Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2020

Options
#Summary$$$Disclosure date
981114Security: BT Classic Pairing Hijack-2020-07-08
1059955dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2020-07-08
1061933aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion-2020-07-08
1061235Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor-2020-07-07
1064429Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar-2020-07-07
1065704Security: UAF in WebSocket Network Service$200002020-07-07
1065772ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator()-2020-07-07
1058895Security: Slow Read HTTP Attack$5002020-07-06
1040755Security: Another "universal" XSS via copy&paste$20002020-07-03
1062868heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount-2020-07-03
1064898Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput-2020-07-03
978632heap-use-after-free : sctp_release_pr_sctp_chunk-2020-07-02
990581Security: Security: CSP does not propagate to blob: URIs$5002020-07-02
1060559[Web NFC] Block YubiKeys-2020-07-02
1061682Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-02
1019161UAF In ProcessManager$75002020-07-01
1064112Segv on unknown address in blink::Internals::getAgentId-2020-07-01
1067270Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044)$50002020-07-01
1063177Declarative Net Request: Potential use after free while reindexing rulesets.-2020-06-30
1054229media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec-2020-06-28
1059764Security: container-overflow in MediaStream mojo-2020-06-26
1060549Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA)$75002020-06-26
1062247Incomplete fix of 1055788 and 1057627-2020-06-26
1032531CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1034223CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1035370CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1037730Security: Full screen notification overlap on Windows and Linux$5002020-06-25
1038580CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1038884CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040055CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040488CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1052647Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate)-2020-06-24
1061878dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy-2020-06-24
1059533use-after-free in web_graphics_context_3d_provider_wrapper$20002020-06-23
933171Trusted Types bypass with blob and meta refresh-2020-06-20
933172Trusted Type bypass with SVG-2020-06-20
1004106Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs$75002020-06-20
1020026Security: 'Press Esc to exit fullscreen' covered up by a popup page$10002020-06-20
1030901Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer-2020-06-20
1042210Security: fullscreen notification spoof (repro issue 882812)$5002020-06-20
1045787Security: ChromeDriver is vulnerable to CSRF attack-2020-06-20
1055303Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange-2020-06-20
1059669Out-of-bounds read in WebSQL$30002020-06-20
1059686UaF in DeferredTaskHandler::BreakConnections(2)-2020-06-20
1060548CrOS: Vulnerability reported in app-arch/libarchive-2020-06-20
1060647Security: WebRTC certificate parsing-2020-06-20
1061018UaF in DeferredTaskHandler::ProcessAutomaticPullNodes-2020-06-20
1061154gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo-2020-06-20
1061231net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime-2020-06-20
1061389gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl-2020-06-20
1058515Chrome fetches DevTools stuff using insecure http protocol-2020-06-16
1059349Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init-2020-06-16
1059472v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2020-06-16
1030909Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer-2020-06-15
1046021CrOS: Vulnerability reported in media-libs/opencv-2020-06-15
1055524Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated-2020-06-15
1056222MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF-2020-06-15
785159Wrong origin shown for permission prompts after navigations that lead to interstitials$5002020-06-13
1054966Policy page opens a file dialogue even if the Allow​File​Selection​Dialogs policy is set to false$5002020-06-13
1059187Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable-2020-06-13
1057418skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y-2020-06-12
1058653Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA)$50002020-06-12
1054732Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole-2020-06-10
1055869Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText$50002020-06-10
1057593UaF in DeferredTaskHandler::BreakConnections-2020-06-10
1057627UaP in AudioScheduledSourceHandler::NotifyEnded-2020-06-10
1038527cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free-2020-06-09
1054260heap-use-after-free : content::FileChooserImpl::~FileChooserImpl-2020-06-09
1057309use-after-move in BinaryUploadService::UploadForDeepScanning-2020-06-09
1057369Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision-2020-06-09
1055131Crash in Builtins_ArgumentsAdaptorTrampoline-2020-06-07
1056273Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject-2020-06-06
1056154Chromium: Vulnerability reported in third_party/sqlite-2020-06-05
1056440Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider-2020-06-05
986108Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState$10002020-06-04
1035315iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions$10002020-06-04
1055788UaP in IIRFilterHandler::Process-2020-06-04
1056152CrOS: Vulnerability reported in app-arch/libarchive-2020-06-04
1056153CrOS: Vulnerability reported in dev-libs/libpcre2-2020-06-04
965611Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open$10002020-06-03
976767Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget-2020-06-03
1034519Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost-2020-06-03
1041406UAF in chrome!content::FrameTreeNode::~FrameTreeNode$200002020-06-03
1054466v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h-2020-06-03
1055124Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055142Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055223Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing-2020-06-03
1055338Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue-2020-06-03
1055692v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push-2020-06-03
1056044ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads-2020-06-03
949913Use-after-free in CXFA_FFComboBox::OnProcessEvent$30002020-06-02
1054765Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute-2020-06-02
1055128Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian-2020-06-02
1055221Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-02
1055393UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode$200002020-06-02
1055713Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily-2020-06-02
1054139gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect-2020-05-30
982193Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent$50002020-05-29
1026991pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget$50002020-05-29
1045803rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo-2020-05-29
1047838Missing browser-process permission checks for WebNFC-2020-05-29
1050046ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2020-05-29
1054733Use-after-poison in blink::LayoutObject::ViewRect-2020-05-29
1054785Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument-2020-05-29
990897Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus$75002020-05-28
1031152cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le-2020-05-28
1031153cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create-2020-05-28
1040329heap use-after-free in CFDE_TextEditEngine::Insert$75002020-05-28
1051748Use-after-poison in WebGLRenderingContextBase$85002020-05-28
1052651Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar$75002020-05-28
1052786Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData$75002020-05-28
1053617Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA)$75002020-05-28
1054429Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA)-2020-05-28
453937Cross origin access with exception object + full exploit$256332020-05-27
583431Universal XSS in DocumentLoader::createWriterFor + full-chain exploit$256332020-05-27
1041749Security: tel: protocal spoofing 2$5002020-05-27
1050996Security: MediaElementAudioSourceNode bypasses CORS checks$10002020-05-27
1051017Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi-2020-05-27
1042566Security: Use After Free in Deserializer::DeserializeDeferredObjects-2020-05-26
1051368navigator.sendBeacon doesn't make CORS preflight request-2020-05-26
1051439Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS-2020-05-26
1034023Check Raw Clipboard permission and feature flag browser-side-2020-05-24
1041330Security: use-of-uninitialized-value in containsNoEmptyCheck-2020-05-24
1040046Security: Investigate "Zero length" BIOS write protect range UMA reports-2020-05-24
1045931Security: General check for streams not checking states correctly-2020-05-24
1048555Use after free in CodeSerializer::Deserialize$5002020-05-24
1050011Security: URL Spoof in Android PageInfo-2020-05-24
1051075libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String-2020-05-24
1051564libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::-2020-05-24
1051912DCHECK failure in 1 == map_.count(key) in wasm-engine.cc-2020-05-24
1052442Windows: Potential UaF In Job Object Notification.-2020-05-24
1052576CHECK failure: locale__value.IsString() in class-verifiers-tq.cc-2020-05-24
995566Heap-use-after-free in ChromePasswordManagerClient::OnPaste-2020-05-21
1048038Use after free in Logger::MapEvent$5002020-05-21
1003501PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent$60002020-05-20
1044277Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame$5002020-05-20
1049510Unexpected reveal of service worker interception by using nextHopProtocol$20002020-05-20
1050419Security: Use-after-poison in AudioWorkletNode$75002020-05-20
1051462CrOS: Vulnerability reported in app-text/poppler-2020-05-20
1049581Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0)-2020-05-19
1050756Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access$5002020-05-19
1033972Segv on unknown address in views::FocusSearch::FindNextFocusableView-2020-05-16
1050090Fix security vulnerability in PaintController on subsequence under-invalidation-2020-05-16
925834Security: seneschal allows bind-mounting arbitrary paths into 9p subtree-2020-05-15
1043603use-after-poison in mojo::MessageDispatcher$50002020-05-15
1048473Use-after-destroy in WebAudio$75002020-05-15
1049129rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul>-2020-05-15
998514Security: buffer overflow in modprobe-2020-05-14
1036373CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1036376CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1044570Security: SEGV_MAPERR with Intl.ListFormat and long strings$50002020-05-14
1047942CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel-2020-05-14
1031670☂ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts")-2020-05-13
1045386CrOS: Vulnerability reported in sys-fs/e2fsprogs-2020-05-13
1047911rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo-2020-05-13
1047914pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems$10002020-05-13
1047932rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-13
1048005rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject-2020-05-13
1048013rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-13
1048024rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate-2020-05-13
1032158Security of some component extensions relies on untrustworthy MessageSender.id-2020-05-12
1040700heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew-2020-05-12
1047285Security of media-router built-in extension relies on untrustworthy MessageSender.id-2020-05-12
1048241v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-12
966507Possible Sec-Fetch-Site bypass via PaymentRequest-2020-05-11
1046019CrOS: Vulnerability reported in app-arch/libarchive-2020-05-11
639322Automation API leaks tab URLs$5002020-05-09
1010844CXFA_FFPageView Use After Free$50002020-05-09
1041190CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1042915pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect$10002020-05-09
1043965Security: Possible to navigate to extension resources not listed in web_accessible_resources$10002020-05-09
1045225v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-09
1045487rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs-2020-05-09
1045738sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64-2020-05-09
1046995rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-09
1047024rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047054heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner-2020-05-09
1047095rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate-2020-05-09
1047097PDFium: Apply fix for CVE-2020-8112-2020-05-09
1047156CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1047165rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047264rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-09
1047355Crash in v8::internal::StringHasher::HashSequentialString<char>-2020-05-09
1047368DCHECK failure in name->IsFlat() in factory.cc-2020-05-09
851302UI/URL Spoofing by opening popups and putting the background page into fullscreen$30002020-05-07
852645requestFullscreen should consume user activation to prevent UI/URL spoofing$10002020-05-07
977872pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert-2020-05-07
1047074DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_-2020-05-07
1006012Security: URL bar spoofing on iOS$5002020-05-06
1034225CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1034228CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1043443CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-05-06
1044331Use-after-poison in blink::SecurityContextInit::SecurityContextInit-2020-05-06
1045812Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets-2020-05-06
1045797Use-of-uninitialized-value in v8::internal::JSFunction::ToString-2020-05-06
1045874Security: OOB access in ReadableStream::Close-2020-05-06
1046026vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch-2020-05-06
1046098Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership-2020-05-06
1046321CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1045703transfer_cache_fuzzer: Crash in GrConvertPixels-2020-05-03
1045719gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16>-2020-05-03
1045721gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16-2020-05-03
1045722gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-05-03
1045723transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy-2020-05-03
1045757gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer<-2020-05-03
1043070CrOS: Vulnerability reported in dev-db/sqlite-2020-05-02
1043095dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor-2020-05-02
868145Security: Loading mixed content without insecure warning$5002020-05-01
1033824Security: Unquoted Path in user Chrome Updater registry key-2020-05-01
1035271Security: 3D CSS transform and drop-shadow can draw over address bar$30002020-05-01
1045388CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel-2020-05-01
1035399Security: Site Isolation bypass in BlobURLStoreImpl::Register-2020-04-30
1041828Potential UaF in NavigationPredicator-2020-04-30
1042091Warn Chrome on downloads of for all .HTA files-2020-04-30
1042145Null-dereference READ in sqlite3VdbeExec-2020-04-30
1042578Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results)-2020-04-30
1042700Security: SQLite CVE-2019-19926$5002020-04-30
1042879Security: Data race in AudioArray::Allocate can lead to OOB access-2020-04-30
1042956pdfium (XFA): UAF in CXFA_Node::HasFlag$50002020-04-30
1043508pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList$50002020-04-30
1043510pdfium (XFA): wild-addr-read in GetWordBreakProperty$75002020-04-30
1044379Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup-2020-04-30
1031479Security: Debug check failed: has_feedback_vector()$20002020-04-28
1041222Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-28
1042535Security: webrtc: out-of-bounds write in FEC extension processing-2020-04-28
1042933Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension-2020-04-28
1039241Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically-2020-04-27
1043530Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea-2020-04-27
1025521Security: <portal>s with an autofocus element get focus$5002020-04-24
1029437pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap$50002020-04-24
1041411heap-buffer-overflow in HRTFKernel$5002020-04-24
1041546Security: linux shell has all inheritable capabilities set by default-2020-04-24
1042254Security: More UaFs in WebAudio-2020-04-24
1029829gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit-2020-04-23
1030167Crash in v8::internal::Simulator::LoadStorePairHelper-2020-04-23
1038828Heap-use-after-free in net::URLRequestContext::CreateRequest-2020-04-23
1039470Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants-2020-04-23
1039869Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards$50002020-04-23
1040883Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2020-04-23
1041174Heap-use-after-free in views::NativeWidgetAura::Close-2020-04-23
1031909SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline)$20002020-04-21
1033771Security: Debug check failed: is_valid(value).-2020-04-21
1034695third_party/sqlite version 3.30.1 is vulnerable-2020-04-21
1037889From secure page it is navigating to insecure page.$10002020-04-21
1038036Security: Cross-Origin (Partial) Status Code Leakage$10002020-04-21
1040325CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc$20002020-04-21
1040489CrOS: Vulnerability reported in app-editors/vim-2020-04-21
1041210CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc-2020-04-21
1041240DCHECK failure in 0 <= length in factory.cc-2020-04-21
1041303pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget$5002020-04-21
1041616DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac-2020-04-21
1062091Security: UAF in InstalledAppProviderImpl (Desktop)$250002020-04-20
894477Security: Extensions can continue to temporarily execute code and access file after being uninstalled$5002020-04-18
997515Security: Use-after-free in CXFA_FFDocView::SetFocus$50002020-04-18
1018677Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort$50002020-04-18
1020745Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118$5002020-04-18
1031679Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-18
1030415DCHECK failure in !HasOptimizedCode() in js-objects.cc-2020-04-18
1032677Crash in v8::internal::Isolate::GetCodeTracer-2020-04-18
1033461sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator-2020-04-18
1037703Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame-2020-04-18
1036667Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2020-04-18
1037872Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo-2020-04-18
1038243Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr-2020-04-18
1038489pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object-2020-04-18
1038863Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925-2020-04-18
1039059CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel-2020-04-18
1039159mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-18
1040080Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution$5002020-04-18
1040403DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040444DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040493CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel-2020-04-18
633352Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically.$10002020-04-15
803365Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site$20002020-04-15
959194Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2020-04-15
995081Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus$50002020-04-15
1029865heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder-2020-04-15
1038019Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost-2020-04-15
1038178Security: Missing deoptimization information for OptimizedFrame::Summarize-2020-04-15
1039629Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged$75002020-04-15
710190Security: Reloading the content of a changed file-2020-04-14
809350Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache-2020-04-14
991217Security: Memory access violations when setting a breakpoint at a specific location-2020-04-14
991899Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus$75002020-04-14
1014371Security: iframe sandbox can be worked around via javascript: links and window.opener$30002020-04-14
1035464Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run-2020-04-14
1021871cras_rclient_message_fuzzer: Null-dereference READ in pthread_create-2020-04-13
1031697AutofillAssistantFacade.callerIsOnWhitelist() is not secure-2020-04-13
609527Make sure active mixed content and broken-https subresources do something reasonable on weird origins-2020-04-11
1034299media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-11
1034480CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid-2020-04-11
1030411JavaScript injection via malicious WebExtension in CWS$50002020-04-10
1030892Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer-2020-04-10
1033795UAF in blink::PaintLayer::CommonAncestor$50002020-04-10
1035058Security: Autocomplete preview text leak #4: using ::first-line pseudo-element$50002020-04-10
1036697CrOS: Vulnerability reported in dev-db/sqlite-2020-04-09
1031142Security: ☂ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-04-08
999114CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel-2020-04-07
999115CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel-2020-04-07
1034563Heap-use-after-free in views::BoundsAnimator::AnimationProgressed-2020-04-07
1036604CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel-2020-03-30
714617Security: chrome.tabs.executeScript can reveal Chrome's profile path$5002020-03-28
1035779Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal-2020-03-28
639173ignored TLS errors propagate from webview to main browser$5002020-03-27
959571Security: Mixed content state reset when navigating back$5002020-03-27
1033407Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent$20002020-03-27
1035371Chromium: Two Vulnerabilities reported in sqlite 3.30.1-2020-03-27
571546Security: Prompt boxes steal focus in popups-2020-03-26
1025700CrOS: Vulnerability reported in media-libs/tiff-2020-03-26
1028722sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint$30002020-03-26
1029002sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty-2020-03-26
1029027sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint-2020-03-26
1029210sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2020-03-26
1029506sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop-2020-03-26
1031112CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1032170Use browser-side URL to verify if extension messaging connection is allowed-2020-03-26
1033395Security:Wrong assumption lead to Use After Free in deserializer.cc$5002020-03-26
1034745Security: QuicStreamFactory incorrectly installs NullDecrypter-2020-03-26
1035331DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h-2020-03-26
1035373CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1035723Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay-2020-03-26
1032090pdfium: use-of-uninitialized-value in CRYPT_AESSetKey$20002020-03-24
1033841Security: Debug check failed: IsNumber().-2020-03-23
1034394A null pointer dereference has been discovered in V8 compiler which affects the latest version.$50002020-03-23
1015693net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody-2020-03-21
1032422Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent$50002020-03-21
1033974DCHECK failure in 0 <= at_least_space_for in objects.cc-2020-03-21
1034167DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc-2020-03-21
1023810use-after-poison in webaudio$100002020-03-20
1029462use-after-free in AudioWorklet$75002020-03-20
1029530CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen-2020-03-20
1032548Security: heap-buffer-overflow in AudioDelayDSPKernel::Process-2020-03-20
1033260Heap-use-after-free in net::VerifyWithGivenFlags-2020-03-20
1026546Security: Steal any local picture when open a local html file$10002020-03-19
1029375Security: extensions with downloads.open permission can execute code on the device using .fileloc files$5002020-03-19
1031895Security: ReadableStream::pipeTo do not check IsLockedStream-2020-03-19
1032054Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment)-2020-03-19
1032906Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence-2020-03-19
1033092mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-19
1013906Security: expose stored (in cache) cross-site response's size$5002020-03-18
1029612audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-18
1030381Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-18
1031653Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-03-18
1019732Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process-2020-03-17
1032534CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel-2020-03-17
922882Security: Possible load of unitialized memory in WebRtcAec_Create-2020-03-16
1022044cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString-2020-03-14
1029054cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc-2020-03-14
1030660CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-03-14
1031102CrOS: Vulnerability reported in app-arch/libarchive-2020-03-14
1031523pdfium (XFA): oob read in HTMLSTR2Code$25002020-03-14
875503Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction$5002020-03-13
968303heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle-2020-03-13
1027408Security: tel: URL scheme reference origin spoof on Windows and Linux$20002020-03-12
1029414Security: The sharing dialog can appear over the wrong tab (spoof)$20002020-03-12
1030583Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword$5002020-03-12
1030912v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long>-2020-03-12
1029565pdfium (XFA): oob read in EncodeXML$20002020-03-11
1029576Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount().-2020-03-11
1029617gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-11
1018629Use-of-uninitialized-value in SkPngEncoder::onEncodeRows-2020-03-10
1025470Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read)-2020-03-10
1025471Security: Negative size passed to memcpy() in fts3IncrmergePush-2020-03-10
1025472Security: Memory leak in fts4, matchinfo()-2020-03-10
1027426Security: UaF in BrowserTabStripController::AddNewTabInGroup()-2020-03-10
1028152Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$30002020-03-10
1028208DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc-2020-03-10
1029338DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-10
1025463Security: TFC2019 - Multiple issues in sqlite (Tracking Bug)-2020-03-09
1028863v8: Wrong JIT code that triggers SIGTRAP at runtime$50002020-03-09
1029129Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-09
1026911gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-03-07
1027065gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-07
1027470gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-03-07
1023807Update WHL microcode to enable kernel TAA mitigations-2020-03-06
1025489use-after-poison in base::internal::WeakReferenceOwner::Invalidate()$50002020-03-06
1028862Trap in Builtins_InterpreterEntryTrampoline$50002020-03-06
1017871Security: Injecting styles via copy-and-paste$100002020-03-05
1021431Heap-use-after-free in content::GpuBenchmarking::Freeze-2020-03-05
1022278render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText-2020-03-05
1023843CVE-2019-2201: libjpeg-turbo: code execution-2020-03-05
1024182Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155)-2020-03-05
1028172agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio-2020-03-05
1029174DCHECK failure in *result == *match_info in js-regexp.cc-2020-03-05
1029200Crash in v8::internal::OrderedHashSet::ConvertToKeysArray-2020-03-05
708595Security: Print Preview allows spoofing on other tab$5002020-03-04
1026994Security: EC host commands leaking stack to AP userspace-2020-03-04
1027025DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed-2020-03-04
1027176Check feature policy for payment in the browser.-2020-03-04
1028809audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16-2020-03-04
1028614audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write-2020-03-04
990428Tighten IDN policy for Kana + Latin domains-2020-03-03
1016506heap-buffer-overflow : WebRtcSpl_DownsampleFastC-2020-03-03
1023095zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan-2020-03-03
1023183zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-03-03
1025255hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-03-03
1025464Security: SQLite defense-in-depth bypass-2020-03-03
1025465Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext-2020-03-03
1025466Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad-2020-03-03
1026729DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-03
1026909DCHECK failure in name.IsUniqueName() in stub-cache.cc-2020-03-03
1027109DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc-2020-03-03
1027498CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc-2020-03-03
1027926Security: v8 Debug check failed: ResumeJumpTargetsAreValid().-2020-03-03
1028092agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain-2020-03-03
1028181DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc-2020-03-03
1028191CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2020-03-03
1028207Security: Debug check failed: !Heap::InYoungGeneration(name)-2020-03-03
1028396CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o-2020-03-03
1028475DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc-2020-03-03
968809Security: Clear rollback info from FPMCU stack when accessed-2020-02-29
1026918pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData$20002020-02-29
1027410DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h-2020-02-29
1027650net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode-2020-02-29
1027707transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-02-29
1021677Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2020-02-28
1024741transfer_cache_fuzzer: Crash in SkRectMemcpy-2020-02-28
1025209net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode-2020-02-28
10254672 Vulnerabilities in websql & sqlite (Tracking Bug)$20002020-02-28
1025911transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels-2020-02-28
1026354gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-28
1027152Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted-2020-02-28
1027292Security: import maps are executed as classic scripts when the import map's flag is disabled-2020-02-28
884693Security: IDN URL Spoofing with using "ы"$5002020-02-27
896453Domain spoof using unicode characters that look like numbers-2020-02-27
1025442Security: IDN spoof with Latin Middle Dot (U+00B7)-2020-02-27
1025468DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2020-02-27
1026500Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2020-02-27
1027045Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf-2020-02-27
930683Security: Broadcom Bluetooth firmware vulnerability-2020-02-26
954207Heap-buffer-overflow in s_RLE_process-2020-02-26
1015518spvtools_as_fuzzer: Bad-free in spvBinaryDestroy-2020-02-26
1015697spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp-2020-02-26
1024256Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input-2020-02-26
1025067UaF in BluetoothAdapter::OnDiscoveryChangeComplete$200002020-02-26
1025109Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-02-26
1026479CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c-2020-02-26
1053604Security: Incorrect side effect modelling for JSCreate-2020-02-26
1024758Security: OOB Write in ReduceRegExpPrototypeTest$75002020-02-25
1025502gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8>-2020-02-25
1018493ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-02-24
1022695Crash in Builtins_InterpreterEntryTrampoline-2020-02-24
1023144ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-24
1024736transfer_cache_fuzzer: Crash in GrConvertPixels-2020-02-22
1024762gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-22
881675Chrome v69 URL Spoof via FILE_SCHEME$5002020-02-21
1022466render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65-2020-02-21
1023853use after poison in rtc_rtp_sender_impl.cc$50002020-02-21
1024099CHECK failure: bytes <= NUMBER in runtime-typedarray.cc-2020-02-21
1024116Out-of-bounds access in WebBluetoothServiceImpl$200002020-02-21
1025089Security: Fix number of arguments being passed when setting the thread name on Windows.-2020-02-21
999956Security: U2F misses reloading hardware binding secrets after deep sleep-2020-02-20
1013669Security: USBGuard accepts D-Bus messages from any-2020-02-20
1019616wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate-2020-02-20
1022554render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText-2020-02-20
1022598render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1022855Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read.$30002020-02-20
1022893render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1023442ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator-2020-02-20
1023941heap-use-after-free : views::View::SetBackground-2020-02-20
1024121Heap-use-after-free in WebBluetoothServiceImpl$200002020-02-20
1016106hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-02-19
1017793vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock-2020-02-19
1021855Download Protection bypass-2020-02-19
1023351Use-after-poison in blink::EventListenerMap::Find-2020-02-19
1023972DCHECK failure in 4 == kSystemPointerSize in code-generator.cc-2020-02-19
1016703DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array--2020-02-18
1007414Security: Tracking Chrome OS running e2fsck on an untrusted file system?-2020-02-17
1020031CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2020-02-17
699342Security: //components/search_engine appears to be parsing arbitrary XML in the browser process-2020-02-15
754304UI Spoofing in External Protocol confirmation$10002020-02-15
947876pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum$25002020-02-15
968505Security: Domain name spoofing on Unicode top-level domains-2020-02-15
984513The Permission for an important activity is set to null, as the result it can launched by any app.$10002020-02-15
997724trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-02-15
1005596Security: tel: URL scheme reference origin spoof$20002020-02-15
1013882Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font$50002020-02-15
1015872libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse-2020-02-15
1015858libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array-2020-02-15
1015881zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-02-15
1016092hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-02-15
1016099arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2020-02-15
1016103runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc-2020-02-15
1016168libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature-2020-02-15
1016813cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree-2020-02-15
1017020heap-use-after-free : libusb_get_next_timeout-2020-02-15
1017494Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA)$75002020-02-15
1017256cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString-2020-02-15
1017707Security: Phishing with Unicode Domains$5002020-02-15
1017797cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2020-02-15
1017961Heap-use-after-free in blink::AudioNodeOutput::Pull-2020-02-15
1018512ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1019648v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val-2020-02-15
1020533DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc-2020-02-15
1020906ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1021457Security: Out of bounds index in array in function parameters$30002020-02-15
1021919Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult-2020-02-15
1022558Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted-2020-02-15
856927Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled.-2020-02-06
925035CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|.-2020-02-06
1017695spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run-2020-02-06
1018528Flickering WebGL with {alpha:false} on mali-400$5002020-02-06
1018871DCHECK failure in !has_pending_exception() in isolate.cc-2020-02-06
1000887Crash in v8::internal::Simulator::LoadStorePairHelper-2020-02-05
1014607Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState-2020-02-05
1017441Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document$50002020-02-05
1019226Security - UAF in OfflineAudioContext$133702020-02-05
1019544gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-02-05
1019553gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-02-05
1019565gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-02-05
1008312heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy-2020-02-04
1010526Security: URL bar spoofing with using a file:/// URL$5002020-02-04
1017918Heap-buffer-overflow in hsw::store_NUMBER-2020-02-04
1008470Security: AV in blink::ReadableStreamNative::Trace-2020-02-03
1018565Use-of-uninitialized-value in v8::internal::compiler::Hints::Add-2020-02-03
1011600PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context$5002020-01-31
1016167powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of-2020-01-31
1016169vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString-2020-01-31
1017564Security: URL bar spoofing on iOS with a very long URL$20002020-01-31
1016061Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-30
1016100ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-01-30
1016109ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message-2020-01-30
1016111ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-01-30
1016393v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-30
1016436Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext-2020-01-30
1017061v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc-2020-01-30
1015864trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t-2020-01-29
1016166dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice-2020-01-29
1016450DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2020-01-29
993706Security: Possible to obtain results of queryObjects using custom devtools formatters-2020-01-28
1016038Security: IndexedDB transactions should be inactive during structured serialization-2020-01-28
1016165Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process-2020-01-28
1016515Unknown signal in Builtins_InterpreterEntryTrampoline-2020-01-28
1010581Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-27
1015945CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2020-01-27
1013868Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList$75002020-01-25
1015070net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange-2020-01-25
1015129net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage-2020-01-25
1015567Null-dereference READ in v8::internal::VariableProxy::var-2020-01-25
971917Site Isolation: Multiple restriction bypasses in register​Protocol​Handler$30002020-01-24
1011950Security: "universal" XSS via copy&paste$20002020-01-24
1013418Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton-2020-01-24
1015042chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal-2020-01-24
1015256rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli-2020-01-24
1015791Use-of-uninitialized-value in v8::internal::Scope::Scope-2020-01-24
696208Security: Chrome extension is disabled by crafted chrome-extension:// URL$5002020-01-23
853670SameSite cookies leakage via child browsing context$10002020-01-23
1013823zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan-2020-01-23
1013871zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-01-23
1014834v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-23
1010518Security: AbsentPlaster bug on Chrome OS-2020-01-22
1013490Heap-use-after-free in blink::LayoutObject::IsDescendantOf-2020-01-22
944619Security: CORB not enforced for WebSocket requests$100002020-01-21
1013920Security: Debug check failed: is_wasm_memory_.-2020-01-21
1010569Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl-2020-01-20
467329Popups can be moved below the taskbar in windows$5002020-01-18
990867Cross-origin-read attack by using an audio tag to download a cross-origin resource$5002020-01-18
1012055Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo:-2020-01-18
1012579CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t-2020-01-18
1012663Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-18
1012727Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-18
1013048Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes-2020-01-18
1013485Heap-use-after-free in performance_manager::GraphImpl::AddNewNode-2020-01-18
981100Security: ChromeVox exposes browser text from locked screen-2020-01-17
999932Security: Possible to spoof URL through use of document.open$5002020-01-17
1001503Security: UaF in Aura$200002020-01-17
1004212Security: Insecure Chrome download allows malicious software to change downloaded file integrity-2020-01-17
1004458Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2020-01-17
1005218Security: Multiple file download protection bypass 2$10002020-01-17
1007334Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)$20002020-01-17
1010765Security: URL in Omnibox doesn't always match page content on iOS-2020-01-17
1013013CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-01-17
1013042Security: Debug check failed: Smi::IsValid(value)$50002020-01-17
1013058DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2020-01-17
1013135DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-01-17
954219Heap-use-after-free in pdf14_decrement_smask_color-2020-01-15
984327gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark-2020-01-15
993415Use-after-poison in blink::Node::EnsureEventTargetData$30002020-01-15
1003316CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel-2020-01-15
1008947Heap-use-after-free in AvatarMenu::~AvatarMenu-2020-01-15
1011596javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h-2020-01-15
1011677heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter-2020-01-15
1011980DCHECK failure in effect_edges > 0 in verifier.cc-2020-01-15
1012580Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect-2020-01-15
1001854CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003325CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003326CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1010379Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2020-01-12
1010477Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2020-01-12
1010759Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-12
1011267Heap-use-after-free in blink::PaintLayer::CompositingContainer-2020-01-12
1011603Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation-2020-01-12
1010690Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged-2020-01-11
1010703dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl-2020-01-11
1010706Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-11
1011294net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver-2020-01-11
1007194Security: Use after free in MojoCdmProxyService$50002020-01-09
1009458Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue>-2020-01-09
918674Security: CVE-2018-19664 in libjpeg-turbo-2020-01-08
948445Security: multiple issues in SafeSetID LSM-2020-01-08
957314ClientNativePixmap implelementations don't validate handles-2020-01-08
974375ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size-2020-01-08
1005251Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription$75002020-01-08
1005635transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER-2020-01-08
1010026Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-08
981649Use-of-uninitialized-value in send_delete_event-2020-01-07
1004341Security: Upgrade expat to 2.2.8$5002020-01-07
1005615transfer_cache_fuzzer: Heap-buffer-overflow in load2-2020-01-07
1005630transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16-2020-01-07
1005948Security: Headers are processed for aborted requests when passed through service worker$5002020-01-07
1008419Crash in blink::MarkingVisitorBase::Visit-2020-01-07
1008632Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)-2020-01-07
1009207Crash in blink::HeapObjectHeader::CheckHeader-2020-01-07
1009260pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free-2020-01-07
1009278Crash in blink::DOMWrapperWorld::Current-2020-01-07
1009382Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks-2020-01-07
1008414CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc-2020-01-06
1008714Crash in blink::IsCallbackFunctionRunnableInternal-2020-01-06
1007423Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-05
974648Use-of-uninitialized-value in uint64divmod-2020-01-04
1000543Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer-2020-01-03
1007866Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-01-03
1008216Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal-2020-01-03
1008316Crash in blink::EventListenerMap::Contains-2020-01-03
1008506Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008610Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008631DCHECK failure in index < length_ in vector.h-2020-01-03
1008709Use-of-uninitialized-value in hsw::blit_row_s32a_opaque-2020-01-03
985499third_party/liblouis version 3.2.0 is vulnerable-2020-01-02
990234sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash-2020-01-02
991888SOP & Site Isolation bypass with Reader mode$50002020-01-02
1005753Security: UAF in indexed_db_cursor.cc$205002020-01-02
1006544Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX$40002020-01-02
1006545Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition-2020-01-02
1006763Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code-2020-01-02
824715Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing$30002020-01-01
1006435spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2020-01-01

Questions? Ask @SecurityMB