Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2016

Options
#Summary$$$Disclosure date
645811Crash in mojo::internal::Router::OnConnectionError-2016-12-31
648031Heap-use-after-free in pp::MacroExpander::expandMacro-2016-12-31
647922Crash in SuperBlitter::blitH-2016-12-31
648935Crash in FindBit-2016-12-31
649826Heap-use-after-free in CPDF_ViewerPreferences::IsDirectionR2L-2016-12-31
622271Security: Adobe Flash ContextMenu Use After Free$30002016-12-30
622634Security: use-after-free vulnerability in flash player 22.0.0.192$30002016-12-30
630544Security: use-after-free vulnerability in flash player 22.0.0.209$30002016-12-30
630547Security: use-after-free vulnerability in Adobe flash player$30002016-12-30
640177Security: use-after-free vulnerability in flash player latest version$30002016-12-30
647791Heap-buffer-overflow in gpu::gles2::ShaderTranslator::Translate-2016-12-30
648620CRASH() writes to a fixed mappable address-2016-12-30
649056Assertion failed: !object || (object->isBox())-2016-12-30
649095Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::LayoutBox::firstChildBox;blink::ThemePainterDefault::setupMenuListArrow-2016-12-30
649058Use-of-uninitialized-value in blink::BoxPainter::paint-2016-12-30
649599Crash in blink::ThemePainterDefault::setupMenuListArrow-2016-12-30
502871Security: adobe flash NetStream.appendBytes ByteArray data Use-After-Free$30002016-12-29
646278Security: Address Bar URL Spoofing$5002016-12-29
648671Bad-cast to webrtc::Module from webrtc::BitrateControllerImpl;webrtc::CongestionController::TimeUntilNextProcess;webrtc::ProcessThreadImpl::Process-2016-12-29
647329Use-after-poison in fuzz_wasm_section-2016-12-28
645540Update It2Me host to show confirmation prompt for incoming connections.-2016-12-28
648373Crash in v8::internal::SloppyArgumentsElementsAccessor<v8::internal::SlowSloppyArgumentsE-2016-12-28
645028Web accessible resources checks should work with blob: and filesystem: URLs that have chrome-extension:// inner URLs-2016-12-27
647612Heap-use-after-free in CPDF_RenderStatus::LoadSMask-2016-12-27
647893Use-of-uninitialized-value in CPDF_DIBSource::TranslateScanline24bpp-2016-12-27
647683Wrong security state when going back/forward after HTML5 history push-2016-12-27
639750XSS using Dropjacking-2016-12-26
646351Crash in v8::internal::SloppyArgumentsElementsAccessor<v8::internal::SlowSloppyArgumentsE-2016-12-26
640233Use-of-uninitialized-value in SkGradientShaderBase::SkGradientShaderBase-2016-12-25
645729Use-after-poison in blink::TimerBase::runInternal$35002016-12-25
646178Heap-use-after-free in blink::ShapeOutsideInfo::isEnabledFor-2016-12-25
647197Heap-double-free in v8::internal::wasm::testing::InterpretWasmModule-2016-12-24
647110Heap-double-free in v8::internal::wasm::testing::InterpretWasmModule-2016-12-24
647027Heap-use-after-free in v8::internal::wasm::ThreadImpl::Execute-2016-12-24
647481Use-of-uninitialized-value in SkGradientShaderBase::SkGradientShaderBase-2016-12-24
647267Crash in blink::TopDocumentRootScrollerController::globalRootScroller-2016-12-24
644674Attempting free in void v8::internal::LocalArrayBufferTracker::Free<-2016-12-23
647269Bad-cast to blink::TopDocumentRootScrollerController from blink::RootScrollerController;blink::PaintLayerCompositor::updateClippingOnCompositorLayers;blink::PaintLayerCompositor::updateIfNeeded-2016-12-23
646258Crash in ReadUnalignedValue<int>-2016-12-23
627399Use-of-uninitialized-value in CCodec_TiffContext::Decode-2016-12-22
621838Memcpy-param-overlap in CCodec_ProgressiveDecoder::JpegReadMoreData-2016-12-22
645745Unable to block cookies$5002016-12-22
646786Use-of-uninitialized-value in SkMatrix44::computeTypeMask-2016-12-22
646350Heap-use-after-free in ash::WmWindowAura::StackChildAbove-2016-12-22
641239Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture-2016-12-21
638159Use-of-uninitialized-value in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue-2016-12-21
642070Use-of-uninitialized-value in update_current_folder_get_info_cb-2016-12-21
643939Crash in v8::internal::Invoke-2016-12-21
645839Heap-use-after-free in cc::Scheduler::BeginImplFrameWithDeadline-2016-12-21
644733Heap-buffer-overflow in blink::LazyLineBreakIterator::nextBreakablePositionIgnoringNBSP-2016-12-21
645777Use-of-uninitialized-value in base::time_internal::SaturatedSub-2016-12-20
645186Memcpy-param-overlap in CCodec_ProgressiveDecoder::JpegReadMoreData-2016-12-20
645201Use-of-uninitialized-value in webrtc::PlayoutDelayLimits::Parse-2016-12-19
645770Heap-buffer-overflow in void std::vector<aura::Window*, std::allocator<aura::Window*> >::_M_insert_aux<a-2016-12-18
644373Security - Unexploitable: Integer Overflow in media::mp4::TrackRunIterator::Init leading to arbitrary size OOB read in an arbitrary offset from the buffer.-2016-12-17
645034Use-of-uninitialized-value in blink::TraceMethodDelegate<blink::PersistentBase<blink::DOMArrayBuffer,-2016-12-17
645657Use-of-uninitialized-value in base::Pickle::WriteBytes-2016-12-17
641995value.isFunctionValue()-2016-12-16
632709Heap-use-after-free in CPDFSDK_Widget::SetAppModified-2016-12-15
642803Heap-use-after-free in cc::SurfaceManager::UnregisterBeginFrameSource-2016-12-15
643726Heap-buffer-overflow in safe_browsing::dmg::UDIFBlock::ParseBlockData-2016-12-15
643173Wrong security state when redirecting to HTTP$20002016-12-15
644182Heap-buffer-overflow in unibrow::Utf8::Validate-2016-12-15
648971Chrome OS exploit: c-ares OOB write + dump_vpd_log > symlink$1000002016-12-14
632848!object || (object->isBox())-2016-12-14
637899Heap-buffer-overflow in Decode-2016-12-14
640998Crash in CPDF_Parser::LoadCrossRefV5-2016-12-14
643431Crash in v8::internal::Object::SetPropertyInternal-2016-12-14
643665Crash inside SuperBlitter::blitH-2016-12-14
643933Crash in SuperBlitter::blitH-2016-12-14
643935Heap-buffer-overflow in gpu::gles2::Texture::SetLevelInfo-2016-12-14
640999Heap-use-after-free in base::ObserverListBase<content::RenderThreadObserver>::RemoveObserver-2016-12-13
642987Heap-buffer-overflow in unibrow::Utf8::Validate-2016-12-13
643137Heap-use-after-free in blink::TimerBase::getTimerTaskRunner-2016-12-13
643970Use-of-uninitialized-value in SkUnPreMultiply::PMColorToColor-2016-12-13
644003Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock-2016-12-13
624011Security: UAF with namespace nodes in XPointer ranges$35002016-12-11
638220Heap-buffer-overflow in test_runner::BoundsForCharacter-2016-12-10
638166Heap-use-after-free in content::RenderFrameImpl::NavigateInternal-2016-12-09
642867Crash in v8::internal::wasm::WasmFullDecoder::AnalyzeLoopAssignment-2016-12-09
642639<no crash state available>-2016-12-09
643071Crash in v8::internal::NewSpace::Verify-2016-12-09
640576Heap-use-after-free in base::WaitableEvent::Signal-2016-12-08
642028Use-of-uninitialized-value in void WTF::copyToVector<WTF::HashSet<blink::LayoutObject*, WTF::PtrHash<blink::La-2016-12-08
497302Integer-overflow in sfntly::FontData::Bound$10002016-12-06
642063Crash in v8::internal::HeapObject::SizeFromMap-2016-12-06
641575Crash in v8::internal::InstantiateObject-2016-12-05
623992Use-of-uninitialized-value in unicodetoupper-2016-12-04
622197Heap-buffer-overflow in u16_u8-2016-12-03
633473Use-of-uninitialized-value in Hunspell::spell-2016-12-03
638570Use-of-uninitialized-value in AffixMgr::compound_check-2016-12-03
638562Stack-buffer-overflow in SfxEntry::checkword-2016-12-03
625915Mac: 'Press Esc to exit fullscreen' covered up by permission prompts-2016-12-02
638615Security: heap-buffer-overflow in ImageBitmap::ImageBitmap$55002016-12-02
619368Heap-buffer-overflow in content::WriteMemory-2016-12-01
631375Security: mbspatch: Malform patch file may access heap out of bound-2016-12-01
635602Heap-use-after-free in content::RenderProcessHostImpl::ConnectionFilterImpl::GetInterface-2016-12-01
635879Security: Format String Vulnerability in Chrome OS$10002016-12-01
638223Use-of-uninitialized-value in Break-2016-12-01
638742Security: Universal XSS using ThreadDebugger::setMonitorEventsCallback$20002016-12-01
617124Use-of-uninitialized-value in WebRtcSpl_CountLeadingZeros32-2016-11-30
637594Security: Universal XSS using DevTools$20002016-11-30
639658Security: Navigating to "chrome://" URLs via 'about:' protocol$5002016-11-30
637546Security: UNKOWN in CFX_Edit_Provider::GetCharWidthW$10002016-11-29
639451Heap-use-after-free in std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje-2016-11-29
639984Heap-use-after-free in FORM_DoDocumentAAction-2016-11-29
639985Use-of-uninitialized-value in shell::internal::InterfaceFactoryBinder<IPC::mojom::ChannelBootstrap>::BindInter-2016-11-29
633306CSP can be abused to disclose URIs cross-origin-2016-11-25
638571Heap-use-after-free in blink::DepthOrderedLayoutObjectList::ordered-2016-11-25
638928!m_deletionHasBegun-2016-11-25
628942Security: Universal XSS with ScopedPageLoadDeferrer and RemoteFrame$175002016-11-24
630654Heap-use-after-free in CPDFSDK_Document::KillFocusAnnot$30002016-11-24
633474Negative-size-param in blink::LayoutGrid::populateExplicitGridAndOrderIterator-2016-11-24
638186Use-after-poison in blink::SVGLengthContext::convertValueToUserUnits-2016-11-24
638192Use-after-poison in blink::ElementResolveContext::ElementResolveContext-2016-11-24
638226Use-of-uninitialized-value in v8::internal::PointerUpdateJobTraits<-2016-11-24
619381Crash in GrCircleBlurFragmentProcessor::CreateCircleBlurProfileTexture-2016-11-23
633385CUPS domain socket should only be openable by user chonos-2016-11-23
635848Security: Crash in CPDF_Dictionary::GetObjectBy$10002016-11-23
638185Bad-cast to const blink::LayoutBox from blink::LayoutSVGResourcePattern;blink::PaintInvalidationState::updateForNormalChildren;blink::PaintInvalidationState::updateForChildren-2016-11-23
638219Bad-cast to blink::LayoutBox from blink::LayoutSVGEllipse;blink::LayoutObject::positionForPoint;blink::LayoutBox::clippingRect-2016-11-23
622033Heap-buffer-overflow in sctp_send_deferred_reset_response-2016-11-22
630870Security: Universal XSS by intercepting a UA shadow tree$75002016-11-22
636268Security: heap-buffer-overflow in SkColorSpace$35002016-11-22
634557Security: Blob file entries aren't checked against security policy-2016-11-22
628999Crash in blink::Geolocation::onGeolocationPermissionUpdated-2016-11-21
635577Crash in mojo::AssociatedBinding<blink::mojom::blink::BroadcastChannelClient>::RunConnect-2016-11-19
637320Security: Unchecked .end() iterator dereference in VTVideoDecodeAccelerator::ReusePictureBuffer-2016-11-19
625404Security: use-after-free in AttachFilteredEvent on event_bindings.cc$30002016-11-18
628920Security: Address bar spoofing on iOS-2016-11-18
625575Security: bypassing CORS by XHR + MemoryCache + ServiceWorker-2016-11-18
633687Security: Full browser crash when trying to open missing 'downloaded' resource file.-2016-11-18
626893Security: Arbitrary memory write in v8::internal::GlobalHandles::IterateNewSpaceWeakUnmodifiedRoots()$30002016-11-17
628542Heap-buffer-overflow in unibrow::Utf8::Validate-2016-11-17
631368Crash in blink::getPropertyNameString-2016-11-17
634954Security: Address bar spoofing with itunes page on iOS-2016-11-17
636194Crash in void SkLinearGradient::LinearGradientContext::shade4_dx_clamp<false, false>-2016-11-17
635571Crash in blink::EventTarget::fireEventListeners-2016-11-17
622420Security: Type confusion in StylePropertySerializer::getCustomPropertyText.-2016-11-16
632124Global-buffer-overflow in silk_NLSF2A-2016-11-16
635574Use-after-poison in blink::CrossThreadPersistentRegion::shouldTracePersistentNode$35002016-11-16
600352Security: Cross-Protocol Theft from non-HTTP services via DNS rebinding + HTTP/0.9-2016-11-15
611955//components/filesystem/public/interfaces/*.mojom files need security review-2016-11-15
618037Security: Devtools old remote frontend allows running privileged scripts via overwriting localStorage settings$10002016-11-15
633472Use-of-uninitialized-value in segment-2016-11-15
632849Heap-buffer-overflow in SkA8_Blitter::blitH-2016-11-13
628890Security: heap-buffer-overflow in opj_tcd_code_block_dec_allocate$35002016-11-12
628304Security: heap-buffer-overflow in opj_v4dwt_interleave_h$35002016-11-12
634238Security: Adobe Flash Button.blendMode setter uninitialized stack variable-2016-11-12
635045Use-of-uninitialized-value in blink::ImagePattern::isLocalMatrixChanged-2016-11-12
619429Security: Able to bypass permission prompt on keypress-2016-11-11
624514Heap-buffer-overflow in CWeightTable::Calc$35002016-11-11
634114Heap-use-after-free in blink::LayoutFieldset::adjustInnerStyle-2016-11-11
634394Security: UAF in PDFium's TimerProc()-2016-11-11
627355Crash in _platform_memmove$VARIANT$Nehalem-2016-11-10
632965Security: OOB read with CallSite and wasm-2016-11-10
633585Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer-2016-11-10
633471Use-of-uninitialized-value in GrPipeline::CreateAt-2016-11-08
633486Tracking bug for internal fixes: Chrome M52, release 1-2016-11-08
479961Apply wpa_supplicant P2P vulnerability fixes-2016-11-07
632634Security: Universal XSS with static methods and ScriptState::forHolderObject$75002016-11-07
610644Heap-buffer-overflow in ps_table_add$15002016-11-06
632850Crash in CPDFSDK_InterForm::GetWidget-2016-11-06
632851Heap-use-after-free in CJS_Timer::KillJSTimer-2016-11-06
632860Heap-buffer-overflow in copy-2016-11-05
616429Security: Saving WebPage with file: resources access SMB resources$10002016-11-04
631052Use-after-poison in blink::CompositorAnimationPlayer::NotifyAnimationStarted$35002016-11-04
631320Heap-use-after-free in content::WebRTCEventLogHost::PeerConnectionRemoved-2016-11-04
629919Security: heap-buffer-overflow in opj_tcd_update_tile_data$50002016-11-03
631050Crash in v8::internal::JSObject::UpdateAllocationSite-2016-11-03
573131Security: some extension bindings incorrectly injected into about:blank frames$75002016-11-02
627414Crash in MaskSuperBlitter::blitH-2016-11-02
630377Heap-use-after-free in ProfileIOData::FromResourceContext-2016-11-02
629455Heap-buffer-overflow in SuperBlitter::blitH-2016-11-02
631319Container-overflow in gpu::gles2::GLES2DecoderImpl::DoScheduleCALayerFilterEffectsCHROMIUM-2016-11-02
631752Tracking bug for internal fixes: Chrome OS 52.0.2743.85 (Platform version: 8350.60.0)-2016-11-02
628992Heap-use-after-free in SuperBlitter::blitH-2016-11-01
627454Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture-2016-11-01
630736Crash in segment-2016-11-01
630369Use-of-uninitialized-value in GrShape::attemptToSimplifyPath-2016-10-31
630749Heap-use-after-free in mojo::BindingSet<network_hints::mojom::NetworkHints>::AddBinding-2016-10-31
623195Use-of-uninitialized-value in base::Pickle::WriteData-2016-10-29
630649Stack-buffer-overflow in SkDCubic::searchRoots-2016-10-29
399951Security: Cross-origin information leak via ECMAScript harmony proxies$10002016-10-28
614647Use-of-uninitialized-value in get_advance-2016-10-28
621362Security: Universal XSS with Flash calling into JavaScript inside Node::removedFrom$75002016-10-28
629962Use-of-uninitialized-value in segment-2016-10-28
628117Heap-use-after-free in blink::PaintController::commitNewDisplayItems$35002016-10-28
630378Use-of-uninitialized-value in SkDPoint::approximatelyEqual-2016-10-28
624213Security: Address bar RTL character spoofing on Mac-2016-10-27
624214Security: Address bar RTL character spoofing on iOS-2016-10-27
629795Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::HandleGetBufferParameteriv-2016-10-27
626186Crash in SkOpAngle::setSpans-2016-10-26
627401Crash in SkOpCoincidence::mark-2016-10-26
628995Use-of-uninitialized-value in CPWL_List_Notify::IOnInvalidateRect-2016-10-26
629452Crash in segment-2016-10-26
629454Use-of-uninitialized-value in containsCoincidence-2016-10-26
616623Use-of-uninitialized-value in walk_convex_edges-2016-10-25
629004Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::DoDrawBuffersEXT-2016-10-25
629008Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::WaitSyncTokenCHROMIUM-2016-10-25
629435Crash in v8::internal::Invoke-2016-10-25
623319URL Spoof due to subframes and NavigationEntry corruption$20002016-10-21
627436Negative-size-param in content::MediaStreamDispatcherHost::OnCancelDeviceChangeNotifications-2016-10-21
627756Security: SEGV on unknown address in toCSSValuePair$30002016-10-21
627443Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2016-10-21
628113Use-of-uninitialized-value in blink::LayoutObject::setPreferredLogicalWidthsDirty-2016-10-21
628130Stack-buffer-overflow in saturated_add-2016-10-21
626790Crash in blink::ComputeFloatOffsetForFloatLayoutAdapter<2>::heightRemaining-2016-10-20
627354Negative-size-param in content::WebRTCEventLogHost::PeerConnectionRemoved-2016-10-20
627434Use-of-uninitialized-value in sk_sse41::blit_row_s32a_opaque-2016-10-20
627447Use-of-uninitialized-value in ProfileChooserView::ButtonPressed-2016-10-20
627457Use-after-poison in content::WebMessagePortChannelImpl::OnMessage$35002016-10-20
611957//components/leveldb/public/interfaces/leveldb.mojom needs a security review-2016-10-19
618295Security: [PDFium]AddressSanitizer: negative-size-param-2016-10-19
623168Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2016-10-19
626182Heap-use-after-free in blink::PaintController::commitNewDisplayItems-2016-10-19
623365Heap Buffer Overflow in iframe URL Parse-2016-10-17
579934Chromium allows to open popup window from Flash object without user gesture or blocking$10002016-10-15
610986ASSERTION FAILED: !object || (object->isBox())-2016-10-15
617648Heap-use-after-free in content::FilteringNetworkManager::Initialize-2016-10-15
626562Crash in v8::internal::HandleBase::IsDereferenceAllowed-2016-10-15
626792Heap-use-after-free in GURL::GURL-2016-10-15
617105Security: use-after-free vulnerability in flash player$30002016-10-14
623072Use-of-uninitialized-value in containsCoincidence-2016-10-14
625541Security: heap-buffer-overflow in opj_tcd_init_tile$30002016-10-14
625823Security: SEGV in blink::DOMWindowV8Internal::blurMethodCallback$10002016-10-14
625945Security: browser history sniffing via HSTS + CSP (bypass previous fix)$10002016-10-14
613949Extension install crashes browser at onDownloadProgress and onInstallStageChanged$5002016-10-13
625903Security: heap-use-after-free in blink::LayoutBox::pixelSnappedOffsetHeight$20002016-10-13
624818Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2016-10-13
623378Security: UAF related to XPointer range-to function$35002016-10-12
625752Crash in v8::internal::LocalArrayBufferTracker::Free<1>-2016-10-12
625393Security: Heap-use-after-free in ScriptInjector$10002016-10-11
616907Security: Universal XSS using a ScopedPageLoadDeferrer bypass$80002016-10-10
619379CharacterData::setData() should handle first-letter correctly-2016-10-06
620952i < m_len-2016-10-06
624713Security: Calling from WASM to JS should not pass the global object-2016-10-06
291417Security: <webview>/App Request Contexts may not be so isolated-2016-10-05
561978Vulnerability reported in media-libs/libpng-2016-10-05
609382Security: Use after free of task_struct in Mali Midgard driver.-2016-10-05
612050Heap-use-after-free in views::Widget::OnNativeWidgetDestroying-2016-10-05
609680Chrome For Android Address Bar Spoofing Issue Due To Mishandling Of RTL Characters$30002016-10-05
617882Crash in v8::internal::PointerUpdateJobTraits<-2016-10-05
618333Security: Parameter sanitization failure in DevTools leads to privileged script execution$20002016-10-05
619414Security: Devtools has Insuffient sanitization of remoteBase parameter$20002016-10-05
620981Crash in _platform_bzero$VARIANT$Merom-2016-10-05
621843Heap-buffer-overflow in float blink::ShapeResultSpacing::computeSpacing<unsigned short>-2016-10-05
623985Use-after-poison in blink::PersistentBase<blink::WorkerWebSocketChannel::Bridge,$35002016-10-05
623996Use-of-uninitialized-value in blink::LineBoxList::deleteLineBoxes-2016-10-05
617084Crash in v8::internal::HandleBase::IsDereferenceAllowed-2016-10-04
619377Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup-2016-10-04
621095SIGSEGV, RIP = 0x0-2016-10-04
118642Heap-use-after-free in v8::internal::JSObject::GetElementWithInterceptor$10002016-10-02
118662Regression(r109014): Heap-use-after-free in WebCore::InlineTextBox::isLineBreak$5002016-10-02
118593Heap-use-after-free in WebCore::SVGStyledElement::buildPendingResourcesIfNeeded$10002016-10-02
118490Heap-use-after-free in WebCore::RenderObject::containingBlock$10002016-10-02
118467open.call(other_window) circumvents check in other_window.open()-2016-10-02
118633Security: Frame sniffing is not fixed-2016-10-02
118414Heap use after free on chrome_content_browser_client.cc with webrtc$10002016-10-02
118374Long autofilled value causes render issue-2016-10-02
118273ZDI-CAN-1528: Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability-2016-10-02
118227Security: cross-origin iframes can be resized from within in M18-2016-10-02
118018Heap-buffer-overflow in S32_opaque_D32_nofilter_DXDY-2016-10-02
118317Popup blocker bypass triggering mouse event on tag with rel=noreferrer-2016-10-02
118185Heap-use-after-free in WebCore::V8HTMLBodyElement::wrapSlow-2016-10-02
117890Use-after-free in CrashGenerationServer-2016-10-02
117912Heap-buffer-overflow in memcmp-2016-10-02
117794[LangFuzz] Crash on heap with invalid read through GetPropertyWithCallback$5002016-10-02
117736No permission prompt when loading unpacked extension with NPAPI plugin-2016-10-02
117728Heap-use-after-free in WebCore::InlineBox::root$10002016-10-02
117724Event handlers firing during Text::splitText trigger use-after-free.-2016-10-02
118009Heap-buffer-overflow in void WTF::Vector<unsigned short, 0ul>::append<unsigned short>-2016-10-02
117889Dangerous download warnings are suppressed for a larger class of downloads than are handled by SafeBrowsing-2016-10-02
117698Heap-use-after-free in WebCore::RenderLayer::addChild$10002016-10-02
117696Heap-use-after-free in WebCore::RenderBlock::addPositionedFloats-2016-10-02
117674Heap-use-after-free in WebCore::GraphicsContext3D::getExtensions-2016-10-02
117672Uptake angle security fix-2016-10-02
117656Pwnium bug: GPU memory corruption-2016-10-02
117627Security: IPC Channel does not validate the listener.-2016-10-02
117620Pwnium bug: Prerendering issues with NACL$600002016-10-02
117715LoadExtension binding in chrome://extensions/ is too permissive-2016-10-02
117583Iframe hijacking from Pwnium-2016-10-02
117588Security: Memory Corruption in MaskSuperBlitter$10002016-10-02
117545ICU lang buffer overflow-2016-10-02
117471Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled$10002016-10-02
117446App popup user gesture exemption should be based on process type, not just extent-2016-10-02
117418Security: Don't grant WebUI bindings to a process shared with normal views-2016-10-02
117417Security: Don't let a normal web renderer navigate to a privileged URL-2016-10-02
117413Heap-use-after-free in WebCore::RenderScrollbar::getScrollbarPseudoStyle-2016-10-02
117409Chrome: Crash Report - Stack Signature: v8::internal::MarkCompactCollector::RecordS...-2016-10-02
117400Uptake fixes on weak node iteration patterns-2016-10-02
117511Heap-use-after-free in WTF::equal-2016-10-02
117335Occasional heap-use-after-free in non-virtual thunk to AudioDevice::OnStateChanged$5002016-10-02
117341Heap-use-after-free in MessageLoop::AddToIncomingQueue$10002016-10-02
117230Part 2 of Pwnium Bug-2016-10-02
117226Part 1 of Pwnium Bug: UXSS$600002016-10-02
117150REGRESSION(wk109285): Heap-use-after-free in WebCore::Document::nodeChildrenWillBeRemoved$10002016-10-02
117110Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren-2016-10-02
116994Heap-use-after-free in chrome::ChromeContentBrowserClient::RequestMediaAccessPermission-2016-10-02
116967Heap-buffer-overflow in WebCore::SVGUseElement::instanceForShadowTreeElement-2016-10-02
116927Heap-buffer-overflow in av_freep$10002016-10-02
116806Heap-use-after-free in WebCore::RenderInline::continuationBefore-2016-10-02
116746Heap-use-after-free in WebCore::RenderBlock::splitBlocks$10002016-10-02
116637Renderer process crash when doing WebGL canvas to 2D canvas drawImage()-2016-10-02
116524Security: Off-by-one in OTS resulting in arbitrary code execution-2016-10-02
116461Heap-use-after-free in WebCore::CSSCrossfadeValue::~CSSCrossfadeValue$10002016-10-02
116405Mitigate stale layout root bugs-2016-10-02
116398Security: SSL proxy seems to not care about the cert-2016-10-02
116474Merge SVG use fix to stable-2016-10-02
121926Heap-buffer-overflow in WebCore::FEConvolveMatrix::platformApplySoftware-2016-10-02
121937glGetProgramInfoLog regression in ANGLE-2016-10-02
121734Heap-use-after-free in WebCore::V8AbstractEventListener::~V8AbstractEventListener-2016-10-02
121726Sandbox IPC length checking race-2016-10-02
121703Crash in NSMutableRLEArray replaceObjectsInRange:withObject:length with long URL-2016-10-02
121692Heap-use-after-free in WebCore::SelectorChecker::checkOneSelector-2016-10-02
121645Heap-use-after-free in WebCore::RenderBlock::removeFloatingObject-2016-10-02
121899Security: use-after-free in WebCore::RenderBoxModelObject::hasSelfPaintingLayer()$10002016-10-02
121736Heap-use-after-free in WebCore::EventDispatcher::dispatchEvent-2016-10-02
121347Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak$5002016-10-02
121524Use after free with reflections and composited layers-2016-10-02
121206Heap-buffer-overflow in WebCore::HTMLSelectElement::setRecalcListItems-2016-10-02
121128Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::append<unsigned short>-2016-10-02
120977Crash in texSubImage2D on Mozilla's WebGL performance regression tests-2016-10-02
121269invalid cast in WebCore::toHTMLElement / WebCore::HTMLFieldSetElement::disabledAttributeChanged-2016-10-02
121223Heap-use-after-free in WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadCreateWebSocketChannel$5002016-10-02
121407[LangFuzz] Invalid write in v8::internal::ElementsAccessorBase<...>::CopyElements$10002016-10-02
120648UNKNOWN in SkARGB32_Blitter::blitV$5002016-10-02
120457Global-buffer-overflow in WebCore::InlineTextBox::isLineBreak-2016-10-02
120711Heap-use-after-free in WebCore::Element::recalcStyle$10002016-10-02
120944Use-after-free due to issues in counter layout.$10002016-10-02
120912Heap-use-after-free in WebCore::RenderText::removeTextBox$10002016-10-02
120320Flash Broker Bypass 0x2B (CVE-2012-0724)-2016-10-02
120318Flash Broker Bypass 0x2D (CVE-2012-0725)-2016-10-02
120222Heap-use-after-free in WebCore::RenderTableSection::paintCell$10002016-10-02
120205Security: <svg:use> elements in the parser can create elements not marked as created by the parser-2016-10-02
120404Heap-buffer-overflow in WebCore::Font::codePath-2016-10-02
120037Heap-use-after-free in WebCore::ContainerNode::resumePostAttachCallbacks$10002016-10-02
120007Heap-use-after-free in WebCore::WorkerEventQueue::close-2016-10-02
120403Heap-use-after-free in WebCore::ContainerNode::insertBefore-2016-10-02
120189Heap-use-after-free in WebCore::V8RecursionScope::didLeaveScriptContext-2016-10-02
119926Use after free in v8::internal::IncrementalMarking::Step$10002016-10-02
119501Heap-use-after-free in WebCore::SVGStyledElement::buildPendingResourcesIfNeeded$10002016-10-02
119429UNKNOWN in v8::Message::GetScriptResourceName$5002016-10-02
120006Heap-use-after-free in WebCore::RenderBlock::finishDelayUpdateScrollInfo-2016-10-02
119525Heap-use-after-free in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange$10002016-10-02
119281Heap-use-after-free in WebCore::GenericEventQueue::~GenericEventQueue$5002016-10-02
119230Heap-use-after-free in WebCore::RenderBlock::splitBlocks-2016-10-02
119150Sandboxed processes should not be able to open other sandboxed processes-2016-10-02
119084Heap-use-after-free in utext_setNativeIndex_46-2016-10-02
118970GPU process crash below DoDrawArrays (Nvidia)$5002016-10-02
119305Heap-use-after-free in WebCore::Node::~Node$10002016-10-02
119250GPU, Plugin, and NaCl processes have PROCESS_DUP_HANDLE permission on renderer processes-2016-10-02
118803Heap-use-after-free in WebCore::SVGTextLayoutAttributesBuilder::fillCharacterDataMap-2016-10-02
118784Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::insert<unsigned short>-2016-10-02
118853Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
118664Security: Swapped out URL must be a unique origin-2016-10-02
118721Extensions resources can be fetched across incognito-2016-10-02
116162Heap-buffer-overflow in wk_png_inflate-2016-10-02
116128Content scripts should never be run in the webstore isolate-2016-10-02
116093Heap-buffer-overflow in WebCore::SVGDocumentExtensions::removeAnimationElementFromTarget$10002016-10-02
116069WebCore::MediaStreamListInternal::itemCallback$5002016-10-02
116224Heap-use-after-free in WebCore::FrameLoader::urlSelected-2016-10-02
115998Heap-use-after-free in WebCore::RenderMenuList::addChild-2016-10-02
115862Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
115756Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
115754Heap-use-after-free in WebCore::RenderLayer::addChild$10002016-10-02
115695Heap-buffer-overflow in WebCore::StaticNodeList::itemWithName$10002016-10-02
115681Heap-use-after-free in WebCore::RenderBox::enclosingFloatPaintingLayer$10002016-10-02
115680Heap-use-after-free in WebCore::RenderListItem::updateMarkerLocation-2016-10-02
115807Heap-use-after-free in WebCore::RenderMenuList::addChild-2016-10-02
116027Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine-2016-10-02
115159Security: Setting innerText allows DOMSubtreeModified listeners to cause crashes-2016-10-02
115028Bad cast in splitAnonymousBlocksAroundChild (part 3)$10002016-10-02
115003Heap-use-after-free in WebCore::RenderObject::previousInPreOrder-2016-10-02
115299Use-after-free in AudioDeviceThread::Callback::InitializeOnAudioThread$5002016-10-02
115471Heap-buffer-overflow in SkAlphaRuns::add$10002016-10-02
114924Bad cast in splitAnonymousBlocksAroundChild$10002016-10-02
114911Heap-buffer-overflow in WebCore::Element::setAttribute-2016-10-02
114858Heap-use-after-free in WebCore::RenderTableSection::willBeDestroyed-2016-10-02
114960Heap-use-after-free in WebCore::SVGTextLayoutAttributesBuilder::fillCharacterDataMap-2016-10-02
114219Heap-use-after-free in WebCore::RenderTableSection::nodeAtPoint$10002016-10-02
114152Heap-use-after-free in WebCore::InspectorStyleSheet::deleteRule-2016-10-02
114144Crash by clicking the time field of maps.google.com-2016-10-02
114068Heap-use-after-free in WebCore::HTMLElement::isPresentationAttribute$10002016-10-02
114056Heap-buffer-overflow in WebCore::previousBoundary$5002016-10-02
114054Heap-buffer-overflow in void WTF::Vector<unsigned short, 0ul>::append<unsigned short>$5002016-10-02
113924[LangFuzz] Crash at v8::internal::HashTable<...>::FindEntry with invalid read$10002016-10-02
114342Stack-buffer-overflow at strcpy$10002016-10-02
113837Heap-use-after-free in WebCore::Document::unregisterForPageCacheSuspensionCallbacks$10002016-10-02
113800Heap-use-after-free in WebCore::RenderBlock::computeOverflow-2016-10-02
113902Heap-use-after-free in WebCore::InlineBox::root$10002016-10-02
113799Heap-use-after-free in WebCore::RenderTable::layout-2016-10-02
113801Heap-use-after-free in WebCore::RenderBlock::outlineStyleForRepaint-2016-10-02
113733Security: Flash deployed via component updater runs outside the sandbox-2016-10-02
113755Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren-2016-10-02
113707Heap-use-after-free in WebCore::RenderQuote::placeQuote$10002016-10-02
113690Heap-use-after-free in WebCore::RenderButton::removeChild-2016-10-02
113567Heap-use-after-free in WebCore::RenderRegion::setRegionBoxesRegionStyle-2016-10-02
113562Heap-use-after-free in WebCore::NavigationScheduler::schedule-2016-10-02
113730Integer wrap in CSSParser::quoteCSSString() can cause a buffer overflow-2016-10-02
113497Heap-use-after-free in WebCore::InlineFlowBox::computeUnderAnnotationAdjustment$10002016-10-02
113496Links in settings page (like learn more, google dashboard) are opened in the webui renderer process-2016-10-02
113439Bad casts due to issues in splitAnonymousBlocksAroundChild$10002016-10-02
113415Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
113258Bad cast in WebCore::RenderBlock::createLineBoxes$10002016-10-02
113178Adding a ShadowRoot to a SELECT element causes crashes-2016-10-02
113174Attaching a ShadowRoot to a VIDEO element causes heap-use-after-free-2016-10-02
113160Security: Tracking bug for WK77971 - Replaces the [CheckNodeSecurity] IDL attribute-2016-10-02
113119Security: Report bad translation link uses http://-2016-10-02
112976Heap-use-after-free in vorbis_decode_frame-2016-10-02
112961TCP and UDP IPCs should not be exposed to arbitrary renderers-2016-10-02
112983Browser crash with FTP video source-2016-10-02
125462Security: libxml2 1-byte heap-buffer-overflow in xmlXPtrEvalXPtrPart$15002016-10-02
125436Heap-use-after-free in WebCore::HTMLFormControlElement::disabled-2016-10-02
125249Heap-buffer-overflow in seg_to-2016-10-02
125225Domui process can be ptraced from a compromised renderer leading to sandbox escape, take 2-2016-10-02
125159Chrome chrashes when pressing back button on a page that is still downloading a big gif image$13372016-10-02
125151Heap-use-after-free in WebCore::Node::compareDocumentPosition-2016-10-02
125010Stealing AutoFill data with window.getSelection() before users actually select form contents-2016-10-02
125494Heap-buffer-overflow in WebCore::HTMLTreeBuilder::processEndTag-2016-10-02
125374Heap-use-after-free in WebCore::RenderSVGContainer::paint$10002016-10-02
124992Heap-use-after-free in WebCore::swapInNodePreservingAttributesAndChildren-2016-10-02
124923Heap-use-after-free in WebCore::parseToDoubleForNumberType-2016-10-02
124919Heap-use-after-free in WebCore::RenderBlock::addOverflowFromFloats-2016-10-02
124895Heap-use-after-free in WebCore::ScriptController::executeIfJavaScriptURL-2016-10-02
124893Heap-buffer-overflow in WebCore::HTMLOptionElement::selected-2016-10-02
124870Heap-use-after-free in WebCore::InsertParagraphSeparatorCommand::doApply-2016-10-02
124868Heap-use-after-free in WebCore::RenderObject* WebCore::bidiNextShared<WebCore::BidiResolver<WebCore::InlineIterator, WebCor-2016-10-02
124836NSS should reject DH public values equal to one-2016-10-02
125000Heap-buffer-overflow in WTF::VectorMover<false, WebCore::Attribute>::move-2016-10-02
124924Heap-buffer-overflow in WebCore::XPath::sortBlock-2016-10-02
124652Heap-buffer-overflow in SkDashPathEffect::SkDashPathEffect-2016-10-02
124625Chrome: Crash Report - Stack Signature: WebCore::npObjectNamedGetter<WebCore::V8HTM...-2016-10-02
124617Heap-buffer-overflow in WebCore::RenderBlock::createLineBoxes-2016-10-02
124669Heap-use-after-free in WebCore::SVGLength::value-2016-10-02
124530Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects-2016-10-02
124594UNKNOWN in v8::internal::MarkCompactCollector::PrepareThreadForCodeFlushing$5002016-10-02
124479Use after free in PDF with corrupt CID font encoding name-2016-10-02
124356Heap-use-after-free in WebCore::GraphicsContext::restore$10002016-10-02
124263OOB read with PDF in cell sorting-2016-10-02
124228Security: Component updater parses unauthenticated XML with libxml in the browser process-2016-10-02
124216Security: MSVR:159 - Google Chrome NPAPI Plugin Insecure Loading Elevation of Privilege Vulnerability-2016-10-02
124191OOB read in PDF when parsing / processing text-2016-10-02
124190OOB read, off-by-one in PDF predictor code with specific decode parameters-2016-10-02
124184OOB read with 1bpp image and ICC profile-2016-10-02
124183OOB read in PDF fax codec-2016-10-02
124389Heap-use-after-free in WebCore::TargetListener::clear-2016-10-02
124182Out of bounds write in PDF with sample function with lots of inputs-2016-10-02
124179PDF crash under ASAN with character maps-2016-10-02
123929Out-of-bounds read in PDF with undersized "O" key and revision 3 crypto-2016-10-02
123858Use-after-free in WebPagePopupImpl instance-2016-10-02
123735OOB reads in PDF AES support due to buffer mismanagement-2016-10-02
123733Out-of-bounds reads with bad parameters to PDF "sampled function" function-2016-10-02
123709Breakpad ClientInfo::PopulateCustomInfo() integer wrap leads to heap overflow-2016-10-02
123656OOB read in PDF whilst scanning for "startxref"-2016-10-02
123631Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled-2016-10-02
123544Heap-use-after-free in WebCore::CachedResource::checkNotify-2016-10-02
123530Heap-use-after-free in AutocompleteMatch::AutocompleteMatch-2016-10-02
123484Global-buffer-overflow in WebCore::InlineTextBox::isLineBreak-2016-10-02
123481Security: ERROR: AddressSanitizer heap-buffer-overflow on address 0x7fde15ff9890 at pc 0x7fde364c5034$10002016-10-02
123105Heap-buffer-overflow in Color32_SSE2-2016-10-02
123054Security: renderer can grant itself read permissions to arbitrary files-2016-10-02
123029OOB write in SkARGB32_Black_Blitter::blitAntiH -> sk_memset32_SSE2$10002016-10-02
123012Chrome: Crash Report - Stack Signature:WebCore::V8BindingPerContextData::constructorForType(WebCore::WrapperTypeInfo *)-2016-10-02
122925Security: Autofill info can be captured by innocuous social engineering$10002016-10-02
122865Heap-use-after-free in SkCanvas::internalDrawBitmapRect-2016-10-02
122760Heap-use-after-free in WebCore::RenderTable::computePreferredLogicalWidths-2016-10-02
122692UNKNOWN in /lib/libc-2.11.1.so+Unknown-2016-10-02
122681[LangFuzz] CHECK(fixed_size + height_in_bytes == input_frame_size) failed or crash with invalid read$5002016-10-02
122654Chrome: Crash Report: SocketStreamDispatcherHost::CancelSSLRequest-2016-10-02
122586Global-buffer-overflow in HB_TibetanShape-2016-10-02
122585Security: stack-buffer-overflow in WebCore::GlyphPage::fill with surrogate characters$5002016-10-02
122573Heap-use-after-free in WebCore::CachedRawResource::didAddClient-2016-10-02
122854Security: Potential (racy) use after free error in DownloadResourceHandler::OnResponseCompletedInternal-2016-10-02
122503Heap-buffer-overflow in erode-2016-10-02
122337[LangFuzz] Crash on heap with invalid write (32 bit only).$10002016-10-02
122208GCing a node observed by a WebKitMutationObserver can cause an invalid HashSet iterator-2016-10-02
122029Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine-2016-10-02
122014Heap-use-after-free in WorkerEventQueue::close-2016-10-02
121968Heap-use-after-free in WebCore::GraphicsLayer::willBeDestroyed-2016-10-02
122562Heap-use-after-free in ModuleSystem::LazyFieldGetter$10002016-10-02
112847Bad cast in addChildToAnonymousColumnBlocks$10002016-10-02
112833Heap-use-after-free in webkit_media::BufferedResourceLoader::Start$10002016-10-02
112822Security: Heap-buffer-overflow in png_decompress_chunk$13372016-10-02
112814Safe Browsing client doesn't always check for MAC field in response-2016-10-02
112775Heap-use-after-free in WebCore::Node::traverseNextNode-2016-10-02
112764Heap-use-after-free in RendererAccessibility::SendPendingAccessibilityNotifications-2016-10-02
112738Security: User Interface - infobar confusion, spamming, and spoofing-2016-10-02
112735Bad cast in FormSubmission::create-2016-10-02
112694Heap-use-after-free in WebCore::Node::normalize-2016-10-02
112670avcodec_53!ff_h264_get_profile - crash$5002016-10-02
112451X509UserCertResourceHandler::OnResponseCompleted crash-2016-10-02
112443[Mac] Regular SSL certificate incorrectly displayed with EV color badge-2016-10-02
112542Heap-use-after-free in WebCore::TextIterator::rangeFromLocationAndLength-2016-10-02
112411Heap-use-after-free in WebCore::SVGUseElement::expandSymbolElementsInShadowTree$10002016-10-02
112391Heap-use-after-free in ExtensionHost-2016-10-02
112339Security: chrome allows TDR looping leading to win7 OS crash through page refresh html tag + WebGL-2016-10-02
112325Security: Copy-paste preserves <embed> tags containing active content-2016-10-02
112317Heap-buffer-overflow in WebCore::Font::codePath$5002016-10-02
112259Heap-use-after-free in WebCore::EventTarget::dispatchEvent$5002016-10-02
112236Security: Chrome translation script downloaded over HTTP-2016-10-02
112212Heap-use-after-free in WebCore::ContainerNode::appendChild$20002016-10-02
112151Heap-use-after-free in WebCore::RenderRegion::setRegionBoxesRegionStyle$10002016-10-02
112093Heap-use-after-free in WebCore::Node::dispatchSubtreeModifiedEvent-2016-10-02
112055Heap-buffer-overflow in WebCore::CSSParser::lex-2016-10-02
111779Heap-use-after-free in WebCore::SubframeLoader::loadSubframe$10002016-10-02
111748Heap-use-after-free in WebCore::SVGElement::removedFromDocument$10002016-10-02
111656Security: Accessibility bad cast-2016-10-02
111575Security: NaCl dynamic code modification allows direct calls inside existing super instructions.-2016-10-02
111491AddressSanitizer reports a heap-use-after-free in icu_46::RuleBasedBreakIterator::handleNext in DownloadTest.CrxLargeTheme (browser_tests) on Chrome OS-2016-10-02
111088Heap-use-after-free in WebCore::FrameLoader::checkTimerFired-2016-10-02
111467Heap-buffer-overflow in WebCore::SVGSVGElement::currentViewBoxRect$10002016-10-02
110849Heap-buffer-overflow in matroska_parse_block-2016-10-02
110764Heap-use-after-free in WebCore::DocumentLoader::detachFromFrame$10002016-10-02
110723Heap-use-after-free in WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation-2016-10-02
111342Heap-use-after-free in AudioDevice::FireRenderCallback-2016-10-02
110559Heap-buffer-overflow in GPU ShaderTranslator-2016-10-02
110374Heap-use-after-free in WebCore::EventHandler::mouseMoved$10002016-10-02
110360Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled-2016-10-02
110277Heap-buffer-overflow in xsltCompilePatternInternal$5002016-10-02
110172Heap-buffer-overflow in SkAlphaRuns::add$10002016-10-02
110545Security: AssociatedURLLoader exposes non-whitelisted response headers when loading with access control (CORS)-2016-10-02
110076Heap-use-after-free in WebCore::CompositeEditCommand::ensureComposition-2016-10-02
109743Heap-use-after-free in WebCore::CSSStyleSelector::matchRulesForList$10002016-10-02
109717Security: crash when viewing a certificate without issuer signature-2016-10-02
109716Heap-use-after-free in xsltParseGlobalVariable$10002016-10-02
109691Security: Losing user-set pin data on HSTS header receipt-2016-10-02
110112Heap-use-after-free in WebCore::FrameView::forceLayoutParentViewIfNeeded$10002016-10-02
109912Security: read sandbox escape: NaCl validator for x86-64 allow REP string instructions to have out-of-bound source addresses-2016-10-02
109623Chrome: Crash Report - Stack Signature: WebKit::WebMediaPlayerClientImpl::loadInter...-2016-10-02
109574Potential XSS attack with [0x8E][0xE3] in EUC-JP page$5002016-10-02
109556Heap-buffer-overflow in WebCore::HTMLTreeBuilder::HTMLTreeBuilder$10002016-10-02
109411Regression: Crash in WebCore::DynamicSubtreeNodeList::length()-2016-10-02
109245Security: Chrome Drag Spoofing-2016-10-02
109664safe_browsing::SignatureUtil::CheckSignature() - crash-2016-10-02
109094Possible wild read in internal PDF-reader-2016-10-02
108958Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
129158Heap-use-after-free in WebCore::AccessibilityObject::getAttribute-2016-10-02
129191UNKNOWN in WebCore::HTMLDocumentParser::prepareToStopParsing$10002016-10-02
128971Heap-use-after-free in WebCore::InlineBox::deleteLine-2016-10-02
128711Run-in UAF crashes relating to generated content and inline line box tree not clearing.-2016-10-02
128704Crash when opening and closing chrome://chrome-2016-10-02
128688Heap-buffer-overflow in gpu::gles2::GLES2Implementation::TexSubImage2DImpl-2016-10-02
128800Use after free in WebCore::SVGTextLayoutAttributesBuilder::fillCharacterDataMap-2016-10-02
128597RenderViewImpl's shared_popup_counter_ isn't incremented properly-2016-10-02
128498Heap-buffer-overflow in WebCore::CSSSelector::specificityForOneSelector-2016-10-02
128497CachedImage does not clear the ImageObserver pointer when dropping its Image ref-2016-10-02
128458Security: NTP Promo data is downloaded via HTTP, but then rendered on the NTP-2016-10-02
128665Heap-use-after-free in WebCore::Node::isInShadowTree-2016-10-02
128342Heap-buffer-overflow in WebCore::SVGUseElement::instanceForShadowTreeElement-2016-10-02
128336Heap-buffer-overflow in WebCore::SubframeLoader::createJavaAppletWidget-2016-10-02
128256tabs permission exploit on the Chrome RSS Extension-2016-10-02
128204Assertion failure (toRenderBox() called on a RenderInline) beneath RenderBlock::blockBeforeWithinSelectionRoot()-2016-10-02
128178Heap-use-after-free in fileapi::FileSystemOperation::DidGetUsageAndQuotaAndRunTask$31332016-10-02
128163Heap-buffer-overflow in GIFImageReader::read-2016-10-02
128159Heap-use-after-free in WTF::HashMap<int, WTF::RefPtr<WebCore::CalculationValue>, WTF::IntHash<unsigned int>, WTF::HashTrait-2016-10-02
128157Heap-use-after-free in WebCore::HTMLFormControlElement::disabled-2016-10-02
128151Heap-use-after-free in WebKit::MainThreadFileSystemCallbacks::didSucceed-2016-10-02
128146UNKNOWN in v8::internal::DescriptorArray::Set-2016-10-02
128018[LangFuzz] Crash in v8::internal::ShortCircuitConsString with invalid read$10002016-10-02
127889Use after free in WebCore::Font::characterRangeCodePath / WebCore::Font::codePath-2016-10-02
127764Heap-use-after-free in WebCore::RenderBlock::xPositionForFloatIncludingMargin-2016-10-02
127701Heap-use-after-free in WebCore::RenderObject::repaint-2016-10-02
127648Out of bounds read in WebCore::Region::Shape::compareShapes-2016-10-02
127624Security: pepper plugins - protect plugin's data files from other plugins and the renderer itself.-2016-10-02
127525Dragging a file into a web renderer exposes the file: scheme$5002016-10-02
127522Security: Chrome Allows "Carpet Bomb" from File Download-2016-10-02
127727Heap-use-after-free in WebCore::ContextDestructionObserver::contextDestroyed-2016-10-02
127449PPAPI processes hold privileged process handles-2016-10-02
127418Heap-use-after-free in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath$10002016-10-02
127417Security: Arbitrary memory read in libxslt$5002016-10-02
127371Heap-use-after-free in WebCore::AXObjectCache::postNotification-2016-10-02
127368Heap-use-after-free in WebCore::SVGAnimatedLengthAnimator::resetAnimValToBaseVal-2016-10-02
127367Heap-use-after-free in WebCore::ApplyStyleCommand::joinChildTextNodes-2016-10-02
127366Heap-use-after-free in WebCore::ReplaceSelectionCommand::performTrivialReplace-2016-10-02
127424Heap-use-after-free in WebKit::WebPagePopupImpl::closePopup$10002016-10-02
127234Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::FloatRect>::commitChange-2016-10-02
126723Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine-2016-10-02
126652Heap-buffer-overflow in bool WebCore::Region::Shape::compareShapes<WebCore::Region::Shape::CompareIntersectsOperation>-2016-10-02
126475Heap-use-after-free in WebCore::InlineBox::root-2016-10-02
126414[LangFuzz] Crash on heap with invalid read from random address (32 bit)$5002016-10-02
126406Heap-use-after-free in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks-2016-10-02
126343OOB write in PDF character code mapping-2016-10-02
126337Stack buffer overflow in character range parsing-2016-10-02
126296Security: Browser crash document.createEvent("MouseEvents").initMouseEvent in background tab$10002016-10-02
125730Heap-use-after-free in WebCore::Document::nodeChildrenWillBeRemoved-2016-10-02
126105Global-buffer-overflow in RgnOper::addSpan-2016-10-02
126074Heap-use-after-free in WebCore::SpellChecker::didCheckSucceeded-2016-10-02
126048Heap-use-after-free in SpeechRecognitionManagerImpl::DispatchEvent$10002016-10-02
126040Heap-use-after-free in WebCore::ContainerNode::insertBefore-2016-10-02
126015Heap-use-after-free in WebCore::HTMLFormControlElement::disabled-2016-10-02
125921Heap-buffer-overflow in WebCore::FontCache::releaseFontData-2016-10-02
125919Heap-buffer-overflow in WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue$5002016-10-02
125821The Linux setuid sandbox has becomre (even more) insanely complex-2016-10-02
126075Stack-buffer-overflow in SuggestMgr::forgotchar_utf-2016-10-02
125563Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
125557Heap-use-after-free in WebCore::AudioParam::disconnect-2016-10-02
125555Heap-use-after-free in WTF::HashMap<int, WTF::RefPtr<WebCore::CalculationValue>, WTF::IntHash<unsigned int>, WTF::HashTrait-2016-10-02
125529Heap-use-after-free in WebCore::HTMLLinkElement::setCSSStyleSheet-2016-10-02
125515[LangFuzz] Crash on heap with invalid write to random address$10002016-10-02
108918Heap-use-after-free in WebCore::RenderTableSection::rowLogicalHeightChanged-2016-10-02
108901Heap-buffer-overflow in compute_pos_tan$5002016-10-02
108894Heap-use-after-free in WebCore::HTMLCollection::length-2016-10-02
108871IndexedDB with autoincrement fails on object put and crashes chrome$10002016-10-02
108605Use of uninitialized value in SkAlphaRuns::Break$10002016-10-02
108798Heap-use-after-free in WebCore::(anonymous namespace)::AllowFileSystemMainThreadBridge::signalCompleted-2016-10-02
108695Heap-use-after-free in WebKit::WebFrameImpl::viewImpl$10002016-10-02
108648Security: Malicious extension could avoid being blacklisted via extension blacklist-2016-10-02
108476Heap-buffer-overflow in WebCore::Font::codePath$5002016-10-02
108544Heap-use-after-free in SubresourceLoader::didFinishLoading$10002016-10-02
108579Heap-buffer-overflow in void WTF::Vector<WTF::RefPtr<WebCore::TextTrack>, 0ul>::insert<WTF::RefPtr<WebCore::TextTrack> >-2016-10-02
108461Heap-use-after-free in WebCore::HTMLInputElement::copyNonAttributeProperties-2016-10-02
108416Global-buffer-overflow in render_line$5002016-10-02
108071Browser process heap-use-after-free with indexeddb cursors$31332016-10-02
108037Heap-buffer-overflow in WebCore::SVGLength::valueAsString$10002016-10-02
108006Stack-buffer-overflow in HB_MyanmarShape-2016-10-02
108267Heap-use-after-free in WebCore::RenderBlock::selectionGaps-2016-10-02
108207Heap-use-after-free in WebCore::RenderTable::borderBefore$10002016-10-02
107758Heap-use-after-free in WebCore::RenderRegion::offsetFromLogicalTopOfFirstPage$10002016-10-02
107565Security: dragging a file URL between two http-spawned windows goes remote->local-2016-10-02
107873Heap-use-after-free in WebCore::DatabaseTracker::interruptAllDatabasesForContext-2016-10-02
107616UXSS in v8 bindings npCreateV8ScriptObject()-2016-10-02
107939Heap-buffer-overflow in WebCore::RenderBlock::layoutRunsAndFloatsInRange-2016-10-02
107258Freed m_renderer used in InlineBox::deleteLine-2016-10-02
107244Heap-use-after-free in DatabaseObserver$10002016-10-02
107376Memory corruption crash in ExtensionPrefs::MigrateAppIndex.-2016-10-02
107128Heap-buffer-overflow in xmlStringLenDecodeEntities$40002016-10-02
107277Heap-use-after-free in WebCore::RenderTextFragment::willBeDestroyed-2016-10-02
107182Heap use after free with malware blocking page$31332016-10-02
106672Security: Crash in requestAnimationFrame when removing a frame$10002016-10-02
106671Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
106577Heap-buffer-overflow in SkAAClipBlitter::blitAntiH$5002016-10-02
107032Sad tab when visiting https://code.google.com and --no-displaying-insecure-content-2016-10-02
106441Stack-buffer-overflow in _canonicalize$10002016-10-02
106419Global-buffer-overflow in SkFileDescriptorStream::read-2016-10-02
106413Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine-2016-10-02
106340Heap-use-after-free in WebCore::RenderTable::outerBorderAfter$30002016-10-02
106336Heap-use-after-free in WebCore::CounterNode::insertAfter$5002016-10-02
106334Security: Popupblocker is ignored, downloads are invisible-2016-10-02
106484Heap-use-after-free in WebCore::RenderObject::childAt$10002016-10-02
106309Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine (regions issue)-2016-10-02
106165Heap-buffer-overflow in safe_browsing protocol parser-2016-10-02
105867Use after free in V8HTMLElementWrapperFactory.cpp$10002016-10-02
105803PDF missing integer validation for Flate / LZW / Fax prediction codes and other parameters-2016-10-02
106200Heap-use-after-free in WebCore::InlineBox::deleteLine$5002016-10-02
106316Heap-buffer-overflow in WebCore::HTMLTreeBuilder::processEndTag-2016-10-02
105482Security: CSP connect-src and script-src not enforced on workers-2016-10-02
105459Use-after frees and bad casts with -webkit-column-span$20002016-10-02
105714Nasty looking INVALID_POINTER_READ in internal PDF-reader$5002016-10-02
134123Heap-use-after-free in WebCore::VisibleSelection::rootEditableElement-2016-10-02
105162Stack-buffer-overflow in base::files::(anonymous namespace)::InotifyReaderTask::Run-2016-10-02
134305Heap-use-after-free in WebCore::RenderObject::absoluteBoundingBoxRect-2016-10-02
133725Security: public chromium site is leaking internal Google DNS names-2016-10-02
134088Use-after-free: LabelsNodeList isn't updated properly after its owner node is adopted into a new document-2016-10-02
133892Heap-use-after-free in WebCore::RenderListItem::updateMarkerLocation-2016-10-02
133288Heap-buffer-overflow in WebCore::CSPSourceList::parseSource-2016-10-02
133571Heap-use-after-free in SkARGB32_Black_Blitter::blitAntiH$10002016-10-02
133418Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects-2016-10-02
134101Security: webRequest API allows extensions to XSS chrome.google.com and gain access to webstorePrivate API$20002016-10-02
133214UNKNOWN in WebCore::RenderTableSection::addCell$10002016-10-02
133196Heap-use-after-free in WebCore::RenderInline::willBeDestroyed-2016-10-02
132806ChromeContentBrowserClient::AllowSocketAPI using allowed_socket_origins_ without scheme check-2016-10-02
132779Security: WebM heap-buffer-overflow in matroskadec.c:matroska_parse_block()$10002016-10-02
132699Update Java version metadata for Jun 2012 CPU-2016-10-02
132690Heap-use-after-free in WebCore::RenderSVGModelObject::checkIntersection-2016-10-02
132890Crash when using Web Audio + media element with no audio or when user navigates-2016-10-02
131969Heap-use-after-free in WebCore::AccessibilityObject::getAttribute-2016-10-02
132396Heap-use-after-free in WebCore::RenderBlock::layoutRunsAndFloats-2016-10-02
132398Global-buffer-overflow in D_Clear_BitmapXferProc-2016-10-02
132203UAF in ValueStoreFrontend::Backend::Get-2016-10-02
132019Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
132270Global-buffer-overflow in WebCore::mediaControlElementType-2016-10-02
131968Heap-use-after-free in WebCore::AccessibilityTable::isDataTable-2016-10-02
132241Heap-use-after-free in WebCore::DocumentThreadableLoader::cancel-2016-10-02
131934Heap-use-after-free in WTF::Vector<WebCore::Attribute, 0ul>::~Vector-2016-10-02
131348Security: Use-after-free in safe_browseing::DownloadProtectionService found by Valgrind-2016-10-02
131347heap-use-after-free in DictionaryValue while closing chrome, requires extension.-2016-10-02
131087UAF due to Document::removePendingSheet re-entering JavaScript during Document cleanup-2016-10-02
130927Heap-use-after-free in WebCore::CompositeEditCommand::breakOutOfEmptyListItem-2016-10-02
130824Security: Linux crash report generation code reads past the end of an unterminated string buffer.-2016-10-02
130802Heap-buffer-overflow in void WTF::Vector<unsigned short, 0ul>::append<unsigned short>-2016-10-02
130743Chromium is no more asking you for permissions to run WMP plugin via the Infobar. Is it intentional?-2016-10-02
130723Use after free after setting -webkit-line-clamp to none-2016-10-02
130722Heap-use-after-free in WebCore::InsertParagraphSeparatorCommand::doApply-2016-10-02
130595Heap-use-after-free in WebCore::RenderBlock::layoutBlockChildren$10002016-10-02
130356Heap-use-after-free in WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget$10002016-10-02
130276Chrome attempts to load metro_driver.dll when Metro is not supported-2016-10-02
130241[crash] WebCore::RenderStyle::fontMetrics(void)+0xa-2016-10-02
130240Heap-buffer-overflow WRITE in read_markers third_party/libjpeg_turbo/jdmarker$10002016-10-02
130237Heap-use-after-free in WebCore::RenderObject::arenaDelete-2016-10-02
130235Heap-use-after-free in WebCore::HTMLElement::adjustDirectionalityIfNeededAfterChildrenChanged-2016-10-02
130369Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects$10002016-10-02
129826Chrome_Mac: Zombie <DownloadItemController: 0x1f1e6fd0> received -handleReveal: (via -performSelector:withObject:)-2016-10-02
129947Heap-use-after-free in WebCore::RenderObject::setStyle$10002016-10-02
129942UNKNOWN in v8_i18n::IntlNumberFormat::JSInternalFormat$10002016-10-02
129936Heap-use-after-free in WebCore::InlineTextBox::nodeAtPoint-2016-10-02
129930Security: libxml2 growBuffer integer overflow on 64-bit machines$30002016-10-02
129898Heap-use-after-free in WebCore::CounterNode::lastDescendant$10002016-10-02
129890Heap-use-after-free in WebCore::cancelAll-2016-10-02
129951UNKNOWN in v8::Function::Call$10002016-10-02
129394Heap-use-after-free in WebCore::AccessibilityTable::isDataTable-2016-10-02
129569Heap-use-after-free in WebCore::RenderLayer::updateCompositingLayersAfterScroll-2016-10-02
129396Heap-buffer-overflow in WebCore::RenderTable::colElement-2016-10-02
129357Heap-buffer-overflow in WebCore::RenderProgress::isDeterminate-2016-10-02
129301Heap-use-after-free in WebCore::AXObjectCache::postPlatformNotification-2016-10-02
129299Run-in UAFs part 2-2016-10-02
129360Heap-use-after-free in WebCore::InlineFlowBox::removeChild-2016-10-02
105143Cross-origin drag-and-drop prevention ineffective-2016-10-02
105157Heap-use-after-free in WebCore::InlineFlowBox::removeChild-2016-10-02
105133Heap-use-after-free in WebCore::RenderObject::isDescendantOf-2016-10-02
105012Global-buffer-overflow in WebCore::RenderFlexibleBox::mainAxisBorderAndPaddingExtentForChild-2016-10-02
104935Security: HSTS "cookies" do not obey expected policy.-2016-10-02
104863Heap-use-after-free in WebCore::SubresourceLoader::didFail$10002016-10-02
104859Heap-use-after-free in WebCore::InlineFlowBox::computeOverAnnotationAdjustment$10002016-10-02
104617Heap-use-after-free in WebCore::CSSImageGeneratorValue::addClient-2016-10-02
104529PDF-reader tab-crash with editable crash address.$20002016-10-02
104959Nasty looking crash on internal pdf-reader$5002016-10-02
104461Security: chrome://workers/ crash-2016-10-02
104325Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
104315Heap-use-after-free WebCore::RenderObject::container-2016-10-02
104272Security: Directory traversal in extension docs-2016-10-02
104266Heap-use-after-free in WebCore::nextBreakablePosition-2016-10-02
104466Schema check on navigations to chrome/file schemas should be avoided-2016-10-02
104317Stale RenderObject in RenderBlock::addChildIgnoringAnonymousColumnBlocks()-2016-10-02
104056Crash with PDF at bad IP$10002016-10-02
104223Security: MHTML can be used to steal cookies-2016-10-02
103867Security: chrome.test.resetQuota extension API exposed to all extensions-2016-10-02
103750minor self-inflicted xss on chrome://tracking2-2016-10-02
103738Security: out of bounds array access in WebCore::RenderTableSection::rowLogicalHeightChanged-2016-10-02
104011v8_i18n::BCP47ToICUFormat() - crash$10002016-10-02
104151Bad cast in WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton-2016-10-02
103921Use-after-free in DOM Range$10002016-10-02
103239Security: INVALID_POINTER_READ/WRITE_EXPLOITABLE_chrome!SkRgnBuilder::blitH$10002016-10-02
103259[LangFuzz] Crash at v8::internal::WriteQuoteJsonString with invalid write$10002016-10-02
102810Security: buffer overflow in link prefetching$10002016-10-02
103630Security: iFrame SandBox Unique Origin not enforced in extensions-2016-10-02
103126Heap-use-after-free in WebCore::RenderTextFragment::styleDidChange-2016-10-02
103244Pinning checks aren't enforced in the case of a minor error.-2016-10-02
103058Security: missing xslt import causes crash w/preloading$10002016-10-02
102037Security: Use after free in CSSStyleDeclarationInternal::parentRuleAttrGetter-2016-10-02
101900Security: bug rendering web pages with flash content-2016-10-02
101835Exit full screen button crashs browser-2016-10-02
101779OOB read with corrupt PDF; possible stability issue too-2016-10-02
101624Security: buffer overrun leading to heap corruption in ANGLE shader translator-2016-10-02
102242ZDI-CAN-1416: WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability-2016-10-02
101901Security:scrolling web with flash content rendering bug-2016-10-02
102628Security: Adobe regions use-after-free with multiple region css thingies$10002016-10-02
102461Failure to infobar JRE7-2016-10-02
102359Use-after-free in SVG renderer$10002016-10-02
101446Use after free in TextTrack::~TextTrack-2016-10-02
101235Security: Location bar spoofing when using replaceState in unload event handler-2016-10-02
101205Security: marketplace-2016-10-02
101172Seeking on webm 1080p video causes crash-2016-10-02
101580Heap-use-after-free in WebCore::RenderObject::enclosingLayer-2016-10-02
101548Test: ABCD-2016-10-02
101494OOB read in media::ScaleYUVToRGB32-2016-10-02
101458OOB read in WebM/vorbis vorbis_decode_frame()$10002016-10-02
101018Use after free in fullscreen unwraprenderer-2016-10-02
101010Security: css/CSSParser.cpp memory corruption bug-2016-10-02
100958Heap-use-after-free WebCore::RenderBlock::layoutPositionedObjects-2016-10-02
100879Problem with full-screen infobar permission prompt-2016-10-02
100863OOB read in SVG at WebCore::parseArcFlag-2016-10-02
100543OOB read in WebM/vorbis at render_line()$5002016-10-02
101065Use after free with counters and inline-table and :before content-2016-10-02
101127BlackBerry®-2016-10-02
101136Security: Search terms hijacked to return only one site for search terms-2016-10-02
138210Information and credential disclosure by file:// URLs (Android)$5002016-10-02
138035Security: Google Chrome for Android: Current-tab cross-application scripting (UXSS)$5002016-10-02
138012Heap-buffer-overflow in WebCore::FontCache::releaseFontData-2016-10-02
137912Heap-buffer-overflow in WebCore::DelayDSPKernel::process-2016-10-02
137891Security: HTTPS proxy can run JavaScript on requested HTTPS sites-2016-10-02
137852Heap-use-after-free in WebKit::WebElement::document-2016-10-02
137778Heap-use-after-free in webkit::ppapi::PPB_URLLoader_Impl::FillUserBuffer-2016-10-02
138208Crash in SkGlyphCache::findImage$10002016-10-02
100492Use after free in WebM/matroska at matroska_execute_seekhead()$30002016-10-02
100465OOB read in OGV at unpack_vlcs$5002016-10-02
100464Use-after-free in WebM at decode_mb_mode$10002016-10-02
100459Use after free in RenderDeprecatedFlexibleBox::layoutHorizontalBox(bool) [and first-letter]-2016-10-02
100447ClusterFuzz Account Check.-2016-10-02
100322Security: Calling arbitrary V8 native functions from JavaScript-2016-10-02
138196Stack-buffer-overflow in NPObjectProxy::NPNEvaluate-2016-10-02
138192Heap-buffer-overflow in WebCore::HTMLInputElement::dataList-2016-10-02
100526Use after free in floats and first-letter-2016-10-02
137623Heap-buffer-overflow in WebPluginDelegateProxy::BackgroundChanged-2016-10-02
137532Security: Android APIs exposed to JavaScript$5002016-10-02
137471Heap-use-after-free in WebCore::Element::cloneElementWithoutChildren-2016-10-02
137413Heap-buffer-overflow in WebCore::RenderTableSection::setCellLogicalWidths-2016-10-02
137409Heap-use-after-free in WebCore::RenderObject::container-2016-10-02
137407Security: Chrome for iOS security bug-2016-10-02
137364Heap-use-after-free in WebCore::CSSFontSelector::beginLoadTimerFired-2016-10-02
137707Security: Chrome extensions bug cause crash in all Chrome processes$5002016-10-02
137671Security: Bad cast in WebCore::CalendarPickerElement::hostInput()$20002016-10-02
137541Reproduceable crash. Changing tabs while a specific text field has focus.-2016-10-02
137233Heap-buffer-overflow in WebCore::RenderBlock::handleTrailingSpaces-2016-10-02
137125UNKNOWN in WebCore::StylePropertySet::addParsedProperties$10002016-10-02
137208Security: Mouse lock permission and iframe on different host-2016-10-02
137174UNKNOWN in WebCore::SVGAnimationElement::currentValuesForValuesAnimation-2016-10-02
137147UNKNOWN in WebCore::RenderTable::cellBefore-2016-10-02
137303Corrupted rendering with many MapsGL tabs open-2016-10-02
137052Heap-use-after-free in WebCore::EllipsisBox::paint-2016-10-02
137363Heap-use-after-free in WebCore::RenderBlock::removeChild-2016-10-02
137362Heap-buffer-overflow in WebCore::CCLayerTreeHostImpl::CullRenderPassesWithNoQuads::shouldRemoveRenderPass-2016-10-02
137232UNKNOWN in WebCore::ElementAttributeData::addAttribute-2016-10-02
136497Security: XSS via Copy&Paste protection bypass using @formaction / General Iframe Sandbox Considerations regarding copy&paste / drag&drop-2016-10-02
136881Security: race condition with workers and sync xmlhttprequests$5002016-10-02
136894Heap-buffer-overflow in UpsampleBgraLinePairSSE2$10002016-10-02
136952Heap-use-after-free in WebCore::RenderLineBoxList::dirtyLinesFromChangedChild-2016-10-02
136226Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine-2016-10-02
136182Heap-use-after-free in WebCore::ImageLoader::updateRenderer-2016-10-02
136344Heap-use-after-free in WebCore::FrameLoader::stopAllLoaders-2016-10-02
136116Heap-use-after-free in WebCore::RenderLayer::enclosingFilterLayer-2016-10-02
136046Bad intersection of injected HTTP headers leads to Content Security Policy (CSP) Bypass-2016-10-02
136296Heap-use-after-free in WebCore::SVGSMILElement::resetTargetElement-2016-10-02
136235Heap-use-after-free in WebCore::StyleResolver::collectMatchingRulesForList$10002016-10-02
136145Security: Heap-buffer-overflow on TextFieldDecorationElement::defaultEventHandler-2016-10-02
135697Heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps-2016-10-02
135658Turn off <iframe> seamless for m21-2016-10-02
135595Heap-use-after-free in WebCore::ImageLoader::notifyFinished-2016-10-02
135705Heap-buffer-overflow in WebCore::TextIterator::handleTextBox-2016-10-02
135432Heap-buffer-overflow in skia::BGRAConvolve2D$10002016-10-02
135698Heap-use-after-free in WebCore::HTMLInputElement::isPresentationAttribute-2016-10-02
135485SPDY - Pushed stream - crash accessing https://jetty.intalio.com:10111/spdy-2016-10-02
135071Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::append<unsigned short>-2016-10-02
134897Bad cast with run-ins and <input>$10002016-10-02
135173Heap-use-after-free in WebCore::RenderQuote::rendererRemovedFromTree-2016-10-02
135043Heap-use-after-free in media_stream::$31332016-10-02
134429Heap-use-after-free in WebCore::Document::clearNodeListCaches-2016-10-02
134639Heap-use-after-free in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers-2016-10-02
134428Heap-buffer-overflow in WebCore::SVGDocumentExtensions::removeAnimationElementFromTarget-2016-10-02
134519Security: memory address disclosure through JavaScript in WebUI's cookies page-2016-10-02
134402Heap buffer overflows in WebCore::CSSParser::lex-2016-10-02
134324Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects-2016-10-02
134325Security: Use after free with mouse lock and window.open$10002016-10-02
100177Use after free in first-letter container destruction handling.-2016-10-02
100149Use after free in AX Scrollbars-2016-10-02
99991Use after free in ImageBuffer::toDataURL-2016-10-02
100059Generic fix: Register custom fonts at creation time, rather than retire time.$13372016-10-02
99652OOB read in vp8_decode_frame$10002016-10-02
99732Use after free in table parts.-2016-10-02
99603Use after free due to flexible box not laying some of its children.-2016-10-02
99597Use after free in tables, float, :after content-2016-10-02
99840Windows OpenGL performance drops by 2/3 with GPU sandbox on-2016-10-02
99880Use after free in table :before, :after content.$10002016-10-02
99901BinScope reports SafeSEH not supported on video DLLs-2016-10-02
99615Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled-2016-10-02
99465Security: AccessibilityImageMapLink holds onto it's parent even after it's been freed-2016-10-02
99348Use after free in tables-2016-10-02
99338Use after free in RenderTableSection::splitColumn-2016-10-02
99596Use after free in media::FFmpegDemuxerStream::Read-2016-10-02
99553repeatedly re-setting video.src crashes in WebCore::VideoLayerChromium::updateCompositorResources-2016-10-02
99480OOB read in media::ScaleYUVToRGB32-2016-10-02
99294Use after free with :after in display table and :first-letter$10002016-10-02
99167[LangFuzz] Crash on Heap involving GC (invalid write)$10002016-10-02
99104WebKit: invalid cast in WebCore::toRenderBlock / WebCore::RenderBlock::blockSelectionGaps-2016-10-02
99016Security: HTTPS Address Bar Spoofing Using View-source And Redirection$10002016-10-02
99003changing proxy-2016-10-02
99229WebKit: Use after free in ~Node because ~HTMLLinkElement triggers script execution-2016-10-02
99211Heap buffer overflow in Webaudio FFTFrame::doFFT$20002016-10-02
99138Use-after-free with plugin and editing$10002016-10-02
98556Use after free with first-letter$10002016-10-02
98262Chrome 16 crash when resizing window-2016-10-02
98161Bug 68816 - Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption-2016-10-02
98773[LangFuzz] Crash at v8::Object::SlowGetPointerFromInternalField with invalid read$10002016-10-02
98809Renderer crash with PDF at isalnum$5002016-10-02
98582Security: invalid memory reference to window object-2016-10-02
97994Use after free due to stale fonts-2016-10-02
97952Stale layout root generic fix from Mitz-2016-10-02
97898Regression: Use after free in RenderBlock::linkToEndLineIfNeeded-2016-10-02
97867Security: Major Google Plus and Google Chrome Problem-2016-10-02
98089memory corruption in ANGLE shader translator-2016-10-02
98064Use-after-free when font is missing$10002016-10-02
97784[v8] Stale pointer in CSSStyleSheet, Invalid cast in V8ListenerList::doFindWrapper$15002016-10-02
97608Use after free in counters in :before, :after content$5002016-10-02
97596Security: anonymous proxy-2016-10-02
97553Clicking a link on a page that has been fullscreened by JS doesn't exit fullscreen-2016-10-02
97546Use after free in ruby text :after, :before content due to stale styles.-2016-10-02
97278Security: Tracking bug for CachedResourceLoader::canRequest in a redirect chain-2016-10-02
97148Crashes in PhishingDOMFeatureExtractor::ExtractFeaturesWithTimeout-2016-10-02
97092Stale canvas used in WebCore::PlatformContextSkia::save()$10002016-10-02
97674Security: Extension can get at tabs details (url/title) without requesting tabs permission-2016-10-02
97599More stale styles in listmarkers$10002016-10-02
96747Security: Magic iframe transfer vulnerability for Pepper/NaCl plugins-2016-10-02
96902Use-after-free in findPlaceForCounter$10002016-10-02
97006Use after free due to issues in element detachment when entering fullscreen-2016-10-02
96665Use after free in Element::recalcStyle due to reparenting issues in treebuilder-2016-10-02
96382out-of-bounds access in Gradient::sortStopsIfNecessary-2016-10-02
96292Use after free in media BufferedResourceLoader::Start-2016-10-02
141815Heap-use-after-free in WebCore::RenderQuote::detachQuote-2016-10-02
141651Heap-buffer-overflow in SkA8_Blitter::blitAntiH$5002016-10-02
141564Heap-use-after-free in WebCore::HTMLLinkElement::removedFrom-2016-10-02
141462Extension resources that are not web accessible should not be able to be linked to from the web-2016-10-02
141444Security: Support pinning for Google ccTLDs-2016-10-02
141395UNKNOWN in v8::internal::SemiSpaceIterator::Next$10002016-10-02
96499Heap-use-after-free in WebCore::RenderLayer::updateVisibilityStatus-2016-10-02
96444Freed scrollbar used in RenderScrollbarPart::imageChanged [not related to previous stale m_owner issues]-2016-10-02
96149Use after free in WebCore::AudioChannel::sumFrom-2016-10-02
141093Security: Dev only restriction for declarativeWebRequest does not seem to work-2016-10-02
96150Use after free in OfflineAudioDestinationNode::notifyCompleteDispatch-2016-10-02
140805Heap-use-after-free in WebCore::RenderRegion::restoreRegionObjectsOriginalStyle-2016-10-02
140803Heap-buffer-overflow in SkA8_Blitter::blitH$10002016-10-02
140720Heap-use-after-free in WebCore::RenderBlock::removeChild-2016-10-02
140656Heap-use-after-free in WebCore::CachedResource::didAddClient$10002016-10-02
140647UNKNOWN in ogg_calc_pts-2016-10-02
140642Heap-buffer-overflow in SkDashPathEffect::SkDashPathEffect-2016-10-02
96131Closing parent then child in gmail = sad tab-2016-10-02
96170Use after free in InspectorPageAgent::resourceContent-2016-10-02
140495Text box fails to render contents and does not accept user input.-2016-10-02
140484Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
140368Security: heap-use-after-free in xsltGenerateIdFunction-2016-10-02
140165Heap-buffer-overflow in vorbis_decode_frame-2016-10-02
140142Heap-use-after-free in base::internal::WeakReference::is_valid-2016-10-02
140532Heap-use-after-free in WebCore::RenderBoxModelObject::hasSelfPaintingLayer-2016-10-02
140544Security: CSP doesn't turn off eval, etc. in Web Workers-2016-10-02
140083[LangFuzz] Crash on heap trying to execute address 0x0000000200000000.$10002016-10-02
140045REGRESSION(r122498): Assertion failure: m_nodeListCounts is sometimes not zero in the Document destructor-2016-10-02
139961Heap-use-after-free in WebCore::TargetListener::handleEvent [Stale target]-2016-10-02
139814UAF in DOMContentLoaded$20002016-10-02
139789Heap-buffer-overflow in WebCore::CSSParser::updateLastSelectorLineAndPosition-2016-10-02
139772AddressSanitizer reports a global buffer underflow in swizzle_for_size() in Mesa-2016-10-02
139744Security: SSL compression infoleak$53372016-10-02
140085UNKNOWN in /mnt/scratch0/clusterfuzz/slave-bot/builds/revisions/asan-linux-release-149416/chrome+Unknown-2016-10-02
139685OOB read atleast in WebCore::SVGListProperty<WebCore::SVGTransformList>::getItemValuesAndWrappers-2016-10-02
139690Heap-use-after-free in WebCore::GenericEventQueue::timerFired-2016-10-02
139646Heap-use-after-free in WebCore::DynamicNodeList::itemWithName-2016-10-02
139679Bad cast in RenderFrameSet::computeEdgeInfo-2016-10-02
139530Heap-use-after-free in WebCore::Node::~Node-2016-10-02
139475Heap-use-after-free in WebCore::TargetListener::handleEvent [Stale event listener]-2016-10-02
139462Heap-use-after-free in SkCanvas::updateDeviceCMCache-2016-10-02
139541UNKNOWN in v8::HandleScope::CreateHandle-2016-10-02
139464Heap-use-after-free in WebCore::RenderSVGShape::calculateStrokeBoundingBox-2016-10-02
139321Heap-use-after-free in WebCore::InlineBox::extractLine-2016-10-02
139402Heap-use-after-free in D_Clear_BitmapXferProc-2016-10-02
139215Heap-use-after-free in WebCore::StyleResolver::collectMatchingRules-2016-10-02
139168Security: Creating a loop in the DOM tree (99% a DoS)$5002016-10-02
139131Heap-use-after-free in WebCore::StyleResolver::collectMatchingRulesForList-2016-10-02
139290Heap-use-after-free in WebCore::StyleResolver::loadPendingImage-2016-10-02
139383Heap-use-after-free in WebCore::HTMLTextFormControlElement::fixPlaceholderRenderer-2016-10-02
139240Heap-buffer-overflow in WebCore::TextTrackCueList::add-2016-10-02
138738Crash in extensions::SetContentSettingFunction-2016-10-02
138915Heap-use-after-free in WebCore::ContainerNode::cloneChildNodes-2016-10-02
138422Heap-use-after-free in WebCore::Font::glyphDataAndPageForCharacter-2016-10-02
138404Heap-use-after-free in WebCore::Document::page-2016-10-02
138673Heap-buffer-overflow in xsltApplyTemplates$10002016-10-02
138990Heap-use-after-free in WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible-2016-10-02
138672Heap-double-free in xsltCompileStepPattern-2016-10-02
138901Heap-use-after-free in ProfileKeyedBaseFactory::GetProfileToUse-2016-10-02
138302Stack-buffer-overflow in NPObjectProxy::NPInvokePrivate-2016-10-02
138318UXSS with pointer lock-2016-10-02
138382Heap-use-after-free in WebCore::AutoTableLayout::recalcColumn-2016-10-02
138316Heap-use-after-free in WebCore::RenderBoxModelObject::hasSelfPaintingLayer-2016-10-02
95849Security: any Chrome committer (or parhaps even any user with Google account?) can compromise Google Chrome-2016-10-02
95842Security: Chrome Gives Unreliable Security Info-2016-10-02
95761Use after free in ContainerNode::removeChild (looks related to plugin)-2016-10-02
95672Use after free in ListIterms and RunIns rendering (from bug 88680)$10002016-10-02
95669Regression(r93913): Use after free in ScriptController::executeScript-2016-10-02
95992Security: header injection when using embeded \0 in headerline-2016-10-02
95920[LangFuzz] Crash at v8::internal::ElementsAccessorBase with invalid read$10002016-10-02
95917Security: Chrome does not ask for approval when "not trusted" SSL cert. changes-2016-10-02
95563OOB read in tibetan_nextSyllableBoundary-2016-10-02
95625OOB read in gpu::gles2::GLES2DecoderImpl::HandleDrawArrays-2016-10-02
95499Use after free due to style not updated and having stale fonts.-2016-10-02
95485[LangFuzz] Crash at v8::internal::Object::Lookup$10002016-10-02
95639Use after free in Document::fullScreenChangeDelayTimerFired-2016-10-02
95620use-after-free in browser_tests-2016-10-02
95520Child not placed correctly when :before, :after placed in same table part container causing stale style-2016-10-02
95359Use after free in WebCore::SVGTRefElement::updateReferencedText-2016-10-02
95360use after free in WebCore::ContainerNode::removeChild via Range.deleteContents()-2016-10-02
95083Security: Reveal stored passwords using the Developer Tool-2016-10-02
95072Use after free due to style not updated for svg text runs.$10002016-10-02
95012Add defensive bounds checking in AudioNode-2016-10-02
94834Security: Thread safety with AudioChannelMerger-2016-10-02
95374Redirect to chrome:// URIs via Location: header$23372016-10-02
954654 OOB reads in XMLDocumentParser::doWrite-2016-10-02
95333ERROR:the following pages have become unresponsive. you can wait to become responsive or kill them-2016-10-02
94820Don't allow nodes of one context to be connected to nodes of another context-2016-10-02
94743Regression(r93913): Use after free in ScheduledAction::execute(WebCore::V8Proxy*)-2016-10-02
94578Security: Brute forcing Intranet WWW-Auth with script element-2016-10-02
94487Security: JSC::Yarr regexp 32/48 to the left of 768 with workers$10002016-10-02
94464Security: e-2016-10-02
94463Security: e-2016-10-02
94462Security: e-2016-10-02
94461Security: e-2016-10-02
94460Security: e-2016-10-02
94459Security: e-2016-10-02
94458Security: e-2016-10-02
94810Use after free with Floats and Ruby-2016-10-02
94809Use after free in ruby overhang.-2016-10-02
94456Security:-2016-10-02
94275Make sure that AudioArray is 16-byte aligned-2016-10-02
94273V8 custom bindings for AudioNode must do proper object checking and throw exception in case of error-2016-10-02
94186WebAudio node lifetype crash when tearing down audio nodes / media element node-2016-10-02
94025WebAudio: Integer overflows in AudioArray-2016-10-02
93978Out of bounds reads and writes when FFT size is changed.-2016-10-02
93918Regression(93122): Use after free in InspectorCSSAgent::clearFrontend-2016-10-02
94457Security: e-2016-10-02
94278Fix thread-safety of AudioNode deletion-2016-10-02
93596Bad read in bundled PDF viewer-2016-10-02
93497Security: Accessibility of the chrome.webstorePrivate-API-2016-10-02
93472Yet another double-free caused by malformed XPath expression in XSLT$10002016-10-02
93420Use after free in FocusController::advanceFocusInDocumentOrder$10002016-10-02
93788Use after free in RenderText lineboxes.$10002016-10-02
93587Use after free in WebCore::Text::recalcStyle due to before after content issue in table parts$10002016-10-02
93856Use after free in RenderFlowThread::nextRendererForNode-2016-10-02
93146Security: Possible race condition in Windows Policy reading that can lead to stale policy.-2016-10-02
93106Failing assertion in IDBTransaction.cpp-2016-10-02
93097Defensively null out danging pointers in the NaCl browser plugin memory safety for M14-2016-10-02
93059OOB read in EventDispatcher::adjustToShadowBoundaries-2016-10-02
93416Security: Arbitrary cross-origin bypass using __defineGetter__ prototype override$20002016-10-02
93236Stale Pointer Crash in PrintWebViewHelper::PrintPreviewContext::CreatePreviewDocument-2016-10-02
92959Stale node in StyleSheetCandidateListHashSet$10002016-10-02
92769Use after free in TreeBuilder-2016-10-02
92651Use after free due to style not updated for ANONYMOUS boxes (e.g RenderRow), inline-blocks (e.g. RenderRubyRun)$10002016-10-02
92621Use after free in VisibleSelection::selectionFromContentsOfNode-2016-10-02
92550Chrome (main process) crashes when setVersion is called when all (Indexed) database name space is used up-2016-10-02
92226Use after free in CounterNode::lastDescendant-2016-10-02
92840Use after free in HarfbuzzFace::~HarfbuzzFace-2016-10-02
146433Chrome_Mac: Crash Report - base::::CrMallocErrorBreak / invalid free in SkWriter32::rewindToOffset-2016-10-02
146235WTF::equal is too aggressive and may trigger ASan reports-2016-10-02
146208Heap-buffer-overflow in WebCore::RenderTableSection::nodeAtPoint-2016-10-02
146145Heap-use-after-free in WebCore::RenderText::computePreferredLogicalWidths-2016-10-02
146144Heap-use-after-free in WebCore::FrameView::scrollContentsFastPath-2016-10-02
146111Heap-use-after-free in WebCore::RenderBoxModelObject::hasSelfPaintingLayer-2016-10-02
145976Heap-use-after-free in WebCore::HTMLTextFormControlElement::fixPlaceholderRenderer-2016-10-02
145921AddressSanitizer reports a UAF in WebCore::RenderStyle::letterSpacing-2016-10-02
146146Heap-buffer-overflow in WebCore::FlowThreadController::unregisterNamedFlowContentNode-2016-10-02
145867Heap-use-after-free in WebCore::FrameView::scrollContentsFastPath-2016-10-02
145915Security/Privacy: <img>-embedded SVG will load external content referenced by CSS @import @font-face-2016-10-02
145530Mitigation: Kill OOB reads(or few writes) by preventing access to harmful locals in dirty text lineboxes-2016-10-02
145525Security: heap buffer overflow in gpu process with webgl$35002016-10-02
145492Web Inspector: Page with @import and :last-child in an edited stylesheet will crash (UAF)-2016-10-02
145544Security: integer overflow in gpu process with webgl$10002016-10-02
145272Heap-use-after-free in WebCore::nextBreakablePosition-2016-10-02
145018Heap-use-after-free in WebCore::StyleSheetContents::checkLoadCompleted-2016-10-02
144886Security: webgl crash on mesa$31332016-10-02
144866Security: Chrome for Android Bypassing SOP for Local Files By Symlinks$5002016-10-02
144831Heap-buffer-overflow in WebCore::StylePropertySet::copyPropertiesFrom-2016-10-02
145363Security: Chrome extension DEP crash-2016-10-02
144899SkPaint::SkPaint - crash$10002016-10-02
144799Heap-double-free in xmlFreeNodeList-2016-10-02
144813Security: UXSS via com.android.browser.application_id Intent extra$5002016-10-02
144671Heap-use-after-free in WebCore::GCPrologueVisitor<void, WebCore::SpecialCasePrologueObjectHandler>::visitDOMWrapper-2016-10-02
144466Crash when verifying ECDSA certificate on XP-2016-10-02
144734Heap-buffer-overflow in WebCore::RenderTable::removeCaption-2016-10-02
144810Heap-use-after-free in WebCore::RenderTable::calcBorderEnd-2016-10-02
144704Tracking bug for fixing rel=noreferrer aslr bypass-2016-10-02
143761Heap-use-after-free in WebCore::GraphicsContext::restore$10002016-10-02
143672Flapper Crash in BrokerProcessDispatcher::GetSitesWithData-2016-10-02
143859Security: World-writable shared memory segments for X/Linux UI-2016-10-02
144051Security: Memory address disclosure through JavaScript in Print Preview WebUI-2016-10-02
143846Security: Chromoting creates a world-writable shared memory segment-2016-10-02
143609Heap-use-after-free in WebCore::ElementV8Internal::onclickAttrGetter$10002016-10-02
143604Heap-use-after-free in WebCore::RenderBlock::LineBreaker::nextLineBreak [SVG text]-2016-10-02
143593Heap-buffer-overflow in WebCore::SurrogatePairAwareTextIterator::consume-2016-10-02
143582Heap-use-after-free in WTF::OwnPtr<WTF::Vector<WebCore::RegisteredEventListener, 1ul> >::~OwnPtr-2016-10-02
143551Heap-use-after-free in WebCore::TreeScopeAdopter::moveTreeToNewScope-2016-10-02
143656Heap-use-after-free in WebCore::SVGTRefElement::updateReferencedText$10002016-10-02
143648Heap-buffer-overflow in WebCore::StyleResolver::applyProperty-2016-10-02
143176Heap-use-after-free in WebCore::AccessibilityNodeObject::document-2016-10-02
143409Heap-buffer-overflow in SkScalerContext_FreeType::generateImage-2016-10-02
142956Security: XSS in SSL Certificate error page$5002016-10-02
142876Heap-buffer-overflow in WebCore::HarfBuzzShaperBase::isWordEnd-2016-10-02
143329Bad cast in RenderGrid::layoutGridItems-2016-10-02
143004Security: Untrustworthy Chrome OS user-wallpaper png's are loaded pre-login (in the sandboxed utility process)-2016-10-02
142310ASan reports a use-after-free in IndexedDBBrowserTest.Bug109187Test-2016-10-02
142395Bad cast in computeReplacedLogicalHeightUsing-2016-10-02
142145Heap-use-after-free in WebCore::RenderBlock::removeChild-2016-10-02
142746Security: Potential use after destruction in ui/gfx/image-2016-10-02
142169Heap-buffer-overflow in SkAlphaRuns::add$5002016-10-02
142088UNKNOWN in v8::internal::Invoke-2016-10-02
142087UNKNOWN in void v8::internal::String::WriteToFlat<char>-2016-10-02
141901Security: mesa stack scribbling thingamadoo$31332016-10-02
141889Security: Cookie theft from Chrome by malicious Android app$5002016-10-02
91972Regression(85705): Use after free on m_originatingLine in floats-2016-10-02
91940Security: Romanian colloquialism meaning penis when viewing YouTube channels-2016-10-02
91939Security: Romanian colloquialism meaning penis when viewing YouTube channels-2016-10-02
91921Use after free in RenderRubyBase-2016-10-02
91911Freed m_renderer used in InlineBox::deleteLine-2016-10-02
91973Regression(90971): Use after free in Textarea placeholder-2016-10-02
91665Crash on bad rip when opening a PDF$10002016-10-02
91801Use after free of RootInlineBox-2016-10-02
91577file:// URL access is defaulting to opt-in-2016-10-02
91554Possible use-after-free in AddToConsole-2016-10-02
91633Security: When upgrade to 13.0.782.107, chrome will run js and load image which had be disabled in chrome-2016-10-02
91502Security: Malware Page forbids user from closing a tab.(window.onunload hijack)-2016-10-02
91362Regression(91331): Bad cast due to html renderer created for svg glyphref-2016-10-02
91312Security: Native Client app can crash trusted code.-2016-10-02
91218XSS in chrome://appcache-internals-2016-10-02
91517Security: V8 asserts (crashes) when entering simple JS snippit-2016-10-02
91321Regression(91788): Bad cast in WebCore::blockWithNextLineBox-2016-10-02
91020Use after free in MediaTest.FLAKY_VideoBearWebm on Mac OS-2016-10-02
91099OOB read in RenderScrollbarPart::computeScrollbarWidth-2016-10-02
91120[LangFuzz] Crash at Runtime_QuoteJSONString with invalid write$5002016-10-02
91082Security: Major Privacy Loop Hole !-2016-10-02
91079where to submit Google account bug-2016-10-02
91093Bad cast in paintMediaPlayButton-2016-10-02
91016Security: Canvas toDataURL security error: It is taking page information and not the canvas when making the image$5002016-10-02
91013[LangFuzz] Crash at RootMarkingVisitor::VisitPointers (32 bit)$10002016-10-02
91010[LangFuzz] Crash at JSObject::SetDictionaryElement with invalid read (32 bit)$10002016-10-02
91197Use after free or bad cast with empty .swf file-2016-10-02
91092Use after free in SVGUseElement::buildShadowTree-2016-10-02
90978read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData (WEBKIT 65352)-2016-10-02
90668Use after free in WebCore::findPlainText$10002016-10-02
90498Security: automatically downloading of .crdownload-files-2016-10-02
91008[LangFuzz] Crash at JSObject::PrepareElementsForSort with invalid read$10002016-10-02
90357OOB read in WebCore::previousBoundary-2016-10-02
90217Prevent silent truncation of trailing characters in downloaded file names-2016-10-02
90173OOB read in media::ScaleYUVToRGB32 due to failure to account for zero source width and accessing negative indices-2016-10-02
90134OOB read in harfbuzz with khmer character-2016-10-02
90105Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak-2016-10-02
89991Regression(82144): OOB InlineIterator read in TrailingObjects::updateMidpointsForTrailingBoxes$5002016-10-02
90175Security: remove any site from Google Index-2016-10-02
89795Browser crash in net::WebSocketJob::SendPending-2016-10-02
89580Use after free due to continuation splitting issues in -webkit-column-span-2016-10-02
89599Freed SVGTRefElement used in SVGStyledElement::buildPendingResourcesIfNeeded-2016-10-02
89836Tracking bug for ANGLE memory corruption on Windows$13372016-10-02
89575Use after free of markers in CompositeEditCommand::replaceTextInNodePreservingMarkers-2016-10-02
89564Possible URL Bar Spoofing when history.forward() is ignored using forward button$5002016-10-02
89678Use after free in ReplacementFragment::removeUnrenderedNodes-2016-10-02
89552Use after free in CSSStyleSheet::checkLoaded-2016-10-02
89522SVG animation API crashes on SVGAnimateTransform-2016-10-02
89511Use after free in IDBRequest::abort-2016-10-02
89493Use after free in SVG foreignobject rendering.-2016-10-02
89422Two use after frees in NPObjectStub-2016-10-02
89558Use after free in SVGUseElement::buildShadowTree$5002016-10-02
89402Memory corruption (double free) caused by malformed XPath expression in XSLT$10002016-10-02
89330DocumentLoader use after free in KURL::strippedForUseAsReferrer$10002016-10-02
89219Use after free due to document destruction within unload event$10002016-10-02
89142PDF viewer crash$5002016-10-02
89020Security: ftp-2016-10-02
88976possible use after free WebCore::FontCache::getFontDataForCharacters-2016-10-02
88949Security: Location Bar Spoofing using very long string on a web address in the location bar-2016-10-02
88944Use-after free in leveldb$31332016-10-02
88932Security: Exploit in google+-2016-10-02
152691chrome!std::_Tree<std::_Tmap_traits<tracked_objects::Location,tracked_objects::Births *,std::less<tracked_objects::Location>,std::allocator<std::pair<tracked_objects::Location const ,tracked_objects::Births *> >,0> >::find+15 - crash$20002016-10-02
152585Heap-use-after-free in WebCore::ContainerNode::removeAllChildren-2016-10-02
152420Heap-use-after-free in content::P2PSocketClient::OnDataReceived-2016-10-02
152354Mask RenderArena freelist entries.-2016-10-02
152569Chrome_Mac: Crash Report - Stack Signature: CompositorOutputSurface::OnMessageReceived-...$5002016-10-02
152442Heap-use-after-free in icu_46::RuleBasedCollator::RuleBasedCollator-2016-10-02
151895Defense to throw "unauthorized" infobar for excessively crashing plug-in does not work for Pepper Flash!-2016-10-02
151888Crash in v8::internal::SlotsBuffer::UpdateSlotsRecordedIn-2016-10-02
151854Heap-use-after-free in WebCore::CachedResource::addClientToSet-2016-10-02
151795Security: remove chrome.experimental.offscreenTabs API-2016-10-02
152104out of bounds array access in WTF::TypedArrayBase<unsigned char>::item(unsigned int) / WebCore::FEMorphology::platformApplyGeneric-2016-10-02
151992Heap-use-after-free in VideoCaptureImpl::RemoveClient-2016-10-02
151860Heap-use-after-free in WebCore::DateTimeFieldElement::didBlur$10002016-10-02
151008Heap-use-after-free in WebCore::CanvasRenderingContext2D::setFont$10002016-10-02
151424Chrome: Crash Report - Stack Signature: WebCore::CachedImage::likelyToBeUsedSoon()-...-2016-10-02
151449Heap-buffer-overflow in cc::CCKeyframedTransformAnimationCurve::getValue-2016-10-02
150966Heap-use-after-free in WebCore::Node::~Node-2016-10-02
151049Heap-use-after-free in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers-2016-10-02
150571Global-buffer-overflow in v128_copy_octet_string-2016-10-02
150067Heap-buffer-overflow in WebCore::InlineFlowBox::placeBoxesInInlineDirection-2016-10-02
149999Heap-use-after-free in WebCore::WebKitCSSSVGDocumentValue::load-2016-10-02
150842Heap-use-after-free in content::P2PSocketClient::DeliverOnSocketCreated-2016-10-02
150545UNKNOWN in v8::internal::RootMarkingVisitor::MarkObjectByPointer-2016-10-02
150650MSI installer ships an out-of-date GoogleUpdate.exe with no ASLR or DEP (and may not be updating)-2016-10-02
150729UNKNOWN in v8::internal::Invoke$15002016-10-02
150737IndexedDB causes V8 heap corruption$10002016-10-02
149717Security: integer overflow in webgl on osx$10002016-10-02
149877Security: Omnibox drop target enables navigation to restricted URLs-2016-10-02
149904Security: webgl - after running out of memory, buffer can still be written$10002016-10-02
149840Heap-use-after-free in WebCore::StyleRuleImport::setCSSStyleSheet-2016-10-02
149871Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing-2016-10-02
148612Heap-use-after-free in WebCore::pushFullyClippedState-2016-10-02
148896UNKNOWN in v8::internal::ElementsAccessorBase<v8::internal::ExternalUnsignedByteElementsAccessor, v8::internal:-2016-10-02
148378[LangFuzz] Crash due to invalid free in v8::internal::Runtime_RegExpExecMultiple$10002016-10-02
148692Heap-buffer-overflow in ucstrTextExtract$5002016-10-02
148638Heap-buffer-overflow in SkAAClipBlitter::blitAntiH$5002016-10-02
148567Touch events allow cross-origin access$5002016-10-02
147625Security: UXSS/SOP bypass with document.write (Chrome on iOS)$5002016-10-02
147499Heap-use-after-free in media::AudioOutputDevice::AudioThreadCallback::Process$31332016-10-02
147475UNKNOWN in v8::internal::Deoptimizer::DoComputeOutputFrames-2016-10-02
147459Heap-use-after-free in WebCore::ImageLoader::updateRenderer-2016-10-02
148376[LangFuzz] Crash at v8::internal::MarkCompactCollector::EvacuateNewSpace with invalid read$10002016-10-02
147700Heap-use-after-free in WebCore::Document::fullScreenChangeDelayTimerFired-2016-10-02
147592Chrome_ChromeOS: Crash Report - Stack Signature: WebKit::WebWorkerClientImpl::openFileSystem...-2016-10-02
146882Heap-use-after-free in WebCore::InlineBox::adjustPosition-2016-10-02
146760Security: URL bar spoofing with SSL error messages (Chrome on iOS)$5002016-10-02
146725AddressSanitizer reports a use-after-free in WebKit::DateTimeChooserImpl::didClosePopup-2016-10-02
147435Heap-use-after-free in WebCore::InlineBox::root-2016-10-02
147436UNKNOWN in sk_memset32_SSE2-2016-10-02
147290Heap-use-after-free in WebCore::DateTimeEditElement::setEmptyValue$10002016-10-02
146492Check behavior of "," in "content_security_policy" manifest attribute.-2016-10-02
88850Use after free with fuzzed ogv file$10002016-10-02
88846Use-after-free in FrameLoader with no form post method$10002016-10-02
88889Stale pointer due to floats not removed (flexible box display)$10002016-10-02
88858[LangFuzz] Crash at JSObject::LocalLookupRealNamedProperty with invalid read on gc$10002016-10-02
88757AudioContext GainNode memory corruption-2016-10-02
88730Use after free in SVGUseElement::invalidateShadowTree / SVGElementInstance::invalidateAllInstancesOfElement-2016-10-02
88723REGRESSION (r85964): Use after free in WebCore::RenderObject::localToAbsolute-2016-10-02
88684Stale m_owner in RenderScrollbar (m_owner is deleted body element)-2016-10-02
88670ZDI-CAN-1283: Webkit fontface Invalid Font Family Remote Code Execution Vulnerability-2016-10-02
88649HRTFDatabaseLoader memory corruption-2016-10-02
88647webkitAudioContext can be called as a function instead of a constructor.-2016-10-02
88827OOB read due to Integer overflow in SkDashPathEffect constructor (len and phase)-2016-10-02
88729Security: PPB_Graphics2D_Create will lead to integer overflow in shm alloc-2016-10-02
88436Ogg memory corruption-2016-10-02
88337The beforeload event allows tracking URI changes in a frame$5002016-10-02
88131Aw, Snap! with context.createBuffer(request.response, false) on certain files-2016-10-02
88093Security: out-of-bounds read in v8 with defineProperty and arguments$10002016-10-02
88591[LangFuzz] CHECK(!value->IsTheHole()) failed // Crash with invalid read in shell$10002016-10-02
88531Use-after-free in SafeBrowsingResourceHandler::OnBrowseUrlCheckResult-2016-10-02
88216Regression: Use-after-free in CounterNode::insertAfter$10002016-10-02
87861Security: OOB read in svg text run-2016-10-02
87815chrome-devtools:// can be navigated from http-2016-10-02
87746Security: Chrome content script listener-2016-10-02
87925Use after free in range extract contents$10002016-10-02
87965webkitAudioContext multiple issues-2016-10-02
87862Security: Use after free in svg text-2016-10-02
87701Stale pointer in WebCore::PlatformContextSkia::save-2016-10-02
87548use after free in skia blitter-2016-10-02
87520Security: Webpage can gain access to extension content-script variables when content-script triggers events-2016-10-02
87478[LangFuzz] Crash on heap with invalid read$10002016-10-02
87339XSS injection via prototype chain$5002016-10-02
87298OOB read due to iterating over wrong textbox in TextIterator::emitText (first-letter + RTL)$5002016-10-02
87729Use after free in third_party/WebKit/LayoutTests/fast/dom/HTMLLinkElement/link-and-subresource-test.html$10002016-10-02
87728Regression(89733): Use after free in fast/forms/text-control-intrinsic-widths.html$10002016-10-02
87120Use after free on 2-Step-Authentication-method-change$5002016-10-02
87148use after free due to floats not removed$10002016-10-02
86758URL Bar Spoofing using History.back() and History.forward$5002016-10-02
86705Use after free in Geolocation::fatalErrorOccurred-2016-10-02
87227Use after free due to refcounting issue in MediaQueryMatcher::prepareEvaluator$10002016-10-02
86900Heap memory corruption in web database support (SQLite/ICU)$10002016-10-02
86502Use after free due to floats not cleared from parent's next siblings blocks (on losing ability to intrude floats)$10002016-10-02
86191Security: web-exposed manifest from Chrome extensions diverges from the real manifest in regards to NPAPI-2016-10-02
86304Google Chrome Acess Violation in Frame manipulation-2016-10-02
86609OOB read in fontfallbacklist due to issue in CSSPrimitiveValues clamping-2016-10-02
86178URL bar introduces NUMEROUS vulnerabilities.-2016-10-02
86648Use after free in formassociatedelement not removed from m_formElementsWithFormAttribute-2016-10-02
86367Use after free of frame in Document::finishedParsing-2016-10-02
85992Renderers can have registry handle which would allow a Windows sandbox escape-2016-10-02
85943Use after free in Stylesheet due to issue in CLONE nodes-2016-10-02
85808chrome_1c30000!webkit::ppapi::PPB_Widget_Impl::Invalidate crash$5002016-10-02
85559Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.-2016-10-02
86133Add GRP to dangerous file list-2016-10-02
86108Security: FileSystem API can be used to learn about installed software on the user's computer-2016-10-02
85418Use-after-free in WebCore::RenderTextControl::isSelectableElement$10002016-10-02
85309Crash when closing a child window that uses a canvas-2016-10-02
85302Crasher in WebCore::StyleBase::stylesheet-2016-10-02
85256OOB read in UniscribleController::advance-2016-10-02
85211Use after free in SVGUseElement::buildShadowTree$10002016-10-02
85177Renderer crash with javascript + setInterval$5002016-10-02
85158Content script can gain access to the "window" object of the page using custom events-2016-10-02
85350Browser Crash in ~TabContents caused by PrerenderManager::PeriodicCleanup-2016-10-02
156906Heap-use-after-free in WebCore::XMLDocumentParser::doEnd-2016-10-02
156826UNKNOWN in S32A_Blend_BlitRow32_SSE2-2016-10-02
156828UNKNOWN in WebCore::Font::drawGlyphs-2016-10-02
156669Origin.com somehow manages to open its result page in the previous tab (which was gmail)-2016-10-02
156619Heap-use-after-free in WebCore::ApplyStyleCommand::cleanupUnstyledAppleStyleSpans-2016-10-02
156431Security: Use after free in IDBDatabaseCallbacksImpl::onVersionChange-2016-10-02
156418Heap-use-after-free in SpellCheckHostImpl::SaveDictionaryData-2016-10-02
156689Heap-buffer-overflow in WTF::StringImpl::findIgnoringCase-2016-10-02
156567Security: use-after-free in WebCore::GraphicsContext::paintingDisabled$10002016-10-02
156282Heap-use-after-free in WebCore::StyleResolver::pseudoStyleRulesForElement-2016-10-02
156383Security: chrome_to_device makes use of HTTP for cloudprint-2016-10-02
156096Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak-2016-10-02
156231UNKNOWN in _wordcopy_fwd_aligned$10002016-10-02
156366Heap-use-after-free in PluginPlaceholder::ReplacePlugin-2016-10-02
156152Issues with HSTS / public key pins state tracking-2016-10-02
155977Security: remove uses of innerHTML in commented code for Getting Started Guide.-2016-10-02
155860WebCore::SharedBuffer::append(data, 0) can cause unitialized memory to be added to the SharedBuffer-2016-10-02
155711Security: forced oom in browser process due to indefinitely growing buffer in chunked decoder-2016-10-02
155643Heap-use-after-free in content::RenderWidgetHostImpl::OnMsgInputEventAck-2016-10-02
156015Heap-use-after-free in WebCore::FontPlatformData::uniqueID-2016-10-02
156051Heap use-after-free in ExtensionFunctionDispatcher::Dispatch caught by ASan when using "Screen Capture by Google"-2016-10-02
155877Chrome: RenderViewImpl::OnContextMenuClosed(content::CustomContextMenuContext const &)-2016-10-02
155293Heap-use-after-free in WebCore::ContextMenu::appendItem-2016-10-02
155285Heap-use-after-free in WebCore::Node::setNeedsStyleRecalc-2016-10-02
155117Security: GetReadonlyPnaclFD IPC security issues-2016-10-02
154987Pwnium SVG use after free-2016-10-02
154983Security: Pwnium 2 TCMalloc profile bug$600002016-10-02
155421Security: javascript scheme links auto-generated in devtools console-2016-10-02
154617Heap-use-after-free in WebCore::Node::~Node-2016-10-02
155323Out of bounds array access in GPU process-2016-10-02
154926Heap-use-after-free in WebIntentPickerGtk::OnDestroyThunk-2016-10-02
154488Heap-use-after-free in WebCore::FrameLoader::stopLoading-2016-10-02
154465Bad cast in webkit_glue::GetSubResourceLinkFromElement-2016-10-02
154460Heap-use-after-free in WebCore::ScrollableArea::scroll-2016-10-02
154448Heap-use-after-free in TransportDIB::DecreaseInFlightCounter-2016-10-02
154362Heap-buffer-overflow in WebCore::HTMLSelectElement::typeAheadFind-2016-10-02
154590Stack-buffer-overflow in SkFontHost::GetAdvancedTypefaceMetrics-2016-10-02
154485Heap-buffer-overflow in std::vector<scoped_refptr<printing::PrintJob>, std::allocator<scoped_refptr<printing::PrintJob> > >:-2016-10-02
154158Security: ensure that a user has willing-fully logged-in to his Google account before triggering the one click Chrome login feature-2016-10-02
154055Heap-use-after-free in WebCore::RenderLayerBacking::paintIntoLayer$10002016-10-02
153793Heap-use-after-free in WebCore::EventHandler::mouseMoved-2016-10-02
153666Security: Bypass for consumable user gesture on pop-up-2016-10-02
153592Heap-use-after-free in WebCore::RenderObject::isDescendantOf-2016-10-02
154284Heap-use-after-free in WebCore::SVGTextRunRenderingContext::glyphDataForCharacter-2016-10-02
154283Heap-buffer-overflow in _HB_GDEF_Check_Property-2016-10-02
153469Security: Nvidia - Kernel Panic - [@ gpu::gles2::GLES2DecoderImpl::ResizeOffscreenFrameBuffer]-2016-10-02
153239Heap-use-after-free in WebCore::GCEpilogueVisitor<void, WebCore::SpecialCaseEpilogueObjectHandler, &WebCore::DOMDataStore::-2016-10-02
153228Heap-use-after-free in WebCore::SVGImage::drawSVGToImageBuffer-2016-10-02
153211Heap-use-after-free in webrtc::ThreadPosix::Run-2016-10-02
153566Heap-use-after-free in WebCore::FontCache::purgeInactiveFontData-2016-10-02
153128Buffer overrun in Harfbuff-2016-10-02
153184Heap-use-after-free in WebCore::computeNonFastScrollableRegion-2016-10-02
153048Invalid pointer read in std::basic_string-2016-10-02
152916Security: browser process jump to bad address on osx with getUserMedia() and crazyness-2016-10-02
152707Invalid pointer write in GrGpu::clear$10002016-10-02
152921Browser crash, navigator.geolocation.watchPosition issue-2016-10-02
85102Use after free in WebCore::ContainerNode::parserAddChild$5002016-10-02
85041Memory Corruption in video decoding-2016-10-02
84946Merge http://trac.webkit.org/changeset/87959 and http://trac.webkit.org/changeset/87756 for documentloader use after frees-2016-10-02
85003Parsing issue with -webkit-calc$10002016-10-02
84950Merge http://trac.webkit.org/changeset/87856-2016-10-02
84885ASSERT obj->parentObject() == this in accessibility tree-2016-10-02
84919Memory corruption in browser process with interstitial that goes back-2016-10-02
84805Flash/GPU memory corruption in critical section.$5002016-10-02
84797Click Reload this page button after Conway's Game of Life starts causes Aw Snap error-2016-10-02
84763POssible mac use after free in drag & drop code-2016-10-02
84933Browser crash with IndexedDB and very long database names-2016-10-02
84819Bad cast in cloning elements with shadow DOM-2016-10-02
84597use-after-free in WebCore::LevelDBTransaction::commit-2016-10-02
84584Invalid memory access caused by ThumbnailGenerator-2016-10-02
84452Bad cast in HTMLMediaElement::mediaControls$10002016-10-02
84418Shockwave crashed-2016-10-02
84402Extensions permission elevevation using javascript: in homepage_url-2016-10-02
84355use-after-free in svg fontfacelement$10002016-10-02
84600Security: Web page can initiate speech recognition without user knowing about it-2016-10-02
84234[LangFuzz] Crash @ MarkCompactCollector::SweepSpaces() or SeqTwoByteString::SeqTwoByteStringReadBlockIntoBuffer() (64 bit)$10002016-10-02
84160Use after free in accessibility notifications.-2016-10-02
84016Use after free in BrowserAccessibility::DetachTree-2016-10-02
84002OOB read in ComplexTextController constructor (ComplexTextControllerLinux.cpp) + OOB read in WidthIterator-2016-10-02
83917OOB Write in Skia Shader Blitter-2016-10-02
83903Vai-2016-10-02
83848Use after free in LayerChromium::~LayerChromium-2016-10-02
83841User information leakage esp local paths, username in webgl getProgramInfoLog-2016-10-02
84333use after free in WebCore::ContainerNode::firstChild / WebCore::XMLDocumentParser::insertErrorMessageBlock-2016-10-02
83672Stale layout root set as input element when child of a keygen with autofocus-2016-10-02
83598OOB read in WebCore::parseColorIntOrPercentage-2016-10-02
83275UXSS with window.execScript$31332016-10-02
83273Browser prompt when installing unpacked npapi extensions-2016-10-02
83270oob read in WebCore::ImageBufferData::getData-2016-10-02
83743Universal XSS using contentWindow.eval$10002016-10-02
83235Bad cast in RenderBlock::createLineBoxes due to double attach in htmlformelement-2016-10-02
83012Use after free in XMLDocumentParser-2016-10-02
83010An extension can access and modify all chrome:// pages, options, etc.$10002016-10-02
82903OOB write in BlobURLRequestJob::HeadersCompleted-2016-10-02
82873Memory corruption in GPU command buffer-2016-10-02
83031Chrome spoof on 302 redirect-2016-10-02
82841Browser crash @ closing chrome://settings/syncSetup-2016-10-02
82817buffer overflow marshalling data from sandbox-2016-10-02
82653Use after free due to incorrectly setting document.body to non body elements, elements from other docs.-2016-10-02
82633Bad cast in CSSParser::createFontFaceRule-2016-10-02
82597document.execCommand('copy') return always false-2016-10-02
82552REGRESSION (83075): Use after free in line box culling optimization-2016-10-02
82546Stale pointer in WebCore::RenderBlock::marginBeforeForChild$10002016-10-02
82516write-after-free in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h:58-2016-10-02
82438OOB read in media::FFmpegVideoDecodeEngine::Initialize-2016-10-02
82416IndexedDB crash on index.getKey-2016-10-02
82309CRASH @ DownloadItem::UpdateObservers()-2016-10-02
82184Renderer crash @ GrTHashTable<GrGpuGLShaders::ProgramCache::Entry,GrBinHashKey<GrGpuGLShaders::ProgramCache::Entry,32>,8>::remove(GrBinHashKey<GrGpuGLShaders::ProgramCache::Entry,32> const &,GrGpuGLShaders::ProgramCache::Entry const *)-2016-10-02
82161Google Chrome (Pwned)-2016-10-02
82154out-of-bound access in third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp-2016-10-02
82152Need to merge WebKit 64-bit issue http://trac.webkit.org/changeset/86106-2016-10-02
82096Merge http://trac.webkit.org/changeset/85693-2016-10-02
82444Local file disclosure when pasting stuff from Excel, etc.-2016-10-02
82018TEST TEST IGNORE-2016-10-02
81949use-after-free in imageloader with fallbackcontent$10002016-10-02
82083Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass-2016-10-02
161077Invalid pointer write in GrRenderTarget::onRelease$10002016-10-02
161089Indexeddb createIndex() crashes the page-2016-10-02
161015Heap-use-after-free in WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement-2016-10-02
161239Heap-use-after-free in WebCore::IDBTransactionBackendImpl::taskTimerFired-2016-10-02
160926Security:Check for integer wrap in PPB_ImageData_Impl::Init() is insufficient-2016-10-02
160480Security: Integer overflow in opus_packet_parse_impl-2016-10-02
160450Heap-buffer-overflow in WebCore::InlineFlowBox::placeBoxRangeInInlineDirection-2016-10-02
160380Heap-use-after-free in WebKit::ChromePrintContext::spoolPage-2016-10-02
160760Security: NaCl sandbox escape; missing register check across a superinstruction-2016-10-02
160803Security: ugly crash with history.replaceState() while the window displays HTTPS interstitial-2016-10-02
160456Security: Restrict chromoting viewer plugin to chromoting extension-2016-10-02
160010[LangFuzz] Crash at v8::internal::BasicJsonStringifier::SerializeString$10002016-10-02
159829Heap-buffer-overflow in WebCore::HTMLInputElement::isImageButton-2016-10-02
159828Heap-use-after-free in WebCore::RenderLayer::hitTest-2016-10-02
159553Security: Integer overflow in remoting viewer AudioDecoderSpeex::Decode-2016-10-02
159429Security: Use after free on ~AssociatedURLLoader with pdf plugin$10002016-10-02
159338Heap-use-after-free in WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget$10002016-10-02
160068Merge http://trac.webkit.org/changeset/133840-2016-10-02
160038Security: Unquoted Path vulnerability in GoogleCrashHandler-2016-10-02
159165Heap-use-after-free in webkit::ppapi::PluginInstance::PrintBegin-2016-10-02
159229Security: Integer overflow in remoting viewer AudioDecoderOpus::Decode-2016-10-02
158992Heap-use-after-free in WebCore::RenderTextTrackCue::layout-2016-10-02
158898Heap-use-after-free in WebCore::RenderBlock::removeChild-2016-10-02
158897Heap-buffer-overflow in WebCore::RenderBlock::clone-2016-10-02
159219Heap-use-after-free in WebCore::EventHandler::handleMousePressEvent-2016-10-02
159098Heap-buffer-overflow in WebCore::TextTrackCueList::add-2016-10-02
158693Heap-use-after-free in WebCore::RenderLayerModelObject::hasSelfPaintingLayer-2016-10-02
158695Heap-use-after-free in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets-2016-10-02
158533Heap-use-after-free in WebCore::RenderLayer::paintLayerContents [MathML]-2016-10-02
158457Heap-use-after-free in non-virtual thunk to content::RenderViewImpl::createPopupMenu-2016-10-02
158249Security: Heap-buffer-underflow in xmlParseAttValueComplex-2016-10-02
158204Heap-use-after-free in WebCore::Frame::dispatchVisibilityStateChangeEvent$15002016-10-02
158199Heap-use-after-free in WebCore::StyleCachedImageSet::cssValue-2016-10-02
158707Heap-use-after-free in WebCore::RenderObject::isBody-2016-10-02
158547Heap-use-after-free in WebCore::HTMLInputElement::setValue for type=range, type=date, and type=time with datalist-2016-10-02
158060Heap-use-after-free in WebCore::CachedResource::checkNotify-2016-10-02
157951Heap-use-after-free in non-virtual thunk to WebKit::DateTimeChooserImpl::setValueAndClosePopup-2016-10-02
157875Heap-use-after-free in WebCore::OpenTypeVerticalData::substituteWithVerticalGlyphs-2016-10-02
157845Heap-use-after-free in skia::BGRAConvolve2D$5002016-10-02
157779Heap-use-after-free in WebKit::WebMediaStreamDescriptor::label-2016-10-02
157778Heap-use-after-free in WebCore::CSSStyleRule::style-2016-10-02
157585Heap-use-after-free in WebCore::BaseMultipleFieldsDateAndTimeInputType::~BaseMultipleFieldsDateAndTimeInputType-2016-10-02
158065Stack-buffer-overflow in WebCore::SVGMaskElement::~SVGMaskElement-2016-10-02
157463Heap-use-after-free in content::LocalVideoCapture::Stop-2016-10-02
157516Security: XSS auditor can sometimes be used to maliciously alter form action property.-2016-10-02
157363Heap-buffer-overflow in void std::__final_insertion_sort<WebCore::SMILTimeWithOrigin*>-2016-10-02
157289Invalid cast in WebCore::toInsertionPoint / WebCore::ContentDistributor::distribute-2016-10-02
157462Heap-use-after-free in webrtc::MediaStreamSignaling::UpdateRemoteStreams-2016-10-02
157079Security: Integer overflow in libwebp "ParseOptionalChunks" allows memory disclosure$35002016-10-02
157071Heap-use-after-free in non-virtual thunk to WebKit::DateTimeChooserImpl::setValueAndClosePopup-2016-10-02
157019UNKNOWN in v8::internal::Invoke-2016-10-02
157124UNKNOWN in v8::internal::ObjectHashTable::Put-2016-10-02
157053Heap-use-after-free in WebCore::Element::attributeChanged-2016-10-02
156977Heap-use-after-free in WebCore::RenderText::removeAndDestroyTextBoxes-2016-10-02
156980Security: workers can initialize the sandbox multithreaded-2016-10-02
157009Heap-use-after-free in WebCore::SubresourceLoader::willSendRequest-2016-10-02
81947Use after free in WebCore::requiresLineBox-2016-10-02
81753Valgrind reports issues in icu_46::RegexMatcher-2016-10-02
81916Stale observer in BrowsingDataRemover's observer_list_$5002016-10-02
81351CSSSelector double frees-2016-10-02
81348Use after free when removing elements with reflections-2016-10-02
81307Security: dropping file:/// URLs into gmail grants access to files-2016-10-02
81803out-of-bounds use in SkBitmapOperations::CreateMaskedBitmap-2016-10-02
81681Memory corruption in GraphicsContext::fillPath-2016-10-02
80680Security: .keystone_install_lock is insecurely handled in install.py-2016-10-02
80608Multiple integer overflows in SVG filter effects-2016-10-02
80401Url bar spoof using onbeforeunload when user cancels navigation-2016-10-02
80358WebCore::InspectorBackendDispatcher::Runtime_evaluate user after free-2016-10-02
81234Flash content vulnerability-2016-10-02
80255use after free in WebCore::RenderSVGInlineText::characterStartsNewTextChunk-2016-10-02
80222Herror of chrome-2016-10-02
80287Regression(81992): Stale node set as layout root-2016-10-02
80116Stale pointer in WebCore::Document::recalcStyleSelector-2016-10-02
79746Floats not cleared due to overflow (remaining usecase)$10002016-10-02
79726BrowserAccessibility browser process memory corruption-2016-10-02
79668invalid read w/new skia update-2016-10-02
79661Sandbox is broken (low integrity level)-2016-10-02
79595Bad cast due to childrenInline assumption in RenderSVGText-2016-10-02
79566Bypass extensions permission$5002016-10-02
79862Bypass extensions permission app launch web_url should not allow javascript: chrome:-2016-10-02
79452H-2016-10-02
79426HTTP Basic Auth Realm Spoof-2016-10-02
79371Use after free in ImplicitAnimation::~ImplicitAnimation-2016-10-02
79362Reproducible PDF crash (siryo3.pdf)-2016-10-02
79266Bypass unsafe file types dialog-2016-10-02
79075Stale node set as layout root, due to one caption not laid out in table with two captions-2016-10-02
79055Freed m_viewportRenderer in FrameView::updateOverflowStatus-2016-10-02
79025Use after free when inline runin precedes details tag-2016-10-02
78948Integer underflow in HTMLFormElement::m_associatedElementsAfterIndex-2016-10-02
78861Memory corruption in RenderViewHost related to observers code-2016-10-02
78842proslor.co.be-2016-10-02
78841invalid access with bad html$10002016-10-02
78798Security: XSS in dev tools HTML inspector-2016-10-02
78639Memory corruption leading to OOB read symptom in PDF initialization$10002016-10-02
78576compareDocumentPosition memory corruption-2016-10-02
78575Bad cast in reverseInlineBoxRangeAndValueListsIfNeeded-2016-10-02
78572CounterNode memory corruption-2016-10-02
78558chrome bug-2016-10-02
78524ANGLE buffer overflow$10002016-10-02
78516Looks like a stale frame in UserScriptSlave::InjectScripts-2016-10-02
78427url spoof through bookmark bar click-2016-10-02
78401Stale node being set as layout root-2016-10-02
78327Integer overflow in FilterEffect::copyImageBytes-2016-10-02
78296False warning of Google Chrome / Fake Antimalware Tool-2016-10-02
78270[LangFuzz] V8: Crash in HeapObject::map_word on GC$10002016-10-02
78559chrome bug-2016-10-02
78106ZDI-CAN-1108: WebKit ContentEditable Inline Style Remote Code Execution-2016-10-02
78071css parsing issue in calc$10002016-10-02
78038ThreadSanitizer reports a potential use after free in net::X509Certificate::Verify-2016-10-02
78031Url bar spoof$10002016-10-02
78145Invalid write in SVGTextLayoutEngine-2016-10-02
78053Stale m_fontList in svgFontAndFontFaceElementForFontData-2016-10-02
165747IPC: renderer out-of-bounds crash creating 3D context from malformed PPAPI message-2016-10-02
165836Information leak when sending messages cross process that use WriteData() on structures/objects which contain padding bytes.-2016-10-02
165549Security: Sandbox isolation not working-2016-10-02
165602Heap-use-after-free in WebCore::CSSStyleRule::style-2016-10-02
165804Security: SnapshotProvider exposed to other applications on the device-2016-10-02
165601Heap-use-after-free in matroska_parse_block-2016-10-02
165456Heap-use-after-free in WebCore::Element::hasPendingResources-2016-10-02
165430Heap-buffer-overflow in media::AudioRendererAlgorithm::OutputFasterPlayback-2016-10-02
165102Security: devtool xss-2016-10-02
165091Bypassing Chrome's XSS filter, XSSAuditor-2016-10-02
165537PDF: off-by-one read when scanning for startxref-2016-10-02
165538PDF: integer overflows in JS array handling-2016-10-02
165432Use after free in SVG path$5002016-10-02
164958IPC: PPAPI messages have problems with use of signed integers for lengths-2016-10-02
165015Heap-use-after-free in WebCore::Element::normalizeAttributes$10002016-10-02
164701PDF: regressions due to merge losing previous security fixes-2016-10-02
164697PDF: regressions in JBIG2 codec-2016-10-02
164682Input validation error in BrowserPluginEmbedderHelper::OnHandleInputEvent() leads to bad cast-2016-10-02
164643Security: ASan reports a use-after-free while using SecureShell-2016-10-02
165009Heap-use-after-free in WebCore::SVGSMILElement::disconnectConditions-2016-10-02
164946IPC: GPU messages have integer truncation (bad use of size_t) and integer sign extension (bad use of signed type) issues-2016-10-02
164582Heap-buffer-overflow in SkRectClipBlitter::blitAntiH-2016-10-02
164581Heap-use-after-free in WebCore::TextTrackCue::isActive-2016-10-02
164565Security: V8 bug may give out-of-bounds access to the stack-2016-10-02
164490IPC: integer overflow in Windows' SharedMemory::Create-2016-10-02
164454switch off mathml for m24-2016-10-02
164263Heap-use-after-free in WebCore::FrameSelection::directionOfSelection-2016-10-02
164584Translate should load resources over HTTPS even if the original page is loaded via HTTP.-2016-10-02
163593Heap-use-after-free in WebCore::RenderBlock::finishDelayUpdateScrollInfo [MathML]-2016-10-02
163588IPC::Channel::ChannelImpl::ProcessOutgoingMessages - crash-2016-10-02
163291Heap-buffer-overflow in WebCore::RenderGrid::layoutGridItems-2016-10-02
163238Security: XSS in bug tracker? <script>alert(0)</script> again?-2016-10-02
163218Heap-use-after-free in webkit_glue::WebURLLoaderImpl::Context::OnReceivedResponse-2016-10-02
163994Heap-use-after-free in WebCore::CachedResource::checkNotify-2016-10-02
163203IndexedDB: Assert hit in IDBObjectStoreBackendImpl::setIndexesReady-2016-10-02
162896Out of bounds read in WTF::String::String / WebCore::WebVTTParser::constructTreeFromToken-2016-10-02
163208Security: Workers don't initialize a sandbox on Mac-2016-10-02
162835Heap-use-after-free in WebCore::MediaPlayer::sourceSetTimestampOffset [exploitable]$73312016-10-02
162778PDF: use-after-frees in field name tree again-2016-10-02
162776PDF: out-of-bounds reads with crazy bits per component / num components values-2016-10-02
163110Heap-use-after-free in WebCore::ApplyStyleCommand::pushDownInlineStyleAroundNode-2016-10-02
162620Heap-use-after-free in WebCore::RenderSVGResourcePattern::applyResource-2016-10-02
162551Access violation write in _VEC_memcpy$10002016-10-02
162489Security: Small info leak in the SUID sandbox helper?-2016-10-02
162156PDF: more out-of-bounds reads with mismatched colorspaces-2016-10-02
162622Heap-use-after-free in WebCore::RenderBlock::willBeDestroyed-2016-10-02
162494Heap-use-after-free in WebCore::PopStateEvent::~PopStateEvent$10002016-10-02
162114Security: Renderer sandbox bypass by crafting LevelDB database in "profile/File System/"-2016-10-02
162115Heap-buffer-overflow in SkA8_Blitter::blitH-2016-10-02
162032Heap-use-after-free in udat_close_46-2016-10-02
161836Security: Possible directory traversal vulnerability in ExtensionResource::GetFilePath().-2016-10-02
161690Heap-use-after-free in WebCore::RenderSVGResourceContainer::markClientForInvalidation-2016-10-02
161662Heap-use-after-free in media::BlockingUrlProtocol::SignalReadCompleted-2016-10-02
162153PDF: bad cast if root page is not a dictionary object-2016-10-02
162066LOGFONT IPC deserializer doesn't require NULL terminated lfFaceName-2016-10-02
161564Security: Renderer sandbox bypass on ChildProcessSecurityPolicyImpl::SecurityState::HasPermissionsForFile()-2016-10-02
161484UNKNOWN in WebCore::RenderObject::propagateStyleToAnonymousChildren-2016-10-02
161478Heap-buffer-overflow in WebCore::Biquad::process-2016-10-02
161458Heap-buffer-overflow in apply_kernel_interp-2016-10-02
161420Heap-buffer-overflow in WTF::StringImpl::create-2016-10-02
161639Security: ffmpeg oob write4 (222)$20002016-10-02
161340Security: GPU sandbox is always disabled because of watchdog thread on Linux-2016-10-02
161240Heap-use-after-free in WebCore::AccessibilityRenderObject::remoteSVGRootElement-2016-10-02
77633write-after-free in v8::internal::RegExpMacroAssemblerX64::~RegExpMacroAssemblerX64-2016-10-02
77917Looks like a bad cast in RenderInputSpeech::paintInputFieldSpeechButton-2016-10-02
77786URL Bar Spoofing using redirection and location.reload();$5002016-10-02
7776512 bad cast in editing code relating to htmlelement conversions, isprimitivevalue problems.-2016-10-02
77703Use-after-free in WebCore::isDeletableElement-2016-10-02
77700Captured an attack used against Chrome on many google image links, uses chromes own error template against itself-2016-10-02
77690Use after free in WebCore::ContainerNode::insertedIntoDocument / WebCore::SVGElement::insertedIntoDocument-2016-10-02
77940ZDI-CAN-1021: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability-2016-10-02
77812Security: Chrome Security Pop-up-2016-10-02
77669Bad cast in WebCore::BreakBlockquoteCommand::doApply-2016-10-02
77507URL Bar Spoof$10002016-10-02
77493OOB read with Flash$10002016-10-02
77349When object destroyed, its select file dialog is not informed to cleared its listener which can call back that destroyed object-2016-10-02
77346Use After Free in Websockets - possible remote code execution within sandbox$10002016-10-02
77181OOB function pointer array call FEComponentTransfer::apply-2016-10-02
77130stale entries in gPercentHeightDescendantsMap$10002016-10-02
77053Bad cast in HTMLTreeBuilder with closed </form> tags-2016-10-02
77038repair-2016-10-02
77026Bypass extension manifest permission$13372016-10-02
76966RIP goes to zero with select tag, and form validation message with position:relative$10002016-10-02
76955Renderer crash when visiting http://runescape.wikia.com/wiki/Special:Search-2016-10-02
76784Bad cast to RenderBlock in accessibility assuming that anonymous blocks are renderblocks.-2016-10-02
76771use after free in WebCore::ScriptWrappable::wrapper-2016-10-02
76666URL bar spoof$10002016-10-02
76646OOB read in FEDisplacementMap::apply-2016-10-02
76589Crash@ anonymous namespace'::PureCall() when navigate to previous page while speech input API fetching result text-2016-10-02
76542Linux setuid sandbox allows local privilege escalation$5002016-10-02
76474crash in WebKit::WebPluginContainerImpl::handleEvent()-2016-10-02
76202DownloadThrottlingResourceHandler::OnResponseCompleted NOTREACHED()-2016-10-02
76198Bad cast in HTMLTreeBuilder::processStartTag-2016-10-02
76528use after free in AnimationBase::next / AnimationControllerPrivate::styleAvailable-2016-10-02
76194bad cast in WebCore::toRenderBoxModelObject / WebCore::RenderMathMLRoot::layout-2016-10-02
76059WebCore::LayerTilerChromium::invalidateRect() - crash$10002016-10-02
76031Crash when visiting http://kikafriends.forumcommunity.net/-2016-10-02
76029Crash in webcore::rendertable::cellafter when visiting http://broadband.biglobe.ne.jp/-2016-10-02
76027securiti-2016-10-02
76018Crash in network stack when running http/tests/loading/redirect-methods.html-2016-10-02
76195potential bad cast in WebCore::toRenderCombineText/WebCore::RenderBlock::computeInlinePreferredLogicalWidths-2016-10-02
76034Security:Instant hard-crash with JS code-2016-10-02
75821Should we reconsider the no-client-UI decision for the web store?-2016-10-02
75712Integer overflow in style elements$13372016-10-02
76001Stale pointer in WebCore::LayerRendererChromium::drawLayer$10002016-10-02
75835use of freed pointer in WebCore::RenderCounter::originalText()-2016-10-02
75696Security: pushState() should be available only for origin-bearing schemes-2016-10-02
75496chrome.dll!BrowserAccessibility..InternalReleaseReference ExecAV@NULL (cc7203fb809bd98728cf74b908e66edf)-2016-10-02
75629Use after free in gpu::gles2::ShaderTranslator-2016-10-02
75643CSS visited history disclosure-2016-10-02
75436Detach Geolocation from Frame when Page destroyed.-2016-10-02
75560Security: address bar updates not synchronized with document transitions-2016-10-02
75186(WebCore::RenderObjectChildList::destroyLeftoverChildren) Use-after-free with nesting ruby tag and css propierties$10002016-10-02
75210Harfbuzz segfault in GPOS_Do_Glyph_Lookup-2016-10-02
75021Use-after-free in InfoBar since ~r76800-2016-10-02
75311Bad cast in HTMLTreeBuilder::processStartTag-2016-10-02
75347Bad cast to RenderBlock with floating select element with required attribute$5002016-10-02
75155Integer overflow in WebCore::GraphicsContext::fillRect (Mac)-2016-10-02
75070Security: do not ignore type= on <object>-2016-10-02
75374REGRESSION (r80320): Bad cast assertion failure when processing mis-nested foreign content.-2016-10-02
74678v8 fuzzing - 1175 - use after free$10002016-10-02
74763Security: Domui process can be ptraced from a compromised renderer leading to sandbox escape-2016-10-02
74887memcpy from TexSubImage2D causes memory corruption-2016-10-02
74891chrome://appcache-internals/ xss-2016-10-02
74720Read uninitialized value from JavaScript.-2016-10-02
74677v8 fuzzing - 1160 - bad cast of object to string in array join-2016-10-02
169685Missing validation of webkit_base::DataElement across IPC-2016-10-02
169672Heap-buffer-overflow in WTF::AtomicString::add-2016-10-02
169632Security: extensions can silently gain file: host permissions via permissions API-2016-10-02
74675v8 fuzzing - 1146 - invalid memory access$10002016-10-02
74673v8 fuzzing - 1166 - exploitable write$10002016-10-02
74672v8 fuzzing - 1138 - use after free$10002016-10-02
74671v8 fuzzing - 1136 - corrupt JIT code$10002016-10-02
169247Attempting free in content::PeerConnectionTracker::UnregisterPeerConnection-2016-10-02
169156Security: Use after free in FlingAnimatorImplAndroid - writing value to this after this is deleted-2016-10-02
169054Security: memory corruption with webgl on linux intel driver$31332016-10-02
169295IPC: bad pointer used in browser if renderer sends mismatched vector lengths-2016-10-02
169398Heap-use-after-free in WebCore::RenderBlock::willBeDestroyed-2016-10-02
169401Security: JavaScript injection into arbitrary web pages via Intent with JavaScript URI$5002016-10-02
168968Heap-use-after-free in DownloadRequestInfoBarDelegate::~DownloadRequestInfoBarDelegate-2016-10-02
169006Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects-2016-10-02
168768Heap-use-after-free in WebKit::WebMediaPlayerClientImpl::AudioSourceProviderImpl::setClient$10002016-10-02
168710IPC: avoid operator-new based integer overflow in Flash menu deserialization-2016-10-02
168982Heap-use-after-free in WebCore::SVGAnimateMotionElement::updateAnimationPath-2016-10-02
168969Heap-use-after-free in WebCore::Element::hasPendingResources-2016-10-02
168780Heap-use-after-free in WebCore::RenderObject::willBeRemovedFromTree-2016-10-02
168473Heap-buffer-overflow in vorbis_floor0_decode-2016-10-02
168570Crashing in webkit_media::WebMediaPlayerMS::putCurrentFrame(WebKit::WebVideoFrame *)-2016-10-02
168489Heap-use-after-free in WebCore::AccessibilityNodeObject::document-2016-10-02
168442Security: Non-privileged extensions can monitor browsing activity via chrome.tabs.onUpdated events-2016-10-02
167840Linux sandbox bypass in file_util_posix.cc CopyDirectory()-2016-10-02
167788Security: heap-buffer-overflow on GetImageRepToPaint.-2016-10-02
167780Heap-use-after-free in bool WebCore::SelectorChecker::checkOneSelector<WebCore::DOMSiblingTraversalStrategy>-2016-10-02
167868Heap-use-after-free in WebCore::Document::updateHoverActiveState-2016-10-02
168050Attacker controlled size mismatch in WidgetDidReceivePaintAtSizeAck()-2016-10-02
167827Heap-use-after-free in WebCore::Element::cloneElementWithoutChildren-2016-10-02
167924Heap-use-after-free in WebCore::RenderLayerModelObject::hasSelfPaintingLayer-2016-10-02
167498Heap-use-after-free in WebCore::CSSStyleRule::style-2016-10-02
167443Heap-buffer-overflow in WebCore::FontCache::releaseFontData-2016-10-02
167412IPC: GPU message OnMsgAssignPictureBuffers incorrectly assumed same-sized vectors-2016-10-02
167728Heap-use-after-free in WebCore::SVGTransformListV8Internal::numberOfItemsAttrGetter-2016-10-02
167607Security: Failure to enforce key usage-2016-10-02
167572Heap-use-after-free in WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement-2016-10-02
167147Heap-use-after-free in WebCore::Document::implicitClose-2016-10-02
167122HyphenatorHostMsg_OpenDictionary IPC allows arbitrary file reads from a compromised renderer-2016-10-02
167110Heap-buffer-overflow in WebCore::HTMLTreeBuilder::resetInsertionModeAppropriately-2016-10-02
167069Heap-buffer-overflow in matroska_parse_block$5002016-10-02
166916Security: mixed content XHR doesn't trigger mixed content warnings-2016-10-02
166867Security: ReferencesParent bypass with a 0x00 byte-2016-10-02
166795Harden audio stream creation in the browser-2016-10-02
167180Security: NaCl ARM validator sandbox escape, Chrome M25-2016-10-02
167311Heap-use-after-free in WebCore::GenericEventQueue::enqueueEvent-2016-10-02
167218Arbitrary server response with Content-Encoding including sdch can cause crashes if sdch is not configured-2016-10-02
166621Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects-2016-10-02
166565Heap-buffer-overflow in media::AudioBus::FromInterleavedPartial-2016-10-02
166554[LangFuzz] Crash at v8::internal::Deoptimizer::DoComputeOutputFrames with invalid read$10002016-10-02
166553[LangFuzz] Crash at v8::internal::HeapObject::SizeFromMap with invalid read$10002016-10-02
166523[Mac] apprtc crashes when output sampling rate set to 96000 Hz-2016-10-02
166513Heap-use-after-free in WebCore::StyledElement::ensureMutableInlineStyle-2016-10-02
166503audio getUserMedia call crashes tab when input sampled at 88200 Hz-2016-10-02
166708BrowserPluginGuest blindly trusts the size of shared memory regions leading to overflow-2016-10-02
166627Heap-use-after-free in WebCore::Prerender::didStartPrerender-2016-10-02
166324Heap-use-after-free in WebCore::RenderBlock::insertIntoTrackedRendererMaps-2016-10-02
166336Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
166271PDF: use-after-free in colorspace cache-2016-10-02
166257Security: ChromeBrowserSyncAdapterService is exported, but does not need to be?-2016-10-02
165928Heap-use-after-free in WebCore::SVGSMILElement::isSMILElement-2016-10-02
166493IPC: missing integer checks on Pepper UDP socket handling-2016-10-02
166306WebCore::SMILTimeContainer::updateAnimations - crash-2016-10-02
165926Heap-use-after-free in WTF::Vector<WTF::RefPtr<WebCore::Node>, 0ul>::shrinkCapacity-2016-10-02
165864Heap-use-after-free in WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument$10002016-10-02
74665v8 fuzzing - 1109 (out of bounds write)$10002016-10-02
74662v8 fuzzing - 1108 potential use-after-free in RegExp code$10002016-10-02
74660v8 fuzzing - 1174 - out-of-bounds write in reloc info$10002016-10-02
74653bypass SOP with blob:$10002016-10-02
74669v8 fuzzing - 1113 - stack corruption$10002016-10-02
74670v8 fuzzing 1128 - out of bounds write$5002016-10-02
74666v8 fuzzing 1122 - stack corruption$10002016-10-02
74372chrome://blob-internals/ xss-2016-10-02
73962use after free due to floats not cleared (overflow)$10002016-10-02
74585Crash in CookieMonster DeleteAnyEquivalentCookie.-2016-10-02
74650Placeholder bug for v8 security issues affecting Chrome 9-2016-10-02
74649OOB read in SearchBuffer::append-2016-10-02
74348Regression: Stale node set as layout root (issue in Canvas parent layout)-2016-10-02
73887GMail renderer crash @ MessageLoop::PostTask_Helper(tracked_objects::Location const &,Task *,__int64,bool)-2016-10-02
73716Leak of address of heap object via xslt generate-id() function-2016-10-02
73932Bad cast to text node in CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph-2016-10-02
73899Regression: Crash in RenderCombineText::combineText when running fast/text/international/text-combine-parser-test.html on Windows with full page heap enabled-2016-10-02
73893Chrome:+Crash+Report+-+Stack+Signature:+`anonymous+namespace'::PureCall()-0ba6cf43_1414c783_9939c740_d9e6ed78_7be33815-2016-10-02
73235Stale pointer in WebCore::RenderBlock::lowestPosition$10002016-10-02
73216Use after free of frame loader in DocumentLoader::commitLoad$10002016-10-02
73526Floats not cleared to logical height wraps.$10002016-10-02
73478Pages can continuously poll the OS clipboard for paste data-2016-10-02
73338Regression: stack buffer overflow in utf8 converter-2016-10-02
73001Use-after-free in ObserverListBase / TabContents-2016-10-02
73026dereference poisoned value in avcodec_52!ff_thread_decode_frame-2016-10-02
72910Browser crash/segfault when selecting very long option in select-2016-10-02
72908Freed timer heap element used-2016-10-02
72832Reliability issues with WebCore::RenderBlock due to use after free in floats-2016-10-02
73134Crash due to bad cast to rendertextfragment in updatefirstletter.$10002016-10-02
73163Heap corruption in safe_browsing detected on the Valgrind bot (might be fixed by SQLITE ROLL ??)-2016-10-02
72936Freed scrollbar in ScrollView::updateScrollbars-2016-10-02
72492Cross application unsafe redirect$10002016-10-02
72437Crash in ContainerNodeAlgorithms.h with outdated ice-tea plugin$10002016-10-02
72434stale pointer, invalid read, svg-2016-10-02
72523chrome.tabs.captureVisibleTab allows capturing images of any "file://" resource-2016-10-02
72517Dev. console null character crash @ history::URLDatabase::GetMostRecentKeywordSearchTerms$5002016-10-02
72399Valgrind reports on JPEG decoding since r74103-2016-10-02
72340use after free in WebCore::RenderCounter::destroyCounterNode$10002016-10-02
72189Bypass popup blocker using custom event and onMouseOver-2016-10-02
72135IDBTransaction and IDBRequest can be deleted while ScriptExecutionContext is iterating-2016-10-02
72134Potential buffer overrun in SVGTextRunWalker::walk()-2016-10-02
72028Stale continuation flow pointer for ContinuationOutlineTableMap$10002016-10-02
71960OOB Read in WebGL due to integer overflows-2016-10-02
72387Out of bounds read in WebCore::LayerTilerChromium::invalidateRect (dev only)$10002016-10-02
72217HTMLFormElement::formElementIndex() returns a bad index into a vector of form associated elements-2016-10-02
71786ThreadSanitizer reports a race on WebCore::schemesWithUniqueOrigins (on cross_fuzz)-2016-10-02
71734Security: accessing DataView methods with negative index could cause crash-2016-10-02
71717webgl causes segfault-2016-10-02
71601Switch to https by default in autofill toolbar server queries-2016-10-02
71788Memory corruption playing back specially crafted .ogg vorbis file.-2016-10-02
71763use-after-free when document.close and document.write are called after requesting a non-existing script$10002016-10-02
71855stale pointer in WebCore::RenderBlock::insertFloatingObject$10002016-10-02
71545Chrome_Mac: Crash Report - Stack Signature: WebKit::NotificationPresenterImpl::checkPermission-5428423-2016-10-02
71388Security:WebCore::HTMLTextAreaElement::updateValue+0xf$10002016-10-02
71386Stale nodes in Document::recalcStyleSelector$10002016-10-02
71370https not properly connected to google doc and gmail.-2016-10-02
71357PPAPI var objects reference invalid memory when the instance is deleted-2016-10-02
71586race in base/third_party/xdg_mime (crasher)$5002016-10-02
71296Stale iterator in SVGDocumentExtensions::startAnimations()$10002016-10-02
71551Cross_fuzz and ClusterFuzz crashes in WebCore::DatabaseTracker::removeOpenDatabase-2016-10-02
71345fail to connect with https when browsing google doc in chrome-2016-10-02
71203Branch ANGLE and merge fixes to m9-2016-10-02
173654Heap-use-after-free in WebCore::FrameSelection::notifyRendererOfSelectionChange-2016-10-02
173500XSS: chromiumbugs.appspot.com-2016-10-02
173483New search UI (1993) could lead to self-XSS$5002016-10-02
173402ASSERTION FAILED: !object || object->isRenderImage(), UNKNOWN in WebCore::HTMLAnchorElement::handleClick-2016-10-02
173399ASSERTION FAILED: !object || object->isBox(), UNKNOWN in WebCore::RenderListItem::positionListMarker-2016-10-02
173397Heap-buffer-overflow in WTF::MemoryInstrumentation::Wrapper<WebCore::ContainerNode>::callReportMemoryUsage-2016-10-02
173341Heap-use-after-free in content::PeerConnectionTracker::TrackSetSessionDescription-2016-10-02
173250Security: Heap-Buffer-Overflow in extensions::SetIconNatives-2016-10-02
173050Heap-use-after-free in WebCore::Node::removedLastRef-2016-10-02
173049Heap-use-after-free in WebKit::WebLayerImpl::layer-2016-10-02
172993Heap-use-after-free in WebCore::ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects-2016-10-02
173068ASSERTION FAILED: i < size(), UNKNOWN in WebCore::RenderFrameSet::paint-2016-10-02
172926Heap-buffer-overflow in WebCore::AudioBufferSourceNode::process$10002016-10-02
172918Flash shouldn't load if the "src" URL has a bad content type and Content-Type-Options: nosniff-2016-10-02
172824ASSERTION FAILED: i < size(), UNKNOWN in WebCore::commonTreeScope-2016-10-02
172822ASSERTION FAILED: !object || object->isTextControl(), UNKNOWN in WebCore::TextControlInnerTextElement::customStyleForRenderer-2016-10-02
172984Any MITM attacker can load NaCl :-(-2016-10-02
172814Heap-use-after-free in WebCore::RenderTextTrackCue::layout-2016-10-02
172658Security: TLS timing attack leading to message recovery-2016-10-02
172573Compromised renderer can load banned plug-in-2016-10-02
172342Heap-use-after-free in WebCore::AudioNodeInput::updateInternalBus$10002016-10-02
172331Use-after-free in WebCore::VectorMath::vsmul$10002016-10-02
172794ASSERTION FAILED: i < size(), UNKNOWN in WebCore::HTMLTreeBuilder::resetInsertionModeAppropriately-2016-10-02
172243Heap-buffer-overflow in WebCore::OscillatorNode::process$10002016-10-02
172119Security: Do not allow Chrome Web Store URLs to commit in unprivileged processes-2016-10-02
171962UNKNOWN in _wordcopy_fwd_aligned-2016-10-02
171951Security: UAF in WebCore::SecurityOrigin::databaseIdentifier()$15002016-10-02
172264DatabaseMessageFilter: path traversal in origin_identifier-2016-10-02
172071verify svn.golo.chromium.org subversion package is up-to-date with security fixes-2016-10-02
171557ASSERTION FAILED: !object || object->isBox(), UNKNOWN in WebCore::toRenderBox-2016-10-02
171392Cross-Origin copy&paste / drag&drop allowing XSS (again, this time srcdoc)-2016-10-02
171630ASSERTION FAILED: document() == newChild->document(), UNKNOWN in WebCore::ContainerNode::parserAppendChild-2016-10-02
171569Security: Escape from NaCl sandbox on Mac OS X due to signal handler without SA_ONSTACK-2016-10-02
170715SIGSEGV in NotificationUIManagerImpl::CancelAllBySourceOrigin()-2016-10-02
171130Heap-use-after-free in WebCore::AXObjectCache::notificationPostTimerFired-2016-10-02
170666Heap-use-after-free in SkAlphaRuns::add-2016-10-02
171131Heap-use-after-free in WebCore::AccessibilityRenderObject::remoteSVGRootElement-2016-10-02
170683Heap-use-after-free in ChromeURLDataManagerBackend::StartRequest-2016-10-02
171134XSS in 1993 history handling$5002016-10-02
170679Heap-buffer-overflow in WebCore::RenderBlock::clone-2016-10-02
170199Heap-use-after-free in WebCore::HTMLSelectElement::length-2016-10-02
170240Heap-use-after-free in WebCore::LiveNodeListBase::invalidateCache-2016-10-02
170360Use-after-free: Merge http://trac.webkit.org/changeset/139732-2016-10-02
170432UNKNOWN in WTF::equalIgnoringCase-2016-10-02
170237Heap-use-after-free in WebCore::InspectorInstrumentation::didHandleEventImpl-2016-10-02
170188Heap-use-after-free in WebCore::Document::updateHoverActiveState-2016-10-02
169973IPC: out-of-bounds vector accesses with mismatched vector-2016-10-02
169972Security: Heap-Buffer-Overflow in usb_api.cc:CreateBufferForTransfer-2016-10-02
169966IPC: negative integer in command to safe browsing host will cause bad vector access-2016-10-02
169770IPC: Unvalidated content type used as index for write into raw array-2016-10-02
169765Security: Integer overflow in libusb_alloc_transfer causes Heap-Buffer-Overflow in chrome.usb.isochronousTransfer-2016-10-02
170184Heap-buffer-overflow in WebCore::RenderTableSection::nodeAtPoint-2016-10-02
170034Security: ASAN issue in chromeos::VersionInfoUpdater::OnBootTimes()-2016-10-02
169981Security: chrome.usb Api missing parameter validation for "length"-2016-10-02
169723[LangFuzz] Crash at v8::internal::AccessorPair::GetComponent with invalid read$10002016-10-02
71115Stale pointer in WebCore::RenderTable::firstLineBoxBaseline$10002016-10-02
71114Stale pointer due to table childs incorrect added$10002016-10-02
71167Bypass popup blocker using custom event (variation of issue 3275)-2016-10-02
70877Arbitrary cross-origin bypass using SyntaxError and Number prototype overrides$13372016-10-02
70819Empty address bar after opening an URL from extension in new tab-2016-10-02
70779width of boundingClientRect for Range with unicode combining characters is corrupted-2016-10-02
70718crashes when opening a page with webgl-2016-10-02
70589race on a linked list in third_party/WebKit/Source/WebCore/platform/sql/chromium/SQLiteFileSystemChromiumPosix.cpp-2016-10-02
71027REGRESSION: crash after download and close window (only in incognito)-2016-10-02
70885Bypass popup blocker using iframe-2016-10-02
70456OOM handler not always properly terminating process$10002016-10-02
70538Open popup in new tab using java applet-2016-10-02
70374Browser crash: DeterminePossibleFieldTypesForUpload-2016-10-02
70577Security: webgl crashes on all tabs + processing spike even after all webgl programs are closed-2016-10-02
70376Pickle::FindNext reads payload_size without checking that the header is complete-2016-10-02
70244height of <rect> - integer overflow(?)$10002016-10-02
70337Regression: new window.onerror() implementation leaks cross-origin Javascript errors-2016-10-02
70070WebGL crashes depending on uniform names$5002016-10-02
70231Prefetch: Do not present authentication prompt-2016-10-02
70336Cross-origin Javascript error message leak via Worker importScripts()$5002016-10-02
70078Crash by form controls with form attributes under orphan nodes$5002016-10-02
69934Use after free in LayoutPluginTester.SelfDeletePluginInvoke-2016-10-02
69825security flaw-2016-10-02
69970Invalid read in convertV8ObjectToNPVariant-2016-10-02
70027Stale text node in linebox due to failure to dirty linebox when that text child is dirtied$10002016-10-02
69965Use after free in geolocation infobars-2016-10-02
69628Probable memory corruption in WebCore::CounterNode::lastDescendant$5002016-10-02
69597Segfault in WebCore::ContainerNode::removeAllChildren()-2016-10-02
69569Crashed @ IPC::Channel::ChannelImpl::OnIOCompleted when delete browser history-2016-10-02
69657Not signing out from my https webmail account.-2016-10-02
69531Valgrind/Memcheck reports uninitialized use of SkGlyph::fMaskFormat in third_party/skia/src/core/SkScalerContext.cpp-2016-10-02
69640memcheck: read after free in third_party/icu/source/common/unormimp.h-2016-10-02
69556Issue with merging anonymous block in renderblock::removechild (2)$10002016-10-02
69275Use after free in scrollbars-2016-10-02
69187Error prototypes are called on remote scripts$13372016-10-02
69159Crash @ PasswordStore::RemoveLogin-2016-10-02
69106ZDI-CAN-1009: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability-2016-10-02
69294Browser crash when executing indexedDb tutorial.html in an incognito window.-2016-10-02
69195playing Z-Type causes crash-2016-10-02
68741Stale pointers in CSSOM - 2$10002016-10-02
68646Integer overflow and signed comparison in RenderView::DidDownloadApplicationIcon()-2016-10-02
68641Stale form associated element pointer in Document object$10002016-10-02
68773Chrome: Crash Report - Stack Signature: UTF8ToUTF16(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)-382777c6_d21c627c_9e383e89_c1eaa2f5_ef047e8d-2016-10-02
68766Chrome: Crash Report - Stack Signature: net::HttpStreamFactory::~HttpStreamFactory()-2A77B8F-2016-10-02
68434Search Bug Dynamic dns-2016-10-02
68369Installing extensions in "popup"-type windows crash browser-2016-10-02
68342Aw snap on github.com with voice search extension installed$5002016-10-02
68439Destroying nextblock in RenderBlock::removeChild can cause oldChild and nextblock's next sibling to be merged.$10002016-10-02
68244Playing audio with volume set to undefined crashes browser-2016-10-02
68170invalid free() in bundled pdf viewer$10002016-10-02
68259Virus, exploit in maps-2016-10-02
68130Memory corruption in font draws for accelerated 2d canvas.-2016-10-02
68115Memory corruption with bad Vorbis streams (from CERT)$10002016-10-02
68075chrome.dll!WebCore::CounterNode::resetRenderers ExecAV@NULL (7b931db52815b50413964fbdd401fe15)-2016-10-02
68062OOB read crash in SVG length list parsing algorithm-2016-10-02
67968Use after free due to adjacent floats not cleared properly from parents-2016-10-02
67966the bank tell me my browser ar not safe-2016-10-02
67923Stale pointer in SVGImage-2016-10-02
68120Stale pointer in CSSFontFaceSource::m_svgFontFaceElement$10002016-10-02
177913Heap-buffer-overflow in AutofillExternalDelegate::OnSuggestionsReturned-2016-10-02
177876Heap-use-after-free in webkit::ppapi::PPB_URLLoader_Impl::FillUserBuffer-2016-10-02
177858Global-buffer-overflow in v8::internal::MaybeObject* v8::internal::SlowQuoteJsonString<unsigned char, v8::internal::SeqOneByte-2016-10-02
177932Heap-use-after-free in WebCore::SVGElementInstance::invalidateAllInstancesOfElement-2016-10-02
177873Security: out of bounds write with webgl and gl.DEPTH_COMPONENT$10002016-10-02
177688ASSERTION FAILED: obj->isRenderInline() || obj == this, Bad cast in WebCore::RenderBlock::createLineBoxes-2016-10-02
177620Heap-use-after-free in WebCore::HTMLMediaElement::~HTMLMediaElement$10002016-10-02
177410Heap-use-after-free in extensions::BookmarksIOFunction::ShowSelectFileDialog-2016-10-02
177403ASSERTION FAILED: !node || node->isElementNode(), UNKNOWN in WebCore::RenderBlock::clone-2016-10-02
177737Heap-use-after-free in webrtc::DataChannel::Send-2016-10-02
177686Heap-use-after-free in WebCore::ImageLoader::dispatchPendingErrorEvent-2016-10-02
177815pepper_flash_clipboard_message_filter.cc assumed same-sized vectors from untrusted Flash process-2016-10-02
176882Heap-use-after-free in WebCore::FrameLoader::checkCompleted$10002016-10-02
176863ASSERTION FAILED: !detachingNode, Heap-buffer-overflow in WebCore::CSSImageGeneratorValue::removeClient-2016-10-02
177215ASSERTION FAILED: static_cast<unsigned>(m_start + length) <= string.length(), UNKNOWN in WebCore::InlineTextBox::paint-2016-10-02
176719Global-buffer-overflow in cld::ProcessProbV25UniTote-2016-10-02
176692postTaskForModeToWorkerContext/dispatchTaskToWorkerThread invalid pointer crash with Workers/FileSystem API$10002016-10-02
177197Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::insert<unsigned short>-2016-10-02
176738ASSERTION FAILED: itemIndex < m_values->size(), UNKNOWN in WebCore::SVGPathSegListPropertyTearOff::processIncomingListItemValue-2016-10-02
176514Heap-use-after-free in WebCore::RenderObject::propagateStyleToAnonymousChildren-2016-10-02
176298Heap-buffer-overflow in std::_Rb_tree<int, int, std::_Identity<int>, std::less<int>, std::allocator<int> >::erase-2016-10-02
176252RenderViewHostImpl::OnMessageReceived$10002016-10-02
176137Data extraction with XSS Auditor$5002016-10-02
176676Heap-use-after-free in cricket::TransportChannelProxy::SetImplementation-2016-10-02
176033Use-after-free in webrtc::WebRtcSession::data_channel()-2016-10-02
176027Heap-buffer-overflow in SkARGB32_Opaque_Blitter::blitMask-2016-10-02
175741UNKNOWN in webkit::ppapi::PluginInstance::PrintPDFOutput-2016-10-02
175343ASSERTION FAILED: i < size(), UNKNOWN in WebCore::AccessibilityMenuListPopup::didUpdateActiveOption-2016-10-02
175342Heap-use-after-free in WebCore::DeleteButtonController::enable-2016-10-02
175305ASSERTION FAILED: i < size(), UNKNOWN in WebCore::HTMLTreeBuilder::resetInsertionModeAppropriately-2016-10-02
176056Global-buffer-overflow in v8::internal::MarkCompactCollector::EmptyMarkingDeque-2016-10-02
174920Heap-use-after-free in WebCore::CachedCSSStyleSheet::checkNotify-2016-10-02
174676Heap-use-after-free in SpellcheckHunspellDictionary::InitializeDictionaryLocation-2016-10-02
174846Heap-use-after-free in WebCore::ElementRuleCollector::collectMatchingRulesForList-2016-10-02
175069Heap-use-after-free in net::SpdySession::DoLoop-2016-10-02
174895IndexedDB: missing check that index_ids and index_keys have equal size-2016-10-02
174566ASSERTION FAILED: i < size(), UNKNOWN in WebCore::SVGListProperty<WebCore::SVGPathSegList>::replaceItemValues-2016-10-02
174328IndexedDB: overflow of 2-bit index id size field-2016-10-02
174146Crashing in gpu::gles2::GLES2Implementation::ReadPixels(int,int,int,int,unsigned int,unsigned int,void *)-2016-10-02
174137Crashing in WebCore::ChannelMergerNode::process(unsigned int)-2016-10-02
174129Security: Silent HTTP Basic Authentification & HTTP Authentification Brute Force-2016-10-02
174579stack-buffer-overflow in ui::ScrollEvent::Scale on Chrome OS-2016-10-02
174150Crashing in media::VideoRendererBase::ThreadMain()-2016-10-02
174020ASSERTION FAILED: !object || object->isMenuList(), UNKNOWN in WebCore::HTMLSelectElement::menuListDefaultEventHandler-2016-10-02
173906document.referrer leakage with XSS Auditor page block-2016-10-02
173880Heap-buffer-overflow in media::OpusAudioDecoder::ConfigureDecoder-2016-10-02
174049ASSERTION FAILED: i < size(), UNKNOWN in WebCore::RenderTableSection::layout-2016-10-02
174017ASSERTION FAILED: i < size(), UNKNOWN in WebCore::SVGAnimationElement::currentValuesForValuesAnimation-2016-10-02
173781Heap-buffer-overflow in void std::__introsort_loop<WebCore::GridTrack**, long, bool-2016-10-02
173688Security: Non-web-accessible extension URLs should not load in non-extension processes-2016-10-02
67393Freeing invalid uninitialized pointer to bug_report_ object$10002016-10-02
67363EXTERNAL-REPORT: SVGElementInstance::m_useElement not cleared on corresponding use element destruction$5002016-10-02
67577Switch .jar and .class to always-warn-2016-10-02
67234Webkit crashes during animation event processing-2016-10-02
67303renderer crash when playing a corrupt webm video$10002016-10-02
67208VU#821271 Exception generated by code running in the Stack$10002016-10-02
66986Reparenting error due to double merge of anonymous blocks in removeChild-2016-10-02
66962browser crash when reproducing issue #64051-2016-10-02
66931Google Chrome crashes at https://webmail.afmc.af.mil/Exchange-2016-10-02
66841Chrome View keeps changing percentage(decreasing to 50%) automatically-2016-10-02
67100Crash in PDF form event handling when deleting page from underneath self-2016-10-02
66760ZDI-CAN-968: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability-2016-10-02
66718webgl page causes X server crash-2016-10-02
66700chrome.dll!WebCore::RenderTextControlSingleLine::speechAttributeChanged ReadAV@NULL (7acb553d23eecf733d9ececf57a499f7)-2016-10-02
66676REGRESSION: Crash on exit after clearing all downloads-2016-10-02
66486MAC OSX 10.6.5 google chrome-2016-10-02
66473Crash in ReplaceSelectionCommand::doApply when modified during mutation event-2016-10-02
66748CSSCursorImageValue not clearing SVGElement back pointer$5002016-10-02
66334Crashes at wild EIP when pressing "print" button on PDFs-2016-10-02
65942Stale pointer in Range::processContents when modified during mutation event-2016-10-02
65869crash when rapidly reloading a page with an applet-2016-10-02
65845Bad cast from RenderText to RenderBox due to details tag being shown inline.-2016-10-02
65796Children of cloned anonymous blocks should set childreninline flag-2016-10-02
65299Out of bound read when using modified webp file$5002016-10-02
65194Renderer crash @ gpu::gles2::GLES2Implementation::TexSubImage2D(unsigned int,int,int,int,int,int,unsigned int,unsigned int,void const *)-2016-10-02
64974Integer overflow leading to OOB read, possible memory corruption in webgl getfloat32-2016-10-02
64949Crash with progressive rendering-2016-10-02
64788Access data from my company Google Docs (domain wittit.com) with my gmail account.-2016-10-02
64669Not allow overwrite of field data when merging profile data-2016-10-02
64559Bad cast when selection changes for combo boxes.-2016-10-02
64456Chrome crashes when attempting to install a userscript.-2016-10-02
64945Crash when webp image is invalid$10002016-10-02
64364falla al inicio de abrir el navegador-2016-10-02
64331Stale node being set as layout root when rendering meter, progress elements.-2016-10-02
64088Use after free due to calling a stale timer on a closed frame/document-2016-10-02
64046WebKit 49902 - chrome.dll!WebCore::toWebWidgetClient ReadAV@NULL (08ffd4f21a8c6465bb1e19a2f52e4bd5)-2016-10-02
63982Memory corruption in RenderObjectChildList::removeChildNode-2016-10-02
64424Computing style on a stale node while sending pending accessibility notification-2016-10-02
64108Verify cross-origin push fails under SPDY-2016-10-02
63911Memory corruption in accelerated 2d canvas-2016-10-02
63945More memory corruption in accelerated 2d canvas, this time in moveTo-2016-10-02
63617Closing multiple WebGL tabs at the same time causes segfault in Xorg-2016-10-02
63609Delete any link promotes - Orkut OLD-2016-10-02
63552Windows media player plugin crashes all the time @ NPAPI::PluginLib::Load+0x116-2016-10-02
63533WebM Crash fix merge from M7-2016-10-02
63529Security: Segfault when dealing with Web Workers and MessageChannels-2016-10-02
63866WebKit CSS Font Face Parsing Type Confusion$10002016-10-02
63924Bad cast from RenderTableCol to RenderBlock in search css-2016-10-02
63732Browser crash @ JavaScriptAppModalDialog::Cleanup()$5002016-10-02
63389Setting small numeric CSS values using setFloatValues changes that value on all pages until the browser is quit-2016-10-02
63268Universal XSS via mutating style objects and read styles cross origins-2016-10-02
63248segfault in bundled PDF viewer (invalid read in strlen)$10002016-10-02
63444Security: possible memory corruption (double-free) in XPath processing code$10002016-10-02
63495WebCore::NamedNodeMap::setAttributes() stale iterator-2016-10-02
63454Analyze integer wraps in WebCore::Range.-2016-10-02
63380SVG Transformlist memory corruption-2016-10-02
63031Stale font accessed in WebCore::GlyphPage::glyphDataForCharacter-2016-10-02
63166CryptUnprotectData disclose sensitive information in stack-2016-10-02
63051chrome_6dc70000!WebCore::EventHandler::updateSelectionForMouseDrag use after free$5002016-10-02
63037Security: chrome.google.com Stored XSS-2016-10-02
189090Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects-2016-10-02
189089ASSERTION FAILED: curr->isRenderBlock(), UNKNOWN in WebCore::RenderBlock::splitBlocks-2016-10-02
189250Security: pango loads config options from $HOME/.pangorc-2016-10-02
189091Heap-use-after-free in extensions::ObjectBackedNativeHandler::Router-2016-10-02
189084Bad cast in WebKit::WebPageSerializerImpl::endTagToString-2016-10-02
187243Heap-use-after-free in WebCore::InlineBox::deleteLine-2016-10-02
181617Security: Possible path traversal in file_util::AbsolutePath (Windows XP/2K3)$13372016-10-02
181580Heap-use-after-free in extensions::ModuleSystem::LazyFieldGetterInner-2016-10-02
187245Heap-use-after-free in SkTypeface::getTableSize-2016-10-02
188092Invalid pointer read in WebCore::WaveShaperProcessor::process-2016-10-02
183741arbitrary number of popups in response to single user action-2016-10-02
181083Security: H.264 scaling list parsing overflow$400002016-10-02
180920Heap-use-after-free in WebCore::ElementRuleCollector::collectMatchingRulesForList-2016-10-02
181438TransportDIB::Map doesn't validate size of mapped section on Windows-2016-10-02
180763PWN2OWN: Bad cast in SVGViewSpec::viewTarget-2016-10-02
180593Heap-use-after-free in WebCore::RenderBlock::logicalRightOffsetForLine-2016-10-02
180555Security: DevTools renderer navigation is handled in renderer and allows opening any URL in DevTools window.-2016-10-02
181375Heap-use-after-free in WebCore::AXObjectCache::getOrCreate-2016-10-02
180909Buffer overflow in URLLoader::ReadResponseBodyAck-2016-10-02
180051Use after free in PersistentTabRestoreService (during shutdown?)-2016-10-02
179653ANGLE shader compiler: struct size overflow-2016-10-02
179634Heap-use-after-free in (anonymous-2016-10-02
179632Heap-use-after-free in sigslot::_signal_base1<bool, sigslot::single_threaded>::disconnect-2016-10-02
179631Heap-use-after-free in WebCore::SegmentedString::SegmentedString-2016-10-02
179580Devtools uses dangling WebContents* when extension reloads-2016-10-02
180058Security: Loading NaCl from Web via permissive extension-2016-10-02
179654ANGLE shader compiler: validate numBytes in TPoolAllocator::allocate-2016-10-02
178848Chrome_Linux: Crash Report - Stack Signature: extensions::UserScriptSlave::GetDataSourceU...-2016-10-02
178706Mac AVCConfigRecordBuilder: integer overflow leading to heap-buffer-overflow-2016-10-02
178780Security: Chrome extensions whitelist leaks IDs-2016-10-02
178761Heap-use-after-free in WebCore::FrameView::maintainScrollPositionAtAnchor-2016-10-02
178760Heap-use-after-free in gtk_floating_container_add_floating-2016-10-02
179287ASSERTION FAILED: !object || object->isBox(), UNKNOWN in WebCore::RenderSliderContainer::layout-2016-10-02
179522Heap-use-after-free in WebCore::AudioNodeOutput::pull$31332016-10-02
178797Use-after-free under CachedRawResource::responseReceived-2016-10-02
178266Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
178242NavigationController can copy wrong NavigationEntry when committing a new page-2016-10-02
178269Heap-use-after-free in WebCore::FrameLoader::stopForUserCancel-2016-10-02
178130ASSERTION FAILED: node->treeScope() == m_oldScope, Heap-use-after-free in WebCore::TreeScopeAdopter::moveTreeToNewScope-2016-10-02
178581Heap-use-after-free in BrowsingDataRemover::DoClearCache-2016-10-02
178264Heap-use-after-free in WebCore::Frame::setPageAndTextZoomFactors-2016-10-02
178002Heap-use-after-free in WebCore::LiveNodeList::namedItem-2016-10-02
177933ASSERTION FAILED: i < size(), UNKNOWN in WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue-2016-10-02
178003ASSERTION FAILED: !node || node->isElementNode(), UNKNOWN in WebCore::HTMLElementStack::popCommon-2016-10-02
177956cross-process memory address leak via sa_restorer$10002016-10-02
62987Use after free in EventSource-2016-10-02
62925<Unloaded_S.DLL>+0x42cd17f crash$10002016-10-02
62718renderer crash in PDF viewer (possibly due to overlapping memcpy)-2016-10-02
62674Valgrind detected invalid read in net::SingleRequestHostResolver::Cancel() - use-after-free?-2016-10-02
62623Crash at NULL IP in PDF when evaluating strange expression$10002016-10-02
62401Crash in WebCore::SMILTimeContainer::begin$10002016-10-02
62358Integer overflow in SVG Parsing-2016-10-02
62791Crash loading invalid crx extension file-2016-10-02
62354Bad cast in SVGImageBufferTools::renderSubtreeToImageBuffer-2016-10-02
62296Bad cast from renderinline to renderbox in animations-2016-10-02
62281Use after free due to overhanging floats in LEGEND block-2016-10-02
62276Out of bound memory access in webp decoder-2016-10-02
62261use after free in ContainerNode::willRemove-2016-10-02
62168Bad cast in WebDevToolsFrontendImpl::dispatchOnInspectorFrontend-2016-10-02
62158Exploitable-looking crash when simply selecting a drop-down value-2016-10-02
62293Bad cast in CSSStyleSelector::createTransformOperations-2016-10-02
62118Autosave - Password-2016-10-02
61975Page is shown before password is requested-2016-10-02
61919[Regression] Browser crash in GetMostVisitedThumbnailsOnDBThread-2016-10-02
61917[Regression] Purecall in TopSitesDatabase::UpdatePageThumbnail-2016-10-02
62127faulty webm file causes segfault$10002016-10-02
61954split webstorePrivate.install into two functions, one of which requires a gesture-2016-10-02
61719Chrome-2016-10-02
61691SECURITY FAIL-2016-10-02
61653MSVR-10-0108 - Integer Overflow in Chrome's VP8 decoding leads to memory corruption-2016-10-02
61634webstorePrivate.install method should not suppress install confirmation for extensions with NPAPI-2016-10-02
61721Security: Google Chrome 7.0.517.41 Multiple DLL Hijacking Vulnerability-2016-10-02
61701Security: google chrome crashes when a request passes through a proxy and recieves a 407 HTTP error code from the server-2016-10-02
61848Search results are displayed in bing.-2016-10-02
61555on double click of a password with comma in it, selects only the part separated by comma instead of selecting fully. The compromises security besides being an inconvenience.-2016-10-02
61502Floats left out of the incremental line break code due to failed image load.-2016-10-02
61338pdf viewer segfault after js syntax error$10002016-10-02
61577Security Bug: Google Docs Published Spreadsheets-2016-10-02
61255Bad cast in PageClickTracker::handleEvent-2016-10-02
61576WebKit 48831 - chrome.dll!WebCore::SVGLength::SVGLength WriteAV@Arbitrary (ab566cfad36b72d82883e59d51a1dbec)-2016-10-02
61313Use after free related to ApplyBlockElementCommand::formatSelection-2016-10-02
61129Double click selection behaviour exposes password information-2016-10-02
60978WebGL stencil buffers not correctly initialized-2016-10-02
60816Crash in hunspell::NodeReader::FindWord-2016-10-02
60769more bad casts in event handling.-2016-10-02
60761chrome_1c30000!TabContents::RemoveInfoBar(class InfoBarDelegate * delegate = 0x05dfe700)+0x1dfull tab crash-2016-10-02
61158Use after free in ApplyStyleCommand::removeInlineStyle-2016-10-02
60695Bad cast in RenderView docheight,docwidth calc due to adding non box childs-2016-10-02
60688chrome_55000000!WebCore::FEBlend::apply+0x1a5$10002016-10-02
60653Memory error inside WTF::String::format-2016-10-02
60496Speed tracer + AdBlock = Renderer Crash @ v8::internal::Invoke-2016-10-02
60327Bad cast to MouseEvent in Node::defaultEventHandler()$5002016-10-02
60238Use after free of m_frame in FrameLoader::loadWithDocumentLoader$5002016-10-02
60697CSS, background-repeat bug-2016-10-02
60029OOB read with StringImpl::find line 621-2016-10-02
59817Security: Add .html and .htm to the dangerous extensions list for OSX and OS_POSIX-2016-10-02
60055WebM crash in vp8_setup_intra_recon()$10002016-10-02
59663CSSPrimitiveValue::cssText() may cause a buffer overflow-2016-10-02
60013RenderIndicator childs not laid out at all.-2016-10-02
223145Security: <template> implementation fails to check for "template" in special list when handling "any other end tag for in body"-2016-10-02
223125Heap-buffer-overflow in WebCore::InlineIterator::atTextParagraphSeparator-2016-10-02
223032ASSERTION FAILED: !HashTranslator::equal(Extractor::extract(deletedValue), key), Heap-buffer-overflow in WebCore::Font::width-2016-10-02
222852Heap-use-after-free in WebCore::RenderObject::isDescendantOf-2016-10-02
222770UNKNOWN in WebCore::QualifiedName* WTF::HashTable<WebCore::QualifiedName, WebCore::QualifiedName, WTF::Identity-2016-10-02
222754Multiple ffmpeg security issues found by j00ru.-2016-10-02
222539UNKNOWN in WTF::Vector<WTF::Vector<WebCore::RenderBox*, 1ul>, 0ul>::reserveCapacity-2016-10-02
223034Heap-buffer-overflow in void media::ToInterleavedInternal<int, long>-2016-10-02
223238Heap-use-after-free in GIFImageReader::decode$10002016-10-02
222000Use after free - using speech API after loading a web page$10002016-10-02
222036Heap-use-after-free in cricket::WebRtcRenderAdapter::FrameSizeChange-2016-10-02
222136Heap-use-after-free in WebCore::AudioDSPKernelProcessor::reset-2016-10-02
221131HTML tags are not sanitized in chrome://network-2016-10-02
220039Security: Chrome extensions can manipulate Chrome sign-in screen-2016-10-02
219175Security: uid and gid 233 double-allocated to tlsdate-dbus and debugd-logs users/group in Chrome OS ToT-2016-10-02
216501enable manifest checking in chromiumos-overlay-2016-10-02
217858[LangFuzz] Crash on Heap with invalid read (possibly due to uninitialized value) on 64 bit$10002016-10-02
214314Enable GPU process seccomp filter sandbox on Chrome OS-2016-10-02
214730Security: Remove "--enable-nacl" on daisy/snow boards before production-2016-10-02
209604Heap-use-after-free in WebCore::RenderObject::container$10002016-10-02
213970Seccomp filter for avfsd on ARM-2016-10-02
203443use-after-free in views::View::parent() from chromeos::BalloonContainer::HasBalloonView()-2016-10-02
204504minijail ignores user/group id and runs as root when it can't find /lib/minijailpreload.so-2016-10-02
196575ASSERTION FAILED: i < size(), UNKNOWN in WebCore::RenderFrameSet::fillFromEdgeInfo-2016-10-02
196571ASSERTION FAILED: !node || node->isElementNode(), UNKNOWN in WebCore::Element::offsetParent-2016-10-02
196570ASSERTION FAILED: !object || object->isCanvas(), UNKNOWN in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored-2016-10-02
196456Any web site can launch Google Talk plug-ins (either of them) by fiddling with ':' in URL syntax-2016-10-02
196648IPC: destroy routes for video decoders on GpuCommandBufferStub destruction-2016-10-02
196174ASSERTION FAILED: i < size(), UNKNOWN in WebCore::HTMLTreeBuilder::resetInsertionModeAppropriately-2016-10-02
196071Security: XMLHttpRequest HTTP Referer Header Faking-2016-10-02
194749REGRESSION: Chrome crashed while launching Bejeweled game-2016-10-02
193197Security: Overflow READING BlueZ adapter's config from /var/lib on startup-2016-10-02
196393RIP == 0 in WebCore::StyleResolver::matchAllRules$10002016-10-02
59627Renderer crash while profiling @ v8::internal::Context::global_context()-2016-10-02
59625GPU ANGLE Preprocessor Extension Stack Overflow-2016-10-02
59623GPU ANGLE Symbol Parsing Multiple Stack Overflows-2016-10-02
59593Stale pointer in WebCore::ThreadTimers::sharedTimerFiredInternal-2016-10-02
59584repaired-2016-10-02
59554Use after free when encountering history.back() call during Page::goToItem execution$5002016-10-02
59504WebGL Context GPU Channel Dangling Pointer-2016-10-02
59320Segfault in x86_64/memset.S below SkScalerContext::getImage on Linux$10002016-10-02
59314[Merge] Blob / BlobBuilder can be put into bad state with wild integers and strings, due to integer overflows-2016-10-02
59036PDF JS engine doesn't work in 64 bit$13372016-10-02
58829Memory corruption in SyncChannel::SyncContext::OnChannelClosed()-2016-10-02
59081Security: do not allow on-page drag-and-drop from non-same-origin frames (or require an extra gesture)-2016-10-02
58731Invalid memory access (with possible avenue to corruption) in the xpath handling libxml$10002016-10-02
58657Bad cast on SVG use element due to mismatched shadow and instance pointers$10002016-10-02
58741Use after free in HTMLTextFormControlElement::selection()$5002016-10-02
58319Browser crash - creating unlimited number of File Dialogs-2016-10-02
58008Bad cast casting parent class obj InlineFlowBox to child class obj RootInlineBox-2016-10-02
57743Stale pointer in WebSocket connection handshake-2016-10-02
57691Security Bug: Uploading without ever choosing to upload-2016-10-02
58053Crash in BallonViewImpl::DelayedClose()-2016-10-02
57908build with -fPIE-2016-10-02
58069Windows Sandbox allows access to the console.-2016-10-02
57501Crash in PDF plugin when building cross-refs$5002016-10-02
57377Cross origin bypass with CSS getMatchedCSSRules()-2016-10-02
57347ZDI-CAN-874: Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability-2016-10-02
57200Use after free from accessing stale renderers in m_floatingObjects in lowestPosition-2016-10-02
57002abcd-2016-10-02
56996Renderer crash when navigating between Field and Aquarium @ WebCore::Node::detach()-2016-10-02
56993Form data is not cleared or even offered in the "Clear browser history"-2016-10-02
57083Possible bug with Chrome and PayPal-2016-10-02
56760segfault in bundled pdf viewer$10002016-10-02
57080remove extension renaming code-2016-10-02
56796Bad cast in casting CSSInitialValue to SVGColor in css-2016-10-02
56692Bad cast from RenderInline to RenderBox in positionListMarker-2016-10-02
56621use after free in InlineBox::dirtyLineBoxes()-2016-10-02
56616Bad cast in 3d rendering in RenderObject::getTransformFromContainer-2016-10-02
56514Click to Play is vulnerable to UI redressing-2016-10-02
56653Named popup windows bug-2016-10-02
56468MAJOR Password Security problem-2016-10-02
56451cross_fuzz: Deleted elements lingering in Document::m_elementsById-2016-10-02
56449Crash in Pickle::ReadInt in net::HttpResponseInfo::InitFromPickle-2016-10-02
56722Browser crash on closing incognito @ ToolbarView::Layout()-2016-10-02
56474User after free in table destroy-2016-10-02
56252Factory::LookupSymbol+0x3e - Crash-2016-10-02
56237Browser crash in incognito mode with trying to close a large db.-2016-10-02
56206Use after free in CounterNode-2016-10-02
56144Memory corruption in adding text child to table column-2016-10-02
56127送ります-2016-10-02
56394Bad cast in ApplyStyleCommand::applyInlineStyleToPushDown-2016-10-02
55957Merge webkit bug 45869: Use after free in ImageLayerChromium-2016-10-02
55901Merge Webkit Bug 45896 :CSS: Fix crash in getTimingFunctionValue()-2016-10-02
55751vulnerability Google chrome clickjacking-2016-10-02
55745MSVR-10-0105: Cross origin bypass using canvas and video-2016-10-02
55675Stale owner element called in frame's disconnectOwnerElement-2016-10-02
55607Flash intercepts key events when not in focus-2016-10-02
55350Chrome cross window & cross domain object access$10002016-10-02
55831Segmentation fault at WebCore::ImageLoader::updateFromElement due to malformed HTML$10002016-10-02
55330Treebuilder parsing in out of context when encountering special tags like </kbd>-2016-10-02
55346Load Timer fired on deleted HTMLMediaElement$10002016-10-02
230907Heap-use-after-free in WebCore::RenderBox::exclusionShapeOutsideInfo-2016-10-02
230730ASSERTION FAILED: m_insertionPoint->inDocument(), Heap-use-after-free in WebCore::ElementRuleCollector::collectMatchingRulesForList-2016-10-02
230729Heap-use-after-free in non-virtual thunk to WebKit::WebPluginContainerImpl::clearScriptObjects-2016-10-02
230915Security: strongSwan ECDSA signature vulnerability-2016-10-02
230726ASSERTION FAILED: i < m_length, UNKNOWN in WebCore::InlineTextBox::isLineBreak-2016-10-02
230725Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine-2016-10-02
230720Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
230176Security: Type confusion vulnerability in V8Clipboard::setDragImageMethodCustom$15002016-10-02
230117Heap-use-after-free in webkit_media::WebMediaPlayerImpl::paint$10002016-10-02
229504Interstitials allow bypass of extension permissions-2016-10-02
230728Heap-use-after-free in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets-2016-10-02
229020ASSERTION FAILED: i < size(), UNKNOWN in WebCore::RenderLayer::hitTestList-2016-10-02
229019Input pointer corruption in xmlParseTryOrFinish-2016-10-02
227390ExtensionFunctionRegistry: missing check for iter != factories_.end()-2016-10-02
227350Security: UAF in ppapi::ScopedPPResource::CallRelease$10002016-10-02
227197Security: infoleak in Buffer::Set in O3D-2016-10-02
229402Another popunder scheme-2016-10-02
227158Security: domain authorization issue in O3D-2016-10-02
227157Global-buffer-overflow in WebCore::Font::expansionOpportunityCount-2016-10-02
227181Security: UAF in O3D-2016-10-02
226937Security: Postpwnium: Full exploit chain for ChromeOS$313362016-10-02
226928Null-pointer exec from SkDeferredCanvas::setDeferredDrawing-2016-10-02
226696Security: use-after-free removing a frame from its parent in a beforeload event of an OBJECT element$20002016-10-02
226659Harden WTF::Vector::operator[]-2016-10-02
226091ASSERTION FAILED: !node || node->isShadowRoot(), UNKNOWN in WebCore::EventRetargeter::eventTargetRespectingTargetRules-2016-10-02
226090Heap-use-after-free in WebCore::IDBDatabase::onComplete-2016-10-02
227040Heap-use-after-free in moveOverlapping-2016-10-02
226068Security: HSTS will not work if Strict-Transport-Security header and Public-Key-Pins header are present in this order-2016-10-02
226012clicking links using generated mouse events bypasses the popup blocker-2016-10-02
225979Heap-use-after-free in WebCore::RenderTextControl::visiblePositionForIndex-2016-10-02
225969Consider locking screen when turning screen off rather than when suspending-2016-10-02
225798Swiftshader images do not use aslr-2016-10-02
225565Security: strongswan must not write files into /mnt/stateful_partition directly-2016-10-02
225546Security: u-a-f in shared worker process in Allow{IndexedDB,FileSystem}MainThreadBridge$13372016-10-02
225496chrome_5eb80000!views::FocusManager::AdvanceFocus Crash-2016-10-02
225417Heap-use-after-free in TabStripGtk::DestroyDraggedTab-2016-10-02
225403ASSERTION FAILED: ownerElement->contentFrame() == frame || !ownerElement->contentFrame(), Heap-use-after-free in WebCore::Node::isDescendantOf-2016-10-02
225226It's possible to bypass the permission restrictions for chrome.tabs.captureVisibleTab-2016-10-02
224920ASSERTION FAILED: !object || object->isBox(), UNKNOWN in WebCore::RenderBlock::layoutBlockChildren-2016-10-02
224734Incorporate standalone utilities into futility-2016-10-02
223962Heap-use-after-free in WebCore::Reverb::latencyFrames$5002016-10-02
224624Security: XSS in 1993 chrome-2016-10-02
223772Attempting free when chrome.fontSettings.getFontList is called twice in background script-2016-10-02
223444Kernel stack info leak via the tkill and the tgkill syscalls$5002016-10-02
223376ASSERTION FAILED: !node || node->isHTMLElement(), UNKNOWN in WebCore::toHTMLElement-2016-10-02
223835ASSERTION FAILED: candidate.isCandidate(), Heap-use-after-free in WebKit::ChromeClientImpl::didAssociateFormControls-2016-10-02
223482Heap-use-after-free in WebCore::HTMLTreeBuilder::callTheAdoptionAgency-2016-10-02
55257Memory corruption in accessing floatptr of a textarea$10002016-10-02
55215Memory corruption with styled font-face-2016-10-02
55179Memory corruption with reparentchildren in new treebuilder-2016-10-02
55119SpdyFramer buffer resizing bug-2016-10-02
55114Bad cast with svg:g element$5002016-10-02
54794HTML5 Workers run outside of the sandbox-2016-10-02
54697Extension APIs should include password encryption-2016-10-02
54691segmentation fault in bundled pdf plugin$10002016-10-02
54661SSL connexion error after update to CHROME v6.0.472.53-2016-10-02
54653Memory corruption with creating lines on renderblocks.-2016-10-02
54636selectedStylesheetSet memory corruption-2016-10-02
54539OOB read in rendering text fragment-2016-10-02
54880Crash at gfx::CGImageToSkBitmap-2016-10-02
54532Issue with incorrect attribute, events handling in SVG and polyline-2016-10-02
54500Renderer crash on very big animated gif image @ WebCore::RGBA32Buffer::setRGBA(unsigned int *,unsigned int,unsigned int,unsigned int,unsigned int)$5002016-10-02
54312My Other MacBook Was Stolen/Robbed from My HOme and the Hacker is taking Pride in Torturing me-2016-10-02
54268MacOSX WebGL Uninitialized Canvas Information Leak-2016-10-02
54262Possible Location Bar & SSL Spoofing$10002016-10-02
54132Security: Insecure library loading in Google Chrome for Linux-2016-10-02
54054Device3DInitialize Uninitialized Object Vulnerability-2016-10-02
54313My Other MacBook Was Stolen/Robbed from My HOme and the Hacker is taking Pride in Torturing me-2016-10-02
54006Security: Extension history permission does not generate a warning-2016-10-02
53985Crash in chrome_browser_net_websocket_experiment::WebSocketExperimentRunner::DoLoop-2016-10-02
53949HTTPS -> HTTP redirected CSS and JS do not trigger mixed content-2016-10-02
53930Memory corruption on Linux when render Khmer script page-2016-10-02
53912Crash on shutdown in BrowsingInstance::GetSiteInstanceMap-2016-10-02
53892A Cryptographically secure random number generator implementation for V8-2016-10-02
53836wss:// does not validate SSL certs-2016-10-02
53747Use-after-free of renderer when recalcStyle() is called during layout or painting.-2016-10-02
53994save-2016-10-02
53645Function names are exposed to iframes from non-same origin using console API-2016-10-02
53640Merge Webkit Bug 41523 to 472-2016-10-02
53394Geolocation use after free$5002016-10-02
53361Browser crash in improper destruction of select file dialog (mac)$5002016-10-02
53230crash on google.at ajax search-2016-10-02
53176BlockedPopupContainer::GetBlockedContents ReadAV@NULL (882a25e76e991e980ffce6adda7cfcc5)-2016-10-02
53002pop blocker bypass-2016-10-02
53142EXTERNAL-REPORT: Another Windows kernel CFF font parsing bug-2016-10-02
53039Geolocation use after free-2016-10-02
53017MEMORY CORRUPT-2016-10-02
53008Security: can't update flash from about:plugins in chromium-2016-10-02
53068download without user permission-2016-10-02
53001Security: ability to read cross domain image data using toDataURL and getImageData via createPattern$5002016-10-02
52980GOOGLE CHOME MEMORY CORRUPT-2016-10-02
52961Security: user.qzone.qq.com-2016-10-02
52958Trojan can sync with my sync data ???-2016-10-02
53116Security: Chrome can't be downloaded securely.-2016-10-02
52870error-2016-10-02
52782close window with javascript-2016-10-02
52682Sandbox IPC out-of-bounds write in CrossCallParamsEx::CreateFromBuffer$10002016-10-02
52587cross_fuzz: CSSRule::parentStyleSheet use after free-2016-10-02
52581HTML5 TreeBuilder ASSERTs on <a><svg><tr><input></a>-2016-10-02
52456Chrome attempts to connect to HTTP://nikkomsgchannel when focus moves to a password field on any page-2016-10-02
52443Google Chrome Focus Handling Use-after-free Vulnerability-2016-10-02
52420MAJOR CHROME SECURITY BUG : Chrome exposes the secrete question and answer for google's gmail password retrial mechanism-2016-10-02
51739Numerous Integer wraps and errant pointers within WebSockets parser-2016-10-02
52413Major Chrome security BUG : Confidential User data accessiblity Security Bug :[ Test case of Gmail account registration included]-2016-10-02
52204Regression: Incorrect destruction of "empty anonymous block" in renderblock remove child.$10002016-10-02
52067ExtensionsService::IsGalleryDownloadUrl ignores scheme-2016-10-02
51919use after free in console.profile calls.$5002016-10-02
51865Chrome Search Box: Index error-2016-10-02
51846Null deref when socket stream is closed during hostname resolution-2016-10-02
52364Valgrind error in CGPDFDrawingContextDraw() on mac ui tests-2016-10-02
51727autocomplete entries submitted by javascript should not be stored in db (similar to autofill bug 48225)-2016-10-02
51709Fatal assertion failure when getting gdk custom cursor on safari books-2016-10-02
51690Security of accounts-2016-10-02
51680Omnibox url spoofing on pending events in page unload$5002016-10-02
51670Security: WebKit: WebCore::GeolocationService::positionChanged use after free$10002016-10-02
51658Add .xbap to dangerous extensions list-2016-10-02
238842Crash in WebCore::Canvas2DLayerBridge::prepareForDraw()-2016-10-02
238837Limit the depth of function calls in GLSL-2016-10-02
239013Two logins may happen at the same time if network goes offline during login-2016-10-02
238041document.cookie denial-of-service-2016-10-02
237800use-after-free on WebCore::MajorGCWrapperVisitor::VisitPersistentHandle-2016-10-02
237562Security: update curl to resolve CVE-2013-1944 and CVE-2013-2174-2016-10-02
237526~URLRequestFtpJob: NULL deref of request_-2016-10-02
237429Heap-use-after-free in WebCore::EventTarget::dispatchEvent-2016-10-02
237611Security: Screen capture via WebGL texture$5002016-10-02
237104Security: CSP doesn't get applied to inline event handlers that were executed once before.-2016-10-02
237022Cross-origin named subframe access leaks cross-origin subframes of the same name$15002016-10-02
236845ASSERTION FAILED: node->treeScope() == m_oldScope, Heap-use-after-free in WebCore::Node::~Node-2016-10-02
237263Security: Possible for renderer process to read arbitrary files by tricking session restore-2016-10-02
236846Global-buffer-overflow in WebRtcIsac_UpdateBwEstimate-2016-10-02
236556use-after-free on WebCore::FormController::createSavedFormStateMap-2016-10-02
236631GpuProcessHost: check channel_requests_.empty()-2016-10-02
236147Heap-use-after-free in printing::PrepareFrameAndViewForPrint::PrepareFrameAndViewForPrint-2016-10-02
236269ASSERTION FAILED: !m_deletionHasBegun, UNKNOWN in WebCore::DeviceOrientationEvent::~DeviceOrientationEvent-2016-10-02
236630Security: chronos-writable /var/run/chrome on Chrome OS subject to symlink tricks and other mal manipulations-2016-10-02
236245Heap-use-after-free in WebCore::FrameView::updateWidget-2016-10-02
235638ASSERTION FAILED: m_table, Heap-use-after-free in WTF::HashTable<WebCore::SVGElement const*, WTF::KeyValuePair<WebCore::SVGElement const*, WebCore::SV$10002016-10-02
235733Heap-use-after-free in WebCore::AudioNodeOutput::~AudioNodeOutput$10002016-10-02
236139ASSERTION FAILED: node->treeScope() == m_oldScope, Heap-use-after-free in void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>$10002016-10-02
235311[LangFuzz] Crash on heap with invalid read on dangerous (possibly uninitialized) address (64 bit)$5002016-10-02
235732Heap-buffer-overflow in SkA1_Blitter::blitH-2016-10-02
235271Security: Isolated Filesystem API does not fully check for references to parent in pathname-2016-10-02
234689Possible XSS vector in New Tab Page-2016-10-02
234809URL spoof or renderer kill when committing prerendered/instant page with a pending entry-2016-10-02
234937Security: the GPU sandbox is not enabled in guest mode on Chrome OS.-2016-10-02
235161HostResolver can be caused to pass empty DNS components to DnsQuery-2016-10-02
234635UNKNOWN in cssyyparse-2016-10-02
234724Chrome Extension API bindings: Definition should not depend on any user/extension mutable prototype objects-2016-10-02
234491Heap-use-after-free in content::NavigationControllerImpl::RendererDidNavigateToExistingPage-2016-10-02
233261Heap-use-after-free in content::NotificationServiceImpl::Notify-2016-10-02
233848ASSERTION FAILED: run.charactersLength() >= run.length(), Heap-buffer-overflow in WebCore::Font::characterRangeCodePath$5002016-10-02
234190Heap-use-after-free in SkAlphaRuns::add-2016-10-02
234198ASSERTION FAILED: value->isValueList(), UNKNOWN in WebCore::createGridPosition-2016-10-02
232865Potential use after free in ApplyStyleCommand::splitAncestorsWithUnicodeBidi-2016-10-02
232743use-after-free on WebCore::DOMWrapperMap<void>::removeAndDispose-2016-10-02
232633use-after-free on net::SSLClientSocketNSS::Core::OnSendComplete-2016-10-02
232763use-after-free on WebCore::JPEGImageReader::decode-2016-10-02
232475use-after-free on AutofillPopupControllerImpl::Hide-2016-10-02
232393Heap-buffer-overflow in WebCore::CSSPrimitiveValue::cleanup-2016-10-02
232389ASSERTION FAILED: !object || object->isRenderInline(), UNKNOWN in WebCore::RenderTextTrackCue::initializeLayoutParameters-2016-10-02
232064Heap-use-after-free in WebCore::MediaStreamTrack::stop-2016-10-02
232625use-after-free on InstantController::ReloadOverlayIfStale-2016-10-02
232570use-after-free on content::RendererAccessibilityFocusOnly::HandleFocusedNodeChanged-2016-10-02
232532use-after-free on IPC::ChannelProxy::Context::OnChannelError-2016-10-02
232519use-after-free on ProfileKeyedServiceFactory::ProfileDestroyed-2016-10-02
231688Security: Chrome's IntentHandler relies on weak authentication-2016-10-02
231128UNKNOWN in cricket::VideoFrame::Validate-2016-10-02
231127Heap-buffer-overflow inWebCore::(anonymous namespace)::fixUnparsedProperties<unsigned char>(unsigned char const*, WebCore::CSSRuleSourceData*)-2016-10-02
51525Found a bug in the playback of media files via Google Chrome-2016-10-02
51511Crash in accessibility code on Windows when opening the wrench menu.-2016-10-02
51653Memory corruption in Counter Nodes.$5002016-10-02
51602Investigate rte_fuzz crashes-2016-10-02
51630Memory corruption in WebSocketChannel::skipBuffer() - underflow in buffer size$13372016-10-02
51654Memory corruption with moving ruby text nodes to runs without ruby bases.$10002016-10-02
51146Plain-text information leak of https://user:password due to autosuggest-2016-10-02
51070Another Windows kernel bug in the CFF font parser$13372016-10-02
51240Type confusion bug between LargeObjectChunk header and Page header-2016-10-02
51464Chromium use ActiveX Flash (not the NPAPI one) with potential WinINET cookie leak-2016-10-02
51476Memory corruption in tree builder-2016-10-02
51252Use after free with nested use elements$5002016-10-02
50920breakdown while alt+z clicked in win7-2016-10-02
50647Page with tables crashes the browser-2016-10-02
50553Crash when closing chrome - BalloonViewImpl::DelayedClose$13372016-10-02
50530Google Relay Service for the Deaf and Hard of Hearings.-2016-10-02
50428Browser crash @ TabContents::ExpireInfoBars-2016-10-02
50839Security: WebKit 43295 - cross_fuzz notification requestPermission memory corruption-2016-10-02
50741ChromeFrame allows navigation to "gcf:" urls-2016-10-02
50712Use after free with SVG use referencing svg style element$10002016-10-02
50377User gesture leaks from prompt (was: infinite prompts)-2016-10-02
50253Elide long omnibox entries on Mac.-2016-10-02
50250Use after free in document.close()$5002016-10-02
50110Downloading a file adds extension to the extension already in filename-2016-10-02
50409Zoom bug-2016-10-02
50383Glibc bug in getaddrinfo() may be exposed-2016-10-02
50315Code prevents the closing of tab/browser window.-2016-10-02
49932Failure on page load-2016-10-02
49747GTK message dialogs do not properly wrap overly long words or elide many short lines in js modal dialog-2016-10-02
49745Regression: Pop up blocker not working as expected-2016-10-02
49729Use after free in scroll bar layout-2016-10-02
49628Memory corruption with invalid text node cast for edit commands$5002016-10-02
49964Security: window.history.replaceState fails to enforce domain security$10002016-10-02
49910Compatibility error with power strip-2016-10-02
50029Security: showModalDialog() bypasses the usual anti-annoyance checks-2016-10-02
49982Proxy Config Fail - Security fail-2016-10-02
49332Autofill can hang the entire browser (DOS) because of stuck on IO Thread processing infinite data-2016-10-02
49318Merge webkit bug https://bugs.webkit.org/show_bug.cgi?id=39143-2016-10-02
49317Merge webkit bug https://bugs.webkit.org/show_bug.cgi?id=40407-2016-10-02
49222StringImpl::replace integer overflow-2016-10-02
49215Signed/Unsigned Comparison issue in MemoryAllocator::AllocateRawMemory-2016-10-02
49596Security issue in SVGUseElement::buildShadowTree$5002016-10-02
49377X509Certificate::Cache usage pattern may result in use after free-2016-10-02
49346Sync allows an attacker who compromises Google credentials to push extensions to a user's browser-2016-10-02
49166kdsfgmkladsfjljdf-2016-10-02
49188ChromeFrame window.open("javascript:window.open('http://example.com/');"); => NULL ptr crash-2016-10-02
48857Render crash in FormManager::FindCachedFormElement()-2016-10-02
49177Extension updates don't identify privilege increases when scheme changes-2016-10-02
49172AutoFill causes browser crash when saving large profiles-2016-10-02
49047Open a share-point site will cause the browser to crash-2016-10-02
48499Should autofill credit card infomation over an https page only-2016-10-02
48330Security: WebSocket: Integer underflow in header length calculation triggers browser DoS-2016-10-02
48288Crash site-2016-10-02
48597Incorrect eliding (windows), truncation(linux) for hostname in security information dialog-2016-10-02
48733Crash in third_party xdg_mime library when unable to handle long file paths$13372016-10-02
48440Localhost XSS-2016-10-02
48282LegacyHTMLTreeBuilder fires DOM mutation events-2016-10-02
48233Steal any autofill field using javascript while user is hovering over one of the selection.-2016-10-02
247038Heap-use-after-free in WebCore::V8HTMLFormControlsCollection::indexedPropertyGetter-2016-10-02
246724Security: Ensure that all request types use pinning-2016-10-02
48284<use> on <font-face> causes crashes, if SVGUseElement gets detached$5002016-10-02
246635Heap-buffer-overflow in WebCore::HTMLMapElement::imageElement-2016-10-02
246240ResourceHostMsg_DataReceived_ACK: heap corruption-2016-10-02
246205ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlock::createLineBoxes-2016-10-02
246203Heap-use-after-free in WebCore::V8GCController::opaqueRootForGC-2016-10-02
48283EXTERNAL-REPORT: Windows kernel crash on invalid font$13372016-10-02
246701UNKNOWN in WebCore::DownSampler::process-2016-10-02
245727Heap-use-after-free in WebCore::ShapeOutsideInfo::isEnabledFor-2016-10-02
245153PDF: OOB read in JPEG2000 image handling-2016-10-02
245941Heap-use-after-free in base::internal::CallbackBase::Reset-2016-10-02
245368Infobar Google Update plugin by default-2016-10-02
244415SpeechRecognizerImpl UaF-2016-10-02
244260Security: TLS Truncation attack on HTTP headers, including cookie flags$31332016-10-02
244056Heap-use-after-free in WebCore::RenderTextFragment::willBeDestroyed-2016-10-02
244036ASSERTION FAILED: node->parentNode(), Heap-use-after-free in WebCore::RenderBox::exclusionShapeOutsideInfo$10002016-10-02
244021Heap-use-after-free in WebCore::StyleResolver::loadPendingImages-2016-10-02
243991Heap-use-after-free in WebCore::InputType::stepUpFromRenderer$10002016-10-02
243881ASSERTION FAILED: actualInfo->derefObjectFunction == V8HTMLSpanElement::info.derefObjectFunction, UNKNOWN in WebCore::wrap-2016-10-02
245121Security: Cloud-printing Robot-Account storage in Local State lacks integrity, permits redirection to evil printers-2016-10-02
244746UrlRequestContext can be deleted while a live SocketStream has a pointer to it (vtable UAF)$31332016-10-02
244080UNKNOWN in v8::internal::Object::GetProperty-2016-10-02
243339Security: CheckDuplicateHandle (BreakDebugger) browser crash with (Web) Workers and WebSQL$20002016-10-02
242931ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue-2016-10-02
242924[LangFuzz] Crash at v8::internal::HeapObject::Size() on 64 bit with invalid read$10002016-10-02
242819Security: Registering on Gerrit with Any Email [Auth Problem]-2016-10-02
242786Heap-double-free in av_destruct_packet-2016-10-02
243512base/time_posix executes signed overflow with 64-bit time_t-2016-10-02
243875ResourceHostMsg_RequestResource: validate request_data.priority enum-2016-10-02
243818Heap-use-after-free in WebCore::StyledElement::ensureMutableInlineStyle$10002016-10-02
243045ASSERTION FAILED: !m_deletionHasBegun, Heap-use-after-free in WebCore::GenericEventQueue::enqueueEvent-2016-10-02
242322Escalate access to browser internals$5002016-10-02
242224Heap-use-after-free in WebCore::BaseMultipleFieldsDateAndTimeInputType::~BaseMultipleFieldsDateAndTimeInputType$10002016-10-02
242114Heap-use-after-free in WebCore::Range::compareBoundaryPoints-2016-10-02
242762Security: Use-after-free in net::SocketStream::Finish$31332016-10-02
242702NSS is unable to open /dev/urandom on OS X, resulting in insufficient entropy for renderers-2016-10-02
242502UNKNOWN in v8::internal::TypeFeedbackOracle::CanRetainOtherContext-2016-10-02
240984Security: Merge http://trac.webkit.org/changeset/150072-2016-10-02
240961Zero-sized textures must be considered incomplete-2016-10-02
240706Security: perf_swevent_init does not check negative argument-2016-10-02
242023ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue-2016-10-02
241607`git cl upload` can add patches to other peoples' issues-2016-10-02
241139Heap-use-after-free in webkit_glue::WebURLLoaderImpl::Context::OnReceivedResponse$10002016-10-02
240124Heap-use-after-free in WebCore::ImageInputType::attach$10002016-10-02
240056UNKNOWN in int v8::internal::FlexibleBodyVisitor<v8::internal::NewSpaceScavenger, v8::internal::JSObject::BodyD-2016-10-02
240139Security: gerrit.chromium.org is running an outdated version of OpenId4Java-2016-10-02
240057Heap-use-after-free in WebCore::accumulateDocumentEventTargetRects-2016-10-02
240449Crash in base::DeleteHelper<safe_browsing::DownloadProtectionService::CheckClientDownloadRequest>::DoDelete(void const *)-2016-10-02
240490Security: Set HSTS preloads for translate.google[apis].com-2016-10-02
240055ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue-2016-10-02
239699Instant Extended on mobile platforms allows sboxchip spoofing-2016-10-02
239580Heap-use-after-free in net::SniffMimeType-2016-10-02
240054ASSERTION FAILED: m_requestCount == 0, Heap-use-after-free in WebCore::CachedResourceLoader::decrementRequestCount-2016-10-02
240032Security: chrome_70ee0000!v8::internal::ScavengingVisitor<1,1>::EvacuateShortcutCandidate crash$5002016-10-02
239897Tab crashes when changing <audio> element source when used with Web Audio API$5002016-10-02
239411ANGLE: check negative vector/matrix/array index-2016-10-02
239134PDF: bad free in JBIG2 PDF decoder-2016-10-02
48115REGRESSION: Memory corruption in open source JPEG decoder (r61619)$5002016-10-02
48167Security: CRITICAL EXECUTABLE MISSING FUNCTION FLAW-2016-10-02
48043dadasdadasdas-2016-10-02
48225Autofill profile (address, perfsonal info) spam without any need of user interaction-2016-10-02
48093Chromoting enabled by default in Chromium-2016-10-02
47105Renderer crash for a multipart page-2016-10-02
47866Memory corruption with crash in RenderObject::containingBlock()$5002016-10-02
47253ref_fuzz crash 2-2016-10-02
47252ref_fuzz crash-2016-10-02
47160possblie access file: chrome:-2016-10-02
47395Security: Modification over GUI-2016-10-02
47086Memory corruption with DOM mutation on onchange event firing for select object-2016-10-02
47056Browser crash after AppModalDialogQueue::ShowNextDialog-2016-10-02
47915ZDI-CAN-806: Apple Safari's Webkit Runin Use-after-free Vulnerability-2016-10-02
47938error tags html-2016-10-02
47515Security: Reproducable and Controllable Memory Leak in about:memory page-2016-10-02
46750Browser crash in WebSocket creation-2016-10-02
46575DoS by opening unlimited number of print dialogs-2016-10-02
46516Need to sync extension permissions-2016-10-02
46509error al descargar-2016-10-02
46452::-webkit-scrollbar causes "Aw Snap" when combined with certain JavaScripts-2016-10-02
46401Google Chrome does not prompt for user permission before using HTML5's offline features-2016-10-02
46360Memory corruption in :first-letter rendering$5002016-10-02
46792Security Vulnerability in Chrome 5.0.375.70-2016-10-02
46788help me!-2016-10-02
46008Wrapping shared memory allocation in X backing store-2016-10-02
46018Crash - BalloonViewImpl::DelayedClose-2016-10-02
45923Browser not checking site's domain on password type inputs-2016-10-02
45876Web pages should NOT be able to load resources if there are NO content scripts from that extension on the page-2016-10-02
45799possible privilege escalation via named pipes (NaCL)-2016-10-02
45683jjjjj-2016-10-02
46126crash with processing invalid x509-user-cert responses.$5002016-10-02
45983Segmentation fault in WebCore::RenderLayer::paintList when a malformed PNG image is viewed$10002016-10-02
45614ZDI-CAN-782: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability-2016-10-02
45615ZDI-CAN-785: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability-2016-10-02
45524crash-2016-10-02
45506User ID Issue-2016-10-02
45494Function names are exposed to iframes from non-same origin using console API-2016-10-02
45412Trojan Horse exploit_c.FWR-2016-10-02
45267ViewHostMsg_UpdateVideo memory corruption-2016-10-02
45164Crash with invalid images.-2016-10-02
45659Stale pointer in SVGResourceFilter-2016-10-02
45609ZDI-CAN-784: Apple Webkit Rendering Counter Remote Code Execution Vulnerability-2016-10-02
44955Need to merge WebCore::toAlphabetic() crash to 375 branch.-2016-10-02
44868Geolocation events fire after document deletion-2016-10-02
448351337 on goggle search-2016-10-02
44796Please disallow "javascript:" URLs in the address bar-2016-10-02
45033Issue with frames[].location-2016-10-02
44742a bug of the scrollbar in iframe-2016-10-02
44740Need to merge fix for WebKit font issue to 375 branch-2016-10-02
44658Security: Insecure behavior in /tmp by Keystone on Mac OS X$5002016-10-02
44759sad tab with little script-2016-10-02
44556Security: WebKit: WebCore::RenderInline::destroy ExecAV@Arbitrary (b1c9c3c46df454874e36c9f86b2418fa)-2016-10-02
44424security:chrome_1c30000!WebCore::InlineBox::paint+0x70$5002016-10-02
44193Security: Chrome saves plaintext passwords even when "save passwords" is disabled-2016-10-02
43967REGRESSION: Currently loading subresource displayed in omnibox-2016-10-02
43902innerHTML decompilation issues in textarea-2016-10-02
43846Null deref during image drag, crash in drag selection controller.-2016-10-02
43813chrome_1c30000!SkAlphaRuns::Break+0x13 - Memory Corruption$5002016-10-02
44500Invalid read handling malformed SVG <use> element-2016-10-02
43487ZDI-CAN-765: CSS Charset Text Transformation Vulnerability-2016-10-02
43446Kapersky Vulnerablity-2016-10-02
43315[MD audit] Stale pointer error when normalizing DOM nodes-2016-10-02
43307[MD audit] Possible memory corruption with bad bitmap shared memory object in clipboard IPC-2016-10-02
43304[MD audit] Linux sandbox escape-2016-10-02
42989Mac sandbox allows calls to stat() on arbitrary paths.-2016-10-02
43488ZDI-CAN-766: SVG ForeignObject Rendering Layout Vulnerability-2016-10-02
43322[MD audit] Problems with video messages and sizes-2016-10-02
257892Security: local user can crash a system service daemon, causing DOS-2016-10-02
257852FileUtilitiesMessageFilter::OnOpenFile insufficient permission checks-2016-10-02
257357Heap-use-after-free in WebCore::CSSFontFace::setLoadState-2016-10-02
257353Heap-use-after-free in WebCore::BaseMultipleFieldsDateAndTimeInputType::destroyShadowSubtree-2016-10-02
257748Security: Origin bypass by writing window.frames[i]$5002016-10-02
257875UNKNOWN in _getKeywords-2016-10-02
257363Security: ANGLE libGLESv2 Integer Overflow$13372016-10-02
256724Remove the RELOAD exception for validating 1993 search chains-2016-10-02
257347ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::getLayeredShorthandValue-2016-10-02
257348ASSERTION FAILED: !m_hasAXObject, Heap-use-after-free in WebCore::AccessibilityRenderObject::remoteSVGRootElement-2016-10-02
256531Issues with HSTS / HPKP state tracking-2016-10-02
257262Security: UAF in content::WebContentsObserver::web_contents()-2016-10-02
256288Security:Quota Management API's bug-2016-10-02
255934ASSERTION FAILED: width == frameRect.width(), UNKNOWN in WebCore::WEBPImageDecoder::applyPostProcessing-2016-10-02
256013Heap-use-after-free in WebCore::StyleResolver::loadPendingImages-2016-10-02
255931Heap-use-after-free in qcms_profile_from_memory-2016-10-02
255524Heap-use-after-free in content::RenderProcessHostImpl::ProcessDied-2016-10-02
256020Pasting a URL into the infobar, then hitting enter does not cause a scroll to the left-2016-10-02
256057going into fullscreen can be performed without even being in the foreground-2016-10-02
256280Security: Linux kernel perf interface allows tracing of setuid processes-2016-10-02
255932Heap-use-after-free in WTF::KeyValuePair<WTF::StringImpl*, WTF::RefPtr<WebCore::KeyframeAnimation> >* WTF::HashTable<WTF::S-2016-10-02
255523Security: X client library bugs allow malicious X servers to attack clients-2016-10-02
254728Heap-use-after-free in WebCore::AudioBufferSourceNode::renderFromBuffer-2016-10-02
254460Heap-buffer-overflow in url_parse::ExtractFileName-2016-10-02
254159Security: Chrome shared memory file can be world readable and lacks security checks when opening existing mappings.$5002016-10-02
253550ASSERTION FAILED: isMainThread(), Heap-use-after-free in WebCore::WaveShaperDSPKernel::lazyInitializeOversampling$5002016-10-02
253481Security: Insecure page shown as secure (insecure inlines and named anchors)-2016-10-02
255165Heap-use-after-free in content::WebPluginProxy::Paint-2016-10-02
254928Heap-use-after-free in net::HostResolverImpl::Job::OnDnsTaskFailure-2016-10-02
254783Heap-use-after-free in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers$10002016-10-02
252712Security: Use-after-free in RadioInputType::handleKeydownEvent-2016-10-02
252216Security: spawn multiple windows in response to a single user interaction-2016-10-02
252062Security: an attacker can sign-in a victim to his own account.-2016-10-02
252034Security: NPAPI extension can be synced-2016-10-02
252848SpeechRecognitionManagerImpl::SessionStart: vector::front() on an empty vector.-2016-10-02
252888Security: <input type="file" directory> can trick user into uploading their entire Download/Desktop folder.$10002016-10-02
250003Use-after-free by navigating out a document during form validation message is shown-2016-10-02
249854MediaStreamHostMsg_GenerateStream: validate audio_type / video_type enums-2016-10-02
249640Heap-use-after-free in WebCore::Node::setNeedsStyleRecalc-2016-10-02
252010Chromium sync session fixation + code execution$215002016-10-02
249335Flash settings menu vulnerable to clickjacking-2016-10-02
251711Security: SVG Filter Timing Attack-2016-10-02
249502Security: (Shared) (WebSQL) Worker races cause invalid pointers in DatabaseObserver::databaseClosed and DatabaseObserver::reportOpenDatabaseResult$10002016-10-02
249199Heap-use-after-free in WebCore::ApplyStyleCommand::removeInlineStyle-2016-10-02
248960Heap-use-after-free in gfx::RenderTextWin::GetGlyphBounds-2016-10-02
248950Heap-use-after-free in WebCore::Document::dispose-2016-10-02
248843Heap-use-after-free in WebCore::StyleResolver::loadPendingImages-2016-10-02
248840Heap-use-after-free in WebCore::RenderBlock::willBeDestroyed-2016-10-02
249246Security: Open in incognito window doesn't work in panel.-2016-10-02
249064IndexedDBHostMsg_DatabaseGet: validate params.object_store_id-2016-10-02
247964Stack-buffer-overflow in cricket::ToString-2016-10-02
248023ASSERTION FAILED: m_path, UNKNOWN in SkPath::isEmpty-2016-10-02
42980Sandboxed iframes should not autocomplete/autofill unless allow-same-origin set-2016-10-02
42765top.close() is allowed on iframe@sandbox when allow-same-origin is not set-2016-10-02
42723Table layout crash bug from wushi$5002016-10-02
42578Navigation bar problem-2016-10-02
42575sessionStorage is shared on iframe@sandbox-2016-10-02
42574Sandboxed iframes should not allow navigation to history forward,back without allow-top-navigation set.-2016-10-02
42538segfault in net::X509Certificate::Verify [Linux]-2016-10-02
42396Security: WebKit: WebCore::WebGLUnsignedIntArrayInternal::getCallback ReadAV@Arbitrary (deef89ee3d0345edebeaf13cf974c47c)-2016-10-02
42391Chromium exposes file paths when dropping files-2016-10-02
42356User scripts can access chrome:// URLs-2016-10-02
42755Merge fix for WebKit CSS hover security bug to 375-2016-10-02
42736Memory corruption (read random system memory) or crash$5002016-10-02
42300Memory corruption / corrupt function pointer usage with bad AAC SBR-2016-10-02
42294WebCore::FontFallbackList::determinePitch memory corruption (0b4c05aab686a31bc4954a5bd6bae27b)$5002016-10-02
41878Problemas para abrir paginas webs-2016-10-02
41778"Go To" right click context menu option can open arbitary urls like chrome:// file:// etc.-2016-10-02
41654Security: Permanent Clipboard Hijack-2016-10-02
41469Drag and drop bad reference counting leads to re-use of freed memory: WebCore..String..length ReadAV@Arbitrary (394bb1a56acd66a43221b2a08fa5b25a)-2016-10-02
42306Possible num_patches array indexing errors in AAC SBR-2016-10-02
42228Security: a malicious page may gain access to context of an extension's content script-2016-10-02
41334Security: Selecting a address label in an address form field ALSO fills the default credit card-2016-10-02
41330Security: Label Name truncation with long field values leading to autofill data theft-2016-10-02
41265Security: Clicking an address form field shows credit card labels and can fill credit card fields.-2016-10-02
40801OOB Array Indexing Bug-2016-10-02
41428MALWARE-2016-10-02
41427Security: Autofill does not store sensitive data like cc info as encrypted on disk, should mimic password manager-2016-10-02
40628WebKit: WebCore::PageGroupLoadDeferrer::PageGroupLoadDeferrer ReadAV@NULL (7a3291a05aead0cc3a4bc8a6b440d145)-2016-10-02
40605Redirecting to a data URI without a / in the data section crashes the entire browser-2016-10-02
40575An HTTP page loaded quickly after NTP can gain DOMUI bindings privilege-2016-10-02
40487<video> inside <foreignObject> inside <svg> inside <img> --> crash-2016-10-02
40445Cross Origin Bypass using iframe & " " on JAVASCRIPT URI$10002016-10-02
40219Security: logged into google account but got gmail account-2016-10-02
40173Termination bugs in GpuProcessHost-2016-10-02
40147Security: XSS issue in the FTP parser-2016-10-02
40635Security: v8: WebKitPoint() memory corruption$5002016-10-02
40137Security: XSS in net-internals-2016-10-02
39985Cross-origin bypass: Javascript URL can be set in iframe.src via numerous DOM aliases (via Node and NamedNodeMap)$10002016-10-02
40138Security: XSS in chrome://downloads-2016-10-02
39861Cross-origin image theft via SVGs as a canvas pattern-2016-10-02
40136Security: Path Traversal in Devtools-2016-10-02
39698Security: Synchronous preflight XHR allows arbitrary XSRF-2016-10-02
39660Need to merge fix for CSSPrimitiveValue::setFloatValue() type confusion error-2016-10-02
39443crash with form tag$5002016-10-02
39303icudt42.dll does not support ASLR(on Win7/Vista)-2016-10-02
39277Browser GDI crash with excessive downloads.-2016-10-02
38937show bug-2016-10-02
38920extensions can circumvent access restrictions by over-writing chromeHidden.event.dispatchJSON-2016-10-02
38890"AutoFill Profiles"-feature information disclosure issue-2016-10-02
39740Plugins are not always blocked by content settings-2016-10-02
39639url redirect-2016-10-02
38650Chrome downladed XP Defender Pro java based virus from a website-2016-10-02
38512libpng < (1.4.1|1.2.43) suffer DoS issues (CVE-2010-0205)-2016-10-02
38310Security: *.kaiserpermanente.org sites report SSL Error (certificate failures), only on Linux-2016-10-02
38749HTTPS-2016-10-02
38845Out of bounds array read in FTP network transaction-2016-10-02
38550Mac: Don't send client cert before verifying received server cert-2016-10-02
38238Reproducible renderer crash on javascript-2016-10-02
266922Security: Address bar spoofing possible after navigating to an unhandled protocol-2016-10-02
266364Heap-use-after-free in WebCore::DocumentLoader::handleSubstituteDataLoadNow-2016-10-02
266346Widevine CDM is running with excessive permissions-2016-10-02
265930V8 SMI-only array optimizations misbehave with arrays created using the Array constructor of a different document-2016-10-02
265894UNKNOWN in v8::internal::JSObject::SetPropertyForResult-2016-10-02
265838Heap-use-after-free in WebCore::RenderBlock::determineStartPosition$20002016-10-02
266729strongswan denial-of-service vulnerability (CVE-2013-5018)-2016-10-02
266593ASSERTION FAILED: !element || element->hasTagName(summaryTag), UNKNOWN in WebCore::DetailsMarkerControl::summaryElement-2016-10-02
265221Security: URL spoof with http status 204$5002016-10-02
264988Chrome webrtc crashes if i try to remove remote video track in peer connection.-2016-10-02
264607SyzyASAN: Heap-use-after-free in GrTextureAccess::reset-2016-10-02
264574ASSERTION FAILED: !renderer->needsLayout(), Heap-use-after-free in WebCore::RenderBlock::LineBreaker::nextSegmentBreak-2016-10-02
265731Security: mach_override_ptr maps rwx pages at fixed address and leaves PROT_WRITE on text pages-2016-10-02
265493use-after-free on content::GpuVideoDecodeAcceleratorHost::OnErrorNotification-2016-10-02
264211ASSERTION FAILED: run.charactersLength() >= run.length(), Heap-buffer-overflow in WebCore::Font::characterRangeCodePath-2016-10-02
263811UNKNOWN in v8::internal::Heap::AllocateJSObject-2016-10-02
263878Security: kernel CVE-2013-4125 fib6_add_rt2node-2016-10-02
264212Heap-use-after-free in WebCore::Node::setCustomElementState-2016-10-02
263810ASSERTION FAILED: !object || object->isRenderBlock(), UNKNOWN in WebCore::RenderBox::containingBlockLogicalHeightForPositioned-2016-10-02
264504Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren$20002016-10-02
263923Heap-use-after-free in WebCore::Scrollbar::invalidateRect-2016-10-02
263214Security: SSLPolicy isn't checking the error associated with a saved exception-2016-10-02
263178Heap-use-after-free in content::IndexedDBDatabase::DeleteDatabase-2016-10-02
262653Heap-use-after-free in WebCore::RootInlineBox::closestLeafChildForPoint$10002016-10-02
263386ASSERTION FAILED: !node || node->isShadowRoot(), UNKNOWN in WebCore::EventRetargeter::eventTargetRespectingTargetRules-2016-10-02
263255Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine-2016-10-02
262531Heap-buffer-overflow in FindSortableTop-2016-10-02
262177Heap-use-after-free in WebCore::InlineFlowBox::deleteLine-2016-10-02
261898Heap-buffer-overflow in autofill::AutofillPopupControllerImpl::UpdateDataListValues$10002016-10-02
262606use-after-free - speech API and window.close() ::SpeechRecognitionBubbleView::GetAnchorRect+0x23$10002016-10-02
261891Heap-use-after-free in WebCore::RenderFlexibleBox::firstLineBoxBaseline-2016-10-02
261836Heap-use-after-free in WebCore::Document::detach$30002016-10-02
261609Heap-use-after-free in WebCore::IdTargetObserverRegistry::removeObserver-2016-10-02
261454Heap-use-after-free in sk_atomic_inc-2016-10-02
261711Security: Upgrade to openssl 1.0.1e (or later)-2016-10-02
260667Security: Content process crash on (new Window.prototype.__proto__.constructor).toString();-2016-10-02
260428Heap-use-after-free in WebCore::TimerBase::start$10002016-10-02
260165Heap-use-after-free in WebCore::MutationObserverRegistration::~MutationObserverRegistration$10002016-10-02
260156Heap-use-after-free in content::WebMediaPlayerImpl::paint$10002016-10-02
260138Heap-use-after-free in WebCore::ElementShadow::removeAllShadowRoots-2016-10-02
260110Heap-use-after-free in WebCore::copyKeysToReferencingVector$10002016-10-02
260106Security: SEGV on unknown address with javascript url and __proto__$10002016-10-02
260105Heap-use-after-free in xsltApplySequenceConstructor$10002016-10-02
261171Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren-2016-10-02
260375Heap-buffer-overflow in WebCore::Element::recalcStyle$10002016-10-02
259859Heap-use-after-free in content::RenderViewHostManager::ShutdownRenderViewHostsInSiteInstance-2016-10-02
259669Security: Drag-drop an image to the desktop: adds executable file to the desktop-2016-10-02
259389Heap-buffer-overflow in WebCore::parseDimension-2016-10-02
259366Security: JSON.stringify does not do cross context check.-2016-10-02
258771Lax permissions on the password database-2016-10-02
258723Security: JPEG info leak-2016-10-02
260087Heap-use-after-free in WebCore::IdTargetObserverRegistry::removeObserver-2016-10-02
259951Heap-use-after-free in WebCore::RenderStyle::fontDescription-2016-10-02
258419Heap-use-after-free in WebCore::CachedResource::cancelTimerFired-2016-10-02
38066Exploit.IFrame.Gen-2016-10-02
37876Issue when having saved password and favourite in the favourites bar-2016-10-02
38194bypass the popblock-2016-10-02
37841поврежден chrome.exe-2016-10-02
37840поврежден chrome.exe-2016-10-02
37826Need to merge fix for https://bugs.webkit.org/show_bug.cgi?id=35621 / ZDI-CAN-688-2016-10-02
37657Will not block all cookies when you select block all cookies-2016-10-02
37479Merge http://trac.webkit.org/changeset/53442-2016-10-02
37447Google Chrome OCX Automatic Download-2016-10-02
37383javascript: url with a leading NULL byte can bypass cross origin protection.$10002016-10-02
37362Security: Ogg Vorbis: Random crashes when playing .ogg-2016-10-02
37310Crash in media::FFmpegDemuxer::~FFmpegDemuxer()-2016-10-02
37201Omnibox visual spoofing with Japanese Maru-2016-10-02
37827Need to merge fix for https://bugs.webkit.org/show_bug.cgi?id=35598 / ZDI-CAN-704-2016-10-02
37190Security: WebSocket: WebCore::String::isEmpty ReadAV@Arbitrary-2016-10-02
37184Security: ff_vorbis_floor1_render_list ReadAV@Arbitrary (multiple stacks)-2016-10-02
37176Security bugs for $500 each.-2016-10-02
37061WebCore::SVGUseElement::updateContainerOffsets ExecAV@Arbitrary (1dc75f12fe3750aa1828ea20506a5d54)$5002016-10-02
37007Bypass unsafe file types dialog using extra dots at end of file name.-2016-10-02
36976WebCore::SVGAnimationElement::calculatePercentFromKeyPoints ReadAV@NULL (00939658970e30ddcc2953e88ebb851d)-2016-10-02
36774The 1 second timeout on safebrowsing get hash might be exploitable-2016-10-02
36772Security: HTTP AUTH dialog spoofing using long subdomains (Windows Only)-2016-10-02
36770HTTPS server can cause us to bypass certificate checking with NSS.-2016-10-02
36715Phishing site seems to be able to bypass Chrome's phish warning page-2016-10-02
36553Information Disclosure in "Web Data"-2016-10-02
36277Passwords may be easily seen.-2016-10-02
35994Security Issue Firefox 3.0.17 & Skype Add-on & Google Gmail-2016-10-02
35979Security: Opening a malformed XML file causes a segmentation fault in xmlParseGetLasts.-2016-10-02
35943[MD audit] HandleGetShaderSource Integer Underflow-2016-10-02
35942[MD audit] DrawElements Signed Integer Vulnerability-2016-10-02
35941[MD audit] GenGLObjects Buffer Overflow-2016-10-02
35938[MD audit] DeleteGLObjects Buffer Overflow-2016-10-02
35937[MD audit] GPU Signed Relatie Call Vulnerability-2016-10-02
35934[MD audit] GPU Signed Relative Jump Vulnerability-2016-10-02
35932[MD audit] GPU Signed Jump Vulnerability-2016-10-02
35931[MD audit] Command Buffer Service Integer Overflow-2016-10-02
35732Security: Renderer segfault when a malformed png file is loaded.$5002016-10-02
35649embed bug-2016-10-02
35408Pls Help Google Chrome Bug-2016-10-02
35936[MD audit] GPU Signed Call Vulnerability-2016-10-02
35168Crash when clicking long URL with unknown scheme-2016-10-02
35079Stale pointer in WebKit with captions-2016-10-02
34834SSL error reported in Chrome v.4.0.249.78 (36714); OK on Firefox v.3.5.7 and I.E. v.8.0.6001.18702-2016-10-02
35366[MD audit] DOM tree node reference errors when manipulating DOM tree inside certain callbacks-2016-10-02
34978WebCore::Document::recalcStyleSelector+0x7c$5002016-10-02
34765error en google mail de chrome-2016-10-02
34800Security bug found in 4.0.249.78-2016-10-02
34710[MD audit] out-of-bounds array access in worker_process_host.cc-2016-10-02
34566Security: WebCore::FEMorphology::apply memmove ReadAV@NULL (ec3ed2d76f7904e1c4df8ea3b1dd07e6)-2016-10-02
34498Navigating to a cached page can result in accessing a destroyed HTMLInputElement [CVE-2010-0052]-2016-10-02
34495Crash in XMLTokenizer::popCurrentNode if window.close() is called during parsing [CVE-2010-0048]-2016-10-02
34414Regression:m7: Chrome Popup Blocker ByPass-2016-10-02
34760I/O errors-2016-10-02
34782Browser hangs-2016-10-02
34721Long string in alert() 100% CPU DoS-2016-10-02
278912Heap-buffer-overflow in WebCore::Element::recalcStyle$20002016-10-02
279263use-after-free in ColorChooserDialog::DidCloseDialog$10002016-10-02
278908Heap-use-after-free in WebCore::XMLDocumentParser::append$10002016-10-02
279286ASSERT: Bad cast from CSSInitialValue to CSSValueList., UNKNOWN in WebCore::CSSValue::isCFCSSValueList-2016-10-02
279277Heap-use-after-free in WebCore::RenderBlock::determineStartPosition$20002016-10-02
278676Heap-buffer-overflow in content::SiteIsolationPolicy::ShouldBlockResponse-2016-10-02
278366Security: Page can DDOS and crash browser: while (1) window.open()-2016-10-02
277656ASSERT: isDocumentLifecycleObserver()ASAN:SIGSEGV, UNKNOWN in WebCore::DocumentLifecycleNotifier::notifyDocumentWasDisposed-2016-10-02
276368Heap-use-after-free in ppapi::proxy::PluginResource::NotifyInstanceWasDeleted$10002016-10-02
276339Use-after-free in content::WebPluginDelegateImpl::NativeWndProc-2016-10-02
275803Heap-buffer-overflow on icu_46::CharsetRecog_UTF_32_BE::getChar-2016-10-02
275590Heap-buffer-overflow in media::AudioBuffer::ReadFrames-2016-10-02
276111ASSERTION FAILED: splineIndex < m_keySplines.size(), UNKNOWN in WebCore::SVGAnimationElement::calculatePercentForSpline-2016-10-02
274843CORS-enabled image should fail to load when redirected with CORS failure.-2016-10-02
274658Heap-use-after-free in PluginPlaceholder::ReplacePlugin-2016-10-02
276106ASSERTION FAILED: actualInfo->derefObjectFunction == info.derefObjectFunction, UNKNOWN in WebCore::V8HTMLElement::createWrapper-2016-10-02
276042Use-after-free in views::HWNDMessageHandler::_ProcessWindowMessage-2016-10-02
275223Heap-use-after-free in WebCore::EditCommandComposition::~EditCommandComposition-2016-10-02
273734Heap-use-after-free in WebCore::SharedStyleFinder::canShareStyleWithElement-2016-10-02
273732Use-after-free in WebCore::GraphicsLayer::setContentsTo-2016-10-02
272954Heap-use-after-free in WebCore::SpaceSplitString::set-2016-10-02
272786Use-after-free in WebCore::TimerBase::stop$20002016-10-02
274020Security: Blocked popups can navigate anywhere once unblocked-2016-10-02
274408Security: Cross-origin information should not be available via JavaScript.-2016-10-02
271782Security: Incognito mode state not necessarily encrypted properly-2016-10-02
272072Regression: 301 redirect to data: URLs works-2016-10-02
271221Heap-use-after-free in WebCore::StylePendingImage::data-2016-10-02
271161Heap-use-after-free in WebCore::AudioDSPKernelProcessor::reset$5002016-10-02
271130ASSERTION FAILED: !node || node->isElementNode(), UNKNOWN in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement-2016-10-02
271939Heap-use-after-free in xsltApplySequenceConstructor$10002016-10-02
271235ASSERTION FAILED: index < static_cast<unsigned>(length()), UNKNOWN in WebCore::TextIterator::characterAt-2016-10-02
270272Heap-use-after-free in WebCore::Node::compareDocumentPositionInternal-2016-10-02
270758Heap-use-after-free in WebCore::HRTFElevation::calculateKernelsForAzimuthElevation$5002016-10-02
269753Heap-use-after-free in webkitOfflineAudioContext$5002016-10-02
268565Security: use-after-free Speech with changing of the page$5002016-10-02
269837Heap-buffer-overflow in util::to_uint16_t-2016-10-02
269709Wild-access in WTF::HashTable<WebCore::RenderObject *,WTF::KeyValuePair<WebCore::RenderObject *,WebCore::FilterEffe-2016-10-02
269835Heap-buffer-overflow in office::doc::BxPap::Init-2016-10-02
268365Heap-use-after-free in std::pair<WTF::KeyValuePair<WTF::StringImpl*, WebCore::Element*>*, bool> WTF::HashTable<WTF::StringI-2016-10-02
267824ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlock::createLineBoxes-2016-10-02
267068Heap-use-after-free in WebCore::HTMLFormControlsCollectionV8Internal::indexedPropertyGetterCallback-2016-10-02
34151ChromeFrame: cookie policy not honored in chrome Frame-2016-10-02
34135Browser process crash (CHECK failure) in TabStripModel::GetContentsAt(int) const-2016-10-02
33906Why that-2016-10-02
33881Security Bug-2016-10-02
33876Security: LocalStorage Cross Domain Denial of Service Attack-2016-10-02
33873Confirm Close-2016-10-02
33995Bug ??-2016-10-02
33870VKontakte Checker-2016-10-02
33869VKontakte Tools-2016-10-02
33864chrome an chromium bug with flash-2016-10-02
33834MISTAKE (BŁĄD)-2016-10-02
33952Infinite redirects with long URL can cause browser process OOM.-2016-10-02
33872Chromepad-2016-10-02
33830Confirm Close-2016-10-02
33817Ошибка при отключении-2016-10-02
33791Trouble when opening a downloadable link-2016-10-02
33738r-2016-10-02
33736333-2016-10-02
33729chrome an chromium bug with flash-2016-10-02
33831some parameters not working-2016-10-02
33678y-2016-10-02
33664XSS Filter can disable legitimate code, creating vulnerabilities in otherwise safe webpages-2016-10-02
33607Security: SSL with Chrome using googlewave.com on Chromium-2016-10-02
33572Security: "Harmful websites" are allowed to initiate downloads without user intervention.-2016-10-02
33508Https issue-2016-10-02
33445STS design questions around probing what sites a user has been to-2016-10-02
33391Script tags are copied and pasted into xml, making cross-domain attacks possible-2016-10-02
33695Chrome problem.-2016-10-02
33053Use of stale HTMLImageElement pointer in JSHTMLFormElement::nameGetter-2016-10-02
32856Script tags are copied and pasted, making cross-domain attacks possible-2016-10-02
33324New windows opened within ChromeFrame in full tab mode don't use the host network stack-2016-10-02
32718Security: Cross-domain bug in password manager$5002016-10-02
32558auto text-2016-10-02
32457Security: WebKit Bug 33802 - WebCore::RenderMenuList::setText ExecAV@Arbitrary (fe810d95ab2c1eef13e951397ed944ce)-2016-10-02
32455ValidityState can hold a stale pointer to control-2016-10-02
32309Stylesheet URL property leaks redirection target-2016-10-02
32207The CLD (Compact Language Detection) code is run in the browser, it should run in the renderer.-2016-10-02
32014[MD audit] [clipboard] Type confusion possible in Linux clipboard implementation-2016-10-02
31953Resolve URL Before Proxy-2016-10-02
32915[MD audit] [Window Sandbox] CrossCallParamsEx::CreateFromBuffer() integer overflow-2016-10-02
31935appcache: https servers shouldn't be able to store no-store pages from other servers-2016-10-02
31880[MD audit] [plugins] Sandbox Violation: Raw pointer from renderer manipulated in plugin process-2016-10-02
31568Need to merge WebKit fix for ZDI-CAN-632 to Beta branch-2016-10-02
31554Invalid Read (possible code execution): Empty name parameter passed to v8::internal::LoadIC::Load()-2016-10-02
31542Use after free crash in RTL text handling-2016-10-02
31517ChildProcessSecurityPolicy::CanRequestURL recusion stack exhaustion in URL parsing with nested protocols-2016-10-02
31364[MD audit] [IPC] problems calling resize() on vectors with no sanitization-2016-10-02
31307[MD audit] [RPC] More errors deserializing SkBitmaps!!-2016-10-02
31298[MD audit] [RPC] Integer overflow in clipboard image deserialization-2016-10-02
31293Audio TAG MP3 plays noise burst at beginning-2016-10-02
31267Security: Popup & Focus URL Hijacking from ha.ckers.org, exploit works with chrome autodownload-2016-10-02
31144warn when downloading common Linux package files such as .deb-2016-10-02
31943Bypass of HTML5 iframe sandbox attribute (can set window.top.location)-2016-10-02
31692Bug 33266 - WebCore::InlineFlowBox::determineSpacingForFlowBoxes ReadAV@NULL (43c64e8abbda6766e5f5edbd254c2d57)-2016-10-02
30972Google Chrome XSS through MS Word Script Execution Object-2016-10-02
31009[MD audit] [V8]: integer errors lead to dangerous crashes in memory allocators-2016-10-02
31012[MD audit] [3d]-2016-10-02
30937Possible to execute script on unpermitted domains using chrome.tabs.executeScript()-2016-10-02
294242Url spoof with play store url-2016-10-02
294206Heap-use-after-free in WebCore::IDBDatabase::transactionFinished-2016-10-02
294202ASSERTION FAILED: hasRareData(), UNKNOWN in WebCore::Node::rareData-2016-10-02
294023Heap-buffer-overflow in bool WebCore::SelectorChecker::checkOne<WebCore::DOMSiblingTraversalStrategy>-2016-10-02
294464Heap-use-after-free in WebCore::SVGLength::SVGLength-2016-10-02
294456Heap-use-after-free in WebCore::canMergeLists$20002016-10-02
293521Heap-use-after-free in WebCore::CSSFontSelector::dispatchInvalidationCallbacks-2016-10-02
293127Use-after-free in WTF::HashTable<int,WTF::KeyValuePair<int,WTF::RefPtr<WebCore::CalculationValue> >,WTF::KeyValuePairK-2016-10-02
292679Heap-use-after-free in Pickle::~Pickle-2016-10-02
292422ASSERTION FAILED: m_pendingActivityCount > 0, Heap-use-after-free in WebCore::XMLHttpRequest::open$10002016-10-02
291854ASSERTION FAILED: !node || node->hasTagName(HTMLNames::metaTag), UNKNOWN in WebCore::TextAutosizer::detectContentType-2016-10-02
290566Heap-use-after-free in WTF::equalNonNull$10002016-10-02
293707ASSERTION FAILED: !value || value->isValueList(), UNKNOWN in WebCore::FontFace::createCSSFontFace-2016-10-02
293534Heap-use-after-free in WebCore::Document::updateLayout$30002016-10-02
290165ASSERTION FAILED: !needsLayout(), UNKNOWN in WebCore::RenderTableSection::paint$5002016-10-02
290163Heap-use-after-free in WebCore::InputMethodContext::selectedSegment-2016-10-02
289680Heap-buffer-overflow in PL_strdup-2016-10-02
289648Security: work around user gesture requirement-2016-10-02
288977Security: Insecure root-privileged file touch in /home/chronos by activate_date_spring.conf-2016-10-02
288797Heap-use-after-free in WebCore::TextFieldInputType::updateInnerTextValue-2016-10-02
290396Heap-use-after-free in WebCore::FrameLoader::load-2016-10-02
288771Heap-use-after-free in WebCore::SVGMatrixV8Internal::rotateMethodCallback-2016-10-02
288761Heap-use-after-free in WebCore::Document::updateLayout-2016-10-02
286975Heap-use-after-free in WebCore::Node::containsIncludingHostElements$20002016-10-02
286621Heap-use-after-free in BubbleGtk::Close-2016-10-02
286617Use-after-free in WebCore::RenderObject::previousInPreOrder-2016-10-02
286444Crash due to a bug in CoreText with some Arabic strings on Mac OS 10.8-10.8.4 and iOS 6-2016-10-02
286414Heap-use-after-free in WTF::KeyValuePair<WebCore::Resource*, WTF::RefPtr<WebCore::ResourceTimingInfo> >::~KeyValuePair$10002016-10-02
286368ASSERT: Bad cast from Element to HTMLDetailsElement., UNKNOWN in Bad cast from Element to HTMLDetailsElement-2016-10-02
288754Security: OOB in xfer32 in SKIA-2016-10-02
285783Heap-buffer-overflow in indic_ot_reorder-2016-10-02
285578Heap-use-after-free in gpu::CommandBufferHelper::~CommandBufferHelper-2016-10-02
285380Heap-use-after-free in content::QuotaDispatcherHost::RequestQuotaDispatcher::DidFinish-2016-10-02
284792FileAPIMessageFilter::OnOpenFile opens files with greater permissions than checked-2016-10-02
284786Heap-use-after-free in content::WebAudioSourceProviderImpl::provideInput$5002016-10-02
284785Heap-use-after-free in WebCore::ConvolverNode::tailTime$5002016-10-02
285787Heap-use-after-free in WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded$10002016-10-02
285742Heap-use-after-free in void url_parse::-2016-10-02
282925ASSERTION FAILED: !needsLayout(), UNKNOWN in WebCore::RenderSVGResourceClipper::applyClippingToContext$5002016-10-02
282923Heap-use-after-free in webrtc::voe::Channel::SendRTCPPacket-2016-10-02
282922Heap-use-after-free in WebCore::HTMLMediaElement::parseAttribute-2016-10-02
282738ASSERTION FAILED: offset + length <= m_length, UNKNOWN in WebCore::InlineTextBox::constructTextRun-2016-10-02
282736Javascript execution bug introduced with Chrome 29.0.1547.57$10002016-10-02
284532ASSERTION FAILED: !value || value->isPrimitiveValue(), UNKNOWN in WebCore::ViewportStyleResolver::getViewportLengthValue-2016-10-02
280352ASSERTION FAILED: !node || node->hasTagName(HTMLNames::tdTag) || node->hasTagName(HTMLNames::thTag), UNKNOWN in WebCore::AccessibilityTable::isDataTable-2016-10-02
282425Heap-use-after-free in WebCore::RenderLayer::renderer-2016-10-02
281256Address bar spoofing with window.open() + 204 No Content$20002016-10-02
280729Security: Linux HID flaws-2016-10-02
280552UNKNOWN in v8::internal::Invoke-2016-10-02
280512Possible to hide current address by going to "tel:" link and then a "#" link-2016-10-02
280470Security: Closing a webview while it is loading crashes the OS sessions.-2016-10-02
281480Heap-buffer-overflow in WebCore::ReverbConvolverStage::ReverbConvolverStage$5002016-10-02
280170Heap-use-after-free in WebRtcNetEQ_RecInRTPStruct-2016-10-02
280128ChromeView segfaults writing illegally during Vellamo test with drawPosTextH-2016-10-02
282088Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren$10002016-10-02
279643Heap-use-after-free in cricket::StreamSelector::Matches-2016-10-02
279642Heap-use-after-free in non-virtual thunk to cricket::TransportChannelProxy::OnMessage-2016-10-02
279640UNKNOWN in extract_image_data-2016-10-02
279639Heap-use-after-free in cricket::Connection::local_candidate-2016-10-02
30794Out of bounds read when processing SVG feColorMatrix filter-2016-10-02
30682Disable the null encryption and weak encryption TLS/SSL cipher suites-2016-10-02
30660window.open() Method Javascript Same-Origin Policy Violation$10002016-10-02
30659Security: restrict sqlite functions in the function authorizer-2016-10-02
30525Merge HTMLParser security fix from WebKit-2016-10-02
30510Security: invalid pointer access when calling HTML5 Web Database REGEXP() function with just one argument-2016-10-02
30146chrome.tabs.executeScriptInTab allows running script in the gallery-2016-10-02
30080Extension pop-up page is loaded into main window-2016-10-02
30078Web Workers abuse - opt in required?-2016-10-02
29932Security: Websockets - malformed URL freezes browser-2016-10-02
29920Referer: header is sent when redirect from https to http-2016-10-02
30079Security SafeBrowsingService pure virtual function call and memory corruption-2016-10-02
29854Security: WebKit Bug 32316 - WebCore::RenderObject::arenaDelete ExecAV@??? (292164e5b2ee939ff3ddf062439c2a3e)-2016-10-02
29828Security: sandbox bypass due to directory traversal opening Web Database files-2016-10-02
29645Prevent exposing autocomplete values via Javascript-2016-10-02
29577Crash on complicated @font-face rule-2016-10-02
29543Bug-2016-10-02
29914DNS queries not forwarded through SOCKS v5 proxies-2016-10-02
29657[MD audit] [NPAPI] Unsafe use of raw pointers between processes-2016-10-02
29292HTTPS pages contain warning about not being secure.-2016-10-02
28811Security: WebKit Bug 31886 - Notification::Notification m_presenter reuse of freed memory-2016-10-02
28804[MD audit] [Window Sandbox] PreProcessName() Race Condition-2016-10-02
28798[MD audit] [Window Sandbox] Integrity Level Race Condition-2016-10-02
28606Security: Chrome/chromium crash in Skia (CSS) due to flashplugin crash-2016-10-02
28582Out-of-bounds read in memcpy() upon one line CSS - sometimes OOM too-2016-10-02
29294Security: What about support for the Green Address Bar? (SSL EV...)-2016-10-02
28880Security: Crash in WebCore/platform/graphics/chromium/FontLinux.cpp:355 (WebCore::TextRunWalker::setupFontForScriptRun)-2016-10-02
28566Security: Crash when opening a corrupted GIF image-2016-10-02
28449Linear gradient on a table row crashes Chromium-2016-10-02
28360Security: Chromium/chrome crash in WebCore::RenderMarquee::computePosition-2016-10-02
28346Security: net::HttpStreamParser::DoReadBodyComplete OOM browser crash using Content-Length-2016-10-02
28250Chrome/chromium crash in Skia (memset) due to excessive stroke-2016-10-02
28043Security: LocalStorage does not account the key strings in the quota enforcement-2016-10-02
28015Security: notifications can pop-up unsolicited windows-2016-10-02
28574Security: Memory corruption in WebCore::ResourceLoader-2016-10-02
27916Bounds error in skAlphaRuns causes renderer hang-2016-10-02
27544HTML notifications should only allow http URLs as content (or not have elevated privileges for data: / javascript:)-2016-10-02
27501Security: Bad reference counting in WTF:: PassRefPtr leads to use after free-2016-10-02
26771Let users choose the default privacy behaviour (like address bar and other stuff ... ) IMPORTANT !!!-2016-10-02
26770change default beaviour of bar: let choose users about their privacy chroium privacy-2016-10-02
26585Security: Flash does not lose focus, which allows things like key logging-2016-10-02
26179Security: Chromium bug for gears fts2 security vulnerability-2016-10-02
28014Security: crash when requestPermission() called-2016-10-02
27509Security: HttpStreamParser::DoReadBodyComplete buffer overflow.-2016-10-02
24733Browser crash in icu processing text from Japanese page-2016-10-02
26129Security: MSVR report: Chrome Frame allows x-domain data theft in IE$5002016-10-02
24375Unbounded read (possible write) in SDCH header parsing-2016-10-02
23979Security: add other common HTML extensions to the dangerous extensions list-2016-10-02
23693Security: sanitize URLs better before creating desktop shortcuts-2016-10-02
24646Security: Skia memory corruption with x<0 in SkA*_Blitter::blitH-2016-10-02
25578No more symbolic links in the .app (en.lproj -> en_US.lproj)-2016-10-02
24486Chrome does not checksum downloaded .bdic files; Leads to crashes, possible exploits.-2016-10-02
22846ChromeFrame does not respect IE Privacy features-2016-10-02
23188Gears DLL is not marked at NX compatible-2016-10-02
22115Two pages munged together if an anchor is clicked during unload-2016-10-02
22721Security: Chrome Frame 301/302 redirect URL spoofing-2016-10-02
23189avcodec-52.dll is not marked NX, SafeSEH or DBCompat-2016-10-02
23006Security: Chrome Frame links circumvent IE8's SmartScreen-2016-10-02
22451Use-after-free in IPC::Channel::ChannelImpl::ProcessOutgoingMessages() in UtilityProcessHostTest.ExtensionUnpacker-2016-10-02
21354ISO-2022-CN and ISO-2022-CN-Ext are not supported leading to a potential XSS attack-2016-10-02
21338Same Origin Policy Bypass via getSVGDocument() method.$5002016-10-02
21489Linux create fail for /tmp/chrome_shutdown_ms.txt in mixed user environment-2016-10-02
21770Security: ParseFTPList buffer fencepost, integer underflow-2016-10-02
21771Security: ParseFTPList integer underflow-2016-10-02
21385No prompt when installing extension from odd content type-2016-10-02
21242Merge webkit.org@48142 to mstone-3-2016-10-02
21238security: Content-Type: application/rss+xml being rendered as active content-2016-10-02
21128XMLHttpRequest allows loading from another origin-2016-10-02
309452Heap-use-after-free in WebCore::CSSSelectorList::selectorAt-2016-10-02
309453Heap-use-after-free in WebCore::RenderBlockFlow::computeBlockDirectionPositionsForLine-2016-10-02
309201Heap-buffer-overflow in WebCore::RenderView::positionDialog-2016-10-02
308988Use-after-free in v8::HandleScope::HandleScope-2016-10-02
307159Response splitting with 302 redirects allows chrome sync session fixation$13372016-10-02
306346Heap-use-after-free in WebCore::ResourceLoader::requestSynchronously-2016-10-02
306694Crash in WebKit::WebHelperPluginImpl::closeHelperPlugin()-2016-10-02
305951Security: Don't send encrypted extensions (Channel ID, NPN,OBC) when server certificate is untrusted$10002016-10-02
305904Heap-use-after-free in WebCore::RenderBlock::determineStartPosition-2016-10-02
305368Use-after-free in printing::PrintingContextWin::AskUserForSettings-2016-10-02
306802Heap-buffer-overflow in WebCore::Font::characterRangeCodePath-2016-10-02
306803Heap-use-after-free in content::RenderViewImpl::OnMessageReceived-2016-10-02
306255content_shell crash with --dump-render-tree and non-ASCII content-2016-10-02
305278Heap-use-after-free in WebCore::HTMLMediaElement::contextDestroyed-2016-10-02
305220TLS session caching occurs before certificate validation$5002016-10-02
305080Heap-use-after-free in WebCore::XMLHttpRequest::~XMLHttpRequest-2016-10-02
304967Use-after-free in content::GpuChannelHost::Send-2016-10-02
305350Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::SVGTransform>::detachWrapper-2016-10-02
304787Heap-use-after-free in content::PluginURLFetcher::OnReceivedData$5002016-10-02
304547Security: popups opened in fullscreen mode are opened as popunders-2016-10-02
304398WebRTCIdentityStore should delete expired identities-2016-10-02
305279Heap-use-after-free in WebCore::GraphicsLayer::setContentsClippingMaskLayer-2016-10-02
304791Multiple libvpx potential security issues-2016-10-02
303927Use after free with new media::ScopedPtrAVFreeFrame-2016-10-02
303657Heap-use-after-free in WebCore::HTMLFormElement::submit-2016-10-02
303477ASSERTION FAILED: !node || node->isTextNode(), UNKNOWN in WebCore::RenderBlock::updateFirstLetter-2016-10-02
303476Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::SVGNumber>::detachWrapper-2016-10-02
303232ASSERT: Bad cast from Event to GestureEvent., UNKNOWN in Bad cast from Event to GestureEvent-2016-10-02
304226Security: Address bar spoofing on Android with window.open() + 204 No Content-2016-10-02
303772Heap-use-after-free in WebCore::SliderThumbElement::dragFrom-2016-10-02
302539Heap-buffer-overflow in ssl3_HandleHandshakeMessage-2016-10-02
301941ASSERTION FAILED: npObject, UNKNOWN in content::NPObjectProxy::NPNEvaluate-2016-10-02
301196ASSERTION FAILED: offset + length <= m_length, UNKNOWN in WebCore::InlineTextBox::paint-2016-10-02
300892Heap-use-after-free in WebCore::Document::updateHoverActiveState-2016-10-02
302724Content Script Shared Memory Buffer is writable-2016-10-02
302810ASSERT: Bad cast from Event to TouchEvent., UNKNOWN in Bad cast from Event to TouchEvent-2016-10-02
302007Security: Chrome can be easily made to stop working-2016-10-02
299892HTTP 1xx response handling code allows a website to read memory from the main process' heap.$40002016-10-02
299835libjpeg_turbo huffval infoleak-2016-10-02
299803Heap-use-after-free in WebCore::RenderLayerModelObject::hasSelfPaintingLayer-2016-10-02
298660Sparse file confuses temporary storage quota-2016-10-02
297976Heap-buffer-overflow in bool WebCore::SelectorChecker::checkOne<WebCore::DOMSiblingTraversalStrategy>-2016-10-02
300129Heap-use-after-free in content::RenderViewHostImpl::JavaScriptDialogClosed-2016-10-02
299993ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlock::createLineBoxes-2016-10-02
297556Heap-use-after-free in content::IndexedDBBackingStore::Transaction::Begin-2016-10-02
297478Heap-use-after-free in WebCore::HTMLFormElement::submit$20002016-10-02
296690UNKNOWN in WebKit::WebSpeechRecognitionHandle::operator WTF::PassRefPtr<WebCore::SpeechRecognition>$10002016-10-02
296276Heap-use-after-free in WebCore::SVGMatrixV8Internal::aAttributeSetterCallback-2016-10-02
296268Heap-use-after-free in WebCore::accumulateDocumentTouchEventTargetRects-2016-10-02
297718HTML generated by coping url in address bar should url-encode the url-2016-10-02
296804Heap-use-after-free in webrtc::voe::Channel::SendRTCPPacket-2016-10-02
295725Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::SVGMatrix>::detachWrapper-2016-10-02
295338ASSERTION FAILED: !object || object->isLayerModelObject(), UNKNOWN in WebKit::LinkHighlight::computeEnclosingCompositingLayer-2016-10-02
295010Heap-use-after-free in WebCore::RenderObject::childAt$20002016-10-02
294687Heap-use-after-free in task_manager::ExtensionProcessResource::GetProfileName-2016-10-02
294505ASSERTION FAILED: actualInfo->derefObjectFunction == info.derefObjectFunction, UNKNOWN in WebCore::V8IDBCursor::createWrapper-2016-10-02
296003Heap-buffer-overflow in void std::__final_insertion_sort<WebCore::RenderTableCell**, bool-2016-10-02
295695Security: Show javascript prompt over interstitial page-2016-10-02
20450Chromium shouldn't allow XHR to local directories-2016-10-02
20336Security: ensure proper escaping, filtering of user inputs in paths, login data for FTP-2016-10-02
20931chrome.tabs.update should not allow navigation to javascript: URLs w/o permission-2016-10-02
20318Security: do not auto-complete URLs with cloaked credentials-2016-10-02
19505Mixed content flash not causing mixed content warnings-2016-10-02
19340Themes from URLs without the ".crx" file extension install without prompt-2016-10-02
19334test-2016-10-02
19316Security: download shelf question for themes from untrusted locations is not honest-2016-10-02
19212Security: script injection possible in JSON.parse; will lead to XSS in some web apps-2016-10-02
19158libxml2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529-2016-10-02
20334Security: restrict IPs, ports for PASV ftp mode-2016-10-02
20233Crash potentially due to resource exhaustion-2016-10-02
18682Extensions privileges granted to process that calls window.open-2016-10-02
18672yuv_row_linux.cc clip() DCHECK too conservative?-2016-10-02
18639Crash [@ 0xffffffff]-2016-10-02
18009Security: Investigate NTLM reflection vulnerability-2016-10-02
17655Security: Bypass pop-up blocker using javascript: url in a pop-up.-2016-10-02
16535Security: terminate busy loops on page transitions-2016-10-02
16413Security: Redirected XHR includes custom headers, CSRF risk-2016-10-02
18803Avast can't scan all files of chrome's cache: password protected-2016-10-02
15701XSS issue due to the lack of support for ISO-2022-KR-2016-10-02
15556innerHTML applies meta/link/title tags before getting commited.-2016-10-02
14508Security: browser crash with memmove() memory corruption upon large chunked encoding chunk size-2016-10-02
14211Reproducible browser crash when quickly scrolling wide page horizontally-2016-10-02
13997Clicking an external link in an extension page shouldn't reuse the same process.-2016-10-02
15766Security: focus() selective keystroke redirection-2016-10-02
14719Security: possible memory corruption in v8 regex execution engine-2016-10-02
12617Starting a hiden download can allow attacker to determine how long the browser stays open.-2016-10-02
12523Crash - Menu::RunMenuAt(int,int)-2016-10-02
12307Subtle mixed content bugs-2016-10-02
12303Chrome falls back to DIRECT connections once all proxies have failed.-2016-10-02
12810Renderer can crash browser through OOM using document.title-2016-10-02
13029NIL-2016-10-02
12591Popup blocker bypass/open webpage in default browser using WMP Active-X-2016-10-02
11776Security: Linux Chromium config directory is world/group-readable, including cookies-2016-10-02
11739V8Proxy::ToNativeObjectImpl ASSERT(MaybeDOMWrapper(object));-2016-10-02
11545Extensions can be loaded by web content-2016-10-02
11308ReadAV [ARBITRARY]@chrome!NPAPI::PluginInstance::NPP_DestroyStream+0x111-2016-10-02
11205CoInitialize called in renderer (before sandbox lockdown)-2016-10-02
11178New Layout test failures for WebKit merge 42932:42994-2016-10-02
12142Crash when proxy responds to CONNECT request with Content-Length: 0-2016-10-02
11934Crash: Alert box in event listeners-2016-10-02
9760pasting "( ・ω・)ノ――――――――――――――@ ショボボボボーーーン" to address bar causes full crash-2016-10-02
9860ChromeHTML URI handler vulnerability-2016-10-02
10957UXSS sharing window.external among frames-2016-10-02
10869Buffer overflow in browser process while de-serializing SkBitmap (heap overwrite)-2016-10-02
10736SkMask::computeImageSize() integer overflow-2016-10-02
9877Security: cross domain thefts via CSS string property injection-2016-10-02
10996Security: job object based restrictions no longer seem to be enforced-2016-10-02
9303Security: possible use-after-free in OpenTypeUtilities.cpp-2016-10-02
9608An HTTP response with code 401 and header with name="WWW-Authenticate" value="" crashes browser-2016-10-02
9019zdi-can-464: malformed svglist parsing code execution-2016-10-02
8757Cross-origin XMLHttpRequest is always allowed-2016-10-02
8706Mixed content warning can be removed-2016-10-02
8473Fix CONNECT requests with user-cancelled auth-2016-10-02
8198Need to upgrade ICU in third_party-2016-10-02
319117Master bug for Mobile Pwn2Own 2013 exploit from Pinkie Pie-2016-10-02
319040Heap-buffer-overflow in WebCore::Element::pseudoStyleCacheIsInvalid-2016-10-02
318791Security: Crash in aura::Window::NotifyWindowHierarchyChangeAtReceiver-2016-10-02
319125Security: ClipboardHostMsg_WriteObjectsAsync allows to escape the sandbox-2016-10-02
317999Security: Integer overflow leading to exploitable buffer overflow on 32-bit when parsing encrypted mp4-2016-10-02
317284ASSERTION FAILED: width == frameRect.width(), UNKNOWN in WebCore::WEBPImageDecoder::applyPostProcessing-2016-10-02
317819ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlockFlow::createLineBoxes-2016-10-02
317734Disabling filters over IPC for M32-2016-10-02
317485Use-after-free from SVGMatrixTearOff-2016-10-02
317423Heap-use-after-free in WebCore::RenderBlockFlow::determineStartPosition-2016-10-02
317286Stack-buffer-overflow in content::MakeWebMouseWheelEvent-2016-10-02
318577Heap-use-after-free in WebCore::V8SVGTransform::resolveWrapperReachability-2016-10-02
317913Heap-use-after-free in ChromeDownloadManagerDelegate::OnDownloadTargetDetermined-2016-10-02
315889Security: ASAN heap-use-after-free in AnimationController::endAnimationUpdate$30002016-10-02
317210Heap-use-after-free in WebCore::RenderText::firstAbstractInlineTextBox-2016-10-02
317097ASSERTION FAILED: m_context->document().documentElement() != m_context, Heap-use-after-free in WebCore::SVGTransformV8Internal::angleAttributeGetterCallback-2016-10-02
316697Missing Skia cls for M32 to complete safe SVG communication over IPC-2016-10-02
316339Heap-buffer-overflow in sk_getMetrics_glyph_00-2016-10-02
316298Security: Bad cast in ToRenderWidgetHostViewAura in web_contents_view_aura.cc-2016-10-02
316032HPKP Pin-Sets set over headers are appended without a uniqueness check-2016-10-02
317173CHECK failure in CHECK(p->IsSmi()) failed: ../../v8/src/objects-debug.cc(59)-2016-10-02
317211Heap-buffer-overflow in PL_strdup-2016-10-02
317174Heap-buffer-overflow in PORT_Alloc_Util-2016-10-02
314469Heap-use-after-free in WebCore::ReplaceSelectionCommand::doApply$20002016-10-02
314402UNKNOWN in WebCore::computeShapePaddingBounds-2016-10-02
314225Heap-buffer-overflow in Null_Cipher-2016-10-02
315842Heap-use-after-free in WebCore::HTMLTreeBuilder::adjustedCurrentStackItem$20002016-10-02
313939Security: Cross-origin information disclosure through createMediaElementSource and OfflineAudioContext$40002016-10-02
313743Heap-use-after-free in extensions::ExtensionAPI::SplitDependencyName-2016-10-02
313529Heap-use-after-free in WebCore::Node::containsIncludingShadowDOM-2016-10-02
313435Security: Prerendered pages can add incorrect alias URLs and intercept future navigations to them-2016-10-02
313399Security: backport ARM uaccess fix-2016-10-02
313005Heap-use-after-free in WebCore::Element::focus-2016-10-02
312689Chrome’s HSTS preloads and certificate pinning does not work for wildcard-based domains when you input a “-.” before the actual domain name. (e.g. https://abc.def-.drive.google.com)-2016-10-02
312639ASSERTION FAILED: !m_history, Heap-use-after-free in WebCore::Document::nodeChildrenWillBeRemoved-2016-10-02
314088Use-after-free in content::WebPluginDelegateStub::~WebPluginDelegateStub-2016-10-02
312210"Require password to wake from sleep" option does not take effect-2016-10-02
312250Security: Access after the end of the buffer due to undefined behavior in Pickle::FindNext-2016-10-02
312046Heap-use-after-free in content::RenderViewHostImpl::JavaScriptDialogClosed-2016-10-02
312028Heap-use-after-free in WebCore::SharedStyleFinder::canShareStyleWithElement-2016-10-02
312016ViewHostMsg_CreateWindow: next route_id can be taken from the wrong process-2016-10-02
311909Heap-use-after-free in WebCore::RenderTextFragment::originalText-2016-10-02
311908ASSERTION FAILED: !needsSectionRecalc(), Heap-use-after-free in WebCore::RenderTable::topNonEmptySection-2016-10-02
311548Security: inline svg that has not been marked as laid out causes ASSERT_WITH_SECURITY_IMPLICATION-2016-10-02
312050UNKNOWN in WebCore::CanvasRenderingContext2D::drawTextInternal-2016-10-02
311036strongswan: CVE-2013-6075-2016-10-02
310259ASSERTION FAILED: width == frameRect.width(), UNKNOWN in WebCore::WEBPImageDecoder::applyPostProcessing-2016-10-02
311040strongswan: CVE-2013-6076-2016-10-02
310257Heap-buffer-overflow in VP8LConvertFromBGRA-2016-10-02
310794Security: Blocking of HTTP iframes in HTTPS pages can be circumvented by using data: urls-2016-10-02
7986REGRESSION: file:// URLs can script web URLs-2016-10-02
7713Unescape according to the safe browsing spec-2016-10-02
733830x redirects silently honored in response to CONNECT-2016-10-02
7214Cross-domain access to stylesheet text should not be allowed-2016-10-02
6869SVG support is crashy in 2.0.157.2-2016-10-02
6264Security bug: something very wrong with same-origin checks-2016-10-02
6062Chrome: Crash Report - Stack Signature: WebCore::GIFImageDecoder::haveDecodedRow-2016-10-02
7590Rogue renderer can tamper with Windows.-2016-10-02
5825chromehtml: Elevate on Vista if no permission to modify key-2016-10-02
5596Bookmarklets clicked on new tab page execute in chrome-resource security context-2016-10-02
5271Add a test for bug 2074-2016-10-02
5248cross-frame-access-protocol*.html layout tests are failing-2016-10-02
5247Cross-frame-access-*-explicit-domain layout tests failing-2016-10-02
4943Rogue renderer could crash other renderers / browser via stats table.-2016-10-02
4772Stateless key event handling from renderer to browser-2016-10-02
4197Further restrict access of file URL-2016-10-02
4150Security: SwissSign Root marked for EV-2016-10-02
3896Make tests for bug 2074 fix and contribute to webkit-2016-10-02
3851Security: need backport of WebKit bug for v1.0 release-2016-10-02
3823Security: Empty string between ISO-2022 escape sequences can be potentially exploited. Make sure we don't suffer-2016-10-02
3645Security: intermittent NULL ptr crash when browser close attempted with a non-responsive tab-2016-10-02
4387Security: Microsoft "feature" causes dates > December 31st 3000 to crash renderer crash-2016-10-02
3538SSL CN mismatch not triggering warning-2016-10-02
3431Drag & drop javascript link to Windows desktop-2016-10-02
3275Security: Popup-blocker bypass using click event-2016-10-02
3256Security: block windows / prompts, or disable scripting altogether, while security interstitials are displayed-2016-10-02
3628Websites can spawn infinite external protocol handler popups.-2016-10-02
3382V8 crashes on lots of popups.-2016-10-02
2759A range of non-characters (U+FDD0 .. U+FDEF) are passed through in IsStringUTF8-2016-10-02
2966Chrome Window.open & alert DoS-2016-10-02
2618Web Inspector should not rely on the untrusted page to implement escapeHTML-2016-10-02
2579tab_strip_model.cc can Crash Chrome.dll-2016-10-02
2316Chromium automatically continues the request for a sub-resource with a certificate error under some conditions.-2016-10-02
2748Crash when doing a view-source on a https-link with invalid security certificate-2016-10-02
2957Clicking "Safe Browsing diagnostic page" link broken on malware interstitial-2016-10-02
2632Advisory: Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos-2016-10-02
1488Google Chrome Browser Exploit-2016-10-02
1414Chrome Buffer Overlow Vulnerability - "SaveAs" Function-2016-10-02
1980Content-Disposition triggers buffer overflow-2016-10-02
2074DBCS invalid multi-byte over-consumption leads to XSS vectors-2016-10-02
1967Append .download to downloaded DLL files-2016-10-02
1227Firedragging "polished" - drag an executable file to the desktop appearing to be an image-2016-10-02
1208Never elide file extensions (at least in download UI)-2016-10-02
1210Don't trigger buttons on second click of a double-click-2016-10-02
213Denial of Service-2016-10-02
100custom cursor icon rendered incorrectly-2016-10-02
326229Heap-buffer-overflow in SkBicubicImageFilter::onFilterImage-2016-10-02
326187UNKNOWN in SkMagnifierImageFilter::onFilterImage-2016-10-02
326199Heap-buffer-overflow in SkBitmap::copyTo-2016-10-02
325624ASSERTION FAILED: !object || (object->isRenderBlockFlow()), UNKNOWN in WebCore::toRenderBlockFlow-2016-10-02
326195Heap-buffer-overflow in SkSrcXfermode::xfer32-2016-10-02
326206Heap-buffer-overflow in SkDilateX_SSE2-2016-10-02
326197Heap-buffer-overflow in SkDiffuseLightingImageFilter::onFilterImage-2016-10-02
326198Heap-buffer-overflow in Clamp_S32_D32_nofilter_trans_shaderproc-2016-10-02
326118Security: chrome: address bar spoofing in Chrome for iOS-2016-10-02
324815Apps can be installed from outside CWS and from non-secure sites-2016-10-02
324812Security: leaking the raw global object when passing callbacks between contexts-2016-10-02
325071Use-after-free in content::WebGraphicsContext3DCommandBufferImpl::InitializeCommandBuffer-2016-10-02
324969Security: Address bar spoofing in Chrome for Android$10002016-10-02
325225Crash on keyed load invocation-2016-10-02
324817Security: Unprompted app installation allowed-2016-10-02
324321Heap-use-after-free in WebCore::Document::updateLayout-2016-10-02
324320ASSERTION FAILED: !tryCatch.HasCaught() || result.IsEmpty(), Heap-use-after-free in content::RenderViewHostImpl::JavaScriptDialogClosed-2016-10-02
324323ASSERTION FAILED: iteration >= 0, Heap-buffer-overflow in WebCore::KeyframeAnimationEffect::PropertySpecificKeyframeGroup::sample-2016-10-02
324324Heap-use-after-free in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline-2016-10-02
324530Heap-use-after-free in WebCore::DocumentMarkerController::removeMarkersFromList-2016-10-02
322965In-page search form steals focus/navigation control from Chrome's URL bar-2016-10-02
323969Attempting free in std::_Rb_tree<blink::WebFrame*, std::pair<blink::WebFrame* const, content::RenderFrameImpl*>, std::_-2016-10-02
323682Use-after-free in WebCore::SVGAnimatedProperty::detachAnimatedPropertiesForElement-2016-10-02
323595Heap-buffer-overflow in SkValidatingReadBuffer::getArrayCount-2016-10-02
322662Multiprofile: Screen does not lock when non-corp account is active-2016-10-02
322891Heap-use-after-free in WebCore::RenderLayerScrollableArea::updateCompositingLayersAfterScroll$20002016-10-02
322554Heap-use-after-free in WebCore::MediaStreamAudioSourceNode::process-2016-10-02
322527Incognito cookies make their way into non-incognito cookie space when using HTTPS Everywhere extension-2016-10-02
322959URL Spoof Vulnerability$5002016-10-02
322937Heap-use-after-free in WebCore::RenderBlockFlow::determineStartPosition-2016-10-02
322575ASSERTION FAILED: activeDuration >= 0, Heap-buffer-overflow in WebCore::KeyframeAnimationEffect::PropertySpecificKeyframeGroup::sample-2016-10-02
321831UNKNOWN in SkProcCoeffXfermode::CreateProc-2016-10-02
322195Heap-use-after-free in content::WebRTCIdentityServiceHost::OnRequestIdentity-2016-10-02
321783dev-libs/nspr needs upgrade from upstream portage-2016-10-02
321781dev-libs/nss needs upgrade from upstream portage-2016-10-02
322348Heap-use-after-free in WebCore::Element::focus-2016-10-02
321802Heap-buffer-overflow in SkValidatingReadBuffer::readPoint-2016-10-02
321790UNKNOWN in SkValidatingReadBuffer::readString-2016-10-02
321940Security: Inserting a Google account to Chrome and stealing user's private data$50002016-10-02
320762Heap-use-after-free in WebCore::SVGStringListV8Internal::clearMethodCallback-2016-10-02
321037Heap-use-after-free in WebCore::V8SVGStringList::resolveWrapperReachability$5002016-10-02
321495Heap-use-after-free in WebCore::StyleSheetCollection::resetAllRuleSetsInTreeScope-2016-10-02
320796Content-security-policy object-src: isn't applied against <param name="source">-2016-10-02
320239CHECK failure in CHECK failed: it != streams_.end() in media_stream_dispatcher_host.cc(242)-2016-10-02
320344Heap-use-after-free in WebCore::ChannelProvider::provideInput$5002016-10-02
319860OOB read in V8-2016-10-02
319835OOB write in V8 (only 64bit)-2016-10-02
319722Heap-buffer-overflow in v8::internal::ExternalByteArray::SetValue-2016-10-02
319477clipboard.cc issues-2016-10-02
320314Heap-use-after-free in autofill::PasswordAutofillAgent::DidStartProvisionalLoad-2016-10-02
320313Heap-use-after-free in base::internal::Invoker<1, base::internal::BindState<base::internal::RunnableAdapter<void-2016-10-02
319914Use-after-free in v8::internal::GlobalHandles::Destroy-2016-10-02
331571Typing pandora.com in omnibox automatically redirects user to native app, if installed-2016-10-02
331444[LangFuzz] Crash at v8::internal::StoreBuffer::Compact with invalid write$30002016-10-02
331416[LangFuzz] Crash on Heap with Array access/length and invalid read$30002016-10-02
331725Security: body of POST request initiated 302-redirect chain can be recovered by script on last page in chain using XSS Auditor$5002016-10-02
331790Security: use-after-free in content::WebContentsImpl::~WebContentsImpl$10002016-10-02
331253Use-after-free in v8::HandleScope::HandleScope-2016-10-02
331389Heap-use-after-free in er_supported-2016-10-02
331219Using a long JavaScript alert() string can hide buttons and prevention checkbox-2016-10-02
331168Security: scrollbar-corner can be drawn outside the containing frame, allowing redress of parent frame.$5002016-10-02
331060Security: XSS Auditor behavior can cause leak of submitted form data because of about:blank redirection$10002016-10-02
331254Heap-buffer-overflow in WebCore::BisonCSSParser::parseValue-2016-10-02
331232Use-after-free in WebCore::Editor::rangeOfString-2016-10-02
330710UXSS can be performed because XSS Auditor processes tokens inside script tag separately-2016-10-02
330660use-after-free in SpeechRecognitionBubbleView::GetAnchorRect$5002016-10-02
330626Heap-use-after-free in WebCore::RenderInline::willBeDestroyed$20002016-10-02
330750ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlockFlow::createLineBoxes-2016-10-02
330663UXSS from a local MHTML file$10002016-10-02
330222UNKNOWN in TIntermSymbol::TIntermSymbol-2016-10-02
330420ASSERTION FAILED: m_stateStack.size() == 1, Heap-use-after-free in WebCore::ScrollView::paint$10002016-10-02
329978AutofillHostMsg_ShowPasswordSuggestions: validate that suggestions.size() == realms.size()-2016-10-02
330293UNKNOWN in SkRegion::setPath$30002016-10-02
329723Security: arbitrary memory read in logging::LogMessage::Init-2016-10-02
329258Global-buffer-overflow in BrotliHuffmanTreeBuildImplicit-2016-10-02
329547Heap-buffer-overflow in ReadHuffmanCode-2016-10-02
329006ASSERTION FAILED: std::isfinite(num), Heap-buffer-overflow in SkChopCubicAt-2016-10-02
329651UAF: Utterance should not keep a raw pointer to TtsMessageFilter-2016-10-02
329254Global-buffer-overflow in SkMallocPixelRef::SkMallocPixelRef-2016-10-02
329386Security: Handling HSTS headers effectively clobbers preloaded pins-2016-10-02
329238Heap-use-after-free in WebCore::RenderBlockFlow::computeBlockDirectionPositionsForLine-2016-10-02
328202Security: v8: invalid overflow checks in Zone::NewExpand()-2016-10-02
328231Security: incorrect overflow check in SparseControl::StartIO()-2016-10-02
328456ASSERTION FAILED: !m_deletionHasBegun, UNKNOWN in WebCore::FormAssociatedElement::formRemovedFromTree-2016-10-02
328620The GPU sandbox sometimes call InitializeSandbox() with threads appearing running.-2016-10-02
328203Security: WebGLRenderingContext::copyTexSubImage2D - invalid checks for overflow.-2016-10-02
327824The seccomp-bpf sandbox fails silently on the GPU process with threads-2016-10-02
327372Heap-buffer-overflow in SkDisplacementMapEffect::onFilterImage-2016-10-02
327729Heap-use-after-free in WebCore::SVGPropertyTearOff<WebCore::SVGMatrix>::detachWrapper-2016-10-02
327720Heap-use-after-free in chrome_browser_net::GetDataReductionRequestType-2016-10-02
327626Security: RELEASE_ASSERT in SubtreeLayoutScope destructor-2016-10-02
326860Heap-use-after-free in WebCore::RenderBlockFlow::determineStartPosition-2016-10-02
326854Heap-use-after-free in WebCore::FormAssociatedElement::formRemovedFromTree$10002016-10-02
327065Heap-use-after-free in StyleResolver::applyMatchedProperties-2016-10-02
327070ASSERTION FAILED: !m_hasBadParent, Heap-use-after-free in WebCore::InlineBox::nextLeafChild-2016-10-02
339610Heap-use-after-free in WebCore::Canvas2DLayerBridge::freeReleasedMailbox-2016-10-02
339498Heap-use-after-free in CacheCreator::DoCallback-2016-10-02
339337Use RefPtr in PageWidgetDelegate and guard RenderView-2016-10-02
339314Heap-use-after-free in content::VideoCaptureController::DoIncomingCapturedI420BufferOnIOThread-2016-10-02
338532UNKNOWN in /usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x6441f-2016-10-02
338524Security: TOCTOU Bug in Windows Sandbox Handle Duplication Service-2016-10-02
338561Heap-use-after-free in content::MediaStreamManager::FinalizeEnumerateDevices-2016-10-02
338393Heap-use-after-free in content::GpuChannelHost::Send-2016-10-02
338354Heap-use-after-free in IPC::Message::Header const* Pickle::headerT<IPC::Message::Header>-2016-10-02
338345Heap-use-after-free in content::WebContentsImpl::CreateNewWindow-2016-10-02
338538Security: Windows Sandbox Anonymous Kernel Object Unrestricted DACL$30002016-10-02
338464UaF of ColorChooserAura-2016-10-02
338164Heap-use-after-free in std::_Rb_tree<std::string, std::pair<std::string const, extensions::ExtensionDownloaderDelegate::Pin-2016-10-02
338109ASSERTION FAILED: !box || (box->isSVGInlineFlowBox()), UNKNOWN in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes-2016-10-02
337882Security: ASAN "heap-buffer-overflow" in CallBitmapXferProc$20002016-10-02
338341Heap-use-after-free in content::RenderProcessHostImpl::ProcessDied-2016-10-02
338124Heap-use-after-free in elapsed-2016-10-02
337572Heap-use-after-free in cricket::BaseChannel::SendPacket-2016-10-02
337561ASSERTION FAILED: controller->hasClientForTest(), Heap-buffer-overflow in WebCore::GeolocationClientMock::setPositionUnavailableError-2016-10-02
337488Security: Even when there are certificate errors, password auto-fill (easy-fill) works-2016-10-02
337428Tracking bug for internal security fixes for Chrome 32, Release 1-2016-10-02
337071UNKNOWN in NetworkASync::QueueDeletion-2016-10-02
337727Heap-buffer-overflow in __gnu_cxx::new_allocator<unsigned long>::construct-2016-10-02
337746Security: unicode character can create phishing-friendly address bar$15002016-10-02
337562Heap-use-after-free in WebCore::HTMLFormElement::removeImgElement-2016-10-02
336436Heap-use-after-free in WebCore::V8SVGAnimatedRect::visitDOMWrapper-2016-10-02
336875Heap-use-after-free in cc::FrameRateController::DidSwapBuffersComplete-2016-10-02
336841Security: WebRequest API allows modifying details in inline extension installations-2016-10-02
335416Heap-buffer-overflow in WebCore::Font::expansionOpportunityCount-2016-10-02
335242Heap-buffer-overflow in setup_frame_size_with_refs-2016-10-02
335921Heap-use-after-free in WebCore::AutofocusTask::performTask-2016-10-02
334448Uninit memory access in CLD2 inside translate::DeterminePageLanguage-2016-10-02
334314IndexedDB: Replace passing identically-sized vectors through IPC with passing pairs/tuples-2016-10-02
334897Security: Windows Sandbox Named Pipe Policy Doesn't Block Relative Paths$20002016-10-02
334204Same-origin security issue in <video> on Android-2016-10-02
334082Heap-use-after-free in plugins::PluginPlaceholder::ReplacePlugin-2016-10-02
333885Stack-use-after-return in _mesa_optimize_program-2016-10-02
334725Heap-use-after-free in WebCore::SpaceSplitString::set-2016-10-02
334274Security: Sandbox escape due to vector length mismatch in IndexedDBHostMsg_DatabasePut IPC message-2016-10-02
333378Heap-use-after-free in WebCore::ResourceFetcher::frame()$10002016-10-02
333156Use-after-free in WebCore::SVGAnimatedProperty::detachAnimatedPropertiesForElement-2016-10-02
333155Bad cast to XPath::Filter in XPathGrammar.y-2016-10-02
333094Security: Flash allows clipboard theft / manipulation for duration of session after receiving a single paste event-2016-10-02
333058Security: set_state global_handles renderer crash (UAF) with Web Workers and Web SQL$10002016-10-02
333038Security: Sandbox escape due to vector length mismatch in ImageHostMsg_DidDownloadImage IPC message-2016-10-02
333036Tracking bug for internal security fixes for Chrome 32, Release 0-2016-10-02
333431ASSERTION FAILED: !node || (node->isSVGElement()), UNKNOWN in WebCore::SVGSMILElement::connectEventBaseConditions-2016-10-02
332677ASSERTION FAILED: !node || (node->isElementNode()), UNKNOWN in WebCore::toElement-2016-10-02
332579Drag-and-drop files not working on Windows Aura-2016-10-02
332957PartialCircularBuffer is unsafe to use across security boundaries-2016-10-02
332675Use-after-free in plugins::PluginPlaceholder::UpdateMessage-2016-10-02
345526UNKNOWN in v8::internal::FixedArrayBase::length-2016-10-02
345715UNKNOWN in v8::internal::HeapObject::map_word-2016-10-02
344674UNKNOWN in content::TouchDispositionGestureFilter::OnGestureEventPacket-2016-10-02
344654Use-after-free in net::URLRequestContextGetter::OnDestruct-2016-10-02
345014Wild-access in WebCore::V8PerContextDataHolder::from-2016-10-02
344881Heap-use-after-free in WebCore::SpeechSynthesis::cancel$40002016-10-02
344359ASSERTION FAILED: bounds.width() >= 0 && bounds.height() >= 0 && radii.width() >= 0 && radii.height() >= 0, Heap-use-after-free in WebCore::RenderBlockFlow::constructLine-2016-10-02
344265Heap-use-after-free in views::TooltipManagerAura::UpdateTooltip-2016-10-02
344186OOB write due to invalid bounds check in v8-2016-10-02
344051Security: dump_vpd_log can be tricked into creating a file (or corrupt non-regular file)-2016-10-02
344492Heap-use-after-free in WebCore::SVGImage::setContainerSize$10002016-10-02
344360ASSERTION FAILED: !node || (node->isElementNode()), UNKNOWN in WebCore::RenderBlock::clone-2016-10-02
344230Use-after-free in WebCore::RootInlineBox::closestLeafChildForPoint$10002016-10-02
343648Stack-buffer-overflow in content::DecodeAudioFileData-2016-10-02
343582Use-after-free in WebCore::DocumentTimeline::createPlayer-2016-10-02
343383Renderer crash / heap-use-after-free in BrowserPlugin-2016-10-02
343265Heap-use-after-free in content::NavigatorImpl::NavigateToEntry-2016-10-02
343928UNKNOWN in v8::internal::FixedArrayBase::length-2016-10-02
343964UNKNOWN in v8::internal::FixedArray::get-2016-10-02
343461Global-buffer-overflow in SkBitmap::setConfig-2016-10-02
343661Security: UAF while deleting IndexedDB databases from (shared) workers$30002016-10-02
342618Security: UXSS via dispatchEvent on iframes (subject to some conditions)$30002016-10-02
342735Security: UaF in controller of color chooser$10002016-10-02
342949Security: Bypass extension install prompt with --install-from-webstore and --force-app-mode-2016-10-02
343050Use-after-free in WebCore::FrameView::autoSizeIfEnabled-2016-10-02
342856UNKNOWN in WebCore::ThreadState::visitStack-2016-10-02
341865Heap-use-after-free in WebCore::FrameLoader::loadHistoryItem-2016-10-02
342151Heap-use-after-free in ui::OnFileNotSelected-2016-10-02
341093Heap-use-after-free in WebCore::GraphicsContext::restore-2016-10-02
341220Chrome_ChromeOS: Crash Report - WebCore::KURL::init-2016-10-02
340687Heap-use-after-free in WebCore::CompositedLayerMapping::~CompositedLayerMapping-2016-10-02
340387Security: Unquoted path in mini_installer can lead to executing the wrong executable-2016-10-02
340125CHECK failure in CHECK(is_valid) failed: ../../v8/src/v8conversions.h(107)-2016-10-02
340124CHECK failure in CHECK(p->IsHeapObject()) failed: ../../v8/src/objects-debug.cc(219)-2016-10-02
340697ASSERTION FAILED: m_match == Tag, Heap-buffer-overflow in WebCore::RuleSet::findBestRuleSetAndAdd-2016-10-02
341754Heap-use-after-free in WebCore::WorkerThreadableWebSocketChannel::Peer::Peer-2016-10-02
341555HTTP iFrame loaded into HTTPS page (Mixed active content protection bypass)-2016-10-02
339994Heap-use-after-free in std::_Rb_tree<std::pair<int, media::AudioParameters>, std::pair<std::pair<int, media::AudioParameter-2016-10-02
340001Heap-use-after-free in WebCore::CSSParserValueList::~CSSParserValueList-2016-10-02
340007Heap-use-after-free in v8::internal::Heap::UpdateAllocationSiteFeedback-2016-10-02
340048Heap-use-after-free in WebCore::V8SVGAnimatedString::visitDOMWrapper-2016-10-02
339993ASSERTION FAILED: !box || (box->isSVGInlineFlowBox()), UNKNOWN in WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes-2016-10-02
339667Heap-use-after-free in content::BrowserMessageFilter::Send-2016-10-02
351855Pwnium 4: Mali GPU driver does not mask out VM_MAYWRITE-2016-10-02
351852AsyncPixelTransfersCompletedQuery does not validate shared memory offset-2016-10-02
351811Security: Pwnium 4 GeoHot bug: cros-disks accepts labels, has path traversal issues.-2016-10-02
351796Security: Pwnium 4 GeoHot bug: try_touch_experiment command injection-2016-10-02
351788Security: Pwnium 4 GeoHot tracking bug$1500002016-10-02
351787Pwnium 4: v8 OOB read/write with __defineGetter__ and bytesLength-2016-10-02
351729Use-after-free in WebCore::RenderObject::setPreferredLogicalWidthsDirty-2016-10-02
352043Chrome: Crash Report - WebCore::Resource::ResourceCallback::timerFired-2016-10-02
351815Pwnium: Extension system allows compromised renderer access to crosh-2016-10-02
351316Heap-use-after-free in WebCore::SMILTimeContainer::wakeupTimerFired-2016-10-02
351504Heap-use-after-free in gfx::ImageSkia::operator=-2016-10-02
351103sandbox::CodeGen::MergeTails (seccomp-bpf) is unsound for single-successor basic blocks$5002016-10-02
351314Heap-use-after-free in views::DesktopDispatcherClient::RunWithDispatcher-2016-10-02
351320UNKNOWN in v8::internal::Invoke-2016-10-02
351209UNKNOWN in v8::internal::MarkCompactCollector::ProcessMarkingDeque-2016-10-02
350760Use-after-free in WebCore::ShadowTreeStyleSheetCollection::collectStyleSheets-2016-10-02
350537Heap-use-after-free in printing::PrintViewManagerBase::ReleasePrinterQuery-2016-10-02
350535Security: Callers of showModalDialog can be trivially XSSed by a cross-origin modal dialog-2016-10-02
350863CHECK failure in CHECK(object->map()->IsMap()) failed: ../src/heap-inl.h(833)-2016-10-02
350930Heap-use-after-free in std::_Rb_tree<std::pair<int, media::AudioParameters>, std::pair<std::pair<int, media::AudioParameter-2016-10-02
350686Heap-use-after-free in webFrame-2016-10-02
350509ASSERTION FAILED: !value || (value->isPrimitiveValue()), UNKNOWN in WebCore::StyleBuilder::applyProperty-2016-10-02
350434[LangFuzz] Crash with jump to invalid address$20002016-10-02
350533Origin confusion bug in QUIC-2016-10-02
350055Heap-use-after-free in WebCore::CSSParserValueList::~CSSParserValueList-2016-10-02
349903ASSERTION FAILED: !object || (object->isListBox()), UNKNOWN in WebCore::HTMLSelectElement::listBoxDefaultEventHandler$15002016-10-02
349898Security: Integer Overflows in CharacterData::deleteData & CharacterData::replaceData$15002016-10-02
349465UNKNOWN in v8::internal::JSFunction::context-2016-10-02
350518Security: WinSock initialized in Utility Process.-2016-10-02
350100Heap-use-after-free in content::IndexedDBFactory::Open-2016-10-02
349079UNKNOWN in v8::internal::HeapObject::map_word-2016-10-02
348952Insecure marked as secure when restored from session-2016-10-02
348682ASSERTION FAILED: to <= m_run.length(), UNKNOWN in WebCore::HarfBuzzShaper::setDrawRange-2016-10-02
348581Dynamically created script tags disregard Content-Type and X-Content-Type-Options-2016-10-02
348550ParseHSTSHeader should tolerate trailing ";"-2016-10-02
348333Security: base::SHA1HashBytes produces wrong SHA1 hash when |len| >= 4GB-2016-10-02
348332Security: Integer overflow allocating shared memory in SoftwareFrameManager::SwapToNewFrame()$30002016-10-02
349135Heap-use-after-free in cc::internal::TaskGraphRunner::SetTaskGraph-2016-10-02
348175Tracking bug for internal security fixes for Chrome 33, Release 1-2016-10-02
347909CHECK failure in CHECK(value->IsHeapObject()) failed: ../src/objects-debug.cc(295)-2016-10-02
348319UNKNOWN in v8::internal::MemoryChunk::heap-2016-10-02
347720Security: Protocol handler UI does not filter "protocol" and "title" strings-2016-10-02
347543CHECK failure in CHECK(object_size <= Page::kMaxRegularHeapObjectSize) failed: ../src/ia32/macro-assembler-ia32.cc(15-2016-10-02
347532CHECK failure in CHECK(isolate->microtask_pending()) failed: ../src/execution.cc(358)-2016-10-02
347528CHECK failure in CHECK(IsNativeContext()) failed: ../src/contexts.h(462)-2016-10-02
347302Chrome_Linux: Crash Report - content::MediaStreamDispatcherHost::OnEnumerateDevices-2016-10-02
347846Bypassing policies set by removing battery (can be fixed)-2016-10-02
347284Scroll pointer iteration during tree sync is a really bad idea-2016-10-02
347177Use-after-free in media::GpuVideoDecoder::Initialize-2016-10-02
346997Security: Self signed assets don't fail.-2016-10-02
346744Security: download attribute allows download without user interaction-2016-10-02
346599Skia refcounted objects are held in non-refcounted places-2016-10-02
346557Heap-use-after-free in autofill::PasswordGenerator::Generate-2016-10-02
347262UNKNOWN in v8::internal::Map::instance_descriptors-2016-10-02
346343NO STACK-2016-10-02
346192Heap-use-after-free in WebCore::SVGFontFaceElement::associatedFontElement$10002016-10-02
346135Security: html files from file URLs can read data from other file URLs via drag-and-drop$10002016-10-02
346110Heap-use-after-free in get-2016-10-02
346489Heap-buffer-overflow in VariablePacker::searchColumn-2016-10-02
346141Global-buffer-overflow in GetVisitor-2016-10-02
345820UNKNOWN in v8::internal::HeapObject::map_word-2016-10-02
345929mirrorv2 crashes when nobody is receiving-2016-10-02
345959Integer overflows in StringBuilder-2016-10-02
358254Heap-buffer-overflow in UDataMemory_normalizeDataPointer_46-2016-10-02
358059UNKNOWN in v8::internal::HeapObject::map_word-2016-10-02
358057UNKNOWN in v8::internal::Simulator::DecodeType3-2016-10-02
358038Security: UAF/Crash in (websockets) onsentdata/reset with web and shared workers combined$20002016-10-02
357712Heap-use-after-free in void std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> >:-2016-10-02
358471importScripts ignores script-src CSP-2016-10-02
357382Security: ProcessManager::GetExtensionForRenderViewHost determines extension ID unsafely-2016-10-02
357292Use-after-free in WebCore::GraphicsLayer::updateContentsRect-2016-10-02
357669Heap-use-after-free in WebCore::FrameSelection::setSelection-2016-10-02
357242Heap-use-after-free in WebCore::RenderBox::enclosingFloatPaintingLayer-2016-10-02
357174Heap-use-after-free in WebCore::MemoryCache::insertInLRUList-2016-10-02
357452Heap-use-after-free in WebCore::RenderTreeBuilder::createRendererForElementIfNeeded-2016-10-02
357269Cross-origin request credentials are not removed properly in WebCore::DocumentThreadableLoader::loadRequest-2016-10-02
356736minijail should signal failure when it cannot change user/group-2016-10-02
356690Heap-use-after-free in WebCore::RenderObject::childAt$10002016-10-02
356653Security: Use after free in StyleEngine::createSheet$30002016-10-02
356652Extensions can modify the appearance of the Chrome Web Store-2016-10-02
356540Heap-use-after-free in content::BufferedResourceLoader::Stop-2016-10-02
356517Heap-use-after-free in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline-2016-10-02
357173Use-after-free in WebCore::AsyncCallStackTracker::didRemoveEventListener-2016-10-02
356235Untrusted synthetic gestures received in the browser are not verified-2016-10-02
356220NO STACK-2016-10-02
356211RETRY_AFTER_GC Failure Leak-2016-10-02
356181Security: WebGL texImage2D can enable out-of-bounds memory access on Android-2016-10-02
356095Heap-use-after-free in WebCore::HTMLBodyElement::insertedInto$20002016-10-02
356352ASSERTION FAILED: !webMediaPlayer(), Heap-use-after-free in blink::WebMediaPlayerClientImpl::load$10002016-10-02
355586UNKNOWN in int v8::internal::FlexibleBodyVisitor<v8::internal::NewSpaceScavenger, v8::internal::JSObject::BodyD-2016-10-02
355438Use-after-free in WebCore::RenderBlockFlow::checkFloatsInCleanLine-2016-10-02
355303UAF from RefCount Leak in Length::operator=-2016-10-02
355036Security: integer overflow validating size in mojo::internal::FixedBuffer::Allocate-2016-10-02
354931Security: UAF in NotifyAndDeleteIfDone/browser process crash related to WebSQL transactions in a Web Worker-2016-10-02
354878Heap-use-after-free in WebCore::RenderText::firstAbstractInlineTextBox-2016-10-02
355373ASSERTION FAILED: !widget || (widget->isPluginView()), UNKNOWN in WebCore::CompositedLayerMapping::updateGraphicsLayerConfiguration-2016-10-02
354297use-of-uninitialized-memory in WebCore::RenderStyle::fontDescription, may cause use-after-free or some such-2016-10-02
353895Heap-use-after-free in WebCore::StylePendingImage::cssValue-2016-10-02
353894Heap-use-after-free in WebCore::StyleEngine::createSheet-2016-10-02
354669Chrome_ChromeOS: Crash Report - net::QuicConnection::CanWrite-2016-10-02
354058UNKNOWN in DecodeContextMap-2016-10-02
353579Security: Android show full security for weak DH groups.-2016-10-02
353577ASSERTION FAILED: cc < codePointsNumber, UNKNOWN in WebCore::MediaQueryTokenizer::nextToken-2016-10-02
353224libwidevinecdm.so text section is writeable (rwx)-2016-10-02
353058Heap-buffer-overflow in v8::internal::Simulator::DecodeType2-2016-10-02
353035Heap-use-after-free in WebCore::MemoryCache::evict-2016-10-02
353013Security: admin.google.com should have HSTS preloaded-2016-10-02
352982CHECK failure in CHECK(object->map()->IsMap()) failed: ../src/heap-inl.h(818)-2016-10-02
353621Use-after-free in WebCore::InspectorCSSAgent::collectAllDocumentStyleSheets-2016-10-02
352941Use-after-free in WebCore::StyleSheetContents::startLoadingDynamicSheet-2016-10-02
352929UNKNOWN in v8::internal::Invoke-2016-10-02
352851Security: UaF in SpeechRecognitionBubbleImpl::~SpeechRecognitionBubbleImpl$10002016-10-02
352447Security: Use a narrowwhitelist for VFS names-2016-10-02
352429Security: Junction Point directory traversal vulnerability - pwn2own 2014-2016-10-02
352395Pwn2Own (3/13/2014): Compromised renderers can set arbitrary clipboard formats-2016-10-02
352380Geolocation permission is remembered on an HTTP site-2016-10-02
352905Security: Incorrect origin shown on modal windows opened by sub-frames of chrome.google.com/webstore-2016-10-02
352369Pwn2own (3/13/2014): VUPEN exploit.-2016-10-02
352181ASSERTION FAILED: !CustomElementCallbackDispatcher::inCallbackDeliveryScope(), UNKNOWN in WebCore::CustomElementMicrotaskDispatcher::doDispatch-2016-10-02
352178Heap-use-after-free in WebCore::SVGFontFaceElement::associatedFontElement-2016-10-02
352083Security: Chrome for Android - URL bar spoof$30002016-10-02
352374Pwn2own (3/13/2014): Use-after-free in bindings-2016-10-02
364511Buffer overflow vulnerability in glibc-2016-10-02
364405Security: input events to plugins bypass regular user gesture tracking-2016-10-02
364365Crash while creating a SPDY session-2016-10-02
364066ASSERTION FAILED: !activeAnimations || !activeAnimations->isAnimationStyleChange(), Heap-use-after-free in WebCore::CSSAnimations::AnimationEventDelegate::maybeDispatch-2016-10-02
364065SEGV in media::InMemoryUrlProtocol::Read$10002016-10-02
363873ASSERTION FAILED: !object || (object->isBox()), UNKNOWN in WebCore::CompositedLayerMapping::updateGraphicsLayerGeometry$30002016-10-02
363841Hosted app alerts from iframes show title of app, not domain of iframe-2016-10-02
363631ASSERTION FAILED: !value || (value->isPrimitiveValue()), UNKNOWN in WebCore::StyleBuilderFunctions::applyValueCSSPropertyFontVariant-2016-10-02
363390Security: 64-bit may leak kernel addresses via LDT-2016-10-02
362887Security: SSL CRL Vulnerability in Android Chrome-2016-10-02
362865Heap-use-after-free in WebCore::InlineBox::root-2016-10-02
362898Heap-use-after-free in WebCore::Resource::checkNotify-2016-10-02
362558Heap-use-after-free in content::VideoCaptureImpl::InitOnIOThread-2016-10-02
362480Use-after-free in WebCore::Chrome::notifyPopupOpeningObservers-2016-10-02
362110ASSERTION FAILED: positionOffset <= node->length(), UNKNOWN in WebCore::updatePositionAfterAdoptingTextReplacement-2016-10-02
362109ASSERTION FAILED: i <= length, UNKNOWN in WebCore::WindowFeatures::WindowFeatures-2016-10-02
361933Global-buffer-overflow in v8::internal::VisitorDispatchTable<void-2016-10-02
362762Import qcms buffer overflow fix-2016-10-02
362310Use-after-free in WebCore::MutableStylePropertySet::mergeAndOverrideOnConflict-2016-10-02
360784Use-after-free in WebCore::RenderTextFragment::originalText-2016-10-02
361608UNKNOWN in v8::internal::Invoke-2016-10-02
360733Heap-buffer-overflow in v8::internal::Simulator::HandleRList-2016-10-02
360798Security: openssl info leak-2016-10-02
360595Heap-buffer-overflow in bits_to_runs-2016-10-02
360448Eavesdrop on the user speech - abusing the old speech API-2016-10-02
360431Heap-buffer-overflow in getNextNormalizedChar-2016-10-02
360430ASSERTION FAILED: index < TypedArrayBase<T>::m_length, UNKNOWN in WebCore::FEDisplacementMap::applySoftware-2016-10-02
360429ASSERTION FAILED: actualInfo->derefObjectFunction == wrapperTypeInfo.derefObjectFunction, UNKNOWN in WebCore::V8HTMLElement::createWrapper-2016-10-02
360408Stack-buffer-overflow in opj_read_bytes_LE-2016-10-02
360403Heap-buffer-overflow in bool WebCore::CSSTokenizer::parseURIInternal<unsigned char, unsigned short>-2016-10-02
360478UNKNOWN in void v8::internal::String::Visit<v8::Utf8LengthHelper::Visitor, v8::internal::ConsStringCaptureOp>-2016-10-02
360433Heap-use-after-free in uprv_strdup_46-2016-10-02
360504Security: I accidentially disabled relro on chromeos arm m35.-2016-10-02
360481ASSERTION FAILED: !m_clusterStack.isEmpty(), UNKNOWN in WebCore::FastTextAutosizer::currentCluster-2016-10-02
360205Heap-buffer-overflow in opj_mct_decode-2016-10-02
360171ASSERTION FAILED: !m_clusterStack.isEmpty(), UNKNOWN in WebCore::FastTextAutosizer::currentCluster-2016-10-02
360163Heap-use-after-free in WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded-2016-10-02
360345Heap-use-after-free in media::DecryptingDemuxerStream::Stop-2016-10-02
360344UNKNOWN in opj_j2k_read_SQcd_SQcc-2016-10-02
360214Heap-use-after-free in WebCore::DocumentMarkerController::removeMarkersFromList-2016-10-02
359525CHECK failure in CHECK(size_in_bytes <= kMaxBlockSize) failed: ../src/spaces.cc(2378)-2016-10-02
360053Global-buffer-overflow in CFX_FaceCache::RenderGlyph-2016-10-02
359134UNKNOWN in v8::internal::MemoryChunk::IsFlagSet-2016-10-02
359130Heap-use-after-free in WebCore::SpeechSynthesisUtterance::startTime-2016-10-02
359802ZDI-CAN-2245: Google Chrome ImageData Signedness Error Remote Code Execution VulnerabilityImageData Signedness Error Remote Code Execution Vulnerability-2016-10-02
359454Security: Integer overflow allocating shared memory in AudioInputRendererHost::OnCreateStream$30002016-10-02
359602Heap-use-after-free in WebCore::InlineBox::root-2016-10-02
358571Security: appengine.google.com has wildcard but not include_subdomains-2016-10-02
358667Heap-buffer-overflow in void WebCore::CSSTokenizer::parseIdentifier<unsigned char>-2016-10-02
358960Heap-use-after-free in content::MediaStreamAudioSinkOwner::OnReadyStateChanged-2016-10-02
358813Heap-use-after-free in WebCore::Scrollbar::gestureEvent-2016-10-02
369760UNKNOWN in content::WAVEDecoder::ReadChunkHeader-2016-10-02
369759ASSERTION FAILED: positionOffset <= node->length(), UNKNOWN in WebCore::updatePositionAfterAdoptingTextReplacement-2016-10-02
369621Crash in content::RendererClipboardWriteContext::WriteBitmapFromPixels$5002016-10-02
369615ASSERT !m_paintStateIndex failure in ~GraphicsContext, missing a restore().-2016-10-02
369848double-click allows to steal form history-2016-10-02
369808Heap-use-after-free in void WebCore::ImageDecodingStore::insertCacheInternal<WebCore::ImageDecodingStore::ImageCacheEntry,-2016-10-02
369517UNKNOWN in SkPath::isRectContour-2016-10-02
369525ASSERTION FAILED: static_cast<FileError::ErrorCode>(code) != FileError::ABORT_ERR, Heap-use-after-free in v8::internal::GlobalHandles::Node::Release$10002016-10-02
368980Heap-buffer-overflow in ff_er_frame_end-2016-10-02
369519ASSERTION FAILED: !tryCatch.HasCaught() || result.IsEmpty(), Heap-use-after-free in WebCore::InlineBox::dirtyLineBoxes-2016-10-02
369127UNKNOWN in v8::internal::NoBarrier_Load-2016-10-02
368551Use-after-free in WebCore::ResourcePtrBase::setResource-2016-10-02
368978Bad-cast to WebCore::ShadowRoot from WebCore::Text;ShadowRoot.h:164:1-2016-10-02
368979UNKNOWN in v8::internal::NoBarrier_Load-2016-10-02
367817Cross origin bypass with Object.observe().-2016-10-02
367812Security: AppCache allows MITM of same-origin shared hosting-2016-10-02
367764UNKNOWN in SkValidatingReadBuffer::readString-2016-10-02
367567Security: Any extension can debug any other extension (e.g. crosh)$15002016-10-02
367985UNKNOWN in android::MPEG4Source::stop-2016-10-02
367544UNKNOWN in CJBig2_GSIDProc::decode_Arith-2016-10-02
367508Use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren-2016-10-02
366781WebVector::initialize{From} should bounds check its size parameter-2016-10-02
366694UNKNOWN in opj_read_bytes_LE-2016-10-02
366693Global-buffer-overflow in CJS_PublicMethods::MakeFormatDate-2016-10-02
366692Heap-use-after-free in Document::title-2016-10-02
366690Heap-buffer-overflow in j2k_read_ppm_v3-2016-10-02
366947PSL matching should only apply to HTML forms-2016-10-02
366797Security: UAF in mojo::internal::DecodePointerRaw-2016-10-02
366510Heap-use-after-free in content::RenderFrameHostImpl::JavaScriptDialogClosed-2016-10-02
366687Heap-buffer-overflow in load_truetype_glyph-2016-10-02
366685Heap-buffer-overflow in CPDF_ColorSpace::TranslateImageLine-2016-10-02
366683UNKNOWN in libc.so.6-2016-10-02
366682UNKNOWN in CFXMEM_FixedMgr::AllocLarge-2016-10-02
366681UNKNOWN in CFXMEM_FixedMgr::Realloc-2016-10-02
366686Heap-buffer-overflow in j2k_read_ppm_v3-2016-10-02
366496Mobile Chrome Sync tokens used by the mobile Chrome browser can be used to push extensions.-2016-10-02
366688Heap-use-after-free in CPDFSDK_Document::GetInterForm-2016-10-02
366689Heap-use-after-free in opj_stream_read_data-2016-10-02
366182Use-after-free in std::_For_each<std::_Deque_unchecked_iterator<std::_Deque_val<std::_Deque_simple_types<appcache::App-2016-10-02
365359Malicious page can escalate to content script privilege level when content script modifies page DOM$10002016-10-02
366251Security: CSP policy matching can be used as a timing oracle-2016-10-02
365064Heap-use-after-free in WebCore::CompositedLayerMapping::~CompositedLayerMapping$20002016-10-02
365141Heap-use-after-free in media::Pipeline::StateTransitionTask-2016-10-02
377416Heap-use-after-free in WebCore::RenderBlockFlow::determineStartPosition-2016-10-02
377392Linux kernel futex() memory corruption vulnerability and exploit$100002016-10-02
377209UNKNOWN in v8::internal::MemoryChunk::heap-2016-10-02
377193Heap-use-after-free in SkPathRef::resetToSize-2016-10-02
377290UNKNOWN in v8::internal::Map::instance_type-2016-10-02
376951Security: webgl draw buffers extension can expose unitialized video memory to webpage$20002016-10-02
376802Heap-buffer-overflow in decoder_decode-2016-10-02
376748Heap-use-after-free in WebCore::ImageLoader::doUpdateFromElement-2016-10-02
377118Security: Close manually opened tab via scripting-2016-10-02
376800Heap-buffer-overflow in WebCore::TextResourceDecoder::checkForCSSCharset-2016-10-02
375954Heap-use-after-free in WebCore::ShapeOutsideInfo::isEnabledFor-2016-10-02
376438Heap-use-after-free in nextOnLine-2016-10-02
375672ThreadSanitizer reports a use-after-free in DomSerializerTests.SerializeHTMLDOMWithEmptyHead-2016-10-02
376433ASSERTION FAILED: obj->isRenderInline() || obj == this, UNKNOWN in WebCore::RenderBlockFlow::createLineBoxes-2016-10-02
374904ASSERTION FAILED: !node || (node->isShadowRoot()), UNKNOWN in WebCore::TextIterator::advance-2016-10-02
374443Heap-buffer-overflow in v8::internal::__RT_impl_Runtime_TypedArrayInitializeFromArrayLike-2016-10-02
374452Network icon should be updated when a VPN disconnects-2016-10-02
374052Heap-use-after-free in SkScaledImageCache::findAndLock-2016-10-02
373312Heap-buffer-overflow in WebRtcIsacfix_Decode-2016-10-02
374497Heap-use-after-free in WebCore::BaseMultipleFieldsDateAndTimeInputType::spinButtonElement-2016-10-02
374665Heap-use-after-free in WebCore::SQLiteStatement::prepare-2016-10-02
374176Security: no javascript: url pasting protection on android-2016-10-02
372525Security: heap write access due to integer overflow on bspatch implementations-2016-10-02
372413UNKNOWN in CFXMEM_Page::Free-2016-10-02
373283UNKNOWN in v8::internal::NoBarrier_Load-2016-10-02
372410Heap-buffer-overflow in CPDF_DIBSource::TranslateScanline24bpp-2016-10-02
372820ASSERTION FAILED: !value || (value->isStepsTimingFunctionValue()), UNKNOWN in WebCore::CSSToStyleMap::mapAnimationTimingFunction-2016-10-02
372411Global-buffer-overflow in CJS_PublicMethods::MakeFormatDate-2016-10-02
372110Heap-use-after-free in SkImageFilter::filterImage-2016-10-02
371380Heap-use-after-free in opj_read_from_memory-2016-10-02
372206Crash on content::WebURLLoaderImpl::cancel-2016-10-02
371813Heap-use-after-free in content::ResourceDispatcher::RemovePendingRequest-2016-10-02
371237Heap-buffer-overflow in SkBitmapHeap::getBitmap-2016-10-02
371240Global-buffer-overflow in SkBlitter::Choose-2016-10-02
369860Security: ASAN heap-use-after-free in SVGElement::propertyFromAttribute$20002016-10-02
385268Heap-use-after-free in WebCore::RenderBlock::computeBlockPreferredLogicalWidths-2016-10-02
385054UNKNOWN in v8::internal::Invoke-2016-10-02
385002Heap-buffer-overflow in v8::internal::Simulator::HandleRList-2016-10-02
384890Heap-use-after-free in WebCore::FrameLoaderStateMachine::advanceTo-2016-10-02
384662Security: Possible integer overflow in CFX_BasicArray::Append-2016-10-02
384365Heap-use-after-free in chrome_pdf::PDFiumPage::GetPage-2016-10-02
384223Security: http basic authentication dialog from background tab is displayed over the active tab-2016-10-02
383939Heap-use-after-free in JavaObjectWeakGlobalRef::get-2016-10-02
384891Heap-buffer-overflow in chrome_pdf::AlphaBlend-2016-10-02
383725[PowerProfiler] Browser crashes with active timeline recording for capturing power-2016-10-02
383777ASSERTION FAILED: positionOffset <= node->length()$10002016-10-02
383703ASSERT_WITH_SECURITY_IMPLICATION(i <= length) in WebCore::Document::processArguments-2016-10-02
382921Uninitialized members in OriginChipView-2016-10-02
382820Heap-buffer-overflow in CPDF_DeviceCS::TranslateImageLine-2016-10-02
382766Security: never build chrome-sandbox with ASAN coverage-2016-10-02
382667Security: Integer overflow from "offset + size" everywhere-2016-10-02
383704ASSERT_WITH_SECURITY_IMPLICATION(i <= length) in WebCore::WindowFeatures::WindowFeatures-2016-10-02
382260Heap-use-after-free in content::ThreadedDataProvider::Stop-2016-10-02
382639Security: Integer overflow in fpdfsdk/include/fsdk_mgr.h-2016-10-02
382522Heap-use-after-free in media::MidiManager::CompleteInitializationInternal-2016-10-02
382513UNKNOWN in v8::internal::Simulator::DecodeType2-2016-10-02
382279Heap-use-after-free in WebCore::HTMLFrameElementBase::openURL-2016-10-02
382601Integer overflow in FX_AllocStringW-2016-10-02
382243UNKNOWN in CFXMEM_FixedMgr::AllocLarge-2016-10-02
382242UNKNOWN in _CMapLookupCallback-2016-10-02
382241Heap-buffer-overflow in CPDF_TrueTypeFont::LoadGlyphMap-2016-10-02
382656Security: Integer overflow in ./core/include/fxcrt/fx_basic.h and ./core/include/fxcrt/fx_memory.h-2016-10-02
382606Security: Integer overflow in javascript/Document.cpp-2016-10-02
382239Heap-buffer-overflow in opj_j2k_update_image_data-2016-10-02
382121Heap-use-after-free in content::RenderFrameImpl::didFinishLoad-2016-10-02
381808Security: JavaScript can detect visited links via CSS nested <a><button> + getClientRects height (OSX)$10002016-10-02
381696Global-buffer-overflow in CFX_Font::LoadGlyphPath-2016-10-02
382240Stack-buffer-overflow in IccLib_Translate-2016-10-02
381521Heap-buffer-overflow in CFX_WideString::FromUTF16LE-2016-10-02
381534UNKNOWN in v8::internal::Invoke-2016-10-02
381465Crash when legacy EVP_PKEY outlives Java wrapper on Android 4.1.2.-2016-10-02
381200Security: OpenSSL CCS Vulnerability-2016-10-02
381031Attempting free in CJBig2_Context::~CJBig2_Context-2016-10-02
380885Security: Cache-based SOP-Bypass for Images$20002016-10-02
380723Heap-buffer-overflow in SkValidatingReadBuffer::readRect-2016-10-02
381244Heap-buffer-overflow in void SkMatrixConvolutionImageFilter::filterPixels<UncheckedPixelFetcher, true>-2016-10-02
380512UNKNOWN in v8::internal::Invoke-2016-10-02
379998Heap-use-after-free in WebCore::V8SVGTransformList::visitDOMWrapper-2016-10-02
379856Heap-use-after-free in content::PeerConnectionAudioSinkOwner::OnData-2016-10-02
379799UNKNOWN in unsafe_free-2016-10-02
379656Security: Integer overflow leads to buffer overflow in PDF_EncodeText-2016-10-02
380663Security: Safe Browsing for Executable Files can be bypassed by using the FileSystem API$5002016-10-02
379458Heap-buffer-overflow in WebRtcIsacfix_Decode-2016-10-02
379271Security: New UserGestureIndicator created for every touch event.-2016-10-02
378782Heap-buffer-overflow in matroska_read_seek-2016-10-02
378512Security: Clicking "export" in Certificate Viewer can cause navigation to arbitrary filesystem paths-2016-10-02
378469Heap-use-after-free in WebCore::GraphicsContext::drawImage-2016-10-02
378179Heap-use-after-free in cricket::ChannelManager::StopVideoCapture-2016-10-02
378175Heap-buffer-overflow in SkReadBuffer::readBitmap-2016-10-02
378167ASSERTION FAILED: value.isPrimitiveValue(), UNKNOWN in WebCore::StylePropertySerializer::backgroundRepeatPropertyValue-2016-10-02
387844Use-of-uninitialized-value in CPDF_StreamParser::ParseNextElement-2016-10-02
387843Use-of-uninitialized-value in EvalSegmentedFn-2016-10-02
387841Use-of-uninitialized-value in CPDF_DIBSource::TranslateScanline24bpp-2016-10-02
387840Use-of-uninitialized-value in T1_Load_Glyph-2016-10-02
387845Use-of-uninitialized-value in FPDFAPI_inflate-2016-10-02
387842Use-of-uninitialized-value in aes_decrypt_nb_4-2016-10-02
387837Use-of-uninitialized-value in opj_t2_read_packet_header-2016-10-02
387826Use-of-uninitialized-value in cmsXYZ2Lab-2016-10-02
387835Use-of-uninitialized-value in _DrawGouraud-2016-10-02
387834Use-of-uninitialized-value in CRYPT_ArcFourCryptBlock-2016-10-02
387833Use-of-uninitialized-value in CPDF_Parser::LoadCrossRefV4-2016-10-02
387832Use-of-uninitialized-value in CXML_Parser::SkipLiterals-2016-10-02
387831Use-of-uninitialized-value in CPDF_DeviceCS::GetRGB-2016-10-02
387827Use-of-uninitialized-value in CXML_Parser::SkipLiterals-2016-10-02
387838Use-of-uninitialized-value in CCodec_RLScanlineDecoder::Create-2016-10-02
387839Use-of-uninitialized-value in _CompositeRow_Argb2Rgb_NoBlend-2016-10-02
387836Use-of-uninitialized-value in CFX_Matrix::TransformRect-2016-10-02
387816Use-of-uninitialized-value in CXML_Parser::ParseElement-2016-10-02
387824Use-of-uninitialized-value in _A85Decode-2016-10-02
387820Use-of-uninitialized-value in CPDF_Function::Call-2016-10-02
387819Use-of-uninitialized-value in CPDF_SimpleParser::GetWord-2016-10-02
387818Use-of-uninitialized-value in CPDF_StreamParser::GetNextWord-2016-10-02
387817Use-of-uninitialized-value in _FaxG4GetRow-2016-10-02
387821Use-of-uninitialized-value in FXSYS_round-2016-10-02
387815Use-of-uninitialized-value in CPDF_RenderStatus::GetFillArgb-2016-10-02
387814Use-of-uninitialized-value in CXML_Parser::GetTagName-2016-10-02
387813Use-of-uninitialized-value in CXML_Parser::SkipLiterals-2016-10-02
387825Use-of-uninitialized-value in CLZWDecoder::Decode-2016-10-02
387822Use-of-uninitialized-value in CXML_Parser::GetCharRef-2016-10-02
387811Use-of-uninitialized-value in CStretchEngine::ContinueStretchHorz-2016-10-02
387809Use-of-uninitialized-value in CPDF_SeparationCS::GetRGB-2016-10-02
387808Use-of-uninitialized-value in _RGB_Blend-2016-10-02
387807Use-of-uninitialized-value in FXSYS_StrToInt<int,-2016-10-02
387806Use-of-uninitialized-value in CJBig2_Context::parseSegmentHeader-2016-10-02
387805Use-of-uninitialized-value in CJBig2_Context::parseSegmentHeader-2016-10-02
387803Use-of-uninitialized-value in CPDF_SimpleParser::ParseWord-2016-10-02
387812Use-of-uninitialized-value in IccLib_Translate-2016-10-02
387801Use-of-uninitialized-value in CPDF_DeviceNCS::GetRGB-2016-10-02
387800Use-of-uninitialized-value in _cmsReadHeader-2016-10-02
387802Use-of-uninitialized-value in CXML_Parser::ParseElement-2016-10-02
387798Use-of-uninitialized-value in CJBig2_Context::parseSymbolDict-2016-10-02
387796Use-of-uninitialized-value in CFX_MapByteStringToPtr::operator-2016-10-02
387793Use-of-uninitialized-value in CPDF_TrueTypeFont::LoadGlyphMap-2016-10-02
387792Use-of-uninitialized-value in compareCID-2016-10-02
387791Use-of-uninitialized-value in CPDF_Parser::LoadCrossRefV5-2016-10-02
387790Use-of-uninitialized-value in CPDF_Function::Call-2016-10-02
387789Use-of-uninitialized-value in CPDF_StreamParser::ReadString-2016-10-02
387788Use-of-uninitialized-value in CXML_Parser::ParseElement-2016-10-02
387786Use-of-uninitialized-value in CPDF_StreamParser::ReadHexString-2016-10-02
387785Use-of-uninitialized-value in CPDF_DeviceNCS::GetRGB-2016-10-02
387797Use-of-uninitialized-value in tt_glyph_load-2016-10-02
387783Use-of-uninitialized-value in CPDF_DataAvail::GetObject-2016-10-02
387778Use-of-uninitialized-value in CXML_Parser::GetCharRef-2016-10-02
387781Use-of-uninitialized-value in T1_Load_Glyph-2016-10-02
387780Use-of-uninitialized-value in _FaxGetRun-2016-10-02
387779Use-of-uninitialized-value in CPDF_Function::Call-2016-10-02
387784Use-of-uninitialized-value in PDF_DecodeText-2016-10-02
387777Use-of-uninitialized-value in MatShaperEval16-2016-10-02
387776Use-of-uninitialized-value in CPDF_Parser::LoadCrossRefV4-2016-10-02
387775Use-of-uninitialized-value in CPDF_RenderStatus::LoadSMask-2016-10-02
387774Use-of-uninitialized-value in CPDF_DataAvail::GetObject-2016-10-02
387506Use-of-uninitialized-value in FXSYS_round-2016-10-02
387782Use-of-uninitialized-value in CPDF_DIBSource::DownSampleScanline-2016-10-02
387389Heap-use-after-free in WebCore::DocumentV8Internal::getElementByIdMethodCallbackForMainWorld$20002016-10-02
387371Bad-cast to gfx::MultiAnimation from gfx::ThrobAnimation;tab.cc:1096:11-2016-10-02
387315Bad-cast to WebCore::HTMLLabelElement from WebCore::SVGUnknownElement;WebNode.h:164:16-2016-10-02
387313Use-of-uninitialized-value in t1_parse_font_matrix-2016-10-02
387211Bad-cast to WebCore::RenderInline from WebCore::RenderBlockFlow;RenderInline.h:195:1-2016-10-02
387037DownloadPathIsDangerous should verify that the path is a directory-2016-10-02
387033Navigation bypass for web -> file-2016-10-02
387031Security: V8 Array length getter override-2016-10-02
387016Bad-cast to WebCore::SpeechSynthesisUtterance from WebCore::SpeechSynthesis; V8EventTargetCustom.cpp:52:5-2016-10-02
387470Heap-use-after-free in WebCore::DocumentThreadableLoader::notifyFinished-2016-10-02
387014Use-of-uninitialized-value in CPDF_RenderStatus::GetStrokeArgb-2016-10-02
387013Use-of-uninitialized-value in CPDF_DIBSource::GetScanline-2016-10-02
387011Use-of-uninitialized-value in CPDF_StandardSecurityHandler::GetUserPassword-2016-10-02
387010Use-of-uninitialized-value in sfnt_open_font-2016-10-02
386730Use-of-uninitialized-value in CPDF_DeviceNCS::GetRGB-2016-10-02
386729Use-of-uninitialized-value in CPDF_RenderStatus::GetFillArgb-2016-10-02
386728Use-of-uninitialized-value in CPDF_DeviceCS::GetRGB-2016-10-02
386034UNKNOWN in v8::internal::Invoke-2016-10-02
386988Full chain exploit + sandbox escape: Array.concat -> extension install -> download exec$300002016-10-02
385691Bad cast from DevToolsNetworkTransactionFactory to HttpNetworkLayer-2016-10-02
385646Heap-buffer-overflow in vp9_resize_frame_buffers-2016-10-02
391570Stack-buffer-overflow in content::webcrypto::platform::CreatePublicKeyAlgorithm$10002016-10-02
391472Use-of-uninitialized-value in CPDF_DeviceNCS::GetRGB-2016-10-02
391470Use-of-uninitialized-value in CPDF_RenderStatus::DrawShading-2016-10-02
391301Use-of-uninitialized-value in cc::SolidColorDrawQuad::SetNew-2016-10-02
391023Uninitialized IPC message in OutOfProcessPPAPITest.ImageData-2016-10-02
391004Use-of-uninitialized-value in SkUnPreMultiply::UnPreMultiplyPreservingByteOrder-2016-10-02
391001Use-of-uninitialized-value in SkFlatDictionary<SkPaint, SkPaint::FlatteningTraits>::findAndReturnMutableF$5002016-10-02
391000Use-of-uninitialized-value in SkBitmap::setAlphaType-2016-10-02
390999Use-of-uninitialized-value in WebCore::OpaqueRegionSkia::markRectAsNonOpaque-2016-10-02
390997Use-of-uninitialized-value in FT_Outline_Get_Orientation-2016-10-02
390973Use-of-uninitialized-value in IPC::ChannelPosix::ProcessOutgoingMessages-2016-10-02
390970Use-of-uninitialized-value in IPC::ChannelPosix::ProcessOutgoingMessages-2016-10-02
390945Use-of-uninitialized-value in put_vp8_epel16_h6v6_c-2016-10-02
390944Use-of-uninitialized-value in vp3_h_loop_filter_c-2016-10-02
390941Use-of-uninitialized-value in vp8_h_loop_filter16_c-2016-10-02
390936Use-after-poison in WebCore::ThreadHeap<WebCore::FinalizedHeapObjectHeader>::addToFreeList-2016-10-02
390928Heap-use-after-free in v8::internal::GlobalHandles::Create$40002016-10-02
390711Security: umount can be called from non-root user via fusermount-2016-10-02
390567UNKNOWN in base::Time::LocalMidnight-2016-10-02
390709Security: Local Priv Esc - pppd malformed config file could lead to code execution in suid binary-2016-10-02
390601Use-of-uninitialized-value in CFX_WideString::InitStr-2016-10-02
390570Heap-use-after-free in WebCore::MediaValues::calculateMediaType-2016-10-02
390569Heap-use-after-free in WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths-2016-10-02
390624Security: Extensions can spoof the list of host permissions in the permission dialog$10002016-10-02
390563Heap-use-after-free in content::ChildSharedBitmapManager::FreeSharedMemory-2016-10-02
390314Use-of-uninitialized-value in WebCore::PositionOptions::PositionOptions-2016-10-02
390308Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2016-10-02
390304Use-of-uninitialized-value in webrtc::BuildMediaDescription-2016-10-02
390176Heap-use-after-free in WebCore::HTMLImportLoader::removeImport-2016-10-02
389285Heap-use-after-free in WebCore::RenderInline::inlineElementContinuation-2016-10-02
389316Use-of-uninitialized-value in WebCore::TransformationMatrix::blend-2016-10-02
389451Security: SDCH dictionary URL check can be bypassed-2016-10-02
389570Heap-buffer-overflow in convolveVertically_SSE2-2016-10-02
389573Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException-2016-10-02
389595Use-of-uninitialized-value in void v8::internal::Simulator::AddSubHelper<long>-2016-10-02
389734Security: You can spoof any domain in the URL bar$5002016-10-02
390069Use-of-uninitialized-value in read_tag_lutmABType-2016-10-02
390174Heap-use-after-free in WebCore::KURL::~KURL$20002016-10-02
389574Global-buffer-overflow in SkBitmap::ReadRawPixels-2016-10-02
389223Chromoting host ignores NAT traversal policy-2016-10-02
389219Use-of-uninitialized-value in WebCore::BiquadDSPKernel::updateCoefficientsIfNecessary$5002016-10-02
389216Use-of-uninitialized-value in WebCore::AudioContext::scheduleNodeDeletion-2016-10-02
389204CRASH: media::AudioRendererMixer::OnRenderError()-2016-10-02
388771Heap-use-after-free in extensions::V8SchemaRegistry::GetSchema-2016-10-02
388762Use-after-free in content::LegacyRenderWidgetHostHWND::UpdateParent-2016-10-02
388759NO STACK-2016-10-02
389280Use-of-uninitialized-value in validate_layout-2016-10-02
388757Use-after-free in WebCore::RenderBlockFlow::addOverhangingFloats-2016-10-02
388665Penguins Puzzle WebGL game frequent Aw Snap$30002016-10-02
388294Heap-use-after-free in v8::HandleScope::Initialize$10002016-10-02
388267Use-after-poison in WebCore::IDBDatabase::trace-2016-10-02
388135Use-of-uninitialized-value in CPDF_CMap::GetNextChar-2016-10-02
388134Use-of-uninitialized-value in _SetLum-2016-10-02
388133Use-of-uninitialized-value in CFX_BidiChar::AppendChar-2016-10-02
388070Heap-buffer-overflow in media::FFmpegDemuxer::Seek-2016-10-02
388058Heap-use-after-free in cc::PictureLayerTiling::TilingEvictionTileIterator::Initialize-2016-10-02
387861Use-of-uninitialized-value in FPDFAPI_FT_DivFix-2016-10-02
387852Use-of-uninitialized-value in aes_decrypt_nb_4-2016-10-02
387860Use-of-uninitialized-value in FXSYS_atoi-2016-10-02
387856Use-of-uninitialized-value in _JpegScanSOI-2016-10-02
387855Use-of-uninitialized-value in _FaxSkipEOL-2016-10-02
387854Use-of-uninitialized-value in CPDF_RenderStatus::DrawShading-2016-10-02
387853Use-of-uninitialized-value in FPDFAPI_inflate-2016-10-02
387857Use-of-uninitialized-value in CPDF_SimpleParser::ParseWord-2016-10-02
387850Use-of-uninitialized-value in FXSYS_atoi64-2016-10-02
387848Use-of-uninitialized-value in CPDF_Function::Call-2016-10-02
387847Use-of-uninitialized-value in opj_j2k_read_header_procedure-2016-10-02
387846Use-of-uninitialized-value in _FaxGetRun-2016-10-02
398235Security: possible another uninit memory with jpeg parsing-2016-10-02
397834Use-of-uninitialized-value in CFX_WideString::InitStr-2016-10-02
397835Use-of-uninitialized-value in chrome_pdf::PDFiumEngine::Paint-2016-10-02
398109Security: Potential kernel privilege escalation when CONFIG_PPPOL2TP is enabled-2016-10-02
397396Investigate lifetime of the NativeWindow parent in ExtensionUninstallDialog-2016-10-02
398198Use-after-free in blink::WebSharedWorkerImpl::stopWorkerThread$15002016-10-02
397258Integer overflow from "offset + size" in extension.h and fpdfview.cpp-2016-10-02
397549All of cc_unittests failing on yakju-clang-clankium-2016-10-02
397656Heap-use-after-free in media::Pipeline::ErrorChangedTask-2016-10-02
396961HTTP authentication dialog doesn't replace web contents when you type in to URL bar-2016-10-02
396447Hooking up a remote audio track to local media stream would crash-2016-10-02
396255Security: Uninitialized value possible in CJS_PublicMethods::MakeFormatDate-2016-10-02
396054Security: Microphone access not blocked if you lock your phone.$5002016-10-02
397130HandleCloserAgent skips every other handle-2016-10-02
395441Google Chrome not clearing the account data properly-2016-10-02
395411ASSERTION FAILED: actualInfo->derefObjectFunction == wrapperTypeInfo.derefObjectFunction, UNKNOWN in blink::V8Event::createWrapper$5002016-10-02
395410Heap-use-after-free in syncer::SyncBackupManager::Init$10002016-10-02
395409Use-after-free in blink::MediaQueryList::stop-2016-10-02
395679V8 executable page caps are dangerously high-2016-10-02
395641UNKNOWN in SkImageFilter::Common::unflatten-2016-10-02
395972Improper handling of calc parsing results in read access to pointer addresses-2016-10-02
395461Use-after-free in CPDFSDK_PageView::LoadFXAnnots-2016-10-02
395650SEGV in LocalWriteClosure::writeBlobToFileOnIOThread-2016-10-02
395351Security: Chrome XSS Filter Bypassing-2016-10-02
394902Use-after-free in several skia routines of memory freed by skia.dll!DWriteFontTypeface::`scalar deleting destructor'-2016-10-02
395266Security: CJS_PublicMethods::StrRTrim() looks suspicious, may under/overflow-2016-10-02
394026Heap-use-after-free in WebCore::Element::attrIfExists-2016-10-02
393981Uninitialized IPC message in PopupBlockerTabHelper::ShowBlockedPopup-2016-10-02
393833Use-of-uninitialized-value in content::webcrypto::platform::CreatePublicKeyAlgorithm-2016-10-02
393831Use-of-uninitialized-value in CJS_PublicMethods::MakeRegularDate-2016-10-02
393829Heap-use-after-free in blink::AXNodeObject::textUnderElement-2016-10-02
394222Use-of-uninitialized-value in final_reordering_syllable-2016-10-02
393938Uninitialized IPC message in PPB_Instance_Proxy::DeliverFrame-2016-10-02
393605Heap-use-after-free in CPDF_Color::~CPDF_Color-2016-10-02
393765Tracking bug for internal security fixes for Chrome 36, Release 0-2016-10-02
393595Use-after-free in WebCore::CustomElementMicrotaskRunQueue::dispatch-2016-10-02
393572Padlock is shown after refresh despite displaying mixed content-2016-10-02
393452UNKNOWN in memset-2016-10-02
393603Use-of-uninitialized-value in CPDF_RenderStatus::GetStrokeArgb-2016-10-02
393744Use-after-poison in WebCore::HeapPage<WebCore::FinalizedHeapObjectHeader>::markOrphaned-2016-10-02
393602Heap-buffer-overflow in CCodec_FlateModule::FlateOrLZWDecode-2016-10-02
393312Heap-use-after-free in WebCore::EventHandlerRegistry::documentDetached-2016-10-02
393425Use-after-free in WebCore::FileReader::doAbort-2016-10-02
393448Use-after-free in WebCore::CompositeEditCommand::replaceTextInNodePreservingMarkers-2016-10-02
393221Heap-use-after-free in net::IOBuffer::data-2016-10-02
393401Popups opened from a sandboxed iframe are not themselves sandboxed$5002016-10-02
392723Use-of-uninitialized-value in SkRect::setBoundsCheck-2016-10-02
392598Use-after-free crash [@BrowserWindowCocoa::UpdateDevTools]-2016-10-02
392719heap-use-after-free in CPDF_Color::~CPDF_Color-2016-10-02
392510login_ChromeProfileSanitary indicates that Chrome is writing cookies to the Login profile-2016-10-02
392720Use-of-uninitialized-value in CPDF_DocPageData::ReleaseColorSpace-2016-10-02
392721Use-of-uninitialized-value in CXML_Parser::GetTagName-2016-10-02
391929Potential integer overflow in fpdf_render_loadimage.cpp-2016-10-02
392718Use-of-uninitialized-value in extensions::FrameNavigationState::SetNavigationCommitted-2016-10-02
391905Use-of-uninitialized-value in icu_46::RegexMatcher::findUsingChunk-2016-10-02
391910Use-of-uninitialized-value in WebCore::ErrorEventV8Internal::linenoAttributeGetterCallback-2016-10-02
406562Vulnerability reported in net-misc/strongswan-2016-10-02
406557Vulnerability reported in x11-libs/pixman-2016-10-02
406142Heap-buffer-overflow in CFX_WideString::FromUTF16LE-2016-10-02
405588Heap-buffer-overflow in CPDF_DeviceCS::GetRGB-2016-10-02
406549Vulnerability reported in net-firewall/iptables-2016-10-02
406548Vulnerability reported in dev-libs/libxml2-2016-10-02
406546Vulnerability reported in dev-libs/expat-2016-10-02
406144Global-buffer-overflow in CFX_Font::LoadGlyphPath-2016-10-02
404529Heap-use-after-free in blink::ImageQualityController::highQualityRepaintTimerFired-2016-10-02
405416Stack-buffer-overflow in avpriv_aac_parse_header-2016-10-02
404511Bad-cast to blink::IDBRequest from invalid vptrblink::GarbageCollectedFinalized<blink::IDBRequest>::finalizeGarbageCollectedObject;blink::HeapPage<blink::FinalizedHeapObjectHeader>::sweep;blink::ThreadHeap<blink::FinalizedHeapObjectHeader>::sweep$35002016-10-02
405421Heap-use-after-free in CPDF_IndexedCS::~CPDF_IndexedCS-2016-10-02
405417Heap-use-after-free in SkOpSegment::addT$10002016-10-02
405335Heap-use-after-free in RemoteMediaPlayerManager::DidDownloadPoster-2016-10-02
404513Heap-use-after-free in blink::FileReader::doAbort-2016-10-02
403596Security: __lookupGetter__ and __lookupSetter__ can be used to leak all cross-origin data-2016-10-02
403276Heap-use-after-free in blink::Document::didRemoveAllPendingStylesheet$20002016-10-02
403013use-after-free in mojo::internal::WeakServiceProvider::Clear-2016-10-02
403665Heap-use-after-free in blink::TreeScopeAdopter::moveTreeToNewScope-2016-10-02
404300Security: Blink inadequately whitelists child frames by name in access checks-2016-10-02
404462Heap-use-after-free in blink::RenderBlockFlow::determineStartPosition-2016-10-02
403409V8 Runtime_ArrayConcat uninitialized memory leak$45002016-10-02
402479Use-after-free in IDMap<blink::WebIDBCallbacks,1>::Releaser<1,0>::release_all-2016-10-02
402407Heap-use-after-free in blink::RenderLayerScrollableArea::updateCompositingLayersAfterScroll$30002016-10-02
402297Heap-buffer-overflow in bracketAddOpening-2016-10-02
402263Heap-use-after-free in blink::MediaQueryMatcher::viewportChanged-2016-10-02
402260Heap-use-after-free in CPDF_Color::SetValue$30002016-10-02
402255Heap-use-after-free in blink::DocumentOrderedMap::add-2016-10-02
402957Use-after-free in speech - saying "Hello" during the incognito window has closed$20002016-10-02
402702Security: Potential unsafe random number generation-2016-10-02
402653Use-after-free from ASAN base::PlatformThreadRef::is_null()-2016-10-02
401993Heap-use-after-free in unsigned long std::__1::__tree<std::__1::__value_type<unsigned int, std::__-2016-10-02
402240Heap-buffer-overflow in vp9_decode_frame-2016-10-02
401463Bad-cast to blink::RenderBox from blink::RenderText;RenderBox.h:769:1$30002016-10-02
401372Heap-use-after-free in CPDF_IndexedCS::~CPDF_IndexedCS$30002016-10-02
401364Heap-use-after-free in base::subtle::RefCountedThreadSafeBase::Release-2016-10-02
401363Heap-use-after-free in blink::WebPagePopupImpl::closePopup-2016-10-02
401362Heap-use-after-free in blink::RenderBox::pixelSnappedClientHeight$20002016-10-02
402218Bad-cast to blink::MediaQueryListListener from invalid vptr;ScriptedAnimationController.cpp:181:9-2016-10-02
401995Heap-buffer-overflow in CFX_ByteTextBuf::AppendChar-2016-10-02
401580Heap-double-free in CFX_PathData::~CFX_PathData-2016-10-02
400511Use-after-free in content::WebThreadBase::TaskObserverAdapter::WillProcessTask-2016-10-02
400339Bad-cast to blink::ShadowRoot from blink::HTMLDocument;ShadowRoot.h:165:1-2016-10-02
400950Tracking bug for internal security fixes for Chrome 36, Release 1-2016-10-02
401115Security: UAF with Blob creation and Shared Workers$15002016-10-02
400996Heap-use-after-free in CPDF_TextStateData::~CPDF_TextStateData$20002016-10-02
400476Heap-use-after-free in blink::Event::path$30002016-10-02
399654UNKNOWN in v8::base::NoBarrier_Load-2016-10-02
399495Heap-use-after-free in blink::WorkerSharedTimer::OnTimeout$30002016-10-02
399473Security: setpriority() is broadly allowed and allows to interact with other processes-2016-10-02
399321Heap-use-after-free in blink::constructBidiRunsForLine-2016-10-02
398925Security: SPDY connection sharing logic errors allows for MITM$10002016-10-02
399783Chrome_ChromeOS: Crash Report - blink::GraphicsLayer::setContentsOpaque-2016-10-02
399768Security: NaCl inner sandbox escape on Windows due to mmap hole bug-2016-10-02
399655Bad-cast to SessionService from invalid vptr;bind_internal.h:248:12$15002016-10-02
398818Heap-use-after-free in blink::TreeScope::clearScopedStyleResolver-2016-10-02
398438Heap-use-after-free in blink::Document::didRemoveAllPendingStylesheet$20002016-10-02
398384Security: Crash in memcpy in chrome_pdf::CopyImage$30002016-10-02
411165Use-of-uninitialized-value in std::__1::pair<std::__1::pair<WTF::StringImpl**, bool>, unsigned int> WTF::-2016-10-02
411160Use-of-uninitialized-value in cc::GLRenderer::EnqueueTextureQuad-2016-10-02
411163Use-of-uninitialized-value in FXSYS_round-2016-10-02
411162Use-of-uninitialized-value in webrtc::AudioDecoder::ConvertSpeechType-2016-10-02
411161Use-of-uninitialized-value in CPDF_RenderStatus::GetFillArgb-2016-10-02
411154Use-of-uninitialized-value in CPDF_DocPageData::ReleasePattern-2016-10-02
411026Heap-use-after-free in blink::PersistentBase<blink::ThreadLocalPersistents<-2016-10-02
410912UNKNOWN in v8::internal::MemoryChunk::IsFlagSet-2016-10-02
410556UNKNOWN in v8::internal::JSFunction::context$30002016-10-02
410552Heap-buffer-overflow in SkOpSegment::findNextOp$15002016-10-02
410326Heap-use-after-free in CPDFSDK_PageView::LoadFXAnnots-2016-10-02
411156Use-of-uninitialized-value in vp3_h_loop_filter_c-2016-10-02
411159Use-of-uninitialized-value in content::MessageChannel::DrainEarlyMessageQueue-2016-10-02
411133Bad-cast to cricket::WebRtcVoiceMediaChannel from webrtc::NetEqImpl;webrtcvideoengine.cc:1599:9-2016-10-02
409695Heap-buffer-overflow in CPDF_DIBSource::GetScanline-2016-10-02
409692Heap-buffer-overflow in CPDF_DIBSource::GetScanline-2016-10-02
409508Heap-use-after-free in blink::PODIntervalTree<int,blink::FloatingObject-2016-10-02
409507Use-of-uninitialized-value in CFX_ByteString::~CFX_ByteString-2016-10-02
410030CHECK failure in CHECK(!v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject())) fa-2016-10-02
409880Heap-use-after-free in cricket::WebRtcVoiceMediaChannel::SetupSharedBandwidthEstimation-2016-10-02
409454Fetch event shouldn't fire for preflight requests-2016-10-02
409506Heap-use-after-free in blink::AXNodeObject::document-2016-10-02
409030After lock my Account login directly after clicking on google task manager-2016-10-02
409023Heap-buffer-overflow in SkScalerContext_DW::generateImage-2016-10-02
408739Heap-use-after-free in content::MessageChannel::DrainEarlyMessageQueue-2016-10-02
409475Heap-buffer-overflow in CPDF_DIBSource::GetScanline$30002016-10-02
409373Heap-use-after-free in CPDF_Color::~CPDF_Color$10002016-10-02
408426Security: Page can run arbitrary code in the context of a UserGestureIndicator-2016-10-02
408541Heap-buffer-overflow in CPDF_DIBSource::GetScanline$30002016-10-02
408154Heap-buffer-overflow in CPDF_DIBSource::DownSampleScanline-2016-10-02
408164Heap-use-after-free in CPDF_ShadingObject::~CPDF_ShadingObject$10002016-10-02
408532Heap-use-after-free in CFX_BaseSegmentedArray::Iterate$10002016-10-02
408160Bad-cast to blink::HTMLUnknownElement from blink::HTMLElement;ScriptWrappable.h:90:16-2016-10-02
407488Global-buffer-overflow in CFX_Font::LoadGlyphPath$10002016-10-02
407964Heap-buffer-overflow in opj_t2_read_packet_header$10002016-10-02
407341Stack-buffer-overflow in cf2_hintmap_build-2016-10-02
407339Vulnerability reported in elfutils-2016-10-02
407477Heap-use-after-free in blink::EventHandlerRegistry::documentDetached-2016-10-02
408141Heap-buffer-overflow in CPDF_LabCS::TranslateImageLine$30002016-10-02
407614Heap-buffer-overflow in TIFF_PredictLine-2016-10-02
407476Heap-buffer-overflow in CJPX_Decoder::Init-2016-10-02
406879Heap-use-after-free in cc::LayerTreeHost::RecreateUIResources-2016-10-02
406868Heap-use-after-free in CPDF_Object::Release$15002016-10-02
406850Bad-cast to blink::AudioSummingJunction from invalid vptr;AudioContext.cpp:787:9-2016-10-02
406806Heap-buffer-overflow in CPDF_ICCBasedCS::GetRGB-2016-10-02
406600Heap-buffer-overflow in CPDF_DIBSource::GetScanline$5002016-10-02
406895Heap-buffer-overflow in CPDF_DIBSource::GetScanline-2016-10-02
406908Heap-buffer-overflow in CPDF_DIBSource::TranslateScanline24bpp$10002016-10-02
407235libcurl: Wildcard IP in cert's CN field can allow server spoof-2016-10-02
406871ASSERTION FAILED: offset + length <= m_length, UNKNOWN in blink::InlineTextBox::constructTextRun-2016-10-02
406591Heap-buffer-overflow in CPDF_SyntaxParser::SearchWord$5002016-10-02
406593Draw the image outside of the inline frame$15002016-10-02
415689Add an HSTS and key pin preload rule for chrome.com-2016-10-02
415866Use-of-uninitialized-value in SkOpSegment::addTCoincident$20002016-10-02
415305UNKNOWN in blink::HRTFDatabaseLoader::load-2016-10-02
415256SSLBlockingPage option mask isn't ORed-2016-10-02
415012Heap-use-after-free in content::BrowserPlugin::~BrowserPlugin-2016-10-02
415307Heap-buffer-overflow in chrome_pdf::PDFiumEngine::GetPageRect$15002016-10-02
415407ASSERTION FAILED: curr->isRenderInline(), UNKNOWN in blink::RenderInline::splitInlines-2016-10-02
415306Heap-use-after-free in scoped_refptr<base::MessageLoopProxy>::operator=-2016-10-02
414504Heap-use-after-free in opj_t1_decode_cblks$10002016-10-02
414310Heap-buffer-overflow in opj_jp2_apply_cdef$10002016-10-02
414182Heap-buffer-overflow in opj_t2_read_packet_header-2016-10-02
414134Use-of-uninitialized-value in cricket::WebRtcVoiceMediaChannel::SetupSharedBweOnChannel-2016-10-02
414606Heap-buffer-overflow in opj_v4dwt_interleave_h$30002016-10-02
414661Security: heap-use-after-free in CPDF_ShadingPattern::Clear()-2016-10-02
414525Heap-buffer-overflow in opj_dwt_decode$30002016-10-02
414109Use-of-uninitialized-value in unsigned int blink::WidthIterator::advanceInternal<blink::SurrogatePairAwareTextIterator>$10002016-10-02
414100ASSERTION FAILED: node->isMediaControlElement(), UNKNOWN in blink::mediaControlElementType-2016-10-02
414089Heap-double-free in j2k_read_ppm_v3$30002016-10-02
414046Heap-use-after-free in CPDF_ImageObject::~CPDF_ImageObject$20002016-10-02
414036UNKNOWN in libc.so.6$20002016-10-02
414124Security: TLS handshake and certificate signature forgery is possible using Bleichenbacher’s Low-Exponent Attack due to faulty ASN.1 length decoding$50002016-10-02
414118Heap-use-after-free in content::ServiceWorkerControlleeRequestHandler::DidLookupRegistrationForMai-2016-10-02
413850Use-of-uninitialized-value in chrome_pdf::PDFiumEngine::OnMouseMove-2016-10-02
414026Do Not Cache Resources Retrieved Via Broken HTTPS in AppCache Or Service Worker$5002016-10-02
413744Heap-use-after-free in JavaObjectWeakGlobalRef::Assign-2016-10-02
413743Heap-use-after-free in void cc::PreCalculateMetaInformation<cc::LayerImpl>-2016-10-02
413706Security: Hotspot+appcache allows permanent sslstrip attack-2016-10-02
413534Bad-cast to blink::AXMenuList from blink::AXList;AXMenuList.h:58:1-2016-10-02
413884Security: bug in nvmap Nvidia driver allows for privilege escalation.-2016-10-02
413831Security: Issue with facetime:// and facetime-audio:// schemes-2016-10-02
413375Negative-size-param in opj_t2_decode_packets$10002016-10-02
413316Use-after-free in blink::LocalDOMWindow::willDetachDocumentFromFrame-2016-10-02
413094Security: ServiceWorker onfetch should not intercept Flash files or crossdomain.xml-2016-10-02
413041Use-after-free in blink::ScriptWrappable::wrap-2016-10-02
412790Use-of-uninitialized-value in FindSortableTop-2016-10-02
413530Heap-use-after-free in blink::FrameView::scheduleRelayout-2016-10-02
413447Heap-double-free in opj_tcd_code_block_dec_deallocate-2016-10-02
413232Use-of-uninitialized-value in v8::internal::JSObject::UpdateAllocationSite-2016-10-02
412457Heap-buffer-overflow in tt_face_get_location-2016-10-02
411323Heap-use-after-free in content::RenderFrameImpl::Send-2016-10-02
411320Heap-use-after-free in media::TimeDeltaInterpolator::GetInterpolatedTime-2016-10-02
411318Heap-use-after-free in content::BufferedDataSource::ReadCallback-2016-10-02
411735Use-after-free in blink::V8SVGFEMergeNodeElement::refObject-2016-10-02
411329Use-of-uninitialized-value in SkColorTypeValidateAlphaType-2016-10-02
411177Use-of-uninitialized-value in chrome_pdf::PageIndicator::OnTimerFired-2016-10-02
411167Use-of-uninitialized-value in WebCore::RenderTableSection::dirtiedRows-2016-10-02
411213Possible out of bounds access in BreakIterator class-2016-10-02
411210CHECK failure in CHECK(start <= end) failed: ../../v8/src/heap/spaces.cc(1722)-2016-10-02
422621Security: Cloud Print Connect XMPP connection leaks auth token to active network attacker-2016-10-02
422492Heap-buffer-overflow in SkOpSegment::blindCoincident$10002016-10-02
421981Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2016-10-02
421817Security: handleAuthenticatorUrl to launch any activity from web page$20002016-10-02
421720Crash in RenderBlock::willBeDestroyed when removing from a map and destroying a continuation that has been already destroyed-2016-10-02
422482Use-of-uninitialized-value in AvatarMenuBubbleView::LinkClicked-2016-10-02
422374Google Account Sync auth token leaked to active network attacker who suppresses XMPP STARTTLS-2016-10-02
421500Use-of-uninitialized-value in extensions::NativeMessageProcessHost::OnHostProcessLaunched-2016-10-02
421332Security: Completely spoofable origin, including lock sign$10002016-10-02
421504Heap-use-after-free in blink::XMLHttpRequest::handleRequestError-2016-10-02
421321Security: Use-after-free in blink::PageAnimator::serviceScriptedAnimations-2016-10-02
421196Security: intra-object-overflow in third_party/pdfium/core/src/fpdfapi/fpdf_cmaps/fpdf_cmaps.cpp-2016-10-02
421499Use-of-uninitialized-value in ucase_toupper_52-2016-10-02
421691Security: Accelerometer/gyroscope leak keystrokes and speech-2016-10-02
421090Security: NaCl sandbox escape via DRAM "rowhammer" memory corruption-2016-10-02
420450Heap-use-after-free in blink::RenderBlock::willBeDestroyed-2016-10-02
421130Heap-use-after-free in blink::Element::setAttribute-2016-10-02
421132Stack-buffer-underflow in SkDPoint::approximatelyEqual$15002016-10-02
419542Potential UAF in SSLErrorClassification during shutdown in tests-2016-10-02
419774Heap-use-after-free in blink::HarfBuzzShaper::setGlyphPositionsForHarfBuzzRun-2016-10-02
419428Uninit in featureWithPositiveInteger-2016-10-02
419383Security: SOP Bypass of Data Exfiltration with CSS$13372016-10-02
419265ASSERTION FAILED: fontPlatformData, Heap-use-after-free in base::MessageLoop::PostTask-2016-10-02
419060Heap-use-after-free in vorbis_decode_frame$15002016-10-02
419036UNKNOWN in v8::internal::Invoke-2016-10-02
418976Heap-buffer-overflow in opj_tcd_get_decoded_tile_size$5002016-10-02
418881Heap-buffer-overflow in color_sycc_to_rgb$10002016-10-02
418585Heap-buffer-overflow in cff_get_glyph_name-2016-10-02
419320Heap-use-after-free in CPDF_GeneralStateData::~CPDF_GeneralStateData-2016-10-02
418402Security: Cross-Page and Cross-Domain Propagation of Click events on Mobile Devices$10002016-10-02
418381Heap-buffer-overflow in SkOpSegment::addCoinOutsides$15002016-10-02
418114Use-after-free in base::MessageLoop::DeleteSoonInternal-2016-10-02
417841Mixed content resources (e.g. scripts) can be loaded using redirection$10002016-10-02
418582Heap-buffer-overflow in tt_cmap6_char_index-2016-10-02
418161Heap-buffer-overflow in void SkMatrixConvolutionImageFilter::filterPixels<ClampPixelFetcher, false>$20002016-10-02
417210ThreadSanitizer v2 reports a heap-use-after-free in _get_bitmap_surface-2016-10-02
417731Heap-use-after-free in blink::BaseMultipleFieldsDateAndTimeInputType::pickerIndicatorChooseValue-2016-10-02
416526V8 slow/fast properties confusion-2016-10-02
416696Container-overflow in chrome_pdf::PDFiumEngine::SelectFindResult-2016-10-02
417329Security: code execution via bash environment variables-2016-10-02
416528Out-of-bounds write in the browser via P2PHostMsg_Send IPC-2016-10-02
416319Heap-use-after-free in CPDF_Color::~CPDF_Color-2016-10-02
416323UNKNOWN in TcmapEncodingTable::GetSubtableAtIndex$10002016-10-02
416449Chrome exploit: V8 properties + P2PHostMsg_Send$276342016-10-02
416289Heap-buffer-overflow in GrBufferAllocPool::putBack-2016-10-02
416362Potential UAF at WebCore::TimerBase::setNextFireTime$20002016-10-02
426890A vulnerability in run-mailcap can lead to code execution on Debian-based Linux distros with certain (nonstandard) desktop environments$5002016-10-02
426762Use-of-uninitialized-value in blink::Font::glyphDataAndPageForCharacter$10002016-10-02
426760Bad-cast to blink::ScriptWrappable from invalid vptr;ScriptWrappable.h:202:9-2016-10-02
426758Heap-use-after-free in blink::ScriptStreamer::notifyFinished-2016-10-02
426757Use-after-free in blink::RenderSVGResourcePattern::patternForRenderer-2016-10-02
425280Security: Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome$20002016-10-02
425263Security: wpa_supplicant CVE-2014-3686-2016-10-02
425153Heap-buffer-overflow in j2k_read_ppm_v3-2016-10-02
425152Heap-buffer-overflow in opj_stream_read_data-2016-10-02
425151Heap-buffer-overflow in opj_tcd_init_decode_tile-2016-10-02
425150Heap-use-after-free in opj_t1_decode_cblks-2016-10-02
425040Heap-use-after-free in CFX_BaseSegmentedArray::Iterate-2016-10-02
425980UNKNOWN in media::container_names::DetermineContainer$5002016-10-02
425856Global-buffer-overflow in SkStrSearch-2016-10-02
425585Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException$25002016-10-02
424998Heap-use-after-free in SkTypefaceCache::FindByProcAndRef-2016-10-02
425001ASSERTION FAILED: repetitions > 0, UNKNOWN in blink::CSSPropertyParser::parseGridTrackRepeatFunction-2016-10-02
424961Security: Local file access in plugins via chrome-extension protocol handler vulnerability-2016-10-02
424957Use-of-uninitialized-value in blink::TransformationMatrix::rotate3d-2016-10-02
424956Bad-cast to blink::RenderText from blink::RenderImage;RenderText.h:230:1-2016-10-02
425006Heap-use-after-free in blink::WebGLRenderingContextBase::printGLErrorToConsole-2016-10-02
424999Use-of-uninitialized-value in aura::Window::GetNativeWindowProperty-2016-10-02
424981Security: Flash Camera.copyToByteArray() memory corruption-2016-10-02
424331UNKNOWN in opj_read_bytes_LE$10002016-10-02
424215Heap-buffer-overflow in WebRtcIsacfix_Decode-2016-10-02
423899Security: UAF in CFX_DIBSource::GetWidth()-2016-10-02
423891Bad-cast to blink::PODRedBlackTree<blink::PODInterval<int, blink::FloatingObject *> >::Node from invalid vptr;PODIntervalTree.h:175:33-2016-10-02
423703Security: Race condition in Flash workers may cause an exploitable double free$75002016-10-02
424619Reading from index -Infinity on typed array may cause random memory corruption (?)-2016-10-02
424914ASSERTION FAILED: !current.value()->isInheritedValue(), Heap-use-after-free in blink::Element::detach-2016-10-02
424216Heap-use-after-free in content::GpuChannelHost::Send-2016-10-02
422765Heap-use-after-free in net::ClientCertStoreNSS::GetClientCertsOnWorkerThread-2016-10-02
422693UNKNOWN in SuperBlitter::blitH$20002016-10-02
423084Chrome on iOS does not block active mixed content (scripts)-2016-10-02
422824Heap-buffer-overflow in icu_52::RegexMatcher::MatchChunkAt$40002016-10-02
429779Heap-use-after-free in SetVolume-2016-10-02
429922Security: A compromised renderer process could dismiss interstitial warnings it triggers-2016-10-02
429740Heap-use-after-free in content::RTCPeerConnectionHandler::Observer::OnIceCandidate-2016-10-02
429838Security: OpenSearch description files can be loaded from file:// URLs$5002016-10-02
429778UNKNOWN in webrtc::SdpSerialize-2016-10-02
429626heap-buffer-overflow (read of size 1) at an unpronounceable function below SkScalerContext_FreeType_Base::generateGlyphImage-2016-10-02
429679Heap-use-after-free in BookmarkContextMenuController::IsCommandIdEnabled-2016-10-02
429585Heap-use-after-free in GetStats-2016-10-02
429666Heap-use-after-free in blink::Node::setNeedsStyleRecalc$20002016-10-02
429542Security: file-to-file SOP bypass on Linux via /proc/self/fd/-2016-10-02
429276Security: Use after free in Flash (StageVideoAvailabilityEvent) can make bad things happen$75002016-10-02
429379Use-of-uninitialized-value in SkPath::arcTo-2016-10-02
429201Heap-use-after-free in cc::PictureLayerTiling::UpdateEvictionCacheIfNeeded-2016-10-02
429194Use-of-uninitialized-value in v8::internal::HOptimizedGraphBuilder::BuildBinaryOperation-2016-10-02
429166Security: Heap Memory Corruption off-by-one (Overwrite 0x2C with 0x00) in ffmpeg function matroska_fix_ass_packet-2016-10-02
429477Heap-use-after-free in TrackOnSuccess-2016-10-02
429478Heap-use-after-free in blink::WebGLRenderingContextBase::printGLErrorToConsole-2016-10-02
429244CSP Bypass on M39-2016-10-02
428829Heap-use-after-free in subtle::PrefMemberBase::VerifyPref-2016-10-02
428828Heap-use-after-free in content::IndexedDBDatabase::RunVersionChangeTransaction-2016-10-02
428800Heap-buffer-overflow in epoll_add-2016-10-02
428789Heap-use-after-free in SkXfermodeImageFilter::~SkXfermodeImageFilter-2016-10-02
428578Multiple Windows Kernel Crashes in Font Parsing$65002016-10-02
428561Heap-use-after-free in base::SupportsUserData::GetUserData$15002016-10-02
429139Heap-buffer-overflow in opj_t1_decode_cblks-2016-10-02
429134Heap-buffer-overflow in CPDF_LabCS::GetDefaultValue-2016-10-02
428557Stack-buffer-overflow in _XData32$20002016-10-02
427397Heap-buffer-overflow in blink::CSPSourceList::parseHash-2016-10-02
427272Security: UaF in FileSelectHelper::FileSelectedWithExtraInfo$10002016-10-02
427266Heap-use-after-free in matroska_read_seek$20002016-10-02
427249ASSERTION FAILED: m_pendingStylesheets > 0, Heap-use-after-free in blink::StyleEngine::clearResolver$20002016-10-02
427196console.log is breaking chrome://extensions-2016-10-02
428137Heap-buffer-overflow in void v8::internal::String::WriteToFlat<unsigned short>-2016-10-02
427303UNKNOWN in blink::HRTFDatabaseLoader::load-2016-10-02
427108Heap-use-after-free in blink::PendingScript::stopWatchingForLoad$20002016-10-02
436022Security: Race condition in workers may cause an exploitable double free by abusing bytearray.compress()$75002016-10-02
435825UNKNOWN in v8::internal::String::length-2016-10-02
435815Bad-cast to blink::RenderTable from blink::RenderBlockFlow;RenderTable.h:366:1-2016-10-02
435567Use-of-uninitialized-value in void v8::internal::ScavengingVisitor<-2016-10-02
435514Heap-use-after-free in rdft_calc_c-2016-10-02
435383Heap-based buffer overflow in Flash PCRE regex engine$30002016-10-02
435073CHECK failure in CHECK(p->IsSmi()) failed: ../../v8/src/objects-debug.cc(32)$35002016-10-02
435880Heap-buffer-overflow in std::less<std::string>::operator$45002016-10-02
434970Heap-use-after-free in blink::ScopedStyleResolver::collectFeaturesTo-2016-10-02
434964Chrome's uninstaller launches IE w/ an unquoted path to iexplore.exe-2016-10-02
434733Use-after-free in blink::ResourceFetcher::didFinishLoading-2016-10-02
434732ASSERTION FAILED: !m_deletionHasBegun, UNKNOWN in blink::Node::remove-2016-10-02
434972Heap-use-after-free in webrtc::internal::SynchronousMethodCall::Invoke-2016-10-02
434723Heap-use-after-free in content::MediaStreamTrackMetricsObserver::SendLifetimeMessages-2016-10-02
434569Security: Heap-use-after-free in SupportsUserData::GetUserData$5002016-10-02
434728Use-after-free in blink::RenderLayer::updatePagination-2016-10-02
434499Security: Hera color from previous page remains on interstitial load-2016-10-02
433866Use-of-uninitialized-value in getNextNormalizedChar$10002016-10-02
433860Use-after-free in blink::AXObject::document-2016-10-02
434136WebAudio render that coincides with GC graph mutation can cause snap$40002016-10-02
433359UNKNOWN in void SkMatrixConvolutionImageFilter::filterPixels<UncheckedPixelFetcher, fa-2016-10-02
433357Use-after-free in blink::HTMLPlugInElement::renderPartForJSBindings-2016-10-02
433078Security: OOB read in dhcpcd-2016-10-02
433445UNKNOWN in v8::internal::FixedArray::get$15002016-10-02
433170Media permission not displayed in PageInfo-2016-10-02
432209Heap-buffer-overflow in icu_52::RegexMatcher::MatchChunkAt-2016-10-02
432575ASSERTION FAILED: offset + length <= m_length, UNKNOWN in blink::InlineTextBox::constructTextRun-2016-10-02
432572Heap-use-after-free in std::unordered_map<int,enum gfx::GpuMemoryBufferType,std::hash<int>,std::eq-2016-10-02
431504Security: Cookie injection by Proxy with 407 response$5002016-10-02
431288Heap-buffer-overflow in opj_tcd_init_decode_tile$5002016-10-02
431860Heap-use-after-free in v8::internal::Isolate::counters-2016-10-02
431602UNKNOWN in v8::internal::RootMarkingVisitor::MarkObjectByPointer-2016-10-02
431603ASSERTION FAILED: to <= m_run.length(), UNKNOWN in blink::HarfBuzzShaper::setDrawRange-2016-10-02
430787UNKNOWN in v8::internal::HeapObjectIterator::FromCurrentPage-2016-10-02
430786Heap-use-after-free in webrtc::PeerConnection::OnAddDataChannel-2016-10-02
430630Security: Content settings (e.g. disallow images/javascript) not honored on frames created while interstitial is showing-2016-10-02
430925Heap-use-after-free in webrtc::PeerConnection::OnSessionStateChange-2016-10-02
430928Heap-use-after-free in webrtc::RemoteAudioSource::SetVolume-2016-10-02
430891Heap-buffer-overflow in opj_j2k_tcp_destroy$20002016-10-02
430533Heap-use-after-free in cc::ResourceProvider::ScopedWriteLockGpuMemoryBuffer::GetGpuMemoryBuffer-2016-10-02
430353UNKNOWN in icu_52::RegexMatcher::MatchChunkAt$50002016-10-02
430351Heap-buffer-overflow in blink::CSPSourceList::parseNonce-2016-10-02
430588Security: backport seccomp-tsync-2016-10-02
430566Heap-buffer-overflow in opj_jp2_apply_pclr$5002016-10-02
442710Stack-buffer-overflow in v8::internal::MarkCompactCollector::SweepInParallel$30002016-10-02
442756Security: Denial of service attack against third-parties using web sockets-2016-10-02
442585Security: Flash Player RegExp Object Integer Signedness Error$40002016-10-02
442454Use-after-free in blink::RenderLayer::invalidatePaintForBlockSelectionGaps-2016-10-02
442806Heap-use-after-free in blink::TreeScopeEventContext::ensureEventPath$30002016-10-02
442670Security: NPAPI windowless flash can listen system input events (bypassing browser)-2016-10-02
441834Chromoting host must call CloseClipboard() with anonymous access token-2016-10-02
442121ASSERTION FAILED: !value || (value->isValueList())$20002016-10-02
440694Security: Windows Token Hardening - Ensure Opening of Named Pipes Specifies Anonymous Impersonation Level-2016-10-02
440834Use-after-free in blink::HTMLImageFallbackHelper::createAltTextShadowTree-2016-10-02
440833Heap-buffer-underflow in blink::AXRenderObject::computeAccessibilityIsIgnored-2016-10-02
440990Security: module locking can be disable after boot in verified mode-2016-10-02
440693Security: Windows Token Hardening - Impersonate Anonymous Token Across CloseClipboard Calls-2016-10-02
440692Security: Windows Token Hardening - Modify Broker Process Token IL Policy-2016-10-02
440572Security: Circumvent Safe Browsing with data urls-2016-10-02
441095Heap-use-after-free in blink::ResourceResponse::~ResourceResponse-2016-10-02
440836Bad-cast to blink::Element from blink::CDATASection;Element.h:651:1-2016-10-02
440268Security: Encoded script URL can get around the path restriction-2016-10-02
439992Use-of-uninitialized-value in icu_52::RegexMatcher::findUsingChunk-2016-10-02
439877Security: HTML Imports ignores Content-Type and Content-Disposition headers.-2016-10-02
440435Heap-use-after-free in base::MessageLoop::PostTask-2016-10-02
439319Use-after-free in blink::TreeScope::comparePosition-2016-10-02
438638Use-after-free in blink::AXSpinButton::elementRect-2016-10-02
438364Heap-use-after-free in blink::VectorMath::vadd-2016-10-02
438363UNKNOWN in avio_read-2016-10-02
438157Windows Sandbox: Chromium's FILES_ALLOW_READONLY policy can be bypassed to create empty files or delete the contents of existing files-2016-10-02
437960chrome.identity.getAuthToken leaks master-token and gives attacker a full control over a two-factor-protected Google account-2016-10-02
438365Heap-use-after-free in views::X11WholeScreenMoveLoop::RunMoveLoop-2016-10-02
437681ASSERTION FAILED: !result, Heap-use-after-free in blink::DirectConvolver::process-2016-10-02
437655Heap-use-after-free in vp9_setup_mask-2016-10-02
437636Bad-cast to blink::AudioNode from invalid vptr;AudioNode.cpp:401:13-2016-10-02
437472Heap-buffer-overflow in android::BlobCache::flatten-2016-10-02
437464Use-of-uninitialized-value in udev_monitor_enable_receiving-2016-10-02
437682Heap-use-after-free in blink::AudioChannel::zero-2016-10-02
437651Heap-use-after-free in void blink::ImageDecodingStore::insertCacheInternal<blink::ImageDecodingSto$30002016-10-02
437399Heap-buffer-overflow in blink::BidiResolver<blink::InlineIterator, blink::BidiRun>::applyL1Rule$5002016-10-02
436520Heap-buffer-overflow in content::RtcDataChannelHandler::OnStateChange-2016-10-02
437458Heap-buffer-overflow in blink::Character::expansionOpportunityCount-2016-10-02
437441Security: Use After Free in Flash MessageChannel.send()$50002016-10-02
447773ASSERTION FAILED: !node || isElementOfType<const T>(*node)-2016-10-02
447644Use-of-uninitialized-value in blink::DocumentAnimations::updateAnimationTimingIfNeeded-2016-10-02
447567UNKNOWN in v8::internal::JSFunction::shared-2016-10-02
446672UNKNOWN in libc.so.6-2016-10-02
446538File download .dotfiles sanitization fails when the file starts with a space-2016-10-02
446537Add "Show hidden files" to gear menu-2016-10-02
447664ASSERTION FAILED: !value || (value->isPrimitiveValue())-2016-10-02
446164Security: Integer Overflow in WebGL$30002016-10-02
446078Persistent DoS attack on storage space on Chrome OS-2016-10-02
446076ASSERTION FAILED: !m_deletionHasBegun-2016-10-02
446037Use-after-free in blink::RenderQuote::attachQuote-2016-10-02
446033UNKNOWN in Read_CVT$10002016-10-02
446032Security: OOM situation can result in heap buffer overflow in CFX_BinaryBuf (pdfium)$30002016-10-02
446459Security: Proxy credential leak: WebSockets send proxy headers to destination server-2016-10-02
445831UNKNOWN in SA8_alpha_D32_nofilter_DX-2016-10-02
445808Stack-buffer-overflow in SkPackBits::Unpack8$20002016-10-02
445809Heap-buffer-overflow in SkBitmap::ReadRawPixels$50002016-10-02
445902Use-of-uninitialized-value in GrBitmapTextGeoProc::getGLProcessorKey-2016-10-02
445807Global-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase$50002016-10-02
445810Heap-buffer-overflow in SkImageFilter::Common::unflatten$50002016-10-02
445741Heap-use-after-free in base::MessageLoop::DeleteSoonInternal-2016-10-02
445747Use-after-free in std::_Tree<std::_Tmap_traits<base::FilePath,bool,std::less<base::FilePath>,-2016-10-02
445653Security: Potential bugs/vulnerabilities in GPU code-2016-10-02
445638ASSERT_NOT_REACHED in blink::LengthStyleInterpolation::interpolableValueToLength-2016-10-02
445332ASSERTION FAILED: !value || (value->isPrimitiveValue())$15002016-10-02
445305Use-of-uninitialized-value in blink::MediaControls::shouldHideMediaControls-2016-10-02
445304ASSERTION FAILED: obj->isRenderInline() || obj == this-2016-10-02
445679Memory error when importing bogus EC private key from PKCS8 into BoringSSL-2016-10-02
445303Heap-buffer-overflow in void blink::SearchBuffer::append<unsigned char>-2016-10-02
445285Heap-use-after-free in blink::ShapeOutsideInfo::isEnabledFor$20002016-10-02
445267UNKNOWN in v8::internal::Invoke$35002016-10-02
445107Use of unitialized value in toDataUrl / jpeg encoding path-2016-10-02
444957Heap-use-after-free in OpenPDFInReaderBubbleView::ButtonPressed$5002016-10-02
444927Security: Inherited designMode and cross-window drag-n-drop allow to modify a cross-origin iframe's DOM$30002016-10-02
444717Invalid RenderFrameHost pointer is passed to WebNavigationTabObserver::DidOpenRequestedURL in test WebNavigationApiTest.CrossProcess-2016-10-02
444707Use-of-uninitialized-value in unsigned int blink::SimpleShaper::advanceInternal<blink::SurrogatePairAware$10002016-10-02
444695UNKNOWN in v8::internal::Invoke$35002016-10-02
444681Use-after-poison in v8::internal::compiler::InstructionSelector::InitializeCallBuffer$35002016-10-02
444573Use-of-uninitialized-value in ucnv_io_getConverterName_52$10002016-10-02
444546Heap/Stack Memory Info Leak - FFMPEG libavformat\mov.c$20002016-10-02
444539Heap Corruption - FFMPEG libavformat\mov.c - Use-After-Free/Double Free$40002016-10-02
444198Security: ViewHostMsg_RunFileChooser IPC allows renderer control over absolute path-2016-10-02
444084UNKNOWN in v8::internal::IC::raw_target-2016-10-02
443744UNKNOWN in v8::internal::Invoke-2016-10-02
443675Heap-use-after-free in blink::TreeScope::clearScopedStyleResolver-2016-10-02
444522Heap-buffer-overflow in ff_mov_read_stsd_entries$50002016-10-02
443356Security: No process swap between file:// and data: URLs-2016-10-02
443333Security: tracking bug for ffmpeg H.264 fixes-2016-10-02
443115Heap-use-after-free in blink::PendingScript::stopWatchingForLoad$20002016-10-02
443017Heap-use-after-free in blink::ScopedStyleResolver::collectFeaturesTo$30002016-10-02
443476Use-after-free in WTF::VectorDestructor<1,blink::Canvas2DLayerBridge::MailboxInfo>::destruct-2016-10-02
443274memory access bug in harfbuzz when a carefully crafted font is fed-2016-10-02
451918ASSERTION FAILED: it != m_customElementBindings.end()-2016-10-02
451773ASSERTION FAILED: !object || (object->isTableCell())-2016-10-02
451753UNKNOWN in DestroyPropertySheetPage+0x4e-2016-10-02
451685Use-after-poison in blink::callTransactionErrorCallback-2016-10-02
451684ASSERTION FAILED: node->isMediaControlElement()-2016-10-02
451770UNKNOWN in v8::internal::SharedFunctionInfo::code-2016-10-02
451799Heap overflow and integer overflow in ICU library$5002016-10-02
451755UNKNOWN in content::WebContentsImpl::OnOpenColorChooser-2016-10-02
451058Use-of-uninitialized-value in blink::HarfBuzzShaper::HarfBuzzShaper-2016-10-02
450844Heap-buffer-overflow in opj_dwt_decode_1$10002016-10-02
450654ASSERTION FAILED: !node || (node->isShadowRoot())-2016-10-02
451059Heap-use-after-free in blink::RenderObject::setNeedsLayout-2016-10-02
450939Negative-size-param in vp9_dec_setup_mi$10002016-10-02
451509Heap-buffer-overflow in Pickle::WriteData-2016-10-02
451456Heap-use-after-free in content::GpuChannelHost::DestroyChannel()$5002016-10-02
450389Use-of-uninitialized-value in SkPreMultiplyARGB$10002016-10-02
450198Adobe Flash Player Out-of-Bound Access Vulnerability$20002016-10-02
450096Heap-use-after-free in base::internal::DiscardableMemoryShmem::AllocateAndAcquireLock-2016-10-02
450653UNKNOWN in blink::InlineTextBox::isLineBreak-2016-10-02
450642UNKNOWN in v8::internal::Code::deoptimization_data-2016-10-02
450391Security: aarch64 seccomp lacks ability to redirect syscalls-2016-10-02
450038Heap-buffer-overflow in blink::BidiResolver<blink::InlineIterator, blink::BidiRun>::applyL1Rule-2016-10-02
449845Use-of-uninitialized-value in CFX_ByteString::FormatInteger-2016-10-02
449829Security: Illegal domain name resolving using leading dot creating unexpected behaviour/URL Bar Spoofing$10002016-10-02
449777UNKNOWN in content::WebContentsImpl::OnOpenColorChooser-2016-10-02
449739Security: Heap-use-after-free SpeechRecognitionDispatcher$10002016-10-02
449610ZDI-CAN-2662: Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability-2016-10-02
449893Heap-buffer-overflow in media::AudioBus::SwapChannels-2016-10-02
449958Heap-buffer-overflow in media::CopyPlane$20002016-10-02
449049Heap-use-after-free in blink::WorkerSharedTimer::setFireInterval-2016-10-02
449047Use-after-free in blink::Canvas2DLayerBridge::mailboxReleased-2016-10-02
449045Heap-use-after-free in blink::NavigationScheduler::shouldScheduleNavigation-2016-10-02
448798Use-of-uninitialized-value in IPC::ChannelPosix::ProcessOutgoingMessages-2016-10-02
449574Heap-use-after-free in extensions::MimeHandlerViewContainer::OnMessageReceived-2016-10-02
449291Global-buffer-overflow in v8::internal::MarkCompactCollector::EmptyMarkingDeque-2016-10-02
448423Heap-buffer-overflow in SkData::NewUninitialized$50002016-10-02
448314Heap-use-after-free in blink::V8PerContextData::constructorForTypeSlowCase$30002016-10-02
448189Wild read in aura::GetDeviceScaleFactorFromDisplay-2016-10-02
448102Bad-cast to v8::internal::OFStreamBase from base class subobject at offset 8;ostreams.cc:27:37-2016-10-02
448082Heap-use-after-free in content::ServiceWorkerScriptCacheMap::NotifyFinishedCaching$25002016-10-02
448081Heap-use-after-free in blink::FrameLoaderClientImpl::allowScript-2016-10-02
448428Heap-use-after-free in /usr/lib/libstdc++.6.dylib+0x2dfc9-2016-10-02
448299Heap-buffer-overflow in sk_memset32_SSE2-2016-10-02
448056UNKNOWN in content::WebContentsImpl::OnDidStartLoading-2016-10-02
448006Heap-use-after-free in blink::Node::compareDocumentPosition$30002016-10-02
447976Heap-use-after-free in blink::ScopedStyleResolver::collectMatchingAuthorRules$30002016-10-02
447906Heap-use-after-free in blink::DateTimeEditElement::~DateTimeEditElement$50002016-10-02
447889Global-buffer-overflow in hb_indic_get_categories-2016-10-02
447860global-buffer-overflow at vp56_rac_get_prob_branchy$5002016-10-02
448057Use-of-uninitialized-value in extract_image_data-2016-10-02
448061ASSERTION FAILED: !object || (object->isText())-2016-10-02
448008Select/option website clickjacking-2016-10-02
447852Vulnerability reported in dev-libs/openssl-2016-10-02
458777Heap-use-after-free in blink::Frame::host-2016-10-02
458776Heap-use-after-free in blink::WebPluginContainerImpl::scriptableObject-2016-10-02
458868Heap-use-after-free in content::ChildThreadImpl::ShutdownThread-2016-10-02
458861Heap-buffer-overflow in chromium_ijg_jpeg_idct_islow-2016-10-02
457480Heap-buffer-overflow in opj_dwt_decode$30002016-10-02
458184Use-after-free in blink::LayoutObject::isRooted-2016-10-02
458024[qcms] security - stack buffer overread in lut_inverse_interp16-2016-10-02
457680Security: Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap$50002016-10-02
457583Security: Flash AS2 ConvolutionFilter Uninitialized Memory Leak$40002016-10-02
457493Heap-double-free in j2k_read_ppm_v3$20002016-10-02
458026[qcms] security - heap info leak in qcms-2016-10-02
458474Heap-use-after-free in net::FileStream::Context::ReadAsyncResult-2016-10-02
458191Heap-use-after-free in blink::HTMLImportTreeRoot::recalcTimerFired-2016-10-02
456920Heap-use-after-free in base::ElapsedTimer::Elapsed-2016-10-02
456841Security: Extensions can silently debug (run code) in ANY tab and escape the sandbox$10002016-10-02
456828Security: heap-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase$50002016-10-02
457278Security: Flash AS2 Use After Free in TextField.filters$50002016-10-02
456635Heap-use-after-free in blink::Node::compareDocumentPosition-2016-10-02
456532Heap-use-after-free in blink::UserMediaRequest::start-2016-10-02
456516Security: MidiHostMsg_SendData vector OOB on Android$75002016-10-02
456391Don't supply invalid hostnames to the DNS resolver-2016-10-02
456206Heap-buffer-overflow in parse_encoding$5002016-10-02
456192Possibly invalid type cast in blink::V8LazyEventListener::prepareListenerObject$30002016-10-02
456636Use-of-uninitialized-value in blink::CustomElementUpgradeCandidateMap::~CustomElementUpgradeCandidateMap-2016-10-02
456101Security: Race condition in Flash workers may cause an exploitable double free by abusing bytearray.writeObject$75002016-10-02
456059Heap-use-after-free in blink::PendingScript::stopWatchingForLoad$30002016-10-02
455964Security: NaCl process are not marked non-dumpable.-2016-10-02
455953Security: file:// origins can use webkitRequestFullscreen and requestPointerLock without a prompt-2016-10-02
455857Google Chrome SpeechRecognitionClient Use-After-Free Remote Code Execution Vulnerability-2016-10-02
455839Security: NaCl processes should have an address space usage limit-2016-10-02
455994double free at content::RenderFrameImpl::~RenderFrameImpl-2016-10-02
455428Password is read out in the 'connect to corp network' window-2016-10-02
455368UNKNOWN in blink::SQLStatementBackend::execute$25002016-10-02
455215Security: HSTS not applied to WebSocket$5002016-10-02
454426Use-of-uninitialized-value in FT_RoundFix-2016-10-02
454280Use-of-uninitialized-value in CPDF_Function::Call-2016-10-02
454278Use-after-free in media::CdmSessionAdapter::Initialize-2016-10-02
454268Heap-buffer-overflow in PPP_GetInterface-2016-10-02
454231Heap Use After Free @blink::BaseMultipleFieldsDateAndTimeInputType::readonlyAttributeChanged$20002016-10-02
455735UNKNOWN in blink::WebSpeechSynthesisVoice::operator$20002016-10-02
455363Heap-buffer-overflow in ps_table_add-2016-10-02
453994Security: GaiaAuthExtension is too powerful and should validate parameter-2016-10-02
452794Heap-use-after-free in CPDFSDK_Widget::GetMixXFAWidget-2016-10-02
453553SIGSEGV in opj_j2k_update_image_data via pdfium_test-2016-10-02
453279Heap-use-after-free in blink::MutationObserverRegistration::unregister$30002016-10-02
453209Use-after-poison in blink::ThreadHeap::allocate+0x58-2016-10-02
453126Undefined behavior (bad virtual call) in net/socket/ssl_client_socket_pool.cc-2016-10-02
454153Global-buffer-overflow in blink::AXRenderObject::text-2016-10-02
452793Heap-use-after-free in FT_Stream_ReleaseFrame-2016-10-02
454157Use-of-uninitialized-value in void v8::internal::ScavengingVisitor<-2016-10-02
453979Security: UXSS in V8-2016-10-02
452135ASSERTION FAILED: !m_renderGrid.gridIsDirty() in blink::GridPainter::paintChildren-2016-10-02
452059Copy-Paste XSS (ODT to contenteditable)-2016-10-02
452638Heap-use-after-free in content::RenderFrameImpl::DecidePolicyForNavigation-2016-10-02
452455Heap-buffer-overflow in CPDF_SampledFunc::v_Call-2016-10-02
464409Update net-misc/radsecproxy to 1.6.6-2016-10-02
464391Heap-use-after-free in base::internal::CallbackBase::Reset-2016-10-02
464463Use-of-uninitialized-value in content::BrowserMessageFilter::Send-2016-10-02
464594Use-of-uninitialized-value in content::BrowserMessageFilter::Send-2016-10-02
463958Heap-use-after-free in xmlSwitchEncoding$10002016-10-02
463920Heap-use-after-free in SuperBlitter::blitH-2016-10-02
463599Heap-buffer-overflow in blink::WebString::fromUTF8$10002016-10-02
462843Security: UXSS in AuthenticatorHelper$75002016-10-02
462300Heap-buffer-overflow in resize_context_buffers-2016-10-02
461936Heap-use-after-free in gcm::GCMClientImpl::OnRegisterCompleted-2016-10-02
461858Chrome allows "Always open files of this type" to be used with executables$5002016-10-02
462319Heap-use-after-free in gcm::SocketInputStream::Refresh-2016-10-02
461474UNKNOWN in bool blink::outputRows<-2016-10-02
461191Security: UNKNOWN in RenderFrameImpl::OnMessageReceived$30002016-10-02
461481Security: HSTS bypass$10002016-10-02
460939Heap-use-after-free in content::GLHelper::CopyTextureToImpl::FinishRequest-2016-10-02
460938ASSERTION FAILED: !node || (node->isShadowRoot())-2016-10-02
460937UNKNOWN in v8::internal::IC::SetTargetAtAddress-2016-10-02
460936Use-of-uninitialized-value in FT_DivFix-2016-10-02
460917OOB write in v8 due to elements kind confusion$5002016-10-02
461472Heap-use-after-free in blink::PopupMenuImpl::didClosePopup-2016-10-02
460751Use-after-free in blink::ColorInputType::didEndChooser-2016-10-02
460426Add RELEASE_ASSERTs to ScriptRunner to crash in a more controlled way?-2016-10-02
460391Search query highlights the scheme of the search term and displays like a URL-2016-10-02
460145Unsafe %GeneratorFuntion% intrinsic cannot be denied-2016-10-02
459898Heap-use-after-free in CFX_BaseSegmentedArray::Iterate-2016-10-02
459897Use-of-uninitialized-value in SkConic::computeQuadPOW2-2016-10-02
460752Heap-use-after-free in blink::Document::didChangeVisibilityState-2016-10-02
460431Regression: Chrome crashes when "No thanks" link is dropped in any text-boxes on Chrome sign-in page.-2016-10-02
459637Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2016-10-02
459633Use-after-poison in v8::internal::compiler::Node::Input::Update-2016-10-02
459632Bad parameters to __sanitizer_annotate_contiguous_container in blink::EventListenerMap::EventListenerMap-2016-10-02
459564XSS in chrome://webrtc-internals/-2016-10-02
459533Heap-use-after-free in blink::LayoutLayerModelObject::hasSelfPaintingLayer$20002016-10-02
459483Use-of-uninitialized-value in sha1_final-2016-10-02
459445Security: Url Bar Spoofing using the redirections at shopping.paypal.com-2016-10-02
459862Heap-use-after-free in blink::VectorMath::zvmul-2016-10-02
458871Use-of-uninitialized-value in blink::RenderView::setSelection-2016-10-02
459215Security: pdfium - write past end of heap buffer when parsing invalid JPEG2000 image$30002016-10-02
459114Heap-use-after-free in get_lowest_part_y-2016-10-02
459043Chrome_Mac: Crash Report - blink::HarfBuzzShaper::setGlyphPositionsForHarfBuzzRun-2016-10-02
458876Use-of-uninitialized-value in v8::internal::compiler::Schedule::block$10002016-10-02
458875Global-buffer-overflow in cff_parse_real-2016-10-02
458873Heap-buffer-overflow in bloat_quad-2016-10-02
459115Heap-use-after-free in content::MessagePortService::UpdateMessagePort-2016-10-02
459239Heap-use-after-free in base::ElapsedTimer::Elapsed-2016-10-02
458870Heap-use-after-free in blink::TreeScopeStyleSheetCollection::analyzeStyleSheetChange-2016-10-02
458869UNKNOWN in TLine::GetMappedCharsInRange-2016-10-02
469395UNKNOWN in v8::internal::Invoke-2016-10-02
469305Update sqlite to uptake http://www.sqlite.org/src/info/ceebcdcaf1acf409-2016-10-02
469247Use-of-uninitialized-value in blink::TransformationMatrix::blend-2016-10-02
469244Stack-buffer-overflow in CFX_WideString::FormatV$10002016-10-02
469152P2PSocketDispatcherHost UaF-2016-10-02
469151GamepadProvider infoleak-2016-10-02
469148UNKNOWN in v8::internal::ExternalUint32Array::SetValue-2016-10-02
469082Security: sqlite bad ptr access-2016-10-02
468972Security: Two DoS bugs from OpenSSL 1.0.2a security advisory.-2016-10-02
468936Pwn2own gpu bug-2016-10-02
468931Security: Webpages have access to some extension resources$30002016-10-02
468933Security: pwn2own 2015 exploit #1-2016-10-02
468618ASSERTION FAILED: !value || (value->isValueList())-2016-10-02
468451Some cross-origin `location` properties are accessible$30002016-10-02
468179Alert popup with no and/or inaccurate origin identification$5002016-10-02
468167Use-of-uninitialized-value in parse_font_matrix$10002016-10-02
468519Container-overflow in blink::FEColorMatrix::createImageFilter$15002016-10-02
468406Container-overflow in blink::HTMLTreeBuilder::processStartTagForInBody-2016-10-02
467644Bad-cast to blink::LayoutBox from blink::LayoutText;LayoutBox.h:NUMBER:1-2016-10-02
467452Heap-use-after-free in blink::Node::recalcDistribution$20002016-10-02
467481UNKNOWN in v8::base::NoBarrier_Load-2016-10-02
467844Hosted apps running in windows don't show the origin.-2016-10-02
468166Use-of-uninitialized-value in blink::Member<blink::IDBKey>* blink::HeapAllocator::allocateVectorBacking<b$15002016-10-02
467593UNKNOWN in SkBlitMask::RowFactory-2016-10-02
467352UNKNOWN in gleUnbindDeleteHashNamesAndObjects-2016-10-02
467347UNKNOWN in SkBlitLCD16OpaqueRow_SSE2-2016-10-02
467184Use-of-uninitialized-value in cc::LayerQuad::ToQuadF-2016-10-02
467014Heap-use-after-free in blink::LayoutObject::container-2016-10-02
467372Heap-use-after-free in base::MessageLoop::DeleteSoonInternal-2016-10-02
467348Heap-use-after-free in blink::TextFieldInputType::handleKeydownEventForSpinButton$15002016-10-02
466990Heap-use-after-free in hb_ot_map_t::lookup_map_t::cmp-2016-10-02
466967UNKNOWN in sk_memset32_SSE2$10002016-10-02
466790Global-buffer-overflow in CPDF_CIDFont::_CharCodeFromUnicode-2016-10-02
466338Security: Unchecked memcpy in _png_load_bmp_attribute()-2016-10-02
466632Heap-use-after-free in v8::internal::Code::Disassemble-2016-10-02
466351Security: On Android, it's possible to inject text and icons to the page info bubble using crafted URL fragments$5002016-10-02
467011Heap-buffer-overflow in SkAAClipBlitter::blitMask-2016-10-02
465557Security: Browser-process out-of-bounds write of up to 7 bytes in BoringSSL ssl3_read_n.-2016-10-02
465586Use-after-free in _XReply-2016-10-02
466335Heap-use-after-free in content::WebSocketHost::AddChannel-2016-10-02
465759Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2016-10-02
465517Origin header preserved for cross-origin redirects with 307 status code, should be null-2016-10-02
465002UNKNOWN in PluginObserver::PluginPlaceholderHost::DownloadFinished-2016-10-02
464995Heap-use-after-free in webrtc::DtlsIdentityStore::GenerateIdentity_w-2016-10-02
464871Flash: use-after-free in display list handling from KeenTeam (repros 2-5, 6)$40002016-10-02
464870Flash: use-after-free in display list handling from KeenTeam (repro 1)$30002016-10-02
464792Heap-use-after-free in blink::FrameView::setScrollbarModes-2016-10-02
465426Heap-use-after-free in get_lowest_part_y-2016-10-02
465185Heap-use-after-free in std::_Tree<std::_Tset_traits<enum-2016-10-02
465091Heap-buffer-overflow in blink::Document::Document-2016-10-02
474609Heap-use-after-free in blink::HTMLImportTreeRoot::recalcTimerFired-2016-10-02
474784Heap-use-after-free in blink::ScriptStreamer::streamingCompleteOnBackgroundThread-2016-10-02
474783UNKNOWN in v8::internal::Invoke-2016-10-02
474370Security: heap-use-after-free in content::MediaStreamDispatcher::OnStreamGenerated$10002016-10-02
474254Merge change to reject DHE for False Start-2016-10-02
474099Security: Use-after-free in webaudio/scriptprocessornode-premature-death.html and webaudio/scriptprocessornode-premature-death.html-2016-10-02
474297UNKNOWN in v8::internal::PropertyCell::UpdateCell-2016-10-02
473688Heap-buffer-overflow in media::MultiChannelResampler::Resample-2016-10-02
473253Security: heap-use-after-free in blink::ConsumerWrapper::consumeAudio$30002016-10-02
474082Container-overflow in TabDragController::GetTabsMatchingDraggedContents-2016-10-02
474077UNKNOWN in v8::internal::NativeRegExpMacroAssembler::Execute-2016-10-02
473903Clicking 'prevent additional dialogs' fails to work with some scammer sites-2016-10-02
472613Heap-buffer-overflow in blink::UTF16TextIterator::consumeSlowCase$5002016-10-02
472201Security: Flash: Uninitialized stack variable while parsing an MPD file can corrupt memory$30002016-10-02
472147Heap-buffer-overflow in SuperBlitter::blitH-2016-10-02
472146Heap-use-after-free in printing::PrintJobWorker::GetSettingsWithUIDone-2016-10-02
471991Global-buffer-overflow in CXFA_ItemLayoutProcessor::CalculatePositionedContainerPos-2016-10-02
471990UNKNOWN in CPDF_SampledFunc::v_Call-2016-10-02
472614Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::ReportW$35002016-10-02
472618WebSQL shoudn't run a nested message loop during renderer shutdown.-2016-10-02
472617Heap-use-after-free in content::UserMediaClientImpl::OnCreateNativeTracksCompleted-2016-10-02
471651Heap-buffer-overflow in CPDF_CMap::GetNextChar$5002016-10-02
471525Heap-buffer-overflow in url::ParsePort$10002016-10-02
471523Security: Heap-use-after-free in extensions::`anonymous namespace'::LoadWatcher::DidCreateDocumentElement+68$30002016-10-02
471445Bad-cast to blink::LayoutMultiColumnFlowThread from blink::LayoutTable;LayoutBlockFlow.cpp:3089:13-2016-10-02
471785Bad-cast to blink::DedicatedWorkerGlobalScope from blink::CompositorWorkerGlobalScope;WorkerMessagingProxy.cpp:76:47-2016-10-02
471652NO STACK-2016-10-02
470980Security: Unknown in convolve4RowsHorizontally_SSE2-2016-10-02
471000UNKNOWN in v8::internal::Invoke-2016-10-02
470837Security: Flash Player Integer Overflow in Function.apply$75002016-10-02
470777Heap-buffer-overflow in blink::WebSpeechRecognitionHandle::operator blink::SpeechRecognition*-2016-10-02
471072UNKNOWN in S32A_Opaque_BlitRow32_SSE4-2016-10-02
470864Security: Use After Free in Flash AVSS.setSubscribedTags can cause memory corruption$50002016-10-02
470856Use-of-uninitialized-value in webrtc::internal::TransportAdapter::SendRTCPPacket-2016-10-02
470470Heap-use-after-free in blink::PopupMenuImpl::addElementStyle-2016-10-02
470391Use-of-uninitialized-value in v8::internal::Simulator::LoadStoreHelper-2016-10-02
470390UNKNOWN in v8::internal::Heap::UpdateAllocationSiteFeedback-2016-10-02
470749Flash: bad cast(?) in display list handling from KeenTean$20002016-10-02
470392UNKNOWN in v8::internal::FixedArray::get-2016-10-02
470753Flash: out-of-bounds write in shader handling$30002016-10-02
470751Flash: AGAL information leak from KeenTeam$10002016-10-02
470121Bad-cast to webrtc::newapi::Transport from invalid vptr;transport_adapter.cc:36:18-2016-10-02
469814Looks like OOB call in memcpy-2016-10-02
470144Heap-use-after-free in ImageDecoder::OnMessageReceived-2016-10-02
469743UNKNOWN in libc.so.6-2016-10-02
469507Security: Screen contents from other origins and non-Chrome applications are displayed in the browser$10002016-10-02
469480NO STACK$35002016-10-02
470128UNKNOWN in v8::internal::TypeFeedbackOracle::CanRetainOtherContext-2016-10-02
470122Heap-use-after-free in webrtc::internal::TransportAdapter::SendRTCPPacket-2016-10-02
469756Use-of-uninitialized-value in blink::TransformationMatrix::rotate3d-2016-10-02
469416Container-overflow in content::MidiMessageFilter::HandleClientAdded-2016-10-02
481874Vulnerability reported in net-dialup/ppp-2016-10-02
481299OS X memory corruption in IOAccelSurface2::set_shape_backing_length_ext from KEEN Team$50002016-10-02
481298OS X memory corruption in IGFence::release from KEEN Team$50002016-10-02
481296Apple OS X Yosemite 10.10.2 IOAccelSurface2::set_id_mode OOB read on IOAccelMachine2 from KEEN Team$50002016-10-02
481218OS X kASLR defeat from KEEN Team$40002016-10-02
481044Security: use-after-free in WebAudio-2016-10-02
481015Security: XSS in the bookmark button$5002016-10-02
481639Security: Boundless Tunes - universal SOP bypass through ActionSctipt's Sound object$75002016-10-02
481306Flash use-after-free in display list handling from KEEN Team, round #2$30002016-10-02
480536Container-overflow in /mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-asan_linux-rele-2016-10-02
479825Use-after-free in blink::LayoutMenuList::setIndexToSelectOnCancel-2016-10-02
479427ASSERTION FAILED: !object || (object->isLayoutBlock())-2016-10-02
479743Security: 1503A - Chrome - ui::AXTree::Unserialize UAF-2016-10-02
480201Security: chrome url spoofing$10002016-10-02
478745Heap-use-after-free in blink::ContainerNode::addChildNodesToDeletionQueue-2016-10-02
478575Heap-use-after-free in blink::Node::parentOrShadowHostOrTemplateHostNode-2016-10-02
478578Heap-use-after-free in cc::ScrollbarLayerImplBase::PushScrollClipPropertiesTo-2016-10-02
479162Security: spell checking dictionaries are fetched over HTTP, and large responses lead to a crash$5002016-10-02
478556UNKNOWN in v8::internal::ExecutableAccessorInfo::set_setter-2016-10-02
478549Heap-use-after-free in blink::SMILTimeContainer::updateAnimations$20002016-10-02
478583Use-of-uninitialized-value in content::MediaInternals::OnMediaEvents-2016-10-02
478009UNKNOWN in v8::internal::PropertyCell::PropertyCellVerify-2016-10-02
478077Heap-use-after-free in v8::internal::CompilationDependencies::Abort-2016-10-02
477953UNKNOWN in v8::internal::JSObject::JSObjectVerify-2016-10-02
477868Decide on security style for resources loaded over bad HTTPS with user exception-2016-10-02
477955UNKNOWN in v8::internal::FixedArray::FixedArrayVerify-2016-10-02
477331Negative-size-param in cc::ListContainer<cc::DrawQuad>::EraseAndInvalidateAllPointers-2016-10-02
477333ASSERTION FAILED: node.isElementNode()-2016-10-02
477380Bad-cast to blink::RawResourceClient from blink::LinkLoader;RawResource.cpp:59:33-2016-10-02
477680Security: avatars are fetched over HTTP, and large responses lead to a crash-2016-10-02
477713ASSERTION FAILED: !needsLayout-2016-10-02
477819Heap-use-after-free in blink::FFTFrame::doInverseFFT-2016-10-02
477298UNKNOWN in v8::internal::HeapObject::SizeFromMap-2016-10-02
477278Security: URL spoof message of onbeforeunload-2016-10-02
476926Security: Flash AS2 Use After Free in TextField.filters (again)$50002016-10-02
477089Heap-use-after-free in void blink::ScriptPromiseResolver::resolveOrReject<blink::AudioBuffer*>-2016-10-02
476647Use-of-uninitialized-value in SkRecords::FillBounds::adjustAndMap$5002016-10-02
476107Heap-buffer-overflow in CJBig2_Context::parseSymbolDict-2016-10-02
477187Heap-use-after-free in blink::AudioScheduledSourceHandler::notifyEnded-2016-10-02
475749Heap-buffer-overflow in media::ChannelMixingMatrix::CreateTransformationMatrix-2016-10-02
475773Heap-use-after-free in blink::LayoutBox::contentBoxRect-2016-10-02
475070Security: Clank injects JavaScript into the main page's world-2016-10-02
475018Security: [FLASH] Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture$40002016-10-02
489764boringssl: x509v3 has possible use-after-free in do_check_string()-2016-10-02
488783Heap-buffer-overflow in url::CanonicalizeIPAddress-2016-10-02
489151UNKNOWN in v8::internal::Simulator::LoadStoreHelper-2016-10-02
487284Security: QCMS crash OOB read at src/chain.c:211-2016-10-02
487752Unsecure shared memory-2016-10-02
487286Negative-size-param in content::AppCacheUpdateJob::OnDestructionImminent-2016-10-02
487928Heap-use-after-free in CJS_WideStringArray::~CJS_WideStringArray$43372016-10-02
486947UNKNOWN in SkReader32::readString$50002016-10-02
486946UNKNOWN in _fini$50002016-10-02
487237Security: Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap$50002016-10-02
486944Stack-buffer-overflow in SkPackBits::Unpack8$50002016-10-02
486538Heap-double-free in opj_j2k_tcp_destroy-2016-10-02
487155Security: CSP does not block svg image in nested iframe$10002016-10-02
486977Heap-buffer-overflow in SkData::NewUninitialized$50002016-10-02
486945Heap-double-free in SkPictureData::~SkPictureData$50002016-10-02
486434Stack-buffer-overflow in sandbox::BrokerServicesBase::SpawnTarget$25002016-10-02
486003UNKNOWN in v8::internal::Heap::EnsureDoubleAligned-2016-10-02
486000Heap-use-after-free in blink::LayoutMultiColumnSet::updateMinimumColumnHeight-2016-10-02
485893Security: Adobe Flash FLV SCRIPTDATDSTRING OOB read Information Leak-2016-10-02
486301Heap-use-after-free in blink::BMPImageReader::decodeBMP-2016-10-02
486004Heap-use-after-free in base::MessageLoop::PostTask-2016-10-02
485843Use-after-poison in blink::PlatformSpeechSynthesizer::setVoiceList-2016-10-02
485419UNKNOWN in v8::internal::Simulator::DecodeTypeImmediate-2016-10-02
485414ASSERTION FAILED: !object || (object->isBox())-2016-10-02
485413Heap-use-after-free in ExtensionLocalizationPeer::OnCompletedRequest-2016-10-02
485534Heap-use-after-free in v8::internal::JSObject::PrintElements-2016-10-02
485198XSS Auditor bypass: <link rel="import {garbage}"-2016-10-02
484998An integer overflow in libskia could be used to escalate from Chrome's sandbox in Android$30002016-10-02
484957UNKNOWN in v8::internal::Invoke-2016-10-02
485855Heap-use-after-free in /mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-asan_linux-release/r-2016-10-02
485412Heap-buffer-overflow in v8::internal::Simulator::DecodeType2-2016-10-02
484610Security: Flash UAF with Color.setRGB in AS2$75002016-10-02
484432Potential heap overflow in WebRTC's VCMEncodedFrame-2016-10-02
484270Security: Heap overflow in CertificateResourceHandler-2016-10-02
484211Apply upstream EAP-PWD, WPS and WMM fixes-2016-10-02
484614Heap-use-after-free in blink::CSSAnimations::maybeApplyPendingUpdate$30002016-10-02
483981Security: Heap Overflow Vulnerability in JBIG2 handling, used by PDF Reader$55002016-10-02
483923Use-of-uninitialized-value in SkRect::join-2016-10-02
483728UNKNOWN in v8::internal::RelocIterator::RelocIterator-2016-10-02
483727Heap-use-after-free in blink::InspectorResolver::resolveFrame-2016-10-02
483488Security: Service Workers let you bypass some same-origin checks (like verbose script parsing errors)-2016-10-02
483375Security: [FG-VD-15-037] Adobe Flash Player PCRE Handing Heap Overflow Vulnerability$30002016-10-02
483340Heap-buffer-overflow in blink::RejectedPromises::processQueue-2016-10-02
482639UNKNOWN in CJBig2_HuffmanTable::parseFromCodedBuffer-2016-10-02
482521Security: Flash UAF with MovieClip.scrollRect in AS2$75002016-10-02
483856Use-after-poison in blink::PendingScript::PendingScript-2016-10-02
482369ASSERTION FAILED: !entry->element || entry->element == element-2016-10-02
482380Security: URL Spoof with http authentication dialog and pdf prompt dialog$5002016-10-02
482214ASSERTION FAILED: !object || (object->isBox())$25002016-10-02
498982Security: XSS Auditor info disclosure using iframe length from different domains$13372016-10-02
498954Heap-use-after-free in content::BrowserPlugin::~BrowserPlugin-2016-10-02
498478Proximity Auth Base64URL decoding allows invalid messages through-2016-10-02
498475Heap-use-after-free in blink::InspectorDebuggerAgent::removeBreakpoint-2016-10-02
498338Security: Integer Overflow in Windows Sandbox Policy Engine String Comparison-2016-10-02
497632Security: SEGV on unknown address in offsetHeightAttributeGetter$30002016-10-02
497588Security: Chrome Address Spoofing with unresponsive page-2016-10-02
497579ASSERTION FAILED: offset + length <= m_length-2016-10-02
498984Security: Flash AS2 Use After Free in TextField.filters (again and again)$50002016-10-02
497576UNKNOWN in v8::internal::ArrayConcatVisitor::ToArray-2016-10-02
497523ASSERTION FAILED: !value || (value->isGridLineNamesValue())-2016-10-02
497578Heap-buffer-overflow in gfx::internal::TextRunHarfBuzz::GetClusterAt-2016-10-02
497507Security: Cross-origin scripting possible via native functions$75002016-10-02
497435Heap-use-after-free in blink::LayoutMultiColumnSet::pageLogicalHeight-2016-10-02
497357Heap-buffer-overflow in color_sycc_to_rgb$10002016-10-02
497355Heap-double-free in j2k_read_ppm_v3$30002016-10-02
497195ASSERTION FAILED: !object || (object->isLayoutMultiColumnSet())-2016-10-02
497524Use-after-free in WTF::Vector<blink::MultiColumnFragmentainerGroup,1,WTF::DefaultAllocator>::at-2016-10-02
495933Security: RTL character + IP address = spoofed domain-2016-10-02
495682Use-of-uninitialized-value in /mnt/scratch0/clusterfuzz/slave-bot/builds/linux_msan_chrome_ipc/custom/msan_ipc-2016-10-02
495300Security: heap-use-after-free in pdfium CFX_BaseSegmentedArray-2016-10-02
494987Security: Geolocation API Spoof in Chrome For iOS$5002016-10-02
494640Security: Universal XSS using IDBKeyRange static methods$75002016-10-02
494043ASSERTION FAILED: !node || (node->isContainerNode())-2016-10-02
495934Security: Unicode "Lock" character (-2016-10-02
492981Heap-use-after-free in blink::HTMLFormElement::item-2016-10-02
493243Heap-use-after-free in blink::Frame::deprecatedLocalOwner$20002016-10-02
493935Distinguish file: origins by hostname AND pathname, just not pathname-2016-10-02
492448Security: Update NSS to 3.19-2016-10-02
492490ASSERTION FAILED: offset + length <= m_length-2016-10-02
492634Security: Information for reporting Canary build bugs sends you to an insecure webpage-2016-10-02
492263UNKNOWN in SkSweepGradient::SweepGradientContext::shadeSpan$50002016-10-02
492052Security: libexpat buffer-overflow seems to affect latest version of chromium on Linux x86_64$5002016-10-02
491975Heap-buffer-overflow in SI8_opaque_D32_nofilter_DX$10002016-10-02
491742UNKNOWN in v8::internal::Simulator::DecodeType2-2016-10-02
492265Heap-use-after-free in SkCreateBitmapShader$10002016-10-02
491660Heap-buffer-overflow in convolve4RowsHorizontally_SSE2$50002016-10-02
491584Use-of-uninitialized-value in media::VideoFrameCompositor::GetCurrentFrameAndUpdateIfStale-2016-10-02
491582ASSERTION FAILED: !object || (object->isBox())-2016-10-02
491216Make IOBuffer, IOBufferWithSize and ShrinkableIOBufferWithSize resilient against truncation.-2016-10-02
490721Heap-buffer-overflow in blink::CSSSelector::matchNth-2016-10-02
490722Heap-use-after-free in blink::LayoutMultiColumnSet::flowThreadTranslationAtOffset-2016-10-02
490506UNKNOWN in v8::internal::CompilationDependencies::Abort-2016-10-02
490505Heap-use-after-free in blink::AXObject::document-2016-10-02
490496Heap-use-after-free in plugins::LoadablePluginPlaceholder::DidFinishLoadingCallback-2016-10-02
490492Security: heap-use-after-free in WebsiteSettingsInfoBarDelegate::Create$10002016-10-02
505614Use-of-uninitialized-value in std::__1::__tree<content::WebContents*, std::__1::less<content::WebContents*>, s-2016-10-02
505374UNKNOWN in blink::EventTarget::getEventListeners$10002016-10-02
505341UNKNOWN in v8::internal::ScopeIterator::Type-2016-10-02
505227Use-of-uninitialized-value in GrAAConvexTessellator::addTri-2016-10-02
504691Heap-buffer-overflow in content::NavigationControllerImpl::RendererDidNavigateToExistingPage-2016-10-02
504688Heap-use-after-free READ 8 in blink::DeprecatedPaintLayer::mapRectToPaintBackingCoordinates-2016-10-02
504727UNKNOWN in v8::internal::Object::GetProperty-2016-10-02
504692Heap-use-after-free in views::internal::NativeWidgetPrivate::GetNativeWidgetForNativeView-2016-10-02
504687Use-of-uninitialized-value in SkCanvas::concat-2016-10-02
504690Use-of-uninitialized-value in blink::encodePixels-2016-10-02
504685Heap-use-after-free in blink::WorkerScriptLoader::loadAsynchronously-2016-10-02
503217Security: improperly escaped "saved from url" info allows modification of saved pages$5002016-10-02
502863Use-after-poison in blink::HTMLMediaElement::setReadyState-2016-10-02
502859ASSERTION FAILED: !node || (node->isShadowRoot())-2016-10-02
502794Heap-use-after-free in CFX_BaseSegmentedArray::Iterate-2016-10-02
502793Heap-use-after-free in blink::Touch::Touch-2016-10-02
502792Stack-buffer-overflow in FixWinding-2016-10-02
502858Heap-use-after-free in blink::SuspendableScriptExecutor::contextDestroyed-2016-10-02
501973Heap-double-free in gfxReleaseSharedStateAndHash-2016-10-02
501891Bad-cast to blink::EventTarget from blink::MediaDevices;ScriptWrappable.h:67:16-2016-10-02
501888Heap-use-after-free in blink::ScreenOrientationController::dispatchChangeEvent-2016-10-02
502562Heap-use-after-free in WebLocalFrameImpl::printBegin$30002016-10-02
501889Heap-buffer-overflow in CPDF_ICCBasedCS::GetDefaultValue-2016-10-02
500877Security: XSSAuditor bypass with leading regexp inside svg script tag.-2016-10-02
501428Stack-use-after-return in blink::DisplayItemClientWrapper::displayItemClient-2016-10-02
501113Vulnerability reported in dev-libs/openssl-2016-10-02
500026Security: Non-temporal store row-hammer vulnerability-2016-10-02
499789Heap-use-after-free in v8::internal::JSTypedArray::MaterializeArrayBuffer-2016-10-02
500355Heap-use-after-free in v8::HandleScope::Initialize-2016-10-02
500175Heap-buffer-overflow in v8::internal::JSTypedArray::MaterializeArrayBuffer-2016-10-02
500352Use-after-poison in blink::HTMLMediaElement::~HTMLMediaElement-2016-10-02
499279Web MIDI performance crashes chrome canary$20002016-10-02
499465Security: WebKit ASLR is consistent across renderers-2016-10-02
512445Heap-use-after-free in in CPDFSDK_PageView::GetAnnotByDict-2016-10-02
511554Vulnerability reported in net-misc/curl-7.23.1-r1-2016-10-02
511616Security: Performance APIs reveal cross-origin URLs.$10002016-10-02
511553Vulnerability reported in dev-libs/openssl-1.0.1c-r9-2016-10-02
509775Remove unused jump_elimination_allowed parameter to Assembler::branch_offset()-2016-10-02
510702Heap-use-after-free in blink::CompositorWorkerManager::shutdown-2016-10-02
510707Heap-use-after-free in blink::Font::buildTextBlob-2016-10-02
510802Security: webRequest API allows intercepting XHR from apps and extensions$30002016-10-02
510850Security: Chrome inadvertently includes a supercookie via DTLS cert information-2016-10-02
509666Security: ARM constant pool can be blocked for too long-2016-10-02
509463ASSERTION FAILED: !object || (object->isLayoutMultiColumnSet())-2016-10-02
509461Heap-use-after-free in blink::Node::insertBefore-2016-10-02
509458Heap-use-after-free in v8::internal::MemoryReducer::TimerTask::Run$35002016-10-02
509670MIPS trampoline pool emission seems to be wrong sometimes-2016-10-02
509313chrome.embeddedSearch.newTabPage.navigateContentWindow is too powerful$10002016-10-02
508792Uninit read from cc::LayerTreeHostImpl::LayerTreeHostImpl-2016-10-02
508705Use-of-uninitialized-value in blink::MediaQueryExp::createIfValid-2016-10-02
508703Use-of-uninitialized-value in AAFillRectBatch::onCombineIfPossible-2016-10-02
508540Unicode-decoder: fix out-of-band write in utf16-2016-10-02
508086Security: Flash UAF with Color.setTransform in AS2-2016-10-02
508983ASSERTION FAILED: !node || (node->isShadowRoot())-2016-10-02
508979Heap-use-after-free in blink::DeprecatedPaintLayer::setGroupedMapping-2016-10-02
508876GetStringUTFChars() no longer returns Modified UTF-8 in Android M-2016-10-02
508872Merge out-of-bounds accesses found by WebRTC fuzzing.-2016-10-02
507990Use-after-free in blink::V8Window::namedPropertyGetterCustom-2016-10-02
507988Heap-use-after-free in blink::DeprecatedPaintLayer::setGroupedMapping$35002016-10-02
507821Send SafeBrowsing ping-backs for additional file types-2016-10-02
508072Security: Flash Heap-use-after-free in SurfaceFilterList::C​reateFromScriptAtom. Alwayzzzzzzz$75002016-10-02
507020Use-after-free in blink::AXNodeObject::document-2016-10-02
507018Use-of-uninitialized-value in Browser::GetSecurityStyle-2016-10-02
508009Security: Flash Use After Free in TextLine.opaqueBackground-2016-10-02
507992Heap-use-after-free in blink::DeprecatedPaintLayer::updatePagination-2016-10-02
507272Potential Flash 0-day Exploit ('flash-0day-vitaly1')-2016-10-02
506749Heap-use-after-free in crypto::Encryptor::Decrypt-2016-10-02
507017Use-of-uninitialized-value in blink::GraphicsContext::realizePaintSave-2016-10-02
506763stack-use-after-return in opj_pi_next_rpcl$5002016-10-02
506540UNKNOWN in v8::internal::Simulator::InstructionDecode-2016-10-02
505829Byte Serving Information Leak-2016-10-02
516365Heap-use-after-free in media::DecryptingDemuxerStream::~DecryptingDemuxerStream-2016-10-02
516298Many media/track/ layout tests flakily crash-2016-10-02
516266Stack-buffer-overflow in SkIntersections::removeOne$30002016-10-02
516361Heap-buffer-overflow in gfx::FindValidBoundaryBefore-2016-10-02
516690Security: WebUI backends inject data into random web pages (tracking bug)-2016-10-02
514758Use-of-uninitialized-value in SkUnPreMultiply::UnPreMultiplyPreservingByteOrder-2016-10-02
514756Use-of-uninitialized-value in SuperBlitter::blitH-2016-10-02
516088Heap-buffer-overflow in content::NavigationControllerImpl::InsertOrReplaceEntry-2016-10-02
514891Heap-buffer-overflow in CJBig2_Context::parseSymbolDict$20002016-10-02
514759Use-of-uninitialized-value in vp3_h_loop_filter_c-2016-10-02
514080!field_type->NowStable() || field_type->NowContains(value) in src/objects-debug.-2016-10-02
514076Security: localStorage of file:// can be read from any remote origin through a blob: document with the origin of null$10002016-10-02
514122UNKNOWN in v8::internal::MemoryChunk::IsFlagSet-2016-10-02
514755Heap-use-after-free in blink::ComposedTreeTraversal::traverseParent-2016-10-02
514753Use-of-uninitialized-value in blink::Font::glyphDataForCharacter-2016-10-02
513917Heap-use-after-free in ui::InputMethodAuraLinux::ResetContext-2016-10-02
513602UNKNOWN in v8::internal::Invoke-2016-10-02
512678Security: CSS font loading API bypasses CORS$5002016-10-02
526286Container-overflow in blink::HTMLTreeBuilder::processStartTagForInBody-2016-10-02
526441Use-of-uninitialized-value in vp3_h_loop_filter_c-2016-10-02
526378Security: Pointerlock browser UI hijack-2016-10-02
526025SEGV in SkOpSpan::containsCoincidence-2016-10-02
526244Attempting free in v8::internal::Heap::FreeDeadArrayBuffersHelper-2016-10-02
525696ASSERTION FAILED: !containsWrapper()-2016-10-02
525330Null out DOMWindow::m_frame as soon as the frame/window is detached-2016-10-02
524899Adobe Flash Player AdBreakTimelineItem class Memory Corruption Vulnerability$30002016-10-02
525832chromewebdata intermediary page can throw a Javascript syntax error-2016-10-02
525763Heap-buffer-overflow in SkCreateBitmapShader-2016-10-02
524096Use-of-uninitialized-value from GpuCommandBufferStub::OnInitializeFailed()-2016-10-02
524094Use-of-uninitialized-value in GrTextureDomain::GLDomain::setData-2016-10-02
524694Heap-use-after-free in blink::FrameLoaderClientImpl::dispatchDidFinishDocumentLoad-2016-10-02
524682Bad-cast to blink::LayoutText from blink::LayoutBlockFlow;LayoutText.h:237:1-2016-10-02
524074Security: Universal XSS by loading a javascript: URI from an unloaded window$75002016-10-02
522791Security: Universal XSS using navigator.serviceWorker.ready$75002016-10-02
523453UNKNOWN in v8::internal::Deserializer::FlushICacheForNewCodeObjects-2016-10-02
522128Security: Blink passes NULL TypedArray backing stores to V8, leading to OOB R/W-2016-10-02
521655window.find() with unusual HTML fails to handle shadow tree-2016-10-02
522131UNKNOWN in _CMapLookupCallback$30002016-10-02
521588Security: leaking previous webpage through webGL canvas preserveDrawingbuffer and scissor.-2016-10-02
519558Security: Universal XSS via ContainerNode::parserInsertBefore$88372016-10-02
520422Security: Cross-site read access to PDF files$40002016-10-02
520792Heap-use-after-free in blink::DocumentLoader::dataReceived-2016-10-02
521343Popunder is possible again (seemingly using Flash)-2016-10-02
519642Security: Memory-safety bug in Image11::map$10002016-10-02
518827Security: chrome.runtime.setUninstallURL does not validate its URL parameter$30002016-10-02
517906Security: Installed extensions can read memory mapping information.-2016-10-02
517854Global-buffer-overflow in FXSYS_itoa-2016-10-02
518749Security: Heap-use-after-free in UsbContext::UsbEventHandler::Stop$30002016-10-02
518206Security: Overflow in VertexBufferInterface::reserveVertexSpace causes memory-safety bug$50002016-10-02
517913ASSERTION FAILED: it != m_scriptsToExecuteInOrder.end()-2016-10-02
516821latest Chrome Canary(syzyasan) crashes constantly when querying crbug.com-2016-10-02
517383Adobe Flash Player Regular Expression Out-Of-Bounds Write Remote Code Execution Vulnerability$30002016-10-02
534621Update FreeType with a recent series of patches-2016-10-02
534570CSP: wildcard source expression (*) should not match data URIs$5002016-10-02
534542CSP: `*.x.y` must match a host that ends with `.x.y` (4.2.2 step 4.6)$5002016-10-02
532967UNKNOWN in vp8_read_mv_component$5002016-10-02
533778Security: Changing URL from your website to any other that uses HTTP BASIC AUTHENTICATION.-2016-10-02
533520Security: Links to "file://" URLs in PDFs-2016-10-02
532758Vulnerability reported in libpng-2016-10-02
532450Vulnerability reported in sys-kernel/chromeos-kernel-3_10-2016-10-02
532448Vulnerability reported in sys-kernel/chromeos-kernel-3_10-2016-10-02
532762Vulnerability reported in libevent-2016-10-02
532449Vulnerability reported in sys-kernel/chromeos-kernel-3_10-2016-10-02
531891Security: Universal XSS using exceptions thrown from Object.observe$75002016-10-02
532439Vulnerability reported in sys-kernel/chromeos-kernel-3_8-2016-10-02
532440Vulnerability reported in sys-kernel/chromeos-kernel-3_8-2016-10-02
531057Bad-cast to blink::ScriptWrappable from blink::WorkerWebSocketChannel;DOMWrapperMap.h:148:20$35002016-10-02
530301Security: Universal XSS using stack overflow exceptions$75002016-10-02
529682Content script is able to eval code in background page of other extension$30002016-10-02
531664CFI: invalid cast in list_container.h-2016-10-02
529530Heap-use-after-free in blink::DateTimeChooserImpl::didClosePopup-2016-10-02
529527Use-of-uninitialized-value in content::EchoInformation::UpdateAecDelayStats-2016-10-02
529520Heap-use-after-free in content::EmbeddedWorkerInstance::ReleaseProcess$35002016-10-02
529489Security: Tracking bug for upstream NSS issues-2016-10-02
529310Bad-cast to CJS_EventHandler from ;PublicMethods.cpp:2026:7-2016-10-02
529552Heap-buffer-overflow in UpdateDelayMetrics-2016-10-02
529531Heap-use-after-free in blink::WebViewImpl::close-2016-10-02
529012Bad-cast to util from Document;JS_Define.h:165:13$35002016-10-02
528798Bad-cast to blink::ScriptWrappable from blink::WebGLRenderingContextBase::TypedExtensionTracker<blink::ANGLEInstancedArrays>;ScriptWrappable.h:192:32-2016-10-02
528505Security: Linking to chrome:// urls inside pdf$40002016-10-02
528799Bad-cast to icu_54::UnicodeSet from icu_54::Quantifier;rbt_pars.cpp:1105:22-2016-10-02
528628Heap-buffer-overflow in C:\clusterfuzz\slave-bot\builds\chrome-test-builds_media_win32-release_e999b7478-2016-10-02
527466Security: Linux x86_64 vsyscall provides attack vectors-2016-10-02
527514Security: SAN-01-001 Angular ngSanitize bypass using SVG <use> & insecure JSON Callback in Blink-2016-10-02
527423Security: Integer overflow in open-vcdiff results in OOB read in browser process-2016-10-02
545173Security: UAF in CPWL_ComboBox::OnKeyDown in PDFium-2016-10-02
544765Privacy: browser history sniffing attack using HSTS + CSP$5002016-10-02
544691Use-of-uninitialized-value in blink::encodePixels$20002016-10-02
544020Security: blink::WeekInputType uaf vulnerability$30002016-10-02
543994Crash in NULL@0x...60-2016-10-02
543528Heap-use-after-free in v8::internal::compiler::DeadCodeElimination::ReduceLoopOrMerge-2016-10-02
544270Update harfbuzz to 1.0.6-2016-10-02
542054Security: properly escaped href attribute leading to offline XSS upon saving a page$5002016-10-02
541669Security: Security: signed integer overflow in media/formats/mp2t/es_parser_h264.cc-2016-10-02
541594Bad-cast to v8::String::ExternalStringResource from invalid vptr;objects-inl.h:4047:10-2016-10-02
541593Heap-buffer-overflow in blink::SVGFilterGraphNodeMap::addPrimitive$15002016-10-02
542060CSP for Evil & Service Workers-2016-10-02
541323Heap-buffer-overflow in CJBig2_HuffmanTable::parseFromCodedBuffer-2016-10-02
541322Bad-cast to blink::WebTaskRunner from invalid vptr;BackgroundHTMLParser.cpp:109:36-2016-10-02
540949Security: Webpage can bypass arbitrary interstitial using HTTP auth dialog-2016-10-02
539908Heap-use-after-free in blink::RejectedPromises::processQueueNow-2016-10-02
539875Security: Symbols ignored in Object.{freeze, seal, isFrozen, isSealed}()-2016-10-02
539691Heap-buffer-overflow in SkBlitter::blitMask-2016-10-02
541415Security: URL Spoofing when victim tries to access another website from attacker's page.$5002016-10-02
541206Security: Universal XSS using document.adoptNode$75002016-10-02
539563Heap-buffer-overflow in net::HpackEncoder::EncodeHeaderSet-2016-10-02
538952Bad-cast to Profile from invalid vptr;chrome_extensions_network_delegate.cc:38:22-2016-10-02
537666Remove references to unloadEvent in runtime_custom_bindings.js-2016-10-02
538256Heap-use-after-free in blink::FrameLoaderClientImpl::dispatchDidFinishDocumentLoad-2016-10-02
538257Crash in v8::internal::FlexibleBodyVisitor<v8::internal::MarkCompactMarkingVisitor,v8::in-2016-10-02
537823Security: The password manager can be tricked to put one site's saved credential's into another's with HTTP auth-2016-10-02
537205Security: Crazy Linker on Android allows modification of Chrome APK without breaking signature$10002016-10-02
536917Heap-use-after-free in blink::RadioInputType::didDispatchClick-2016-10-02
537656Heap-use-after-free in blink::ShapeOutsideInfo::isEnabledFor-2016-10-02
537173Security: PureCall on CPWL_Edit::OnKillFocus$30002016-10-02
537660Remove stash_client.js dependency on unload_event-2016-10-02
537658Remove extension dependencies on unload_event.js-2016-10-02
536601Crash in ff_sbr_hf_apply_noise_3_sse2-2016-10-02
536231Heap-double-free in v8::internal::ArrayBufferTracker::FreeDead-2016-10-02
535605heap-use-after-free in AudioOutputDevice-2016-10-02
536701Chrome mobile for iOS thinks JavaScript redirects are a form of certificate spoofing of trusted domains$5002016-10-02
536652Security: Disrupting the omnibox from the attacker's website.$10002016-10-02
536640Heap-use-after-free in blink::InlineTextBox::selectionState-2016-10-02
534994Heap-use-after-free in extensions::BookmarkAppHelper::OnBubbleCompleted-2016-10-02
534923Security: Universal XSS via the unload_event module$75002016-10-02
534992Heap-use-after-free in blink::TimerBase::stop-2016-10-02
534993Heap-use-after-free in blink::CSSImageSetValue::valueWithURLsMadeAbsolute-2016-10-02
555784Heap-buffer-overflow in CCodec_RLScanlineDecoder::v_GetNextLine-2016-10-02
555575Heap-use-after-free in webrtc::PeerConnection::OnSessionStateChange-2016-10-02
555544crash in SkSweepGradient::SweepGradientContext::shadeSpan$20002016-10-02
554648Factory reset can be performed when it should be disallowed.-2016-10-02
554172Heap-buffer-overflow in opj_jp2_apply_pclr-2016-10-02
554151Heap-buffer-overflow in CPDF_DIBSource::DownSampleScanline32Bit-2016-10-02
554129Heap-buffer-overflow in opj_j2k_read_mcc-2016-10-02
554115Heap-buffer-overflow in CPDF_TextObject::CalcPositionData-2016-10-02
554946Security: Pwn2Own mobile case, out-of-bound access in json stringifier$75002016-10-02
554908Security: AppCacheDispatcherHost UaF with host transfer$100002016-10-02
554099Crash in v8::internal::StaticMarkingVisitor<v8::internal::IncrementalMarkingMarkingVisito-2016-10-02
553050Heap-use-after-free in blink::PartPainter::isSelected-2016-10-02
553054Heap-use-after-free in blink::V8SVGMatrix::visitDOMWrapper-2016-10-02
552870ASSERTION FAILED: index < arraySize-2016-10-02
553049Use-of-uninitialized-value in blink::LayoutObject::findNextLayer-2016-10-02
552749window.crypto.getRandomValues() uses a weak CSPRNG$5002016-10-02
553048Heap-use-after-free in blink::LayoutBlock::removeChild$35002016-10-02
552448Security: PDFium: XFA: UAF in CXFA_PDFFontMgr::~CXFA_PDFFontMgr()-2016-10-02
552046Heap-buffer-overflow in CPDF_DIBSource::GetScanline-2016-10-02
551503Heap-buffer-overflow in cff_get_glyph_name-2016-10-02
551470Heap-buffer-overflow in opj_t2_read_packet_header-2016-10-02
551460Stack-buffer-overflow in CPDF_Function::Call-2016-10-02
551116chrome crash during dark resume leaves zombie processes, reparented to init, which makes new chrome instance unusable.-2016-10-02
551044Security: AppCacheUpdateJob accesses map::end()$113372016-10-02
551028FreeType : pick up post-2.6.1 patches (or 2.6.2 when it's out)-2016-10-02
550972Security: app_mode_loader not signed on OSX-2016-10-02
551288Crash in v8::internal::Heap::DoScavenge-2016-10-02
550629Heap-use-after-free in content::RenderMessageFilter::OnKeygen-2016-10-02
551143Heap-use-after-free in content::BindWebGraphicsContext3DGLContextCallback-2016-10-02
550632Use-after-poison in blink::WorkerWebSocketChannel::Bridge::traceImpl<blink::InlinedGlobalMarkingVisi$35002016-10-02
549155Use-of-uninitialized-value in filter8-2016-10-02
550047Security: Inline extension installation dialog doesn't block and persists after redirect$10002016-10-02
546849ASSERTION FAILED: !object || (object->isBox())-2016-10-02
546848ASSERTION FAILED: !m_pendingInOrderScripts.isEmpty()-2016-10-02
546846Heap-use-after-free in views::NativeWidgetAura::ShouldDescendIntoChildForEventHandling-2016-10-02
546545Security: Universal XSS using plugin objects$75002016-10-02
545520Heap-buffer-overflow in blink::MarkupFormatter::appendCharactersReplacingEntities-2016-10-02
567688Vulnerability reported in dev-libs/openssl-2016-10-02
567445Security: URL Spoofing with HTTPS lock$10002016-10-02
566156Security: QUIC may send requests (including cookies) in the clear-2016-10-02
566142Heap-use-after-free in blink::WebLocalFrameImpl::didFail-2016-10-02
566231Security: chromeos-base/chromeos-ca-certificates is out of date-2016-10-02
565760Security: Drop-downs hiding any part of the browser UI, allowing for several types of spoof attacks$31332016-10-02
565543Privileged installer directory is writeable by lower privileged users-2016-10-02
565967Heap-use-after-free in webrtc::VCMGenericDecoder::Release-2016-10-02
565416Security: OpenSSL 1.0.2e fixes-2016-10-02
565048Heap-use-after-free in webrtc::DataChannel::UpdateState-2016-10-02
565046Crash in v8::internal::RootMarkingVisitor::MarkObjectByPointer-2016-10-02
565023Security: Google Chrome: Privilege Escalation from Renderer Process to Browser Process-2016-10-02
564501Security: UAF in MidiHost (Sandbox escape)-2016-10-02
564238Security: Windows Image Sections Allow Mapping Arbitrary Executable Memory into More Privileged Processes-2016-10-02
563964Security: GPU process to privileged renderer IPC bug?-2016-10-02
565049Heap-use-after-free in blink::FrameSelection::notifyLayoutObjectOfSelectionChange-2016-10-02
562986Heap-use-after-free in blink::FrameLoader::init-2016-10-02
562984Use-of-uninitialized-value in blink::CachingWordShapeIterator::nextWord-2016-10-02
561972Crash in v8::internal::HeapObject::VerifyHeapPointer-2016-10-02
563688Security: Code Review Clickjacking-2016-10-02
562208Heap-use-after-free in blink::LayoutBoxModelObject::hasSelfPaintingLayer-2016-10-02
561497Heap-use-after-free in content::VideoCaptureController::RemoveClient-2016-10-02
561505Global-buffer-overflow in blink::getPropertyName-2016-10-02
561869Bad-cast to blink::StaticBitmapImage from blink::BitmapImage;ImageBitmap.cpp:51:25-2016-10-02
561488Heap-buffer-overflow in blink::appendCharactersReplacingEntitiesInternal<unsigned char const >-2016-10-02
561478Heap-use-after-free in FT_Stream_ReleaseFrame-2016-10-02
560480Global-buffer-overflow in blink::getPropertyName-2016-10-02
560291Security: security vulnerabilities in libpng (CVE-2015-7981, CVE-2015-8126)$5002016-10-02
561492Heap-use-after-free in blink::PlatformEventDispatcher::notifyControllers-2016-10-02
559528Heap-use-after-free in blink::LayoutTextFragment::setTextFragment-2016-10-02
559515Security: Bypass to Multiple Files dialog allows for system crash or disk exhaustion-2016-10-02
560011Security: Universal XSS using widget updates in ContainerNode::parserRemoveChild$80002016-10-02
559292Security: heap-use-after-free in blink::ScopedStyleResolver::collectMatchingAuthorRules$30002016-10-02
559075Vulnerability reported in net-misc/strongswan-2016-10-02
559541Flash: Uninitialized variable in DateObject::_toString can cause memory corruption$50002016-10-02
559310Security: SharedWorkerDevToolsAgentHost UAF (sandbox escape)-2016-10-02
558589Security: AppCacheUpdateJob UaF$100002016-10-02
557981Security: heap-use-after-free in blink::MutationObserver::enqueueMutationRecord$20002016-10-02
557806Heap-use-after-free: text-transform CSS property breaks document life time cycle-2016-10-02
557802Bad-cast to blink::HTMLOptionElement from blink::HTMLOptGroupElement;Element.h:704:12-2016-10-02
558840Crash in NULL@0x...40-2016-10-02
557799Crash in Init-2016-10-02
557797Heap-use-after-free in I422ToARGBRow_Any_SSSE3-2016-10-02
557223Pdfium heap-buffer-overflow in sycc422_to_rgb$5002016-10-02
556725Investigate legality of call to ContextGL in RenderThreadImpl::SharedWorkerContextProvider-2016-10-02
556724Security: Universal XSS via persistence of subframes$80002016-10-02
557800Heap-use-after-free in autofill::FormStructure::ParseQueryResponse-2016-10-02
556351Crash in password_manager::ContentPasswordManagerDriver::OnPasswordFormsParsed-2016-10-02
556584Heap-use-after-free in content::MemoryMessageFilter::OnChannelClosing-2016-10-02
574802ASSERTION FAILED: index < arraySize$30002016-10-02
574114Use-of-uninitialized-value in S32A_Opaque_BlitRow32_SSE4$10002016-10-02
573332Heap-buffer-overflow in xmlParseXMLDecl-2016-10-02
573317UX and Extensions API confusion when file: URLs have hostnames$5002016-10-02
573284Heap-buffer-overflow in blink::TimerBase::stop$35002016-10-02
573281Heap-use-after-free in blink::InlineWalker::InlineWalker-2016-10-02
572871Security: PureCall on CPWL_Edit::OnKillFocus$30002016-10-02
573886Heap-use-after-free in extensions::MimeHandlerViewContainer::DidFinishLoading-2016-10-02
572409Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer-2016-10-02
572408Use-of-uninitialized-value in v8::internal::compiler::VirtualState::MergeFrom-2016-10-02
572407Heap-use-after-free in blink::Node::assignedSlot-2016-10-02
572406Use-of-uninitialized-value in winding_mono_conic-2016-10-02
572404Heap-use-after-free in ash::WindowSelector::ContentsChanged$10002016-10-02
572537Security: heap-use-after-free in blink::NodeIteratorBase::root$30002016-10-02
572403Heap-buffer-overflow in SkARGB32_Opaque_Blitter::blitAntiH2-2016-10-02
572398Heap-use-after-free in content::WebMediaPlayerMSCompositor::StopRenderingInternal-2016-10-02
572224UNKNOWN in extensions::WebrtcAudioPrivateFunction::CalculateHMACImpl$10002016-10-02
571480ZDI-CAN-3447: New Vulnerability Report Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability-2016-10-02
571479ZDI-CAN-3432: New Vulnerability Report-2016-10-02
571121Security: Devtools loads any URL with remoteBase parameter-2016-10-02
571617Security: dev-tools: URIs can be copy&paste'd-2016-10-02
570750Security: Android Chrome download files into arbitrary sdcard directory$5002016-10-02
570618Vulnerability reported in dev-libs/libxml2-2016-10-02
570561Bad-cast to const blink::LayoutBox from blink::LayoutInline;LayoutBox.h:1001:1-2016-10-02
570427UaF in blink::SearchInputType::didSetValueByUserEdit-2016-10-02
570262Crash in v8::internal::Invoke-2016-10-02
571119Security: Extensions can open privileged URLs using tabs URL-2016-10-02
570261Heap-buffer-overflow in sctp_setopt-2016-10-02
570255Heap-buffer-overflow: LayoutObject should have height even if it is placed very far place-2016-10-02
570241Stack-buffer-underflow in v8::internal::QuickCheckDetails::Advance-2016-10-02
569956ASSERTION FAILED: !object || (object->isBox())-2016-10-02
569940Stack-buffer-underflow in v8::internal::Trace::AdvanceCurrentPositionInTrace-2016-10-02
569496Security: Universal XSS using Flash message loop$75002016-10-02
569420Heap-use-after-free in cricket::ChannelManager::RemoveVideoRenderer-2016-10-02
569170Heap-use-after-free in blink::ColorInputType::didChooseColor-2016-10-02
569043onmouseenter/leave + ES6 on window leaks functions between origins-2016-10-02
568889Stack-buffer-overflow in WebRtcIlbcfix_CreateAugmentedVec-2016-10-02
568885Stack-buffer-overflow in WebRtcSpl_ElementwiseVectorMult-2016-10-02
569284Heap-use-after-free in blink::Node::assignedSlot-2016-10-02
568796Use-after-poison in blink::OfflineAudioContext::resolveSuspendOnMainThread-2016-10-02
568745Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2016-10-02
568742Heap-buffer-overflow in gpu::gles2::GLES2Implementation::TexImage2D-2016-10-02
568741Use-of-uninitialized-value in re2::NFA::AddToThreadq-2016-10-02
568433Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::ReportWriteC$55002016-10-02
567956adobe.com is (incorrectly) reporting out of date Flash plugin-2016-10-02
568797Heap-use-after-free in content::RenderWidgetHostImpl::ScheduleComposite-2016-10-02
568744Heap-use-after-free in blink::ShapeOutsideInfo::isEnabledFor-2016-10-02
584223Heap-buffer-overflow in cmsDupNamedColorList-2016-10-02
584185Security: Heap-use-after-free in blink::LayoutObject::parent-2016-10-02
583563Heap-buffer-overflow in ConvertWOFF2ToTTF$10002016-10-02
583445UXSS in DocumentLoader::createWriterFor-2016-10-02
583354Crash in ff_get_qtpalette-2016-10-02
583171Security: Memory leak in libxslt$10002016-10-02
583156Security: Type confusion and UAF in libxslt$10002016-10-02
583718Heap-use-after-free in favicon::FaviconDriverImpl::DidDownloadFavicon$5002016-10-02
584155Security: General bypass of SRI validation for subresources located on the same origin$20002016-10-02
583607Security: Buffer overflow in Brotli decompression$10002016-10-02
582716Heap-buffer-overflow in vp9_update_noise_estimate-2016-10-02
582721Use-of-uninitialized-value in SkUnPreMultiply::PMColorToColor-2016-10-02
582713Use-after-poison in blink::WebGLObject::detach-2016-10-02
583039Use-of-uninitialized-value in xmlCurrentChar-2016-10-02
583041Use-of-uninitialized-value in xmlNextChar-2016-10-02
582705Negative-size-param in SkRBufferWithSizeCheck::read-2016-10-02
582703Crash in v8::internal::Runtime_FunctionGetScript-2016-10-02
582710Bad-cast to blink::ContextLifecycleObserver from invalid vptr;DOMTimer.cpp:140:9-2016-10-02
582701Crash in blink::AudioParamTimeline::valuesForFrameRangeImpl-2016-10-02
582700Bad-cast to blink::LayoutBox from blink::LayoutInline;LayoutBox.h:1001:1-2016-10-02
582699Crash (assert) in blink::AudioDelayDSPKernel::process$15002016-10-02
582707Crash in chrome-2016-10-02
582706ASSERTION FAILED: !object || (object->isLayoutBlock())-2016-10-02
582702Crash in v8::internal::compiler::InstructionSequence::GetRepresentation-2016-10-02
582695Heap-buffer-overflow in gpu::gles2::GLES2Implementation::TexImage2D-2016-10-02
582480Use-of-uninitialized-value in icuLikeCompare-2016-10-02
582471Use-of-uninitialized-value in WebRtcIsac_DecLogisticMulti2-2016-10-02
582470Use-of-uninitialized-value in icu_54::RegexCompile::doParseActions-2016-10-02
582211With --site-per-process, body of POST request is not delivered to XSSAuditor-2016-10-02
582698ASSERTION FAILED: !object || (object->isTableRow())-2016-10-02
582697ASSERTION FAILED: !object || (object->isBox())-2016-10-02
581905Use-of-uninitialized-value in xmlGROW-2016-10-02
582008Heap-use-after-free when a content script synchronously removes a frame at document_start or document_end$15002016-10-02
581839Use-of-uninitialized-value in xmlParserPrintFileContextInternal-2016-10-02
581836Use-of-uninitialized-value in xmlParseComment-2016-10-02
581294Vulnerability reported in libpng-2016-10-02
581908Security: Master tracking bug for chrome issue tracker libvpx fixes (January 2016)-2016-10-02
581901Use-of-uninitialized-value in WebRtcIsacfix_AllpassFilter2FixDec16C-2016-10-02
578193Heap-buffer-overflow in webrtc::VP9EncoderImpl::GetEncodedLayerFrame-2016-10-02
577105Security: Universal XSS by circumventing the unload event$75002016-10-02
579801Security: CSP isn't applied to Service Workers in Chrome$10002016-10-02
577970ClientSideDetectionHost::OnPhishingDetectionDone never get called-2016-10-02
580181Security: Reproducible tab crash when opening inspector due to DOM object corruption via marquee tag in svg-2016-10-02
576867Security: Google Chrome <any version> Extensions Web Accessible Resources Bypass$5002016-10-02
576383Security: UaF in MidiHost round 2 (JS -> Browser code execution)-2016-10-02
575220Heap-buffer-overflows in sqlite3 when REGEXP keyword is used-2016-10-02
575206Heap-buffer-overflow in icu_54::RegexCompile::nextCharLL-2016-10-02
575205Heap-buffer-overflow in icuLikeCompare (called from sqlite3_step)-2016-10-02
576910Crash in SkRBufferWithSizeCheck::read-2016-10-02
576908Heap-buffer-overflow in SkPaint::unflatten-2016-10-02
590118Security: Universal XSS using an intercepted native function$75002016-10-02
589848Heap-use-after-free in FT_New_Size$30002016-10-02
589838Security: type confusion in blink::BaseButtonInputType::valueAttributeChanged$50002016-10-02
589792Security: [v8] Out of bound(??) memory write with asm.js$50002016-10-02
589512Use-of-uninitialized-value in ebml_read_num$15002016-10-02
589237Security: HTTP 302 can navigate to non-web-accessible chrome-extension:// URIs-2016-10-02
589186Security: use after free in memory-only disk cache-2016-10-02
590247Security: use-after-poison in blink::PersistentBase with FileSystemSync in a Shared Worker$35002016-10-02
590284Security: RWHI UaF from bad fullscreen widget routing id$105002016-10-02
588711Security: chrome canary chrome_child!blink::LayoutTableSection::layout UAF bug-2016-10-02
588566Crash in blink::DocumentThreadableLoader::cancelWithError-2016-10-02
588862Security: kernel CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver-2016-10-02
588552Heap-use-after-free in blink::DepthOrderedLayoutObjectList::ordered-2016-10-02
588550Heap-use-after-free in blink::CanvasAsyncBlobCreator::createBlobAndCall$35002016-10-02
588548LayoutText::setTextWithOffset() should handle ::first-letter-2016-10-02
587897Update libxml to 2.9.3 or latest-2016-10-02
587852Use-of-uninitialized-value in WebRtcIsac_DecLogisticMulti2-2016-10-02
588200Global-buffer-overflow in XFA_FM_KeywordToString-2016-10-02
587227ZDI-CAN-3563: New Vulnerability Report-2016-10-02
586798Heap-use-after-free in ASN1_STRING_free-2016-10-02
586820Security: Timing attack on SVG feComposite filter circumvents same-origin policy-2016-10-02
586765Security: ASSERTION FAILED: obj->isLayoutInline() || obj == this in blink::LayoutBlockFlow::createLineBoxes-2016-10-02
586800Use-of-uninitialized-value in lh_retrieve-2016-10-02
586657Directory traversal on file:// via escaped slashes$5002016-10-02
586494Security: heap-use-after-free in blink::LayoutObject::parent-2016-10-02
586722Heap-use-after-free in blink::LayoutObject::markContainerChainForPaintInvalidation-2016-10-02
586720Heap-use-after-free in blink::InlineFlowBox::addToLine$35002016-10-02
586721Heap-use-after-free in blink::PaintArtifact::appendToWebDisplayItemList-2016-10-02
586079Heap-buffer-overflow in sqlite3VdbeMemSetStr-2016-10-02
585707Heap-use-after-free in media::GpuMemoryBufferVideoFramePool::PoolImpl::GetOrCreateFrameResources-2016-10-02
585704Bad-cast to blink::LayoutBox from blink::LayoutInline;LayoutBox.h:1045:1-2016-10-02
586266Security: heap-use-after-free in blink::LayoutObject::LayoutObjectBitfields::selfNeedsLayout$30002016-10-02
585698Use-of-uninitialized-value in SkUnPreMultiply::PMColorToColor-2016-10-02
585701LayoutText::previousOffsetForBackwardDeletion() should consider first-letter-2016-10-02
585595Heap-use-after-free in scheduler::internal::TaskQueueImpl::GetTimeDomain-2016-10-02
585282Restricted web APIs can easily be accessed from Chrome apps$10002016-10-02
585268Heap-use-after-free in LoadWatcher::CallbackAndDie (chrome.app.window.create)$20002016-10-02
585699Use-of-uninitialized-value in blink::LayoutObject::containingBlock-2016-10-02
585658Security: Upstream bug reported in NSS-2016-10-02
595656Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer$35002016-10-02
595836libANGLE buffer-overflow (part of pwn2own exploit)-2016-10-02
595514Security: Navigating to "chrome://" URLs inside pdf (iOS)$5002016-10-02
595339Security: Navigating to "chrome://" URLs and "file://" URLs via window.open()$5002016-10-02
595262Heap-buffer-overflow in xmlParseEndTag2-2016-10-02
595259Crash in v8::internal::StackFrameIterator::StackFrameIterator$35002016-10-02
594958Crash in v8::internal::MarkCompactMarkingVisitor::MarkObjectByPointer-2016-10-02
594574Security: v8 Array.concat OOB access writeup$75002016-10-02
594512Use-of-uninitialized-value in Decode-2016-10-02
594383Security: UXSS via window.open() via file:// pages$30002016-10-02
593759Security: Proxy Auto-Config SSL/TLS Url Disclosure$5002016-10-02
593690Use-of-uninitialized-value in xmlParseEndTag2-2016-10-02
594120Heap-use-after-free in FXJS_GetPrivate$50002016-10-02
592956Security: XSS on NTP-2016-10-02
591785ZDI-CAN-3594: New Vulnerability Report-2016-10-02
592361Use-of-uninitialized-value in v8::InstantiateModuleFromAsm-2016-10-02
590882Chrome: Crash Report - gfx::Image::ToImageSkia-2016-10-02
590801Use-of-uninitialized-value in blink::CSSParserToken::operator==-2016-10-02
590620Heap-use-after-free in blink::FrameView::performLayout$35002016-10-02
590619Container-overflow in blink::HTMLMenuItemElement::defaultEventHandler-2016-10-02
591402Tracking bug for internal fixes: Chrome M49, release 0-2016-10-02
590832Security: Lazy bailout from TurboFan after CompareIC is wrong-2016-10-02
590615Heap-buffer-overflow in i2c_ASN1_INTEGER-2016-10-02
590610Bad-cast to const blink::WebPasswordCredential from blink::WebCredential;credential_manager_content_utils.cc:26:9-2016-10-02
601801Security: Unsigned wraparound in a multiply in kbasep_vinstr_attach_client leads to a heap overflow.-2016-10-02
601737content/ should destroy ImageDownloaderImpl() before shutting down Blink-2016-10-02
601706Security: Universal XSS using a flaw in the load deferral logic$75002016-10-02
601629Security: Read access violation on same-origin, cross-process frames$30002016-10-02
601362Security: PDFium Out-of-Bounds Read in CFX_FaceCache::RenderGlyph$10002016-10-02
602046ZDI-CAN-3655: Google Chrome PDFium JPEG Out-Of-Bounds Read Information Disclosure Vulnerability-2016-10-02
600977Use-of-uninitialized-value in webrtc::RTCPReceiver::HandleRPSI-2016-10-02
601234Security: SDCH Get-Dictionary follows cross-domain redirects-2016-10-02
600777Security: Merge bug for pdfium:419-2016-10-02
600735Heap-use-after-free in blink::LayoutObject::isAnonymousBlock-2016-10-02
600953Global-buffer-overflow in WebRtcIsacfix_PitchFilterCore-2016-10-02
600182Security: Universal XSS using deferred history loads$75002016-10-02
600671Use-of-uninitialized-value in base::Pickle::WriteData-2016-10-02
599861Heap-use-after-free in blink::PaintLayer::removeChild-2016-10-02
599855Use-of-uninitialized-value in blink::PaintLayerScrollableArea::invalidateAllStickyConstraints-2016-10-02
599854Crash in sk_ssse3::blit_mask_d32_a8-2016-10-02
599849Heap-use-after-free in blink::LayoutBoxModelObject::invalidateStickyConstraints$35002016-10-02
599846Heap-buffer-overflow in media::AudioBuffer::ReadFrames-2016-10-02
599866Heap-use-after-free LayoutBoxModelObject::continuation() (NO STACK)-2016-10-02
599627Bad-cast to blink::LayoutBlock from blink::LayoutTableRow;LayoutBlock.h:515:1-2016-10-02
599625Heap-buffer-overflow in media::AudioBus::AudioBus-2016-10-02
599458Use-of-uninitialized-value in sk_sse41::blit_row_s32a_opaque-2016-10-02
599409Crash in v8::internal::Invoke-2016-10-02
599081Security: GPU process BufferManager double-reads-2016-10-02
599003RUNTIME_ASSERT in map->IsMap() in src/heap/spaces.cc-2016-10-02
598848Crash in SkResizeFilter::computeFilters-2016-10-02
598752kMainSRTDownloadURL is HTTP$5002016-10-02
598312Security: ChromeOS accepts ICMP redirects-2016-10-02
598077Cross-Origin CSS Attack with Service Worker$5002016-10-02
598047Address bar not updated when returning from network error page.-2016-10-02
597636Security: Possible double-reads in GPU command buffer code.-2016-10-02
597625Security: GPU process MailboxManagerImpl double-reads-2016-10-02
598165Security: Universal XSS via the interception of |Binding| with Object.prototype.create$75002016-10-02
597926Heap-buffer-overflow in SkOpContour::operand$5002016-10-02
597333CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption-2016-10-02
596862Security: Block GPU Process Opening Renderer Processes-2016-10-02
597518Tracking bug for internal fixes: Chrome M49, release 2-2016-10-02
597322Security: URL spoof + iframe spoof$10002016-10-02
597532Security: Universal XSS using a FrameNavigationDisabler bypass$75002016-10-02
606390Security: V8ValueConverter::ToV8Value is insecure (e.g. heap-use-after-free in MimeHandlerViewContainer::PostMessage$35002016-10-02
606185Heap-buffer-overflow in CopyAlphaChannelIntoVideoFrame$10002016-10-02
606181Security: Due to out of index of 'Node' object , attacker can control all contents of 'Node' object$10002016-10-02
606115Security: Use After Free in RegExp of V8$30002016-10-02
605491Use-of-uninitialized-value in CPDF_TextPage::PreMarkedContent-2016-10-02
605488Bad-cast to v8::internal::AstNode from invalid vptr;wasm-js.cc:138:7-2016-10-02
605480Heap-use-after-free in base::trace_event::BlameContext::Enter-2016-10-02
605910Security: Universal XSS using iterables$75002016-10-02
605766Security: Universal XSS through adopting image elements$80002016-10-02
605470Crash in v8::internal::Invoke$35002016-10-02
605476Heap-use-after-free in extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered-2016-10-02
604901Security: Persistent UXSS via SchemaRegistry$75002016-10-02
605474Bad-cast to net::QuicSpdySession from net::QuicSession;quic_spdy_stream.cc:41:3-2016-10-02
605451CSP 'referrer' directive ignored for preload requests$5002016-10-02
604897Compiled regexps execute incorrectly on function source strings$10002016-10-02
603748Security: Leak of extension privates via utils module$10002016-10-02
603725Security: Web pages can load arbitrary extension modules$40002016-10-02
603682Pinned TLS public keys (HPKP) evicted after clearing cache$5002016-10-02
603518Security: PDFium Out-of-Bounds Read in CPDF_DeviceCS::TranslateImageLine$10002016-10-02
603732Security: Heap-use-after-free via GCCallback$30002016-10-02
602970Security: type confusion lead to information leak in decodeURI$75002016-10-02
602975Use-of-uninitialized-value in woff2::ConvertWOFF2ToTTF-2016-10-02
602697Tracking bug for internal fixes: Chrome M50, release 0-2016-10-02
602273Use-after-poison in blink::MediaStreamSource::setReadyState-2016-10-02
602185Heap-buffer-overflow in fixup_vorbis_headers-2016-10-02
602271Heap-use-after-free in blink::LayoutListItem::updateMarkerLocation-2016-10-02
612364Security: Heap buffer overflow from unchecked length in mojo::edk::ports::Message::Parse-2016-10-02
612132Security: Bypass CORS check by reopening XHRs-2016-10-02
612023Heap-buffer-overflow in setup_frame_size_with_refs-2016-10-02
612021Undefined-shift in vp9_parse_superframe_index-2016-10-02
611887Security: Multiple vulnerabilities in mojo channel implementation-2016-10-02
612049Heap-use-after-free in content::MediaStreamVideoSource::RemoveTrack-2016-10-02
611352Heap-use-after-free in CFX_StringDataTemplate<wchar_t>::Retain()$35002016-10-02
610990Heap-use-after-free in blink::LayoutImage::styleDidChange-2016-10-02
610989Heap-use-after-free in content::PermissionServiceImpl::CancelPendingOperations-2016-10-02
610987Heap-use-after-free in v8::Isolate::VisitHandlesWithClassIds$35002016-10-02
610985Heap-use-after-free in blink::LayoutTextFragment::setTextFragment-2016-10-02
610979Heap-use-after-free in blink::PrintContext::pageNumberForElement-2016-10-02
610973Heap-use-after-free in std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje-2016-10-02
611782Heap-buffer-overflow in ReadScalar<unsigned-2016-10-02
610966Heap-use-after-free in v8::internal::ElementsAccessorBase<v8::internal::TypedElementsAccessor<-2016-10-02
610799Heap use after free in WorkerTarget::~WorkerTarget-2016-10-02
610645Heap-buffer-overflow in SkAAClipBlitter::blitMask-2016-10-02
610643Heap-use-after-free in blink::DeferredTaskHandler::handleDirtyAudioNodeOutputs$35002016-10-02
610600sandbox escape using ppapi broker$150002016-10-02
610646Bad-cast to const blink::WebPasswordCredential from blink::WebCredential;type_converters.cc:87:9-2016-10-02
610400Security: Bypass CORS using XHR and service workers-2016-10-02
610441Security: Upgrade-Insecure-Requests does not perform Navigational Upgrades-2016-10-02
610337Heap-buffer-overflow in epoll_add-2016-10-02
609286extensions can bypass native messaging origin whitelisting-2016-10-02
609260Security: heap-buffer-overflow in SkRegion::RunHead::findScanline$10002016-10-02
609134Crash in v8::Object::FindInstanceInPrototypeChain-2016-10-02
609097Use-of-uninitialized-value in DetermineTextLanguage-2016-10-02
608817Heap-use-after-free in blink::LayoutObject::containingBlock$35002016-10-02
608156Security: Heap-use-after-free in MessagingBindings::DispatchOnConnect-2016-10-02
608104Security: Heap-use-after-free in RuntimeCustomBindings::GetExtensionViews$15002016-10-02
608101Security: Heap-use-after-free in autofill components$10002016-10-02
608100Security: Heap-use-after-free in AutofillAgent::FillFieldWithValue$10002016-10-02
607939Security: Devtools allows running privileged scripts via XSS on chrome-devtools-frontend.appspot.com$35002016-10-02
607921Security: Heap-use-after-free in ProfileInfoCache::SetAuthInfoOfProfileAtIndex$10002016-10-02
607722Heap-buffer-overflow in void v8::internal::String::WriteToFlat<unsigned short>-2016-10-02
607721Use-of-uninitialized-value in woff2::ConvertWOFF2ToTTF-2016-10-02
607652Tracking bug for internal fixes: Chrome M50, release 2-2016-10-02
607543An https iframe in an http page can use service worker$10002016-10-02
607483Security: Universal XSS converting IDL array/sequence values-2016-10-02
618027Use-of-uninitialized-value in webrtc::H264::ParseRbsp-2016-10-02
617997Crash in v8::internal::LargeObjectSpace::FindPage-2016-10-02
618237Security: heap-use-after-free in getLineLayoutItem$30002016-10-02
617531Heap-buffer-overflow in webrtc::H264::ParseRbsp-2016-10-02
617495Security: Universal XSS via same document navigations$75002016-10-02
617104Security: access-violation in blink::ScriptState::from$10002016-10-02
617635Crash in FixWinding$35002016-10-02
617536Use-of-uninitialized-value in webrtc::RtpDepacketizerH264::ProcessStapAOrSingleNalu-2016-10-02
616970Heap-use-after-free in extensions::ExtensionKeybindingRegistry::IsAcceleratorRegistered-2016-10-02
616488Security: web_accessible_resources can be bypassed when Chrome runs in a site isolation mode.-2016-10-02
616386Security: Arbitrary Memory Read in v8$50002016-10-02
616352Heap-buffer-overflow in blink::concatenateFamilyName-2016-10-02
617097Heap-buffer-overflow in webrtc::RtpDepacketizerH264::ProcessStapAOrSingleNalu-2016-10-02
615910upgrade-insecure-requests is not upgrading iframe sources-2016-10-02
615820Heap-buffer-overflow in copy (in GURL::ReplaceComponents() )-2016-10-02
616119Heap-use-after-free in extensions::ConstructFileSystemList-2016-10-02
614962AddressSanitizer: heap-buffer-overflow on address 0x7f4a13edc800$10002016-10-02
614989Security: bypassing CORS by returning 308 for revalidating request for Resource previously without redirects from MemoryCache-2016-10-02
614934Security: sfntly font parsing heap-buffer-overflow$5002016-10-02
614701Heap-buffer-overflow in setup_frame_size_with_refs-2016-10-02
613915ASSERTION FAILED: i < m_len-2016-10-02
613971Security: bypass CORS check by returning 304 from URL that previously returned 308 during revalidation from MemoryCache-2016-10-02
613918Use-of-uninitialized-value in SkEvalCubicAt-2016-10-02
614767Tracking bug for internal fixes: Chrome M51, release 0-2016-10-02
614405Security: update libxml to 2.9.4-2016-10-02
613905Crash in v8::base::NoBarrier_Load-2016-10-02
613869Security: heap-use-after-free in blink::LayoutBox::shapeOutsideInfo$30002016-10-02
613698Security: mojo: Unchecked ports message payload lengths leading to buffer overflows and uafs-2016-10-02
613626Credential Phishing via Transparent Authenticating Proxy Vector$10002016-10-02
613907Bad-cast to blink::LayoutObject from blink::PaintLayer;LayoutTableSection.cpp:831:18-2016-10-02
613607Global-buffer-overflow in XFA_GetMethodByName-2016-10-02
613496Crash in v8::internal::Invoke-2016-10-02
613488Crash in v8::internal::Invoke-2016-10-02
613300Client-local parts of surface ID should be 64-bit and randomly generated-2016-10-02
613266Security: Universal XSS via reentrancy in FrameLoader::startLoad$75002016-10-02
613160Security: Cisco Talos Security Advisory for Google chrome product - TALOS-CAN-0174$30002016-10-02
612939Security: Wrong origin security indicators in Chrome Custom Tab-2016-10-02
612613Security: Heap buffer overflows from unchecked payload_size in mojo::edj::BrokerHost::OnChannelMessage-2016-10-02
612458Incorrect origin sent with message event in some cases-2016-10-02
623186Crash in v8::internal::JavaScriptFrame::receiver-2016-10-02
623193Stack-use-after-return in v8::internal::JsonStringifier::Result v8::internal::JsonStringifier::Serialize_<-2016-10-02
623185Heap-buffer-overflow in content::WriteMemory-2016-10-02
622522Security: unchecked size in mojo::Channel::Deserialize leads to memory corruption.-2016-10-02
622351Bad-cast to v8::internal::PagedSpace from v8::internal::SemiSpace-2016-10-02
622350Memcpy-param-overlap in CCodec_ProgressiveDecoder::GifReadMoreData-2016-10-02
622664Stack-use-after-return in v8::internal::HandleBase::IsDereferenceAllowed$35002016-10-02
622183Security: Chrome Address Bar URL spoofing on IOS$30002016-10-02
621849Heap-use-after-free in cc::SurfaceManager::Destroy-2016-10-02
621550Crash in v8::internal::StackTraceFrameIterator::Advance-2016-10-02
621547Bad-cast to blink::BlobCallback from invalid vptr;void WTF::PartBoundFunctionImpl<;base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void-2016-10-02
622344Use-of-uninitialized-value in blink::Font::canShapeWordByWord-2016-10-02
621115Use-of-uninitialized-value in blink::Font::canShapeWordByWord-2016-10-02
621111Fatal error in v8::internal::List<T, P>::Add()-2016-10-02
620949Security: Adobe Flash PSDK.Object Use After Free$50002016-10-02
620766Heap-use-after-free in cc::DrawPolygon::Split-2016-10-02
620758Heap-buffer-overflow in epoll_add-2016-10-02
620754Use-after-poison in blink::CrossThreadPersistentRegion::prepareForThreadStateTermination-2016-10-02
620750Crash in v8::internal::Heap::AllocateHeapNumber-2016-10-02
620694Incorrect packet size check leads to heap-buffer-overflow in pseudotcp-2016-10-02
620553Security: V8 OOB Read(?) in GC with Array Object.$50002016-10-02
620737Security: Chrome does not distinguish between http and https proxies when saving passwords-2016-10-02
620277Security: heap buffer overflow when calling RtpHeader::Parse on untrusted data-2016-10-02
619405Security: Heap Buffer Overflow in opj_j2k_read_SQcd_SQcc$35002016-10-02
619382Use-of-uninitialized-value in long v8::internal::Simulator::AddWithCarry<long>-2016-10-02
619380Use-of-uninitialized-value in blink::FloatingObject::unsafeClone-2016-10-02
619378Crash in Sk4px::Load4-2016-10-02
619373Use-after-poison in blink::CrossThreadPersistentRegion::prepareForThreadStateTermination-2016-10-02
619372Heap-buffer-overflow in usrsctp_dumppacket-2016-10-02
619371Crash in SkAutoCanvasMatrixPaint::SkAutoCanvasMatrixPaint-2016-10-02
619355Security: XSS issue in Google Mail-2016-10-02
619006Security: Information leak in xsltFormatNumberConversion (libxslt)$15002016-10-02
618625Security: TSAN: data race in media::FFmpegDemuxer::~FFmpegDemuxer$20002016-10-02
609042Heap-buffer-overflow in Read-2016-10-02

Questions? Ask @SecurityMB