Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2020

Options
#Summary$$$Disclosure date
1174491CrOS: Vulnerability reported in sys-libs/glibc-2021-10-16
1214481(Chrome & Chromium Browsers) Blank Address Bar Temporary Spoof$10002021-10-16
1223426gpu_raster_passthrough_fuzzer: Crash in CopyRow_C-2021-10-16
1226890Security: Use-After-Free in FileSystemAccessManager.GetEntryFromDataTransferToken-2021-10-16
1226298Container-overflow in cc::draw_property_utils::CalculateDrawProperties-2021-10-16
936397CrOS: Vulnerability reported in sys-libs/glibc-2021-10-15
1220810CHECK failure: addr + size <= chunk_->area_end()-2021-10-15
1219994Chromium: Vulnerability reported in third_party/libxml-2021-10-15
1225929Security: Web pages can use ProcessInternals and ConversionInternals Mojo interfaces-2021-10-15
1226323Security: Security DCHECK failed i < length() in WTF::StringView::operator[]$20002021-10-15
1227241Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper-2021-10-15
1227596CHECK failure: JSFunctionRef construction failed-2021-10-15
1259077Security: form-action's blocking of redirects allows top-navigation XSLeak-2021-10-15
1214234Security: Heap-use-after-free in CreditCardAccessManager::FetchCreditCard$200002021-10-14
1216822Security: An <option> with a long label causes browser crash$60002021-10-14
1221880Invalid-free in base::TaskAnnotator::RunTask-2021-10-14
1219995CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-14
1224419UAF in WebAppInternalsPageHandlerImpl::GetExternallyInstalledWebAppPrefs-2021-10-14
1226659Use-after-poison in blink::ImageResourceContent::ShouldPauseAnimation-2021-10-14
1226988CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h-2021-10-14
1227228heap-use-after-free : IOSurfaceNotifierNotifyFunc-2021-10-14
1226360Segv on unknown address in blink::ScriptState::From-2021-10-13
1190493Heap-use-after-free in vk::Buffer::getOffsetPointer$60002021-10-12
1225607DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2021-10-12
1223839DCHECK failure in is_liftoff() || tier() == ExecutionTier::kTurbofan in wasm-code-manager.cc-2021-10-11
1226056Crash in MergeUVRow_SSE2-2021-10-10
1219082Security: [ANGLE] Out-of-bounds write in Renderer11::blitRenderbufferRect$75002021-10-09
1225786DCHECK failure in !broker->IsMainThread() in heap-refs.cc-2021-10-09
1197149Add FTPS to request port blocklist to combat ALPACA attack-2021-10-07
1200995heap-use-after-free : extensions::ChromeAppSorting::FixNTPOrdinalCollisions-2021-10-07
1204722Security: Autofill suggestion UI should dismiss permissions UI-2021-10-07
1219870Security: Use-after-free in NavigatorShare::OnConnectionError$75002021-10-07
1223667Security: HeapOverflow in BookmarkBarView$100002021-10-07
1207839tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read-2021-10-05
1214842Security: GC freeing reachable objects in JSON parser$50002021-10-05
1217598Heap-use-after-free in blink::TextPainterBase::CreateDrawLooper-2021-10-05
1219209Security: Use-after-free with XSLT strip-space$20002021-10-05
1219630Security: JS object corruption in WasmJs::InstallConditionalFeatures-2021-10-05
1219886AddressSanitizer: heap-buffer-overflow on gpu::CopyArraysToBuffer transfer_buffer_cmd_copy_helpers.h:80$85002021-10-05
1220250Crash in GL_GenerateMipmap method.$75002021-10-05
1221309OpenXR VR session exits with Samsung mixed reality controllers$5002021-10-05
1221406heap-use-after-free in task_manager$150002021-10-05
1224041Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-10-05
1219199dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-10-02
1223103cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-10-02
1223459virgl_fuzzer: Segv on unknown address in virgl_renderer_context_destroy-2021-10-02
1127594CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1194959CrOS: Vulnerability reported in app-arch/tar-2021-10-01
1211312CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1215243counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-10-01
1216022dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-10-01
1220068DCHECK fail in webaudio worklet-2021-10-01
1221221Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-10-01
1221890Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc-2021-10-01
1223191Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode-2021-10-01
1223549ec_pchg_fuzzer: Global-buffer-overflow in test_fuzz_one_input-2021-10-01
1223584CHECK failure: args.Length() == 2 in d8-test.cc-2021-10-01
1223740heap-use-after-free : blink::PaintController::FinishCycle-2021-10-01
1206407tint_single_entry_point_fuzzer: Illegal-instruction in tint::fuzzers::ValidityErrorReporter-2021-09-30
1210550gpu_raster_passthrough_fuzzer: Crash in CopyRow_ERMS-2021-09-30
1210985Security: OOB write after moving pinned tab into a group$150002021-09-30
1218973Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1219377Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1194689heap-buffer-overflow : media::D3D11H264Accelerator::SubmitFrameMetadata-2021-09-29
1209517sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2021-09-29
1218707Security: UAF in websql$5002021-09-29
1218974Security: ChromeOS root privilege escalation (brltty, vpn-manager, cros_camera_server)$300002021-09-29
1220754skia_path_fuzzer: Crash in blit_aaa_trapezoid_row-2021-09-29
1221897Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild-2021-09-29
1221840Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode$60002021-09-29
1222160Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2021-09-29
1178183cups_ipp_t_fuzzer: Crash in ippDelete-2021-09-28
1202102Security: UAF when attempting to move tab group in restored window$100002021-09-28
1212599AddressSanitizer: heap-use-after-free fft_frame_pffft.cc:81 in blink::FFTFrame::FFTSetupForSize$75002021-09-28
1214641Heap-use-after-free in blink::IsLayoutObjectRelevantForAccessibility-2021-09-28
1215029Security: UAF when sending tab to device$100002021-09-28
1221812DCHECK failure in details.representation().Equals( map.GetPropertyDetails(descriptor).representati-2021-09-28
1216678Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-09-26
1215912Freelist Corruption with PartitionAlloc on 93.0.4541.0+ related to allocation of LayoutObjects/PaintLayers-2021-09-24
1219925Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-24
1221031Crash in cppgc::internal::PageBackend::AllocateLargePageMemory-2021-09-24
1221062heap-use-after-free : disk_cache::SparseControl::GetAvailableRange-2021-09-24
1212612Security: Use after free in Payments$200002021-09-23
1219539Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-23
1219898v8_wasm_fuzzer: DCHECK failure in 0 < code.size() in function-compiler.cc-2021-09-23
1151507Security: Cross-origin iframe can navigate top window to different site via same-site open redirect or XSS redirect$30002021-09-22
1183440Heap-use-after-free in views::MenuController::ExitMenu-2021-09-22
1195278UAF in bookmark$75002021-09-22
1200679Security: Double-free when extension is uninstalled while uninstall dialog is being shown$100002021-09-22
1201033Security: Out-of-bounds access in WebAudio$75002021-09-22
1206458heap-use-after-free : resource_coordinator::TabLifecycleUnitSource::TabLifecycleUnit::SetFocused-2021-09-22
1145553bypass blocked autoredirects from cross-origin iframes$50002021-09-21
1181522CrOS: Intel graphics drivers advisory INTEL-SA-00438-2021-09-21
1194899BigInt toLocaleString free invalid pointer$10002021-09-21
1211308Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-09-21
1213350Security: Incorrect Security UI in downloads$30002021-09-21
1219101Security: Simplified Lowering DCHECK restriction type-2021-09-21
1219634v8_wasm_code_fuzzer: DCHECK failure in exception_stack.back() == control_stack.size() - 1 in wasm-interpreter.cc-2021-09-21
1214699Null-dereference READ in ubsan_GetStackTrace-2021-09-20
1216941Null-dereference READ in content::BrowserContext::GetDefaultStoragePartition-2021-09-19
1219231Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-19
1216837Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-18
1218439Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers-2021-09-18
1218587Heap-use-after-free in blink::StyleCrossfadeImage::ImageChanged-2021-09-18
1218811Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-18
1219036Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-09-18
1210487AddressSanitizer: use-after-poison long_task_detector.cc:46 in blink::LongTaskDetector::DidProcessTask$75002021-09-17
1214140Heap-use-after-free in views::Widget::OnNativeWidgetDestroying-2021-09-17
1214584Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-09-17
1215504CrOS: Vulnerability reported in net-nds/openldap-2021-09-17
1217741dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-09-17
1206911Security: heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing-2021-09-16
1209558Breakpoint with empty stacktrace-2021-09-16
1209769uaf in browser process DestroyURLLoader(network::cors::CorsURLLoaderFactory)$150002021-09-16
1210547dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-09-16
1211215DCHECK failure in *p != to_check_ in heap.cc-2021-09-16
1212498Security: UAF after user clicks help link in enhanced spell check dialog$100002021-09-16
1212500Security: UAF after use clicks help link in accessibility labels dialog$100002021-09-16
1212618Security: UAF in ServiceWorker with bfcache$250002021-09-16
1212862Security: Crash in Zenith dialog-2021-09-16
1216437Security: Unexpected JS execution in GetScriptableObjectProperty leads to JS object corruption-2021-09-16
1176218Security: TALOS-2021-1241 Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability$75002021-09-15
1187797Security: UAF in usrsctp on sctp_association->str_reset$75002021-09-15
1191778policy_fuzzer: Heap-use-after-free in base::JoinString-2021-09-15
1197146Security: UAF when extension removes tab group during drag$100002021-09-15
1198717Security: OOB write after extension pins tab during drag$100002021-09-15
1199198Security: UAF caused by some WebUIMessageHandlers when OnJavascriptDisallowed() is not called before destruction$150002021-09-15
1202598Security: Heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$100002021-09-15
1203693dawn_wire_server_and_frontend_fuzzer: Container-overflow in tint::diag::Formatter::format-2021-09-15
1204814sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-09-15
1206631Chrome: Crash Report - base::CancelableTaskTracker::Untrack-2021-09-15
1215974CrOS: Vulnerability reported in x11-libs/gdk-pixbuf-2021-09-15
1216212hb_subset_fuzzer: Crash in OT::hb_colrv1_closure_context_t::return_t OT::Paint::dispatch<OT::hb_colrv1_clos-2021-09-15
1140831harbfuzz is affected by unfixed upstream bugs-2021-09-14
1201073Security: UAP in FileReader$75002021-09-14
1202534v8_inspector_fuzzer: DCHECK failure in enabled() in v8-debugger-agent-impl.cc-2021-09-14
1209444Trap in Builtins_JSEntryTrampoline-2021-09-14
1211782CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1212460CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1215250paint_op_buffer_fuzzer: Use-of-uninitialized-value in cc::PaintOpReader::ReadRecordPaintFilter-2021-09-14
1215808DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1215976Memcpy-param-overlap in v8::base::Memcpy-2021-09-14
1216595Attaching an inner contents that has already created a platform RenderWidgetHostView causes a bad cast on Mac and Android-2021-09-14
1216928code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-09-14
1217311DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1210823dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-09-12
1202661Security: Stack overflow in printing$100002021-09-11
1201031Security: Use-after-free in extension install dialog$200002021-09-10
1209802tint_ast_clone_fuzzer: Illegal-instruction in tint_ast_clone_fuzzer.cc-2021-09-10
1210414Security: [ANGLE] Out-of-bound write in rx::Image11::GenerateMipmap$75002021-09-10
1216021counters_service_fuzzer: Use-of-uninitialized-value in patchpanel::ParseOutput-2021-09-10
1216215DCHECK failure in (optimizing_compile_dispatcher_) != nullptr in isolate.h-2021-09-10
1211326SUMMARY: AddressSanitizer: heap-use-after-free devtools_agent_host_impl.h:84 in std::__1::vector<content::protocol::TargetHandler*, std::__1::allocator<content::protocol::TargetHandler*> > content::DevToolsAgentHostImpl::HandlersByName<content::protocol::TargetHandler>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)$100002021-09-09
1213313Security: HeapOverflow in FillPhoneCountryCode$150002021-09-09
1214280dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in sw::SpirvShader::Operand::Float-2021-09-09
921607Cross-Origin URL steal using Fetch and no-cors requests on iOS Chrome.$20002021-09-08
1070399Security: URL spoofing using 'very-long-hostname' URL in the Suggestion box$5002021-09-08
1200440ExtensionFunction::browser_context() and deleted private profiles-2021-09-08
1180210Security: CVE-2020-12362: Privilege escalation vulnerability in i915 GuC firmware-2021-09-06
1181227Security: Failure to enforce EC is booted from RO when performing dev mode transitions on dedede, volteer-2021-09-06
1213770CHECK failure: unregister_token().IsUndefined(isolate) implies key_list_prev().IsUndefined(isol-2021-09-05
1214311counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-09-05
1195722Security: UAP in JS Self-Profiling API$50002021-09-04
1195431Security: UAF in Android-specific (not in upstream Linux) xt_qtaguid kernel module-2021-09-04
1213709DCHECK failure in 0 < number_of_all_descriptors in factory-base.cc-2021-09-04
1201938DCHECK failure in descriptor_number.as_int() < number_of_descriptors() in descriptor-array-inl.h-2021-09-02
1206404Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-02
1208264Security: Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive$150002021-09-02
1208782DCHECK failure in IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize) in atomicops.h-2021-09-02
1210394crash in canvas filter$50002021-09-02
1212694Security: libxml CVE-2021-3541-2021-09-02
1213476Heap-use-after-free in blink::mojom::CodeCacheHostStubDispatch::Accept-2021-09-02
1213678DCHECK failure in that == nullptr || v8::internal::Object( *reinterpret_cast<const v8::internal::A-2021-09-02
1213764Crash in v8::internal::Map::instance_type-2021-09-02
1213851CHECK failure: ReadOnlyRoots(isolate).empty_descriptor_array() == *this-2021-09-02
1023503Security: PlatformSensorReaderWin32 use after free bug-2021-09-01
1094449CrOS: Vulnerability reported in sys-apps/dbus-2021-09-01
1204811Security: Local Elevation of Privilege vulnerability in Google Update Service$100002021-09-01
1210593CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2021-09-01
1212206Heap-use-after-free in rx::FramebufferVk::startNewRenderPass-2021-09-01
1212321Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-09-01
1212733Security: expat vulnerable to CVE-2013-0340?$5002021-09-01
538562Chrome inherits window name from sandboxed iframe, enabling global variable confusion-2021-08-31
1129379CrOS: Vulnerability reported in dev-libs/openssl-2021-08-31
1207277Security: heap-use-after-free in BrowserView::ProcessFullscreen$75002021-08-31
1207334CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-31
1209798CHECK failure: Ref construction failed-2021-08-31
1212582DCHECK failure in !node->op()->HasProperty(Operator::kNoThrow) in simplified-lowering.cc-2021-08-31
1172694Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-08-28
1197431Bad-cast to rx::RenderTargetVk from invalid vptr in rx::FramebufferVk::startNewRenderPass-2021-08-28
1203607Security: Heap-use-after-free in TabStripLayoutHelper::CalculateMinimumWidth$75002021-08-28
1184954Security: Heap-use-after-free in TabStrip::GetSizeNeededForViews$100002021-08-27
1196480Security: Multiple Bugs in WebP-2021-08-27
1196773Security: heap-use-after-free in libwebp ConvertBGRAToRGB_SSE41-2021-08-27
1196775Security: heap-buffer-overflow in libwebp PlanarTo24b_SSE41-2021-08-27
1196777Security: heap-buffer-overflow in libwebp VP8YuvToRgb-2021-08-27
1196778Security: heap-buffer-overflow in libwebp UpsampleRgbLinePair_SSE41-2021-08-27
1206289CHECK failure: function->closure_feedback_cell_array().length() == function->shared().feedback_-2021-08-27
1211711dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-08-27
1178202Security: X-Chrome-offline allows arbitrary file reads from compromised renderer.-2021-08-26
1196232CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-26
1197199gpu_raster_swangle_passthrough_fuzzer: Heap-use-after-free in libvk_swiftshader.so-2021-08-26
1196309Security: OOB vector insertion when extension highlights tab during drag$100002021-08-26
1197875Security: OOB read when attempting to add tab to group after groups have changed$110002021-08-26
1201340DCHECK failure in offset_imm <= std::numeric_limits<int32_t>::max() in liftoff-assembler-ia32.h-2021-08-26
1201446Security: heap-buffer-overflow in CreateFaviconImageSkia$200002021-08-26
1203590container-overflow in dom_distiller::TaskTracker::NotifyViewersAndCallbacks-2021-08-26
1209118SUMMARY: AddressSanitizer: heap-use-after-free (Chromium/asan-mac-release-876501/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/92.0.4491.0/Chromium Framework:x86_64+0x1958102f) in blink::ComputedAccessibleNode::checked()$50002021-08-26
1185801Remove header sizes from ResourceTiming transferSize-2021-08-25
1194431Security: UAF in TracingHandler$50002021-08-25
1194896Security: UAF after moving tab associated with undocked devtools instance into another browser window$100002021-08-25
1200766UAF in AutofillPopupControllerImpl$200002021-08-25
1203674AddressSanitizer: heap-use-after-free in dom_distiller::UMAHelper::LogTimeOnDistillablePage-2021-08-25
1205059video_capture_host_mojolpm_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in media::FakeV4L2Impl::ioctl-2021-08-25
1208414render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1208721Security: heap-over-flow in AutofillPopupControllerImpl::RemoveSuggestion$200002021-08-25
1209178render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1209638dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-08-25
1206623DCHECK failure in StackFrame::IsTypeMarker(marker) in frames.cc-2021-08-23
1177325libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2-2021-08-22
1190030Crash in rx::IOSurfaceSurfaceVkMac::releaseTexImage-2021-08-21
1200246dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-08-21
1204347Security: 3d css can still glitch onto native browser UI-2021-08-21
1206131Security: PresentationRequest dialog can appear over the wrong tab$10002021-08-21
1208984Heap-buffer-overflow in GrPathUtils::generateQuadraticPoints-2021-08-21
1189110Crash in sw::SpirvShader::getImageSampler-2021-08-20
1205981Visited links leak via CSS transitions and the transitionrun event (Windows 10, Linux)$50002021-08-20
1207078v8_inspector_fuzzer: DCHECK failure in has_scheduled_exception() in isolate-inl.h-2021-08-20
1208865zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerElfIntel<zucchini::Elf32IntelTraits>::MakeReadAbs32-2021-08-20
1194058Security: heap-use-after-free in the payment dialog in the browser process$150002021-08-19
1195340Security: HeapOverflow in MediaFeeds$150002021-08-19
1195573Security: UAF when WebContents being dragged is destroyed$10002021-08-19
1197436Security: heap-use-after-free in DesktopWindowTreeHostPlatform::SetFullscreen$100002021-08-19
1200019Security: heap-buffer-overflow in PlatformNotificationServiceImpl::CreateNotificationFromData$200002021-08-19
1206329UAF in InternalAuthenticatorAndroid::InvokeIsUserVerifyingPlatformAuthenticatorAvailableResponse-2021-08-19
1207992Heap-use-after-free in viz::SkiaRenderer::DrawRenderPassQuad-2021-08-19
1153363Security: With full pointers, a wrong SmiUntag() operation on a TaggedIndex value can cause operating on the wrong feedback slot.-2021-08-18
1198216sqlite3_dbfuzz2_fuzzer.exe: Heap-buffer-overflow in insertCell-2021-08-18
12004900 and -0 confusion in SpeculativeNumberMultiply-2021-08-18
1203593Static-imported scripts are wrongly considered main scripts during service worker update-2021-08-18
1204071Segv on unknown address in Builtins_InterpreterEntryTrampoline-2021-08-18
1206674Heap-use-after-free in hsw::run_program-2021-08-18
1206822Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit-2021-08-18
1207680CHECK failure: Ref construction failed-2021-08-18
1194829use after poison write in mojo::InterfaceEndpointClient::NotifyError when deal with WebBundle$50002021-08-17
1205670CVE-2021-31829 - Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory-2021-08-17
1206754DCHECK failure in !__isolate__->has_pending_exception() in ic.cc-2021-08-17
1206994CHECK failure: promise_result.is_null() == promise_->GetIsolate()->has_pending_exception()-2021-08-17
1207679CHECK failure: storage_.is_populated_-2021-08-17
1205752tint_spv_reader_wgsl_writer_fuzzer: Bad-cast to const tint::ast::Pointer from tint::ast::Vector in tint::typ::TypePair<tint::ast::Pointer, tint::sem::Pointer> tint::typ::Call_type-2021-08-15
1149086gstoraster_fuzzer: Use-of-uninitialized-value in gp_pwrite_impl-2021-08-14
1164941Heap-buffer-overflow in sw::SpirvShader::getImageSampler-2021-08-14
1198369Security: ink refers to non-existent upstream-2021-08-14
1204484tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::ExtractFirstIndexOffsetInputs-2021-08-14
1171630gstoraster_fuzzer: Use-of-uninitialized-value in cf_decode_2d-2021-08-13
1172655gstoraster_fuzzer: Use-of-uninitialized-value in template_compose_group-2021-08-13
1201501Bad-cast to content::ChildThreadImpl from invalid vptr in content::ChildThreadImpl::OnFieldTrialGroupFinalized-2021-08-13
1201710gstoraster_fuzzer: Segv on unknown address in stream_dct_end_passthrough-2021-08-13
1202506gstoraster_fuzzer: Heap-use-after-free in real_param-2021-08-13
1203122Security: Type confusion bug in LoadSuperIC$200002021-08-13
1168081CrOS: Vulnerability reported in sys-libs/glibc-2021-08-12
1193233Security: Arbitrary file read when caching file using CallAsSelfAndImpersonate2$50002021-08-12
1200017Heap-use-after-free in gl::GLFenceNV::~GLFenceNV-2021-08-12
1201074Security: use-of-uninitialized-value in libavif when decode the crafted avif file$75002021-08-12
1202203Heap-buffer-overflow in vk::Buffer::getOffsetPointer-2021-08-12
1201772FLEDGE passes privileged url_loader_factory to utility process-2021-08-11
1203240freetype_cidtype1_render_ftengine_fuzzer: Use-of-uninitialized-value in cf2_interpT2CharString-2021-08-11
1203738freetype_cidtype1_fuzzer: Use-of-uninitialized-value in cid_read_subrs-2021-08-11
1204829Heap-use-after-free in cricket::AllocationSequence::Init-2021-08-11
1197786sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-08-10
1194021CrOS: Vulnerability reported in x11-libs/cairo-2021-08-09
1203060freetype_bdf_fuzzer: Use-of-uninitialized-value in inflate-2021-08-07
1204313Heap-use-after-free in viz::SkiaRenderer::PrepareRenderPassOverlay-2021-08-07
1177875Security: Openjpeg security fix may be missing$5002021-08-04
1198705Security: Range miscalculation for nodes of type SpeculativeSafeIntegerAdd in v8's TurboFan$75002021-08-04
1199345missing the -0 case in VisitSpeculativeIntegerAdditiveOp$150002021-08-04
1202736DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-08-04
1139156Security: chrome.debugger API bypasses the runtime_blocked_hosts Enterprise policy$50002021-08-03
1195331Trap in v8::internal::Map::UpdateFieldType-2021-08-03
1198854use after poison inMediaStreamAudioTrack::StopAndNotify$50002021-08-03
1202119Stack-use-after-return in SkRect::x$60002021-08-03
1202609incorrect range constraint converting {u,}int64_t to double-2021-08-03
1180510security: click-to-call across devices has inconsistent escaping & URL validation$30002021-08-02
1163228Security: Missing usrsctp fixes-2021-07-31
1201537vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::FrameValidator::OnEncodedImage-2021-07-31
1195650Security: v8 SIGTRAP in optimized code$50002021-07-30
1199402Security: Remote Code Execution?-2021-07-30
1200231Crash in v8::internal::compiler::Operator1<v8::internal::Handle<v8::internal::HeapObject>-2021-07-30
1110036gstoraster_fuzzer: Use-of-uninitialized-value in parse_dict-2021-07-29
1107972gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1157498gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-07-29
1159499gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-07-29
1160913gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1198895use-after-poison in blink::ImageDecoderExternal::OnMetadata$75002021-07-29
1200184v8_wasm_compile_fuzzer: Trap in v8::internal::wasm::fuzzer::InterpretAndExecuteModule-2021-07-29
1201113Crash in v8::internal::Simulator::LoadStoreHelper-2021-07-29
1201432Crash in Builtins_RunMicrotasks-2021-07-29
1175058Security: heap-use-after-free using Presentation API-2021-07-28
1175522sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-28
1181276sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip-2021-07-28
1188889Security: UAF in PageHandler::Navigate$100002021-07-28
1194046Security: Site isolation break because of double fetch of shared buffer$150002021-07-28
1194491Security: Potential out-of-bound write, origin confusion, permission type confusion in PermissionManager-2021-07-28
1195308Security: Integer Overflow leads to heap buffer overflow in the function$200002021-07-28
1195686Security: Heap-use-after-free in constrained_window::CreateWebModalDialogViews$50002021-07-28
1195777Security: Incorrect representation change from Word64 to Word32$200002021-07-28
1196654CrOS: Vulnerability reported in net-misc/curl-2021-07-28
1197829[cros] Device unlocked after resume from sleep-2021-07-28
1197904Security: UAF in NavigationPredictor$270002021-07-28
1198165(Chrome & Chromium Browsers) File Download Pop-up Origin Spoof$75002021-07-28
1198696Harden ArrayPrototypePop and ArrayPrototypeShift against typer bugs-2021-07-28
1199662v8_wasm_compile_fuzzer: DCHECK failure in 0 == four_lanes & in code-generator-arm.cc-2021-07-28
1200162freetype_colrv1_fuzzer: Use-of-uninitialized-value in tt_face_get_paint-2021-07-28
1172533Security: Autofill suggestion drop-down can cover browser UI-2021-07-26
1173297Security: Autofill dropdown can be made hidden-2021-07-26
1198611freetype_colrv1_fuzzer: Crash in tt_face_get_paint-2021-07-26
1185732UAF in indexeddb database$50002021-07-24
1195579DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2021-07-24
1025683Permission Service Use After Free$200002021-07-23
1192552heap-use-after-free : views::HWNDMessageHandler::OnDisplayChange-2021-07-23
1195333Security: The Browser Process wrongly handle ACCEPT_BROKER_CLIENT message$150002021-07-23
1199526v8_wasm_compile_fuzzer: Trap in V8_Dcheck-2021-07-23
1195977Security: v8 Array.concat IterateElements OOB access leads to RCE$220002021-07-22
1197759Segv on unknown address in HistoryClustersTabHelper::OnOmniboxUrlCopied-2021-07-22
1197852Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-22
1198385heap-buffer-overflow : metal::`anonymous namespace'::TestShaderNow-2021-07-22
1198871Abrt in blink::FontCache::GetLastResortFallbackFont-2021-07-22
830101SameSite cookie bypass via redirect$30002021-07-21
1166502Known vulnerability detected in third_party/unrar-2021-07-21
1175503Security: same-to-cross-to-same-origin redirects are allowed for dedicated module workers-2021-07-21
1178032heap-use-after-free : PermissionBubbleMediaAccessHandler::ProcessQueuedAccessRequest-2021-07-21
1196683Security: 2021 pwn2own entry-2021-07-21
1196803iframe sandbox escape using incognito intent fallback URLs-2021-07-21
1197492Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut-2021-07-21
1197839Chromium: Vulnerability reported in third_party/xstream-2021-07-21
1072486Security: udev: root file write -> command execution privilege escalation-2021-07-20
1161806potential uaf in webmidi-2021-07-20
1166012Heap-buffer-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop-2021-07-20
1166496Known vulnerability detected in third_party/unrar-2021-07-20
1166497Known vulnerability detected in third_party/unrar-2021-07-20
1166498Known vulnerability detected in third_party/unrar-2021-07-20
1166499Known vulnerability detected in third_party/unrar-2021-07-20
1166500Known vulnerability detected in third_party/unrar-2021-07-20
1166501Known vulnerability detected in third_party/unrar-2021-07-20
1181688Security: UAF in Ozone Clipboard$200002021-07-20
1184294Security: xdgmime missing security-relevant commits-2021-07-20
1190525Heap-buffer-overflow in SkScalerContext_FreeType_Base::generateGlyphImage-2021-07-20
1197393Stack-buffer-overflow in void v8::internal::compiler::VisitBinop<v8::internal::compiler::BinopMatcher<v8:-2021-07-20
448539Autofill should not fill hidden fields-2021-07-19
1197819Bad-cast to int (const char *, void *) in xdg_run_command_on_dirs-2021-07-19
1197910Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-07-19
1195552Crash in v8::internal::Isolate::embedded_blob_code-2021-07-16
1195615Crash in blink::HTMLPopupElement::hide-2021-07-16
1168541Security: cryptohome chronos-access chgrp-2021-07-15
1168549Security: Cryptohome chown chronos-2021-07-15
1190519Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-07-15
1193739heap-use-after-free : media::MojoVideoDecoder::OnVideoFrameDecoded-2021-07-15
1194358Security: OOB in v8$150002021-07-15
1195356Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-15
1157030CrOS: Vulnerability reported in app-text/poppler-2021-07-14
1165654Security: 30x Redirect On Reload Can Navigate to Unsafe URLs / Cause Spoofing Issues-2021-07-14
1195370Trap in v8::internal::Handle<v8::internal::JSFunctionOrBoundFunction> const v8::internal-2021-07-14
1196503Crash in v8::base::Relaxed_Load-2021-07-14
1184929v8_wasm_async_fuzzer: DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc-2021-07-13
1194417Security: PermissionControllerImpl::UnsubscribePermissionStatusChange UAF-2021-07-13
1195343CrOS: Vulnerability reported in dev-libs/openssl-2021-07-13
1193327freetype_colrv1_fuzzer: Heap-buffer-overflow in tt_face_get_paint-2021-07-11
1189926Aww snap crash when editing canvas text$10002021-07-10
1191389dawn_wire_server_and_vulkan_backend_fuzzer: Crash in dawn_native::ValidateImageCopyTexture-2021-07-10
1192574Security: 30x to data URI aren't blocked on iOS-2021-07-10
1192789Security: upgrade to openssl 1.1.1k.-2021-07-10
1175992Security: Heap-buffer-overflow in TabStripModel::IsTabPinned$100002021-07-08
1184399Security: Legacy ipc::Message passed via shared memory.-2021-07-08
1190462CrOS: Vulnerability reported in net-libs/gnutls-2021-07-08
1192054Security: heap-use-after-free in blink::InvalidatableInterpolation::MaybeConvertPairwise$50002021-07-08
1192313v8_wasm_compile_fuzzer: Negative-size-param in v8::internal::wasm::WasmFullDecoder<-2021-07-08
1193257webcodecs_audio_decoder_fuzzer: Bad-cast to media::MediaLog from invalid vptr in media::LogHelper::~LogHelper-2021-07-08
1194784v8_wasm_code_fuzzer: DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-08
1194669Trap in v8::internal::FunctionLiteral::GetDebugName-2021-07-08
1161379kCanvasReadback is used for two fingerprint surfaces-2021-07-07
1161847Trap in Builtins_InterpreterEntryTrampoline-2021-07-07
1173903Security: container-overflow in TabStrip-2021-07-07
1181228Security: UAF in DesktopCapture$200002021-07-07
1182647Security: Use after free in V8$150002021-07-07
1185463DCHECK failure in PropertyConstness::kMutable == old_descriptors_->GetDetails(modified_descriptor_-2021-07-07
1185482Security: use-after-free in WindowTreeHostPlatform::OnBoundsChanged$10002021-07-07
1186641Security: heap-use-after-free in Blink$75002021-07-07
1192311Use-after-poison in blink::AXObjectCacheImpl::Dispose-2021-07-07
1193098gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2021-07-07
1193209pdf_codec_jbig2_fuzzer: Stack-use-after-scope in fxcrt::UnownedPtr<std::__Cr::list<std::__Cr::pair<std::__Cr::pair<unsigned int,-2021-07-07
1193493CHECK failure: !available->IsEmpty() in macro-assembler-arm64.cc-2021-07-07
1193728CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-07-07
1194316DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-07
1177419Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree [LayoutNG only]-2021-07-06
1187210sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-06
1169049Security: ARM GPU driver vulnerabilities-2021-07-05
1192926Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2021-07-05
1193116Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-07-04
1193210Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-04
1188407Security: ChromeOS: missing path restriction in arc-obb-mounter-2021-07-03
1189576crash in VideoFrame$20002021-07-03
1190554Use-of-uninitialized-value in media::MediaMetricsProvider::~MediaMetricsProvider-2021-07-03
1191853v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-07-03
1192418Segv on unknown address in blink::Node::parentNode-2021-07-03
1192456Use-of-uninitialized-value in blink::AXLayoutObject::CanHaveChildren-2021-07-03
1192569Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-03
1190290v8_inspector_fuzzer: DCHECK failure in has_exception == isolate->has_pending_exception() in execution.cc-2021-06-30
1106907uaf in WebRTC_Network$50002021-06-29
1176510Use-of-uninitialized-value in GURL::SchemeIs-2021-06-29
1189890Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper-2021-06-29
1184562Security: NAT Slipstreaming via RTSP(TCP/554) allows attacker to access local udp ports$30002021-06-27
1185611Heap-use-after-free in libvk_swiftshader.dylib$60002021-06-27
1187217Security DCHECK failure: IsTextControl(node) in text_control_element.h-2021-06-27
1187896v8_wasm_code_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2021-06-27
1190077Container-overflow in views::View::Layout-2021-06-27
1000248Using the CSS Layout API and contenteditable causes the page to crash$50002021-06-24
1100748Security: Possible for extensions to access chrome.cloudPrintPrivate API$10002021-06-24
1115045CSP frame-src bypass using: window.open + javascript-url + about:srcdoc + doubly-nested-iframe.$30002021-06-24
1116869Security: heap-buffer-overflow in "SkiaState::AdjustClip" function$50002021-06-24
1145024Security&UI: WPA2-Enterprise/EAP WiFi Connection "Default" UI Discrepancy$5002021-06-24
1161891Security: Reloading iframes with data: src causes partial CSP bypass$5002021-06-24
1166091Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166462Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166478Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166972Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1167507Security: Offline view bypasses Content-Security-Policy of the original page$30002021-06-24
1167629Security: Context menu "Open" on a javascript: link bypasses Content-Security-Policy$10002021-06-24
1180588Memcpy-param-overlap in mojo::core::Channel::Message::ExtendPayload-2021-06-24
1182767Security: Amended fix for Side-channel attack against Autofill Preview$50002021-06-24
1184037Container-overflow in blink::LocalFrameView::PushPaintArtifactToCompositor-2021-06-24
1184147Security: Incorrect Security UI in payment$5002021-06-24
1185735[spark-plug]SharedFunctionInfo pending execption error which can lead to RCE-2021-06-24
1188868DCHECK failure in 0 == result in mutex.cc-2021-06-24
1189396CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc-2021-06-24
1189467Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2021-06-24
1146813Crash in v8::internal::Builtins::builtin_handle-2021-06-23
1166138Security: Debug check failed: kMinCPOffset <= by (-32768 vs. -65536).$50002021-06-23
1187203Security: SandboxedUnpacker unsafe use of shared memory.-2021-06-23
1187403Heap-use-after-free in CurrentTabDesktopMediaList::Refresh$150002021-06-23
1187826CrOS: Vulnerability reported in media-libs/tiff-2021-06-23
1187836v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2021-06-23
1188483DCHECK failure in invalidated_object.map().IsMap() in invalidated-slots-inl.h-2021-06-23
1188974DCHECK failure in !is_linked() in label.h-2021-06-23
1186603v8_wasm_async_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-06-22
1167357potential uaf in rtc_peer_connection$5002021-06-18
1179915heap-use-after-free : ui::EventTarget::RemovePreTargetHandler-2021-06-18
1181387Security: container-overflow in TabGroups-2021-06-18
1182109Security: dPWAs can change their icons after installation-2021-06-18
1187170DCHECK failure in IsPrimitiveMap() in map-inl.h-2021-06-18
1177674Security: Site Isolation bypass after BrowsingInstance state deleted-2021-06-17
1185829v8_wasm_compile_fuzzer: DCHECK failure in source.stack_height() == target.stack_height() in liftoff-assembler.cc-2021-06-17
1186802v8_wasm_compile_fuzzer: DCHECK failure in sig->return_count() <= cache_state_.stack_height() in liftoff-assembler.cc-2021-06-17
1040988media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2021-06-16
1152226Leaking the URL of any cross-origin redirect through AppCache's network section$50002021-06-16
1152334Security: UAF in PaymentResponseHelper::GeneratePaymentResponse$150002021-06-16
1174493CrOS: Vulnerability reported in dev-python/jinja-2021-06-16
1185512cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-16
1185999v8_wasm_code_fuzzer: DCHECK failure in (cond) != nullptr in wasm-compiler.cc-2021-06-16
916326CSP bypass via wrong inheritance-2021-06-15
1097480CrOS: Vulnerability reported in dev-libs/libpcre-2021-06-15
1146651X-Frame-Options console error leaks cross-origin redirect information to a cross-site renderer process-2021-06-15
1161144Security: UAF in Bookmark OpenAll$100002021-06-15
1173879Security: Autofill preview suggestion value can be made to persist-2021-06-15
1175507Security: heap-use-after-free in TabSearchPageHandler::CloseTab-2021-06-15
1175975WebCodecs VideoFrame allows tainting bypass for ImageBitmaps.-2021-06-15
1181131CrOS: Multiple vulnerabilities in dev-libs/openssl-2021-06-15
1182571v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-06-15
1183026v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-06-15
1184182Heap-use-after-free in aura::Window::~Window-2021-06-15
1184928DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-06-15
1184964DCHECK failure in !cache_state_.stack_state.empty() in liftoff-assembler.cc-2021-06-15
1184966CHECK failure: Node::New() Error: #743:Phi[0] is nullptr in node.cc-2021-06-15
1184991DCHECK failure in (val.node) != nullptr in graph-builder-interface.cc-2021-06-15
1185072DCHECK failure in (location_) != nullptr in handles.cc-2021-06-15
1185322DCHECK failure in kBottom != kind in value-type.h-2021-06-15
1185579CHECK failure: Node::New() Error: #287:Float32LessThanOrEqual[1] is nullptr in node.cc-2021-06-15
1178181cups_ipp_t_fuzzer: Crash in create_item-2021-06-12
583058Security: root->kernel scribble in cros_ec_dev:ec_device_ioctl_xcmd on 32bit$50002021-06-11
957606Security: CSP restrictions aren't applied when navigating a frame to about:blank$75002021-06-11
971231Chrome Content security Policy bypass$10002021-06-11
1075734Security: Side-channel attack against Autofill Preview that can steal user's data (e.g., credit card number).$5002021-06-11
1115298Full CSP bypass by opening a blob URL in a new tab and reloading it with history.back$30002021-06-11
1115628Security: Full CSP bypass through blob: URIs$50002021-06-11
1117687Security: Full CSP bypass through filesystem URIs$50002021-06-11
1154250Security: determining size of CORB/CORP'd cross-origin responses$5002021-06-11
1155302Security: UaF in V4L2VideoEncodeAccelerator-2021-06-11
1158010Security: Referrer Header Spoofing Vulnerability via <base> tags$5002021-06-11
1170584UI/URL Spoofing by putting the page into fullscreen when a user opens the emoji dialog$10002021-06-11
1174943uaf in DestroyURLLoader(network::cors::CorsURLLoaderFactory)$150002021-06-11
1175436uaf in CrossOriginEmbedderPolicyReporter(browser)$150002021-06-11
1178165cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-11
1181701CrOS: Vulnerability reported in dev-libs/glib-2021-06-11
1183192Use-of-uninitialized-value in blink::LayoutGrid::FirstLineBoxBaseline-2021-06-11
1184441Racy UAF when handling usrsctp notification on timer thread-2021-06-11
1173311Security: Backport futex fix to older kernels-2021-06-09
1181673noopener not applied to popups opened from a cross origin iframe in a cross-origin-isolated environment-2021-06-09
1181684v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-06-09
1183122Heap-use-after-free in blink::GridLayoutUtils::FlowAwareDirectionForChild-2021-06-09
1181676Security: UAF in ClipboardHistory$200002021-06-08
1182572Heap-buffer-overflow in mojo::core::Channel::Message::ExtendPayload-2021-06-05
1013133CHECK failure: API call returned invalid object in api-arguments-inl.h-2021-06-04
1181310Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181125Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181599sanitizer_api_fuzzer: Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-06-04
996770Security: [xfa] pdfium SEGV on RelocateTableRowCells$50002021-06-02
1180435Crash in v8::internal::Simulator::DecodeType2-2021-06-01
1180871Heap-use-after-free in storage::DataPipeTransportStrategy::OnDataPipeReadable-2021-06-01
1180129v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1180563Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-30
1180579v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1177623Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1177812Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1180181v8_wasm_fuzzer: Segv on unknown address in v8::internal::Simulator::LoadStoreHelper-2021-05-29
1180157tint_spv_reader_wgsl_writer_fuzzer: Use-of-uninitialized-value in tint::ValidatorImpl::Validate-2021-05-29
1159255cras_rclient_message_fuzzer: Crash in cras_system_state_stream_added-2021-05-28
1160414heapoverflow in web gpu$50002021-05-28
1179120Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179118Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179182v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-05-28
1179292Heap-buffer-overflow in base::internal::VectorBuffer<char>::RangesOverlap-2021-05-28
1179545v8_wasm_compile_fuzzer: Stack-use-after-scope in v8::internal::wasm::fuzzer::WasmGenerator::BlockScope::BlockScope-2021-05-28
1179595[sparkplug]baseline optimize function PrologueFillFrame register_count can be 0 .which can lead to code execution$50002021-05-28
1179677Heap-use-after-free in base::ScopedMultiSourceObservation<aura::WindowTreeHost, aura::WindowTreeHostObs-2021-05-28
1179948wayland_fuzzer: Heap-use-after-free in decltype-2021-05-28
1144074Heap-use-after-free in EGL_DestroyContext-2021-05-27
1160218dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-05-27
1160258crash in gpu::gles2::GLES2Implementation::ReadPixels$50002021-05-27
1176728Security: Does eigen3 need updating?-2021-05-27
1178219Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-27
1179336Heap-buffer-overflow in base::circular_deque<char>::MoveBuffer-2021-05-27
1143526Security: leak cross-site response size - countermeasure bypass$30002021-05-26
1168544Security: crash-reporter chmod 660-2021-05-26
1171049Security: container-overflow in TabStrip::SetSelection$100002021-05-26
1174373UAP in MojoWatcher::OnHandleReady$20002021-05-26
1177593heap-buffer-overflow : blink::H264Encoder::EncodeOnEncodingTaskRunner-2021-05-26
1178008dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-26
1178136Chromium: Vulnerability reported in third_party/libzip-2021-05-26
1179025DCHECK failure in !pinned.has(reg) in liftoff-assembler.h-2021-05-26
1172054UaF in WebRTC P2PSocketManagerProxy::CreateSocket$50002021-05-25
1174626datapath_fuzzer: Use-of-uninitialized-value in patchpanel::IPv6AddressToString-2021-05-25
1178224Bad-cast to blink::LayoutTableSection from blink::LayoutNGTableSection in blink::LayoutTable::AddChild-2021-05-25
1178263Heap-buffer-overflow in blink::LayoutTable::AddColumn$60002021-05-25
1128895CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-05-24
1176909Heap-use-after-free in blink::DisplayItemClient::IsJustCreated-2021-05-23
1177273Heap-use-after-free in blink::PaintLayer::RemoveAncestorScrollContainerLayer-2021-05-23
1178142Crash in blink::LayoutTable::AddCaption-2021-05-23
1178074Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-23
1111646Security: Possible to spoof URL after renderer crash$30002021-05-22
1174186CSS 3D transform intersection glitch in Chrome / Windows$5002021-05-22
1177684Use-of-uninitialized-value in blink::LayoutTable::AddCaption-2021-05-22
1177832Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-22
1178007Crash in blink::LayoutObjectChildList::RemoveChildNode-2021-05-22
1174582Security: ScriptProcessorNode allows write of Float32Array across threads-2021-05-21
1176606Heap-use-after-free in ash::NotificationCounterView::~NotificationCounterView-2021-05-21
1177341Security: Insufficient fix for CVE-2021-21148-2021-05-21
1155819gpu_raster_swiftshader_fuzzer: Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt-2021-05-20
1176557dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-20
1177070Crash in v8::internal::interpreter::BytecodeArrayAccessor::Advance-2021-05-20
1170531Talos Security Advisory for Google Chrome browser (TALOS-2021-1235)$75002021-05-19
1170776Security: V8 Incorrect array bounds calculation-2021-05-19
1176318DCHECK failure in CanTransitionTo(new_details, *new_value) in property-cell-inl.h-2021-05-19
1035260libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_SSSE3-2021-05-18
1172819Heap-buffer-overflow in blink::NGTableLayoutAlgorithm::Layout-2021-05-18
1175222Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-18
1175500Security: Heap-buffer-overflow in TabStripModel::GroupTab (Windows-only)$75002021-05-18
1174551Heap-buffer-overflow in unsigned int v8::internal::StringHasher::HashSequentialString<char>-2021-05-17
1174900dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-17
1165724CrOS: Vulnerability reported in sys-libs/e2fsprogs-libs-2021-05-15
1168545Security: Arbitrary code execution in ghostscript-2021-05-15
1168555Security: android-root persistence-2021-05-14
1173269Security: heap-buffer-overflow in TabStripModel-2021-05-14
1173702Security: Heap buffer overflow in Tab Groups$75002021-05-14
1174641ANGLE: Out-of-bounds read for emulated compressed texture formats in 3D textures-2021-05-14
1166932Security: ChromeOS root privilege escalation and android-root persistence$450002021-05-13
1173925Use-of-uninitialized-value in blink::PaintPropertyTreeBuilder::UpdateForSelf-2021-05-13
1160459AddressSanitizer: access-violation on unknown address 0x000000000000-2021-05-12
1170826Third party apps and web pages can switch Chrome tabs-2021-05-12
1171785Heap-use-after-free in blink::LocalFrameView::PerformPreLayoutTasks-2021-05-12
1172192Security: UAF in Drag and Drop Download$200002021-05-12
1098582Security: allow-top-navigation-by-user-activation bypasses via message event listeners on iOS$50002021-05-11
1164655dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-05-11
1168552Security: host root file write-2021-05-11
1171954DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod-2021-05-11
1172121v8_inspector_fuzzer: DCHECK failure in host_import_module_dynamically_callback_ != nullptr == host_import_module_dynami-2021-05-11
1172591Heap-use-after-free in views::ColorChooser::OnViewClosing-2021-05-11
1172687Use-of-uninitialized-value in blink::LayoutObject::SetNeedsOverflowRecalc-2021-05-11
1172885dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-11
1172912v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffAssembler::MergeFullStackWith-2021-05-11
1171846v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-05-10
1171759v8_multi_return_fuzzer: DCHECK failure in stack_decrement == kSystemPointerSize in code-generator-arm.cc-2021-05-09
1171956dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-08
1172117Bad-cast to blink::LayoutTableCol from blink::LayoutNGTableColumn in blink::HTMLTableColElement::ParseAttribute-2021-05-08
1172118Heap-buffer-overflow in blink::NGTablePainter::PaintBoxDecorationBackground-2021-05-08
1094642gstoraster_fuzzer: Segv on unknown address in s_DCTD_process-2021-05-06
1160665Requests for script sent even when main document is text/plain$5002021-05-06
1161759DCHECK failure in 0 == Heap::GetFillToAlign(obj->address(), HeapObject::RequiredAlignment(*map)) i-2021-05-06
1166504heap bufferoverflow in VideoFrameYUVConverter$50002021-05-06
1170657use after poison in DOMWebSocket$50002021-05-06
1170933garcon_ini_parse_util_fuzzer: Heap-buffer-overflow in vm_tools::garcon::ExtractKeyLocale-2021-05-06
1171195DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparse-d-2021-05-06
1171327Security: Sudo vulnerability-2021-05-06
1171600DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-05-06
1171441tint_spv_reader_hlsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-06
1158376Security: Browser process heap-use-after-free in the portal element$150002021-05-05
1169317Security: UaF in payments::SecurePaymentConfirmationAppFactory$200002021-05-05
1170615garcon_ini_parse_util_fuzzer: Use-of-uninitialized-value in vm_tools::garcon::ExtractKeyLocale-2021-05-05
1170990CHECK failure: serialized_prototype_ in js-heap-broker.cc-2021-05-05
1165624Security: UaF in chrome!payments::PaymentRequestSheetController::UpdateHeaderView$150002021-05-04
1170112tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-04
1168116v8_wasm_async_fuzzer.exe: Null-dereference in v8::base::Thread::Start-2021-05-02
1155974Security: WebGL Shader Stack Exhaustion leading to PC control in llvmpipe$10002021-05-01
1168550Security: mediadrm command injection-2021-05-01
1156170Security: Oilpan: Use After Poision in IsInConstruction<>() with chrome/xfa-2021-04-30
1161739Security: UAP in animate-2021-04-30
1167337tint_spv_reader_spv_writer_fuzzer: Segv on unknown address in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1167759tint_spv_reader_msl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168408tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168725tint_spv_reader_spv_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1138542gstoraster_fuzzer: Heap-buffer-overflow in mem_mapped4_copy_mono-2021-04-29
1155426Security: UAF in MediaStreamCapture$200002021-04-29
1162942Security: website is able to draw over protected UI elements (URL, padlock, tab list, titlebar) using 3D CSS transforms$50002021-04-29
1167242dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-29
1166549v8_inspector_fuzzer: DCHECK failure in isolate->has_pending_exception() != result in bootstrapper.cc-2021-04-29
1167277Lacros 3D Canvas can leak outside of iFrame-2021-04-29
1167918DCHECK failure in HasRemainingBytes(kUint8Size) in preparse-data-impl.h-2021-04-29
1167981CHECK failure: Bytecode mismatch at offset 2 in interpreter.cc-2021-04-29
1167988DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-04-29
1168055CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2021-04-29
1169077tint_spv_reader_hlsl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-29
1167709DCHECK failure in !done() in state-values-utils.cc-2021-04-27
1161705Security: heap-user-after-free in SearchTabHelper::DidStartNavigation-2021-04-26
1167505Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-26
1167430Heap-use-after-free in content::RenderWidgetHostViewAura::ForwardKeyboardEventWithLatencyInfo-2021-04-25
1138143segmentation fault in mojom::clipboard$200002021-04-24
1154965use after poison in blink::TimerBase::RunInternal$75002021-04-24
1163504Security: heap-buffer-overflow in extension$100002021-04-24
1163845Security: HeapOverflow in TabStripModel$100002021-04-24
1158381Security: Bypass iframe security policy in the portal element$5002021-04-23
1159377CrOS: Vulnerability reported in net-misc/curl-2021-04-23
1162123heap-use-after-free : web_app::WebAppMetrics::~WebAppMetrics-2021-04-23
1165966v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-23
1166354Use-of-uninitialized-value in v8::internal::RootScavengeVisitor::VisitRootPointers-2021-04-22
1160952dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-21
1162303Security: ChromeOS chronos privilege escalation to root$300002021-04-21
1164055Security: Blink web_test fonts unowned-2021-04-21
1164816Security: chrome://settings ImportData out-of-bounds READ-2021-04-21
1152894Security: WebView and Chromium based browser Omnibar Spoofing with Race Condition$30002021-04-19
1163184DCHECK failure in !code.marked_for_deoptimization() in compiler.cc-2021-04-19
1161654v8_wasm_fuzzer: DCHECK failure in has(reg.low()) == has(reg.high()) in liftoff-register.h-2021-04-17
1164158Security: PDFIum (XFA) Heap Overflow in RelocateTableRowCells$50002021-04-17
1164187Heap-use-after-free in ash::tray::TimeTrayItemView::~TimeTrayItemView-2021-04-17
1164326wayland_fuzzer: Heap-use-after-free in decltype-2021-04-17
1157818performance API reveals information about redirects (XS-Leak)-2021-04-16
1160448uaf in webgpu-2021-04-16
1162131Security: heap-use-after-free in IsBox$50002021-04-16
1163122Security: /run/arc/host_generated allows chronos to configure any Android system properties-2021-04-16
1163882Chromium: Vulnerability reported in third_party/binutils-2021-04-16
1147416uaf in dawn_wire::server::Server::OnBufferMapAsyncCallback(--enable-unsafe-webgpu)-2021-04-15
1160602Security: Use After Free in WebSQL$50002021-04-15
1161357Security: Debug check failed: code == topmost_ implies safe_to_deopt_$160002021-04-15
1161943dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return-2021-04-15
1162156dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-04-15
1162198heap-use-after-free : mojo::core::NodeController::DropPeer-2021-04-15
1156904Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-14
1157743Security: spoof download on any websites$5002021-04-14
1162036UAF in MediaStreamTrackProcessor$50002021-04-14
1162834Heap-use-after-free in blink::ShadowList::CreateDrawLooper-2021-04-14
1161954v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-13
1162400v8_wasm_compile_fuzzer: Crash in Builtins_JSEntryTrampoline-2021-04-13
1150012gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-04-10
1062941libyuv_scale_fuzzer: Heap-buffer-overflow in ScaleFilterCols_16_C-2021-04-07
1161048Upgrade SQLite to 3.34.0-2021-04-07
1160225CrOS: Vulnerability reported in dev-util/glib-utils-2021-04-06
1160224CrOS: Vulnerability reported in dev-libs/glib-2021-04-05
1151727spvtools_opt_size_fuzzer: Heap-buffer-overflow in spvtools::opt::analysis::IntConstant::GetU64BitValue-2021-04-02
1159663uaf in media::learning::MojoLearningTaskControllerService::PredictDistribution$150002021-04-01
1128206Security: Possible for extension to escape sandbox via devtools_page and intentionally crashed renderer$100002021-03-30
1131346Potential UAF in Speech Recognizer-2021-03-30
1099985Heap-use-after-free for desks widget in bool ui::PropertyHandler::GetProperty<bool>-2021-03-29
1153993Security: Skia etc1 missing an uninitialized data fix-2021-03-29
1158266uaf in use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$5002021-03-29
1137607dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-03-28
1159267Security: URL bar spoofing in Payments API$5002021-03-27
1160286Use-of-uninitialized-value in base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>,-2021-03-27
1155876cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2021-03-26
1159763CrOS: Vulnerability reported in net-misc/curl-2021-03-26
1137247Security: Spoofing download filename extension in 86 chrome - showSaveFilePicker$10002021-03-25
1159164Use-of-uninitialized-value in v8::internal::PerfJitLogger::LogWriteDebugInfo-2021-03-25
1159679dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-03-25
1152645Security: Race condition on destruction of GpuMemoryBufferFactoryNativePixmap may cause use after free-2021-03-24
1157800Incomplete fix for auth dialog spoof in iOS$5002021-03-24
1157814Security: UAF in PasswordProtectionRequest$200002021-03-24
1158774ots_fuzzer: Use-of-uninitialized-value in ots::OpenTypeGLYF::ParseSimpleGlyph-2021-03-24
1157790Security: Out of Bounds in V8$10002021-03-23
1157799CrOS: Vulnerability reported in dev-libs/openssl-2021-03-23
1157994DCHECK failure in !SharedStringAccessGuardIfNeeded::IsNeeded(*this) in string-inl.h-2021-03-22
1158071Bad-cast to mojo::InterfaceEndpointClient from content::RenderFrameImpl in mojo::internal::AssociatedInterfacePtrStateBase::~AssociatedInterfacePtrStateBas-2021-03-21
1153516Heap-buffer-overflow in SkAnalyticEdge::setLine$60002021-03-19
1154468use after poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$50002021-03-19
1155854CrOS: Vulnerability reported in net-fs/samba-2021-03-19
1156431v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-03-19
1157324v8_wasm_compile_fuzzer: DCHECK failure in caller->CanTailCall(callee) in instruction-selector.cc-2021-03-19
1020667Security: Insecure Memory Copy in Trousers$5002021-03-18
1101961Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-03-18
1150810Security: File System Access API - getFileHandle() allowing to save .lnk files$10002021-03-18
1151726Heap-use-after-free in printing::PrintManager::GetPrintRenderFrame-2021-03-18
1156513pdf_codec_jpeg_fuzzer: Use-of-uninitialized-value in decompress_smooth_data-2021-03-18
831761SameSite cookie bypass via Custom Scheme$10002021-03-17
1148749Double free/UAF in RegionDataLoaderImpl::DeleteThis$200002021-03-17
1150065UaF in AudioHandler::ProcessIfNecessary-2021-03-17
1153658uaf in AudioNodeOutput::Pull$60002021-03-17
1155710Iterating a directory with the File System Access API does not check current permissions.-2021-03-17
1156510Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized$50002021-03-17
957042Security: Possible to partially break sandbox restrictions imposed upon popup windows$10002021-03-16
1105875Security: XS-Leak with Resource Timing API and CSP Embedded Enforcement$10002021-03-16
1131929[Resource Timing] Missing PerformanceResourceTiming entries for iframe Requests that don't receive a Response$10002021-03-16
1149171Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-03-16
1149895Security: OpenSSL certificate blocklist isn't installed in images-2021-03-16
1151069Security: heap-buffer-overflow in AudioWorkletProcessor::CopyParamValueMapToObject-2021-03-16
1151298Security: Use-After-Free in DeflateTransformer$75002021-03-16
1154936webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in init_encode_frame_mb_context-2021-03-16
1155497v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-03-16
1155959DCHECK failure in kCanBeWeak || (!IsSmi() == (((static_cast<i::Tagged_t>(ptr_) & ::i::kHeapObjectT-2021-03-15
1156001Crash in v8::internal::HandleBase::IsDereferenceAllowed-2021-03-15
1140435Security: showSaveFilePicker allowing to save file extension with space at the end - cannot delete file on windows-2021-03-13
1140403Security: Hide real extension of file by many white spaces - showSaveFilePicker$10002021-03-13
1140410Security: Hide real extension of file by RTL - showSaveFilePicker$10002021-03-12
1140417Security: showSaveFilePicker allowing to save .lnk and .local files on windows!$10002021-03-12
1146855Heap-use-after-free in blink::AggregatingSampleCollector::Flush-2021-03-12
1150249Index-out-of-bounds in blink::AudioArray<float>::Allocate-2021-03-12
1150798Security: UAF in the views::DialogDelegate in the browser process$50002021-03-12
1152327Security: File System Access API & Symlinks-2021-03-12
1153595Security: UAF in Drag-and-drop$200002021-03-12
1155178Security: Skia GPU bug$60002021-03-12
1149125Security: Some WebUI pages enable MojoJS bindings for the subsequently-navigated site$75002021-03-10
1150772Index-out-of-bounds in blink::NGPhysicalBoxFragment::Create-2021-03-10
1152387Crash in icu_68::RuleBasedBreakIterator::handleNext-2021-03-10
1153442DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2021-03-10
1154439DCHECK failure in num_locals_ == local_types_.size() in function-body-decoder-impl.h-2021-03-10
1114062heap-use-after-free in is_null-2021-03-09
1149204Security: heap-buffer-overflow in blink::WebGLRenderingContextBase::MakeXrCompatibleSync$50002021-03-09
1110751Security: GoogleCrashHandler exist Any process DOS vulnerability-2021-03-08
1149115Heap-buffer-overflow in v8::internal::Simulator::WriteW-2021-03-08
1152937v8_wasm_fuzzer: DCHECK failure in decoder->ok() in graph-builder-interface.cc-2021-03-05
1049265Extensions with no special privileges are allowed to navigate to devtools:// scheme pages.$10002021-03-04
1108126Security: Chrome Apps can access chrome.storage for other extensions via webview$30002021-03-04
1150371Security: OOBW in the icu_68::FormattedStringBuilder::insert$50002021-03-04
1151865Security: OOB-read in network DataElement struct traits.-2021-03-04
1151890Security: Uninitialised memory read with BigInt right-shift$30002021-03-04
1143412Security: Pixelbook reveals windows underneath lock screen when external display is plugged in-2021-03-03
1151684webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_enc_setup_mi-2021-03-03
1151799heap-buffer-overflow in MoveWebContentsAtImpl(extension)$150002021-03-03
978798Security: Possible to fake the lock or login screen in full screen mode to phish user passwords-2021-03-02
1142024heap-use-after-free : gpu::SharedImageRepresentationDawnIOSurface::EndAccess-2021-03-02
1146872Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-03-02
1149586v8_inspector_fuzzer: DCHECK failure in ThreadId::Current() == isolate->thread_id() in compiler.cc-2021-03-02
1150649DCHECK failure in 0 <= length && length <= kMaxSafeInteger in builtins-array.cc-2021-03-02
1151270Heap-buffer-overflow in avx::rect_memset32-2021-03-02
1151248Crash in hsw::load_NUMBER_dst-2021-03-02
1151294Crash in erms::rect_memset32-2021-03-02
1151320Crash in hsw::load_NUMBER_dst-2021-03-02
1151322Crash in hsw::blit_row_s32a_opaque-2021-03-02
1151460Crash in SkARGB32_Black_Blitter::blitAntiH-2021-03-02
1151532Heap-buffer-overflow in ssse3::blit_mask_d32_a8-2021-03-02
1151551Heap-buffer-overflow in hsw::lowp::load_NUMBER_dst-2021-03-02
1151601Heap-use-after-free in hsw::blit_row_s32a_opaque-2021-03-02
1151602Use-after-poison in v8::internal::AstRawString::Compare-2021-03-02
1151611Heap-buffer-overflow in hsw::S32_alpha_D32_filter_DX-2021-03-02
709946Security: <link rel='prerender'> causes same-site cookies to be sent along with cross-site requests$20002021-02-26
1038002Unintended Data Leakage Through HTTP Request Headers$20002021-02-26
1149692Security: Heap-use-after-free in BluetoothChooserController::AddOrUpdateDevice$150002021-02-26
1150317Security: Potential remote code exec from web content in u2fd-2021-02-26
1138683Security: Use-after-free in MediaStreamCaptureIndicator::WebContentsDeviceUsage::AddDevices()$100002021-02-24
1141376Security: --experimental-wasm-gc array length allocation wraps on 32bit-2021-02-24
1147357Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2021-02-24
1146670TFC chrome full chain-2021-02-22
1142331Security: use-after-poison in blink::FileReaderLoader::OnReceivedData$50002021-02-20
1148504media_h265_decoder_fuzzer: Stack-buffer-overflow in media::H265Decoder::BuildRefPicLists-2021-02-20
1148657Use-after-poison in blink::MediaInspectorContextImpl::RemovePlayer-2021-02-20
1106424gstoraster_fuzzer: Use-of-uninitialized-value in s_A85D_process-2021-02-19
1130226gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-02-19
1141062gstoraster_fuzzer: Use-of-uninitialized-value in aes_setkey_enc-2021-02-19
1142020heap-buffer-overflow : gfx::internal::StyleIterator::GetTextBreakingRange-2021-02-19
1143662use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$50002021-02-19
1146025Content-Security-Policy headers are lost when the page is restored from bfcache-2021-02-19
1144646NAT Slipstream: Overlong usernames in TURN credentials-2021-02-19
1146068Crash in icu_68::FormattedValueStringBuilderImpl::nextPositionImpl-2021-02-19
1147430Security: Heap-buffer-overflow in SkBitmapOperations::UnPreMultiply-2021-02-19
1147516airscan_query_fuzzer: Index-out-of-bounds in log_message-2021-02-19
1147944airscan_query_fuzzer: Use-of-uninitialized-value in trace_unref-2021-02-19
1147943DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-19
1148772media_h265_decoder_fuzzer: Crash in base::AtomicRefCount::Decrement-2021-02-19
1146654media_h265_parser_fuzzer: Stack-buffer-overflow in media::H265Parser::ParseStRefPicSet-2021-02-17
1146673Security: type confusion in wasm cache-2021-02-17
1146709Security: Browser UAF when detaching a provisional frame-2021-02-17
1146714DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-17
1147431Security: Heap-buffer-overflow in ClipboardWin::WriteBitmap-2021-02-17
1147623media_h265_decoder_fuzzer: Stack-buffer-overflow in scoped_refptr<media::H265Picture>::swap-2021-02-17
1128479Heap-buffer-overflow in cc::TransformTree::StickyPositionOffset-2021-02-16
1137606Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-02-16
1142069heap-use-after-free : content::DownloadManagerImpl::GetDownload-2021-02-16
1145906heap-use-after-free : ProfileInfoCache::NotifyProfileAuthInfoChanged-2021-02-16
1146675Security: UAF in PepperFileIOHost-2021-02-16
1146761Security: UAF in ImageDecoderExternal due to ArrayBuffer Neuter$75002021-02-16
1146789Bad-cast to blink::LayoutBox from blink::LayoutTextFragment in blink::LayoutBox::LastChildBox-2021-02-16
1146861DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2021-02-16
1146873net_host_resolver_manager_fuzzer: Heap-buffer-overflow in net::ServiceFormHttpsRecordRdata::IsEqual-2021-02-16
1147331Bad-cast to int () in x11::InitXlib-2021-02-16
1136078UaF in PaymentCredential::DidDownloadFavicon-2021-02-15
1137362Security: Chrome Browser Policy Bypass "Allow invocation of file selection dialogs"$5002021-02-15
1146728DCHECK failure in vector->optimization_tier() == OptimizationTier::kNone || (vector->optimization_-2021-02-15
1144017Use-of-uninitialized-value in policy::UserCloudPolicyManager::IsFirstPolicyLoadComplete-2021-02-14
1146679Security: WeakPtr checks are optimized out-2021-02-14
1139411Security: cryptohomed skeleton copy can be raced to chown things to user chronos-2021-02-12
1139414Security: imageburner path check can be raced-2021-02-12
1144489Security: OSExchangeDataProviderWin::SetDragImage-2021-02-11
1144603v8_wasm_code_fuzzer: DCHECK failure in array_buffer->is_shared() in isolate.cc-2021-02-11
1146013DCHECK failure in function->is_compiled() in compiler.cc-2021-02-11
1137104uaf in load4 SkRasterPipeline_opts.h$50002021-02-10
1137179Security: Root priv escalation through cryptohomed, imageburner, arc-obb-mounter$300002021-02-10
1140376neteq_rtp_fuzzer: Use-of-uninitialized-value in webrtc::test::NetEqTest::RunToNextGetAudio-2021-02-10
1143448Heap-use-after-free in ScopedObserver<views::Widget, views::WidgetObserver, &-2021-02-10
1144449cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2021-02-10
1116444Security: Extensions can capture contents of local files using Page.captureScreenshot$50002021-02-09
1125362Security: Possible for extension to escape sandbox via chrome.debugger API and error page$100002021-02-09
1140949CrOS: Vulnerability reported in net-wireless/bluez-2021-02-09
1143057Security: WebUSB permission dialog can appear over the wrong tab$5002021-02-09
1145124Bad-cast to icu_68::UVector from invalid vptr in icu_68::AliasReplacer::outputToString-2021-02-09
1144368Security: ConvertToJavaBitmap heap-buffer-overflow.-2021-02-07
1144070mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in float media::FloatSampleTypeTraits<float>::From<float>-2021-02-06
1119873Security: UAF in CSSLayout worklet$50002021-02-05
1143772Security: V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion-2021-02-05
1084649dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in libvulkan.so.1-2021-02-04
1137581cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2021-02-04
1137604Heap-use-after-free in ScopedObserver<aura::Window, aura::WindowObserver, &-2021-02-04
1143053v8_wasm_code_fuzzer: Crash in v8::internal::TaggedField<v8::internal::WasmModuleObject, 112>::load-2021-02-04
1141350Security: Yet another universal XSS via copy&paste$30002021-02-03
1142675uaf in VideoFrame::CreateImageBitmap$50002021-02-03
1134107Security: stack buffer overflow write in RtcEventLogEncoderLegacy::EncodeRtcpPacket$10002021-02-02
1137594CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-02-02
1137603Heap-use-after-free in blink::PropertyTreeStateOrAlias::Unalias-2021-02-02
1139409Security: cros-disks will mount local loop devices-2021-02-02
1093791Security: Chrome's insecure construction of curl commands allows untrusted websites to retrieve local files from the user's system$5002021-02-01
1140549v8_wasm_compile_fuzzer: DCHECK failure in src.is_byte_register() in assembler-ia32.cc-2021-01-30
1141868Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-01-30
1132954Security: Root priv escalation through shill, arc-setup, and upstart$300002021-01-29
1133047Security: arc-setup should validate /run/arc/oem/etc/media_profiles.xml is not a symlink-2021-01-29
1136714Incorrect security UI at screen share API$5002021-01-29
1138878Possible UAF in SctpTransport's sctp_inpcb_free-2021-01-29
1141743Use-of-uninitialized-value in blink::IsOperatorWithSpecialShaping-2021-01-29
1125018Arbitrary file deletion in google chrome updater in master/chrome/updater/installer.cc$10002021-01-28
1127595Chromium: Vulnerability reported in third_party/libxml-2021-01-28
1138190pdfium CompositeRow_8bppRgb2Rgb_NoBlend_RgbByteOrder heap-buffer-overflow-2021-01-28
1139153Security: Heap-use-after-free in WebRTC$75002021-01-28
1139825pdfium heapoverflow CompositeRow_Argb2Argb_RgbByteOrder-2021-01-28
1141256Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect-2021-01-28
1097499pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2021-01-27
1137580Bad-cast to content::AgentSchedulingGroup from invalid vptr in content::RenderFrameImpl::Send-2021-01-27
1138942Bad-cast to content::AgentSchedulingGroup from invalid vptr in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-27
1139398Security: [ANGLE] Invalid memory access in libglesv2!rx::IndexDataManager::streamIndexData$150002021-01-27
1037839pdf_scanlinecompositor_fuzzer: Crash in RGB_Blend-2021-01-26
1128340CVE-2020-25211 CrOS: Vulnerability reported in Linux kernel-2021-01-26
1134261Security: UAF in Skia SkContourMeasureIter caused by SkPath::shrinkToFit-2021-01-26
1137608v8_wasm_compile_fuzzer: DCHECK failure in 0 <= offset in assembler-arm.cc-2021-01-26
1138877Security: heap-buffer-overflow in window.find$20002021-01-26
1138911Security: UAF in TabStrip$150002021-01-26
1139786CHECK failure: Type cast failed in CAST(p->receiver()) at ../../src/ic/accessor-assembler.cc:25-2021-01-26
1140197Security: Apply fix for freetype heap buffer overflow to Chrome OS-2021-01-26
1137583DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-x64.h-2021-01-25
1137584Bad-cast to blink::DrawingDisplayItem from blink::DisplayItem in blink::ConversionContext::Convert-2021-01-25
1137591Heap-use-after-free in blink::PaintArtifactCompositor::UpdateDebugInfo-2021-01-25
1139408arc-media-removable-{read,write} are not using noexec-2021-01-25
945997Using Flash's ProgressEvent to extract the length of cross-site responses$10002021-01-24
1138446Security: webrtc container-overflow in the browser process$50002021-01-24
1139163Security DCHECK failure: tree_order < tree_scopes_.size() in match_result.h-2021-01-24
830808SameSite cookie bypass via openWindow$5002021-01-22
1115590CSP Bypass via Chrome Extension$30002021-01-22
1133527Security: Debug check failed: IsFound() || !holder_->HasFastProperties(isolate_)$50002021-01-22
1135594Security: woff2 missing upstream fix for integer overflow-2021-01-22
1137630Security: PDFium heap-use-after-free in CPWL_ListBox::~CPWL_ListBox()$75002021-01-22
1125614UaF in Payment (Android)-2021-01-21
1135018Security: UaF in TabSharingUI$150002021-01-21
1137586DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1137590Crash in blink::NGBlockLayoutAlgorithm::CreateConstraintSpaceForChild-2021-01-21
1137609Crash in blink::ShapeResultView::CreateShapeResult-2021-01-21
1137650Crash in blink::ComputedStyleBase::MutableFilterInternal-2021-01-21
1138577Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-21
1138776CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2021-01-21
1138915DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1107970gstoraster_fuzzer: Use-of-uninitialized-value in clip_runs_enumerate-2021-01-20
1116729dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in vk::DescriptorSetLayout::DescriptorSetLayout-2021-01-20
1125240dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2021-01-20
1137578v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-01-20
1137579Crash in cc::DroppedFrameCounter::ReportFrames-2021-01-20
1137582DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-01-20
1137588Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-20
1137587ndproxy_fuzzer: Use-of-uninitialized-value in patchpanel::NDProxy::GetPrefixInfoOption-2021-01-20
1137596v8_wasm_compile_fuzzer: Crash in unsigned int v8::base::ReadUnalignedValue<unsigned int>-2021-01-20
1137597CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2021-01-20
1137598dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-01-20
1137601CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-01-20
1137600v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::kValidate,v8::i-2021-01-20
1137602Crash in Builtins_TestEqualStrictHandler-2021-01-20
1137605Crash in Builtins_TypeOfHandler-2021-01-20
1137652Bad-cast to float (float) noexcept in skvx::Vec<sizeof...-2021-01-20
1137668PDFium(XFA) Heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2021-01-20
1138197DCHECK failure in 2 == args.length() in builtins-reflect.cc-2021-01-20
1133009Security: login_manager symlink attack-2021-01-19
1134338Security: Incorrect Handling of XFrameOptions with mailMsg in the PDF Viewer$30002021-01-19
1136327Security: Use of use-of-uninitialized-value in UsbDeviceHandleUsbfs-2021-01-19
1137595Bad-cast to content::AgentSchedulingGroup from mojo::core::UserMessageImpl in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-19
1133210DCHECK failure in !IsJSGlobalObject(isolate) in js-objects-inl.h$50002021-01-18
1133635Security: UAF in PasswordGenerationPopupControllerImpl::PasswordAccepted$200002021-01-18
1135835DialURLFetcher::Start may bypass Sec-Fetch-Site-2021-01-18
1125337Portrait photos (taken by Pixel3aXL) with EXIF crash on Desktop$5002021-01-15
1128270Security: UAF in UrlLoaderFactoryProxyImpl$200002021-01-14
1132998CrosDisks accepts arbitrary bind mount parameters-2021-01-14
1134960Security: Use-after-free with using print dialog$30002021-01-14
1135857Security: UAF in USBDevice$100002021-01-14
1133006Security: network_diag does not validate multiline input-2021-01-12
1134983CrOS: Vulnerability reported in net-fs/samba-2021-01-12
1110195Security: Method field allows injection of HTTP requests-2021-01-09
1122487UAF in devtools$5002021-01-08
1133183Incorrect Security UI when using Tab preview$5002021-01-08
1133275CrOS: Vulnerability reported in sys-libs/ldb-2021-01-08
1133668Use after free triggered from mojo::SyncEventWatcher-2021-01-08
1133671Security: UAF in AutofillPopupControllerImpl::HandleKeyPressEvent$200002021-01-08
1133688Security: UAF in PasswordGenerationPopupControllerImpl::HandleKeyPressEvent$200002021-01-08
1133983Security: UaF in printing::PrintRenderFrameHelper::PreviewPageRendered()$50002021-01-08
1124661Bad-cast to blink::LayoutInline from blink::LayoutBlockFlow in blink::NGInlineNode::ComputeOffsetMapping-2021-01-06
1124963Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-01-06
1128657audio.captureStream() may allow cross-origin resource theft-2021-01-06
1133000ArcObbMounter mounts without noexec-2021-01-06
1133001Security: ArcObbMounterInterface.MountObb takes arbitrary gid offset-2021-01-06
960357Chrome v74 JS dialog description Spoof vulnerability on IOS$5002021-01-05
1127322UaF in ServiceWorkerPaymentApp-2021-01-05
1129850uaf in browser process(ServiceWorkerScriptLoaderFactory())-2021-01-05
1127620DCHECK failure in OperatorProperties::GetTotalInputCount(node->op()) == node->InputCount() in veri-2021-01-05
1132641Security: out of bounds write in CanonicalizeTimeZoneID-2021-01-05
1132926Step "browser_tests" failing on builder "Linux ChromiumOS MSan Tests"-2021-01-05
1080395Android/iOS: URL spoofing using long sub-domain for blob:URL$30002021-01-04
1126881CrOS: Vulnerability reported in net-libs/gnutls-2021-01-02
1131040Check secure payment confirmation feature state in browser process.-2021-01-02
1125294cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-31
1073063Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine-2020-12-30
1101509Security: UAF in RawClipboardHostImpl$300002020-12-30
1116280Self-XSS / Crash via window.open and delayed navigation$50002020-12-30
1129705Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext-2020-12-30
1129840CrOS: Vulnerability reported in x11-libs/libX11-2020-12-30
1130111Heap-use-after-free in views::View::GetPreferredSize-2020-12-30
1130489CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc-2020-12-30
1125871Crash in v8::internal::Simulator::LoadStoreHelper-2020-12-29
1128318Chrome: UAF in SessionStorageImpl-2020-12-29
1130127Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-12-29
1113565Security: Extensions can use chrome.debugger API to access contents of local files$50002020-12-28
1128994Unknown exception in CrashForExceptionInNonABICompliantCodeRange-2020-12-27
1129422h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk-2020-12-26
1129598Heap-use-after-free in blink::NGInlineCursor::MoveTo-2020-12-26
1129706v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc-2020-12-26
1127520.well-known/change-password NavigationThrottle should only be instantiated for main frame navigations-2020-12-25
1129359webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi-2020-12-25
1129568Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-12-25
1129842CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel-2020-12-25
1125199heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse-2020-12-24
1127112Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar-2020-12-24
1127610CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj-2020-12-24
1128343CrOS: Vulnerability reported in net-libs/gnutls-2020-12-24
1128756Bad-cast to const char *() in ui::CursorPathFromLibXcursor-2020-12-24
1129515Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1129285Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1092130v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-12-23
1111149video.captureStream() may allow cross-origin resource theft-2020-12-23
1124723CHECK failure: parse_success in experimental.cc-2020-12-23
1127496Security: Screen share clickjacking secondary issue-2020-12-23
1128267Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread-2020-12-23
1128342CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel-2020-12-23
1127405CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1127407Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem-2020-12-22
1128301CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1128341CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel-2020-12-22
1126249Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger-2020-12-21
1127310CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel-2020-12-21
1127319Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()).$50002020-12-21
1102153Security: Information disclosure through screenshare with clickjacking$20002020-12-19
1123883Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2020-12-19
1125210heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory-2020-12-19
1126522Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-19
1127158Heap-use-after-free in views::MenuController::ExitMenu-2020-12-19
1106612heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z-2020-12-18
1124782DCHECK failure in top() >= original_top_ in new-spaces.h-2020-12-18
1126769CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-12-18
1100136heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process)$150002020-12-17
1121414Security: Missing IsContextDestroyed in MediaKeys-2020-12-17
1122848DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc-2020-12-17
1121836Security: HeapOverflow in SerialHandle$100002020-12-16
1124776transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString-2020-12-16
1125187Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone-2020-12-16
1125354Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture-2020-12-16
1125951DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc-2020-12-16
1124646DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag-2020-12-15
1124677CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu-2020-12-15
1124696Crash in Builtins_InterpreterEntryTrampoline-2020-12-15
1125386Security: chrome dev tools frontend cloud container is leaking-2020-12-15
1126106Security: ignore this-2020-12-15
1125887Crash in Builtins_RegExpMatchFast-2020-12-15
1126108Security: ignore this-2020-12-15
1124997Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered-2020-12-14
1125144Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-14
1125504Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox-2020-12-14
1106890Security: Possible for apps to access http/https sites outside of a webview context via blob URLs$150002020-12-12
1111685Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap-2020-12-12
1114114CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel-2020-12-12
1119532mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair-2020-12-12
1123023Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay.$30002020-12-12
1124477DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h-2020-12-12
1124617Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty$30002020-12-12
1124754Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset-2020-12-12
1111737Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal()$75002020-12-08
1112155DCHECK failure in address % 4 == 0 in simulator-arm.cc-2020-12-08
1113558Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API$50002020-12-08
1123522Security: Use-After-Poison in XRFrameProvider$75002020-12-08
1099390Security: ChromeOS chronos privilege escalation to root$300002020-12-07
1122917Security: UAF in DirectSocketsServiceImpl$200002020-12-07
1123379DCHECK failure in effect_edges > 0 in verifier.cc-2020-12-07
1088224Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images$50002020-12-06
1123258cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-06
1114636Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget$150002020-12-05
1116123cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-05
1115662Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport)$300002020-12-04
1116505cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2020-12-04
1116903container-overflow in blink::MediaStreamSource$20002020-12-04
1117258Segv on unknown address in v8::internal::JSPromise::Fulfill-2020-12-04
1120729CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc-2020-12-04
1114458ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data-2020-12-03
1115945CrOS: Vulnerability reported in x11-libs/libX11-2020-12-03
1116304Security: UAF in VideoCapture$200002020-12-03
1119331mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure-2020-12-03
1119400Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-12-03
1119419v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline-2020-12-03
1121156Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext-2020-12-03
1122560CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel-2020-12-03
1115963Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos-2020-12-02
1115977Security: BackupArcBugReport file write vulnerability-2020-12-02
1121898webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection-2020-12-02
1121982CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel-2020-12-02
1119865Security: UAF in StopProfiler$75002020-12-01
1120924webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone-2020-12-01
1121642CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel-2020-12-01
1120956Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout-2020-11-30
1117367Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358?$5002020-11-28
1120825webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput-2020-11-28
1116019v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32-2020-11-27
1114556Security: UaF in views::View::UpdateTooltip$50002020-11-25
1116706Security: Use After Free in PresentationConnectionCallbacks::OnSuccess$75002020-11-25
1081874Double free on NodeChannel-2020-11-24
1099670CrOS: Vulnerability reported in dev-libs/libpcre-2020-11-24
1092518Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly$5002020-11-21
1108511heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged-2020-11-21
1108892dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-11-21
1109120Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page-2020-11-21
1113209dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-11-21
1113554dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-21
1114066Potential UAF when closing chrome://cellular-setup-2020-11-21
1114398crash in Builtins_StaCurrentContextSlotHandler$50002020-11-21
1114500gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER-2020-11-21
1115345Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect-2020-11-21
1115354DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h-2020-11-21
1115693Heap-use-after-free in blink::Element::AttributeChanged-2020-11-21
1115902Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged-2020-11-21
1112206Security: pdfium Debug check failed-2020-11-18
1092453Restrictions on navigation to the content scheme can be bypassed on Android$30002020-11-17
1114803wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int>-2020-11-17
1104628Security: Private file upload (data exfiltration)$10002020-11-16
1114326Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner-2020-11-15
1038208canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed-2020-11-14
1113710Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-14
1102361Security: Arbitrary command execution vulnerability in patchpanel-2020-11-13
1113226Security: Heap overflow in libavif-2020-11-13
1114005CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc-2020-11-13
1114006DCHECK failure in 0 <= length in factory-base.cc-2020-11-13
937179Security: Malicious link opens multiple tabs via URI handler$5002020-11-12
1034224CrOS: Vulnerability reported in dev-libs/libxslt-2020-11-12
1039058CrOS: Vulnerability reported in dev-libs/libxml2-2020-11-12
1108116heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions-2020-11-12
1110207Security: Use after free in Payments$200002020-11-12
1112440gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param-2020-11-12
1112442gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group-2020-11-12
1112474gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1112477gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1108181Security: bypas of the protection of input field cache$50002020-11-11
1108518Security: UAF in ScriptPromiseProperty due to iterator invalidation$75002020-11-11
1100280Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation$5002020-11-10
1103827Security: heap-buffer-overflow in TextDetection detect-2020-11-10
1106590Step "blink_web_tests" failing on builder "WebKit Linux MSAN"-2020-11-10
1112642Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-10
841622Security: Speech permission request UI spoof$5002020-11-09
1104046Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner().$75002020-11-09
1100286Chromium: Vulnerability reported in third_party/requests-2020-11-08
1108535Security: UAF in ImageDecoderExternal due to iterator invalidation$75002020-11-07
1110432mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles-2020-11-07
1111831Crash in v8::internal::Heap::CreateFillerObjectAt-2020-11-07
1111972Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers-2020-11-07
1112025DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top-2020-11-07
1112039Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint-2020-11-07
1107433Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability$100002020-11-06
1111015v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2020-11-06
1111307Security: UAF in OfflinePageTabHelper::LoadData-2020-11-06
1012955Security: Reader mode needs improved sanitization-2020-11-05
1107104dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-05
1110749net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1110991zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence-2020-11-05
1110992net_spdy_session_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1145680Ports 5060 and 5061 should be blocked-2020-11-04
1092385Security: heap-use-after-free / double-free in blink::CanvasResourceProvider$50002020-11-04
1106342Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent-2020-11-04
1106507Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2020-11-04
1107824Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self'-2020-11-04
1108091Race condition in NativeFileSystemWriter close logic-2020-11-04
1109467Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask-2020-11-04
1110564v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc-2020-11-04
1090352Security: no user interaction: URL spoofing using blob + @ (iOS)$10002020-11-03
1106299CrOS: Vulnerability reported in net-fs/samba-2020-11-03
1108351Security: Use of conditionally uninitialised stack variable may leak stack state-2020-11-03
1108472Security: UAF in RTCQuicTransport due to iterator invalidation$75002020-11-03
1110214DCHECK failure in !result.IsRetry() in new-spaces.cc-2020-11-03
1102196Security: Keystone for macOS should use auditToken to validate incoming XPC message$100002020-11-02
1108299UaF in NFCHost::GetNFC-2020-11-02
1108497Security: UAF in RemotePlayback due to iterator invalidation (Android only)$75002020-11-02
931013Extension has an ability to execute script in New Tab Page$5002020-10-31
1109108pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect()$75002020-10-31
1109461CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel-2020-10-31
1099276Security: Cursor hijacking mitigation bypass-2020-10-30
1105426Security: Use-after-free in MediaElementEventListener::UpdateSources-2020-10-30
1106091Security: Sending uninitialized bytes between processes-2020-10-30
1106234Security: heap-user-after-free in HidService-2020-10-30
1106682Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList-2020-10-30
1107815Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers-2020-10-30
1108639openh264 is vulnerable to a known vulnerability-2020-10-30
1105720Security: heap-buffer-overflow in SkReader32::readInt-2020-10-28
1139963Security: Heap buffer overflow due to integer truncation in FreeType-2020-10-28
1039882Leaking size of cross-origin resource by caching it twice$20002020-10-27
1103839DCHECK failure in pc_ <= end_ in decoder.h-2020-10-27
1104061UAF in sctp_transport$75002020-10-27
1106773Security: Use-after-free in USB::OnServiceConnectionError-2020-10-27
1102151Security: heap-use-after-free in AllowFrom$50002020-10-26
1104053v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc-2020-10-26
1105283Heap-use-after-free in blink::NGPhysicalFragment::PostLayout-2020-10-26
1076923vtest_fuzzer: Crash in try_setup_line-2020-10-25
1105198Heap-use-after-free in blink::LayoutObject::OutlineRects-2020-10-25
1100669Security: missing WDS fix-2020-10-24
1104322dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-24
1105635Security: use-after-poison when using CSS var() with revert as fallback-2020-10-24
1105723Security: heap-buffer-overflow in Skia-2020-10-24
1106285v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-10-24
1077761Security: TOCTOU race in cupsd.conf init script-2020-10-23
1015310Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs-2020-10-22
1086896CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1087362CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1101152pdfium_embeddertests triggers a use-after-poison in V8-2020-10-22
1101756CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1104103Security: Insufficient data validation in deserialize TransformStream$75002020-10-22
1105815DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h-2020-10-22
1106357Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size-2020-10-22
958521gstoraster: Use-of-uninitialized-value in register_x86_crypto-2020-10-21
1104608Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access$50002020-10-20
1067854Chromium: Vulnerability reported in third_party/binutils-2020-10-19
1103195Security: HeapOverflow in BackgroundFetch$150002020-10-19
1104528Heap-use-after-free in ui::LayerAnimator::OnScheduled-2020-10-19
1104533Security DCHECK failure: i < length() in string_view.h$60002020-10-19
1099568Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable-2020-10-16
1102860cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2020-10-16
1082717CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel-2020-10-15
1101304DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h-2020-10-15
1102408Heap-use-after-free in blink::LayoutBox::FindAutoscrollable-2020-10-15
1103557Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-15
1094699CrOS: Vulnerability reported in sys-libs/glibc-2020-10-14
1097308cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create-2020-10-14
1100247Security: Potential UAF in AndroidCdmFactory-2020-10-14
1101818Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved$60002020-10-14
1102083Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc$60002020-10-14
1102127dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-14
1102137Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h-2020-10-14
1102161CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-10-14
1102609Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-14
1105202Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123)$10002020-10-13
1101883Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc-2020-10-12
1102054Disable (or fix) YUV image decoding before M86 due to use after free-2020-10-10
1096677WebView: Cross-domain content can be fetched from resources loaded by the content scheme-2020-10-09
1101629v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h-2020-10-09
1076786Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer-2020-10-08
1091790dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-10-08
1096170dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-10-08
1029907Security: URL bar spoofing with prompt dialog on iOS$5002020-10-07
1030927Site Isolation Bypass: ClientHints doesn't properly check origin from renderer-2020-10-07
1094453Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal()-2020-10-07
1095560Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted$50002020-10-07
1097484Use-of-uninitialized-value in base::internal::WeakReference::IsValid-2020-10-07
1099621dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer-2020-10-07
1099945Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture-2020-10-07
1099990Security: pdfium heap-buffer-overflow with experimental skia back end-2020-10-07
1100900Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine-2020-10-07
1101079Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr-2020-10-07
1100079Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout-2020-10-05
1094235uaf in extensions$50002020-10-03
1094655Heap-buffer-overflow in vk::Image::copy-2020-10-03
1098179Use-of-uninitialized-value in send_delete_event-2020-10-03
1099974Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-10-03
1094644gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so-2020-10-02
1098606WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent.-2020-10-02
1099446Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function$20002020-10-02
1010756Crash in sw::Renderer::executeTask-2020-10-01
1090543heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed-2020-09-30
1097483Heap-buffer-overflow in sw::Blitter::fastClear-2020-09-30
1092449Cross-domain content can be fetched from resources loaded by the content scheme$200002020-09-29
1096002Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers-2020-09-29
1097442v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h-2020-09-29
1097467v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate-2020-09-29
1097595Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc-2020-09-29
1098243CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel-2020-09-29
1084699[WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue-2020-09-28
1097416Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult>-2020-09-27
1017558pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder-2020-09-26
1037980pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray-2020-09-26
1058716pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2020-09-26
967204Security: dangling markup protection bypass with <portal> element$5002020-09-25
997412Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA)-2020-09-25
1082755Heap UaF in TabStrip::CloseTab$50002020-09-25
1086009Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8$5002020-09-25
1086845Security: Blob ignores charset specified in type attribute$10002020-09-25
1087282XSS in interstitial_common.js leading to UXSS-2020-09-25
1088187Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason-2020-09-25
1090835Security: Full screen notification overlap on Windows and Linux (take two)$5002020-09-25
1093719Container-overflow in content::responsiveness::Watcher::DidRunTask-2020-09-25
1094363Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset-2020-09-25
1094442Background tab can launch PWA or play store page when interacting with any page.-2020-09-25
1095709Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2020-09-25
1095760Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void-2020-09-25
1095927Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio-2020-09-25
1096079Heap-use-after-free in blink::ImageResourceContent::NotifyObservers-2020-09-25
1097028CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel-2020-09-25
1092451Multiple-file download restrictions can be bypassed using Android intents$5002020-09-23
1076703Security: WebRTC: usrsctp is called with pointer as network address-2020-09-22
1095102Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc-2020-09-22
1095589CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel-2020-09-22
1072841heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer-2020-09-21
1092059v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm.-2020-09-21
995732Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit)-2020-09-18
1090519Security: Missing microcode for some Intel platforms-2020-09-18
1092308uaf in extensions$200002020-09-18
1093902paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte-2020-09-18
1086796Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg$75002020-09-17
1087921gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER-2020-09-17
1083128Security: Out-of-bounds write browser crash$50002020-09-16
1092274Security: global-buffer-overflow in bytesPerVertex$10002020-09-16
1084820DCHECK failure in value.IsHeapObject() in objects-debug.cc$50002020-09-15
1091461DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc-2020-09-15
1092553Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8:-2020-09-15
967202Security: bypass file download restrictions using <portal> element-2020-09-14
1083213CrOS: Vulnerability reported in net-vpn/openvpn-2020-09-14
1090173Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf-2020-09-14
1091670Security: heap-buffer-overflow in sk_careful_memcpy-2020-09-14
1091404Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092$20002020-09-12
1065264No validation of origin in initializing CDM-2020-09-11
1082716CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1087158Crash in FidoDiscoveryFactory::ResetRequestState()-2020-09-11
1091180heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions-2020-09-11
1091214CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1039062CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1083819Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target$150002020-09-10
1091213CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1080953CrOS: Vulnerability reported in net-nds/openldap-2020-09-09
980116Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray$30002020-09-08
980172Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView$20002020-09-08
1080622CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1082186CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1087968heap-use-after-free in adhd in asan builds-2020-09-08
1085507v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-09-06
1086890Security: Missing array size check in NewFixedArray-2020-09-06
1081350Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*)$150002020-09-05
1085718Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame-2020-09-05
1087629Upgrade SQLite to 3.32.1-2020-09-05
921015Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator-2020-09-04
1033897Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function-2020-09-04
1067382Security: Sandbox escape via chrome.input.ime$50002020-09-04
1072116Security: Possible for extensions to escape sandbox via devtools watch expressions$100002020-09-04
1080481Security: Skia: Integer Overflow in GrTextBlob::Make-2020-09-04
1081040gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8-2020-09-04
1085989pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator-2020-09-04
1086124Security: UAF in ChromeOS Login$50002020-09-04
1086798V8 Potential Use after free in the function ToPropertyDescriptorFastPath-2020-09-04
944944Infra: Outdated set of root certificates-2020-09-02
1072467Security: arc-setup to be more cautious when moving android data directories-2020-09-02
1075457Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default-2020-09-02
1084839Heap-use-after-free in blink::PaintLayer::~PaintLayer-2020-09-02
1086470CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin-2020-09-02
1052093Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist-2020-09-01
1080444v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h-2020-09-01
1085704gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES-2020-09-01
1085846gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES-2020-09-01
1085990Security: Browser_crash - heap-use-after-free in Payments API-2020-09-01
1056754Security: Browsable Activities expose insecure behaviors on Android-2020-08-28
1074317Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script>$50002020-08-28
1084151v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc-2020-08-28
1085315URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C)-2020-08-28
1085738CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel-2020-08-28
1082105uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest$200002020-08-26
1083793Crash in v8::Isolate::GetCurrentContext-2020-08-26
932892Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field$10002020-08-25
999310Security: OOB Access in V8$100002020-08-24
1016261Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN-2020-08-24
1083157Crash in blink::ReadExifDirectory-2020-08-24
795595Security: chrome.devtools.inspectedWindow.eval executes within privileged pages$20002020-08-22
1082990CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc-2020-08-22
1083525CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp-2020-08-22
1065122heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor-2020-08-21
1067869Chromium: Vulnerability reported in third_party/guava-2020-08-21
1077200CrOS: Vulnerability reported in dev-vcs/git-2020-08-21
1080616CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080618CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080951CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1081086Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren-2020-08-21
1081722Security: memcpy-param-overlap in AudioBuffer::copyFromChannel-2020-08-21
1082597pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus$75002020-08-21
1082727Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct-2020-08-21
1083210CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083211CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083212CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083250CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc-2020-08-21
999311Security: Use after free in MojoCdmService$300002020-08-20
1052492Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer-2020-08-18
1074340Security: javascript URI sandbox flags aren't propagated in a blank string case$10002020-08-17
1079449v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2020-08-17
1081081Security: URL spoofing using slow page loading on iOS$5002020-08-17
1073015Security: UAF in DistillerJavaScriptService (Android)$200002020-08-15
1077491Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues$30002020-08-15
1079398gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler-2020-08-15
1080936Container-overflow in base::internal::Invoker<base::internal::BindState<void-2020-08-15
1080950CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel-2020-08-15
1066731Security: Wrong account password captured-2020-08-14
1072165libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace-2020-08-14
1075496Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout-2020-08-14
1077203Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX-2020-08-14
1077301Security: SELinux/netlink missing access check-2020-08-14
1077477mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-08-14
1077531Security: ChromeOS shill breakout and privilege escalation to root$300002020-08-14
1077754Security: cmd injection into pppd config-2020-08-14
1077780Security: run_oci will execute hooks from config.json on writable file systems-2020-08-14
1078236Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation$60002020-08-14
1078336CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1078671Security: UAF in CaptionHostImpl$200002020-08-14
1078865trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1078867cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts-2020-08-14
1078913DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc-2020-08-14
1079066DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc-2020-08-14
1080447trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1080617CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080620CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080621CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel-2020-08-14
946156Security: Chrome (Mac OS X) - Arbitrary File Permission Modification$5002020-08-12
1077501Segv on unknown address in blink::StyleCascade::ApplyInterpolation-2020-08-12
1078399v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-08-12
1050003CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel-2020-08-11
1071311Security: OOB Write In SkBitSet::set-2020-08-11
1071729Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com)-2020-08-11
1076708OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor$75002020-08-11
1072474Security: cros_disks sshfs allows injection of symlinks-2020-08-10
1001870gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group-2020-08-07
1036706gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new-2020-08-07
1076030hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-08-07
1065731audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header-2020-08-06
1070066Security: Displaying a page action popup from the omnibox prevents an infobar from displaying$5002020-08-06
1075719v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable-2020-08-06
1076442DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h-2020-08-06
1029569sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0$30002020-08-05
1072233Security: ChromeOS root privilege escalation and persistence$450002020-08-05
1072276login_manager command execution via policy-injected flags-2020-08-05
1073602SCTP stack buffer overflow from malicious AUTH chunks-2020-08-05
1074586DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2020-08-05
1074706uaf in TabSharingInfoBarDelegate$150002020-08-05
1074655Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity-2020-08-05
1075953DCHECK failure in *available != 0 in assembler-arm.cc-2020-08-05
1007343vtest_fuzzer: Crash in try_setup_line-2020-08-04
1069246iOS: Omnibox doesn't display blob: origin for long URL$15002020-08-04
1069964Security: Check failed: receiver.IsJSFunction().-2020-08-04
1070094ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1070480Security: use-of-uninitialized-value in sse2::lowp::gather-2020-08-04
1072253Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos$300002020-08-04
1072470Security: cups shouldn't be running with gid=0-2020-08-04
1074532minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process-2020-08-04
1075777ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1075952ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std-2020-08-04
1073553Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1>-2020-08-03
1074621DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h-2020-08-03
843095Chrome Url Spoofing via Interstitial content overwrite$20002020-08-01
978779Chromium uses expired certificate for Baltimore CyberTrust-2020-08-01
1074190net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata-2020-08-01
961644Heap-buffer-overflow in courgette::Read32LittleEndian-2020-07-31
1073981DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-07-31
1073409XSS on chrome://histograms/ with a compromised renderer-2020-07-30
985551Crash in sw::Thread::Thread-2020-07-29
1057441sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode-2020-07-29
1072171Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax$75002020-07-29
1072885Security: arcvm-server-proxy command injection-2020-07-29
1072983use-after-free in BlobRegistryImpl(browser process)$200002020-07-29
1073263DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc-2020-07-29
1064676full CSP bypass while evaluating a javascript-URL in iframe.$30002020-07-29
634183Malformed CSP is not reported in the console and protection is disabled.-2020-07-28
1071059Security: Blink - Type Confusion with Custom Element$75002020-07-28
873178Security: Chrome allows setting arbitrary HTTP headers-2020-07-28
633348CSP can be abused to disclose line/column numbers across origins-2020-07-27
992698Security: Bypass the CSP when popup with "javascript:"-URL$5002020-07-27
1072115v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode-2020-07-27
1016278Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand-2020-07-25
1042986iframe in victim page can detect Scroll To Text Fragment activation-2020-07-25
1071711v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h-2020-07-25
986051Security: Use-after-free of CommandLineAPIScope object$30002020-07-24
1070609Security: UAF in the blink.mojom.SmsReceiverPtr interface$100002020-07-24
1071454Security DCHECK failure: IsA<Derived>(from) in casting.h$60002020-07-24
1025302Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes-2020-07-23
1040490CrOS: Vulnerability reported in net-dns/dnsmasq-2020-07-23
1049040dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init-2020-07-23
1062861heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry-2020-07-23
1063690Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing$5002020-07-23
1064891use after free in mojom::ClipboardHost$100002020-07-23
1068084Security: Use after free in WebRTC$75002020-07-23
1068531Security: Character “⠀” (U+2800) should be converted into code.$5002020-07-23
1068609dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-07-23
1069079dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-23
1069757CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel-2020-07-23
1070012Chromium: Vulnerability reported in third_party/sqlite-2020-07-23
1070199[wasm] Disable native module cache to fix stability issue on M-81-2020-07-23
967925Security: BLE Hijacking with Smart Unlock/Magic Tether-2020-07-21
1069700Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot$50002020-07-21
1069789Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown$75002020-07-21
1070054Security: input audio html5 tag makes chrome ios crashes-2020-07-21
1065298UAF in base::SupportsUserData::SetUserData$200002020-07-18
1068542CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel-2020-07-18
1055933heap-use-after-free : ProfileIOData::FromResourceContext-2020-07-16
1064519Security: DevTools doesn't fully validate channel messages it receives$30002020-07-16
1068395Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost-2020-07-16
1067851Security: UAF in Speech Recognizer$250002020-07-15
1068466dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus-2020-07-15
840361Security: mount-encrypted may leak stateful encryption key across dev mode transition-2020-07-14
1016543Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo-2020-07-14
1053939V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt-2020-07-14
1057461dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-07-14
1068509CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-07-14
1055583dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-07-13
1061687dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-13
1067980Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-13
1010770Crash in hsw::lowp::gather_NUMBER-2020-07-12
1055746Security: CVE-2020-2732: Nested VMX vulnerability-2020-07-12
1059577Security: Possible to escape sandbox via devtools_page$30002020-07-11
1060023Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239-2020-07-10
1065186UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture$50002020-07-10
1065761Security: Copy & paste XSS via noscript$50002020-07-10
981114Security: BT Classic Pairing Hijack-2020-07-08
1059955dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2020-07-08
1061933aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion-2020-07-08
1061235Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor-2020-07-07
1064429Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar-2020-07-07
1065704Security: UAF in WebSocket Network Service$200002020-07-07
1065772ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator()-2020-07-07
1058895Security: Slow Read HTTP Attack$5002020-07-06
1040755Security: Another "universal" XSS via copy&paste$20002020-07-03
1062868heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount-2020-07-03
1064898Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput-2020-07-03
978632heap-use-after-free : sctp_release_pr_sctp_chunk-2020-07-02
990581Security: Security: CSP does not propagate to blob: URIs$5002020-07-02
1060559[Web NFC] Block YubiKeys-2020-07-02
1061682Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-02
1019161UAF In ProcessManager$75002020-07-01
1064112Segv on unknown address in blink::Internals::getAgentId-2020-07-01
1067270Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044)$50002020-07-01
1063177Declarative Net Request: Potential use after free while reindexing rulesets.-2020-06-30
1054229media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec-2020-06-28
1059764Security: container-overflow in MediaStream mojo-2020-06-26
1060549Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA)$75002020-06-26
1062247Incomplete fix of 1055788 and 1057627-2020-06-26
1032531CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1034223CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1035370CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1037730Security: Full screen notification overlap on Windows and Linux$5002020-06-25
1038580CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1038884CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040055CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040488CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1052647Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate)-2020-06-24
1061878dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy-2020-06-24
1059533use-after-free in web_graphics_context_3d_provider_wrapper$20002020-06-23
933171Trusted Types bypass with blob and meta refresh-2020-06-20
933172Trusted Type bypass with SVG-2020-06-20
1004106Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs$75002020-06-20
1020026Security: 'Press Esc to exit fullscreen' covered up by a popup page$10002020-06-20
1030901Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer-2020-06-20
1042210Security: fullscreen notification spoof (repro issue 882812)$5002020-06-20
1045787Security: ChromeDriver is vulnerable to CSRF attack-2020-06-20
1055303Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange-2020-06-20
1059669Out-of-bounds read in WebSQL$30002020-06-20
1059686UaF in DeferredTaskHandler::BreakConnections(2)-2020-06-20
1060548CrOS: Vulnerability reported in app-arch/libarchive-2020-06-20
1060647Security: WebRTC certificate parsing-2020-06-20
1061018UaF in DeferredTaskHandler::ProcessAutomaticPullNodes-2020-06-20
1061154gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo-2020-06-20
1061231net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime-2020-06-20
1061389gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl-2020-06-20
1058515Chrome fetches DevTools stuff using insecure http protocol-2020-06-16
1059349Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init-2020-06-16
1059472v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2020-06-16
1030909Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer-2020-06-15
1046021CrOS: Vulnerability reported in media-libs/opencv-2020-06-15
1055524Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated-2020-06-15
1056222MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF-2020-06-15
785159Wrong origin shown for permission prompts after navigations that lead to interstitials$5002020-06-13
1054966Policy page opens a file dialogue even if the Allow​File​Selection​Dialogs policy is set to false$5002020-06-13
1059187Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable-2020-06-13
1057418skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y-2020-06-12
1058653Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA)$50002020-06-12
1054732Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole-2020-06-10
1055869Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText$50002020-06-10
1057593UaF in DeferredTaskHandler::BreakConnections-2020-06-10
1057627UaP in AudioScheduledSourceHandler::NotifyEnded-2020-06-10
1038527cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free-2020-06-09
1054260heap-use-after-free : content::FileChooserImpl::~FileChooserImpl-2020-06-09
1057309use-after-move in BinaryUploadService::UploadForDeepScanning-2020-06-09
1057369Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision-2020-06-09
1055131Crash in Builtins_ArgumentsAdaptorTrampoline-2020-06-07
1056273Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject-2020-06-06
1056154Chromium: Vulnerability reported in third_party/sqlite-2020-06-05
1056440Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider-2020-06-05
986108Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState$10002020-06-04
1035315iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions$10002020-06-04
1055788UaP in IIRFilterHandler::Process-2020-06-04
1056152CrOS: Vulnerability reported in app-arch/libarchive-2020-06-04
1056153CrOS: Vulnerability reported in dev-libs/libpcre2-2020-06-04
965611Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open$10002020-06-03
976767Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget-2020-06-03
1034519Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost-2020-06-03
1041406UAF in chrome!content::FrameTreeNode::~FrameTreeNode$200002020-06-03
1054466v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h-2020-06-03
1055124Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055142Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055223Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing-2020-06-03
1055338Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue-2020-06-03
1055692v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push-2020-06-03
1056044ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads-2020-06-03
949913Use-after-free in CXFA_FFComboBox::OnProcessEvent$30002020-06-02
1054765Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute-2020-06-02
1055128Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian-2020-06-02
1055221Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-02
1055393UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode$200002020-06-02
1055713Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily-2020-06-02
1054139gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect-2020-05-30
982193Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent$50002020-05-29
1026991pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget$50002020-05-29
1045803rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo-2020-05-29
1047838Missing browser-process permission checks for WebNFC-2020-05-29
1050046ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2020-05-29
1054733Use-after-poison in blink::LayoutObject::ViewRect-2020-05-29
1054785Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument-2020-05-29
990897Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus$75002020-05-28
1031152cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le-2020-05-28
1031153cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create-2020-05-28
1040329heap use-after-free in CFDE_TextEditEngine::Insert$75002020-05-28
1051748Use-after-poison in WebGLRenderingContextBase$85002020-05-28
1052651Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar$75002020-05-28
1052786Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData$75002020-05-28
1053617Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA)$75002020-05-28
1054429Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA)-2020-05-28
453937Cross origin access with exception object + full exploit$256332020-05-27
583431Universal XSS in DocumentLoader::createWriterFor + full-chain exploit$256332020-05-27
1041749Security: tel: protocal spoofing 2$5002020-05-27
1050996Security: MediaElementAudioSourceNode bypasses CORS checks$10002020-05-27
1051017Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi-2020-05-27
1042566Security: Use After Free in Deserializer::DeserializeDeferredObjects-2020-05-26
1051368navigator.sendBeacon doesn't make CORS preflight request-2020-05-26
1051439Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS-2020-05-26
1034023Check Raw Clipboard permission and feature flag browser-side-2020-05-24
1041330Security: use-of-uninitialized-value in containsNoEmptyCheck-2020-05-24
1040046Security: Investigate "Zero length" BIOS write protect range UMA reports-2020-05-24
1045931Security: General check for streams not checking states correctly-2020-05-24
1048555Use after free in CodeSerializer::Deserialize$5002020-05-24
1050011Security: URL Spoof in Android PageInfo-2020-05-24
1051075libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String-2020-05-24
1051564libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::-2020-05-24
1051912DCHECK failure in 1 == map_.count(key) in wasm-engine.cc-2020-05-24
1052442Windows: Potential UaF In Job Object Notification.-2020-05-24
1052576CHECK failure: locale__value.IsString() in class-verifiers-tq.cc-2020-05-24
995566Heap-use-after-free in ChromePasswordManagerClient::OnPaste-2020-05-21
1048038Use after free in Logger::MapEvent$5002020-05-21
1003501PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent$60002020-05-20
1044277Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame$5002020-05-20
1049510Unexpected reveal of service worker interception by using nextHopProtocol$20002020-05-20
1050419Security: Use-after-poison in AudioWorkletNode$75002020-05-20
1051462CrOS: Vulnerability reported in app-text/poppler-2020-05-20
1049581Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0)-2020-05-19
1050756Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access$5002020-05-19
1033972Segv on unknown address in views::FocusSearch::FindNextFocusableView-2020-05-16
1050090Fix security vulnerability in PaintController on subsequence under-invalidation-2020-05-16
925834Security: seneschal allows bind-mounting arbitrary paths into 9p subtree-2020-05-15
1043603use-after-poison in mojo::MessageDispatcher$50002020-05-15
1048473Use-after-destroy in WebAudio$75002020-05-15
1049129rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul>-2020-05-15
998514Security: buffer overflow in modprobe-2020-05-14
1036373CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1036376CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1044570Security: SEGV_MAPERR with Intl.ListFormat and long strings$50002020-05-14
1047942CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel-2020-05-14
1031670☂ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts")-2020-05-13
1045386CrOS: Vulnerability reported in sys-fs/e2fsprogs-2020-05-13
1047911rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo-2020-05-13
1047914pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems$10002020-05-13
1047932rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-13
1048005rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject-2020-05-13
1048013rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-13
1048024rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate-2020-05-13
1032158Security of some component extensions relies on untrustworthy MessageSender.id-2020-05-12
1040700heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew-2020-05-12
1047285Security of media-router built-in extension relies on untrustworthy MessageSender.id-2020-05-12
1048241v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-12
966507Possible Sec-Fetch-Site bypass via PaymentRequest-2020-05-11
1046019CrOS: Vulnerability reported in app-arch/libarchive-2020-05-11
639322Automation API leaks tab URLs$5002020-05-09
1010844CXFA_FFPageView Use After Free$50002020-05-09
1041190CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1042915pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect$10002020-05-09
1043965Security: Possible to navigate to extension resources not listed in web_accessible_resources$10002020-05-09
1045225v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-09
1045487rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs-2020-05-09
1045738sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64-2020-05-09
1046995rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-09
1047024rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047054heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner-2020-05-09
1047095rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate-2020-05-09
1047097PDFium: Apply fix for CVE-2020-8112-2020-05-09
1047156CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1047165rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047264rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-09
1047355Crash in v8::internal::StringHasher::HashSequentialString<char>-2020-05-09
1047368DCHECK failure in name->IsFlat() in factory.cc-2020-05-09
851302UI/URL Spoofing by opening popups and putting the background page into fullscreen$30002020-05-07
852645requestFullscreen should consume user activation to prevent UI/URL spoofing$10002020-05-07
977872pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert-2020-05-07
1047074DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_-2020-05-07
1006012Security: URL bar spoofing on iOS$5002020-05-06
1034225CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1034228CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1043443CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-05-06
1044331Use-after-poison in blink::SecurityContextInit::SecurityContextInit-2020-05-06
1045812Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets-2020-05-06
1045797Use-of-uninitialized-value in v8::internal::JSFunction::ToString-2020-05-06
1045874Security: OOB access in ReadableStream::Close-2020-05-06
1046026vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch-2020-05-06
1046098Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership-2020-05-06
1046321CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1045703transfer_cache_fuzzer: Crash in GrConvertPixels-2020-05-03
1045719gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16>-2020-05-03
1045721gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16-2020-05-03
1045722gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-05-03
1045723transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy-2020-05-03
1045757gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer<-2020-05-03
1043070CrOS: Vulnerability reported in dev-db/sqlite-2020-05-02
1043095dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor-2020-05-02
868145Security: Loading mixed content without insecure warning$5002020-05-01
1033824Security: Unquoted Path in user Chrome Updater registry key-2020-05-01
1035271Security: 3D CSS transform and drop-shadow can draw over address bar$30002020-05-01
1045388CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel-2020-05-01
1035399Security: Site Isolation bypass in BlobURLStoreImpl::Register-2020-04-30
1041828Potential UaF in NavigationPredicator-2020-04-30
1042091Warn Chrome on downloads of for all .HTA files-2020-04-30
1042145Null-dereference READ in sqlite3VdbeExec-2020-04-30
1042578Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results)-2020-04-30
1042700Security: SQLite CVE-2019-19926$5002020-04-30
1042879Security: Data race in AudioArray::Allocate can lead to OOB access-2020-04-30
1042956pdfium (XFA): UAF in CXFA_Node::HasFlag$50002020-04-30
1043508pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList$50002020-04-30
1043510pdfium (XFA): wild-addr-read in GetWordBreakProperty$75002020-04-30
1044379Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup-2020-04-30
1031479Security: Debug check failed: has_feedback_vector()$20002020-04-28
1041222Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-28
1042535Security: webrtc: out-of-bounds write in FEC extension processing-2020-04-28
1042933Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension-2020-04-28
1039241Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically-2020-04-27
1043530Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea-2020-04-27
1025521Security: <portal>s with an autofocus element get focus$5002020-04-24
1029437pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap$50002020-04-24
1041411heap-buffer-overflow in HRTFKernel$5002020-04-24
1041546Security: linux shell has all inheritable capabilities set by default-2020-04-24
1042254Security: More UaFs in WebAudio-2020-04-24
1029829gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit-2020-04-23
1030167Crash in v8::internal::Simulator::LoadStorePairHelper-2020-04-23
1038828Heap-use-after-free in net::URLRequestContext::CreateRequest-2020-04-23
1039470Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants-2020-04-23
1039869Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards$50002020-04-23
1040883Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2020-04-23
1041174Heap-use-after-free in views::NativeWidgetAura::Close-2020-04-23
1031909SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline)$20002020-04-21
1033771Security: Debug check failed: is_valid(value).-2020-04-21
1034695third_party/sqlite version 3.30.1 is vulnerable-2020-04-21
1037889From secure page it is navigating to insecure page.$10002020-04-21
1038036Security: Cross-Origin (Partial) Status Code Leakage$10002020-04-21
1040325CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc$20002020-04-21
1040489CrOS: Vulnerability reported in app-editors/vim-2020-04-21
1041210CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc-2020-04-21
1041240DCHECK failure in 0 <= length in factory.cc-2020-04-21
1041303pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget$5002020-04-21
1041616DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac-2020-04-21
1062091Security: UAF in InstalledAppProviderImpl (Desktop)$250002020-04-20
894477Security: Extensions can continue to temporarily execute code and access file after being uninstalled$5002020-04-18
997515Security: Use-after-free in CXFA_FFDocView::SetFocus$50002020-04-18
1018677Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort$50002020-04-18
1020745Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118$5002020-04-18
1031679Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-18
1030415DCHECK failure in !HasOptimizedCode() in js-objects.cc-2020-04-18
1032677Crash in v8::internal::Isolate::GetCodeTracer-2020-04-18
1033461sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator-2020-04-18
1037703Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame-2020-04-18
1036667Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2020-04-18
1037872Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo-2020-04-18
1038243Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr-2020-04-18
1038489pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object-2020-04-18
1038863Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925-2020-04-18
1039059CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel-2020-04-18
1039159mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-18
1040080Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution$5002020-04-18
1040403DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040444DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040493CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel-2020-04-18
633352Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically.$10002020-04-15
803365Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site$20002020-04-15
959194Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2020-04-15
995081Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus$50002020-04-15
1029865heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder-2020-04-15
1038019Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost-2020-04-15
1038178Security: Missing deoptimization information for OptimizedFrame::Summarize-2020-04-15
1039629Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged$75002020-04-15
710190Security: Reloading the content of a changed file-2020-04-14
809350Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache-2020-04-14
991217Security: Memory access violations when setting a breakpoint at a specific location-2020-04-14
991899Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus$75002020-04-14
1014371Security: iframe sandbox can be worked around via javascript: links and window.opener$30002020-04-14
1035464Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run-2020-04-14
1021871cras_rclient_message_fuzzer: Null-dereference READ in pthread_create-2020-04-13
1031697AutofillAssistantFacade.callerIsOnWhitelist() is not secure-2020-04-13
609527Make sure active mixed content and broken-https subresources do something reasonable on weird origins-2020-04-11
1034299media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-11
1034480CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid-2020-04-11
1030411JavaScript injection via malicious WebExtension in CWS$50002020-04-10
1030892Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer-2020-04-10
1033795UAF in blink::PaintLayer::CommonAncestor$50002020-04-10
1035058Security: Autocomplete preview text leak #4: using ::first-line pseudo-element$50002020-04-10
1036697CrOS: Vulnerability reported in dev-db/sqlite-2020-04-09
1031142Security: ☂ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-04-08
999114CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel-2020-04-07
999115CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel-2020-04-07
1034563Heap-use-after-free in views::BoundsAnimator::AnimationProgressed-2020-04-07
1036604CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel-2020-03-30
714617Security: chrome.tabs.executeScript can reveal Chrome's profile path$5002020-03-28
1035779Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal-2020-03-28
639173ignored TLS errors propagate from webview to main browser$5002020-03-27
959571Security: Mixed content state reset when navigating back$5002020-03-27
1033407Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent$20002020-03-27
1035371Chromium: Two Vulnerabilities reported in sqlite 3.30.1-2020-03-27
571546Security: Prompt boxes steal focus in popups-2020-03-26
1025700CrOS: Vulnerability reported in media-libs/tiff-2020-03-26
1028722sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint$30002020-03-26
1029002sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty-2020-03-26
1029027sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint-2020-03-26
1029210sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2020-03-26
1029506sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop-2020-03-26
1031112CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1032170Use browser-side URL to verify if extension messaging connection is allowed-2020-03-26
1033395Security:Wrong assumption lead to Use After Free in deserializer.cc$5002020-03-26
1034745Security: QuicStreamFactory incorrectly installs NullDecrypter-2020-03-26
1035331DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h-2020-03-26
1035373CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1035723Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay-2020-03-26
1032090pdfium: use-of-uninitialized-value in CRYPT_AESSetKey$20002020-03-24
1033841Security: Debug check failed: IsNumber().-2020-03-23
1034394A null pointer dereference has been discovered in V8 compiler which affects the latest version.$50002020-03-23
1015693net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody-2020-03-21
1032422Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent$50002020-03-21
1033974DCHECK failure in 0 <= at_least_space_for in objects.cc-2020-03-21
1034167DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc-2020-03-21
1023810use-after-poison in webaudio$100002020-03-20
1029462use-after-free in AudioWorklet$75002020-03-20
1029530CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen-2020-03-20
1032548Security: heap-buffer-overflow in AudioDelayDSPKernel::Process-2020-03-20
1033260Heap-use-after-free in net::VerifyWithGivenFlags-2020-03-20
1026546Security: Steal any local picture when open a local html file$10002020-03-19
1029375Security: extensions with downloads.open permission can execute code on the device using .fileloc files$5002020-03-19
1031895Security: ReadableStream::pipeTo do not check IsLockedStream-2020-03-19
1032054Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment)-2020-03-19
1032906Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence-2020-03-19
1033092mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-19
1013906Security: expose stored (in cache) cross-site response's size$5002020-03-18
1029612audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-18
1030381Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-18
1031653Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-03-18
1019732Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process-2020-03-17
1032534CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel-2020-03-17
922882Security: Possible load of unitialized memory in WebRtcAec_Create-2020-03-16
1022044cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString-2020-03-14
1029054cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc-2020-03-14
1030660CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-03-14
1031102CrOS: Vulnerability reported in app-arch/libarchive-2020-03-14
1031523pdfium (XFA): oob read in HTMLSTR2Code$25002020-03-14
875503Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction$5002020-03-13
968303heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle-2020-03-13
1027408Security: tel: URL scheme reference origin spoof on Windows and Linux$20002020-03-12
1029414Security: The sharing dialog can appear over the wrong tab (spoof)$20002020-03-12
1030583Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword$5002020-03-12
1030912v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long>-2020-03-12
1029565pdfium (XFA): oob read in EncodeXML$20002020-03-11
1029576Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount().-2020-03-11
1029617gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-11
1018629Use-of-uninitialized-value in SkPngEncoder::onEncodeRows-2020-03-10
1025470Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read)-2020-03-10
1025471Security: Negative size passed to memcpy() in fts3IncrmergePush-2020-03-10
1025472Security: Memory leak in fts4, matchinfo()-2020-03-10
1027426Security: UaF in BrowserTabStripController::AddNewTabInGroup()-2020-03-10
1028152Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$30002020-03-10
1028208DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc-2020-03-10
1029338DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-10
1025463Security: TFC2019 - Multiple issues in sqlite (Tracking Bug)-2020-03-09
1028863v8: Wrong JIT code that triggers SIGTRAP at runtime$50002020-03-09
1029129Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-09
1026911gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-03-07
1027065gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-07
1027470gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-03-07
1023807Update WHL microcode to enable kernel TAA mitigations-2020-03-06
1025489use-after-poison in base::internal::WeakReferenceOwner::Invalidate()$50002020-03-06
1028862Trap in Builtins_InterpreterEntryTrampoline$50002020-03-06
1017871Security: Injecting styles via copy-and-paste$100002020-03-05
1021431Heap-use-after-free in content::GpuBenchmarking::Freeze-2020-03-05
1022278render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText-2020-03-05
1023843CVE-2019-2201: libjpeg-turbo: code execution-2020-03-05
1024182Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155)-2020-03-05
1028172agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio-2020-03-05
1029174DCHECK failure in *result == *match_info in js-regexp.cc-2020-03-05
1029200Crash in v8::internal::OrderedHashSet::ConvertToKeysArray-2020-03-05
708595Security: Print Preview allows spoofing on other tab$5002020-03-04
1026994Security: EC host commands leaking stack to AP userspace-2020-03-04
1027025DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed-2020-03-04
1027176Check feature policy for payment in the browser.-2020-03-04
1028809audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16-2020-03-04
1028614audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write-2020-03-04
990428Tighten IDN policy for Kana + Latin domains-2020-03-03
1016506heap-buffer-overflow : WebRtcSpl_DownsampleFastC-2020-03-03
1023095zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan-2020-03-03
1023183zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-03-03
1025255hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-03-03
1025464Security: SQLite defense-in-depth bypass-2020-03-03
1025465Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext-2020-03-03
1025466Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad-2020-03-03
1026729DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-03
1026909DCHECK failure in name.IsUniqueName() in stub-cache.cc-2020-03-03
1027109DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc-2020-03-03
1027498CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc-2020-03-03
1027926Security: v8 Debug check failed: ResumeJumpTargetsAreValid().-2020-03-03
1028092agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain-2020-03-03
1028181DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc-2020-03-03
1028191CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2020-03-03
1028207Security: Debug check failed: !Heap::InYoungGeneration(name)-2020-03-03
1028396CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o-2020-03-03
1028475DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc-2020-03-03
968809Security: Clear rollback info from FPMCU stack when accessed-2020-02-29
1026918pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData$20002020-02-29
1027410DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h-2020-02-29
1027650net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode-2020-02-29
1027707transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-02-29
1021677Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2020-02-28
1024741transfer_cache_fuzzer: Crash in SkRectMemcpy-2020-02-28
1025209net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode-2020-02-28
10254672 Vulnerabilities in websql & sqlite (Tracking Bug)$20002020-02-28
1025911transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels-2020-02-28
1026354gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-28
1027152Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted-2020-02-28
1027292Security: import maps are executed as classic scripts when the import map's flag is disabled-2020-02-28
884693Security: IDN URL Spoofing with using "ы"$5002020-02-27
896453Domain spoof using unicode characters that look like numbers-2020-02-27
1025442Security: IDN spoof with Latin Middle Dot (U+00B7)-2020-02-27
1025468DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2020-02-27
1026500Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2020-02-27
1027045Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf-2020-02-27
930683Security: Broadcom Bluetooth firmware vulnerability-2020-02-26
954207Heap-buffer-overflow in s_RLE_process-2020-02-26
1015518spvtools_as_fuzzer: Bad-free in spvBinaryDestroy-2020-02-26
1015697spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp-2020-02-26
1024256Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input-2020-02-26
1025067UaF in BluetoothAdapter::OnDiscoveryChangeComplete$200002020-02-26
1025109Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-02-26
1026479CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c-2020-02-26
1053604Security: Incorrect side effect modelling for JSCreate-2020-02-26
1024758Security: OOB Write in ReduceRegExpPrototypeTest$75002020-02-25
1025502gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8>-2020-02-25
1018493ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-02-24
1022695Crash in Builtins_InterpreterEntryTrampoline-2020-02-24
1023144ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-24
1024736transfer_cache_fuzzer: Crash in GrConvertPixels-2020-02-22
1024762gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-22
881675Chrome v69 URL Spoof via FILE_SCHEME$5002020-02-21
1022466render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65-2020-02-21
1023853use after poison in rtc_rtp_sender_impl.cc$50002020-02-21
1024099CHECK failure: bytes <= NUMBER in runtime-typedarray.cc-2020-02-21
1024116Out-of-bounds access in WebBluetoothServiceImpl$200002020-02-21
1025089Security: Fix number of arguments being passed when setting the thread name on Windows.-2020-02-21
999956Security: U2F misses reloading hardware binding secrets after deep sleep-2020-02-20
1013669Security: USBGuard accepts D-Bus messages from any-2020-02-20
1019616wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate-2020-02-20
1022554render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText-2020-02-20
1022598render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1022855Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read.$30002020-02-20
1022893render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1023442ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator-2020-02-20
1023941heap-use-after-free : views::View::SetBackground-2020-02-20
1024121Heap-use-after-free in WebBluetoothServiceImpl$200002020-02-20
1016106hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-02-19
1017793vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock-2020-02-19
1021855Download Protection bypass-2020-02-19
1023351Use-after-poison in blink::EventListenerMap::Find-2020-02-19
1023972DCHECK failure in 4 == kSystemPointerSize in code-generator.cc-2020-02-19
1016703DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array--2020-02-18
1007414Security: Tracking Chrome OS running e2fsck on an untrusted file system?-2020-02-17
1020031CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2020-02-17
699342Security: //components/search_engine appears to be parsing arbitrary XML in the browser process-2020-02-15
754304UI Spoofing in External Protocol confirmation$10002020-02-15
947876pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum$25002020-02-15
968505Security: Domain name spoofing on Unicode top-level domains-2020-02-15
984513The Permission for an important activity is set to null, as the result it can launched by any app.$10002020-02-15
997724trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-02-15
1005596Security: tel: URL scheme reference origin spoof$20002020-02-15
1013882Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font$50002020-02-15
1015872libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse-2020-02-15
1015858libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array-2020-02-15
1015881zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-02-15
1016092hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-02-15
1016099arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2020-02-15
1016103runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc-2020-02-15
1016168libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature-2020-02-15
1016813cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree-2020-02-15
1017020heap-use-after-free : libusb_get_next_timeout-2020-02-15
1017494Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA)$75002020-02-15
1017256cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString-2020-02-15
1017707Security: Phishing with Unicode Domains$5002020-02-15
1017797cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2020-02-15
1017961Heap-use-after-free in blink::AudioNodeOutput::Pull-2020-02-15
1018512ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1019648v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val-2020-02-15
1020533DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc-2020-02-15
1020906ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1021457Security: Out of bounds index in array in function parameters$30002020-02-15
1021919Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult-2020-02-15
1022558Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted-2020-02-15
856927Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled.-2020-02-06
925035CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|.-2020-02-06
1017695spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run-2020-02-06
1018528Flickering WebGL with {alpha:false} on mali-400$5002020-02-06
1018871DCHECK failure in !has_pending_exception() in isolate.cc-2020-02-06
1000887Crash in v8::internal::Simulator::LoadStorePairHelper-2020-02-05
1014607Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState-2020-02-05
1017441Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document$50002020-02-05
1019226Security - UAF in OfflineAudioContext$133702020-02-05
1019544gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-02-05
1019553gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-02-05
1019565gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-02-05
1008312heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy-2020-02-04
1010526Security: URL bar spoofing with using a file:/// URL$5002020-02-04
1017918Heap-buffer-overflow in hsw::store_NUMBER-2020-02-04
1008470Security: AV in blink::ReadableStreamNative::Trace-2020-02-03
1018565Use-of-uninitialized-value in v8::internal::compiler::Hints::Add-2020-02-03
1011600PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context$5002020-01-31
1016167powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of-2020-01-31
1016169vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString-2020-01-31
1017564Security: URL bar spoofing on iOS with a very long URL$20002020-01-31
1016061Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-30
1016100ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-01-30
1016109ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message-2020-01-30
1016111ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-01-30
1016393v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-30
1016436Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext-2020-01-30
1017061v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc-2020-01-30
1015864trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t-2020-01-29
1016166dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice-2020-01-29
1016450DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2020-01-29
993706Security: Possible to obtain results of queryObjects using custom devtools formatters-2020-01-28
1016038Security: IndexedDB transactions should be inactive during structured serialization-2020-01-28
1016165Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process-2020-01-28
1016515Unknown signal in Builtins_InterpreterEntryTrampoline-2020-01-28
1010581Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-27
1015945CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2020-01-27
1013868Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList$75002020-01-25
1015070net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange-2020-01-25
1015129net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage-2020-01-25
1015567Null-dereference READ in v8::internal::VariableProxy::var-2020-01-25
971917Site Isolation: Multiple restriction bypasses in register​Protocol​Handler$30002020-01-24
1011950Security: "universal" XSS via copy&paste$20002020-01-24
1013418Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton-2020-01-24
1015042chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal-2020-01-24
1015256rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli-2020-01-24
1015791Use-of-uninitialized-value in v8::internal::Scope::Scope-2020-01-24
696208Security: Chrome extension is disabled by crafted chrome-extension:// URL$5002020-01-23
853670SameSite cookies leakage via child browsing context$10002020-01-23
1013823zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan-2020-01-23
1013871zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-01-23
1014834v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-23
1010518Security: AbsentPlaster bug on Chrome OS-2020-01-22
1013490Heap-use-after-free in blink::LayoutObject::IsDescendantOf-2020-01-22
944619Security: CORB not enforced for WebSocket requests$100002020-01-21
1013920Security: Debug check failed: is_wasm_memory_.-2020-01-21
1010569Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl-2020-01-20
467329Popups can be moved below the taskbar in windows$5002020-01-18
990867Cross-origin-read attack by using an audio tag to download a cross-origin resource$5002020-01-18
1012055Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo:-2020-01-18
1012579CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t-2020-01-18
1012663Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-18
1012727Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-18
1013048Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes-2020-01-18
1013485Heap-use-after-free in performance_manager::GraphImpl::AddNewNode-2020-01-18
981100Security: ChromeVox exposes browser text from locked screen-2020-01-17
999932Security: Possible to spoof URL through use of document.open$5002020-01-17
1001503Security: UaF in Aura$200002020-01-17
1004212Security: Insecure Chrome download allows malicious software to change downloaded file integrity-2020-01-17
1004458Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2020-01-17
1005218Security: Multiple file download protection bypass 2$10002020-01-17
1007334Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)$20002020-01-17
1010765Security: URL in Omnibox doesn't always match page content on iOS-2020-01-17
1013013CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-01-17
1013042Security: Debug check failed: Smi::IsValid(value)$50002020-01-17
1013058DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2020-01-17
1013135DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-01-17
954219Heap-use-after-free in pdf14_decrement_smask_color-2020-01-15
984327gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark-2020-01-15
993415Use-after-poison in blink::Node::EnsureEventTargetData$30002020-01-15
1003316CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel-2020-01-15
1008947Heap-use-after-free in AvatarMenu::~AvatarMenu-2020-01-15
1011596javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h-2020-01-15
1011677heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter-2020-01-15
1011980DCHECK failure in effect_edges > 0 in verifier.cc-2020-01-15
1012580Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect-2020-01-15
1001854CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003325CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003326CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1010379Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2020-01-12
1010477Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2020-01-12
1010759Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-12
1011267Heap-use-after-free in blink::PaintLayer::CompositingContainer-2020-01-12
1011603Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation-2020-01-12
1010690Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged-2020-01-11
1010703dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl-2020-01-11
1010706Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-11
1011294net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver-2020-01-11
1007194Security: Use after free in MojoCdmProxyService$50002020-01-09
1009458Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue>-2020-01-09
918674Security: CVE-2018-19664 in libjpeg-turbo-2020-01-08
948445Security: multiple issues in SafeSetID LSM-2020-01-08
957314ClientNativePixmap implelementations don't validate handles-2020-01-08
974375ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size-2020-01-08
1005251Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription$75002020-01-08
1005635transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER-2020-01-08
1010026Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-08
981649Use-of-uninitialized-value in send_delete_event-2020-01-07
1004341Security: Upgrade expat to 2.2.8$5002020-01-07
1005615transfer_cache_fuzzer: Heap-buffer-overflow in load2-2020-01-07
1005630transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16-2020-01-07
1005948Security: Headers are processed for aborted requests when passed through service worker$5002020-01-07
1008419Crash in blink::MarkingVisitorBase::Visit-2020-01-07
1008632Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)-2020-01-07
1009207Crash in blink::HeapObjectHeader::CheckHeader-2020-01-07
1009260pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free-2020-01-07
1009278Crash in blink::DOMWrapperWorld::Current-2020-01-07
1009382Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks-2020-01-07
1008414CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc-2020-01-06
1008714Crash in blink::IsCallbackFunctionRunnableInternal-2020-01-06
1007423Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-05
974648Use-of-uninitialized-value in uint64divmod-2020-01-04
1000543Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer-2020-01-03
1007866Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-01-03
1008216Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal-2020-01-03
1008316Crash in blink::EventListenerMap::Contains-2020-01-03
1008506Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008610Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008631DCHECK failure in index < length_ in vector.h-2020-01-03
1008709Use-of-uninitialized-value in hsw::blit_row_s32a_opaque-2020-01-03
985499third_party/liblouis version 3.2.0 is vulnerable-2020-01-02
990234sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash-2020-01-02
991888SOP & Site Isolation bypass with Reader mode$50002020-01-02
1005753Security: UAF in indexed_db_cursor.cc$205002020-01-02
1006544Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX$40002020-01-02
1006545Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition-2020-01-02
1006763Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code-2020-01-02
824715Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing$30002020-01-01
1006435spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2020-01-01

Questions? Ask @SecurityMB