEUI$70002022-04-22
1284584Security: UAF in safe_browsing::DownloadRequestMaker::Start$200002022-04-22
1285116Security: heap-use-after-free in web_app::ShortcutInfoForExtensionAndProfile$20002022-04-22
1286837Global-buffer-overflow in blink::CompositeOperatorName-2022-04-22
1287342Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-22
1262902Security: Heap-use-after-free in AccessibilityUIMessageHandler::RequestWebContentsTree$70002022-04-21
1274113Security: mojo race NodeName reuse to leak messages-2022-04-21
1212957AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers$85002022-04-20
1280743Security: JBIG2_Context.cpp arithmetic looks prone to overflow.-2022-04-20
1283077Security: heap-buffer-overflow in webui tabstrip-2022-04-20
1232866Security: Heap UAF in media_gpu!media::VideoProcessorProxy::VideoProcessorBlt$70002022-04-19
1251065Chrome downgrades long-running requests from HTTPS to HTTP after 3 s.$30002022-04-19
1275438Security: UAF in DateTimeChooserAndroid::ReplaceDateTime$250002022-04-19
1281763Security: UAF in GoogleSearchDomainMixingMetricsEmitter$100002022-04-19
1282118Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded$100002022-04-19
1285596Crash in cppgc::internal::MemberBase::MemberBase-2022-04-19
1285882Crash in blink::LayoutObject::RemoveChild-2022-04-19
1273017Security: Inappropriate implementation in PushMessaging$100002022-04-18
1282320Security: use-after-poison in blink::InspectorAccessibilityAgent::RefreshFrontendNodes$5002022-04-18
1283124AddressSanitizer: use-after-poison cc\layers\texture_layer.cc:169 in cc::TextureLayer::Update$50002022-04-18
1285007DCHECK failure in reg.ToInt() < register_data_.size() in mid-tier-register-allocator.cc-2022-04-18
1281859CrOS: Vulnerability reported in sys-libs/binutils-libs-2022-04-17
1277917heap-use-after-free : mojo::DataPipeDrainer::WaitComplete-2022-04-16
1283375UAF in PrintViewManagerBase$150002022-04-16
1284138heap-use-after-free base/memory/scoped_refptr.h:261:43 in operator bool (chromeOS)$70002022-04-16
1249964intent:// URIs can launch BROWSABLE non-exported activities in the sending app-2022-04-15
1267748sqlite3_fts3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeExec-2022-04-15
1270593Security: Chrome for Android Delay Navigate then requestFullScreen will Hide Omnibox$75002022-04-15
1271896CrOS: Vulnerability reported in dev-libs/gmp-2022-04-15
1275531CrOS: Vulnerability reported in net-wireless/bluez-2022-04-15
1275622file_system_manager_mojolpm_fuzzer.exe: Heap-use-after-free in storage::ObfuscatedFileUtil::InitOriginDatabase-2022-04-15
1277328Security: heap-use-after-free in ui::AXTree::NotifyNodeWillBeReparentedOrDeleted$70002022-04-15
1279188Security: Elevation of Privileges in chrome installer when removing scoped directory during updates$100002022-04-15
1279531heap-use-after-free in media_router::CastMediaSinkService::StartMdnsDiscovery$70002022-04-15
1282651dawn_wire_server_and_vulkan_backend_fuzzer: Container-overflow in dawn_native::OwnedCompilationMessages::AddMessage-2022-04-15
1282782Type Confuse Security DCHECK failed: !node || IsTextControl(*node) text_control_element.h(268)$50002022-04-15
1283090heap-use-after-free : DefaultPrefStore::~DefaultPrefStore-2022-04-15
1283371Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles$150002022-04-15
1283805Heap-buffer-overflow in TableView::OnItemsRemoved-2022-04-15
1283807Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds-2022-04-15
1284367Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails-2022-04-15
1284509tint_regex_hlsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-15
1284742freetype_truetype_fuzzer: Heap-buffer-overflow in tt_face_vary_cvt-2022-04-15
1285122v8_inspector_fuzzer: DCHECK failure in IsInvalid(c0_) || base::IsInRange(c0_, 0u, unibrow::Utf16::kMaxNonSurrogateCharC-2022-04-15
1249626heap-use-after-free : void exo::wayland::DestroyUserData<exo::wayland::`anonymous namespace'::WaylandPointerStylusDelegate>-2022-04-13
1250227SUMMARY: AddressSanitizer: heap-use-after-free web_view_impl.cc:1020 in blink::WebViewImpl::ClosePagePopup$75002022-04-13
1254422Intent selectors allow intents from the web to bypass intent filter requirements-2022-04-13
1282224v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register-2022-04-13
1282645Container-overflow in content::RenderFrameHostImpl::OnBackForwardCacheDisablingFeatureRemoved-2022-04-13
1283042v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register-2022-04-13
1283681Security: UAF in heap-use-after-free inin DevToolsWindow::Show(browser process)$30002022-04-13
1261713Security: Heap-use-after-free in feedback::FeedbackData::SendReport$10002022-04-12
1279368AddressSanitizer: use-after-poison local_frame_view.cc:818 in blink::LocalFrameView::PerformLayout-2022-04-12
1283255heap-use-after-free : DownloadItemView::DropdownButtonPressed-2022-04-09
1283198Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail-2022-04-07
1278960Security: Heap-use-after-free in autofill::EditAddressProfileView::WindowClosing$70002022-04-05
1282272Google Chrome Browser Private key leaks on github-2022-04-03
1274323Crash in SkArenaAllocWithReset::reset$60002022-04-01
1268240Security: UaF in AccessibilityUIMessageHandler::Callback$10002022-03-31
1275020SUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState<void (content::StorageNotificationService::*)(url::Origin), UnretainedWrapper<content::StorageNotificationService>$200002022-03-31
1277327Security: heap-use-after-free ui::AXEventRecorder::OnEvent$70002022-03-31
1280456Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop$30002022-03-31
1281881Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase$20002022-03-31
1276331Security: heap-buffer-overflow around blink::mojom::WidgetInputHandlerProxy::DispatchEvent-2022-03-30
1281800UAF crash may happen on child_process_launcher_android.cc-2022-03-30
1270358Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins$170002022-03-29
1270498heap-buffer-underflow : ash::ScrollableShelfView::GetTargetScreenBoundsOfItemIcon-2022-03-29
1278988Security DCHECK failed: IsA<Derived>(from) in blink::LayoutTableSection::AddCell layout_table_section.cc:277-2022-03-29
1264196heap-use-after-free : ash::ShelfID::IsNull-2022-03-27
1271538v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::AllocateInput-2022-03-27
1280822Use-after-poison in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers-2022-03-27
1274316uaf in rx::vk::CommandBufferHelper::bufferWrite$50002022-03-24
1278180Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId$100002022-03-24
1209467CrOS: Vulnerability reported in net-fs/samba-2022-03-23
1231037Security: invalid parsing of HTML by tree_builder_simulator leading to mutation XSS$50002022-03-23
1261790CrOS: Vulnerability reported in sys-libs/ldb-2022-03-23
1261791CrOS: Vulnerability reported in net-fs/samba-2022-03-23
1249426heap buffer overflow in BookmarkManagerPrivateDropFunction::RunOnReady$10002022-03-22
1261689Security: scrollTop of ListBox autofill preview discloses sensitive information$40002022-03-22
1272967Security: UAF in P2PSocketTcpServer::DoAccept$50002022-03-22
1276203heap-use-after-free : ash::DeskActivationAnimation::EndSwipeAnimation-2022-03-22
1279147Heap-use-after-free in CPDF_AnnotContext::~CPDF_AnnotContext-2022-03-22
1279151crash in v8 heap(--js-flags=--experimental-wasm-gc)$50002022-03-22
1279383DCHECK failure in IsAligned(result, kAlignmentInBytes) in zone.cc-2022-03-22
1238209container-overflow in blink::UserMediaProcessor::DetermineExistingAudioSessionId$50002022-03-21
1132124Security: SODA is provided a privileged URLLoaderFactory-2022-03-19
1272266Security: swiftshader heap-use-after-free in getOffsetPointer$50002022-03-19
1242339CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2022-03-18
1247389Security: Possible to see the user's system environment variables like secrets, tokens or keys$100002022-03-18
1268903Security: Use of uninitialized on-stack pointer in storage::BlobBuilderFromStream-2022-03-18
1276850UAF in AutofillPopupControllerImpl::HandleKeyPressEvent$200002022-03-18
1278589Security: Certificate Viewer remotely expoitable with large DSA and RSA-PSS signatures on Linux/ChromeOS (before 98.0.4714.0)-2022-03-18
1259557Security: mojo AddBrokerClient can be sent to non-broker nodes (node<->node mitm)-2022-03-17
1276715Heap-use-after-free in content::TestRunnerBindings::InvokeV8Callback-2022-03-17
1262080Security: heap-buffer-overflow swiftshader Image::copy$50002022-03-16
1262676SUMMARY: AddressSanitizer: access-violation regexp-interpreter.cc:461 in v8::internal::`anonymous namespace'::RawMatch<unsigned char>$50002022-03-16
1263457Security: Interface ID reuse leading to memory corruption in IPC::ChannelAssociatedGroupController-2022-03-16
1273537heap-use-after-free : chromeos::AppDownloadingScreenHandler::Bind-2022-03-16
1273661Security: webgl global-buffer-overflow in getIncompleteTexture$50002022-03-16
1274248wayland_buffer_fuzzer: Crash in libwayland-server.so.0-2022-03-16
1276923Security: Debug Check failed in HAS_WEAK_HEAP_OBJECT_TAG-2022-03-16
1272068Security: Wild read with renderbuffers$50002022-03-13
1270095Security: Use after Free in content::AccessibilityEventRecorderWin::AccessibleObjectFromWindowWrapper$10002022-03-12
1274376uaf in chrome_pdf::PdfViewPluginBase::LoadAccessibility$50002022-03-12
1240472Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill$30002022-03-11
1241585Security: Page can use space key input to cause autofill prompt to render under cursor, bypasses mouse movement/designated keyboard input requirements for autofill$10002022-03-11
1267060Chrome_ChromeOS: Crash Report - views::Widget::CloseWithReason via TabStripPageHandler::OnTabGroupChanged$10002022-03-11
1270007Heap-buffer-overflow in int flatbuffers::ReadScalar<int>-2022-03-11
1270658Security: use after free in swiftshader$50002022-03-11
1274499Security: [ANGLE] D3D11 : Integer Underflow in ElementsInBuffer results in wild copy$75002022-03-11
1275431code_cache_host_mojolpm_fuzzer: Segv on unknown address in content::GeneratedCodeCache::IssueNextOperation-2022-03-11
1275559dcsctp_socket_fuzzer: Use-of-uninitialized-value in crc32c::ExtendSse42-2022-03-11
1275892Security: UAF in ScreenCaptureMachineAndroid::OnActivityResult$150002022-03-11
1270014UNKNOWN READ in WelsDec::WelsMarkAsRef-2022-03-10
1115460Security: Possible for extension to escape sandbox via Input.dispatchKeyEvent and devtools_page$150002022-03-09
1201032Security: Use-After-Free in SelectFileDialog$250002022-03-09
1252562heap-use-after-free : content::ViewsWidgetVideoCaptureDeviceMac::UIThreadDelegate::OnScopedCGWindowIDMouseMoved-2022-03-09
1271747heap-use-after-free : safe_browsing::SafeBrowsingPrimaryAccountTokenFetcher::OnTokenFetched-2022-03-09
1272250Security: CSS transform and backface-visibility: hidden allow to render over Chrome UI$10002022-03-09
1273197heap-use-after-free window_dimmer.cc (chromeOS)$70002022-03-09
1273395Container-overflow in blink::DisplayLockContext::DetachDescendantTopLayerElements-2022-03-09
1273674uaf in local_card_migration_dialog_view$75002022-03-09
1274061Security: UAF in BluetoothPrefStateObserver-2022-03-09
1265806Security: webrtc: out-of-bounds write in audio channel processing$85002022-03-08
1267426Deleting broker decoder in error callback path is risky-2022-03-08
1270990Performance API is not consistent for preloaded requests which can be used to leak the size of cross-origin resources$20002022-03-08
1271853Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-03-08
1272208Security: heap-use-after-free in the media::AudioManagerBase in the browser process$150002022-03-08
1272403Security: HeapOverflow in PageLoadMetrics$150002022-03-08
1273609heap-use-after-free video_recording_watcher.cc:673:7$100002022-03-08
1274641Security: UaF on DesksBarView::EndDragDesk in desks_bar_view.cc:663:5$70002022-03-08
1260939Security: TFC 2021 loader bug$100002022-03-07
1263417Non-positive-vla-bound-value in blink::CanvasPath::roundRect$10002022-03-07
1267496Security: webgl heap-buffer-overflow LoadCompressedToNative$20002022-03-07
1274322Bad-cast to views::FootnoteContainerView from views::BubbleFrameView in views::BubbleFrameView::ViewHierarchyChanged-2022-03-07
1274324Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewBase in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed-2022-03-07
1274044Bad-cast to void *(unsigned long) in xmlAllocParserInputBuffer-2022-03-06
1271835CHECK failure: marking_state_->IsBlackOrGrey(heap_object)-2022-03-04
1273001Segv on unknown address in tint::writer::msl::Options::operator=-2022-03-04
1273140Security: heap-use-after-free in DevToolsWindow::ActivateWindow-2022-03-04
1273176Security: heap-use-after-free in DevToolsWindow::Show-2022-03-04
1273593Crash in blink::NGInlineItemsBuilderTemplate<blink::EmptyOffsetMappingBuilder>::AppendTex-2022-03-04
1273705CHECK failure: (location_) != nullptr in maybe-handles.h-2022-03-04
1177652The destruction timing issue between RenderFrameHostImpl and DedicatedWorkerHost/DedicatedWorkerHostFactoryImpl-2022-03-03
1239496Security: Pointer lock can be used to bypass mouse movement/keyboard input requirements for autofill$30002022-03-03
1239760Security: Autofill prompt for a page can render over different origin, allows spoofing of autofill context origin$50002022-03-03
1261415webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_encode_tiles_row_mt-2022-03-03
1268400Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers()$10002022-03-03
1267791[ozone/wayland]use-after-free in WaylandWindow$100002022-03-03
1272269Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleViewDelegate::IsBubbleVisible$70002022-03-03
1273344Null-dereference READ in rx::vk::QueryHelper::writeTimestamp-2022-03-03
1272180webcodecs_image_decoder_fuzzer: Crash in mv_projection-2022-03-02
1115847Security: SameSite policy bypassed with Service Worker FetchEvent-2022-03-01
1266510Security: container-overflow in ExtensionsToolbarContainer::SetExtensionIconVisibility$10002022-03-01
1271384Security: Debug check failed: receiver->IsJSReceiver()-2022-03-01
1272181Bad-cast to content::ServiceVideoCaptureProvider::ServiceProcessObserver from invalid vptr in base::internal::UnretainedWrapper<content::ServiceVideoCaptureProvider::ServiceP-2022-03-01
1113812Security: Linux Kernel shift-out-of-bounds in arch/x86/kvm/vmx/pmu_intel.c:365:45-2022-02-27
1117173Security: Possible for extension to escape sandbox via Input.synthesizeTapGesture$100002022-02-27
1269151Security: Extension can automatically start Crostini on log-in-2022-02-27
1271456Access violation with --turbo_inline_js_wasm_calls-2022-02-27
1272076pdf_formcalc_context_fuzzer: DCHECK failure in marking_support_ != MarkingType::kAtomic in heap.cc-2022-02-27
661852CSP form-action checks full URL on redirects-2022-02-24
1027592Security: Chrome for ios crash when selecting long message with special characters-2022-02-24
1245629heap-use-after-free in OnBrowserSetLastActive$50002022-02-24
1255713Security: UI spoofing using a very long URL$30002022-02-24
1259899heap-use-after-free : blink::RTCVideoEncoder::Impl::EncodeFrameFinished-2022-02-24
1267661Security: heap-use-after-free in content::WebContentsObserver::web_contents$150002022-02-24
1267811UAF on nearby_share_contact_downloader_impl.cc$100002022-02-24
1268738V8 debug check failed: new_target->IsConstructor()$50002022-02-24
1269344uaf in content::BroadcastChannelService::ConnectToChannel$200002022-02-24
1270817CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2022-02-24
1270826Crash in v8::internal::MarkCompactCollector::ProcessMarkingWorklist<0>-2022-02-24
1230444Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)$10002022-02-22
1262525CrOS: Vulnerability reported in net-vpn/strongswan-2022-02-22
1264705Crash in hsw::lowp::gather_NUMBER-2022-02-22
1266688Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2022-02-22
1269307Security: Use after free in WebApkIconHasher$200002022-02-22
1270356DCHECK failure in !scope_info_.is_null() in scopes.h-2022-02-22
1242424Security: History Cached Page of the Lens region search cause url spoof$20002022-02-21
1267514DCHECK failure in !scope_info_.is_null() in scopes.h-2022-02-21
1269225Security: Memory corruption in renderer process-2022-02-19
1171997heap-use-after-free : UnloadController::ProcessPendingTabs-2022-02-18
1265570DCHECK failure in shared_info->HasBytecodeArray() in js-objects.cc-2022-02-18
1268682mediasource_MP4_AV1_pipeline_integration_fuzzer: Crash in dav1d_refmvs_load_tmvs-2022-02-18
1268759Security: Use After Free AppServiceContextMenu::ExecuteCommand$150002022-02-18
1248289Service worker can use web assembly without unsafe-eval.-2022-02-17
1263741Security: libjxl has security bugs-2022-02-17
1267627Security: Web Serial - Out of bound read in SerialPortUnderlyingSink::WriteData().$75002022-02-17
1269315DCHECK failure in old_code_pages->size() == new_code_pages->size() + 1 in isolate.cc-2022-02-17
1011497Security: Remote debug can be used to access protected profile data (e.g. cookies)-2022-02-16
1202970Security: Sanitizer API bypass-2022-02-16
1240593Security: heap-use-after-free in blink::NativeIOFile::DoRead-2022-02-16
1262953Improper restriction in password saving form, while navigation from one site to another site-2022-02-16
1262183Security: heap-use-after-free in storage::BlobURLStoreImpl::Revoke-2022-02-16
1264873Security: SOP bypass using drag and drop-2022-02-16
1265197XSS from chrome-untrusted://new-tab-page URL parsing$5002022-02-16
1267276Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-02-16
1267624Security: Wild write in angle$50002022-02-16
1268274Security: Storage Foundation read()/write() access DOMArrayBufferView off the heap's thread-2022-02-16
1241188Security: "Origin" header incorrectly set for cross-site request via service worker$30002022-02-15
1267027Security: webgl heap-use-after-free in BitSetT$50002022-02-15
1267420CrOS: Vulnerability reported in net-libs/libmicrohttpd-2022-02-15
1267424Security: webgl heap-buffer-overflow getDrawSubresourceSerial$50002022-02-15
1241091Security: heap-use-after-free in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread-2022-02-14
1254189Primitive type confusion in ia32 AssembleCodePhase$75002022-02-14
1266293Security: heap-use-after-free in BluetoothSerialDeviceEnumerator::OnGotClassicAdapter-2022-02-14
1266437Use after free in getSamplerTexture$50002022-02-14
1267674v8_regexp_parser_fuzzer: DCHECK failure in index < length() / kUInt16Size in fixed-array-inl.h-2022-02-14
1238631Security: Share dialog on Windows can render over address bar, window controls-2022-02-12
1264584heap-use-after-free : location::nearby::chrome::SubmittableExecutor::RunTask-2022-02-12
1264988Security: ASan reports wild reads in swiftshader$50002022-02-12
1264703Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::~SharingHubBubbleController$50002022-02-11
1259170Unsafe uses of uninitialized graphics memory-2022-02-09
1264477Security: Site Isolation bypass via NavigationPreloadRequest-2022-02-09
1264508v8_regexp_parser_fuzzer: DCHECK failure in r.to() < kMaxUInt16 in regexp-macro-assembler.cc-2022-02-09
1168553Security: host root command execution-2022-02-08
1260649Leaking size of cross-origin resources by using Range Requests, Service Workers, Fetch API, and the Cache API$20002022-02-08
1260783Use after free in gl::VertexArray::setDependentDirtyBit$50002022-02-08
1262791Security: Type confusion in UnderlyingSinkBase::start$150002022-02-08
1264013Trap in Builtins_CheckTurbofanType-2022-02-08
1264282Security: UAF in SharingHub$50002022-02-08
1265275CHECK failure: function_literal_id < script->shared_function_info_count() in objects.cc-2022-02-08
1237310Security: Autofill prompt can render over permission prompts after they have opened$30002022-02-05
1248963CrOS: Vulnerability reported in app-editors/vim-2022-02-05
1260858Heap-use-after-free in color input on switching screens (MacOS)$100002022-02-05
1263620Google Chrome MediaStreamTrackGenerator use after free vulnerability (TALOS-2021-1398)$75002022-02-05
1139417arc-setup: ArcMounterImpl::LoopMount() can be raced-2022-02-03
1254113heap-use-after-free : crosapi::DriveIntegrationServiceAsh::~DriveIntegrationServiceAsh-2022-02-03
1256822Sandbox escape: bypass allow-popups-to-escape-sandbox$25002022-02-03
1259694Contact dialog can be shown over a cross-origin page which might confuse a user into leaking sensitive information to an attacker$10002022-02-03
1262091Security: heap-use-after-free swiftshader getCurrentViewCount$50002022-02-03
1262208Security: Write setgid_resetriction policy files-2022-02-03
1248444Guessing the URL a cross-origin iframe was redirected to by listening to the load event$50002022-02-02
1258932Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-02-02
1263462Security: JSON.stringify leaks TheHole value, leading to RCE-2022-02-02
1263486Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-02-02
1263961Use-of-uninitialized-value in v8::internal::StackGuard::PopInterruptsScope-2022-02-02
1264015CHECK failure: push_segment_ implies push_segment_->IsEmpty()-2022-02-02
1248438uaf in FileManagerPrivateInternalComputeChecksumFunction::Run$100002022-02-01
1258809Security: UaF in extension management policy parsing-2022-02-01
1263327v8_regexp_parser_fuzzer: DCHECK failure in !ranges->is_empty() in regexp-compiler.cc-2022-02-01
1260621Security: PDFium Use-After-Free in v8::internal::ArrayBufferExtension::Mark$10002022-01-31
1251567Heap-buffer-overflow in rx::ProgramExecutableVk::updateBuffersDescriptorSet-2022-01-30
1261542freetype_cff_ftengine_fuzzer: Use-of-uninitialized-value in ft_mem_free-2022-01-28
1261728freetype_type1_render_fuzzer: Use-of-uninitialized-value in T1_Get_MM_Var-2022-01-28
1261762freetype_type1_fuzzer: Use-of-uninitialized-value in T1_Set_MM_Design-2022-01-28
1262112dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_native::AbslFormatConvert-2022-01-28
1197889Security: Origin spoof in external protocol dialogs via server-side redirect to external protocol$20002022-01-27
1261343freetype_colrv1_fuzzer: Use-of-uninitialized-value in ft_mem_free-2022-01-27
1261450freetype_truetype_fuzzer: Use-of-uninitialized-value in FT_Get_Gasp-2022-01-27
1227170Security: Another autocomplete preview text leak$50002022-01-26
1242667CrOS: Vulnerability reported in sys-libs/glibc-2022-01-26
1248889CSP Violation reports contain blockedURI's hostname$10002022-01-26
1253038Security: negative-size-param in image_editor::ScreenshotFlow::RemoveUIOverlay$50002022-01-26
1253101Security: font side-channel attack against <input> and <textarea> autofill preview discloses sensitive information-2022-01-26
1254746SUMMARY: AddressSanitizer: stack-use-after-scope renderer11_utils.cpp:2299 in rx::d3d11::SetDebugName$50002022-01-26
1259022Security: UAF when sending tab to device in android-2022-01-26
1260577Security: TianfuCup RCE bug Type confusion in LoadIC::ComputeHandler-2022-01-26
1260606gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in vk::DescriptorSet::ParseDescriptors-2022-01-26
1260690Segv on unknown address in sh::OutputSPIRVTraverser::visitConstantUnion-2022-01-26
1260940Security: TFC WebTransport bug-2022-01-26
1167028Security: WPA2-Enterprise/EAP Subject Matching Vulnerability$30002022-01-24
1243279CrOS: Vulnerability reported in sys-libs/glibc-2022-01-24
1249962Security: In-the-wild using intents to redirect to other browsers-2022-01-24
1251673Security: Continued AddEventListener GC problems$50002022-01-24
1260189PotentiallyDanglingMarkup() lost when removing fragment identifier-2022-01-24
1039885Dangling markup attack through background attribute allows data exfiltration$10002022-01-22
1256885Security: Page.addCompilationCache devtools API could lead to arbitrary machine code execution-2022-01-21
1259864Security: heap-use-after-free in ForceSigninVerifier::SendRequestIfNetworkAvailable$100002022-01-21
1259587Security: UAP on creating WebAssembly memories on document reload$75002022-01-20
1258398Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-01-19
1244289Security: SameSite Cookie Bypass via BackgroundFetch$30002022-01-18
1257891heap-buffer-overflow in WebMediaPlayerMSCompositor::ReplaceCurrentFrameWithACopyInternal()$75002022-01-18
1258603DCHECK failure in function->shared().HasFeedbackMetadata() in js-function.cc-2022-01-18
1258663CHECK failure: !field_type.NowStable() || field_type.NowContains(value)-2022-01-18
1258839freetype_type1_fuzzer: Heap-buffer-overflow in ps_parser_skip_spaces-2022-01-18
1259045freetype_type1_ftengine_fuzzer: Use-of-uninitialized-value in t1_decoder_parse_metrics-2022-01-18
1249491use after free in ash::sharesheet::SharesheetBubbleView::CloseBubble$75002022-01-17
1255464Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-01-16
1251073Container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop-2022-01-15
1258235Bad-cast to blink::HTMLSlotElement from blink::HTMLStyleElement in blink::HTMLDetailsElement::ManuallyAssignSlots-2022-01-15
906200Security: XSS in chromium-cq-status.appspot.com-2022-01-14
1255332UaF in PDF accessibility due to relayout$50002022-01-14
1257254Use-after-poison in mojo::InterfaceEndpointClient::NotifyError-2022-01-14
957553Security: Extension messages can indefinitely extend user activation expiry and repeatedly use of it$30002022-01-13
1222498Sanitize CompositorFrame for shared element directives.-2022-01-13
1253746Security: WebAudio oob read in AudioDelayDSPKernel::ProcessKRate$20002022-01-13
1255314hb_subset_fuzzer: Crash in BEInt<unsigned short, 2>::operator unsigned short-2022-01-13
1237730Security: v8 CHECK Failed IsStruct_NonInline in Torgue Struct-Tq-Inl$50002022-01-12
1249810Security: Use After Free in DevToolsFileHelper::GetFileSystems$100002022-01-12
1250904tint_regex_spv_writer_fuzzer: Crash in LLVMFuzzerCustomMutator-2022-01-12
1254656hb_subset_fuzzer: Heap-buffer-overflow in bool OT::OffsetTo<OT::MathGlyphAssembly, OT::IntType<unsigned short, 2u>, true>:-2022-01-12
1255152pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-12
1255368DCHECK failure in first_const_pool_32_use_ == -1 in assembler-arm.cc-2022-01-12
1256835hb_subset_fuzzer: Heap-buffer-overflow in OT::MathValueRecord* hb_serialize_context_t::embed<OT::MathValueRecord>-2022-01-12
1236318AddressSanitizer: heap-buffer-overflow mojo::internal::Serializer<BigBufferDataView,BigBufferView>::Serialize$75002022-01-10
1238309Security: Chrome incorrectly interprets newlines in HTTP headers in HTTP/3, allowing for some header splitting possibilities-2022-01-10
1247260Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability (TALOS-2021-1372)$75002022-01-10
1254704v8_regexp_parser_fuzzer: Use-of-uninitialized-value in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>-2022-01-10
1255354CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc-2022-01-10
1255330Trap in Builtins_CheckNumberInRange-2022-01-10
1252074Security: ChromeOS root command persistence$150002022-01-08
1252878use after poison in blink::Element::DidMoveToNewDocument$100002022-01-08
1254675CHECK failure: thrower->error()-2022-01-08
1251664tint_ast_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2022-01-07
1252858Security: mojo OnIntroduce doesn't validate peer node (node<->node mitm)-2022-01-07
1254131Security: Crash when closing tab with sending tab to device dialog-2022-01-07
1254631Security: Chrome 94 does not correctly set Integrity level of all processes to Untrusted$30002022-01-07
1255123Crash in PreflightLoader::HandleResponseHeader on failed preflight-2022-01-07
1252354Security: UAF in IdentityDialogController::ShowIdProviderWindow$250002022-01-05
1251179Security: Fetch leaks information about cross-origin redirects$10002022-01-05
1253399Security: pdfium heap buffer overflow in cfx_dibbase.cpp$75002022-01-05
1253976DCHECK failure in \\' == current() in regexp-parser.cc-2022-01-05
1254396Segv on unknown address in device::PlatformSensorFusion::Factory::SensorCreated-2022-01-05
1241860SUMMARY: AddressSanitizer: heap-use-after-free Runtime.cpp:439 in v8_inspector::protocol::Runtime::Frontend::exceptionThrown$50002022-01-04
1252148Security: Arbitrary bind mount-2022-01-04
1252620Heap-use-after-free in v8::internal::TurboAssemblerBase::set_root_array_available-2022-01-03
1253041DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-02
1245578Security: heap-use-after-free in PPAPIDownloadRequest::AllowlistCheckComplete$200002022-01-01
1252634pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-01
1252729tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint_all_transforms_fuzzer.cc-2022-01-01
1252795tint_vertex_pulling_fuzzer: Use-of-uninitialized-value in tint::fuzzers::DataBuilder::string-2022-01-01
1252942tint_wgsl_reader_msl_writer_fuzzer: Use-of-uninitialized-value in tint::writer::msl::Sanitize-2022-01-01
1040837Security: open an evil exe file via a "shortcut" in chrome://downloads/$5002021-12-31
1233375Referrer Spoof using <base href> and <style>$5002021-12-30
1248567SEGV in vk::Image::clear()$50002021-12-30
1252351tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::RandomGenerator::CalculateSeed-2021-12-30
1233566Cryptohome ephemeral mounts lack nosymfollow-2021-12-29
1251787Security: ASLR bypass via memory_instrumentation.mojom.Coordinator-2021-12-29
1251727Security: heap-use-after-free in content::RenderFrameHostImpl::delegate-2021-12-29
1108714Security: WPA2-Enterprise/EAP WiFi Connection UI Discrepancy$30002021-12-28
1195566crash in ModalCloseWatcher::Close-2021-12-28
1240921Symlink traversal in network driver modprobe script$200002021-12-28
1250660Potential race condition during concurrent JIT compilation-2021-12-28
1250730h264_bitstream_parser_fuzzer: Crash in webrtc::BitstreamReader::ReadExponentialGolomb-2021-12-28
1250775Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-12-28
1251010vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::LibvpxVp9Encoder::SetSvcRates-2021-12-28
1248435SUMMARY: AddressSanitizer: use-after-poison event_listener_map.cc:144 in blink::EventListenerMap::Add$75002021-12-27
1152952Security: Cast tab can appear after navigation to a different origin$10002021-12-25
1085762Security: Improper Theme name sanitization in theme manager.$5002021-12-24
1182188Chromium: Vulnerability reported in third_party/xstream-2021-12-24
1206928use-after-poison network_state_notifier.cc:314 in blink::NetworkStateNotifier::NotifyObserversOnTaskRunner$50002021-12-24
1245607CrOS: Vulnerability reported in dev-libs/openssl-2021-12-24
1248665Null-dereference READ in ubsan_GetStackTrace-2021-12-24
1249602tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-24
1244348Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers$150002021-12-23
1246728dawn_wire_server_and_vulkan_backend_fuzzer.exe: Heap-use-after-free in tint::transform::DataMap::Add<tint::transform::SingleEntryPoint::Config,const-2021-12-23
1248661Security: heap-use-after-free in app_controller_mac.mm$100002021-12-23
1094945Security: Speculative type confusion - [1/3 - eBPF]$100002021-12-22
1182687Executable libraries could be loaded from noexec partitions-2021-12-22
1241643Crash in memfd:swiftshader_jit-2021-12-22
1246631SUMMARY: AddressSanitizer: heap-buffer-overflow SkPixmap.cpp:321 in SkPixmap::getColor$200002021-12-22
1246692skia_image_filter_deserialize_fuzzer: Illegal-instruction in SkSL::DSLParser::swizzle-2021-12-22
1193196CrOS: Vulnerability reported in dev-libs/glib-2021-12-21
1218099Yoga commit may be a security fix-2021-12-21
1238944Android Chrome & Chromium Browsers Address Bar Spoofing$30002021-12-21
1242392heap buffer overflow iin FingerprintHandler::HandleGetEnrollmentLabel$100002021-12-21
1247395Security: WebView's CookieManager APIs fix up URLs incorrectly, potentially allowing cookie theft-2021-12-21
1248768Heap-use-after-free in blink::ElementRuleCollector::CollectMatchingRules-2021-12-21
456994Extension Debugger API restrictions are trivially circumvented-2021-12-20
1246394Security: heap-use-after-free C:\b\s\w\ir\cache\builder\src\chrome\browser\ui\views\media_router\web_contents_display_observer_view.cc:56:22 in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive(class Browser *)$150002021-12-20
1248514Heap buffer overflow in PasswordSpecFetcher-2021-12-20
1248030Security: Use After Free in FileSystemAccessManagerImpl$150002021-12-19
1141803Heap-use-after-free in content::RenderFrameImpl::GetLocalRootRenderWidget-2021-12-17
1234050Nearby Share UI incorrectly appears in non-ChromeOS browsers: causes UAF$150002021-12-17
1241123Security: [ANGLE] Stack buffer overwrite in rx::StateManager11::syncVertexBuffersAndInputLayout$75002021-12-16
1242257Heap-use-after-free in ui::SendDamagedRectsRecursive$160002021-12-16
1245879Security: Incomplete fix for CVE-2021-30577$100002021-12-16
1246163tint_first_index_offset_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2021-12-16
1246301angle_translator_fuzzer: Use-of-uninitialized-value in sh::StructNameString-2021-12-16
1246612Use-after-poison in base::internal::WeakReferenceOwner::Invalidate-2021-12-16
1246652Bad-cast to SkSL::dsl::DSLGlobalVar from invalid vptr in SkTArray<SkSL::dsl::DSLGlobalVar, false>::checkRealloc-2021-12-16
1246705Crash in cppgc::internal::ConcurrentMarkingTask::Run-2021-12-16
1246780SUMMARY: AddressSanitizer: use-after-poison timer.cc:217 in base::internal::TimerBase::OnScheduledTaskInvoked$75002021-12-16
1246919Use-after-poison in blink::LayoutGrid::LayoutPositionedObjects-2021-12-16
1247182rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::ParseCompoundPacket-2021-12-16
1247686Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2021-12-16
1240952Security: [Chrome OS Readiness Tool] Public tracking bug: Service installer assigns wrong permissions to DCOM objects-2021-12-14
1243318M94 Merge Request for crbug.com/dawn/1065-2021-12-14
1244568Security: Cross-Origin information leak or delete in ContentIndex$50002021-12-14
1246748dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize-2021-12-14
1245881AddressSanitizer: use-after-poison execution_context_lifecycle_observer.cc:40 in blink::ExecutionContextLifecycleObserver::GetExecutionContext$50002021-12-13
1246606Security DCHECK failure: i < length() in string_view.h-2021-12-13
1246619Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2021-12-13
1244408dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in sw::PixelRoutine::PixelRoutine-2021-12-11
1245141dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2021-12-11
1245605Chromium: Vulnerability reported in third_party/xstream-2021-12-11
1245786Security: Security DCHECK failure at blink::LayoutInline$50002021-12-11
1246412code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-12-11
1240538BluetoothRemoteGattCharacteristicTestWinrtOnly.StartNotifySessionDisconnectOnError failing on builder "win-asan"-2021-12-10
1240884Security: UAF in EditAddressProfileView::WindowClosing$170002021-12-10
1241036Chrome ANGLE Out-of-Bound in texStorage3D$75002021-12-10
1243117Security: UAF in AvailableOfflineContentProvider$150002021-12-10
1243622Security: Cross-Origin information leak in GetDeveloperIdsTask$20002021-12-10
1243535Security: AddressSanitizer: heap-use-after-free on address 0x11de0a00f100 SkPathEffectBase::asPoints and AddressSanitizer: heap-use-after-free on address 0x119b5ac92cd8 base::circular_deque-2021-12-10
1244490[sparkplug]Security: jit code memory corruption after use the generated baseline code to optimiztion the machine code-2021-12-10
1245053Security: Cross-Origin Response Size Leak Via BackgroundFetch$30002021-12-10
1245870DCHECK failure in (class_variable_) == nullptr in scopes.cc-2021-12-10
1245907Heap-use-after-free in chromeos::LoginApiDataForNextLoginAttemptPrefCleaner::~LoginApiDataForNextLoginA-2021-12-10
1246158dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize-2021-12-10
1234284Use-after-Free in AudioDebugRecordingsHandler::StartAudioDebugRecordings$200002021-12-09
1242404oob in function StartupPagesHandler::HandleEditStartupPage$60002021-12-09
1242742Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$100002021-12-09
1243646Security: container-overflow in RecordEngagementMetric$200002021-12-09
1245046tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-09
1246065DCHECK failure in storage_.is_populated_ in optional.h-2021-12-09
1214199Security: Heap-use-after-free in BackgroundFetchDelegateBase::CancelDownload$100002021-12-08
1232279Security: Security: Clickjacking RCE of Chrome headless with Remote Debugging$30002021-12-08
1233942Use-after-Free on AudioDebugRecordingsHandler::StopAudioDebugRecordings$200002021-12-08
1239516use after free in sharing_hub::ScreenshotCapturedBubbleController::Capture$100002021-12-08
1239709Security: Insufficient CORS Check Leads to Cross-Origin Size Leak via BackgroundFetch API$30002021-12-08
1243733virgl_venus_fuzzer: Use-of-uninitialized-value in vn_decode_VkFormatProperties2_pnext_partial_temp-2021-12-08
1243989Use-after-poison in v8::internal::Scope::AllocateVariablesRecursively-2021-12-08
1244254Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvInRegister_NoBuiltinExit-2021-12-08
1244435DCHECK failure in header->IsMarked() in pointer-policies.cc-2021-12-08
1245003CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc-2021-12-08
1245079CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add-2021-12-08
1245145CHECK failure: map_object.IsMap() in mark-compact-inl.h-2021-12-08
1245357CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc-2021-12-08
1245405CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add-2021-12-08
1242269Security: Blink - Use After Free of DawnCallback.$75002021-12-04
1243562WebGPU mapped buffer range ArrayBuffers can be transferred-2021-12-04
1243920Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-12-04
1244134tint_spirv_tools_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-04
1203612Chrome OS cannot handle multiple/wildcard server names for "SubjectMatch" in .onc profiles, opening doors to impersonation attacks and credential thefts$30002021-12-03
1233932CrOS: Vulnerability reported in app-arch/libarchive-2021-12-03
1242315Security: Manifest.json can display overlay on non-origin tabs$10002021-12-03
1242841Security: UAF in WebAppIdentityUpdate$70002021-12-03
1242865tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-12-03
1243944tint_renamer_fuzzer: Stack-use-after-return in tint::sem::Pointer::Pointer-2021-12-03
1072444Security: cryptohomed file system interactions with less-privileged chronos user at /home/chronos/u-<hash>-2021-12-02
1100761Security: Possible to download files from sandboxed frames$30002021-12-02
1239910Security: Web GPU - Out of bound object manupilation in WebGPUImplementation::OnGpuControlReturnData()$75002021-12-02
1242862Heap-use-after-free in base::UnguessableToken const& base::internal::FunctorTraits<base::UnguessableTok-2021-12-02
1203399gpu_swangle_passthrough_fuzzer: Crash in gpu::gles2::GLES2DecoderPassthroughImpl::DoBindTexture-2021-12-01
1228248Feedback WebUIDialog does not observe Profile lifetime$50002021-12-01
1234544Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper-2021-12-01
1238108Heap-use-after-free in content::WebAXObjectProxy::ActiveDescendant-2021-12-01
1241193tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-01
1242650Heap-use-after-free in content::MediaStreamDispatcherHost::OnWebContentsFocused-2021-12-01
1233067Security: Overlong iframe CSP attribute allows you to send near-arbitrary length headers to a server and induce server errors$20002021-11-30
1237533TALOS-2021-1352: Google Chrome Blink setBaseAndExtent use after free vulnerability$75002021-11-30
1238158heap-use-after-free : ChromeAppDelegate::OnHide-2021-11-30
1238178heap-use-after-free : WebUIAllowlist::GetRuleIterator-2021-11-30
1241024uaf in sharing_hub::ScreenshotCapturedBubble::DownloadButtonPressed-2021-11-30
1241606M94 Merge Request for crbug.com/dawn/837-2021-11-30
1241912media_h265_decoder_fuzzer: Heap-buffer-overflow in media::H265Decoder::CalcRefPicPocs-2021-11-30
1241687crash in qrcode_generator::QRCodeGeneratorBubbleController::UpdateIcon-2021-11-30
1241913CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!(!concurrent_search) || (array->IsS-2021-11-30
1242666CrOS: Vulnerability reported in dev-libs/nettle-2021-11-30
1242669CrOS: Vulnerability reported in net-misc/curl-2021-11-30
1202613Security: Stack overflow in nested message loops-2021-11-29
1242319Security: CVE-2021-3560 local privilege escalation through polkit-2021-11-29
1239895Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc-2021-11-28
1239057Security: UaF in TabStripModel::MoveWebContentsAtImpl$100002021-11-26
1239472Security: UAF in dav1d_get_bits function$50002021-11-26
1240033Heap-use-after-free in ash::AppDragIconProxy::GetBoundsInScreen-2021-11-26
1241192vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::ReadBits-2021-11-26
1241297vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::PeekBits-2021-11-26
1221913cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-25
1232095CHECK failure: args[0].IsJSPromise()-2021-11-25
1232658Security: ChromeOS root privilege escalation (pita, vm_concierge, arc-setup, DBus)$300002021-11-25
1232875CHECK failure: static_cast<uintptr_t>(caller_frame_top_) > stack_guard->real_jslimit() in deopt-2021-11-25
1233570Risky mkdirs and chowns in vm_tools init-2021-11-25
1234701dawn_wire_server_and_vulkan_backend_fuzzer: Crash in memfd:swiftshader_jit-2021-11-25
1235949Security: heap-use-after-free in ~PermissionRequestChip$100002021-11-25
1236209cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-25
1240670v8_wasm_compile_fuzzer: Crash in v8::internal::WasmArray::GcSafeSizeFor-2021-11-25
1213238heap-use-after-free : media_router::MediaRouterAndroidBridge::DetachRoute-2021-11-24
1234491Security: ChromeOS root privilege escalation (cups, crash-reporter, ghostscript, Upstart)$300002021-11-24
1234882Security: cupsd.conf Upstart root file write target-2021-11-24
1239595use after free in DiceTurnSyncOnHelperDelegateImpl::ShowEnterpriseAccountConfirmation($50002021-11-24
1240714CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName_NonInline(*this)) in name-tq--2021-11-24
1235165Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-11-23
1235316use after free in blink::FrameLoader::DetachDocument$75002021-11-23
1240548dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-11-23
1239522DCHECK failure in native_module == current_native_module_ in code-space-access.cc-2021-11-22
1239820DCHECK failure in !header->IsFree() in pointer-policies.cc-2021-11-22
1238406cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-20
1238466hb_subset_fuzzer: Crash in OT::CPALV1Tail::serialize-2021-11-20
1239116v8_wasm_code_fuzzer: Crash in v8::internal::Simulator::LoadStoreHelper-2021-11-20
1237069Heap-use-after-free in ui::AXNode::GetUnignoredParent-2021-11-18
1238469hb_subset_fuzzer: Use-of-uninitialized-value in TrySubset-2021-11-18
1238731paint_op_buffer_fuzzer: Heap-use-after-free in SkCanvas::internalRestore-2021-11-18
1232914Security: Heap-use-after-free in AutofillManager::OnLoadedServerPredictions$10002021-11-17
1234878Security: Arbitrary code execution in ghostscript-2021-11-17
1234880Security: crash-reporter dirty root write-2021-11-17
1238268Security: heap-use-after-free in in download::NetworkStatusListenerImpl::OnNetworkStatusReady$200002021-11-17
1083337URL spoofing on iOS by repeatedly navigating a new window$5002021-11-16
1221914cras_rclient_message_fuzzer: Use-of-uninitialized-value in volume_gain-2021-11-16
1230767Google Chrome WebRTC addIceCandidate use after free vulnerability (TALOS-2021-1348)$220002021-11-16
1232628uaf in display::DisplayList::GetCurrentDisplay (chromeos version)$150002021-11-16
1234259Security: a READ memory access in jsimd_huff_encode_one_block_sse2$50002021-11-16
1234829Security: [ANGLE] Heap use-after-free in TextureD3D::releaseTexStorage$95002021-11-16
1236701Security: UAF in Screens::UpdateScreenInfos due to iterator invalidation$75002021-11-16
1236958v8_wasm_compile_fuzzer: DCHECK failure in node->InputAt(1) == loop_header in loop-analysis.cc-2021-11-16
1209469Security: OOB write after creating pinned tab that's also in a group$100002021-11-15
1209616Security: OOB read when window is closed while a link is being dragged over the tab strip$50002021-11-15
1223388hb_subset_fuzzer: Heap-buffer-overflow in OT::CPALV1Tail::serialize-2021-11-15
1230932libaom_av1_dec_fuzzer: Use-of-uninitialized-value in aom_lowbd_blend_a64_d16_mask_c-2021-11-15
1231650tint_spv_reader_wgsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2021-11-15
1232808libaom_av1_dec_fuzzer: Use-of-uninitialized-value in av1_dist_wtd_convolve_2d_copy_c-2021-11-15
1236809Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-11-15
1237387CHECK failure: Ref construction failed in heap-refs.cc-2021-11-15
999110CrOS: Vulnerability reported in net-wireless/hostapd-2021-11-12
1199865Security: spook.js attacks on site vs origin isolation; extensions$30002021-11-12
1221068heap-use-after-free : content::NativeIOManager::OnDeleteOriginDataCompleted-2021-11-12
1228557Security: UaF in TabGroupEditorBubbleView::UpdateGroup()$100002021-11-12
1233564Security: Data race in HRTFDatabaseLoader::WaitForLoaderThreadCompletion-2021-11-12
1233585vm_concierge init allows bind mounting over symlinks-2021-11-12
1235222Security: Autofill prompt can render over browser UI (bypasses of recent reports)$30002021-11-12
1236563CHECK failure: Ref construction failed-2021-11-12
1236614DCHECK failure in FLAG_flush_baseline_code || FLAG_flush_bytecode in heap-inl.h-2021-11-12
1236694Security: BigInt ToStringFormatter Crash$50002021-11-12
1237073CHECK failure: Ref construction failed in heap-refs.cc-2021-11-12
1004112CVE-2019-16234 CrOS: Vulnerability reported in Linux kernel-2021-11-09
1209622AddressSanitizer: heap-use-after-free scoped_blocking_call_internal.cc:208 in base::internal::IOJankMonitoringWindow::OnBlockingCallCompleted$150002021-11-09
1234764v8/Turbofan: Invalid rotate-right optimization + Typer hardening bypass$210002021-11-09
1234770v8/Turbofan: Wrong optimization of bitfield checks$210002021-11-09
1231933Security: UAF in perfromance_manager's site_data_impl.cc$100002021-11-08
1234009Use-after-Free in FileSystemChooseEntryFunction::FilesSelected$200002021-11-08
1234321Security: blink_platform!blink::CreateImageFromVideoFrame checkfailed-2021-11-08
1235072dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-11-08
1232617use after free in IsIndeterminate (chromeos version)$150002021-11-07
1234676Stack-use-after-return in blink::StyleVariables::GetValue-2021-11-07
1231877tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-11-05
1233975Use-after-Free on HandleOnPerformDrop$200002021-11-05
1022790Security: SameSite=Lax cookie sent with cross-origin request inside iframe$10002021-11-04
1217396trunks_tpm_pinweaver_fuzzer: Global-buffer-overflow in google::protobuf::internal::EpsCopyInputStream::ReadString-2021-11-04
1230128tint_inspector_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-11-04
1231134UAF in PrintViewManager$200002021-11-04
1233354Heap-buffer-overflow in CJS_Field::setFocus-2021-11-04
1233430Type confusion in blink::StyleBuilderConverterBase::ConvertFontSize Security DCHECK failed: IsA<Derived>(from).$50002021-11-04
1233572dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Server from invalid vptr in dawn_wire::server::Server::InjectDevice-2021-11-04
1233707sqlite3_select_printf_lpm_fuzzer: Use-of-uninitialized-value in fixDistinctOpenEph-2021-11-04
1234206CHECK failure: !map.is_dictionary_map() implies map.is_stable()-2021-11-04
1234357dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Serverdawn_wire::server::Server::InjectDevice in dawn_native::LoggingCallbackTask::HandleShutDown-2021-11-04
1190550Security: UAF in InputHandler::InputInjector::InjectKeyboardEvent$100002021-11-02
1216898Security: heap-buffer-overflow in TabStripModel::IsTabBlocked-2021-11-02
1219354URL spoofing using tel:$10002021-11-02
1222120Heap-use-after-free in ash::DesksBarView::FinalizeDragDesk-2021-11-02
1224238use after free content::FontAccessManagerImpl::DidChooseLocalFonts$200002021-11-02
1224753Security: SkAbort_FileLine Assert Failed-2021-11-02
1228036CHECK failure: addr + size <= chunk_->area_end()-2021-11-02
1231369tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::ExtractBindingRemapperInputs-2021-11-02
1231503tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::Reader::string-2021-11-02
1231950v8_wasm_async_fuzzer: Crash in v8::internal::LogicVRegister::ReadUintFromMem-2021-11-02
1232733DCHECK failure in chars[i] != bigint::kStringZapValue in bigint.cc-2021-11-02
1233397Security: Out of bounds memory access in BigInt$150002021-11-02
1251541Security: Universal Cross-Site Scripting (UXSS) - completing previously searched text in NTP$10002021-11-01
663512Redirects should be handled by CSP form-action in a spec-compliant way-2021-10-30
823241Referrer Policy bypass with javascript URL$10002021-10-30
923648CrOS: Vulnerability reported in sys-apps/busybox-2021-10-30
1101897Security: Possible to escape sandbox via devtools_page (alternative method)$50002021-10-30
1215711v8_inspector_fuzzer: Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit-2021-10-29
1223390dawn_wire_server_and_d3d12_backend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::InjectDevice::<lambda_1>::__invoke-2021-10-29
1223603dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-10-29
1227777Security: HeapOverflow in RecentlyUsedFoldersComboModel$200002021-10-29
1227933Heap-use-after-free in blink::NGOutOfFlowLayoutPart::SaveStaticPositionOnPaintLayer-2021-10-29
1228134dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return-2021-10-29
1228672CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-29
1229298Security: Chrome: UAF in BindFileUtilitiesHost$200002021-10-29
1229516Security: WebShare from ephemeral tab triggers browser crash-2021-10-29
1229625TaskManager fails to keep Profile alive leading to UAF in CreateNativeWidget$10002021-10-29
1230369webcodecs_audio_encoder_fuzzer: Use-of-uninitialized-value in media::AudioOpusEncoder::OnFifoOutput-2021-10-29
1230409webcodecs_image_decoder_fuzzer: Heap-buffer-overflow in media::DownShiftHighbitVideoFrame-2021-10-29
1230431DCHECK failure in IsNumber() in objects-inl.h-2021-10-29
1230530Security: heap-use-after-free in the PaymentCredential in the browser process$200002021-10-29
1230513Security: heap-use-after-free in WebDataRequestManager::RequestCompletedOnThread$100002021-10-29
1231117CHECK failure: proto.map().oddball_type() == OddballType::kNull in compilation-dependencies.cc-2021-10-29
1231169tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::AddPlatformIndependentPasses-2021-10-29
1231432use after poison in ImageDecoderExternal$50002021-10-29
1231704Crash in v8::internal::ClearStaleLeftTrimmedHandlesVisitor::FixHandle-2021-10-29
1231705DCHECK failure in current.map_word(kRelaxedLoad).IsForwardingAddress() || current.IsFixedArrayBase-2021-10-29
1231952CHECK failure: Promise::kPending == promise->status() in objects.cc-2021-10-29
1232115garcon_mime_types_parser_fuzzer: Use-of-uninitialized-value in ReadInt-2021-10-29
1221130CrOS: Vulnerability reported in dev-libs/libgcrypt-2021-10-26
1226373Security: Clickjacking$5002021-10-26
1229196code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-10-26
1230324tint_ast_clone_fuzzer: Illegal-instruction in TintInternalCompilerErrorReporter-2021-10-26
1230784Crash in cppgc::internal::PageBackend::FreeLargePageMemory-2021-10-26
1230936DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-compil-2021-10-26
1203880heap-use-after-free : system_media_permissions::`anonymous namespace'::CheckSystemMediaCapturePermission-2021-10-25
1227351v8_wasm_fuzzer: DCHECK failure in force_emit || !require_jump in assembler-arm.cc-2021-10-25
1230239vp9_replay_fuzzer.exe: Illegal-instruction in webrtc::vp9::BitstreamReader::IfNextBoolean-2021-10-25
1230265Trap in v8::internal::__RT_impl_Runtime_AbortCSAAssert-2021-10-25
1230266tint_all_transforms_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read-2021-10-25
1197196tint_spv_reader_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2021-10-24
1218468heap use after free in ChromePageInfoDelegate::OpenConnectionHelpCenterPage-2021-10-24
1230139Security: heap-buffer-overflow in libavif's avifImageScale() function-2021-10-24
1205883COOP is ignored on navigation errors followed by reloads-2021-10-22
1220692BrlTTY allows for arbitrary chmod 777-2021-10-22
1220696BrlTTY allows for arbitrary root write-2021-10-22
1226909Security: crossOriginIsolated bypass$30002021-10-22
1228720v8_wasm_async_fuzzer: DCHECK failure in pc_offset() <= first_const_pool_32_use_ + kMaxDistToIntPool in assembler-arm.h-2021-10-22
1220237Null-dereference READ in ubsan_GetStackTrace-2021-10-21
1226318virgl_fuzzer: Use-of-uninitialized-value in vrend_destroy_shader_object-2021-10-21
1228233DCHECK failure in effect_edges > 0 in verifier.cc-2021-10-21
1228669tint_robustness_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-10-21
1229198Heap-use-after-free in blink::LayoutObject::PropagateStyleToAnonymousChildren-2021-10-21
1227315Security: HeapOverflow in ProtocolHandler$200002021-10-20
1227979Security DCHECK failure: as_image_observer_count_ > 0u in layout_object.cc-2021-10-20
1228643zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X86Traits>::MakeReadAbs32-2021-10-20
1228641zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations-2021-10-20
1228730Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::SplitFlow-2021-10-20
1228950zucchini_imposed_ensemble_matcher_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X64Traits>::MakeReadAbs32-2021-10-20
1229001Crash in blink::LayoutObject::SlowLastChild-2021-10-20
1229004Heap-use-after-free in blink::Text::RecalcTextStyle-2021-10-20
1229031Heap-use-after-free in blink::HasRenderedNonAnonymousDescendantsWithHeight-2021-10-20
1229056Crash in blink::LayoutListItem* blink::DynamicTo<blink::LayoutListItem, blink::LayoutObje-2021-10-20
1229032Heap-use-after-free in blink::NGBlockNode::FirstChild-2021-10-20
1229071Heap-use-after-free in blink::LayoutObject::SetNeedsLayoutAndFullPaintInvalidation-2021-10-20
1229201Heap-use-after-free in blink::LocalFrameView::UpdateDocumentAnnotatedRegions-2021-10-20
1163124arc-sensor.conf can be used to break out the user namespace when creating /dev/.arc_sensor_ready-2021-10-19
1193925Security: Overflow in handwriting-2021-10-19
1217064v8_wasm_code_fuzzer: CHECK failure: interpreter_result.result() == result_compiled-2021-10-19
1228069tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-10-19
1228365CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h-2021-10-19
854424Cross-origin download bypasses SameSite cookie$10002021-10-18
1209154zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations-2021-10-18
1224142Debug check failed: scheduled_exception() == ReadOnlyRoots(heap()).termination_exception()-2021-10-18
1228229CHECK failure: kind() == CodeKind::BASELINE-2021-10-18
1226337Container-overflow in cc::draw_property_utils::LayerShouldBeSkippedForDrawPropertiesComputation-2021-10-17
1226357Container-overflow in cc::LayerImpl::LayerPropertyChangedFromPropertyTrees-2021-10-17
1174491CrOS: Vulnerability reported in sys-libs/glibc-2021-10-16
1214481(Chrome & Chromium Browsers) Blank Address Bar Temporary Spoof$10002021-10-16
1223426gpu_raster_passthrough_fuzzer: Crash in CopyRow_C-2021-10-16
1226890Security: Use-After-Free in FileSystemAccessManager.GetEntryFromDataTransferToken-2021-10-16
1226298Container-overflow in cc::draw_property_utils::CalculateDrawProperties-2021-10-16
936397CrOS: Vulnerability reported in sys-libs/glibc-2021-10-15
1220810CHECK failure: addr + size <= chunk_->area_end()-2021-10-15
1219994Chromium: Vulnerability reported in third_party/libxml-2021-10-15
1225929Security: Web pages can use ProcessInternals and ConversionInternals Mojo interfaces-2021-10-15
1226323Security: Security DCHECK failed i < length() in WTF::StringView::operator[]$20002021-10-15
1227241Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper-2021-10-15
1227596CHECK failure: JSFunctionRef construction failed-2021-10-15
1259077Security: form-action's blocking of redirects allows top-navigation XSLeak-2021-10-15
1214234Security: Heap-use-after-free in CreditCardAccessManager::FetchCreditCard$200002021-10-14
1216822Security: An <option> with a long label causes browser crash$60002021-10-14
1221880Invalid-free in base::TaskAnnotator::RunTask-2021-10-14
1219995CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-14
1224419UAF in WebAppInternalsPageHandlerImpl::GetExternallyInstalledWebAppPrefs-2021-10-14
1226659Use-after-poison in blink::ImageResourceContent::ShouldPauseAnimation-2021-10-14
1226988CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h-2021-10-14
1227228heap-use-after-free : IOSurfaceNotifierNotifyFunc-2021-10-14
1226360Segv on unknown address in blink::ScriptState::From-2021-10-13
1190493Heap-use-after-free in vk::Buffer::getOffsetPointer$60002021-10-12
1225607DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2021-10-12
1223839DCHECK failure in is_liftoff() || tier() == ExecutionTier::kTurbofan in wasm-code-manager.cc-2021-10-11
1226056Crash in MergeUVRow_SSE2-2021-10-10
1219082Security: [ANGLE] Out-of-bounds write in Renderer11::blitRenderbufferRect$75002021-10-09
1225786DCHECK failure in !broker->IsMainThread() in heap-refs.cc-2021-10-09
1197149Add FTPS to request port blocklist to combat ALPACA attack-2021-10-07
1200995heap-use-after-free : extensions::ChromeAppSorting::FixNTPOrdinalCollisions-2021-10-07
1204722Security: Autofill suggestion UI should dismiss permissions UI-2021-10-07
1219870Security: Use-after-free in NavigatorShare::OnConnectionError$75002021-10-07
1223667Security: HeapOverflow in BookmarkBarView$100002021-10-07
1207839tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read-2021-10-05
1214842Security: GC freeing reachable objects in JSON parser$50002021-10-05
1217598Heap-use-after-free in blink::TextPainterBase::CreateDrawLooper-2021-10-05
1219209Security: Use-after-free with XSLT strip-space$20002021-10-05
1219630Security: JS object corruption in WasmJs::InstallConditionalFeatures-2021-10-05
1219886AddressSanitizer: heap-buffer-overflow on gpu::CopyArraysToBuffer transfer_buffer_cmd_copy_helpers.h:80$85002021-10-05
1220250Crash in GL_GenerateMipmap method.$75002021-10-05
1221309OpenXR VR session exits with Samsung mixed reality controllers$5002021-10-05
1221406heap-use-after-free in task_manager$150002021-10-05
1224041Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-10-05
1219199dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-10-02
1223103cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-10-02
1223459virgl_fuzzer: Segv on unknown address in virgl_renderer_context_destroy-2021-10-02
1127594CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1194959CrOS: Vulnerability reported in app-arch/tar-2021-10-01
1211312CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1215243counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-10-01
1216022dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-10-01
1220068DCHECK fail in webaudio worklet-2021-10-01
1221221Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-10-01
1221890Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc-2021-10-01
1223191Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode-2021-10-01
1223549ec_pchg_fuzzer: Global-buffer-overflow in test_fuzz_one_input-2021-10-01
1223584CHECK failure: args.Length() == 2 in d8-test.cc-2021-10-01
1223740heap-use-after-free : blink::PaintController::FinishCycle-2021-10-01
1206407tint_single_entry_point_fuzzer: Illegal-instruction in tint::fuzzers::ValidityErrorReporter-2021-09-30
1210550gpu_raster_passthrough_fuzzer: Crash in CopyRow_ERMS-2021-09-30
1210985Security: OOB write after moving pinned tab into a group$150002021-09-30
1218973Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1219377Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1194689heap-buffer-overflow : media::D3D11H264Accelerator::SubmitFrameMetadata-2021-09-29
1209517sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2021-09-29
1218707Security: UAF in websql$5002021-09-29
1218974Security: ChromeOS root privilege escalation (brltty, vpn-manager, cros_camera_server)$300002021-09-29
1220754skia_path_fuzzer: Crash in blit_aaa_trapezoid_row-2021-09-29
1221897Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild-2021-09-29
1221840Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode$60002021-09-29
1222160Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2021-09-29
1178183cups_ipp_t_fuzzer: Crash in ippDelete-2021-09-28
1202102Security: UAF when attempting to move tab group in restored window$100002021-09-28
1212599AddressSanitizer: heap-use-after-free fft_frame_pffft.cc:81 in blink::FFTFrame::FFTSetupForSize$75002021-09-28
1214641Heap-use-after-free in blink::IsLayoutObjectRelevantForAccessibility-2021-09-28
1215029Security: UAF when sending tab to device$100002021-09-28
1221812DCHECK failure in details.representation().Equals( map.GetPropertyDetails(descriptor).representati-2021-09-28
1216678Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-09-26
1215912Freelist Corruption with PartitionAlloc on 93.0.4541.0+ related to allocation of LayoutObjects/PaintLayers-2021-09-24
1219925Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-24
1221031Crash in cppgc::internal::PageBackend::AllocateLargePageMemory-2021-09-24
1221062heap-use-after-free : disk_cache::SparseControl::GetAvailableRange-2021-09-24
1212612Security: Use after free in Payments$200002021-09-23
1219539Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-23
1219898v8_wasm_fuzzer: DCHECK failure in 0 < code.size() in function-compiler.cc-2021-09-23
1151507Security: Cross-origin iframe can navigate top window to different site via same-site open redirect or XSS redirect$30002021-09-22
1183440Heap-use-after-free in views::MenuController::ExitMenu-2021-09-22
1195278UAF in bookmark$75002021-09-22
1200679Security: Double-free when extension is uninstalled while uninstall dialog is being shown$100002021-09-22
1201033Security: Out-of-bounds access in WebAudio$75002021-09-22
1206458heap-use-after-free : resource_coordinator::TabLifecycleUnitSource::TabLifecycleUnit::SetFocused-2021-09-22
1145553bypass blocked autoredirects from cross-origin iframes$50002021-09-21
1181522CrOS: Intel graphics drivers advisory INTEL-SA-00438-2021-09-21
1194899BigInt toLocaleString free invalid pointer$10002021-09-21
1211308Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-09-21
1213350Security: Incorrect Security UI in downloads$30002021-09-21
1219101Security: Simplified Lowering DCHECK restriction type-2021-09-21
1219634v8_wasm_code_fuzzer: DCHECK failure in exception_stack.back() == control_stack.size() - 1 in wasm-interpreter.cc-2021-09-21
1214699Null-dereference READ in ubsan_GetStackTrace-2021-09-20
1216941Null-dereference READ in content::BrowserContext::GetDefaultStoragePartition-2021-09-19
1219231Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-19
1216837Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-18
1218439Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers-2021-09-18
1218587Heap-use-after-free in blink::StyleCrossfadeImage::ImageChanged-2021-09-18
1218811Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-18
1219036Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-09-18
1210487AddressSanitizer: use-after-poison long_task_detector.cc:46 in blink::LongTaskDetector::DidProcessTask$75002021-09-17
1214140Heap-use-after-free in views::Widget::OnNativeWidgetDestroying-2021-09-17
1214584Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-09-17
1215504CrOS: Vulnerability reported in net-nds/openldap-2021-09-17
1217741dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-09-17
1206911Security: heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing-2021-09-16
1209558Breakpoint with empty stacktrace-2021-09-16
1209769uaf in browser process DestroyURLLoader(network::cors::CorsURLLoaderFactory)$150002021-09-16
1210547dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-09-16
1211215DCHECK failure in *p != to_check_ in heap.cc-2021-09-16
1212498Security: UAF after user clicks help link in enhanced spell check dialog$100002021-09-16
1212500Security: UAF after use clicks help link in accessibility labels dialog$100002021-09-16
1212618Security: UAF in ServiceWorker with bfcache$250002021-09-16
1212862Security: Crash in Zenith dialog-2021-09-16
1216437Security: Unexpected JS execution in GetScriptableObjectProperty leads to JS object corruption-2021-09-16
1176218Security: TALOS-2021-1241 Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability$75002021-09-15
1187797Security: UAF in usrsctp on sctp_association->str_reset$75002021-09-15
1191778policy_fuzzer: Heap-use-after-free in base::JoinString-2021-09-15
1197146Security: UAF when extension removes tab group during drag$100002021-09-15
1198717Security: OOB write after extension pins tab during drag$100002021-09-15
1199198Security: UAF caused by some WebUIMessageHandlers when OnJavascriptDisallowed() is not called before destruction$150002021-09-15
1202598Security: Heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$100002021-09-15
1203693dawn_wire_server_and_frontend_fuzzer: Container-overflow in tint::diag::Formatter::format-2021-09-15
1204814sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-09-15
1206631Chrome: Crash Report - base::CancelableTaskTracker::Untrack-2021-09-15
1215974CrOS: Vulnerability reported in x11-libs/gdk-pixbuf-2021-09-15
1216212hb_subset_fuzzer: Crash in OT::hb_colrv1_closure_context_t::return_t OT::Paint::dispatch<OT::hb_colrv1_clos-2021-09-15
1140831harbfuzz is affected by unfixed upstream bugs-2021-09-14
1201073Security: UAP in FileReader$75002021-09-14
1202534v8_inspector_fuzzer: DCHECK failure in enabled() in v8-debugger-agent-impl.cc-2021-09-14
1209444Trap in Builtins_JSEntryTrampoline-2021-09-14
1211782CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1212460CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1215250paint_op_buffer_fuzzer: Use-of-uninitialized-value in cc::PaintOpReader::ReadRecordPaintFilter-2021-09-14
1215808DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1215976Memcpy-param-overlap in v8::base::Memcpy-2021-09-14
1216595Attaching an inner contents that has already created a platform RenderWidgetHostView causes a bad cast on Mac and Android-2021-09-14
1216928code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-09-14
1217311DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1210823dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-09-12
1202661Security: Stack overflow in printing$100002021-09-11
1201031Security: Use-after-free in extension install dialog$200002021-09-10
1209802tint_ast_clone_fuzzer: Illegal-instruction in tint_ast_clone_fuzzer.cc-2021-09-10
1210414Security: [ANGLE] Out-of-bound write in rx::Image11::GenerateMipmap$75002021-09-10
1216021counters_service_fuzzer: Use-of-uninitialized-value in patchpanel::ParseOutput-2021-09-10
1216215DCHECK failure in (optimizing_compile_dispatcher_) != nullptr in isolate.h-2021-09-10
1211326SUMMARY: AddressSanitizer: heap-use-after-free devtools_agent_host_impl.h:84 in std::__1::vector<content::protocol::TargetHandler*, std::__1::allocator<content::protocol::TargetHandler*> > content::DevToolsAgentHostImpl::HandlersByName<content::protocol::TargetHandler>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)$100002021-09-09
1213313Security: HeapOverflow in FillPhoneCountryCode$150002021-09-09
1214280dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in sw::SpirvShader::Operand::Float-2021-09-09
921607Cross-Origin URL steal using Fetch and no-cors requests on iOS Chrome.$20002021-09-08
1070399Security: URL spoofing using 'very-long-hostname' URL in the Suggestion box$5002021-09-08
1200440ExtensionFunction::browser_context() and deleted private profiles-2021-09-08
1180210Security: CVE-2020-12362: Privilege escalation vulnerability in i915 GuC firmware-2021-09-06
1181227Security: Failure to enforce EC is booted from RO when performing dev mode transitions on dedede, volteer-2021-09-06
1213770CHECK failure: unregister_token().IsUndefined(isolate) implies key_list_prev().IsUndefined(isol-2021-09-05
1214311counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-09-05
1195722Security: UAP in JS Self-Profiling API$50002021-09-04
1195431Security: UAF in Android-specific (not in upstream Linux) xt_qtaguid kernel module-2021-09-04
1213709DCHECK failure in 0 < number_of_all_descriptors in factory-base.cc-2021-09-04
1201938DCHECK failure in descriptor_number.as_int() < number_of_descriptors() in descriptor-array-inl.h-2021-09-02
1206404Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-02
1208264Security: Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive$150002021-09-02
1208782DCHECK failure in IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize) in atomicops.h-2021-09-02
1210394crash in canvas filter$50002021-09-02
1212694Security: libxml CVE-2021-3541-2021-09-02
1213476Heap-use-after-free in blink::mojom::CodeCacheHostStubDispatch::Accept-2021-09-02
1213678DCHECK failure in that == nullptr || v8::internal::Object( *reinterpret_cast<const v8::internal::A-2021-09-02
1213764Crash in v8::internal::Map::instance_type-2021-09-02
1213851CHECK failure: ReadOnlyRoots(isolate).empty_descriptor_array() == *this-2021-09-02
1023503Security: PlatformSensorReaderWin32 use after free bug-2021-09-01
1094449CrOS: Vulnerability reported in sys-apps/dbus-2021-09-01
1204811Security: Local Elevation of Privilege vulnerability in Google Update Service$100002021-09-01
1210593CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2021-09-01
1212206Heap-use-after-free in rx::FramebufferVk::startNewRenderPass-2021-09-01
1212321Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-09-01
1212733Security: expat vulnerable to CVE-2013-0340?$5002021-09-01
538562Chrome inherits window name from sandboxed iframe, enabling global variable confusion-2021-08-31
1129379CrOS: Vulnerability reported in dev-libs/openssl-2021-08-31
1207277Security: heap-use-after-free in BrowserView::ProcessFullscreen$75002021-08-31
1207334CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-31
1209798CHECK failure: Ref construction failed-2021-08-31
1212582DCHECK failure in !node->op()->HasProperty(Operator::kNoThrow) in simplified-lowering.cc-2021-08-31
1172694Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-08-28
1197431Bad-cast to rx::RenderTargetVk from invalid vptr in rx::FramebufferVk::startNewRenderPass-2021-08-28
1203607Security: Heap-use-after-free in TabStripLayoutHelper::CalculateMinimumWidth$75002021-08-28
1184954Security: Heap-use-after-free in TabStrip::GetSizeNeededForViews$100002021-08-27
1196480Security: Multiple Bugs in WebP-2021-08-27
1196773Security: heap-use-after-free in libwebp ConvertBGRAToRGB_SSE41-2021-08-27
1196775Security: heap-buffer-overflow in libwebp PlanarTo24b_SSE41-2021-08-27
1196777Security: heap-buffer-overflow in libwebp VP8YuvToRgb-2021-08-27
1196778Security: heap-buffer-overflow in libwebp UpsampleRgbLinePair_SSE41-2021-08-27
1206289CHECK failure: function->closure_feedback_cell_array().length() == function->shared().feedback_-2021-08-27
1211711dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-08-27
1178202Security: X-Chrome-offline allows arbitrary file reads from compromised renderer.-2021-08-26
1196232CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-26
1197199gpu_raster_swangle_passthrough_fuzzer: Heap-use-after-free in libvk_swiftshader.so-2021-08-26
1196309Security: OOB vector insertion when extension highlights tab during drag$100002021-08-26
1197875Security: OOB read when attempting to add tab to group after groups have changed$110002021-08-26
1201340DCHECK failure in offset_imm <= std::numeric_limits<int32_t>::max() in liftoff-assembler-ia32.h-2021-08-26
1201446Security: heap-buffer-overflow in CreateFaviconImageSkia$200002021-08-26
1203590container-overflow in dom_distiller::TaskTracker::NotifyViewersAndCallbacks-2021-08-26
1209118SUMMARY: AddressSanitizer: heap-use-after-free (Chromium/asan-mac-release-876501/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/92.0.4491.0/Chromium Framework:x86_64+0x1958102f) in blink::ComputedAccessibleNode::checked()$50002021-08-26
1185801Remove header sizes from ResourceTiming transferSize-2021-08-25
1194431Security: UAF in TracingHandler$50002021-08-25
1194896Security: UAF after moving tab associated with undocked devtools instance into another browser window$100002021-08-25
1200766UAF in AutofillPopupControllerImpl$200002021-08-25
1203674AddressSanitizer: heap-use-after-free in dom_distiller::UMAHelper::LogTimeOnDistillablePage-2021-08-25
1205059video_capture_host_mojolpm_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in media::FakeV4L2Impl::ioctl-2021-08-25
1208414render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1208721Security: heap-over-flow in AutofillPopupControllerImpl::RemoveSuggestion$200002021-08-25
1209178render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1209638dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-08-25
1206623DCHECK failure in StackFrame::IsTypeMarker(marker) in frames.cc-2021-08-23
1177325libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2-2021-08-22
1190030Crash in rx::IOSurfaceSurfaceVkMac::releaseTexImage-2021-08-21
1200246dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-08-21
1204347Security: 3d css can still glitch onto native browser UI-2021-08-21
1206131Security: PresentationRequest dialog can appear over the wrong tab$10002021-08-21
1208984Heap-buffer-overflow in GrPathUtils::generateQuadraticPoints-2021-08-21
1189110Crash in sw::SpirvShader::getImageSampler-2021-08-20
1205981Visited links leak via CSS transitions and the transitionrun event (Windows 10, Linux)$50002021-08-20
1207078v8_inspector_fuzzer: DCHECK failure in has_scheduled_exception() in isolate-inl.h-2021-08-20
1208865zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerElfIntel<zucchini::Elf32IntelTraits>::MakeReadAbs32-2021-08-20
1194058Security: heap-use-after-free in the payment dialog in the browser process$150002021-08-19
1195340Security: HeapOverflow in MediaFeeds$150002021-08-19
1195573Security: UAF when WebContents being dragged is destroyed$10002021-08-19
1197436Security: heap-use-after-free in DesktopWindowTreeHostPlatform::SetFullscreen$100002021-08-19
1200019Security: heap-buffer-overflow in PlatformNotificationServiceImpl::CreateNotificationFromData$200002021-08-19
1206329UAF in InternalAuthenticatorAndroid::InvokeIsUserVerifyingPlatformAuthenticatorAvailableResponse-2021-08-19
1207992Heap-use-after-free in viz::SkiaRenderer::DrawRenderPassQuad-2021-08-19
1153363Security: With full pointers, a wrong SmiUntag() operation on a TaggedIndex value can cause operating on the wrong feedback slot.-2021-08-18
1198216sqlite3_dbfuzz2_fuzzer.exe: Heap-buffer-overflow in insertCell-2021-08-18
12004900 and -0 confusion in SpeculativeNumberMultiply-2021-08-18
1203593Static-imported scripts are wrongly considered main scripts during service worker update-2021-08-18
1204071Segv on unknown address in Builtins_InterpreterEntryTrampoline-2021-08-18
1206674Heap-use-after-free in hsw::run_program-2021-08-18
1206822Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit-2021-08-18
1207680CHECK failure: Ref construction failed-2021-08-18
1194829use after poison write in mojo::InterfaceEndpointClient::NotifyError when deal with WebBundle$50002021-08-17
1205670CVE-2021-31829 - Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory-2021-08-17
1206754DCHECK failure in !__isolate__->has_pending_exception() in ic.cc-2021-08-17
1206994CHECK failure: promise_result.is_null() == promise_->GetIsolate()->has_pending_exception()-2021-08-17
1207679CHECK failure: storage_.is_populated_-2021-08-17
1205752tint_spv_reader_wgsl_writer_fuzzer: Bad-cast to const tint::ast::Pointer from tint::ast::Vector in tint::typ::TypePair<tint::ast::Pointer, tint::sem::Pointer> tint::typ::Call_type-2021-08-15
1149086gstoraster_fuzzer: Use-of-uninitialized-value in gp_pwrite_impl-2021-08-14
1164941Heap-buffer-overflow in sw::SpirvShader::getImageSampler-2021-08-14
1198369Security: ink refers to non-existent upstream-2021-08-14
1204484tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::ExtractFirstIndexOffsetInputs-2021-08-14
1171630gstoraster_fuzzer: Use-of-uninitialized-value in cf_decode_2d-2021-08-13
1172655gstoraster_fuzzer: Use-of-uninitialized-value in template_compose_group-2021-08-13
1201501Bad-cast to content::ChildThreadImpl from invalid vptr in content::ChildThreadImpl::OnFieldTrialGroupFinalized-2021-08-13
1201710gstoraster_fuzzer: Segv on unknown address in stream_dct_end_passthrough-2021-08-13
1202506gstoraster_fuzzer: Heap-use-after-free in real_param-2021-08-13
1203122Security: Type confusion bug in LoadSuperIC$200002021-08-13
1168081CrOS: Vulnerability reported in sys-libs/glibc-2021-08-12
1193233Security: Arbitrary file read when caching file using CallAsSelfAndImpersonate2$50002021-08-12
1200017Heap-use-after-free in gl::GLFenceNV::~GLFenceNV-2021-08-12
1201074Security: use-of-uninitialized-value in libavif when decode the crafted avif file$75002021-08-12
1202203Heap-buffer-overflow in vk::Buffer::getOffsetPointer-2021-08-12
1201772FLEDGE passes privileged url_loader_factory to utility process-2021-08-11
1203240freetype_cidtype1_render_ftengine_fuzzer: Use-of-uninitialized-value in cf2_interpT2CharString-2021-08-11
1203738freetype_cidtype1_fuzzer: Use-of-uninitialized-value in cid_read_subrs-2021-08-11
1204829Heap-use-after-free in cricket::AllocationSequence::Init-2021-08-11
1197786sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-08-10
1194021CrOS: Vulnerability reported in x11-libs/cairo-2021-08-09
1203060freetype_bdf_fuzzer: Use-of-uninitialized-value in inflate-2021-08-07
1204313Heap-use-after-free in viz::SkiaRenderer::PrepareRenderPassOverlay-2021-08-07
1177875Security: Openjpeg security fix may be missing$5002021-08-04
1198705Security: Range miscalculation for nodes of type SpeculativeSafeIntegerAdd in v8's TurboFan$75002021-08-04
1199345missing the -0 case in VisitSpeculativeIntegerAdditiveOp$150002021-08-04
1202736DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-08-04
1139156Security: chrome.debugger API bypasses the runtime_blocked_hosts Enterprise policy$50002021-08-03
1195331Trap in v8::internal::Map::UpdateFieldType-2021-08-03
1198854use after poison inMediaStreamAudioTrack::StopAndNotify$50002021-08-03
1202119Stack-use-after-return in SkRect::x$60002021-08-03
1202609incorrect range constraint converting {u,}int64_t to double-2021-08-03
1180510security: click-to-call across devices has inconsistent escaping & URL validation$30002021-08-02
1163228Security: Missing usrsctp fixes-2021-07-31
1201537vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::FrameValidator::OnEncodedImage-2021-07-31
1195650Security: v8 SIGTRAP in optimized code$50002021-07-30
1199402Security: Remote Code Execution?-2021-07-30
1200231Crash in v8::internal::compiler::Operator1<v8::internal::Handle<v8::internal::HeapObject>-2021-07-30
1110036gstoraster_fuzzer: Use-of-uninitialized-value in parse_dict-2021-07-29
1107972gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1157498gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-07-29
1159499gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-07-29
1160913gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1198895use-after-poison in blink::ImageDecoderExternal::OnMetadata$75002021-07-29
1200184v8_wasm_compile_fuzzer: Trap in v8::internal::wasm::fuzzer::InterpretAndExecuteModule-2021-07-29
1201113Crash in v8::internal::Simulator::LoadStoreHelper-2021-07-29
1201432Crash in Builtins_RunMicrotasks-2021-07-29
1175058Security: heap-use-after-free using Presentation API-2021-07-28
1175522sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-28
1181276sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip-2021-07-28
1188889Security: UAF in PageHandler::Navigate$100002021-07-28
1194046Security: Site isolation break because of double fetch of shared buffer$150002021-07-28
1194491Security: Potential out-of-bound write, origin confusion, permission type confusion in PermissionManager-2021-07-28
1195308Security: Integer Overflow leads to heap buffer overflow in the function$200002021-07-28
1195686Security: Heap-use-after-free in constrained_window::CreateWebModalDialogViews$50002021-07-28
1195777Security: Incorrect representation change from Word64 to Word32$200002021-07-28
1196654CrOS: Vulnerability reported in net-misc/curl-2021-07-28
1197829[cros] Device unlocked after resume from sleep-2021-07-28
1197904Security: UAF in NavigationPredictor$270002021-07-28
1198165(Chrome & Chromium Browsers) File Download Pop-up Origin Spoof$75002021-07-28
1198696Harden ArrayPrototypePop and ArrayPrototypeShift against typer bugs-2021-07-28
1199662v8_wasm_compile_fuzzer: DCHECK failure in 0 == four_lanes & in code-generator-arm.cc-2021-07-28
1200162freetype_colrv1_fuzzer: Use-of-uninitialized-value in tt_face_get_paint-2021-07-28
1172533Security: Autofill suggestion drop-down can cover browser UI-2021-07-26
1173297Security: Autofill dropdown can be made hidden-2021-07-26
1198611freetype_colrv1_fuzzer: Crash in tt_face_get_paint-2021-07-26
1185732UAF in indexeddb database$50002021-07-24
1195579DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2021-07-24
1025683Permission Service Use After Free$200002021-07-23
1192552heap-use-after-free : views::HWNDMessageHandler::OnDisplayChange-2021-07-23
1195333Security: The Browser Process wrongly handle ACCEPT_BROKER_CLIENT message$150002021-07-23
1199526v8_wasm_compile_fuzzer: Trap in V8_Dcheck-2021-07-23
1195977Security: v8 Array.concat IterateElements OOB access leads to RCE$220002021-07-22
1197759Segv on unknown address in HistoryClustersTabHelper::OnOmniboxUrlCopied-2021-07-22
1197852Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-22
1198385heap-buffer-overflow : metal::`anonymous namespace'::TestShaderNow-2021-07-22
1198871Abrt in blink::FontCache::GetLastResortFallbackFont-2021-07-22
830101SameSite cookie bypass via redirect$30002021-07-21
1166502Known vulnerability detected in third_party/unrar-2021-07-21
1175503Security: same-to-cross-to-same-origin redirects are allowed for dedicated module workers-2021-07-21
1178032heap-use-after-free : PermissionBubbleMediaAccessHandler::ProcessQueuedAccessRequest-2021-07-21
1196683Security: 2021 pwn2own entry-2021-07-21
1196803iframe sandbox escape using incognito intent fallback URLs-2021-07-21
1197492Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut-2021-07-21
1197839Chromium: Vulnerability reported in third_party/xstream-2021-07-21
1072486Security: udev: root file write -> command execution privilege escalation-2021-07-20
1161806potential uaf in webmidi-2021-07-20
1166012Heap-buffer-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop-2021-07-20
1166496Known vulnerability detected in third_party/unrar-2021-07-20
1166497Known vulnerability detected in third_party/unrar-2021-07-20
1166498Known vulnerability detected in third_party/unrar-2021-07-20
1166499Known vulnerability detected in third_party/unrar-2021-07-20
1166500Known vulnerability detected in third_party/unrar-2021-07-20
1166501Known vulnerability detected in third_party/unrar-2021-07-20
1181688Security: UAF in Ozone Clipboard$200002021-07-20
1184294Security: xdgmime missing security-relevant commits-2021-07-20
1190525Heap-buffer-overflow in SkScalerContext_FreeType_Base::generateGlyphImage-2021-07-20
1197393Stack-buffer-overflow in void v8::internal::compiler::VisitBinop<v8::internal::compiler::BinopMatcher<v8:-2021-07-20
448539Autofill should not fill hidden fields-2021-07-19
1197819Bad-cast to int (const char *, void *) in xdg_run_command_on_dirs-2021-07-19
1197910Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-07-19
1195552Crash in v8::internal::Isolate::embedded_blob_code-2021-07-16
1195615Crash in blink::HTMLPopupElement::hide-2021-07-16
1168541Security: cryptohome chronos-access chgrp-2021-07-15
1168549Security: Cryptohome chown chronos-2021-07-15
1190519Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-07-15
1193739heap-use-after-free : media::MojoVideoDecoder::OnVideoFrameDecoded-2021-07-15
1194358Security: OOB in v8$150002021-07-15
1195356Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-15
1157030CrOS: Vulnerability reported in app-text/poppler-2021-07-14
1165654Security: 30x Redirect On Reload Can Navigate to Unsafe URLs / Cause Spoofing Issues-2021-07-14
1195370Trap in v8::internal::Handle<v8::internal::JSFunctionOrBoundFunction> const v8::internal-2021-07-14
1196503Crash in v8::base::Relaxed_Load-2021-07-14
1184929v8_wasm_async_fuzzer: DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc-2021-07-13
1194417Security: PermissionControllerImpl::UnsubscribePermissionStatusChange UAF-2021-07-13
1195343CrOS: Vulnerability reported in dev-libs/openssl-2021-07-13
1193327freetype_colrv1_fuzzer: Heap-buffer-overflow in tt_face_get_paint-2021-07-11
1189926Aww snap crash when editing canvas text$10002021-07-10
1191389dawn_wire_server_and_vulkan_backend_fuzzer: Crash in dawn_native::ValidateImageCopyTexture-2021-07-10
1192574Security: 30x to data URI aren't blocked on iOS-2021-07-10
1192789Security: upgrade to openssl 1.1.1k.-2021-07-10
1156531Security: IDN Spoofing-2021-07-09
1175992Security: Heap-buffer-overflow in TabStripModel::IsTabPinned$100002021-07-08
1184399Security: Legacy ipc::Message passed via shared memory.-2021-07-08
1190462CrOS: Vulnerability reported in net-libs/gnutls-2021-07-08
1192054Security: heap-use-after-free in blink::InvalidatableInterpolation::MaybeConvertPairwise$50002021-07-08
1192313v8_wasm_compile_fuzzer: Negative-size-param in v8::internal::wasm::WasmFullDecoder<-2021-07-08
1193257webcodecs_audio_decoder_fuzzer: Bad-cast to media::MediaLog from invalid vptr in media::LogHelper::~LogHelper-2021-07-08
1194784v8_wasm_code_fuzzer: DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-08
1194669Trap in v8::internal::FunctionLiteral::GetDebugName-2021-07-08
1161379kCanvasReadback is used for two fingerprint surfaces-2021-07-07
1161847Trap in Builtins_InterpreterEntryTrampoline-2021-07-07
1173903Security: container-overflow in TabStrip-2021-07-07
1181228Security: UAF in DesktopCapture$200002021-07-07
1182647Security: Use after free in V8$150002021-07-07
1185463DCHECK failure in PropertyConstness::kMutable == old_descriptors_->GetDetails(modified_descriptor_-2021-07-07
1185482Security: use-after-free in WindowTreeHostPlatform::OnBoundsChanged$10002021-07-07
1186641Security: heap-use-after-free in Blink$75002021-07-07
1192311Use-after-poison in blink::AXObjectCacheImpl::Dispose-2021-07-07
1193098gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2021-07-07
1193209pdf_codec_jbig2_fuzzer: Stack-use-after-scope in fxcrt::UnownedPtr<std::__Cr::list<std::__Cr::pair<std::__Cr::pair<unsigned int,-2021-07-07
1193493CHECK failure: !available->IsEmpty() in macro-assembler-arm64.cc-2021-07-07
1193728CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-07-07
1194316DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-07
1177419Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree [LayoutNG only]-2021-07-06
1187210sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-06
1169049Security: ARM GPU driver vulnerabilities-2021-07-05
1192926Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2021-07-05
1193116Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-07-04
1193210Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-04
1188407Security: ChromeOS: missing path restriction in arc-obb-mounter-2021-07-03
1189576crash in VideoFrame$20002021-07-03
1190554Use-of-uninitialized-value in media::MediaMetricsProvider::~MediaMetricsProvider-2021-07-03
1191853v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-07-03
1192418Segv on unknown address in blink::Node::parentNode-2021-07-03
1192456Use-of-uninitialized-value in blink::AXLayoutObject::CanHaveChildren-2021-07-03
1192569Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-03
1190290v8_inspector_fuzzer: DCHECK failure in has_exception == isolate->has_pending_exception() in execution.cc-2021-06-30
1106907uaf in WebRTC_Network$50002021-06-29
1176510Use-of-uninitialized-value in GURL::SchemeIs-2021-06-29
1189890Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper-2021-06-29
1184562Security: NAT Slipstreaming via RTSP(TCP/554) allows attacker to access local udp ports$30002021-06-27
1185611Heap-use-after-free in libvk_swiftshader.dylib$60002021-06-27
1187217Security DCHECK failure: IsTextControl(node) in text_control_element.h-2021-06-27
1187896v8_wasm_code_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2021-06-27
1190077Container-overflow in views::View::Layout-2021-06-27
1000248Using the CSS Layout API and contenteditable causes the page to crash$50002021-06-24
1100748Security: Possible for extensions to access chrome.cloudPrintPrivate API$10002021-06-24
1115045CSP frame-src bypass using: window.open + javascript-url + about:srcdoc + doubly-nested-iframe.$30002021-06-24
1116869Security: heap-buffer-overflow in "SkiaState::AdjustClip" function$50002021-06-24
1145024Security&UI: WPA2-Enterprise/EAP WiFi Connection "Default" UI Discrepancy$5002021-06-24
1161891Security: Reloading iframes with data: src causes partial CSP bypass$5002021-06-24
1166091Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166462Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166478Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166972Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1167507Security: Offline view bypasses Content-Security-Policy of the original page$30002021-06-24
1167629Security: Context menu "Open" on a javascript: link bypasses Content-Security-Policy$10002021-06-24
1180588Memcpy-param-overlap in mojo::core::Channel::Message::ExtendPayload-2021-06-24
1182767Security: Amended fix for Side-channel attack against Autofill Preview$50002021-06-24
1184037Container-overflow in blink::LocalFrameView::PushPaintArtifactToCompositor-2021-06-24
1184147Security: Incorrect Security UI in payment$5002021-06-24
1185735[spark-plug]SharedFunctionInfo pending execption error which can lead to RCE-2021-06-24
1188868DCHECK failure in 0 == result in mutex.cc-2021-06-24
1189396CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc-2021-06-24
1189467Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2021-06-24
1146813Crash in v8::internal::Builtins::builtin_handle-2021-06-23
1166138Security: Debug check failed: kMinCPOffset <= by (-32768 vs. -65536).$50002021-06-23
1187203Security: SandboxedUnpacker unsafe use of shared memory.-2021-06-23
1187403Heap-use-after-free in CurrentTabDesktopMediaList::Refresh$150002021-06-23
1187826CrOS: Vulnerability reported in media-libs/tiff-2021-06-23
1187836v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2021-06-23
1188483DCHECK failure in invalidated_object.map().IsMap() in invalidated-slots-inl.h-2021-06-23
1188974DCHECK failure in !is_linked() in label.h-2021-06-23
1186603v8_wasm_async_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-06-22
1167357potential uaf in rtc_peer_connection$5002021-06-18
1179915heap-use-after-free : ui::EventTarget::RemovePreTargetHandler-2021-06-18
1181387Security: container-overflow in TabGroups-2021-06-18
1182109Security: dPWAs can change their icons after installation-2021-06-18
1187170DCHECK failure in IsPrimitiveMap() in map-inl.h-2021-06-18
1177674Security: Site Isolation bypass after BrowsingInstance state deleted-2021-06-17
1185829v8_wasm_compile_fuzzer: DCHECK failure in source.stack_height() == target.stack_height() in liftoff-assembler.cc-2021-06-17
1186802v8_wasm_compile_fuzzer: DCHECK failure in sig->return_count() <= cache_state_.stack_height() in liftoff-assembler.cc-2021-06-17
1040988media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2021-06-16
1152226Leaking the URL of any cross-origin redirect through AppCache's network section$50002021-06-16
1152334Security: UAF in PaymentResponseHelper::GeneratePaymentResponse$150002021-06-16
1174493CrOS: Vulnerability reported in dev-python/jinja-2021-06-16
1185512cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-16
1185999v8_wasm_code_fuzzer: DCHECK failure in (cond) != nullptr in wasm-compiler.cc-2021-06-16
916326CSP bypass via wrong inheritance-2021-06-15
1097480CrOS: Vulnerability reported in dev-libs/libpcre-2021-06-15
1146651X-Frame-Options console error leaks cross-origin redirect information to a cross-site renderer process-2021-06-15
1161144Security: UAF in Bookmark OpenAll$100002021-06-15
1173879Security: Autofill preview suggestion value can be made to persist-2021-06-15
1175507Security: heap-use-after-free in TabSearchPageHandler::CloseTab-2021-06-15
1175975WebCodecs VideoFrame allows tainting bypass for ImageBitmaps.-2021-06-15
1181131CrOS: Multiple vulnerabilities in dev-libs/openssl-2021-06-15
1182571v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-06-15
1183026v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-06-15
1184182Heap-use-after-free in aura::Window::~Window-2021-06-15
1184928DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-06-15
1184964DCHECK failure in !cache_state_.stack_state.empty() in liftoff-assembler.cc-2021-06-15
1184966CHECK failure: Node::New() Error: #743:Phi[0] is nullptr in node.cc-2021-06-15
1184991DCHECK failure in (val.node) != nullptr in graph-builder-interface.cc-2021-06-15
1185072DCHECK failure in (location_) != nullptr in handles.cc-2021-06-15
1185322DCHECK failure in kBottom != kind in value-type.h-2021-06-15
1185579CHECK failure: Node::New() Error: #287:Float32LessThanOrEqual[1] is nullptr in node.cc-2021-06-15
1178181cups_ipp_t_fuzzer: Crash in create_item-2021-06-12
583058Security: root->kernel scribble in cros_ec_dev:ec_device_ioctl_xcmd on 32bit$50002021-06-11
957606Security: CSP restrictions aren't applied when navigating a frame to about:blank$75002021-06-11
971231Chrome Content security Policy bypass$10002021-06-11
1075734Security: Side-channel attack against Autofill Preview that can steal user's data (e.g., credit card number).$5002021-06-11
1115298Full CSP bypass by opening a blob URL in a new tab and reloading it with history.back$30002021-06-11
1115628Security: Full CSP bypass through blob: URIs$50002021-06-11
1117687Security: Full CSP bypass through filesystem URIs$50002021-06-11
1154250Security: determining size of CORB/CORP'd cross-origin responses$5002021-06-11
1155302Security: UaF in V4L2VideoEncodeAccelerator-2021-06-11
1158010Security: Referrer Header Spoofing Vulnerability via <base> tags$5002021-06-11
1170584UI/URL Spoofing by putting the page into fullscreen when a user opens the emoji dialog$10002021-06-11
1174943uaf in DestroyURLLoader(network::cors::CorsURLLoaderFactory)$150002021-06-11
1175436uaf in CrossOriginEmbedderPolicyReporter(browser)$150002021-06-11
1178165cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-11
1181701CrOS: Vulnerability reported in dev-libs/glib-2021-06-11
1183192Use-of-uninitialized-value in blink::LayoutGrid::FirstLineBoxBaseline-2021-06-11
1184441Racy UAF when handling usrsctp notification on timer thread-2021-06-11
1173311Security: Backport futex fix to older kernels-2021-06-09
1181673noopener not applied to popups opened from a cross origin iframe in a cross-origin-isolated environment-2021-06-09
1181684v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-06-09
1183122Heap-use-after-free in blink::GridLayoutUtils::FlowAwareDirectionForChild-2021-06-09
1181676Security: UAF in ClipboardHistory$200002021-06-08
1182572Heap-buffer-overflow in mojo::core::Channel::Message::ExtendPayload-2021-06-05
1013133CHECK failure: API call returned invalid object in api-arguments-inl.h-2021-06-04
1181310Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181125Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181599sanitizer_api_fuzzer: Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-06-04
996770Security: [xfa] pdfium SEGV on RelocateTableRowCells$50002021-06-02
1180435Crash in v8::internal::Simulator::DecodeType2-2021-06-01
1180871Heap-use-after-free in storage::DataPipeTransportStrategy::OnDataPipeReadable-2021-06-01
1180129v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1180563Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-30
1180579v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1177623Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1177812Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1180181v8_wasm_fuzzer: Segv on unknown address in v8::internal::Simulator::LoadStoreHelper-2021-05-29
1180157tint_spv_reader_wgsl_writer_fuzzer: Use-of-uninitialized-value in tint::ValidatorImpl::Validate-2021-05-29
1159255cras_rclient_message_fuzzer: Crash in cras_system_state_stream_added-2021-05-28
1160414heapoverflow in web gpu$50002021-05-28
1179120Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179118Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179182v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-05-28
1179292Heap-buffer-overflow in base::internal::VectorBuffer<char>::RangesOverlap-2021-05-28
1179545v8_wasm_compile_fuzzer: Stack-use-after-scope in v8::internal::wasm::fuzzer::WasmGenerator::BlockScope::BlockScope-2021-05-28
1179595[sparkplug]baseline optimize function PrologueFillFrame register_count can be 0 .which can lead to code execution$50002021-05-28
1179677Heap-use-after-free in base::ScopedMultiSourceObservation<aura::WindowTreeHost, aura::WindowTreeHostObs-2021-05-28
1179948wayland_fuzzer: Heap-use-after-free in decltype-2021-05-28
1144074Heap-use-after-free in EGL_DestroyContext-2021-05-27
1160218dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-05-27
1160258crash in gpu::gles2::GLES2Implementation::ReadPixels$50002021-05-27
1176728Security: Does eigen3 need updating?-2021-05-27
1178219Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-27
1179336Heap-buffer-overflow in base::circular_deque<char>::MoveBuffer-2021-05-27
1143526Security: leak cross-site response size - countermeasure bypass$30002021-05-26
1168544Security: crash-reporter chmod 660-2021-05-26
1171049Security: container-overflow in TabStrip::SetSelection$100002021-05-26
1174373UAP in MojoWatcher::OnHandleReady$20002021-05-26
1177593heap-buffer-overflow : blink::H264Encoder::EncodeOnEncodingTaskRunner-2021-05-26
1178008dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-26
1178136Chromium: Vulnerability reported in third_party/libzip-2021-05-26
1179025DCHECK failure in !pinned.has(reg) in liftoff-assembler.h-2021-05-26
1172054UaF in WebRTC P2PSocketManagerProxy::CreateSocket$50002021-05-25
1174626datapath_fuzzer: Use-of-uninitialized-value in patchpanel::IPv6AddressToString-2021-05-25
1178224Bad-cast to blink::LayoutTableSection from blink::LayoutNGTableSection in blink::LayoutTable::AddChild-2021-05-25
1178263Heap-buffer-overflow in blink::LayoutTable::AddColumn$60002021-05-25
1128895CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-05-24
1178455Test report from guest gmail account-2021-05-24
1176909Heap-use-after-free in blink::DisplayItemClient::IsJustCreated-2021-05-23
1177273Heap-use-after-free in blink::PaintLayer::RemoveAncestorScrollContainerLayer-2021-05-23
1178142Crash in blink::LayoutTable::AddCaption-2021-05-23
1178074Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-23
1111646Security: Possible to spoof URL after renderer crash$30002021-05-22
1174186CSS 3D transform intersection glitch in Chrome / Windows$5002021-05-22
1177684Use-of-uninitialized-value in blink::LayoutTable::AddCaption-2021-05-22
1177832Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-22
1178007Crash in blink::LayoutObjectChildList::RemoveChildNode-2021-05-22
1174582Security: ScriptProcessorNode allows write of Float32Array across threads-2021-05-21
1176606Heap-use-after-free in ash::NotificationCounterView::~NotificationCounterView-2021-05-21
1177341Security: Insufficient fix for CVE-2021-21148-2021-05-21
1155819gpu_raster_swiftshader_fuzzer: Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt-2021-05-20
1176557dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-20
1177070Crash in v8::internal::interpreter::BytecodeArrayAccessor::Advance-2021-05-20
1170531Talos Security Advisory for Google Chrome browser (TALOS-2021-1235)$75002021-05-19
1170776Security: V8 Incorrect array bounds calculation-2021-05-19
1176318DCHECK failure in CanTransitionTo(new_details, *new_value) in property-cell-inl.h-2021-05-19
1035260libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_SSSE3-2021-05-18
1172819Heap-buffer-overflow in blink::NGTableLayoutAlgorithm::Layout-2021-05-18
1175222Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-18
1175500Security: Heap-buffer-overflow in TabStripModel::GroupTab (Windows-only)$75002021-05-18
1174551Heap-buffer-overflow in unsigned int v8::internal::StringHasher::HashSequentialString<char>-2021-05-17
1174900dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-17
1165724CrOS: Vulnerability reported in sys-libs/e2fsprogs-libs-2021-05-15
1168545Security: Arbitrary code execution in ghostscript-2021-05-15
1168555Security: android-root persistence-2021-05-14
1173269Security: heap-buffer-overflow in TabStripModel-2021-05-14
1173702Security: Heap buffer overflow in Tab Groups$75002021-05-14
1174641ANGLE: Out-of-bounds read for emulated compressed texture formats in 3D textures-2021-05-14
1166932Security: ChromeOS root privilege escalation and android-root persistence$450002021-05-13
1173925Use-of-uninitialized-value in blink::PaintPropertyTreeBuilder::UpdateForSelf-2021-05-13
1160459AddressSanitizer: access-violation on unknown address 0x000000000000-2021-05-12
1170826Third party apps and web pages can switch Chrome tabs-2021-05-12
1171785Heap-use-after-free in blink::LocalFrameView::PerformPreLayoutTasks-2021-05-12
1172192Security: UAF in Drag and Drop Download$200002021-05-12
1098582Security: allow-top-navigation-by-user-activation bypasses via message event listeners on iOS$50002021-05-11
1164655dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-05-11
1168552Security: host root file write-2021-05-11
1171954DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod-2021-05-11
1172121v8_inspector_fuzzer: DCHECK failure in host_import_module_dynamically_callback_ != nullptr == host_import_module_dynami-2021-05-11
1172591Heap-use-after-free in views::ColorChooser::OnViewClosing-2021-05-11
1172687Use-of-uninitialized-value in blink::LayoutObject::SetNeedsOverflowRecalc-2021-05-11
1172885dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-11
1172912v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffAssembler::MergeFullStackWith-2021-05-11
1171846v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-05-10
1171759v8_multi_return_fuzzer: DCHECK failure in stack_decrement == kSystemPointerSize in code-generator-arm.cc-2021-05-09
1171956dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-08
1172117Bad-cast to blink::LayoutTableCol from blink::LayoutNGTableColumn in blink::HTMLTableColElement::ParseAttribute-2021-05-08
1172118Heap-buffer-overflow in blink::NGTablePainter::PaintBoxDecorationBackground-2021-05-08
1094642gstoraster_fuzzer: Segv on unknown address in s_DCTD_process-2021-05-06
1160665Requests for script sent even when main document is text/plain$5002021-05-06
1161759DCHECK failure in 0 == Heap::GetFillToAlign(obj->address(), HeapObject::RequiredAlignment(*map)) i-2021-05-06
1166504heap bufferoverflow in VideoFrameYUVConverter$50002021-05-06
1170657use after poison in DOMWebSocket$50002021-05-06
1170933garcon_ini_parse_util_fuzzer: Heap-buffer-overflow in vm_tools::garcon::ExtractKeyLocale-2021-05-06
1171195DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparse-d-2021-05-06
1171327Security: Sudo vulnerability-2021-05-06
1171600DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-05-06
1171441tint_spv_reader_hlsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-06
1158376Security: Browser process heap-use-after-free in the portal element$150002021-05-05
1169317Security: UaF in payments::SecurePaymentConfirmationAppFactory$200002021-05-05
1170615garcon_ini_parse_util_fuzzer: Use-of-uninitialized-value in vm_tools::garcon::ExtractKeyLocale-2021-05-05
1170990CHECK failure: serialized_prototype_ in js-heap-broker.cc-2021-05-05
1165624Security: UaF in chrome!payments::PaymentRequestSheetController::UpdateHeaderView$150002021-05-04
1170112tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-04
1168116v8_wasm_async_fuzzer.exe: Null-dereference in v8::base::Thread::Start-2021-05-02
1155974Security: WebGL Shader Stack Exhaustion leading to PC control in llvmpipe$10002021-05-01
1168550Security: mediadrm command injection-2021-05-01
1156170Security: Oilpan: Use After Poision in IsInConstruction<>() with chrome/xfa-2021-04-30
1161739Security: UAP in animate-2021-04-30
1167337tint_spv_reader_spv_writer_fuzzer: Segv on unknown address in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1167759tint_spv_reader_msl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168408tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168725tint_spv_reader_spv_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1138542gstoraster_fuzzer: Heap-buffer-overflow in mem_mapped4_copy_mono-2021-04-29
1155426Security: UAF in MediaStreamCapture$200002021-04-29
1162942Security: website is able to draw over protected UI elements (URL, padlock, tab list, titlebar) using 3D CSS transforms$50002021-04-29
1167242dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-29
1166549v8_inspector_fuzzer: DCHECK failure in isolate->has_pending_exception() != result in bootstrapper.cc-2021-04-29
1167277Lacros 3D Canvas can leak outside of iFrame-2021-04-29
1167918DCHECK failure in HasRemainingBytes(kUint8Size) in preparse-data-impl.h-2021-04-29
1167981CHECK failure: Bytecode mismatch at offset 2 in interpreter.cc-2021-04-29
1167988DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-04-29
1168055CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2021-04-29
1169077tint_spv_reader_hlsl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-29
1167709DCHECK failure in !done() in state-values-utils.cc-2021-04-27
1161705Security: heap-user-after-free in SearchTabHelper::DidStartNavigation-2021-04-26
1167505Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-26
1167430Heap-use-after-free in content::RenderWidgetHostViewAura::ForwardKeyboardEventWithLatencyInfo-2021-04-25
1138143segmentation fault in mojom::clipboard$200002021-04-24
1154965use after poison in blink::TimerBase::RunInternal$75002021-04-24
1163504Security: heap-buffer-overflow in extension$100002021-04-24
1163845Security: HeapOverflow in TabStripModel$100002021-04-24
1158381Security: Bypass iframe security policy in the portal element$5002021-04-23
1159377CrOS: Vulnerability reported in net-misc/curl-2021-04-23
1162123heap-use-after-free : web_app::WebAppMetrics::~WebAppMetrics-2021-04-23
1165966v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-23
1166354Use-of-uninitialized-value in v8::internal::RootScavengeVisitor::VisitRootPointers-2021-04-22
1160952dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-21
1162303Security: ChromeOS chronos privilege escalation to root$300002021-04-21
1164055Security: Blink web_test fonts unowned-2021-04-21
1164816Security: chrome://settings ImportData out-of-bounds READ-2021-04-21
1152894Security: WebView and Chromium based browser Omnibar Spoofing with Race Condition$30002021-04-19
1163184DCHECK failure in !code.marked_for_deoptimization() in compiler.cc-2021-04-19
1161654v8_wasm_fuzzer: DCHECK failure in has(reg.low()) == has(reg.high()) in liftoff-register.h-2021-04-17
1164158Security: PDFIum (XFA) Heap Overflow in RelocateTableRowCells$50002021-04-17
1164187Heap-use-after-free in ash::tray::TimeTrayItemView::~TimeTrayItemView-2021-04-17
1164326wayland_fuzzer: Heap-use-after-free in decltype-2021-04-17
1157818performance API reveals information about redirects (XS-Leak)-2021-04-16
1160448uaf in webgpu-2021-04-16
1162131Security: heap-use-after-free in IsBox$50002021-04-16
1163122Security: /run/arc/host_generated allows chronos to configure any Android system properties-2021-04-16
1163882Chromium: Vulnerability reported in third_party/binutils-2021-04-16
1147416uaf in dawn_wire::server::Server::OnBufferMapAsyncCallback(--enable-unsafe-webgpu)-2021-04-15
1160602Security: Use After Free in WebSQL$50002021-04-15
1161357Security: Debug check failed: code == topmost_ implies safe_to_deopt_$160002021-04-15
1161943dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return-2021-04-15
1162156dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-04-15
1162198heap-use-after-free : mojo::core::NodeController::DropPeer-2021-04-15
1156904Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-14
1157743Security: spoof download on any websites$5002021-04-14
1162036UAF in MediaStreamTrackProcessor$50002021-04-14
1162834Heap-use-after-free in blink::ShadowList::CreateDrawLooper-2021-04-14
1161954v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-13
1162400v8_wasm_compile_fuzzer: Crash in Builtins_JSEntryTrampoline-2021-04-13
1150012gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-04-10
1062941libyuv_scale_fuzzer: Heap-buffer-overflow in ScaleFilterCols_16_C-2021-04-07
1161048Upgrade SQLite to 3.34.0-2021-04-07
1160225CrOS: Vulnerability reported in dev-util/glib-utils-2021-04-06
1160224CrOS: Vulnerability reported in dev-libs/glib-2021-04-05
1151727spvtools_opt_size_fuzzer: Heap-buffer-overflow in spvtools::opt::analysis::IntConstant::GetU64BitValue-2021-04-02
1159663uaf in media::learning::MojoLearningTaskControllerService::PredictDistribution$150002021-04-01
1128206Security: Possible for extension to escape sandbox via devtools_page and intentionally crashed renderer$100002021-03-30
1131346Potential UAF in Speech Recognizer-2021-03-30
1099985Heap-use-after-free for desks widget in bool ui::PropertyHandler::GetProperty<bool>-2021-03-29
1153993Security: Skia etc1 missing an uninitialized data fix-2021-03-29
1158266uaf in use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$5002021-03-29
1137607dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-03-28
1159267Security: URL bar spoofing in Payments API$5002021-03-27
1160286Use-of-uninitialized-value in base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>,-2021-03-27
1155876cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2021-03-26
1159763CrOS: Vulnerability reported in net-misc/curl-2021-03-26
1137247Security: Spoofing download filename extension in 86 chrome - showSaveFilePicker$10002021-03-25
1159164Use-of-uninitialized-value in v8::internal::PerfJitLogger::LogWriteDebugInfo-2021-03-25
1159679dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-03-25
1152645Security: Race condition on destruction of GpuMemoryBufferFactoryNativePixmap may cause use after free-2021-03-24
1157800Incomplete fix for auth dialog spoof in iOS$5002021-03-24
1157814Security: UAF in PasswordProtectionRequest$200002021-03-24
1158774ots_fuzzer: Use-of-uninitialized-value in ots::OpenTypeGLYF::ParseSimpleGlyph-2021-03-24
1157790Security: Out of Bounds in V8$10002021-03-23
1157799CrOS: Vulnerability reported in dev-libs/openssl-2021-03-23
1157994DCHECK failure in !SharedStringAccessGuardIfNeeded::IsNeeded(*this) in string-inl.h-2021-03-22
1158071Bad-cast to mojo::InterfaceEndpointClient from content::RenderFrameImpl in mojo::internal::AssociatedInterfacePtrStateBase::~AssociatedInterfacePtrStateBas-2021-03-21
1153516Heap-buffer-overflow in SkAnalyticEdge::setLine$60002021-03-19
1154468use after poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$50002021-03-19
1155854CrOS: Vulnerability reported in net-fs/samba-2021-03-19
1156431v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-03-19
1157324v8_wasm_compile_fuzzer: DCHECK failure in caller->CanTailCall(callee) in instruction-selector.cc-2021-03-19
1020667Security: Insecure Memory Copy in Trousers$5002021-03-18
1101961Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-03-18
1150810Security: File System Access API - getFileHandle() allowing to save .lnk files$10002021-03-18
1151726Heap-use-after-free in printing::PrintManager::GetPrintRenderFrame-2021-03-18
1156513pdf_codec_jpeg_fuzzer: Use-of-uninitialized-value in decompress_smooth_data-2021-03-18
831761SameSite cookie bypass via Custom Scheme$10002021-03-17
1148749Double free/UAF in RegionDataLoaderImpl::DeleteThis$200002021-03-17
1150065UaF in AudioHandler::ProcessIfNecessary-2021-03-17
1153658uaf in AudioNodeOutput::Pull$60002021-03-17
1155710Iterating a directory with the File System Access API does not check current permissions.-2021-03-17
1156510Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized$50002021-03-17
957042Security: Possible to partially break sandbox restrictions imposed upon popup windows$10002021-03-16
1105875Security: XS-Leak with Resource Timing API and CSP Embedded Enforcement$10002021-03-16
1131929[Resource Timing] Missing PerformanceResourceTiming entries for iframe Requests that don't receive a Response$10002021-03-16
1149171Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-03-16
1149895Security: OpenSSL certificate blocklist isn't installed in images-2021-03-16
1151069Security: heap-buffer-overflow in AudioWorkletProcessor::CopyParamValueMapToObject-2021-03-16
1151298Security: Use-After-Free in DeflateTransformer$75002021-03-16
1154936webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in init_encode_frame_mb_context-2021-03-16
1155497v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-03-16
1155959DCHECK failure in kCanBeWeak || (!IsSmi() == (((static_cast<i::Tagged_t>(ptr_) & ::i::kHeapObjectT-2021-03-15
1156001Crash in v8::internal::HandleBase::IsDereferenceAllowed-2021-03-15
1140435Security: showSaveFilePicker allowing to save file extension with space at the end - cannot delete file on windows-2021-03-13
1140403Security: Hide real extension of file by many white spaces - showSaveFilePicker$10002021-03-13
1140410Security: Hide real extension of file by RTL - showSaveFilePicker$10002021-03-12
1140417Security: showSaveFilePicker allowing to save .lnk and .local files on windows!$10002021-03-12
1146855Heap-use-after-free in blink::AggregatingSampleCollector::Flush-2021-03-12
1150249Index-out-of-bounds in blink::AudioArray<float>::Allocate-2021-03-12
1150798Security: UAF in the views::DialogDelegate in the browser process$50002021-03-12
1152327Security: File System Access API & Symlinks-2021-03-12
1153595Security: UAF in Drag-and-drop$200002021-03-12
1155178Security: Skia GPU bug$60002021-03-12
1149125Security: Some WebUI pages enable MojoJS bindings for the subsequently-navigated site$75002021-03-10
1150772Index-out-of-bounds in blink::NGPhysicalBoxFragment::Create-2021-03-10
1152387Crash in icu_68::RuleBasedBreakIterator::handleNext-2021-03-10
1153442DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2021-03-10
1154439DCHECK failure in num_locals_ == local_types_.size() in function-body-decoder-impl.h-2021-03-10
1114062heap-use-after-free in is_null-2021-03-09
1149204Security: heap-buffer-overflow in blink::WebGLRenderingContextBase::MakeXrCompatibleSync$50002021-03-09
1110751Security: GoogleCrashHandler exist Any process DOS vulnerability-2021-03-08
1149115Heap-buffer-overflow in v8::internal::Simulator::WriteW-2021-03-08
1152937v8_wasm_fuzzer: DCHECK failure in decoder->ok() in graph-builder-interface.cc-2021-03-05
1049265Extensions with no special privileges are allowed to navigate to devtools:// scheme pages.$10002021-03-04
1108126Security: Chrome Apps can access chrome.storage for other extensions via webview$30002021-03-04
1150371Security: OOBW in the icu_68::FormattedStringBuilder::insert$50002021-03-04
1151865Security: OOB-read in network DataElement struct traits.-2021-03-04
1151890Security: Uninitialised memory read with BigInt right-shift$30002021-03-04
1143412Security: Pixelbook reveals windows underneath lock screen when external display is plugged in-2021-03-03
1151684webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_enc_setup_mi-2021-03-03
1151799heap-buffer-overflow in MoveWebContentsAtImpl(extension)$150002021-03-03
978798Security: Possible to fake the lock or login screen in full screen mode to phish user passwords-2021-03-02
1142024heap-use-after-free : gpu::SharedImageRepresentationDawnIOSurface::EndAccess-2021-03-02
1146872Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-03-02
1149586v8_inspector_fuzzer: DCHECK failure in ThreadId::Current() == isolate->thread_id() in compiler.cc-2021-03-02
1150649DCHECK failure in 0 <= length && length <= kMaxSafeInteger in builtins-array.cc-2021-03-02
1151270Heap-buffer-overflow in avx::rect_memset32-2021-03-02
1151248Crash in hsw::load_NUMBER_dst-2021-03-02
1151294Crash in erms::rect_memset32-2021-03-02
1151320Crash in hsw::load_NUMBER_dst-2021-03-02
1151322Crash in hsw::blit_row_s32a_opaque-2021-03-02
1151460Crash in SkARGB32_Black_Blitter::blitAntiH-2021-03-02
1151532Heap-buffer-overflow in ssse3::blit_mask_d32_a8-2021-03-02
1151551Heap-buffer-overflow in hsw::lowp::load_NUMBER_dst-2021-03-02
1151601Heap-use-after-free in hsw::blit_row_s32a_opaque-2021-03-02
1151602Use-after-poison in v8::internal::AstRawString::Compare-2021-03-02
1151611Heap-buffer-overflow in hsw::S32_alpha_D32_filter_DX-2021-03-02
709946Security: <link rel='prerender'> causes same-site cookies to be sent along with cross-site requests$20002021-02-26
1038002Unintended Data Leakage Through HTTP Request Headers$20002021-02-26
1149692Security: Heap-use-after-free in BluetoothChooserController::AddOrUpdateDevice$150002021-02-26
1150317Security: Potential remote code exec from web content in u2fd-2021-02-26
1138683Security: Use-after-free in MediaStreamCaptureIndicator::WebContentsDeviceUsage::AddDevices()$100002021-02-24
1141376Security: --experimental-wasm-gc array length allocation wraps on 32bit-2021-02-24
1147357Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2021-02-24
1146670TFC chrome full chain-2021-02-22
1142331Security: use-after-poison in blink::FileReaderLoader::OnReceivedData$50002021-02-20
1148504media_h265_decoder_fuzzer: Stack-buffer-overflow in media::H265Decoder::BuildRefPicLists-2021-02-20
1148657Use-after-poison in blink::MediaInspectorContextImpl::RemovePlayer-2021-02-20
1106424gstoraster_fuzzer: Use-of-uninitialized-value in s_A85D_process-2021-02-19
1130226gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-02-19
1141062gstoraster_fuzzer: Use-of-uninitialized-value in aes_setkey_enc-2021-02-19
1142020heap-buffer-overflow : gfx::internal::StyleIterator::GetTextBreakingRange-2021-02-19
1143662use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$50002021-02-19
1146025Content-Security-Policy headers are lost when the page is restored from bfcache-2021-02-19
1144646NAT Slipstream: Overlong usernames in TURN credentials-2021-02-19
1146068Crash in icu_68::FormattedValueStringBuilderImpl::nextPositionImpl-2021-02-19
1147430Security: Heap-buffer-overflow in SkBitmapOperations::UnPreMultiply-2021-02-19
1147516airscan_query_fuzzer: Index-out-of-bounds in log_message-2021-02-19
1147944airscan_query_fuzzer: Use-of-uninitialized-value in trace_unref-2021-02-19
1147943DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-19
1148772media_h265_decoder_fuzzer: Crash in base::AtomicRefCount::Decrement-2021-02-19
1146654media_h265_parser_fuzzer: Stack-buffer-overflow in media::H265Parser::ParseStRefPicSet-2021-02-17
1146673Security: type confusion in wasm cache-2021-02-17
1146709Security: Browser UAF when detaching a provisional frame-2021-02-17
1146714DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-17
1147431Security: Heap-buffer-overflow in ClipboardWin::WriteBitmap-2021-02-17
1147623media_h265_decoder_fuzzer: Stack-buffer-overflow in scoped_refptr<media::H265Picture>::swap-2021-02-17
1128479Heap-buffer-overflow in cc::TransformTree::StickyPositionOffset-2021-02-16
1137606Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-02-16
1142069heap-use-after-free : content::DownloadManagerImpl::GetDownload-2021-02-16
1145906heap-use-after-free : ProfileInfoCache::NotifyProfileAuthInfoChanged-2021-02-16
1146675Security: UAF in PepperFileIOHost-2021-02-16
1146761Security: UAF in ImageDecoderExternal due to ArrayBuffer Neuter$75002021-02-16
1146789Bad-cast to blink::LayoutBox from blink::LayoutTextFragment in blink::LayoutBox::LastChildBox-2021-02-16
1146861DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2021-02-16
1146873net_host_resolver_manager_fuzzer: Heap-buffer-overflow in net::ServiceFormHttpsRecordRdata::IsEqual-2021-02-16
1147331Bad-cast to int () in x11::InitXlib-2021-02-16
1136078UaF in PaymentCredential::DidDownloadFavicon-2021-02-15
1137362Security: Chrome Browser Policy Bypass "Allow invocation of file selection dialogs"$5002021-02-15
1146728DCHECK failure in vector->optimization_tier() == OptimizationTier::kNone || (vector->optimization_-2021-02-15
1144017Use-of-uninitialized-value in policy::UserCloudPolicyManager::IsFirstPolicyLoadComplete-2021-02-14
1146679Security: WeakPtr checks are optimized out-2021-02-14
1139411Security: cryptohomed skeleton copy can be raced to chown things to user chronos-2021-02-12
1139414Security: imageburner path check can be raced-2021-02-12
1144489Security: OSExchangeDataProviderWin::SetDragImage-2021-02-11
1144603v8_wasm_code_fuzzer: DCHECK failure in array_buffer->is_shared() in isolate.cc-2021-02-11
1146013DCHECK failure in function->is_compiled() in compiler.cc-2021-02-11
1137104uaf in load4 SkRasterPipeline_opts.h$50002021-02-10
1137179Security: Root priv escalation through cryptohomed, imageburner, arc-obb-mounter$300002021-02-10
1140376neteq_rtp_fuzzer: Use-of-uninitialized-value in webrtc::test::NetEqTest::RunToNextGetAudio-2021-02-10
1143448Heap-use-after-free in ScopedObserver<views::Widget, views::WidgetObserver, &-2021-02-10
1144449cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2021-02-10
1116444Security: Extensions can capture contents of local files using Page.captureScreenshot$50002021-02-09
1125362Security: Possible for extension to escape sandbox via chrome.debugger API and error page$100002021-02-09
1140949CrOS: Vulnerability reported in net-wireless/bluez-2021-02-09
1143057Security: WebUSB permission dialog can appear over the wrong tab$5002021-02-09
1145124Bad-cast to icu_68::UVector from invalid vptr in icu_68::AliasReplacer::outputToString-2021-02-09
1144368Security: ConvertToJavaBitmap heap-buffer-overflow.-2021-02-07
1144070mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in float media::FloatSampleTypeTraits<float>::From<float>-2021-02-06
1119873Security: UAF in CSSLayout worklet$50002021-02-05
1143772Security: V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion-2021-02-05
1084649dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in libvulkan.so.1-2021-02-04
1137581cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2021-02-04
1137604Heap-use-after-free in ScopedObserver<aura::Window, aura::WindowObserver, &-2021-02-04
1143053v8_wasm_code_fuzzer: Crash in v8::internal::TaggedField<v8::internal::WasmModuleObject, 112>::load-2021-02-04
1141350Security: Yet another universal XSS via copy&paste$30002021-02-03
1142675uaf in VideoFrame::CreateImageBitmap$50002021-02-03
1134107Security: stack buffer overflow write in RtcEventLogEncoderLegacy::EncodeRtcpPacket$10002021-02-02
1137594CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-02-02
1137603Heap-use-after-free in blink::PropertyTreeStateOrAlias::Unalias-2021-02-02
1139409Security: cros-disks will mount local loop devices-2021-02-02
1093791Security: Chrome's insecure construction of curl commands allows untrusted websites to retrieve local files from the user's system$5002021-02-01
1140549v8_wasm_compile_fuzzer: DCHECK failure in src.is_byte_register() in assembler-ia32.cc-2021-01-30
1141868Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-01-30
1132954Security: Root priv escalation through shill, arc-setup, and upstart$300002021-01-29
1133047Security: arc-setup should validate /run/arc/oem/etc/media_profiles.xml is not a symlink-2021-01-29
1136714Incorrect security UI at screen share API$5002021-01-29
1138878Possible UAF in SctpTransport's sctp_inpcb_free-2021-01-29
1141743Use-of-uninitialized-value in blink::IsOperatorWithSpecialShaping-2021-01-29
1125018Arbitrary file deletion in google chrome updater in master/chrome/updater/installer.cc$10002021-01-28
1127595Chromium: Vulnerability reported in third_party/libxml-2021-01-28
1138190pdfium CompositeRow_8bppRgb2Rgb_NoBlend_RgbByteOrder heap-buffer-overflow-2021-01-28
1139153Security: Heap-use-after-free in WebRTC$75002021-01-28
1139825pdfium heapoverflow CompositeRow_Argb2Argb_RgbByteOrder-2021-01-28
1141256Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect-2021-01-28
1097499pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2021-01-27
1137580Bad-cast to content::AgentSchedulingGroup from invalid vptr in content::RenderFrameImpl::Send-2021-01-27
1138942Bad-cast to content::AgentSchedulingGroup from invalid vptr in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-27
1139398Security: [ANGLE] Invalid memory access in libglesv2!rx::IndexDataManager::streamIndexData$150002021-01-27
1037839pdf_scanlinecompositor_fuzzer: Crash in RGB_Blend-2021-01-26
1128340CVE-2020-25211 CrOS: Vulnerability reported in Linux kernel-2021-01-26
1134261Security: UAF in Skia SkContourMeasureIter caused by SkPath::shrinkToFit-2021-01-26
1137608v8_wasm_compile_fuzzer: DCHECK failure in 0 <= offset in assembler-arm.cc-2021-01-26
1138877Security: heap-buffer-overflow in window.find$20002021-01-26
1138911Security: UAF in TabStrip$150002021-01-26
1139786CHECK failure: Type cast failed in CAST(p->receiver()) at ../../src/ic/accessor-assembler.cc:25-2021-01-26
1140197Security: Apply fix for freetype heap buffer overflow to Chrome OS-2021-01-26
1137583DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-x64.h-2021-01-25
1137584Bad-cast to blink::DrawingDisplayItem from blink::DisplayItem in blink::ConversionContext::Convert-2021-01-25
1137591Heap-use-after-free in blink::PaintArtifactCompositor::UpdateDebugInfo-2021-01-25
1139408arc-media-removable-{read,write} are not using noexec-2021-01-25
945997Using Flash's ProgressEvent to extract the length of cross-site responses$10002021-01-24
1138446Security: webrtc container-overflow in the browser process$50002021-01-24
1139163Security DCHECK failure: tree_order < tree_scopes_.size() in match_result.h-2021-01-24
830808SameSite cookie bypass via openWindow$5002021-01-22
1115590CSP Bypass via Chrome Extension$30002021-01-22
1133527Security: Debug check failed: IsFound() || !holder_->HasFastProperties(isolate_)$50002021-01-22
1135594Security: woff2 missing upstream fix for integer overflow-2021-01-22
1137630Security: PDFium heap-use-after-free in CPWL_ListBox::~CPWL_ListBox()$75002021-01-22
1125614UaF in Payment (Android)-2021-01-21
1135018Security: UaF in TabSharingUI$150002021-01-21
1137586DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1137590Crash in blink::NGBlockLayoutAlgorithm::CreateConstraintSpaceForChild-2021-01-21
1137609Crash in blink::ShapeResultView::CreateShapeResult-2021-01-21
1137650Crash in blink::ComputedStyleBase::MutableFilterInternal-2021-01-21
1138577Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-21
1138776CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2021-01-21
1138915DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1107970gstoraster_fuzzer: Use-of-uninitialized-value in clip_runs_enumerate-2021-01-20
1116729dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in vk::DescriptorSetLayout::DescriptorSetLayout-2021-01-20
1125240dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2021-01-20
1137578v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-01-20
1137579Crash in cc::DroppedFrameCounter::ReportFrames-2021-01-20
1137582DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-01-20
1137588Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-20
1137587ndproxy_fuzzer: Use-of-uninitialized-value in patchpanel::NDProxy::GetPrefixInfoOption-2021-01-20
1137596v8_wasm_compile_fuzzer: Crash in unsigned int v8::base::ReadUnalignedValue<unsigned int>-2021-01-20
1137597CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2021-01-20
1137598dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-01-20
1137601CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-01-20
1137600v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::kValidate,v8::i-2021-01-20
1137602Crash in Builtins_TestEqualStrictHandler-2021-01-20
1137605Crash in Builtins_TypeOfHandler-2021-01-20
1137652Bad-cast to float (float) noexcept in skvx::Vec<sizeof...-2021-01-20
1137668PDFium(XFA) Heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2021-01-20
1138197DCHECK failure in 2 == args.length() in builtins-reflect.cc-2021-01-20
1133009Security: login_manager symlink attack-2021-01-19
1134338Security: Incorrect Handling of XFrameOptions with mailMsg in the PDF Viewer$30002021-01-19
1136327Security: Use of use-of-uninitialized-value in UsbDeviceHandleUsbfs-2021-01-19
1137595Bad-cast to content::AgentSchedulingGroup from mojo::core::UserMessageImpl in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-19
1133210DCHECK failure in !IsJSGlobalObject(isolate) in js-objects-inl.h$50002021-01-18
1133635Security: UAF in PasswordGenerationPopupControllerImpl::PasswordAccepted$200002021-01-18
1135835DialURLFetcher::Start may bypass Sec-Fetch-Site-2021-01-18
1125337Portrait photos (taken by Pixel3aXL) with EXIF crash on Desktop$5002021-01-15
1128270Security: UAF in UrlLoaderFactoryProxyImpl$200002021-01-14
1132998CrosDisks accepts arbitrary bind mount parameters-2021-01-14
1134960Security: Use-after-free with using print dialog$30002021-01-14
1135857Security: UAF in USBDevice$100002021-01-14
1133006Security: network_diag does not validate multiline input-2021-01-12
1134983CrOS: Vulnerability reported in net-fs/samba-2021-01-12
1110195Security: Method field allows injection of HTTP requests-2021-01-09
1122487UAF in devtools$5002021-01-08
1133183Incorrect Security UI when using Tab preview$5002021-01-08
1133275CrOS: Vulnerability reported in sys-libs/ldb-2021-01-08
1133668Use after free triggered from mojo::SyncEventWatcher-2021-01-08
1133671Security: UAF in AutofillPopupControllerImpl::HandleKeyPressEvent$200002021-01-08
1133688Security: UAF in PasswordGenerationPopupControllerImpl::HandleKeyPressEvent$200002021-01-08
1133983Security: UaF in printing::PrintRenderFrameHelper::PreviewPageRendered()$50002021-01-08
1124661Bad-cast to blink::LayoutInline from blink::LayoutBlockFlow in blink::NGInlineNode::ComputeOffsetMapping-2021-01-06
1124963Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-01-06
1128657audio.captureStream() may allow cross-origin resource theft-2021-01-06
1133000ArcObbMounter mounts without noexec-2021-01-06
1133001Security: ArcObbMounterInterface.MountObb takes arbitrary gid offset-2021-01-06
960357Chrome v74 JS dialog description Spoof vulnerability on IOS$5002021-01-05
1127322UaF in ServiceWorkerPaymentApp-2021-01-05
1129850uaf in browser process(ServiceWorkerScriptLoaderFactory())-2021-01-05
1127620DCHECK failure in OperatorProperties::GetTotalInputCount(node->op()) == node->InputCount() in veri-2021-01-05
1132641Security: out of bounds write in CanonicalizeTimeZoneID-2021-01-05
1132926Step "browser_tests" failing on builder "Linux ChromiumOS MSan Tests"-2021-01-05
1080395Android/iOS: URL spoofing using long sub-domain for blob:URL$30002021-01-04
1126881CrOS: Vulnerability reported in net-libs/gnutls-2021-01-02
1131040Check secure payment confirmation feature state in browser process.-2021-01-02
1125294cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-31
1073063Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine-2020-12-30
1101509Security: UAF in RawClipboardHostImpl$300002020-12-30
1116280Self-XSS / Crash via window.open and delayed navigation$50002020-12-30
1129705Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext-2020-12-30
1129840CrOS: Vulnerability reported in x11-libs/libX11-2020-12-30
1130111Heap-use-after-free in views::View::GetPreferredSize-2020-12-30
1130489CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc-2020-12-30
1125871Crash in v8::internal::Simulator::LoadStoreHelper-2020-12-29
1128318Chrome: UAF in SessionStorageImpl-2020-12-29
1130127Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-12-29
1113565Security: Extensions can use chrome.debugger API to access contents of local files$50002020-12-28
1128994Unknown exception in CrashForExceptionInNonABICompliantCodeRange-2020-12-27
1129422h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk-2020-12-26
1129598Heap-use-after-free in blink::NGInlineCursor::MoveTo-2020-12-26
1129706v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc-2020-12-26
1127520.well-known/change-password NavigationThrottle should only be instantiated for main frame navigations-2020-12-25
1129359webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi-2020-12-25
1129568Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-12-25
1129842CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel-2020-12-25
1125199heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse-2020-12-24
1127112Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar-2020-12-24
1127610CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj-2020-12-24
1128343CrOS: Vulnerability reported in net-libs/gnutls-2020-12-24
1128756Bad-cast to const char *() in ui::CursorPathFromLibXcursor-2020-12-24
1129515Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1129285Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1092130v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-12-23
1111149video.captureStream() may allow cross-origin resource theft-2020-12-23
1124723CHECK failure: parse_success in experimental.cc-2020-12-23
1127496Security: Screen share clickjacking secondary issue-2020-12-23
1128267Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread-2020-12-23
1128342CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel-2020-12-23
1127405CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1127407Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem-2020-12-22
1128301CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1128341CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel-2020-12-22
1126249Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger-2020-12-21
1127310CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel-2020-12-21
1127319Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()).$50002020-12-21
1102153Security: Information disclosure through screenshare with clickjacking$20002020-12-19
1123883Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2020-12-19
1125210heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory-2020-12-19
1126522Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-19
1127158Heap-use-after-free in views::MenuController::ExitMenu-2020-12-19
1106612heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z-2020-12-18
1124782DCHECK failure in top() >= original_top_ in new-spaces.h-2020-12-18
1126769CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-12-18
1100136heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process)$150002020-12-17
1121414Security: Missing IsContextDestroyed in MediaKeys-2020-12-17
1122848DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc-2020-12-17
1121836Security: HeapOverflow in SerialHandle$100002020-12-16
1124776transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString-2020-12-16
1125187Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone-2020-12-16
1125354Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture-2020-12-16
1125951DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc-2020-12-16
1124646DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag-2020-12-15
1124677CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu-2020-12-15
1124696Crash in Builtins_InterpreterEntryTrampoline-2020-12-15
1125386Security: chrome dev tools frontend cloud container is leaking-2020-12-15
1126106Security: ignore this-2020-12-15
1125887Crash in Builtins_RegExpMatchFast-2020-12-15
1126108Security: ignore this-2020-12-15
1124997Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered-2020-12-14
1125144Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-14
1125504Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox-2020-12-14
1106890Security: Possible for apps to access http/https sites outside of a webview context via blob URLs$150002020-12-12
1111685Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap-2020-12-12
1114114CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel-2020-12-12
1119532mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair-2020-12-12
1123023Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay.$30002020-12-12
1124477DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h-2020-12-12
1124617Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty$30002020-12-12
1124754Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset-2020-12-12
1111737Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal()$75002020-12-08
1112155DCHECK failure in address % 4 == 0 in simulator-arm.cc-2020-12-08
1113558Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API$50002020-12-08
1123522Security: Use-After-Poison in XRFrameProvider$75002020-12-08
1099390Security: ChromeOS chronos privilege escalation to root$300002020-12-07
1122917Security: UAF in DirectSocketsServiceImpl$200002020-12-07
1123379DCHECK failure in effect_edges > 0 in verifier.cc-2020-12-07
1088224Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images$50002020-12-06
1123258cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-06
1114636Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget$150002020-12-05
1116123cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-05
1115662Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport)$300002020-12-04
1116505cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2020-12-04
1116903container-overflow in blink::MediaStreamSource$20002020-12-04
1117258Segv on unknown address in v8::internal::JSPromise::Fulfill-2020-12-04
1120729CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc-2020-12-04
1114458ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data-2020-12-03
1115945CrOS: Vulnerability reported in x11-libs/libX11-2020-12-03
1116304Security: UAF in VideoCapture$200002020-12-03
1119331mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure-2020-12-03
1119400Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-12-03
1119419v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline-2020-12-03
1121156Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext-2020-12-03
1122560CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel-2020-12-03
1115963Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos-2020-12-02
1115977Security: BackupArcBugReport file write vulnerability-2020-12-02
1121898webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection-2020-12-02
1121982CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel-2020-12-02
1119865Security: UAF in StopProfiler$75002020-12-01
1120924webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone-2020-12-01
1121642CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel-2020-12-01
1120956Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout-2020-11-30
1117367Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358?$5002020-11-28
1120825webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput-2020-11-28
1116019v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32-2020-11-27
1114556Security: UaF in views::View::UpdateTooltip$50002020-11-25
1116706Security: Use After Free in PresentationConnectionCallbacks::OnSuccess$75002020-11-25
1081874Double free on NodeChannel-2020-11-24
1099670CrOS: Vulnerability reported in dev-libs/libpcre-2020-11-24
1092518Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly$5002020-11-21
1108511heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged-2020-11-21
1108892dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-11-21
1109120Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page-2020-11-21
1113209dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-11-21
1113554dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-21
1114066Potential UAF when closing chrome://cellular-setup-2020-11-21
1114398crash in Builtins_StaCurrentContextSlotHandler$50002020-11-21
1114500gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER-2020-11-21
1115345Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect-2020-11-21
1115354DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h-2020-11-21
1115693Heap-use-after-free in blink::Element::AttributeChanged-2020-11-21
1115902Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged-2020-11-21
1112206Security: pdfium Debug check failed-2020-11-18
1092453Restrictions on navigation to the content scheme can be bypassed on Android$30002020-11-17
1114803wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int>-2020-11-17
1104628Security: Private file upload (data exfiltration)$10002020-11-16
1114326Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner-2020-11-15
1038208canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed-2020-11-14
1113710Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-14
1102361Security: Arbitrary command execution vulnerability in patchpanel-2020-11-13
1113226Security: Heap overflow in libavif-2020-11-13
1114005CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc-2020-11-13
1114006DCHECK failure in 0 <= length in factory-base.cc-2020-11-13
937179Security: Malicious link opens multiple tabs via URI handler$5002020-11-12
1034224CrOS: Vulnerability reported in dev-libs/libxslt-2020-11-12
1039058CrOS: Vulnerability reported in dev-libs/libxml2-2020-11-12
1108116heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions-2020-11-12
1110207Security: Use after free in Payments$200002020-11-12
1112440gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param-2020-11-12
1112442gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group-2020-11-12
1112474gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1112477gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1108181Security: bypas of the protection of input field cache$50002020-11-11
1108518Security: UAF in ScriptPromiseProperty due to iterator invalidation$75002020-11-11
1100280Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation$5002020-11-10
1103827Security: heap-buffer-overflow in TextDetection detect-2020-11-10
1106590Step "blink_web_tests" failing on builder "WebKit Linux MSAN"-2020-11-10
1112642Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-10
841622Security: Speech permission request UI spoof$5002020-11-09
1104046Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner().$75002020-11-09
1100286Chromium: Vulnerability reported in third_party/requests-2020-11-08
1108535Security: UAF in ImageDecoderExternal due to iterator invalidation$75002020-11-07
1110432mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles-2020-11-07
1111831Crash in v8::internal::Heap::CreateFillerObjectAt-2020-11-07
1111972Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers-2020-11-07
1112025DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top-2020-11-07
1112039Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint-2020-11-07
1107433Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability$100002020-11-06
1111015v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2020-11-06
1111307Security: UAF in OfflinePageTabHelper::LoadData-2020-11-06
1012955Security: Reader mode needs improved sanitization-2020-11-05
1107104dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-05
1110749net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1110991zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence-2020-11-05
1110992net_spdy_session_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1145680Ports 5060 and 5061 should be blocked-2020-11-04
1092385Security: heap-use-after-free / double-free in blink::CanvasResourceProvider$50002020-11-04
1106342Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent-2020-11-04
1106507Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2020-11-04
1107824Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self'-2020-11-04
1108091Race condition in NativeFileSystemWriter close logic-2020-11-04
1109467Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask-2020-11-04
1110564v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc-2020-11-04
1090352Security: no user interaction: URL spoofing using blob + @ (iOS)$10002020-11-03
1106299CrOS: Vulnerability reported in net-fs/samba-2020-11-03
1108351Security: Use of conditionally uninitialised stack variable may leak stack state-2020-11-03
1108472Security: UAF in RTCQuicTransport due to iterator invalidation$75002020-11-03
1110214DCHECK failure in !result.IsRetry() in new-spaces.cc-2020-11-03
1102196Security: Keystone for macOS should use auditToken to validate incoming XPC message$100002020-11-02
1108299UaF in NFCHost::GetNFC-2020-11-02
1108497Security: UAF in RemotePlayback due to iterator invalidation (Android only)$75002020-11-02
931013Extension has an ability to execute script in New Tab Page$5002020-10-31
1109108pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect()$75002020-10-31
1109461CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel-2020-10-31
1099276Security: Cursor hijacking mitigation bypass-2020-10-30
1105426Security: Use-after-free in MediaElementEventListener::UpdateSources-2020-10-30
1106091Security: Sending uninitialized bytes between processes-2020-10-30
1106234Security: heap-user-after-free in HidService-2020-10-30
1106682Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList-2020-10-30
1107815Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers-2020-10-30
1108639openh264 is vulnerable to a known vulnerability-2020-10-30
1105720Security: heap-buffer-overflow in SkReader32::readInt-2020-10-28
1139963Security: Heap buffer overflow due to integer truncation in FreeType-2020-10-28
1039882Leaking size of cross-origin resource by caching it twice$20002020-10-27
1103839DCHECK failure in pc_ <= end_ in decoder.h-2020-10-27
1104061UAF in sctp_transport$75002020-10-27
1106773Security: Use-after-free in USB::OnServiceConnectionError-2020-10-27
1102151Security: heap-use-after-free in AllowFrom$50002020-10-26
1104053v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc-2020-10-26
1105283Heap-use-after-free in blink::NGPhysicalFragment::PostLayout-2020-10-26
1076923vtest_fuzzer: Crash in try_setup_line-2020-10-25
1105198Heap-use-after-free in blink::LayoutObject::OutlineRects-2020-10-25
1100669Security: missing WDS fix-2020-10-24
1104322dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-24
1105635Security: use-after-poison when using CSS var() with revert as fallback-2020-10-24
1105723Security: heap-buffer-overflow in Skia-2020-10-24
1106285v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-10-24
1077761Security: TOCTOU race in cupsd.conf init script-2020-10-23
1015310Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs-2020-10-22
1086896CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1087362CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1101152pdfium_embeddertests triggers a use-after-poison in V8-2020-10-22
1101756CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1104103Security: Insufficient data validation in deserialize TransformStream$75002020-10-22
1105815DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h-2020-10-22
1106357Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size-2020-10-22
958521gstoraster: Use-of-uninitialized-value in register_x86_crypto-2020-10-21
1104608Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access$50002020-10-20
1067854Chromium: Vulnerability reported in third_party/binutils-2020-10-19
1103195Security: HeapOverflow in BackgroundFetch$150002020-10-19
1104528Heap-use-after-free in ui::LayerAnimator::OnScheduled-2020-10-19
1104533Security DCHECK failure: i < length() in string_view.h$60002020-10-19
1099568Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable-2020-10-16
1102860cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2020-10-16
1082717CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel-2020-10-15
1101304DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h-2020-10-15
1102408Heap-use-after-free in blink::LayoutBox::FindAutoscrollable-2020-10-15
1103557Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-15
1094699CrOS: Vulnerability reported in sys-libs/glibc-2020-10-14
1097308cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create-2020-10-14
1100247Security: Potential UAF in AndroidCdmFactory-2020-10-14
1101818Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved$60002020-10-14
1102083Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc$60002020-10-14
1102127dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-14
1102137Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h-2020-10-14
1102161CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-10-14
1102609Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-14
1105202Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123)$10002020-10-13
1101883Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc-2020-10-12
1102054Disable (or fix) YUV image decoding before M86 due to use after free-2020-10-10
1096677WebView: Cross-domain content can be fetched from resources loaded by the content scheme-2020-10-09
1101629v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h-2020-10-09
1076786Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer-2020-10-08
1091790dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-10-08
1096170dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-10-08
1029907Security: URL bar spoofing with prompt dialog on iOS$5002020-10-07
1030927Site Isolation Bypass: ClientHints doesn't properly check origin from renderer-2020-10-07
1094453Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal()-2020-10-07
1095560Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted$50002020-10-07
1097484Use-of-uninitialized-value in base::internal::WeakReference::IsValid-2020-10-07
1099621dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer-2020-10-07
1099945Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture-2020-10-07
1099990Security: pdfium heap-buffer-overflow with experimental skia back end-2020-10-07
1100900Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine-2020-10-07
1101079Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr-2020-10-07
1100079Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout-2020-10-05
1094235uaf in extensions$50002020-10-03
1094655Heap-buffer-overflow in vk::Image::copy-2020-10-03
1098179Use-of-uninitialized-value in send_delete_event-2020-10-03
1099974Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-10-03
1094644gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so-2020-10-02
1098606WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent.-2020-10-02
1099446Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function$20002020-10-02
1010756Crash in sw::Renderer::executeTask-2020-10-01
1090543heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed-2020-09-30
1097483Heap-buffer-overflow in sw::Blitter::fastClear-2020-09-30
1092449Cross-domain content can be fetched from resources loaded by the content scheme$200002020-09-29
1096002Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers-2020-09-29
1097442v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h-2020-09-29
1097467v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate-2020-09-29
1097595Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc-2020-09-29
1098243CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel-2020-09-29
1084699[WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue-2020-09-28
1097416Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult>-2020-09-27
1017558pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder-2020-09-26
1037980pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray-2020-09-26
1058716pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2020-09-26
967204Security: dangling markup protection bypass with <portal> element$5002020-09-25
997412Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA)-2020-09-25
1082755Heap UaF in TabStrip::CloseTab$50002020-09-25
1086009Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8$5002020-09-25
1086845Security: Blob ignores charset specified in type attribute$10002020-09-25
1087282XSS in interstitial_common.js leading to UXSS-2020-09-25
1088187Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason-2020-09-25
1090835Security: Full screen notification overlap on Windows and Linux (take two)$5002020-09-25
1093719Container-overflow in content::responsiveness::Watcher::DidRunTask-2020-09-25
1094363Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset-2020-09-25
1094442Background tab can launch PWA or play store page when interacting with any page.-2020-09-25
1095709Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2020-09-25
1095760Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void-2020-09-25
1095927Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio-2020-09-25
1096079Heap-use-after-free in blink::ImageResourceContent::NotifyObservers-2020-09-25
1097028CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel-2020-09-25
1092451Multiple-file download restrictions can be bypassed using Android intents$5002020-09-23
1076703Security: WebRTC: usrsctp is called with pointer as network address-2020-09-22
1095102Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc-2020-09-22
1095589CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel-2020-09-22
1072841heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer-2020-09-21
1092059v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm.-2020-09-21
995732Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit)-2020-09-18
1090519Security: Missing microcode for some Intel platforms-2020-09-18
1092308uaf in extensions$200002020-09-18
1093902paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte-2020-09-18
1086796Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg$75002020-09-17
1087921gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER-2020-09-17
1083128Security: Out-of-bounds write browser crash$50002020-09-16
1092274Security: global-buffer-overflow in bytesPerVertex$10002020-09-16
1084820DCHECK failure in value.IsHeapObject() in objects-debug.cc$50002020-09-15
1091461DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc-2020-09-15
1092553Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8:-2020-09-15
967202Security: bypass file download restrictions using <portal> element-2020-09-14
1083213CrOS: Vulnerability reported in net-vpn/openvpn-2020-09-14
1090173Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf-2020-09-14
1091670Security: heap-buffer-overflow in sk_careful_memcpy-2020-09-14
1091404Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092$20002020-09-12
1065264No validation of origin in initializing CDM-2020-09-11
1082716CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1087158Crash in FidoDiscoveryFactory::ResetRequestState()-2020-09-11
1091180heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions-2020-09-11
1091214CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1039062CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1083819Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target$150002020-09-10
1091213CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1080953CrOS: Vulnerability reported in net-nds/openldap-2020-09-09
980116Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray$30002020-09-08
980172Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView$20002020-09-08
1080622CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1082186CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1087968heap-use-after-free in adhd in asan builds-2020-09-08
1085507v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-09-06
1086890Security: Missing array size check in NewFixedArray-2020-09-06
1081350Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*)$150002020-09-05
1085718Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame-2020-09-05
1087629Upgrade SQLite to 3.32.1-2020-09-05
921015Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator-2020-09-04
1033897Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function-2020-09-04
1067382Security: Sandbox escape via chrome.input.ime$50002020-09-04
1072116Security: Possible for extensions to escape sandbox via devtools watch expressions$100002020-09-04
1080481Security: Skia: Integer Overflow in GrTextBlob::Make-2020-09-04
1081040gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8-2020-09-04
1085989pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator-2020-09-04
1086124Security: UAF in ChromeOS Login$50002020-09-04
1086798V8 Potential Use after free in the function ToPropertyDescriptorFastPath-2020-09-04
944944Infra: Outdated set of root certificates-2020-09-02
1072467Security: arc-setup to be more cautious when moving android data directories-2020-09-02
1075457Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default-2020-09-02
1084839Heap-use-after-free in blink::PaintLayer::~PaintLayer-2020-09-02
1086470CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin-2020-09-02
1052093Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist-2020-09-01
1080444v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h-2020-09-01
1085704gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES-2020-09-01
1085846gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES-2020-09-01
1085990Security: Browser_crash - heap-use-after-free in Payments API-2020-09-01
1056754Security: Browsable Activities expose insecure behaviors on Android-2020-08-28
1074317Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script>$50002020-08-28
1084151v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc-2020-08-28
1085315URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C)-2020-08-28
1085738CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel-2020-08-28
1082105uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest$200002020-08-26
1083793Crash in v8::Isolate::GetCurrentContext-2020-08-26
932892Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field$10002020-08-25
999310Security: OOB Access in V8$100002020-08-24
1016261Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN-2020-08-24
1083157Crash in blink::ReadExifDirectory-2020-08-24
1078375Heap-use-after-free in gl::State::reset-2020-08-23
795595Security: chrome.devtools.inspectedWindow.eval executes within privileged pages$20002020-08-22
1082990CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc-2020-08-22
1083525CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp-2020-08-22
1065122heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor-2020-08-21
1067869Chromium: Vulnerability reported in third_party/guava-2020-08-21
1077200CrOS: Vulnerability reported in dev-vcs/git-2020-08-21
1080616CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080618CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080951CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1081086Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren-2020-08-21
1081722Security: memcpy-param-overlap in AudioBuffer::copyFromChannel-2020-08-21
1082597pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus$75002020-08-21
1082727Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct-2020-08-21
1083210CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083211CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083212CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083250CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc-2020-08-21
999311Security: Use after free in MojoCdmService$300002020-08-20
1052492Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer-2020-08-18
1074340Security: javascript URI sandbox flags aren't propagated in a blank string case$10002020-08-17
1079449v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2020-08-17
1081081Security: URL spoofing using slow page loading on iOS$5002020-08-17
1073015Security: UAF in DistillerJavaScriptService (Android)$200002020-08-15
1077491Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues$30002020-08-15
1079398gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler-2020-08-15
1080936Container-overflow in base::internal::Invoker<base::internal::BindState<void-2020-08-15
1080950CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel-2020-08-15
1066731Security: Wrong account password captured-2020-08-14
1072165libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace-2020-08-14
1075496Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout-2020-08-14
1077203Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX-2020-08-14
1077301Security: SELinux/netlink missing access check-2020-08-14
1077477mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-08-14
1077531Security: ChromeOS shill breakout and privilege escalation to root$300002020-08-14
1077754Security: cmd injection into pppd config-2020-08-14
1077780Security: run_oci will execute hooks from config.json on writable file systems-2020-08-14
1078236Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation$60002020-08-14
1078336CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1078671Security: UAF in CaptionHostImpl$200002020-08-14
1078865trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1078867cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts-2020-08-14
1078913DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc-2020-08-14
1079066DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc-2020-08-14
1080447trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1080617CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080620CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080621CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel-2020-08-14
946156Security: Chrome (Mac OS X) - Arbitrary File Permission Modification$5002020-08-12
1077501Segv on unknown address in blink::StyleCascade::ApplyInterpolation-2020-08-12
1078399v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-08-12
1050003CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel-2020-08-11
1071311Security: OOB Write In SkBitSet::set-2020-08-11
1071729Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com)-2020-08-11
1076708OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor$75002020-08-11
1072474Security: cros_disks sshfs allows injection of symlinks-2020-08-10
1001870gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group-2020-08-07
1036706gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new-2020-08-07
1076030hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-08-07
1065731audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header-2020-08-06
1070066Security: Displaying a page action popup from the omnibox prevents an infobar from displaying$5002020-08-06
1075719v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable-2020-08-06
1076442DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h-2020-08-06
1029569sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0$30002020-08-05
1072233Security: ChromeOS root privilege escalation and persistence$450002020-08-05
1072276login_manager command execution via policy-injected flags-2020-08-05
1073602SCTP stack buffer overflow from malicious AUTH chunks-2020-08-05
1074586DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2020-08-05
1074706uaf in TabSharingInfoBarDelegate$150002020-08-05
1074655Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity-2020-08-05
1075953DCHECK failure in *available != 0 in assembler-arm.cc-2020-08-05
1007343vtest_fuzzer: Crash in try_setup_line-2020-08-04
1069246iOS: Omnibox doesn't display blob: origin for long URL$15002020-08-04
1069964Security: Check failed: receiver.IsJSFunction().-2020-08-04
1070094ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1070480Security: use-of-uninitialized-value in sse2::lowp::gather-2020-08-04
1072253Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos$300002020-08-04
1072470Security: cups shouldn't be running with gid=0-2020-08-04
1074532minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process-2020-08-04
1075777ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1075952ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std-2020-08-04
1073553Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1>-2020-08-03
1074621DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h-2020-08-03
843095Chrome Url Spoofing via Interstitial content overwrite$20002020-08-01
978779Chromium uses expired certificate for Baltimore CyberTrust-2020-08-01
1074190net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata-2020-08-01
961644Heap-buffer-overflow in courgette::Read32LittleEndian-2020-07-31
1073981DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-07-31
1073409XSS on chrome://histograms/ with a compromised renderer-2020-07-30
985551Crash in sw::Thread::Thread-2020-07-29
1057441sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode-2020-07-29
1072171Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax$75002020-07-29
1072885Security: arcvm-server-proxy command injection-2020-07-29
1072983use-after-free in BlobRegistryImpl(browser process)$200002020-07-29
1073263DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc-2020-07-29
1064676full CSP bypass while evaluating a javascript-URL in iframe.$30002020-07-29
634183Malformed CSP is not reported in the console and protection is disabled.-2020-07-28
1071059Security: Blink - Type Confusion with Custom Element$75002020-07-28
873178Security: Chrome allows setting arbitrary HTTP headers-2020-07-28
633348CSP can be abused to disclose line/column numbers across origins-2020-07-27
992698Security: Bypass the CSP when popup with "javascript:"-URL$5002020-07-27
1072115v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode-2020-07-27
1016278Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand-2020-07-25
1042986iframe in victim page can detect Scroll To Text Fragment activation-2020-07-25
1071711v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h-2020-07-25
986051Security: Use-after-free of CommandLineAPIScope object$30002020-07-24
1070609Security: UAF in the blink.mojom.SmsReceiverPtr interface$100002020-07-24
1071454Security DCHECK failure: IsA<Derived>(from) in casting.h$60002020-07-24
1025302Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes-2020-07-23
1040490CrOS: Vulnerability reported in net-dns/dnsmasq-2020-07-23
1049040dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init-2020-07-23
1062861heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry-2020-07-23
1063690Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing$5002020-07-23
1064891use after free in mojom::ClipboardHost$100002020-07-23
1068084Security: Use after free in WebRTC$75002020-07-23
1068531Security: Character “⠀” (U+2800) should be converted into code.$5002020-07-23
1068609dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-07-23
1069079dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-23
1069757CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel-2020-07-23
1070012Chromium: Vulnerability reported in third_party/sqlite-2020-07-23
1070199[wasm] Disable native module cache to fix stability issue on M-81-2020-07-23
967925Security: BLE Hijacking with Smart Unlock/Magic Tether-2020-07-21
1069700Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot$50002020-07-21
1069789Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown$75002020-07-21
1070054Security: input audio html5 tag makes chrome ios crashes-2020-07-21
1065298UAF in base::SupportsUserData::SetUserData$200002020-07-18
1068542CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel-2020-07-18
1055933heap-use-after-free : ProfileIOData::FromResourceContext-2020-07-16
1064519Security: DevTools doesn't fully validate channel messages it receives$30002020-07-16
1068395Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost-2020-07-16
1067851Security: UAF in Speech Recognizer$250002020-07-15
1068466dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus-2020-07-15
840361Security: mount-encrypted may leak stateful encryption key across dev mode transition-2020-07-14
1016543Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo-2020-07-14
1053939V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt-2020-07-14
1057461dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-07-14
1068509CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-07-14
1055583dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-07-13
1061687dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-13
1067980Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-13
1010770Crash in hsw::lowp::gather_NUMBER-2020-07-12
1055746Security: CVE-2020-2732: Nested VMX vulnerability-2020-07-12
1059577Security: Possible to escape sandbox via devtools_page$30002020-07-11
1060023Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239-2020-07-10
1065186UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture$50002020-07-10
1065761Security: Copy & paste XSS via noscript$50002020-07-10
981114Security: BT Classic Pairing Hijack-2020-07-08
1059955dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2020-07-08
1061933aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion-2020-07-08
1061235Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor-2020-07-07
1064429Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar-2020-07-07
1065704Security: UAF in WebSocket Network Service$200002020-07-07
1065772ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator()-2020-07-07
1058895Security: Slow Read HTTP Attack$5002020-07-06
1040755Security: Another "universal" XSS via copy&paste$20002020-07-03
1062868heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount-2020-07-03
1064898Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput-2020-07-03
978632heap-use-after-free : sctp_release_pr_sctp_chunk-2020-07-02
990581Security: Security: CSP does not propagate to blob: URIs$5002020-07-02
1060559[Web NFC] Block YubiKeys-2020-07-02
1061682Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-02
1019161UAF In ProcessManager$75002020-07-01
1064112Segv on unknown address in blink::Internals::getAgentId-2020-07-01
1067270Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044)$50002020-07-01
1063177Declarative Net Request: Potential use after free while reindexing rulesets.-2020-06-30
1054229media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec-2020-06-28
1059764Security: container-overflow in MediaStream mojo-2020-06-26
1060549Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA)$75002020-06-26
1062247Incomplete fix of 1055788 and 1057627-2020-06-26
1032531CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1034223CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1035370CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1037730Security: Full screen notification overlap on Windows and Linux$5002020-06-25
1038580CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1038884CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040055CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040488CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1052647Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate)-2020-06-24
1061878dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy-2020-06-24
1059533use-after-free in web_graphics_context_3d_provider_wrapper$20002020-06-23
933171Trusted Types bypass with blob and meta refresh-2020-06-20
933172Trusted Type bypass with SVG-2020-06-20
1004106Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs$75002020-06-20
1020026Security: 'Press Esc to exit fullscreen' covered up by a popup page$10002020-06-20
1030901Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer-2020-06-20
1042210Security: fullscreen notification spoof (repro issue 882812)$5002020-06-20
1045787Security: ChromeDriver is vulnerable to CSRF attack-2020-06-20
1055303Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange-2020-06-20
1059669Out-of-bounds read in WebSQL$30002020-06-20
1059686UaF in DeferredTaskHandler::BreakConnections(2)-2020-06-20
1060548CrOS: Vulnerability reported in app-arch/libarchive-2020-06-20
1060647Security: WebRTC certificate parsing-2020-06-20
1061018UaF in DeferredTaskHandler::ProcessAutomaticPullNodes-2020-06-20
1061154gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo-2020-06-20
1061231net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime-2020-06-20
1061389gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl-2020-06-20
1058515Chrome fetches DevTools stuff using insecure http protocol-2020-06-16
1059349Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init-2020-06-16
1059472v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2020-06-16
1030909Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer-2020-06-15
1046021CrOS: Vulnerability reported in media-libs/opencv-2020-06-15
1055524Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated-2020-06-15
1056222MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF-2020-06-15
785159Wrong origin shown for permission prompts after navigations that lead to interstitials$5002020-06-13
1054966Policy page opens a file dialogue even if the Allow​File​Selection​Dialogs policy is set to false$5002020-06-13
1059187Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable-2020-06-13
1057418skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y-2020-06-12
1058653Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA)$50002020-06-12
1054732Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole-2020-06-10
1055869Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText$50002020-06-10
1057593UaF in DeferredTaskHandler::BreakConnections-2020-06-10
1057627UaP in AudioScheduledSourceHandler::NotifyEnded-2020-06-10
1038527cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free-2020-06-09
1054260heap-use-after-free : content::FileChooserImpl::~FileChooserImpl-2020-06-09
1057309use-after-move in BinaryUploadService::UploadForDeepScanning-2020-06-09
1057369Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision-2020-06-09
1055131Crash in Builtins_ArgumentsAdaptorTrampoline-2020-06-07
1056273Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject-2020-06-06
1056154Chromium: Vulnerability reported in third_party/sqlite-2020-06-05
1056440Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider-2020-06-05
986108Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState$10002020-06-04
1035315iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions$10002020-06-04
1055788UaP in IIRFilterHandler::Process-2020-06-04
1056152CrOS: Vulnerability reported in app-arch/libarchive-2020-06-04
1056153CrOS: Vulnerability reported in dev-libs/libpcre2-2020-06-04
965611Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open$10002020-06-03
976767Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget-2020-06-03
1034519Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost-2020-06-03
1041406UAF in chrome!content::FrameTreeNode::~FrameTreeNode$200002020-06-03
1054466v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h-2020-06-03
1055124Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055142Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055223Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing-2020-06-03
1055338Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue-2020-06-03
1055692v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push-2020-06-03
1056044ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads-2020-06-03
949913Use-after-free in CXFA_FFComboBox::OnProcessEvent$30002020-06-02
1054765Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute-2020-06-02
1055128Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian-2020-06-02
1055221Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-02
1055393UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode$200002020-06-02
1055713Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily-2020-06-02
1054139gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect-2020-05-30
982193Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent$50002020-05-29
1026991pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget$50002020-05-29
1045803rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo-2020-05-29
1047838Missing browser-process permission checks for WebNFC-2020-05-29
1050046ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2020-05-29
1054733Use-after-poison in blink::LayoutObject::ViewRect-2020-05-29
1054785Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument-2020-05-29
990897Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus$75002020-05-28
1031152cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le-2020-05-28
1031153cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create-2020-05-28
1040329heap use-after-free in CFDE_TextEditEngine::Insert$75002020-05-28
1051748Use-after-poison in WebGLRenderingContextBase$85002020-05-28
1052651Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar$75002020-05-28
1052786Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData$75002020-05-28
1053617Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA)$75002020-05-28
1054429Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA)-2020-05-28
453937Cross origin access with exception object + full exploit$256332020-05-27
583431Universal XSS in DocumentLoader::createWriterFor + full-chain exploit$256332020-05-27
1041749Security: tel: protocal spoofing 2$5002020-05-27
1050996Security: MediaElementAudioSourceNode bypasses CORS checks$10002020-05-27
1051017Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi-2020-05-27
1042566Security: Use After Free in Deserializer::DeserializeDeferredObjects-2020-05-26
1051368navigator.sendBeacon doesn't make CORS preflight request-2020-05-26
1051439Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS-2020-05-26
1034023Check Raw Clipboard permission and feature flag browser-side-2020-05-24
1041330Security: use-of-uninitialized-value in containsNoEmptyCheck-2020-05-24
1040046Security: Investigate "Zero length" BIOS write protect range UMA reports-2020-05-24
1045931Security: General check for streams not checking states correctly-2020-05-24
1048555Use after free in CodeSerializer::Deserialize$5002020-05-24
1050011Security: URL Spoof in Android PageInfo-2020-05-24
1051075libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String-2020-05-24
1051564libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::-2020-05-24
1051912DCHECK failure in 1 == map_.count(key) in wasm-engine.cc-2020-05-24
1052442Windows: Potential UaF In Job Object Notification.-2020-05-24
1052576CHECK failure: locale__value.IsString() in class-verifiers-tq.cc-2020-05-24
995566Heap-use-after-free in ChromePasswordManagerClient::OnPaste-2020-05-21
1048038Use after free in Logger::MapEvent$5002020-05-21
1003501PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent$60002020-05-20
1044277Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame$5002020-05-20
1049510Unexpected reveal of service worker interception by using nextHopProtocol$20002020-05-20
1050419Security: Use-after-poison in AudioWorkletNode$75002020-05-20
1051462CrOS: Vulnerability reported in app-text/poppler-2020-05-20
1049581Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0)-2020-05-19
1050756Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access$5002020-05-19
1033972Segv on unknown address in views::FocusSearch::FindNextFocusableView-2020-05-16
1050090Fix security vulnerability in PaintController on subsequence under-invalidation-2020-05-16
925834Security: seneschal allows bind-mounting arbitrary paths into 9p subtree-2020-05-15
1043603use-after-poison in mojo::MessageDispatcher$50002020-05-15
1048473Use-after-destroy in WebAudio$75002020-05-15
1049129rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul>-2020-05-15
998514Security: buffer overflow in modprobe-2020-05-14
1036373CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1036376CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1044570Security: SEGV_MAPERR with Intl.ListFormat and long strings$50002020-05-14
1047942CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel-2020-05-14
1031670☂ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts")-2020-05-13
1045386CrOS: Vulnerability reported in sys-fs/e2fsprogs-2020-05-13
1047911rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo-2020-05-13
1047914pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems$10002020-05-13
1047932rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-13
1048005rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject-2020-05-13
1048013rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-13
1048024rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate-2020-05-13
1032158Security of some component extensions relies on untrustworthy MessageSender.id-2020-05-12
1040700heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew-2020-05-12
1047285Security of media-router built-in extension relies on untrustworthy MessageSender.id-2020-05-12
1048241v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-12
966507Possible Sec-Fetch-Site bypass via PaymentRequest-2020-05-11
1046019CrOS: Vulnerability reported in app-arch/libarchive-2020-05-11
639322Automation API leaks tab URLs$5002020-05-09
1010844CXFA_FFPageView Use After Free$50002020-05-09
1041190CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1042915pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect$10002020-05-09
1043965Security: Possible to navigate to extension resources not listed in web_accessible_resources$10002020-05-09
1045225v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-09
1045487rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs-2020-05-09
1045738sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64-2020-05-09
1046995rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-09
1047024rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047054heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner-2020-05-09
1047095rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate-2020-05-09
1047097PDFium: Apply fix for CVE-2020-8112-2020-05-09
1047156CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1047165rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047264rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-09
1047355Crash in v8::internal::StringHasher::HashSequentialString<char>-2020-05-09
1047368DCHECK failure in name->IsFlat() in factory.cc-2020-05-09
851302UI/URL Spoofing by opening popups and putting the background page into fullscreen$30002020-05-07
852645requestFullscreen should consume user activation to prevent UI/URL spoofing$10002020-05-07
977872pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert-2020-05-07
1047074DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_-2020-05-07
1006012Security: URL bar spoofing on iOS$5002020-05-06
1034225CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1034228CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1043443CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-05-06
1044331Use-after-poison in blink::SecurityContextInit::SecurityContextInit-2020-05-06
1045812Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets-2020-05-06
1045797Use-of-uninitialized-value in v8::internal::JSFunction::ToString-2020-05-06
1045874Security: OOB access in ReadableStream::Close-2020-05-06
1046026vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch-2020-05-06
1046098Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership-2020-05-06
1046321CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1045703transfer_cache_fuzzer: Crash in GrConvertPixels-2020-05-03
1045719gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16>-2020-05-03
1045721gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16-2020-05-03
1045722gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-05-03
1045723transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy-2020-05-03
1045757gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer<-2020-05-03
1043070CrOS: Vulnerability reported in dev-db/sqlite-2020-05-02
1043095dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor-2020-05-02
868145Security: Loading mixed content without insecure warning$5002020-05-01
1033824Security: Unquoted Path in user Chrome Updater registry key-2020-05-01
1035271Security: 3D CSS transform and drop-shadow can draw over address bar$30002020-05-01
1045388CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel-2020-05-01
1035399Security: Site Isolation bypass in BlobURLStoreImpl::Register-2020-04-30
1041828Potential UaF in NavigationPredicator-2020-04-30
1042091Warn Chrome on downloads of for all .HTA files-2020-04-30
1042145Null-dereference READ in sqlite3VdbeExec-2020-04-30
1042578Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results)-2020-04-30
1042700Security: SQLite CVE-2019-19926$5002020-04-30
1042879Security: Data race in AudioArray::Allocate can lead to OOB access-2020-04-30
1042956pdfium (XFA): UAF in CXFA_Node::HasFlag$50002020-04-30
1043508pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList$50002020-04-30
1043510pdfium (XFA): wild-addr-read in GetWordBreakProperty$75002020-04-30
1044379Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup-2020-04-30
1031479Security: Debug check failed: has_feedback_vector()$20002020-04-28
1041222Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-28
1042535Security: webrtc: out-of-bounds write in FEC extension processing-2020-04-28
1042933Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension-2020-04-28
1039241Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically-2020-04-27
1043530Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea-2020-04-27
1025521Security: <portal>s with an autofocus element get focus$5002020-04-24
1029437pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap$50002020-04-24
1041411heap-buffer-overflow in HRTFKernel$5002020-04-24
1041546Security: linux shell has all inheritable capabilities set by default-2020-04-24
1042254Security: More UaFs in WebAudio-2020-04-24
1029829gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit-2020-04-23
1030167Crash in v8::internal::Simulator::LoadStorePairHelper-2020-04-23
1038828Heap-use-after-free in net::URLRequestContext::CreateRequest-2020-04-23
1039470Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants-2020-04-23
1039869Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards$50002020-04-23
1040883Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2020-04-23
1041174Heap-use-after-free in views::NativeWidgetAura::Close-2020-04-23
1031909SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline)$20002020-04-21
1033771Security: Debug check failed: is_valid(value).-2020-04-21
1034695third_party/sqlite version 3.30.1 is vulnerable-2020-04-21
1037889From secure page it is navigating to insecure page.$10002020-04-21
1038036Security: Cross-Origin (Partial) Status Code Leakage$10002020-04-21
1040325CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc$20002020-04-21
1040489CrOS: Vulnerability reported in app-editors/vim-2020-04-21
1041210CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc-2020-04-21
1041240DCHECK failure in 0 <= length in factory.cc-2020-04-21
1041303pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget$5002020-04-21
1041616DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac-2020-04-21
1062091Security: UAF in InstalledAppProviderImpl (Desktop)$250002020-04-20
894477Security: Extensions can continue to temporarily execute code and access file after being uninstalled$5002020-04-18
997515Security: Use-after-free in CXFA_FFDocView::SetFocus$50002020-04-18
1018677Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort$50002020-04-18
1020745Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118$5002020-04-18
1031679Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-18
1030415DCHECK failure in !HasOptimizedCode() in js-objects.cc-2020-04-18
1032677Crash in v8::internal::Isolate::GetCodeTracer-2020-04-18
1033461sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator-2020-04-18
1037703Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame-2020-04-18
1036667Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2020-04-18
1037872Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo-2020-04-18
1038243Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr-2020-04-18
1038489pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object-2020-04-18
1038863Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925-2020-04-18
1039059CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel-2020-04-18
1039159mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-18
1040080Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution$5002020-04-18
1040403DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040444DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040493CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel-2020-04-18
633352Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically.$10002020-04-15
803365Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site$20002020-04-15
959194Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2020-04-15
995081Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus$50002020-04-15
1029865heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder-2020-04-15
1038019Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost-2020-04-15
1038178Security: Missing deoptimization information for OptimizedFrame::Summarize-2020-04-15
1039629Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged$75002020-04-15
710190Security: Reloading the content of a changed file-2020-04-14
809350Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache-2020-04-14
991217Security: Memory access violations when setting a breakpoint at a specific location-2020-04-14
991899Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus$75002020-04-14
1014371Security: iframe sandbox can be worked around via javascript: links and window.opener$30002020-04-14
1035464Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run-2020-04-14
1021871cras_rclient_message_fuzzer: Null-dereference READ in pthread_create-2020-04-13
1031697AutofillAssistantFacade.callerIsOnWhitelist() is not secure-2020-04-13
609527Make sure active mixed content and broken-https subresources do something reasonable on weird origins-2020-04-11
1034299media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-11
1034480CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid-2020-04-11
1030411JavaScript injection via malicious WebExtension in CWS$50002020-04-10
1030892Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer-2020-04-10
1033795UAF in blink::PaintLayer::CommonAncestor$50002020-04-10
1035058Security: Autocomplete preview text leak #4: using ::first-line pseudo-element$50002020-04-10
1036697CrOS: Vulnerability reported in dev-db/sqlite-2020-04-09
1031142Security: ☂ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-04-08
999114CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel-2020-04-07
999115CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel-2020-04-07
1034563Heap-use-after-free in views::BoundsAnimator::AnimationProgressed-2020-04-07
1036604CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel-2020-03-30
714617Security: chrome.tabs.executeScript can reveal Chrome's profile path$5002020-03-28
1035779Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal-2020-03-28
639173ignored TLS errors propagate from webview to main browser$5002020-03-27
959571Security: Mixed content state reset when navigating back$5002020-03-27
1033407Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent$20002020-03-27
1035371Chromium: Two Vulnerabilities reported in sqlite 3.30.1-2020-03-27
571546Security: Prompt boxes steal focus in popups-2020-03-26
1025700CrOS: Vulnerability reported in media-libs/tiff-2020-03-26
1028722sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint$30002020-03-26
1029002sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty-2020-03-26
1029027sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint-2020-03-26
1029210sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2020-03-26
1029506sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop-2020-03-26
1031112CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1032170Use browser-side URL to verify if extension messaging connection is allowed-2020-03-26
1033395Security:Wrong assumption lead to Use After Free in deserializer.cc$5002020-03-26
1034745Security: QuicStreamFactory incorrectly installs NullDecrypter-2020-03-26
1035331DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h-2020-03-26
1035373CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1035723Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay-2020-03-26
1032090pdfium: use-of-uninitialized-value in CRYPT_AESSetKey$20002020-03-24
1033841Security: Debug check failed: IsNumber().-2020-03-23
1034394A null pointer dereference has been discovered in V8 compiler which affects the latest version.$50002020-03-23
1015693net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody-2020-03-21
1032422Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent$50002020-03-21
1033974DCHECK failure in 0 <= at_least_space_for in objects.cc-2020-03-21
1034167DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc-2020-03-21
1023810use-after-poison in webaudio$100002020-03-20
1029462use-after-free in AudioWorklet$75002020-03-20
1029530CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen-2020-03-20
1032548Security: heap-buffer-overflow in AudioDelayDSPKernel::Process-2020-03-20
1033260Heap-use-after-free in net::VerifyWithGivenFlags-2020-03-20
1026546Security: Steal any local picture when open a local html file$10002020-03-19
1029375Security: extensions with downloads.open permission can execute code on the device using .fileloc files$5002020-03-19
1031895Security: ReadableStream::pipeTo do not check IsLockedStream-2020-03-19
1032054Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment)-2020-03-19
1032906Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence-2020-03-19
1033092mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-19
1013906Security: expose stored (in cache) cross-site response's size$5002020-03-18
1029612audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-18
1030381Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-18
1031653Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-03-18
1019732Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process-2020-03-17
1032534CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel-2020-03-17
922882Security: Possible load of unitialized memory in WebRtcAec_Create-2020-03-16
1022044cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString-2020-03-14
1029054cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc-2020-03-14
1030660CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-03-14
1031102CrOS: Vulnerability reported in app-arch/libarchive-2020-03-14
1031523pdfium (XFA): oob read in HTMLSTR2Code$25002020-03-14
875503Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction$5002020-03-13
968303heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle-2020-03-13
1027408Security: tel: URL scheme reference origin spoof on Windows and Linux$20002020-03-12
1029414Security: The sharing dialog can appear over the wrong tab (spoof)$20002020-03-12
1030583Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword$5002020-03-12
1030912v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long>-2020-03-12
1029565pdfium (XFA): oob read in EncodeXML$20002020-03-11
1029576Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount().-2020-03-11
1029617gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-11
1018629Use-of-uninitialized-value in SkPngEncoder::onEncodeRows-2020-03-10
1025470Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read)-2020-03-10
1025471Security: Negative size passed to memcpy() in fts3IncrmergePush-2020-03-10
1025472Security: Memory leak in fts4, matchinfo()-2020-03-10
1027426Security: UaF in BrowserTabStripController::AddNewTabInGroup()-2020-03-10
1028152Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$30002020-03-10
1028208DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc-2020-03-10
1029338DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-10
1025463Security: TFC2019 - Multiple issues in sqlite (Tracking Bug)-2020-03-09
1028863v8: Wrong JIT code that triggers SIGTRAP at runtime$50002020-03-09
1029129Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-09
1026911gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-03-07
1027065gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-07
1027470gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-03-07
1023807Update WHL microcode to enable kernel TAA mitigations-2020-03-06
1025489use-after-poison in base::internal::WeakReferenceOwner::Invalidate()$50002020-03-06
1028862Trap in Builtins_InterpreterEntryTrampoline$50002020-03-06
1017871Security: Injecting styles via copy-and-paste$100002020-03-05
1021431Heap-use-after-free in content::GpuBenchmarking::Freeze-2020-03-05
1022278render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText-2020-03-05
1023843CVE-2019-2201: libjpeg-turbo: code execution-2020-03-05
1024182Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155)-2020-03-05
1028172agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio-2020-03-05
1029174DCHECK failure in *result == *match_info in js-regexp.cc-2020-03-05
1029200Crash in v8::internal::OrderedHashSet::ConvertToKeysArray-2020-03-05
708595Security: Print Preview allows spoofing on other tab$5002020-03-04
1026994Security: EC host commands leaking stack to AP userspace-2020-03-04
1027025DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed-2020-03-04
1027176Check feature policy for payment in the browser.-2020-03-04
1028809audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16-2020-03-04
1028614audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write-2020-03-04
990428Tighten IDN policy for Kana + Latin domains-2020-03-03
1016506heap-buffer-overflow : WebRtcSpl_DownsampleFastC-2020-03-03
1023095zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan-2020-03-03
1023183zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-03-03
1025255hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-03-03
1025464Security: SQLite defense-in-depth bypass-2020-03-03
1025465Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext-2020-03-03
1025466Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad-2020-03-03
1026729DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-03
1026909DCHECK failure in name.IsUniqueName() in stub-cache.cc-2020-03-03
1027109DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc-2020-03-03
1027498CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc-2020-03-03
1027926Security: v8 Debug check failed: ResumeJumpTargetsAreValid().-2020-03-03
1028092agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain-2020-03-03
1028181DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc-2020-03-03
1028191CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2020-03-03
1028207Security: Debug check failed: !Heap::InYoungGeneration(name)-2020-03-03
1028396CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o-2020-03-03
1028475DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc-2020-03-03
968809Security: Clear rollback info from FPMCU stack when accessed-2020-02-29
1026918pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData$20002020-02-29
1027410DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h-2020-02-29
1027650net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode-2020-02-29
1027707transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-02-29
1021677Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2020-02-28
1024741transfer_cache_fuzzer: Crash in SkRectMemcpy-2020-02-28
1025209net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode-2020-02-28
10254672 Vulnerabilities in websql & sqlite (Tracking Bug)$20002020-02-28
1025911transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels-2020-02-28
1026354gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-28
1027152Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted-2020-02-28
1027292Security: import maps are executed as classic scripts when the import map's flag is disabled-2020-02-28
884693Security: IDN URL Spoofing with using "ы"$5002020-02-27
896453Domain spoof using unicode characters that look like numbers-2020-02-27
1025442Security: IDN spoof with Latin Middle Dot (U+00B7)-2020-02-27
1025468DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2020-02-27
1026500Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2020-02-27
1027045Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf-2020-02-27
930683Security: Broadcom Bluetooth firmware vulnerability-2020-02-26
954207Heap-buffer-overflow in s_RLE_process-2020-02-26
1015518spvtools_as_fuzzer: Bad-free in spvBinaryDestroy-2020-02-26
1015697spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp-2020-02-26
1024256Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input-2020-02-26
1025067UaF in BluetoothAdapter::OnDiscoveryChangeComplete$200002020-02-26
1025109Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-02-26
1026479CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c-2020-02-26
1053604Security: Incorrect side effect modelling for JSCreate-2020-02-26
1024758Security: OOB Write in ReduceRegExpPrototypeTest$75002020-02-25
1025502gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8>-2020-02-25
1018493ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-02-24
1022695Crash in Builtins_InterpreterEntryTrampoline-2020-02-24
1023144ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-24
1024736transfer_cache_fuzzer: Crash in GrConvertPixels-2020-02-22
1024762gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-22
881675Chrome v69 URL Spoof via FILE_SCHEME$5002020-02-21
1022466render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65-2020-02-21
1023853use after poison in rtc_rtp_sender_impl.cc$50002020-02-21
1024099CHECK failure: bytes <= NUMBER in runtime-typedarray.cc-2020-02-21
1024116Out-of-bounds access in WebBluetoothServiceImpl$200002020-02-21
1025089Security: Fix number of arguments being passed when setting the thread name on Windows.-2020-02-21
999956Security: U2F misses reloading hardware binding secrets after deep sleep-2020-02-20
1013669Security: USBGuard accepts D-Bus messages from any-2020-02-20
1019616wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate-2020-02-20
1022554render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText-2020-02-20
1022598render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1022855Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read.$30002020-02-20
1022893render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1023442ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator-2020-02-20
1023941heap-use-after-free : views::View::SetBackground-2020-02-20
1024121Heap-use-after-free in WebBluetoothServiceImpl$200002020-02-20
1016106hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-02-19
1017793vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock-2020-02-19
1021855Download Protection bypass-2020-02-19
1023351Use-after-poison in blink::EventListenerMap::Find-2020-02-19
1023972DCHECK failure in 4 == kSystemPointerSize in code-generator.cc-2020-02-19
1016703DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array--2020-02-18
1007414Security: Tracking Chrome OS running e2fsck on an untrusted file system?-2020-02-17
1020031CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2020-02-17
699342Security: //components/search_engine appears to be parsing arbitrary XML in the browser process-2020-02-15
754304UI Spoofing in External Protocol confirmation$10002020-02-15
947876pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum$25002020-02-15
968505Security: Domain name spoofing on Unicode top-level domains-2020-02-15
984513The Permission for an important activity is set to null, as the result it can launched by any app.$10002020-02-15
997724trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-02-15
1005596Security: tel: URL scheme reference origin spoof$20002020-02-15
1013882Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font$50002020-02-15
1015872libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse-2020-02-15
1015858libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array-2020-02-15
1015881zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-02-15
1016092hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-02-15
1016099arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2020-02-15
1016103runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc-2020-02-15
1016168libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature-2020-02-15
1016813cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree-2020-02-15
1017020heap-use-after-free : libusb_get_next_timeout-2020-02-15
1017494Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA)$75002020-02-15
1017256cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString-2020-02-15
1017707Security: Phishing with Unicode Domains$5002020-02-15
1017797cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2020-02-15
1017961Heap-use-after-free in blink::AudioNodeOutput::Pull-2020-02-15
1018512ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1019648v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val-2020-02-15
1020533DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc-2020-02-15
1020906ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1021457Security: Out of bounds index in array in function parameters$30002020-02-15
1021919Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult-2020-02-15
1022558Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted-2020-02-15
856927Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled.-2020-02-06
925035CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|.-2020-02-06
1017695spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run-2020-02-06
1018528Flickering WebGL with {alpha:false} on mali-400$5002020-02-06
1018871DCHECK failure in !has_pending_exception() in isolate.cc-2020-02-06
1000887Crash in v8::internal::Simulator::LoadStorePairHelper-2020-02-05
1014607Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState-2020-02-05
1017441Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document$50002020-02-05
1019226Security - UAF in OfflineAudioContext$133702020-02-05
1019544gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-02-05
1019553gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-02-05
1019565gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-02-05
1008312heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy-2020-02-04
1010526Security: URL bar spoofing with using a file:/// URL$5002020-02-04
1017918Heap-buffer-overflow in hsw::store_NUMBER-2020-02-04
1008470Security: AV in blink::ReadableStreamNative::Trace-2020-02-03
1018565Use-of-uninitialized-value in v8::internal::compiler::Hints::Add-2020-02-03
1011600PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context$5002020-01-31
1016167powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of-2020-01-31
1016169vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString-2020-01-31
1017564Security: URL bar spoofing on iOS with a very long URL$20002020-01-31
1016061Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-30
1016100ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-01-30
1016109ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message-2020-01-30
1016111ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-01-30
1016393v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-30
1016436Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext-2020-01-30
1017061v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc-2020-01-30
1015864trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t-2020-01-29
1016166dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice-2020-01-29
1016450DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2020-01-29
993706Security: Possible to obtain results of queryObjects using custom devtools formatters-2020-01-28
1016038Security: IndexedDB transactions should be inactive during structured serialization-2020-01-28
1016165Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process-2020-01-28
1016515Unknown signal in Builtins_InterpreterEntryTrampoline-2020-01-28
1010581Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-27
1015945CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2020-01-27
1013868Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList$75002020-01-25
1015070net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange-2020-01-25
1015129net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage-2020-01-25
1015567Null-dereference READ in v8::internal::VariableProxy::var-2020-01-25
971917Site Isolation: Multiple restriction bypasses in register​Protocol​Handler$30002020-01-24
1011950Security: "universal" XSS via copy&paste$20002020-01-24
1013418Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton-2020-01-24
1015042chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal-2020-01-24
1015256rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli-2020-01-24
1015791Use-of-uninitialized-value in v8::internal::Scope::Scope-2020-01-24
696208Security: Chrome extension is disabled by crafted chrome-extension:// URL$5002020-01-23
853670SameSite cookies leakage via child browsing context$10002020-01-23
1013823zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan-2020-01-23
1013871zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-01-23
1014834v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-23
1010518Security: AbsentPlaster bug on Chrome OS-2020-01-22
1013490Heap-use-after-free in blink::LayoutObject::IsDescendantOf-2020-01-22
944619Security: CORB not enforced for WebSocket requests$100002020-01-21
1013920Security: Debug check failed: is_wasm_memory_.-2020-01-21
1010569Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl-2020-01-20
467329Popups can be moved below the taskbar in windows$5002020-01-18
990867Cross-origin-read attack by using an audio tag to download a cross-origin resource$5002020-01-18
1012055Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo:-2020-01-18
1012579CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t-2020-01-18
1012663Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-18
1012727Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-18
1013048Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes-2020-01-18
1013485Heap-use-after-free in performance_manager::GraphImpl::AddNewNode-2020-01-18
981100Security: ChromeVox exposes browser text from locked screen-2020-01-17
999932Security: Possible to spoof URL through use of document.open$5002020-01-17
1001503Security: UaF in Aura$200002020-01-17
1004212Security: Insecure Chrome download allows malicious software to change downloaded file integrity-2020-01-17
1004458Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2020-01-17
1005218Security: Multiple file download protection bypass 2$10002020-01-17
1007334Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)$20002020-01-17
1010765Security: URL in Omnibox doesn't always match page content on iOS-2020-01-17
1013013CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-01-17
1013042Security: Debug check failed: Smi::IsValid(value)$50002020-01-17
1013058DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2020-01-17
1013135DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-01-17
954219Heap-use-after-free in pdf14_decrement_smask_color-2020-01-15
984327gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark-2020-01-15
993415Use-after-poison in blink::Node::EnsureEventTargetData$30002020-01-15
1003316CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel-2020-01-15
1008947Heap-use-after-free in AvatarMenu::~AvatarMenu-2020-01-15
1011596javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h-2020-01-15
1011677heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter-2020-01-15
1011980DCHECK failure in effect_edges > 0 in verifier.cc-2020-01-15
1012580Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect-2020-01-15
1001854CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003325CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003326CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1010379Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2020-01-12
1010477Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2020-01-12
1010759Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-12
1011267Heap-use-after-free in blink::PaintLayer::CompositingContainer-2020-01-12
1011603Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation-2020-01-12
1010690Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged-2020-01-11
1010703dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl-2020-01-11
1010706Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-11
1011294net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver-2020-01-11
1007194Security: Use after free in MojoCdmProxyService$50002020-01-09
1009458Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue>-2020-01-09
918674Security: CVE-2018-19664 in libjpeg-turbo-2020-01-08
948445Security: multiple issues in SafeSetID LSM-2020-01-08
957314ClientNativePixmap implelementations don't validate handles-2020-01-08
974375ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size-2020-01-08
1005251Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription$75002020-01-08
1005635transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER-2020-01-08
1010026Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-08
981649Use-of-uninitialized-value in send_delete_event-2020-01-07
1004341Security: Upgrade expat to 2.2.8$5002020-01-07
1005615transfer_cache_fuzzer: Heap-buffer-overflow in load2-2020-01-07
1005630transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16-2020-01-07
1005948Security: Headers are processed for aborted requests when passed through service worker$5002020-01-07
1008419Crash in blink::MarkingVisitorBase::Visit-2020-01-07
1008632Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)-2020-01-07
1009207Crash in blink::HeapObjectHeader::CheckHeader-2020-01-07
1009260pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free-2020-01-07
1009278Crash in blink::DOMWrapperWorld::Current-2020-01-07
1009382Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks-2020-01-07
1008414CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc-2020-01-06
1008714Crash in blink::IsCallbackFunctionRunnableInternal-2020-01-06
1007423Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-05
974648Use-of-uninitialized-value in uint64divmod-2020-01-04
1000543Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer-2020-01-03
1007866Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-01-03
1008216Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal-2020-01-03
1008316Crash in blink::EventListenerMap::Contains-2020-01-03
1008506Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008610Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008631DCHECK failure in index < length_ in vector.h-2020-01-03
1008709Use-of-uninitialized-value in hsw::blit_row_s32a_opaque-2020-01-03
985499third_party/liblouis version 3.2.0 is vulnerable-2020-01-02
990234sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash-2020-01-02
991888SOP & Site Isolation bypass with Reader mode$50002020-01-02
1005753Security: UAF in indexed_db_cursor.cc$205002020-01-02
1006544Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX$40002020-01-02
1006545Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition-2020-01-02
1006763Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code-2020-01-02
824715Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing$30002020-01-01
1006435spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2020-01-01

Questions? Ask @SecurityMB