Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2017

Options
#Summary$$$Disclosure date
765512Security: METHOD_LOCALTIME browser->renderer infoleak$33372017-12-31
616671Security: PDFium: Yet Another Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline-2017-12-30
705778Android: Omnibox doesn't elide origins correctly-2017-12-30
760032Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2017-12-30
765301Crash in v8::internal::Invoke-2017-12-30
765495Security: heap-use-after-free ScriptProcessorHandler::FireProcessEvent$30002017-12-30
767052Crash in v8::internal::Invoke-2017-12-30
766957Security: UAF in CPWL_Edit::OnChar$50002017-12-30
767959Crash in v8::internal::Invoke-2017-12-30
730379Heap-buffer-overflow in displayP4-2017-12-29
656479Security: heap-buffer-overflow in pdfium-2017-12-28
766996CrOS: Vulnerability reported in net-nds/openldap-2017-12-28
750239Security: IDN spoofing with Combining Dot Above U+0307$5002017-12-27
761710Heap-use-after-free in v8::Shell::RealmCurrent-2017-12-27
762904CVE-2017-14156 CrOS: Vulnerability reported in Linux kernel-2017-12-27
765871CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #NUMBER in simplifi-2017-12-27
765921Security: UAF in CPWL_Caret::SetCaret$50002017-12-27
627300Security: ChromeVox on ChromeOS uses HTTP without SSL for some requests:$5002017-12-26
682707Security: DCHECK failure in MessagePort destructor in Blink-2017-12-26
764477Security: Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250-2017-12-25
765433Security: V8 JIT escape analysis bug$75002017-12-25
760445Stack-buffer-overflow in content::BlinkTestController::OnAllServiceWorkersCleared-2017-12-24
760455Security: Use-after-free in CPWL_Edit::OnKillFocus()$30002017-12-23
764320Heap-use-after-free in _ZN7logging22MakeCheckOpValueStringIPcEENSt3__19enable_ifIXaasr4base8internal23S-2017-12-23
765647Use-of-uninitialized-value in mojo::edk::Core::CreateDataPipe-2017-12-23
765384Security: UAF in CFFL_InteractiveFormFiller::OnBeforeKeyStroke$30002017-12-23
763842Security: WebRtc - Heap Buffer Overflow in cricket::Codec::Matches()$10002017-12-22
764177Security: PDFium Out-Of-Bounds Read in CJPX_Decoder::Decode$30002017-12-22
759354Heap-use-after-free in blink::PaintLayerScrollableArea::Box-2017-12-21
761615CVE-2017-14051 CrOS: Vulnerability reported in Linux kernel-2017-12-20
762487Security: Broadcom WiFi firmware vulnerabilities CVE-2017-11122 CVE-2017-11120-2017-12-20
762903CVE-2017-14140 CrOS: Vulnerability reported in Linux kernel-2017-12-20
763645CVE-2017-13715 CrOS: Vulnerability reported in Linux kernel-2017-12-20
763683DCHECK failure in !__isolate__->has_pending_exception() in runtime-proxy.cc-2017-12-20
763724Heap-use-after-free in SkImage::getTextureHandle-2017-12-20
764425CVE-2017-1000251: CrOS: Security: Blueborne vulnerabilities in bluetooth stacks-2017-12-20
761278Security DCHECK failure: !object || (object->IsARIARow()) in AXARIAGridRow.h-2017-12-19
761801Security: heap-use-after-free in WebAudio$30002017-12-19
762374Security: PDFium Heap Buffer Overflow Vulnerability in OpenJPEG$63372017-12-19
762439Security: Check brcmfmac to see whether bcmdhd vulnerabilities are present-2017-12-19
763383DCHECK failure in IsWasmExportedFunction(object) in wasm-objects.cc-2017-12-19
764073Unknown exception in RaiseException-2017-12-19
764196CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-12-19
762874Security: off by one in TurboFan range optimization for String.indexOf-2017-12-18
759355Use-of-uninitialized-value in blink::LayoutText::LocalSelectionRect-2017-12-17
756563Security: Out-Of-Bounds Read Vulnerability in Skia$10002017-12-16
759288CrOS: Vulnerability reported in net-vpn/strongswan-2017-12-16
762106PDFium TIFF Image Flate Decoder Code Execution Vulnerability$20002017-12-16
763097Security: One byte OOB write in DTLS-2017-12-15
761831DCHECK failure in !already_resolved_ in scopes.cc-2017-12-14
762472DCHECK failure in !isolate->has_pending_exception() in asm-js.cc-2017-12-14
762451CVE-2017-14106 CrOS: Vulnerability reported in Linux kernel-2017-12-14
761617Heap-use-after-free in blink::BaseAudioContext::IsDestinationInitialized-2017-12-13
761626Stack-buffer-overflow in FPDFText_GetText-2017-12-13
761639DCHECK failure in !receiver_map->IsJSGlobalObjectMap() in ic.cc-2017-12-13
761654CHECK failure: len->ToUint32(&int_l) in builtins-typedarray.cc-2017-12-13
749031CVE-2017-11472: CrOS: Vulnerability reported in Linux kernel-2017-12-09
749032CVE-2017-11473: CrOS: Vulnerability reported in Linux kernel-2017-12-09
749033CVE-2017-7542: CrOS: Vulnerability reported in Linux kernel-2017-12-09
759287CVE-2017-12762 CrOS: Vulnerability reported in Linux kernel-2017-12-09
761126Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::LayoutObject::ContainerForFixedPosition;blink::LayoutObject::Container-2017-12-09
761376Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::ReplaceSelectionCommand::DoApply;blink::CompositeEditCommand::Apply-2017-12-09
761354CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in objects-inl-2017-12-09
611420WebAccessibleResources take too long to make a decision about loading if the extension is installed-2017-12-08
745580Security: Chrome extensions UI does not respect IDN display policy-2017-12-08
759224Security: Memory Corruption in Chrome-2017-12-08
759111Security: Rendertron bugs-2017-12-07
760116DCHECK failure in scope_data->get(index_++) == static_cast<uint32_t>(name->length()) in preparsed--2017-12-07
760112Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'-2017-12-07
760793Use-of-uninitialized-value in InstantController::ResetInstantTab-2017-12-07
740278Unused attributes may be read out-of-bounds by drivers-2017-12-06
749228Security: buffer overrun in ReplaceSubstringsAfterOffset-2017-12-06
752003Security: URL spoofing via crafted flash file and UI overlay$10002017-12-06
754424Use-of-uninitialized-value in Document::MergePartialFromCodedStream-2017-12-06
756316Heap-use-after-free in extensions::ExtensionMessageBubbleController::UpdateExtensionIdList-2017-12-06
755854afl_webcrypto_rsa_import_key_pkcs8_fuzzer <no crash state available>-2017-12-06
759294Heap-buffer-overflow in media::mp4::TrackRunIterator::IsSampleEncrypted-2017-12-06
760035Global-buffer-overflow in media::VideoDecodeStatsReporter::UpdateFrameRateStability-2017-12-06
760049Bad-cast to const media::mp4::VideoSampleEntry from invalid vptr;media::mp4::TrackRunIterator::Init;media::mp4::MP4StreamParser::ParseMoof-2017-12-06
760268DCHECK failure in __isolate__->has_scheduled_exception() in runtime-proxy.cc-2017-12-06
598265Security: Bypassing web_accessible_resources protections$5002017-12-05
752423[wasm] OOB access in v8 wasm after Symbol.toPrimitive overwrite$30002017-12-05
756289Use-of-uninitialized-value in fclamp-2017-12-05
757705Security: heap-use-after-free(ProbeForLowSeverityLifetimeIssue) in PDFium-2017-12-05
759624V8 type confusion in Web Assembly [$75002017-12-05
760056Heap-use-after-free in TetrahedralInterpFloat-2017-12-05
271996SOP not observed for local storage for file: URLs-2017-12-05
757199DCHECK failure in result->owns_descriptors() in objects.cc-2017-12-04
743135Crash in TetrahedralInterpFloat-2017-12-02
752725Heap-buffer-overflow in TetrahedralInterpFloat - pdf_codec_icc_fuzzer-2017-12-02
756523Use-of-uninitialized-value in content::mojom::URLLoaderFactoryStubDispatch::Accept-2017-12-02
757412Bad-cast to content::ResourceMessageFilter from invalid vptr;content::ResourceMessageFilter::CreateLoaderAndStart;content::mojom::URLLoaderFactoryStubDispatch::Accept-2017-12-02
758283Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'-2017-12-02
758472DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod-2017-12-02
749851Bad-cast to media::WebMediaPlayerImpl from content::WebMediaPlayerMS;content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl;content::RendererBlinkPlatformImpl::CreateHTMLVideoElementCapturer-2017-12-01
755007conent_shell: Heap-use-after-free in net::NetLog::AddEntry-2017-12-01
757217DCHECK failure in !it.done() in module-compiler.cc-2017-11-30
757506UAF in in CPWL_ListCtrl::~CPWL_ListCtrl()-2017-11-30
758096CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #5 in simplified-lo-2017-11-30
755044DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h-2017-11-29
755056Security: It is currently possible to sideload non Play Store apks on a Chromebook in Verified Boot (non-Dev) mode via adb.$5002017-11-29
756522Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-11-29
747847Security: CSP not inherited after navigation to JavaScript scheme uri$10002017-11-28
754145Security: Access to freed stack memory in blink::PerformanceMonitor::Did()$5002017-11-28
756733Security: Out of bounds at FindSharedFunctionInfo in v8$30002017-11-28
757227CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-11-28
757157Crash in v8::internal::Invoke-2017-11-26
752544Heap-use-after-free in blink::PaintLayerScrollableArea::Box-2017-11-25
754205CrOS: CVE-2017-7533: Vulnerability reported in Linux kernel-2017-11-25
753722Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed-2017-11-25
756332DCHECK failure in !node->is_rewritten() in pattern-rewriter.cc-2017-11-25
756608ProxyHasProperty stub crashes when trap is a Smi$35002017-11-25
756959Use-of-uninitialized-value in profiling::MemlogClient::~MemlogClient-2017-11-25
756963DCHECK failure in kMaxUInt32 != index_ in lookup.h-2017-11-25
755501Heap-use-after-free in media::PipelineIntegrationTestBase::CheckFirstAudioPacketTimestamp-2017-11-24
734729Compromised renderer can draw form validation bubbles over omnibox-2017-11-23
752796Unknown exception in KERNELBASE.dll after CPDF_Parser::ParseAndAppendCrossRefSubsectionData-2017-11-23
732751Security: Referer leakage in chrome debug protocol-2017-11-22
751147Heap-use-after-free in blink::InlineFlowBox::RemoveChild-2017-11-22
527499Security: SAN-01-001 Angular ngSanitize using Unicode Whitespace & innerHTML in Blink-2017-11-21
740367Use-after-poison in blink::EventListenerIterator::NextListener-2017-11-21
746909CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h-2017-11-21
749397Heap-buffer-overflow in xmlSAX2AttributeNs-2017-11-20
750430Heap-buffer-overflow in xmlStrndup-2017-11-20
752476Heap-buffer-overflow in GetAt-2017-11-19
675658Security: Malicious WebGL page can capture and upload contents of other tabs$20002017-11-18
746517alert() titles from apps leak to webpages in the same process$5002017-11-18
750066Security DCHECK failure: i < length_ in StringImpl.h-2017-11-18
751193Security DCHECK failure: offset + length <= text.TextLength() in TextRunConstructor.cpp-2017-11-18
752480Heap-buffer-overflow in CFX_WideString::GetAt-2017-11-18
754231Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-18
754560Heap-use-after-free in v8_inspector::InjectedScript::ProtocolPromiseHandler::cleanup-2017-11-18
701724Heap-buffer-overflow in v8::internal::Simulator::DecodeType2-2017-11-17
751789DCHECK failure in !is_async_function() in parser-base.h-2017-11-17
752494Use-after-poison in blink::EventListenerMap::Add-2017-11-17
753293Bad-cast to blink::EventListenerblink::EventTarget::TraceWrappers;blink::TraceTrait<blink::AccessibleNode>::TraceMarkedWrapper;blink::ScriptWrappableVisitor::AdvanceTracing-2017-11-17
753718Bad-cast to blink::ScriptWrappableblink::DOMDataStore::SetReturnValueFast;blink::V8Window::namedPropertyGetterCustom;blink::V8Window::namedPropertyGetterCallback-2017-11-17
754209DCHECK failure in InOldSpace(object) || InNewSpace(object) in heap.cc-2017-11-17
754518<no crash state available>-2017-11-17
724880Heap-buffer-overflow in gfx::internal::TextRunHarfBuzz::GetClusterAt-2017-11-16
752478Use-of-uninitialized-value in check_edge_against_rect-2017-11-16
752537Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-16
752715Heap-use-after-free in blink::LayoutSelection::ClearSelection-2017-11-16
752764DCHECK failure in size <= SeqOneByteString::kMaxSize in heap.cc-2017-11-16
752941Heap-buffer-overflow in blink::TextIteratorTextState::AppendTextTo-2017-11-16
752832Heap-buffer-overflow in GrTextUtils::DrawDFPosText-2017-11-16
753616CHECK failure: Unexpected operator #59:(null) @ node #NUMBER in instruction-selector.cc-2017-11-16
753813Use-of-uninitialized-value in SkMatrix::computeTypeMask-2017-11-16
753896DCHECK failure in var->mode() == VAR in scopes.cc-2017-11-16
754088CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-11-16
697481Use-of-uninitialized-value in FPDFAPI_inflate-2017-11-15
735448CHECK failure: Code::WASM_TO_JS_FUNCTION == code->kind() in wasm-interpreter.cc-2017-11-15
748472Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-15
749853Use-after-poison in blink::EventListenerIterator::NextListener-2017-11-15
750009Heap-buffer-overflow in mov_read_trun-2017-11-14
752149Security: Arbitrary bad cast in optimized Javascript code$75002017-11-14
752481CHECK failure: args[1]->IsJSReceiver() in runtime-object.cc-2017-11-14
752491Use-of-uninitialized-value in DES_set_key-2017-11-14
752712Crash in v8::internal::Invoke-2017-11-14
752829Security: PDFium calls PartitionFree() on heap memory returned by opj_calloc()$35002017-11-14
752833Heap-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase-2017-11-14
752846CHECK failure: args[2]->IsJSReceiver() in runtime-proxy.cc-2017-11-14
766276Security: persistence with cryptohomed stateful recovery-2017-11-13
766275Security: chronos to root with crash reporter and /tmp symlink-2017-11-13
766271Security: crosh to chronos with awk injection-2017-11-13
766262Security: privesc to war-extensions with PageState-2017-11-13
766260Security: WebAsm OOB ArrayBuffer-2017-11-13
766253Chrome OS exploit: WebAsm, Site Isolation, crosh, crash reporter, cryptohomed$1000002017-11-13
752492Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-12
709464Detecting the presence of extensions through timing attacks (including Incognito)-2017-11-11
750993Security: heap-use-after-free in PDFium$30002017-11-11
752177Security: `String` not isolated from global in ReadableStream.js, allowing out-of-order JavaScript execution$10002017-11-11
752483CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc-2017-11-11
752496Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-11
777737Security: Google Chrome renders text file as HTML under file:// protocol-2017-11-10
741244Heap-buffer-overflow in media::BitReaderCore::Refill-2017-11-10
751062CVE-2017-7541: CrOS: Vulnerability reported in Linux kernel-2017-11-10
751672CHECK failure: deopt_data->get(1)->ToInt32(&index) in wasm-interpreter.cc-2017-11-10
751109CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc-2017-11-09
751403Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751463Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751404Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751572Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
749260Crash in _sk_gather_bgra_avx-2017-11-08
749389Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-08
749472Crash in GrAtlasTextBlob::Run::SubRunInfo::maskFormat-2017-11-08
749470Crash in _sk_gather_bgra_avx-2017-11-08
749895Stack-buffer-overflow in add_aa_span-2017-11-08
750016Heap-use-after-free in blink::LayoutTableSection::RowHasVisibilityCollapse-2017-11-08
750070Use-of-uninitialized-value in SkTHashTable<SkGlyph, SkPackedGlyphID, SkGlyph::HashTraits>::Slot::empty-2017-11-08
750072Use-of-uninitialized-value in SkPackedID::operator==-2017-11-08
750071Use-of-uninitialized-value in tt_glyph_load-2017-11-08
750416Stack-use-after-return in saturated_add-2017-11-08
750438Stack-buffer-overflow in add_aa_span-2017-11-08
751055Stack-use-after-return in MaskSuperBlitter::blitH-2017-11-08
751358CHECK failure: heap()->InToSpace(object) in mark-compact.cc-2017-11-08
751278Crash in v8::internal::VerifyPointersVisitor::VisitPointers-2017-11-08
714401Security: NtQueryValueKey may not return null-terminated string-2017-11-07
748362Security: Heap-use-after-free in ViewCacheHelper-2017-11-07
750420Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-07
750435Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::EndNode<>;blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm-2017-11-05
750440Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::V8PerContextData::CreateWrapperFromCacheSlowCase;blink::V8PerContextData::CreateWrapperFromCache-2017-11-05
734278Null-dereference READ in gpu_angle_passthrough_fuzzer-2017-11-04
743082CHECK failure: args[0]->IsJSPromise() in runtime-promise.cc-2017-11-04
731138Heap-double-free in celt_header-2017-11-03
739621Security: Address bar spoof (repro Issue 648117)$5002017-11-03
742380Heap-double-free in ogg_read_close-2017-11-03
748942Use-of-uninitialized-value in cc::PaintOpReader::Read-2017-11-03
749703Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock-2017-11-03
749898Crash in blink::ImageData::CropRect-2017-11-03
748069Crash in Append-2017-11-02
748539CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d-2017-11-02
748695Security: overly permissive policy for dbus services owned by chrome process-2017-11-02
748856Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock-2017-11-02
696729Incorrect-function-pointer-type in _hb_blob_destroy_user_data-2017-11-01
734559Security: ChromeOS PPD Import Check Buffer Overflow$10002017-11-01
739677Security DCHECK failure: i < length_ in StringImpl.h-2017-11-01
740591Function expressions in initializers of for-of/in loops are incorrectly scoped-2017-11-01
745130Use-of-uninitialized-value in update_current_folder_get_info_cb-2017-11-01
748426CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc-2017-11-01
748464Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748465Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748466Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748469Use-of-uninitialized-value in cc::LayerTreeHostImpl::SetContentHasNonAAPaint-2017-11-01
735912Security: Use-after-free in CPDFSDK_PageView::DeleteAnnot (XFA)$30002017-10-31
747979DCHECK failure in !IsInplaceGeneralizableField(details.constness(), details.representation(), desc-2017-10-31
747995Security: WebAssembly signature map is racy-2017-10-31
539018the risk of the "auto-download" feature on Google Chrome-2017-10-30
746835Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback-2017-10-30
746946Security: Chrome Type Confusion leads to Code Execution-2017-10-30
747374CHECK failure: #38:JSStackCheck should be followed by IfSuccess/IfException, but is only follow-2017-10-30
724785CrOS: CVE-2017-0627 - Vulnerability reported in Linux kernel - UVC driver-2017-10-28
730446Heap-buffer-overflow in sbr_x_gen-2017-10-28
739147Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset-2017-10-28
746769Use-after-poison in blink::CSSPropertyAnimationUtils::ConsumeAnimationShorthand-2017-10-28
747188CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc-2017-10-28
737023Security: Use-after-free in ResetPDFWindow();$50002017-10-27
744584Fatal error in ../../v8/src/compiler/representation-change.cc, line 1055$30002017-10-27
747154CHECK failure: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow-2017-10-27
747359DCHECK failure in pending_layout_change_object_ == nullptr || pending_layout_change_object_ == obj-2017-10-27
719835Heap-use-after-free in blink::VisualRectForDisplayItem$25002017-10-26
737384Incorrect-function-pointer-type in getManagedStaticMutex-2017-10-26
742659Use-of-uninitialized-value in v8::internal::WasmSharedModuleData::is_asm_js-2017-10-26
743614CrOS: CVE-2017-11176: Vulnerability reported in Linux kernel-2017-10-26
746073Container-overflow in CFX_SAXReaderHandler::OnTagEnter-2017-10-26
746223Unknown exception in RaiseException-2017-10-26
674577extensions: match_patterns not matching FQDN with trailing dot-2017-10-25
740022Crash in _sk_byte_tables_avx-2017-10-25
745844CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat-2017-10-25
740784CHECK failure: dependent_code()->IsEmpty(DependentCode::kPrototypeCheckGroup) in objects-debug.-2017-10-24
743106Global-buffer-overflow in SkImageInfo::unflatten-2017-10-24
743622DCHECK failure in HasLength() in shared-function-info-inl.h-2017-10-24
744292DCHECK failure in __isolate__->has_pending_exception() in runtime-module.cc-2017-10-24
744700Crash in Relaxed_Load-2017-10-24
743301CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i-2017-10-23
723158CHECK failure: IrOpcode::kFrameState == state->op()->opcode() in instruction-selector.cc-2017-10-22
740166Crash in __crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_ou$35002017-10-22
740426Heap-buffer-overflow in gl::Texture::getWidth-2017-10-22
740776Security: BroadPwn bug on Broadcom WiFi chipsets (CVE-2017-9417)-2017-10-22
740603Security: heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels$50002017-10-22
741750[wasm] Signature confusion in function table import/export/init-2017-10-22
742346DCHECK failure in target->constructor_or_backpointer() == map in mark-compact.cc-2017-10-22
742381DCHECK failure in maybe_transition->elements_kind() != transition_elements_kind in objects.cc-2017-10-22
742967CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel-2017-10-22
735279Crash in avx::memset32-2017-10-19
738763CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat-2017-10-19
740803Security: Use After Free in v8$30002017-10-19
741604Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp;call_init;call_init-2017-10-19
481202Security: BoringSSL ecdsa_sign_setup timing leak in the inversion of k-2017-10-19
736633Use-after-poison in v8::internal::compiler::InstructionSelector::EmitTableSwitch-2017-10-18
740710Security: service_manager{client_process} Capability Not Properly Enforced-2017-10-18
741078CHECK failure: map->IsMap() in spaces.cc-2017-10-18
724093Security: Multiple flaws relating to stack/heap clash attacks-2017-10-17
735419Multiple Security vulnerabilities in OpenVPN-2017-10-17
736133Heap-use-after-free in CFX_FaceCache::~CFX_FaceCache-2017-10-17
738228Matrix attributes are not bounds-checked-2017-10-17
740325CHECK failure: is_api_object in objects.cc-2017-10-17
736195Heap-buffer-overflow in SkiaState::ClipRestore-2017-10-16
736574Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading-2017-10-16
740199CHECK failure: Smi::IsValid(value) in objects.h-2017-10-16
740509CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed(INCLUDE_DEFERRE-2017-10-16
736907Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2017-10-14
734245Crash in void LoadImageRow<-2017-10-13
734328CrOS: CVE-2017-0651: Vulnerability reported in Linux kernel-2017-10-13
736357Security: Credential Manager API origin confusion-2017-10-13
737932CrOS: CVE-2017-1000364: Vulnerability reported in Linux kernel-2017-10-13
738652Heap-use-after-free in cc::Display::~Display-2017-10-13
738596Heap-use-after-free in blink::Text::TextLayoutObjectIsNeeded-2017-10-13
738952Null-dereference READ in MemoryRead<unsigned-2017-10-13
739186Crash in MemoryRead<unsigned-2017-10-13
739190Security: use-of-uninitialized-value in SkPathMeasure::distanceToSegment$10002017-10-13
737315Effective TLD wildcarding for ExtensionSettings not working-2017-10-12
738682Use-of-uninitialized-value in SkShaderBase::Context::Context-2017-10-12
738746Use-of-uninitialized-value in SkMatrix::postConcat-2017-10-10
735884CrOS: CVE-2017-1000380: Vulnerability reported in Linux kernel-2017-10-08
737530CrOS: CVE-2017-1000365: Vulnerability reported in Linux kernel-2017-10-08
737534CrOS: CVE-2017-9605: Vulnerability reported in Linux kernel-2017-10-08
737889Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed-2017-10-08
738703Wild-access in blink::Text::TextLayoutObjectIsNeeded-2017-10-08
737877Crash in v8::internal::Invoke-2017-10-07
772194Heap-use-after-free in base::internal::WeakReference::is_valid-2017-10-06
732407Incorrect-function-pointer-type in hb_font_destroy-2017-10-06
733940Security: Form field validation bubbles can appear after navigating to another origin$5002017-10-06
736639Unknown-crash in es2::VertexDataManager::writeAttributeData-2017-10-05
736943Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::DispatchTraceWrappers;blink::TraceTrait<blink::Modulator>::TraceMarkedWrapper-2017-10-05
737069Security: Heap-buffer-overflow in v8::wasm$10002017-10-05
737529Heap-buffer-overflow in chrome_pdf::PDFiumEngine::OnMouseUp-2017-10-05
669751Security: Potential integer overflow in memory allocation expression in TerminatedArray-2017-10-04
725975Heap-buffer-overflow in copyFTBitmap-2017-10-04
737100Heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState-2017-10-04
737104CHECK failure: entry.code_offset >= 0 in source-position-table.cc-2017-10-04
722847Crash in gldMergeScanlines2x2-2017-10-03
736567CHECK failure: MachineRepresentation::kNone == input_info->representation() in simplified-lower-2017-10-03
736588Heap-buffer-overflow in SkiaState::AdjustClip-2017-10-03
736621CHECK failure: is_neuterable() in objects.cc-2017-10-03
736624Bad-cast to gl::Surface from egl::PBufferSurface;es2::Context::makeCurrent;egl::MakeCurrent-2017-10-03
731669Security: bypassing CORS by XHR + MemoryCache + ServiceWorker (Ver 2)-2017-10-02
732779CSP script-sample and report-uri together with Embedded Enforcement is harmful$5002017-10-02
736233Heap-use-after-free in (unknown)-2017-10-01
704132CHECK failure: size_ <= capacity_ in identity-map.cc-2017-09-30
728654CHECK failure: backing_store_[index++] == static_cast<uint32_t>(name->length()) in preparsed-sc-2017-09-30
733548Chrome broker PP_Instance overwrite in IPC handler OnMsgDidCreateInProcessInstance-2017-09-30
733549Chrome sandbox escape due to use of invalid PP_Instance in IPC handler OnMsgDidDeleteInProcessInstance$50002017-09-30
734016CrOS: Vulnerability reported in net-fs/samba-2017-09-29
735718Use-of-uninitialized-value in webrtc::FuzzAudioProcessing-2017-09-29
422987Security: AppCache FALLBACK should be limited to sub-paths of manifest directory-2017-09-28
718676Security: Potential HTTPS downgrade attacks by abusing WWW mismatch redirect-2017-09-28
726072Enlarge stack guard gap in Linux kernel-2017-09-28
734109Heap-buffer-overflow in (unknown)-2017-09-28
735771Heap-use-after-free in v8::internal::WasmSharedModuleData::is_asm_js-2017-09-28
728992Heap-use-after-free in CFX_UnownedPtr<CPDF_ShadingPattern>::ProbeForLowSeverityLifetimeIssue-2017-09-27
732200Heap-use-after-free in blink::LayoutText::SetText-2017-09-27
733146Bad-cast to blink::LayoutObject from invalid vptr;blink::LayoutText::SetText;blink::LayoutTextFragment::SetTextFragment-2017-09-27
733254Heap-buffer-overflow in indexed_db::mojom::DatabaseStubDispatch::Accept-2017-09-27
734108CHECK failure: !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h-2017-09-27
734348Heap-use-after-free in blink::LayoutQuote::DetachQuote-2017-09-27
550017Security: Modal dialogs overlaying Fullscreen permission dialog$30002017-09-26
733467Use-after-poison in blink::HTMLSlotElement::LazyReattachDistributedNodesIfNeeded-2017-09-26
734344Use-of-uninitialized-value in base::Pickle::WriteData-2017-09-26
729597Null-dereference READ in heap-2017-09-25
729105Security: Mac-only URL bar spoofing via HTTPS error interstitial?$5002017-09-24
722261Security: RSA key generation weakness in certain TPM models-2017-09-23
732597Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-09-23
733245Crash in InvalidParameter - util::printd calling wcsftime-2017-09-23
733283Bad-cast to blink::ResourceFinishObserver from invalid vptr;blink::NotifyFinishObservers;base::internal::Invoker<base::internal::BindState<void-2017-09-23
733507Use-after-poison in base::internal::FunctorTraits<void-2017-09-23
733829Crash in blink::FontCache::CrashWithFontInfo-2017-09-23
727077Security DCHECK failure in value.IsIdentifierValue() in CSSIdentifierValue.h-2017-09-22
732039Security: Use-after-free in CPDFSDK_WidgetHandler::OnLoad$30002017-09-22
732051Security: UAF in CFFL_FormFiller::GetPDFWindow()$30002017-09-22
732322Use-after-free in CFFL_InteractiveFormFiller::OnFormat$30002017-09-22
733218Bad-cast to blink::HTMLElement from blink::SVGSVGElement;blink::FocusController::NextFocusableElementInForm;blink::InputMethodController::TextInputFlags-2017-09-22
616670Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline-2017-09-21
731629Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-21
731351Crash in v8::internal::Invoke-2017-09-21
732533Global-buffer-overflow in GuessSizeForVSWPrintf-2017-09-21
733059CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea-2017-09-21
733118CHECK failure: 0 != hash_ in hash-table.h-2017-09-21
733163Heap-use-after-free in v8::internal::wasm::AsyncCompileJob::DecodeModule::Run-2017-09-21
733282Crash in blink::FocusController::NextFocusableElementInForm-2017-09-21
733491Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine-2017-09-21
729041Heap-use-after-free in CPWL_Wnd::Destroy-2017-09-20
729957Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-09-20
732409Use-after-poison in void blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<blink::LocalFrameV-2017-09-20
730171Security: Crash in WTF::ArrayBufferContents::FreeMemory()-2017-09-19
732031CrOS: Vulnerability reported in net-fs/samba-2017-09-19
732169Ill in v8::internal::TranslatedState::MaterializeCapturedObjectAt-2017-09-19
729298Use-of-uninitialized-value in blink::StringResourceBase::~StringResourceBase-2017-09-18
728984CrOS: CVE-2017-9074: Vulnerability reported in Linux kernel-2017-09-16
729383Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-09-16
729979Near homograph URL Spoofing with Arabic$10002017-09-16
731495CHECK failure: args[0]->IsString() in runtime-strings.cc-2017-09-16
728559CrOS: CVE-2017-9077: Vulnerability reported in Linux kernel-2017-09-15
728560CrOS: CVE-2017-9242: Vulnerability reported in Linux kernel-2017-09-15
728986CrOS: CVE-2017-9076: Vulnerability reported in Linux kernel-2017-09-15
728985CrOS: CVE-2017-9075: Vulnerability reported in Linux kernel-2017-09-15
730297Security DCHECK failure in !root_parent->IsSVGElement() || !ToSVGElement(root_parent) ->elements_with_relat-2017-09-15
731105Crash in sw::Renderer::taskLoop (SwiftShader)-2017-09-15
677933Security: Symlinks allow arbitrary file access to chronos-accessible file system locations via file://-2017-09-14
728887Security: IndexedDB OpenCursor UaF$100002017-09-14
729147CHECK failure: (materialized) != nullptr in bytecode-register-optimizer.cc-2017-09-14
729991Security: Information Disclosure Issue in v8::wasm$40002017-09-14
730429Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::MachineOperatorGlobalCache::LoadAnyTaggedOperator;OpParameter<v8::internal::compiler::FrameStateInfo>;OpParameter<v8::internal::compiler::FrameStateInfo>-2017-09-14
730253CHECK failure: 1 == OperatorProperties::GetFrameStateInputCount(node->op()) in node-properties.-2017-09-14
730854Use-of-uninitialized-value in v8::internal::compiler::StateValuesAccess::size-2017-09-14
722126Security: Chrome ᴏꜱ buffer overflow in mount.exfat-fuse after a call to malloc(0)$30002017-09-13
728094CrOS: Vulnerability reported in sys-libs/zlib-2017-09-13
728983Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-13
728756CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea-2017-09-13
728987CrOS: Vulnerability reported in sys-libs/zlib-2017-09-13
728998Use-of-uninitialized-value in libnss3.so-2017-09-13
729302Use-of-uninitialized-value in libglib-2.0.so.0-2017-09-13
696806Security: Allowed to set AppCache-manifest under CSP: Sandbox / Fallback on full origin$20002017-09-12
724608CHECK failure: !map->is_deprecated() in compilation-dependencies.cc-2017-09-12
727008CrOS: (CVE-2017-9150) Vulnerability reported in Linux kernel-2017-09-12
728185Security: Unknown memory corruption in HTML rendering.$5002017-09-12
728718Heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2017-09-09
716262Security: Out of Bounds write in NSS (used on ChromeOS)-2017-09-08
723796Security: data-uris can be loaded on the top frame using a (failed) server redirect followed and a history back()$5002017-09-08
724972CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSArrayBuffer()) in object-2017-09-08
725032Security: Use-after-free in IndexedDB Transactions$105002017-09-08
725743CHECK failure: interrupt_address == isolate->builtins()->InterruptCheck()->entry() in full-code-2017-09-08
726716Heap-use-after-free in blink::LayoutText::SetText-2017-09-08
728158Bad-cast to CXFA_Object from CXFA_FM2JSContext;CXFA_ScriptContext::ToObject;CXFA_FM2JSContext::GetObjectDefaultValue-2017-09-08
728669Heap-use-after-free in CFX_UnownedPtr<CCodec_GifModule::Delegate>::ProbeForLowSeverityLifetimeIssue-2017-09-08
724973CHECK failure: is_valid in conversions-inl.h-2017-09-07
727048Heap-use-after-free in CPWL_ScrollBar::~CPWL_ScrollBar-2017-09-07
727972Use-of-uninitialized-value in libglib-2.0.so.0-2017-09-07
727999Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary-2017-09-07
728323Heap-use-after-free in CFX_UnownedPtr<CCodec_BmpModule::Delegate>::ProbeForLowSeverityLifetimeIssue-2017-09-07
708237Security: ExternalInterface.addCallback works across isolated worlds-2017-09-06
725660[IDN Phishing] Use the "xn--fgb" character to hide the real URL: Block U+0620 on Mac only.$20002017-09-06
726067Compromised renderer can upload arbitrary files-2017-09-06
726755Heap-use-after-free in CFX_BitmapComposer::~CFX_BitmapComposer-2017-09-06
726887Heap-use-after-free in CFX_UnownedPtr<CCodec_TiffContext>::Probe-2017-09-06
727218CHECK failure: is_resolved() in ast.h-2017-09-06
727245Stack-use-after-return in CCodec_Jbig2Context::~CCodec_Jbig2Context-2017-09-06
724884Heap-use-after-free in v8::Shell::CreateRealm-2017-09-05
725226Crash in v8::internal::Invoke-2017-09-05
725865CHECK failure: (index >= 0) && (index < this->length()) in objects-inl.h-2017-09-05
727090Crash in v8::internal::Stats_Runtime_AllocateInNewSpace-2017-09-05
725884Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-03
726710Heap-use-after-free in blink::NodeListsNodeData::AddCache<blink::DocumentNameCollection>-2017-09-03
726989Heap-use-after-free in ??$insert@U?$HashMapTranslator@U?$HashMapValueTraits@U?$HashTraits@U?$pair@EPAVS-2017-09-03
681740Security: URL Spoofing (with HTTPS lock) by focusing the omnibox while changing the location hash and calling a modal dialog$10002017-09-02
725537CHECK failure: map()->is_callable() in objects-debug.cc-2017-09-02
726220Use-after-poison in blink::SVGImage::ServiceAnimations-2017-09-02
726253Heap-use-after-free in IsEmpty-2017-09-02
726299CrOS: Vulnerability reported in media-libs/tiff-2017-09-02
726503Heap-use-after-free in CPDF_Parser::SetEncryptHandler-2017-09-02
726622CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i-2017-09-02
726636Crash in v8::internal::Simulator::DecodeType2-2017-09-02
726653Stack-use-after-return in CJBig2_Context::~CJBig2_Context-2017-09-02
726728Heap-use-after-free in CPDF_ShadingPattern::~CPDF_ShadingPattern-2017-09-02
726732Heap-use-after-free in Probe-2017-09-02
726891Heap-use-after-free in CFX_UnownedPtr<CPDF_ColorSpace>::Probe-2017-09-02
726833Heap-use-after-free in CFX_UnownedPtr<CJBig2_ArithDecoder>::Probe-2017-09-02
720311CHECK failure: isolate_status.count(args.GetIsolate()) == 1 in d8.cc-2017-09-01
724606CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length()-2017-09-01
724640Heap-use-after-free in Probe-2017-09-01
725017CrOS: CVE-2017-8924 - Vulnerability reported in Linux kernel - usb edge_bulk_in_callback-2017-09-01
725018CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open-2017-09-01
725201CHECK failure: fixed_array->IsDictionary() in objects-inl.h-2017-09-01
725929Use-of-uninitialized-value in std::__1::pair<WTF::KeyValuePair<std::__1::pair<unsigned char, WTF::StringImpl*>-2017-09-01
726080NTLM implementation can have security downgraded by bad server-2017-09-01
726276Heap-use-after-free in blink::LayoutText::SetText-2017-09-01
724460Heap-use-after-free in CPDF_ImageCacheEntry::~CPDF_ImageCacheEntry-2017-08-31
725974Heap-use-after-free in blink::LayoutText::SetText-2017-08-31
592686Wrong tab goes fullscreen-2017-08-30
716995CrOS: Vulnerability reported in media-libs/freetype-2017-08-30
722130Heap-buffer-overflow in __printf_chk-2017-08-30
722639IDN URL Spoofing with TIFINAGH LETTER YAN$10002017-08-30
724768CrOS: CVE-2017-0605 - Vulnerability reported in Linux kernel - kernel trace subsystem-2017-08-30
724788CrOS: CVE-2017-0630 - Vulnerability reported in Linux kernel - trace subsystem-2017-08-30
656417Security: Omnibox scrolls RTL domains off-screen (spoofing)$10002017-08-29
721731CrOS: Vulnerability reported in Linux kernel-2017-08-29
723582CrOS: Vulnerability reported in media-libs/tiff-2017-08-29
724829<no crash state available>-2017-08-29
724893Heap-use-after-free in CFX_UnownedPtr<IJS_EventContext>::~CFX_UnownedPtr-2017-08-29
724892Heap-use-after-free in CFX_UnownedPtr<CXFA_PDFFontMgr>::~CFX_UnownedPtr-2017-08-29
724960Container-overflow in CFX_UnownedPtr<unsigned char const>::Probe-2017-08-29
724637Bus in CGifLZWDecoder::AddCode-2017-08-28
697394CrOS: Vulnerability reported in media-libs/libpng-2017-08-26
697890Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-26
702030Security: chronos user local file read (ImageBurner)-2017-08-26
716803Use of an invalid mutex in pthread_mutex_unlock-2017-08-26
723625Use-of-uninitialized-value in CPDF_CMap::GetNextChar-2017-08-26
724405Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe-2017-08-26
724500Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe-2017-08-26
722756Type Confusion In Chrome Lead to RCE$75002017-08-25
723802Ill in v8::internal::compiler::Verifier::Visitor::Check-2017-08-25
723644Heap-use-after-free in ~CFX_UnownedPtr-2017-08-25
724021CrOS: Vulnerability reported in Linux kernel-2017-08-25
618021Use-of-uninitialized-value in u_strToUTF8WithSub_56-2017-08-24
654173Security: PDFium (XFA) Heap Buffer Overflow in CGifLZWDecoder::AddCode-2017-08-24
722124Use-of-uninitialized-value in u_strToUTF8WithSub_59-2017-08-24
722785CrOS: Vulnerability reported in Linux kernel-2017-08-24
723503Security: Mismatched Origin Display in WebUSB and WebBluetooth Permissions Dialogs$5002017-08-24
724022CrOS: Vulnerability reported in dev-libs/openssl-2017-08-24
722071Heap-buffer-overflow in PackBitsDecode-2017-08-23
710400Permission Prompt not correctly dismissed on top window navigation-2017-08-22
721579Security: FLAG_SECURE not used on Android for credit cards pre-fills-2017-08-22
721988Security: Heap-use-after-free in payments::`anonymous namespace'::SheetView::RequestFocus$5002017-08-22
722115Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-22
711505Security: Attacker Can Control Cookies in Chrome-2017-08-21
722027CrOS: Vulnerability reported in Linux kernel-2017-08-21
722026CrOS: Vulnerability reported in Linux kernel-2017-08-21
721925Security: Linux kernel CVE-2017-7895-2017-08-20
698693Use-of-uninitialized-value in base::internal::JSONParser-2017-08-19
719199Security: disallow "Canadian Syllabics" unicode block from IDN domains$10002017-08-19
721789<no crash state available>-2017-08-19
658599Heap-use-after-free in blink::HTMLMediaElement::startPlayerLoad-2017-08-18
695830Security: release assert trigger in pdfium-2017-08-18
716510Use-after-poison in void blink::FrameView::forAllNonThrottledFrameViews<blink::FrameView::updateLife-2017-08-18
718946URL Spoofing when access to initial document is not reported to browser process-2017-08-18
721624Use-of-uninitialized-value in run_analysis-2017-08-18
663991Security: sdcardfs stack overflow potentially leading to kernel code execution-2017-08-17
711772Subframe navigations can be used to add domains to history-2017-08-17
714849Security: Field validation bubbles can appear over the wrong tab with using print()-2017-08-17
718526Security: depthcharge write_sparse_image potential oob reads-2017-08-17
720351Use-of-uninitialized-value in gif_decode_extension-2017-08-17
698082Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-16
714196Security: Domain spoofing thanks to U+0F8C rendered as 'space' on Mac$20002017-08-16
718498Bad-cast to CXFA_ContainerLayoutItem from CXFA_FFSubForm;CXFA_LayoutPageMgr::MergePageSetContents;CXFA_LayoutPageMgr::SyncLayoutData-2017-08-16
719291Stack-buffer-overflow in sw::Nucleus::createConstantVector-2017-08-16
719720Stack-buffer-overflow in libGLESv2_swiftshader-2017-08-16
714440Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor-2017-08-15
717476Security: Chrome PaymentRequestAPI Payment-Origin Spoof-2017-08-15
677817Security: crosh shell sandbox escape-2017-08-12
709327Security: Crash in blink::ThreadHeap::isHeapObjectAlive-2017-08-12
708819Security: Heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing$5002017-08-12
714580Crash in v8::internal::Invoke-2017-08-12
716713Container-overflow in SkSL::Compiler::addDefinitions$15002017-08-12
717935Use-of-uninitialized-value in approx_log2-2017-08-12
718977Crash in v8::internal::ScavengingVisitor<1,1>::EvacuateObject<1,0>-2017-08-12
670296Heap-buffer-overflow in v8::internal::Simulator::DecodeType3-2017-08-11
705385Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-08-11
718104Use of an invalid mutex in pthread_mutex_unlock-2017-08-11
713440Security: mixed content in <picture> isn't blocked-2017-08-10
716311Heap-buffer-overflow in SkSpecularLightingImageFilter::onFilterImage$10002017-08-10
717891Ill in v8::internal::ParserBase<v8::internal::Parser>::ParseClassPropertyDefinition-2017-08-10
686128Use-of-uninitialized-value in CRYPT_ArcFourSetup-2017-08-09
712163Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-08-09
713998Heap-buffer-overflow in CXFA_Object::IsNode-2017-08-09
716474Security: Use-after-poison in blink::FrameView::AdjustMediaTypeForPrinting$20002017-08-09
716706Stack-buffer-overflow in CFX_WideString::CFX_WideString-2017-08-09
716936Use-after-poison in v8::internal::wasm::ThreadImpl::Push-2017-08-09
716945Heap-use-after-free in blink::AudioBus::Zero$35002017-08-09
717056Ill in v8::internal::wasm::ErrorThrower::Reify-2017-08-09
717641Security: Fix ghostcript bug-2017-08-09
717845Use-after-poison in blink::LocalFrame::DomWindow-2017-08-09
716954Use-of-uninitialized-value in approx_log2-2017-08-07
485550Security: URL Spoof with link in pdf and slow url$20002017-08-05
712459Heap-use-after-free in blink::EventHandler::SelectAutoCursor$15002017-08-05
713190Heap-use-after-free in blink::LayoutBox::findAutoscrollable-2017-08-05
714311Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::ApplyStyleCommand::applyRelativeFontStyleChange;blink::ApplyStyleCommand::doApply$35002017-08-05
714442Security: Navigation from http: to file: etc. is possible (Android)-2017-08-05
716519Heap-use-after-free in CFX_WideString::operator-2017-08-05
707549Heap-use-after-free in printing::PrintWebViewHelper::RenderPageContent$30002017-08-04
709417Security: RTL character in URL flips domain and path (Android 4.2 and earlier)$30002017-08-04
715454Use-after-poison in v8::internal::wasm::ThreadImpl::DoStackTransfer-2017-08-04
716207Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy-2017-08-04
716266Use-of-uninitialized-value in approx_log2-2017-08-04
702041Crash in bilinear_interpol-2017-08-03
713545Use-of-uninitialized-value in blink::Notification::PrepareShow-2017-08-03
714819Heap-use-after-free in v8_inspector::V8InspectorSessionImpl::breakProgram-2017-08-03
715506CrOS: Vulnerability reported in app-admin/sudo-2017-08-03
715582Security: Out of bound read in FindSharedFunctionInfo (V8)$30002017-08-03
715883Heap-use-after-free in net::HttpCache::Transaction::DoCacheReadData-2017-08-03
715018Heap-use-after-free in views::View::RemoveObserver-2017-08-02
715201Global-buffer-overflow in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-08-02
715220Heap-buffer-overflow in v8::internal::TranslatedState::CreateNextTranslatedValue-2017-08-02
715218Heap-buffer-overflow in v8::internal::PreParsedScopeData::RestoreData-2017-08-02
715408Heap-buffer-overflow in PackBitsDecode-2017-08-02
672008Security: Extension's verification bypass-2017-08-01
678776Security: Content-Security-Policy reporting leaks the URL fragment$20002017-08-01
711889Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-08-01
713515Bad-cast to media::MediaLog from invalid vptr;media::LogHelper::~LogHelper;media::ADTSStreamParser::ParseFrameHeader-2017-08-01
714074Use-of-uninitialized-value in CPDF_PatchDrawer::Draw-2017-08-01
714426Heap-buffer-overflow in interp_lut-2017-08-01
714974Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy-2017-08-01
714980Use-of-uninitialized-value in approx_log2-2017-08-01
713686Security: Field validation bubbles can appear over the wrong tab$5002017-07-31
714003Crash in v8::internal::Invoke-2017-07-29
679306WebRTC crash (?) on appear.in$5002017-07-28
711020Security: DoCanonicalizeMailtoURL() fails to canonicalize characters leading to command injection$10002017-07-28
711260Use-of-uninitialized-value in CFX_SAXReader::ParseChar-2017-07-28
713651Heap-buffer-overflow in interp_lut-2017-07-28
711609Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::PrePaintTreeWalkContext::PrePaintTreeWalkContext;blink::PrePaintTreeWalk::Walk-2017-07-27
711638CrOS: Vulnerability reported in media-libs/tiff-2017-07-27
712624Stack-buffer-overflow in sw::Nucleus::createConstantVector-2017-07-27
712752Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect-2017-07-27
712639Stack-buffer-overflow in libGLESv2_swiftshader-2017-07-27
712839Heap-use-after-free in blink::LayoutBoxModelObject::hasSelfPaintingLayer-2017-07-27
712907Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-07-27
712910Use-after-poison in v8::internal::compiler::Node::AppendUse-2017-07-27
713175Stack-buffer-overflow in IntersectSides-2017-07-27
713184Heap-buffer-underflow in SkiaState::ClipRestore-2017-07-27
713330Heap-buffer-overflow in CFX_ClipRgn::IntersectMaskRect-2017-07-27
713336Heap-use-after-free in content::BlinkTestController::~BlinkTestController-2017-07-27
713472Crash in v8::internal::Invoke-2017-07-27
713453Use-of-uninitialized-value in parametric-2017-07-27
713473Heap-buffer-overflow in load_rgb_from_tables<0>-2017-07-27
711936Heap-buffer-overflow in GrBufferAllocPool::putBack-2017-07-26
711895Heap-buffer-overflow in read_big_endian_u32-2017-07-26
712835Crash in CFX_ImageTransformer::Continue-2017-07-26
702920Use-of-uninitialized-value in SkConic::evalAt-2017-07-25
706207Use-of-uninitialized-value in blink::Notification::prepareShow-2017-07-25
711459Use-of-uninitialized-value in CFX_ByteString::Compare-2017-07-25
702884Crash in sk_memset32-2017-07-24
704448Use-of-uninitialized-value in SkRect::setBoundsCheck-2017-07-24
704568Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading-2017-07-24
705193Stack-use-after-return in CFX_Font::GetFace-2017-07-24
705783Use-of-uninitialized-value in SkPath::operator=-2017-07-24
705821Use-of-uninitialized-value in SkPath::operator=-2017-07-24
711929Use-of-uninitialized-value in CFGAS_TextStream::InitStream-2017-07-23
703757Security: cherry-pick PDFium tiff security fixes to the Chrome OS tiff repo.-2017-07-22
706349CrOS: Vulnerability reported in media-libs/tiff-2017-07-22
710403CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-07-22
711876Heap-use-after-free in ScopedObserver<OmniboxPopupModel, OmniboxPopupModelObserver>::~ScopedObserver-2017-07-22
711890Global-buffer-overflow in GuessSizeForVSWPrintf-2017-07-22
711068Negative-size-param in sfntly::MemoryByteArray::InternalGet-2017-07-21
707071Security: getInstalledRelatedApps: timing attack can leak installed status-2017-07-20
710356Use-of-uninitialized-value in LayoutTestBrowserMain-2017-07-20
711113Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-07-20
711151Use-of-uninitialized-value in CFGAS_TextStream::InitStream-2017-07-20
711204Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-07-20
700690Use-of-uninitialized-value in decode_pce-2017-07-19
700673Use-of-uninitialized-value in get_object_type-2017-07-19
701754Use-of-uninitialized-value in decode_eld_specific_config-2017-07-19
709736Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::MediaStreamVideoSource::GetCurrentFormat;content::MediaStreamVideoTrack::getSettings-2017-07-19
709749Heap-buffer-overflow in cc::EndCompositingDisplayItem const& cc::DisplayItemList::CreateAndAppendPairedE-2017-07-19
709941Heap-buffer-overflow in SkColorLookUpTable::interp3D-2017-07-19
710813Use-of-uninitialized-value in decode_pce-2017-07-19
709737Use-of-uninitialized-value in sqlite3VdbeExec-2017-07-18
709741Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2017-07-18
709738Use-of-uninitialized-value in DownloadHistory::OnDownloadUpdated-2017-07-18
744789CVE-2017-7526 gcrypt RSA side-channel-2017-07-17
702695Ill in blink::PropertyRegistration::registerProperty-2017-07-16
709784Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants-2017-07-16
708247Security: OOB access in RegExp Stubs-2017-07-15
709015Security: Possible arbitrary heap access through RegExp.prototype[@@match]-2017-07-15
706234Use-after-poison in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized-2017-07-14
707173Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::ResolutionSet::SelectClosestPointToIdealAspectRatio;content::ResolutionSet::SelectClosestPointToIdeal-2017-07-13
708383Bad-cast to CFDE_XMLElement from CFDE_XMLNode;XFA_FDEExtension_ResolveNamespaceQualifier;GetElementTagNamespaceURI-2017-07-13
708881Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2017-07-13
707479Heap-buffer-overflow in TryVSWPrintf-2017-07-12
708143[qcms] Fix overflow when reading parametric gamma curves-2017-07-12
708145[qcms] Only accept valid input ranges when reading VCGT tag-2017-07-12
707220Global-buffer-overflow in v8::internal::Simulator::DecodeType2-2017-07-11
707221Global-buffer-overflow in MemoryRead<unsigned-2017-07-11
707222Global-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-07-11
707410Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
707472Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
707537Use-of-uninitialized-value in OmniboxMetricsProvider::RecordOmniboxOpenedURL-2017-07-11
707595Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
740615Nonce stealing prevention (detecting "<script") bypass-2017-07-10
692731Heap-use-after-free in xmlAddID-2017-07-10
691726Security: Bypassing CORS restrictions using X-XSS-PROTECTION report value-2017-07-08
696623Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2017-07-08
705008Security: SEGV on unknown address 0x601ffe000c90 in SkNx_sse.h-2017-07-08
707146Stack-use-after-return in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized-2017-07-08
706244Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine-2017-07-07
706264Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine-2017-07-07
706346Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect-2017-07-07
706265Use-of-uninitialized-value in CompositeRow_Argb2Argb-2017-07-07
706396Use-of-uninitialized-value in CFX_Renderer::CompositeSpanARGB-2017-07-07
706525Crash in __tsan::CallUserSignalHandler-2017-07-07
704352Fix cross-origin security issue raised by PerformanceNavigationTiming.-2017-07-06
705938Roll libxml to e905f08123e4a6e7731549e6f09dadff4cab65bd-2017-07-06
705912Use-of-uninitialized-value in CFX_WideString::ReleaseBuffer-2017-07-06
705944Roll libxslt to ac341cbd792ee572941cc9a66e73800219a1a386-2017-07-06
705158Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>-2017-07-05
705280Use-of-uninitialized-value in sse2::blit_row_s32a_opaque-2017-07-05
705736Use-of-uninitialized-value in SkPath::isRectContour-2017-07-05
648117Security: Address bar spoof with location.replace()$5002017-07-04
704560Security: Form field validation bubbles can appear over the wrong tab$5002017-07-04
705131Heap-use-after-free in CFX_DIBitmap::PreMultiply-2017-07-04
703537CVE Vulnerability of lib expat 2.1.0-2017-07-03
693338Security: Heap-use-after-free in v8_inspector::protocol::Runtime::Frontend::consoleAPICalled-2017-07-01
693974Corrupted memory use in blink::visualRectForDisplayItem$10002017-07-01
705157Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion-2017-07-01
686253Security: Cross-origin pixel reading and history sniffing via SVG filter timing attack$20002017-06-30
637228Heap-buffer-overflow in big2_toUtf8-2017-06-30
640574(expat) Use-of-uninitialized-value in little2_nameMatchesAscii-2017-06-30
692378CSP bypass in domain "chrome://" via.bookmark?-2017-06-30
702934Heap-use-after-free in cr_png_set_longjmp_fn$35002017-06-30
704834Heap-buffer-overflow in SkiaState::ClipRestore-2017-06-30
703170Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants-2017-06-29
703397Heap-buffer-overflow in load_rgb_from_tables<Order::kRGBA_Order>-2017-06-29
703508Heap-buffer-overflow in gl::Framebuffer::getDrawBufferState-2017-06-29
703832Bad-free in gpu::MemoryBufferBacking::~MemoryBufferBacking-2017-06-29
703861Heap-buffer-overflow in gpu::gles2::SizedResult<unsigned int>::SetNumResults-2017-06-29
181623Security: Prevent url spoofing that relies on the omnibox being narrow-2017-06-28
702138CrOS: Vulnerability reported in dev-libs/libpcre-2017-06-28
702982Bad-cast to const DOMUint8ClampedArray' (aka 'const DOMTypedArray<WTF::Uint8ClampedArray, v8::Uint8ClampedArray>') from blink::DOMTypedArray<WTF::Uint16Array, v8::Uint16Array>;blink::ImageData::ImageData;blink::ImageData::createImageData-2017-06-28
700330CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-06-27
700836Security: SEGV on unknown address 0x7f9b9b71c828 in (anonymous namespace)::PixelAccessor$10002017-06-27
703395Heap-use-after-free in sqlite3DeleteTable-2017-06-27
698622UaF outside the sandbox (Print in onunload)$93372017-06-24
702058Security: ZDI-CAN-4587 - chrome OOB read (pwn2own 2017)-2017-06-24
689931CrOS: Vulnerability reported in media-libs/tiff-2017-06-23
694382Security: Heap-use-after-free in PrintPreviewHandler::HandleGetPreview$20002017-06-23
699166Security: heap-buffer-overflow hashtable.$30002017-06-23
701132Security: Username/password information for other people available on my account-2017-06-22
695826Security: type confusion in JSPropGetter of pdfium$30002017-06-21
697486Security: Heap-use-after-free in UsbChooserController::DisplayDevice$50002017-06-21
698151Use-of-uninitialized-value in net::HttpNetworkSession::SetServerPushDelegate-2017-06-21
700576Bad-cast to CFX_DIBitmap from invalid vptr;CCodec_ProgressiveDecoder::ReSampleScanline;CCodec_ProgressiveDecoder::BmpReadScanline-2017-06-21
701616Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::SVGString::calculateAnimatedValue;blink::SVGAnimateElement::calculateAnimatedValue-2017-06-21
699819Use-after-poison in blink::ExecutionContext::isContextDestroyed-2017-06-20
698455Heap-use-after-free in blink::LayoutBlockFlow::addOverhangingFloats-2017-06-19
700578Use-of-uninitialized-value in XSetWMSizeHints-2017-06-17
675450Use-of-uninitialized-value in gl::GPUTimingImpl::DoTimeStampQuery-2017-06-16
690821Security: Chrome accepts a certificate whose signature algorithms identifiers are different without any warning$5002017-06-16
672175Crash in libgobject-2.0.so.0-2017-06-15
698593Heap-use-after-free in _gdk_window_process_updates_recurse-2017-06-15
662767Security: LayoutBlock Security DCHECK FAILED$10002017-06-14
672847Security: Address spoofing when switching away from tab and back$20002017-06-14
694067Security: Out-Of-Bound read in Flash PCRE (regex engine)$20002017-06-14
698927Security: Tab Crash is seen on closing chooser bubbles (USB/Bluetooth)$5002017-06-14
699105Bad-cast to cc::PaintRecord from SkMiniPicture<SkRecords::DrawRect>;blink::GraphicsContext::endRecording;blink::DrawingRecorder::~DrawingRecorder-2017-06-14
619376Crash in mojo::InterfacePtr<media::mojom::blink::ImageCapture>::reset-2017-06-13
697847Security: heap-buffer-overflow in FlateUncompress$10002017-06-13
698141Heap-buffer-overflow in blink::readVersionEnvelope-2017-06-12
698497Use-of-uninitialized-value in v8::internal::compiler::NodeCache<int, v8::base::hash<int>, std::__1::equal_to<i-2017-06-12
698166Heap-use-after-free in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue-2017-06-12
698503Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant-2017-06-12
697859Stack-buffer-overflow in uloc_setKeywordValue_58-2017-06-09
695950Heap-use-after-free in blink::LayoutBlockFlow::determineStartPosition-2017-06-08
696918Heap-buffer-overflow in copyFTBitmap-2017-06-08
697191Use-of-uninitialized-value in v8::internal::wasm::LEBHelper::write_i32v-2017-06-08
697380Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant-2017-06-08
697530Crash in v8::internal::JSArrayBuffer::cast-2017-06-08
697532Crash in v8::internal::IsOutOfBoundsAccess-2017-06-08
697534Crash in v8::internal::JSArrayBufferView::WasNeutered-2017-06-08
667032Heap-buffer-overflow in bmp_decode_rle4-2017-06-07
675155Bad-cast to CFX_DIBitmap from invalid vptr;XFACodecFuzzer::Fuzz;_start-2017-06-07
680883Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-06-07
681908Use-of-uninitialized-value in FPDFAPI_inflate-2017-06-07
686434Heap-buffer-overflow in ps_table_add-2017-06-07
687062Memcpy-param-overlap in BDF_Face_Init-2017-06-07
688086Use-of-uninitialized-value in base::internal::JSONParser::ConsumeNumber-2017-06-07
693942Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-06-07
694098Stack-use-after-scope in SkGradientShaderBase::commonAsAGradient-2017-06-07
694566Security: Crash with es6 modules and unresolvable cyclic export with export*-2017-06-07
696251Heap-buffer-overflow in v8::internal::Invoke$15002017-06-07
697269Heap-buffer-overflow in ps_table_add-2017-06-07
688104Stack-use-after-scope in ui::AXTree::DestroyNodeAndSubtree-2017-06-04
688876Crash in v8::internal::Invoke-2017-06-04
696090Heap-buffer-overflow in BilinearInterpFloat-2017-06-04
688655Use-of-uninitialized-value in ogg_find_codec-2017-06-03
690219Use-of-uninitialized-value in amr_read_header-2017-06-03
642691Adobe Flash Player NetStream Use-After-Free Remote Code Execution Vulnerability$30002017-06-02
678235Use-of-uninitialized-value in EvalSegmentedFn-2017-06-02
688425Security: www.google.fr marked as "secure" with a Microsoft SSL certificate$30002017-06-02
693096Use-of-uninitialized-value in base::time_internal::SaturatedAdd-2017-06-02
668724Security: Out of Bound Write/Invalid Pointer Write while parsing PDF$30002017-06-01
675617Heap-buffer-overflow in TetrahedralInterpFloat-2017-06-01
670457Security: [FG-VD-16-088] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability$10002017-05-30
691323Security: Information Leak in Array indexOf$20002017-05-30
688987Security: Heap Buffer OverFlow Vulnerability in Skia$10002017-05-28
692761Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::GetHelper-2017-05-28
692443Use-of-uninitialized-value in blink::LayoutBoxModelObject::hasSelfPaintingLayer-2017-05-28
693072Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::HandleGetBooleanv-2017-05-28
690775Security: Heap-use-after-free in ShareServiceImpl::OnPickerClosed$30002017-05-26
692274Incorrect-function-pointer-type in gl::InitializeANGLEPlatform-2017-05-26
594004Security: Adobe Flash Player PSDK Use After Free Vulnerability$50002017-05-25
620961Security: Adobe Flash MediaPlayerItemLoader.addEventListener Use After Free$30002017-05-25
620966Security: Adobe Flash MemoryProtector Heap Buffer Overflow$31332017-05-25
669136Security: [FG-VD-16-086] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability$5002017-05-25
668830Security: [FG-VD-16-084] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability$5002017-05-25
690216Heap-use-after-free in gpu::gles2::Texture::AddTextureRef-2017-05-25
691278heap-buffer-overflow in fx_codec_progress.cpp in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback-2017-05-25
691339Wild-access in blink::visualRectForDisplayItem-2017-05-25
692759Use-of-uninitialized-value in gpu::gles2::TextureRef::TextureRef-2017-05-25
716044V8: OOB write in Array.prototype.map builtin-2017-05-24
690218Heap-buffer-overflow in blink::TextRun::codepointAtAndNext-2017-05-24
690875Use-of-uninitialized-value in SkPDFShader::State::operator==-2017-05-23
691538Crash in v8::internal::FixedArray::set-2017-05-23
691196Bad-cast to blink::LayoutInline from blink::LayoutSVGText;blink::LineLayoutInline::lastLineBox;blink::LayoutBlockFlow::createLineBoxes$35002017-05-21
609961unprivileged renderers can send messages to arbitrary ports-2017-05-20
689507Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId-2017-05-20
681306CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-05-19
686481Heap-use-after-free in blink::visualRectForDisplayItem-2017-05-19
688569Security: Fix all ScriptWrappables stored in a static Persistent-2017-05-19
690744Bad-cast to v8::internal::compiler::Operator1<v8::internal::DeoptimizeReason, v8::internal::compiler::OpEqualTo<v8::internal::DeoptimizeReason>, v8::internal::compiler::OpHash<v8::internal::DeoptimizeReason> > from v8::internal::compiler::CommonOperatorGlobalCache::DeoptimizeIfOperator<(v8::internal::DeoptimizeKind)0, (v8::internal::DeoptimizeReason)37>-2017-05-19
681785CrOS: Vulnerability reported in net-nds/openldap-2017-05-18
683087Heap-use-after-free in views::MenuController::Cancel-2017-05-18
684625Security: CVE-2017-0403-2017-05-18
684626Security: CVE-2017-0404-2017-05-18
690124Security: Security bug in libtiff 4.0.6-2017-05-18
690139Security: CVE-2016-8468-2017-05-18
674365libtiff security holes unpatched in Chrome OS-2017-05-17
689078Crash in memchr-2017-05-17
687614Bad-cast to blink::BasePage from invalid vptr;v8::internal::GlobalHandles::Node::MakeWeak;blink::ScriptWrappable::setWrapper-2017-05-12
687826Bad-cast to blink::BasePage from invalid vptr;blink::Document::updateStyleAndLayoutTree;blink::shouldRepaintCaret-2017-05-12
687908Bad-cast to blink::BasePage from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>-2017-05-12
687958Bad-cast to blink::BasePage from invalid vptr;blink::LocalFrame::spellChecker;blink::HTMLElement::attributeChanged-2017-05-12
677934Security: Privilege escalation via command execution in crosh / top$50002017-05-11
682135Crash in blink::WebFrameWidgetImpl::handleMouseDown-2017-05-11
687844window.external leaks the entire global object by way of the wrapper and also allows cross origin script access-2017-05-11
666229Security: Storage Manager - Memory corruption in mojo::internal::InterfacePtrState::Swap()$10002017-05-09
680409Security: Spoofing location object by overriding Symbol.toPrimitive$5002017-05-09
682570!escape_analysis_->IsVirtual(node) in escape-analysis-reducer.cc-2017-05-09
683040Use-of-uninitialized-value in Decode-2017-05-09
683211Use-of-uninitialized-value in av_malloc-2017-05-09
683406Security: UAF in WorkerThreadableLoader in Blink$30002017-05-09
685201Crash in GetCombinedHistogramEntropy-2017-05-09
686387Use-of-uninitialized-value in avio_seek-2017-05-09
683104Heap-use-after-free in blink::FloatingObject::FloatingObject-2017-05-07
683845Heap-use-after-free in layer-2017-05-06
683835Bad-cast to blink::EventTarget from blink::Bluetooth;blink::V8EventTarget::toImpl;blink::EventTargetV8Internal::addEventListenerMethodCallback-2017-05-06
684407<no crash state available>-2017-05-06
686027Crash in v8::internal::Invoke-2017-05-06
682551Global-buffer-overflow in CFDE_CSSTextBuf::GetChar-2017-05-05
683718Crash in v8::internal::FixedArray::set-2017-05-05
685579Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-05-05
678917Making long string occurs crash-2017-05-04
681300Crash in put1bitbwtile-2017-05-04
683156Security: Signed Integer Overflow in pdfium (openjpeg)-2017-05-04
683629Heap-buffer-overflow in xmlParseNameComplex-2017-05-04
684684Email Subject: ZDI-CAN-4429: New Vulnerability Report-2017-05-04
685086Crash in v8::internal::Simulator::DecodeType2-2017-05-04
685537Crash in FromAddress-2017-05-04
675209Crash in SkPixmap::erase-2017-05-03
679245Desktop web payments crash when closing a tab$5002017-05-03
679641Security: Out-of-bounds write in ChunkDemuxer (SAIO box)$30002017-05-03
679640Security: Out-of-bounds write in ChunkDemuxer (TRUN box)$30002017-05-03
679645Out-of-bounds write in ChunkDemuxer (ELST box)$30002017-05-03
679646Security: Out-of-bounds write in ChunkDemuxer (SBGP box)$10002017-05-03
679647Security: Out-of-bounds write in ChunkDemuxer (SGPD box)$10002017-05-03
679653Security: Out-of-bounds write in ChunkDemuxer (SDTP box)$10002017-05-03
681351Security: Heap-use-after-free in CPWL_Wnd::GetWindowMatrix$50002017-05-03
683773Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2017-05-03
673929Security: WebGL - Arbitrary memory read/write in GLES2Implementation::TexImage3D$20002017-05-02
680224Heap-use-after-free in blink::LayoutBox::getPaginationBreakability-2017-05-02
682673CSP bypass with * host in source expressions-2017-05-02
682873Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-05-02
682909Crash in v8::internal::StringCharacterStream::Reset-2017-05-02
682874Crash in v8::internal::wasm::GrowWebAssemblyMemory-2017-05-02
683493Stack-use-after-scope in blink::PropertyRegistry::registration-2017-05-02
683865Global-buffer-overflow in blink::BindingSecurity::shouldAllowAccessTo-2017-05-02
683533Use-of-uninitialized-value in SkOpAngle::insert$10002017-05-02
682194Security: Out-of-bounds read in V8 Array.concat$75002017-05-01
683072Bad-cast to test_runner::WebTestDelegatetest_runner::MockColorChooser::endChooser;blink::ColorChooserUIController::~ColorChooserUIController;blink::NormalPage::sweep-2017-05-01
678365Security: chronos user local file read$5002017-04-29
681843Security: Heap buffer overflow in V8 ValueDeserializer::ReadJSArrayBuffer()$55002017-04-29
615585Security: V2 apps can load web content in highly privileged app process-2017-04-28
648836Defend against long-running service workers-2017-04-28
670720Security: read heap overflow in libxslt xsltFunctionLocalTime()$5002017-04-28
677961Heap-use-after-free in base::ObserverListBase<content::MediaSessionObserver>::begin-2017-04-28
678947Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-04-28
681423Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo-2017-04-28
681350Crash in base::PersistentMemoryAllocator::AllocateImpl-2017-04-28
681369Heap-use-after-free in document-2017-04-28
681438crashed caused by a READ memory access on different addresses-2017-04-28
682020Security: WebGL - Use After Free in Buffer11::updateBufferStorage()$50002017-04-28
682100Use-after-poison in blink::ThreadHeap::popAndInvokeTraceCallback-2017-04-28
682219Heap-use-after-free in base::WaitableEvent::TimedWaitUntil-2017-04-28
642490Location Bar URL and SSL Spoofing Risk using "Confirm Form Resubmission" box and a targeted website which allow a redirect$10002017-04-27
680376Heap-buffer-overflow in CPDF_Document::FindPageIndex-2017-04-27
680941CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-04-27
681957Security: CVE-2016-8399-2017-04-27
682585Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-04-27
703750Near-homoglyph whole-script IDN spoofing-2017-04-26
558462Tracking bug for auditing-2017-04-26
558474IPC Issues: Bad DCHECKs-2017-04-26
558476PDFium audit-2017-04-26
652887Non-web-accessible extension resource can be loaded into a web renderer process-2017-04-26
669086Security: Circumvent CSP Header restrictions via about:blank$10002017-04-26
676755heap-buffer-overflow in SkPathRef::Iter::next$50002017-04-26
677738Container-overflow in void blink::TraceTrait<blink::HeapVectorBacking<blink::MediaKeySystemConfigurati-2017-04-26
677960Heap-double-free in g_error_free-2017-04-26
679649Security: potential UAF in pdfium timer$5002017-04-26
680244Heap-buffer-overflow in xmlParseNameComplex-2017-04-26
679915WebTaskRunner::postTask is thread unsafe-2017-04-26
680938Crash in v8::internal::MemoryChunk::heap-2017-04-26
681324Heap-use-after-free in ~ScopedMacroReenabler-2017-04-26
681462Heap-use-after-free in views::MenuController::SetSelection-2017-04-26
606374Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper-2017-04-25
679841Stack-buffer-overflow in v8::internal::DoubleToRadixCString$35002017-04-25
714628Security: Additional whole-script confusable domain label spoofing (Cyrillic)-2017-04-24
679098ImageLoader allows component rollbacks-2017-04-24
681420Crash in v8::internal::Invoke-2017-04-24
679484Security: CVE-2015-3288-2017-04-23
677800Multiple Linux Kernel CVE vulnerability reports-2017-04-23
616698Use-of-uninitialized-value in xmlDictLookup-2017-04-21
658194Security: Promise constructor can be used to bypass Function constructor restrictions-2017-04-21
673297[wasm] Illegal reuse of contexts-2017-04-21
675203Stack-buffer-overflow in AffixMgr::defcpd_check-2017-04-21
677716Security: Address spoofing in Omnibox with HTTPS lock$20002017-04-21
679485Security: CVE-2016-7042-2017-04-21
679490Security: CVE-2016-9754-2017-04-21
679643Security: Use after free in PDFium's Annot::name$35002017-04-21
679492Security: CVE-2014-9420-2017-04-21
680609Crash in v8::internal::Invoke-2017-04-21
680882Use-of-uninitialized-value in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-04-21
680633Crash in heap-2017-04-21
653071Use-of-uninitialized-value in TIFFReadDirectoryCheckOrder-2017-04-20
653095Use-of-uninitialized-value in TIFFReadDirectory-2017-04-20
656621Crash in put1bitbwtile-2017-04-20
667093Use-of-uninitialized-value in TIFFFillTile-2017-04-20
666973Use-of-uninitialized-value in TIFFReadDirEntryCheckedRational-2017-04-20
668851Use-of-uninitialized-value in tiff_read-2017-04-20
669035Use-of-uninitialized-value in decode_mcu_fast-2017-04-20
670928Use-of-uninitialized-value in tiff_seek-2017-04-20
676294Use-of-uninitialized-value in TIFFReadDirEntryFloatArray-2017-04-20
676975Security: Chrome webm rendering on OS X includes image artifacts from video memory$5002017-04-20
676853Use-of-uninitialized-value in FPDFAPI_inflate-2017-04-20
677047Use-of-uninitialized-value in TIFFFindField-2017-04-20
678035Security: chrome-devtools protocol allows to read the content of C:\ drive-2017-04-20
678551Use-of-uninitialized-value in chromium_jpeg_make_d_derived_tbl-2017-04-20
678461Security: PDFium OpenJPEG Use-After-Free Vulnerability$30002017-04-20
679230Use-of-uninitialized-value in TIFFFetchNormalTag-2017-04-20
679642Security: Use after free in PDFium's Field::page$30002017-04-20
680313Heap-use-after-free in v8::internal::Scope::is_function_scope-2017-04-20
662769use-after-poison content::WebURLLoaderImpl::Context::OnReceivedResponse-2017-04-19
663549Security: [FG-VD-16-075] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability$5002017-04-19
663551Security: [FG-VD-16-076] Adobe Flash Player Handling ATF Heap Overflow Vulnerability$5002017-04-19
664756Security: Crash in Adobe Flash Player (24.0.0.154)$5002017-04-19
679937Crash in v8::internal::MemoryChunk::heap-2017-04-19
678529Heap-buffer-overflow in _get_bitmap_surface-2017-04-19
712246Security: CSS :visited with mix-blend-mode can leak browser history-2017-04-19
683314Security: Whole-script confusable domain label spoofing (Cyrillic)$20002017-04-19
620679Heap-buffer-overflow in xmlDictComputeFastKey-2017-04-18
675205Heap-use-after-free in blink::visualRectForDisplayItem-2017-04-18
678706Potential execution of script inside forbidden scope in Animation-2017-04-18
669395Use-of-uninitialized-value in syncsearch-2017-04-15
675444Heap-buffer-overflow in S32_opaque_D32_filter_DX_SSSE3-2017-04-15
678962Bad-cast to safe_browsing::DownloadFileType from invalid vptr;blink::intMod;blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset-2017-04-15
667079Security: Information Leak through XSS Auditor$5002017-04-14
675109Heap-use-after-free in cc::SurfaceManager::Destroy-2017-04-14
677377Use-of-uninitialized-value in FPDFAPI_inflate_fast-2017-04-14
668138Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-04-13
675150Heap-use-after-free in app_list::TileItemView::SetSelected-2017-04-13
676884Heap-buffer-overflow in GrTextUtils::DrawBmpPosText-2017-04-13
676921Security: XSS in https://chromium-cq-status.appspot.com-2017-04-13
676886Crash in v8::internal::FixedArray::set-2017-04-13
676974Heap-use-after-free in blink::LayoutObject::visualRect-2017-04-13
653555Security: Stealing data cross domain using proxies and stealing JSON data using UTF-16BE$30002017-04-12
677859Bad-cast to v8::internal::compiler::Operatoropcode;v8::internal::compiler::EscapeStatusAnalysis::Process;v8::internal::compiler::EscapeStatusAnalysis::RunStatusAnalysis-2017-04-12
662859Security: chrome-devtools protocol allows to read the content of C:\ drive$30002017-04-11
676767Use-after-poison in v8::internal::compiler::Node::RemoveUse-2017-04-11
677395Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2017-04-07
675176Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::LayoutInline::addChildIgnoringContinuation;blink::LayoutBox::clientLeft-2017-04-05
675124Bad-cast to blink::LayoutBox from blink::LayoutRubyAsInline;blink::LayoutObject::isRubyRun;blink::LayoutRubyAsInline::addChild-2017-04-05
677055Bad-cast to icu_58::DateFormat from icu_58::DecimalFormat;__RT_impl_Runtime_InternalDateFormatToParts;v8::internal::Runtime_InternalDateFormatToParts-2017-04-05
671102Security: Universal XSS through bypassing ScopedPageSuspender with closing windows$88372017-04-04
676560Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::dispatchTraceWrappers;blink::ScriptWrappableVisitor::AdvanceTracing-2017-04-01
676876Use-after-poison in blink::HTMLFormElement::reset-2017-04-01
676587Crash in v8::internal::Invoke-2017-03-31
671932Security: non-interactive request forcing$10002017-03-30
673971Security: Unicode hyphens in domain names are not blacklisted$20002017-03-30
674472CrOS: Vulnerability reported in app-arch/tar-2017-03-30
675178Heap-use-after-free in password_manager::FormFetcherImpl::OnGetPasswordStoreResults-2017-03-30
675332Security: heap-buffer-overflow in SkAlphaThresholdFilterImpl::onFilterImage$20002017-03-30
676276Use-of-uninitialized-value in SkOpBuilder::FixWinding-2017-03-30
673170Security: Universal XSS using late widget updates$80002017-03-29
675122Crash in mbsnrtowcs-2017-03-29
675237Use-after-poison in blink::HTMLFormElement::reset-2017-03-29
675208Crash in memchr-2017-03-29
675900Use-of-uninitialized-value in SkOpContour::rayCheck-2017-03-29
676060Use-of-uninitialized-value in approximately_between-2017-03-29
634108Security: Hijack navigation and spoofed alert dialog via. unbeforeload$5002017-03-28
666858No drag-and-drop events should fire in a same-page, cross-site frame (wrt drag source)-2017-03-28
667142AddressSanitizer: FPE v8/src/source-position-table.cc:37:9-2017-03-28
671328Security DCHECK failed: offset + length <= impl.length() in StringView.h-2017-03-28
675320Heap-double-free in CPDF_StreamParser::ReadInlineStream-2017-03-28
675132Use-of-uninitialized-value in SkOpPtT::addOpp-2017-03-28
668102Use-of-uninitialized-value in fclamp-2017-03-27
668814Use-of-uninitialized-value in EvalSegmentedFn-2017-03-27
665054Heap-buffer-overflow in TetrahedralInterpFloat-2017-03-26
675118Use-of-uninitialized-value in __msan::MsanAllocate-2017-03-26
675195Use-of-uninitialized-value in __msan::MsanAllocate-2017-03-26
653461Use-of-uninitialized-value in pr_UnlockedFindLibrary-2017-03-25
666284Security: renderer->extension privesc via sync-2017-03-25
666441Heap-use-after-free in SkCanvas::getDevice-2017-03-25
675072Stack-buffer-overflow in SkOpEdgeBuilder::walk-2017-03-25
676623Security: libxslt generation of text nodes integer overflow$30002017-03-24
670596Security: Same-name function declaration can overwrite window.location in Chrome 50+-2017-03-24
674203Security: Merge general javascript: UXSS fix to beta / stable-2017-03-24
624343Crash in SuggestMgr::leftcommonsubstring-2017-03-23
641841Stack-buffer-overflow in Hunspell::suggest-2017-03-23
673163Security: Form validation bubbles allow spoofing on other tabs$10002017-03-23
672791Crash in v8::internal::FixedArray::set-2017-03-23
673336Security: Stack-buffer-overflow in (anonymous namespace)::CalculateString$10002017-03-23
649270Use-of-uninitialized-value in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue-2017-03-22
663614Stack-buffer-overflow in Hunspell::suggest-2017-03-22
673244Crash in v8::internal::Simulator::DecodeType2$30002017-03-21
668552Security: Universal XSS by polluting private scripts with named properties$80002017-03-19
598812Security: Flash file creation omits Mark-of-the-Web, bypassing SmartScreen/AES-2017-03-17
643950Security: FFMPEG MP4 Decoder chrome_child!mov_read_hdlr heap allocation wrap-2017-03-17
663248Security: Web Worker - Memory corruption in CrossThreadPersistentRegion::prepareForThreadStateTermination()-2017-03-17
643951Security: FFMPEG MP4 Decoder chrome_child!mov_read_uuid heap allocation wrap-2017-03-16
643952Security: FFMPEG MP4 Decoder - Non-exploitable issues (3 Issues: 2 heap allocation wraps, and ~out-of-bounds access)-2017-03-16
474050Web content can navigate to chrome-extension:// pages-2017-03-15
554518Security: any UXSS bug on Android can be turned into a persistent RCE bug via the play store-2017-03-15
664551Pwnfest 2016 meta bug-2017-03-15
670927Heap-use-after-free in void blink::PODIntervalTree<blink::LayoutUnit, blink::FloatingObject*>::searchFo-2017-03-15
671312Use-after-poison in webrtc::BitrateAllocation::SetBitrate-2017-03-15
671037Use-after-poison in blink::WebSocketHandleImpl::OnFailChannel-2017-03-14
671327Heap-use-after-free in blink::LayoutObject::visualRect-2017-03-14
644632Component cloud policy signature validation missing-2017-03-11
663620Bypass unsafe-inline mode CSP-2017-03-11
670240Heap-use-after-free in data_use_measurement::ChromeDataUseAscriber::ReadyToCommitMainFrameNavigation-2017-03-11
656188Chrome allows kiosk app user to create directories and files without the app's knowledge-2017-03-10
668907Heap-buffer-overflow in SkAlphaRuns::Break-2017-03-10
669439CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8-2017-03-10
669392Heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels-2017-03-10
670438Use-of-uninitialized-value in net::LayeredNetworkDelegate::OnURLRequestDestroyed-2017-03-10
670546Heap-buffer-overflow in SkColorSpaceXform_XYZ<-2017-03-10
656752Security: Can navigate to attacker-created blob/filesystem URLs in chrome-extension process-2017-03-09
666714Onbeforeunload use after free$20002017-03-09
669534Heap-use-after-free in printing::PrintWebViewHelper::OnMessageReceived$15002017-03-09
647602Heap-use-after-free in blink::LayoutTextFragment::setTextFragment-2017-03-08
666616Heap-use-after-free in printing::PrintWebViewHelper::RequestPrintPreview-2017-03-08
667504WebRTC UsingFlexibleMode OOB memory write from picture id$30002017-03-08
668553Bad-cast to blink::LayoutBox from blink::LayoutBR;blink::PaintLayer::setNeedsCompositingInputsUpdate;blink::RootScrollerController::recomputeEffectiveRootScroller-2017-03-08
668665Security: XSS in chrome://apps (NTP) after drag and drop$5002017-03-08
668653Security: XSS in chrome://downloads, enables extensions to run any program$50002017-03-08
668784Heap-buffer-overflow in table_r$15002017-03-08
649359Shill proxy crash due to failure to set MSG_NOSIGNAL flag-2017-03-07
667493Minijail tty hijacking via TIOCSTI$5002017-03-07
668750Bad-cast to blink::DOMExceptionblink::GarbageCollectedFinalized<blink::DOMException>::finalizeGarbageCollectedObject;blink::NormalPage::sweep;blink::BaseArena::sweepUnsweptPage-2017-03-07
668848Use-after-poison in blink::EventListenerIterator::nextListener-2017-03-07
668970Security: Debugger API exposes UA shadow trees, and can cause bad-casts-2017-03-07
668510Crash in v8::internal::DoubleToRadixCString$5002017-03-04
667044Use-of-uninitialized-value in dec_build_inter_predictors-2017-03-03
668337Heap-use-after-free in v8_inspector::protocol::Runtime::DispatcherImpl::evaluate-2017-03-03
656485Security: Buffer Overflow in glBindBuffer$10002017-03-01
663476Security: Universal XSS through removing link elements$75002017-03-01
666246UA shadow DOM leak causes bad-cast to blink::HTMLSelectElement from blink::Text;blink::HTMLKeygenElement::shadowSelect;blink::HTMLKeygenElement::parseAttribute-2017-03-01
666794Global-buffer-overflow in libopus_decode_init-2017-03-01
666770Heap-buffer-overflow in ff_index_search_timestamp-2017-03-01
666874Use-of-uninitialized-value in check-2017-03-01
667068Use-of-uninitialized-value in fclamp-2017-03-01
667092Use-of-uninitialized-value in EvalSegmentedFn-2017-03-01
667260Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-03-01
667695Heap-buffer-overflow in table-2017-03-01
667694Heap-buffer-overflow in SetMatShaper-2017-03-01
666803Double-delete possible in WiFiDisplayMediaServiceImpl / WiFiDisplaySessionServiceImpl-2017-02-28
667157Use-of-uninitialized-value in v8::internal::compiler::Node::New-2017-02-27
666658Crash in v8::internal::Invoke-2017-02-27
658267Use-after-poison in v8::internal::List<v8::internal::FuncNameInferrer::Name, v8::internal::ZoneAlloc-2017-02-26
663726Use-after-free in ChromeExtensionsBrowserClient::GetOriginalContext upon opening menu after switching from incognito mode-2017-02-26
666486Use-of-uninitialized-value in unibrow::Utf8::CalculateValue-2017-02-25
666516Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-02-25
666517Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-02-25
662730Stack-buffer-overflow in MaskAdditiveBlitter-2017-02-22
661126meta bug: Bypass unsafe-inline mode CSP-2017-02-22
662780Heap-buffer-overflow in next-2017-02-22
655902User-created BeforeInstallPromptEvent crashes when preventDefault() called-2017-02-21
661413Security: (libANGLE) Buffer Overflow in glUniform*v-2017-02-21
660498Security: Temporary addressbar spoof with PDF navigation to sites with long response time$20002017-02-21
664139Security: Bad-Casting in ArrayBuffer resulting in Out-Of-Bounds write vulnerability$50002017-02-21
664713Heap-use-after-free in app_list::TileItemView::SetSelected-2017-02-20
654090Security: libicu has buffer overflow in path traversal code-2017-02-19
664284Bad-cast to CPDF_Object from invalid vptr;CPDF_Creator::InitNewObjNumOffsets;CPDF_Creator::WriteDoc_Stage1-2017-02-19
664411Pwnfest 2016: Chrome V8 Private Property Re-assign issue (bug in fast-path of Object.assign)-2017-02-18
660854Security: Incorrect validation of CopyBufferSubData in ANGLE$10002017-02-17
664469Crash in v8::internal::Simulator::DecodeType3-2017-02-17
649645Security: BroadcastChannel - Use After Free in WeakReference::is_valid()$10002017-02-16
659474Pwn2own meta bug-2017-02-16
662905Heap-buffer-overflow in Break-2017-02-16
663362Use-after-poison in blink::IdTargetObserverRegistry::removeObserver-2017-02-16
663402Security: [arm] OOB r/w due to size computation bug in MacroAssembler::Allocate-2017-02-16
663795Heap-buffer-overflow in LinLerp1Dfloat-2017-02-16
664023Stack-buffer-overflow in IccLib_Translate-2017-02-16
630332CSP form-action seems to be ignored if target="_blank"-2017-02-15
649118TURN (via WebRTC) with via STUN_ERROR_TRY_ALTERNATE allows TCP connection with attacker-controlled data to localhost-2017-02-15
654265Heap-buffer-overflow in BilinearInterpFloat-2017-02-15
663048<a ping="..."> should be covered by connect-src CSP directive$5002017-02-15
663666Heap-use-after-free in CPDFSDK_WidgetHandler::ReleaseAnnot-2017-02-15
663609Crash in equal<blink::Member<blink::IdTargetObserver>,-2017-02-15
657282Heap-buffer-overflow in TetrahedralInterpFloat-2017-02-14
662303Bad-cast to blink::TraceWrapperV8Reference<v8::Value> from blink::TraceWrapperV8Reference<v8::Object>;blink::reportFatalErrorInMainThread;v8::Utils::ReportApiFailure-2017-02-14
662775Crash in void Sk4px::MapDstSrcAlpha<Sk4px-2017-02-14
663194Crash in sse2::blit_row_color32-2017-02-14
662410Crash in v8::internal::Invoke-2017-02-13
659492Android content: scheme allows cross-origin data exfiltration-2017-02-11
660760Use-after-poison in blink::PersistentBase<blink::DummyGCBase,-2017-02-11
652209Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewAura-2017-02-10
654172Security: PDFium (LibTIFF / XFA) Heap Buffer Overflow in FPDFAPI_inflate-2017-02-10
660262Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak-2017-02-10
640191Security: type confusion vulnerability in flash player latest version$30002017-02-09
645150Heap-buffer-overflow in v8::internal::Simulator::DecodeType3-2017-02-09
658440Attempting free in buffer_replace-2017-02-09
660678expose() leaks privateClass via Object[@@hasInstance]$10002017-02-09
661058Bad-cast to v8::Platform::TraceStateObserver from v8::tracing::TracingCategoryObserverImpl;blink::Node::mutationObserverRegistry;blink::Node::unregisterMutationObserver-2017-02-09
659489Pwn2Own: content: scheme allows cross-origin info leaks-2017-02-07
658555Heap-use-after-free in pp::MacroExpander::pushMacro-2017-02-06
660685Stack-buffer-overflow in MaskAdditiveBlitter-2017-02-05
659594Use-of-uninitialized-value in base::Pickle::WriteBytes-2017-02-04
615851Security: Timing attack on denormalized floating point arithmetic in SVG filters circumvents same-origin policy-2017-02-03
655152Heap-buffer-overflow in FPDFAPI_inflate_fast-2017-02-03
658494Heap-buffer-overflow in FPDFAPI_inflate-2017-02-03
657568Security: Heap-use-after-free in InspectedContext::createInjectedScript$15002017-02-03
657720Security:Chrome Address Bar URL Spoofing$5002017-02-03
653749Security: Bypass of same-origin policy via range requests in PDF plugin$75002017-02-02
658584Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo-2017-02-02
658516Heap-buffer-overflow in v8::internal::wasm::WasmDecoder::OpcodeLength-2017-02-02
658114Security: V8 OOB read/write in asm.js$50002017-02-02
659361Stack-buffer-overflow in tls1_set_curves-2017-02-02
659475Pwn2Own: V8 OOB Bug.-2017-02-02
659477Pwn2own: RenderViewImpl::LaunchAndroidContentIntent in renderer can open arbitrary content intent scheme urls-2017-02-02
625878Security: libsrtp is out of date and there are at least 2 known bugs in it-2017-02-01
656817Use-after-poison in virtual thunk to blink::Document::isHeapObjectAlive-2017-02-01
658535Security: Universal XSS using an <input type="color"> element$75002017-02-01
627748Security: libsrtp uses a non-constant-time HMAC comparison-2017-01-31
653134Security: chrome-devtools protocol allows to read the content of C:\ drive$30002017-01-31
653656Heap-buffer-overflow in WebRtcSpl_MaxIndexW16-2017-01-31
625475Security: type confusion in GuestViewInternalCustomBindings::RegisterElementResizeCallback-2017-01-28
655904Security: Universal XSS via fullscreen element updates$75002017-01-28
656823Heap-use-after-free in v8_inspector::V8ConsoleMessage::reportToFrontend-2017-01-28
658037Sync client -> server protection vulnerable to CRIME attack.-2017-01-28
656314Heap-use-after-free in blink::ScrollAnchor::clear-2017-01-27
657740Use-after-poison in blink::PersistentBase<blink::DummyGCBase,-2017-01-27
657411Crash in SkOpSpanBase::segment-2017-01-27
657793Use-of-uninitialized-value in ChromeSecurityStateModelClient::GetSecurityStyle-2017-01-27
657862Heap-use-after-free in base::debug::TaskAnnotator::RunTask-2017-01-27
657863Use-of-uninitialized-value in content::IndexedDBCallbacks::IOThreadHelper::SendSuccessInteger-2017-01-27
646610Security: Universal XSS using OOPIF$75002017-01-26
655686Chrome: Crash Report - content::WebContents::FromRenderFrameHost-2017-01-26
657281Bad-cast to content::RenderFrameHostImpl from invalid vptr-2017-01-26
657724Heap-use-after-free in content::WebContents::FromRenderFrameHost-2017-01-26
656274Security: Cross-origin object leak via fetch$50002017-01-25
643948Security: chrome_child!mov_read_keys - Heap corruption as a result of an off-by-1 zero allocation$55002017-01-24
650232Security: Sandbox blocking of navigation dangerous when victim uses JavaScript: urls-2017-01-24
652548Security: UNKNOWN in v8::internal::GlobalHandles::Node::Release$5002017-01-24
654676Crash in LinLerp1Dfloat-2017-01-24
654983Use-of-uninitialized-value in webrtc::DspHelper::PeakDetection-2017-01-24
656132Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary-2017-01-24
655990Heap-use-after-free in PDF_CreatorAppendObject-2017-01-24
656161Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary-2017-01-24
656162Heap-use-after-free in CPDF_Dictionary::GetDirectObjectFor-2017-01-24
654183Security: PDFium (XFA) Heap Buffer Overflow in CWeightTable::Calc$35002017-01-23
655632Heap-use-after-free in blink::LayoutGrid::layoutBlock-2017-01-23
656282Heap-use-after-free in CPDF_Object::Release-2017-01-22
629774Security: Integer overflow in use counter of scoped pointers.-2017-01-21
652276Iframe Spoofing via subframe navigation-2017-01-21
654199Heap-use-after-free in content::VideoCaptureController::RemoveClient-2017-01-21
654280Security: Use of unvalidated URL in PDF viewer$25002017-01-21
654279Security: PDFs can navigate to file:-URLs$10002017-01-21
655973Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2017-01-21
655991Heap-buffer-overflow in chrome_pdf::PDFiumEngine::Form_GetCurrentPage-2017-01-21
655672Crash in SkBitmap::copyPixelsTo-2017-01-20
652038Security: PDFium Signed Integer Overflow Bug-2017-01-19
653090Security: Heap-use-after-free in Field::UpdateFormField$30002017-01-19
653459Use-of-uninitialized-value in CPDFSDK_WidgetHandler::ReleaseAnnot-2017-01-18
654272Heap-use-after-free in CFX_SystemHandler::KillTimer-2017-01-18
654198Use-of-uninitialized-value in EvalSegmentedFn-2017-01-18
654308Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak-2017-01-18
630372Crash in base::debug::StackDumpExceptionFilter-2017-01-17
653779Captive portal interstitial shows neutral (i) icon, not red triangle-2017-01-17
654668Use-of-uninitialized-value in _start-2017-01-17
653748Security: uprev libcurl to 7.50.3-2017-01-16
653484Heap-use-after-free in media::DecryptingDemuxerStream::~DecryptingDemuxerStream-2017-01-15
637459Security: ping attribute in href is not following spec, leads to information disclosure-2017-01-14
653610Security: Internal functions leaked when DevTools is open$10002017-01-14
622323WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks-2017-01-13
653034Security: Leaking referrer using iframe (with referrer policy turned on)-2017-01-13
653298Double-delete in BatteryMonitorImpl-2017-01-13
651142Use-after-poison in blink::IndexedDBClient::from-2017-01-12
651702Use-after-poison in blink::LocalFileSystem::from-2017-01-12
651849Use-of-uninitialized-value in EvalSegmentedFn-2017-01-12
653096Use-of-uninitialized-value in AddValueForStrcmp-2017-01-12
599865Heap-buffer-overflow in parse_encoding-2017-01-11
621836Negative-size-param in XFACodecFuzzer::Reader::ReadBlock-2017-01-11
633885cross-origin restriction bypass in track tag src$10002017-01-11
643982Heap-use-after-free in base::subtle::RefCountedThreadSafeBase::Release-2017-01-11
644963Security: Read Access Violation on Control Flow at content::devtools::service_worker::ServiceWorkerHandler::UpdateHosts$5002017-01-11
645075Heap-use-after-free in content::OutputDeviceBacking::UnregisterOutputDevice-2017-01-11
648062Crash in default_terminate_handler-2017-01-11
651094Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer-2017-01-11
639126Security: UXSS introduced through bookmark containing user information$5002017-01-10
649340Heap-use-after-free in blink::PaintLayerScrollableArea::deregisterForAnimation-2017-01-10
651166Security: Buffer overread in Devtools / Blink JSON parsers-2017-01-10
651632Use-of-uninitialized-value in TIFFFetchDirectory-2017-01-10
652103Security: Heap-use-after-free in CPDFSDK_Document::RemovePageView$30002017-01-10
652127Use-of-uninitialized-value in blink::PropertyHandle::operator==$25002017-01-10
647024Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture-2017-01-07
651443Security: Histogram Type Confusion Crashes the Browser Process-2017-01-07
651714Crash in v8::internal::wasm::WasmCompiledModule::mem_size-2017-01-07
651758Bad-cast to v8::internal::LoadICNexus from v8::internal::LoadGlobalICNexus;v8::internal::LoadICNexus* v8::internal::IC::casted_nexus<v8::internal::LoadICNexus>;v8::internal::IC::ConfigureVectorState-2017-01-07
629006Crash in base::PendingTask::PendingTask-2017-01-05
640571Heap-use-after-free in WebsiteSettings::OnUIClosing-2017-01-05
646795Heap-use-after-free in id-2017-01-05
648048Heap-use-after-free in ui::AXNode::id-2017-01-05
650078Crash in v8::internal::Invoke-2017-01-05
601538Mark of the Web bypass in Chrome-2017-01-04
639702Chrome for Android - Quickly entering and exiting fullscreen allows for URL Spoofing$10002017-01-04
649659Security: Heap-use-after-free in CFFL_InteractiveFormFiller::OnSetFocus$30002017-01-04
650736Use-of-uninitialized-value in v8::internal::Simulator::ConditionPassed-2017-01-04
649039Security: ChromeOS Exploit persistence via symlink-2017-01-03
647919CrOS: Vulnerability reported in dev-libs/openssl-2017-01-03
649040Security: ChromeOS 1 byte write overflow in c-ares-2017-01-03
649097Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup-2017-01-03
649461Use-of-uninitialized-value in v8::internal::JSArrayBuffer::SetupAllocatingData-2017-01-03
649810Heap-buffer-overflow in blink::LazyLineBreakIterator::nextBreakablePositionIgnoringNBSP-2017-01-03
650404Security: OOB read/write in V8 using TypedArrays+Crankshaft+Turbofan-2017-01-03
490015Security: sendBeacon let's you send POST requests with arbitrary content type-2017-01-02

Questions? Ask @SecurityMB