Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2018

Options
#Summary$$$Disclosure date
881763Index-out-of-bounds in vrend_set_single_ssbo-2018-12-29
887626Heap-use-after-free in CPDF_StreamAcc::~CPDF_StreamAcc-2018-12-29
877767CHECK failure: FinalAssessment::cast(assessment)->virtual_register() == virtual_register in reg-2018-12-28
879965Canceling a browser-initiated navigation by using the history.back function$5002018-12-28
880675Security: heap-buffer-overflow in CPDF_DIBSource::DownSampleScanline8Bit$10002018-12-28
880207Security: incorrect type information on Math.expm1-2018-12-28
887891CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2018-12-28
779028Security: content security policy bypass by writing to loading Frame's ContentDocument$10002018-12-27
880173heap use-after-free on AsyncCompileJob::CompileTask::Cancel-2018-12-27
884052DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line-2018-12-26
884664Security: Use-after-free in XFA_DataExporter_DealWithDataGroupNode$30002018-12-26
885383Use-of-uninitialized-value in blink::LayoutTable::RecalcSections-2018-12-26
885907Use-of-uninitialized-value in blink::LayoutTable::RecalcSections-2018-12-26
852634Security: Chrome for iOS URL spoofing using location.replace and history.back$5002018-12-25
863703Extension popovers do not overlap the Chrome, so they can be spoofed in the viewport.-2018-12-25
880786CrOS: Vulnerability reported in sys-apps/busybox-2018-12-25
884179Security: http authentication spoof on chrome android$10002018-12-25
884242P2P TCP sockets may crash the network service after receiving invalid packet-2018-12-25
879543CrOS: Vulnerability reported in sys-apps/busybox-2018-12-24
868592Window state leaking from one page to another.-2018-12-22
879226Crash in es2::Texture2D::getFormat-2018-12-22
881917Heap-buffer-overflow in cc::SurfaceLayer::SetHasPointerEventsNone-2018-12-22
883492DCHECK failure in !array_buffer_transfer_map_.Find(array_buffer) in value-serializer.cc$35002018-12-22
882078Security: IDN URL Spoofing with “ก”$5002018-12-21
880906Security: ANGLE TextureStorage11::setData Memory Corruption$10002018-12-21
883172CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSNumberFormat()) in js-nu-2018-12-21
835667pdfium: stack-buffer-overflow in IntersectSides$5002018-12-20
880015Security: Mixed content check is bypassed when loading Worklets-2018-12-20
880023Security: Mixed content check is bypassed in data: workers created from HTTPS Documents-2018-12-20
882449Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2018-12-20
883059DCHECK failure in is_resolved() in ast.h-2018-12-20
883164Use-after-poison in v8::internal::interpreter::BytecodeGenerator::BuildVariableLoad-2018-12-20
883215Use-after-poison in v8::internal::Variable::location-2018-12-20
883280DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h-2018-12-20
872651DCHECK failure in !name->AsArrayIndex(&index) in lookup-inl.h-2018-12-19
882686Stack-buffer-overflow in content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin-2018-12-19
883181Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::GetRegisterInfo-2018-12-19
824130Security: Several CORS security issues in browsers and specs, asking for comments$20002018-12-17
876252Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2018-12-15
877785Crash in cc::RestoreOp::Serialize-2018-12-15
880123Crash in _platform_memmove$VARIANT$Nehalem-2018-12-15
875579Bad-cast to v8::internal::wasm::AsyncCompileJob::CompileTask from invalid vptr in v8::internal::wasm::AsyncCompileJob::CancelPendingForegroundTask-2018-12-14
880322Security: Update third_party/libpng to mitigate CVE-2016-10087-2018-12-14
881644Bad-cast to const blink::LayoutBlock from blink::LayoutEmbeddedObject in blink::BoxModelObjectPainter::PaintTextClipMask-2018-12-14
881736Security DCHECK failure: object.IsLayoutBlock() in layout_block.h-2018-12-14
840163Crash in glvmRasterOpRead-2018-12-13
866016Security: Chrome OS (dev channel): app->VM via garcon TCP command socket-2018-12-13
880697CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i-2018-12-13
880759Chrome 69 URL Spoof via double-click$10002018-12-13
881021DCHECK failure in CanSubclassHaveInobjectProperties(instance_type) in objects.cc-2018-12-13
731640CrOS: Vulnerability reported in net-nds/openldap-2018-12-12
855008CrOS: Vulnerability reported in sys-libs/glibc-2018-12-12
877036CVE-2018-1000204 CrOS: Vulnerability reported in Linux kernel-2018-12-12
879142Use-of-uninitialized-value in v8::internal::Simulator::FPCompare-2018-12-11
879898CHECK failure: TypeError: node #28:JSToNumber type Numeric is not Number in verifier.cc-2018-12-11
880181Use-of-uninitialized-value in network::P2PSocketUdp::HandleReadResult-2018-12-11
844881Security: Address spoofing in Omnibox$30002018-12-08
870804Crash in es2::Program::linkAttributes-2018-12-08
508641Integer overflow checking in SkAutoTMalloc/SkAutoSTMalloc-2018-12-07
846296CrOS: Vulnerability reported in dev-libs/openssl-2018-12-07
872189Security: Little-CMS (lcms) Heap Buffer Overflow in AllocateDataSet$35002018-12-07
875322Function Signature Mismatch Error When Using Dynamic Linking for WebAssembly$30002018-12-07
878652Use-of-uninitialized-value in content::FileSystemDispatcher::ReadDirectorySync-2018-12-07
878725Bad-cast to blink::LayoutTableRow from blink::LayoutSVGText in blink::ToLayoutTableRow-2018-12-07
878735CVE-2018-13405 CrOS: Vulnerability reported in Linux kernel-2018-12-07
879085Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2018-12-07
879025Security: PDFium UAF in CFX_CodecMemory::~CFX_CodecMemory-2018-12-07
874030CrOS: Vulnerability reported in net-dialup/ppp-2018-12-06
874614CVE-2018-3620: L1 Terminal Fault: OS/SMM-2018-12-06
874617CVE-2018-3646: L1 Terminal Fault: VMM-2018-12-06
877874Crash in gpu::gles2::Texture::ClearRenderableLevels$10002018-12-06
878761Use-after-poison in blink::HTMLImportsController::Dispose-2018-12-06
878845CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass-2018-12-06
877182Security: Mojo DataPipe*Dispatcher deserialization lacking validation-2018-12-05
877766Heap-use-after-free in fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue-2018-12-05
812769Security: Cast UI hides Full-screen warning$5002018-12-04
853520use-after-free in operator-> buildtools/third_party/libc++/trunk/include/memory (WebAudio thread)$10002018-12-04
870678heap-use-after-free on IsSweepingInProgress()$10002018-12-04
875621Read AV in browser process$50002018-12-04
875680Crash in vp8_decode_mb_tokens-2018-12-04
877641Stack overflow-2018-12-04
867356Security: Chrome OS: filesystem restrictions bypass using crosvm sshfs-2018-12-03
877470SVG element can cause bad-cast to LayoutTableCell-2018-12-03
877498Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox-2018-12-03
857469CHECK failure: ==NUMBER==ABORTING in int64-lowering.cc-2018-12-02
340512Security: ImageBurner path validation on ChromeOS-2018-12-01
866129Security: Chrome OS runs ancient unrar in CAP_SYS_ADMIN context-2018-12-01
875739Security: Unauthenticated EAPOL-Key decryption in wpa_supplicant-2018-12-01
869941CVE-2018-5391: Issue 3: FragmentSmack (IP fragments)-2018-11-30
875494heap-buffer-overflow in [@ SkDashPath::InternalFilter]-2018-11-30
876696DCHECK failure in kSmiValueSize < layout_descriptor_length in layout-descriptor.cc-2018-11-30
877198Bad-cast to v8::(anonymous namespace)::ArrayBufferAllocator from v8::(anonymous namespace)::ShellArrayBufferAllocator in v8::ArrayBufferDeleter-2018-11-30
817595Crash in libappindicator3.so.1-2018-11-29
876443CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass-2018-11-29
876991Crash in gldRenderFillPolygonPtr-2018-11-29
875556Heap-buffer-overflow in int v8::internal::wasm::Decoder::read_leb_tail<int,-2018-11-28
876222Container-overflow in CJBig2_GRDProc::ProgressiveArithDecodeState::~ProgressiveArithDecodeState-2018-11-28
870226Security: v8 compactor may operate on undefined slots$30002018-11-27
875158Heap-buffer-overflow in media::VideoFrame::visible_data$15002018-11-27
875712Bad-cast to blink::MediaKeySystemConfiguration from invalid vptr in bool WTF::TraceInCollectionTrait<-2018-11-27
875847DCHECK failure in obj->IsExternalString() in heap.cc-2018-11-27
875885Bad-cast to CharacterStream<uint16_t>' (aka 'CharacterStream<unsigned short>') from v8::internal::RelocatingCharacterStream<unsigned char> in v8::internal::wasm::AsmJsParser::AsmJsParser-2018-11-27
876255CHECK failure: mem_size <= wasm::kV8MaxWasmMemoryBytes in wasm-objects.cc-2018-11-27
874460Heap-use-after-free in message_center::MessagePopupView::UpdateContents-2018-11-26
873436Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow-2018-11-24
852251Heap-use-after-free in blink::LayoutObject::WillBeDestroyed-2018-11-23
873529Heap-use-after-free in base::MessageLoop::DeletePendingTasks-2018-11-23
874416CrOS: Vulnerability reported in net-vpn/strongswan-2018-11-23
874433Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut-2018-11-23
874572Global-buffer-overflow in MemoryRead<unsigned-2018-11-23
874613CVE-2018-3615: L1 Terminal Fault: SGX-2018-11-23
853422DCHECK failure in address % access_size == 0 in simulator-arm64.cc-2018-11-22
872746Security: Vulnerable SRK may survive in case of interrupted TPM firmware update-2018-11-22
873080Security: fullscreen UI spoof using pdf prompt$10002018-11-22
873500CVE-2018-1120 CrOS: Vulnerability reported in Linux kernel-2018-11-22
874359Security: heap-buffer-overflow in CJS_PublicMethods::AFRange_Validate-2018-11-22
874396Crash in blink::HeapLinkedHashSet<blink::WeakMember<blink::SVGSMILElement>, WTF::MemberHa-2018-11-22
874393Crash in TableSizeMask-2018-11-22
874420Crash in blink::SMILTimeContainer::Unschedule-2018-11-22
874461Use-after-poison in blink::SMILTimeContainer::UpdateAnimations-2018-11-22
874458Crash in blink::HeapHashTableBacking<WTF::HashTable<blink::QualifiedName, WTF::KeyValuePa-2018-11-22
874462Crash in blink::SMILTimeContainer::SetElapsed-2018-11-22
874469Crash in Unlink-2018-11-22
874528Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::Trace<blink::SVGAnimatedPropertyBase>-2018-11-22
874568Crash in blink::SMILTimeContainer::SetElapsed-2018-11-22
874582Crash in Unlink-2018-11-22
874578Bad-cast to blink::ActiveScriptWrappableBase from invalid vptr in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables-2018-11-22
874585Bad-cast to blink::SVGElement from invalid vptr in blink::SVGElement::RemoveAllOutgoingReferences-2018-11-22
874600Crash in InsertBefore-2018-11-22
874757Use-after-poison in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables-2018-11-22
874714Use-after-poison in blink::TreeScope::RemoveElementById-2018-11-22
873693Heap-buffer-overflow in av_encryption_init_info_add_side_data-2018-11-21
873914Bad-cast to blink::ImageBitmap from base class subobject at offset 80 in blink::WebGLRenderingContextBase::TexImageByGPU-2018-11-21
873993Use-of-uninitialized-value in spvtools::val::CheckDecorationsOfEntryPoints-2018-11-21
865380Use-of-uninitialized-value in test_runner::PrintFrameDescription-2018-11-20
866766Use-of-uninitialized-value in gpu::CommonDecoder::Bucket::GetAsStrings-2018-11-20
869837Crash in v8::internal::Simulator::LoadStoreHelper-2018-11-20
873442Heap-buffer-overflow in spvtools::val::Instruction::word-2018-11-20
871787Use-of-uninitialized-value in storage::DatabaseTracker::UpdateOpenDatabaseInfoAndNotify-2018-11-18
871731CVE-2018-12232 CrOS: Vulnerability reported in Linux kernel-2018-11-17
872514CHECK failure: 0 < icu_length in intl-objects.cc-2018-11-17
849691Android app on CrOS allows capture of a HTML select tag when FLAG_SECURE is set-2018-11-16
872140Bad-cast to content::BrowserGpuClientDelegate from device::mojom::ScreenOrientationRequestValidator in void base::internal::FunctorTraits<void-2018-11-16
872219Bad-cast to content::BrowserGpuClientDelegatevoid base::internal::FunctorTraits<void in MakeItSo<void-2018-11-16
872244Crash in __ubsan::checkDynamicType-2018-11-16
872573Heap-use-after-free in spvtools::opt::Instruction::NumOperands-2018-11-16
867370use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage)$30002018-11-15
871005Heap-use-after-free in views::Slider::SetValueInternal-2018-11-15
871928Security: libaom/av1_dec_fuzzer: Crash in av1_decode_tg_tiles_and_wrapup-2018-11-15
859218Security: Referrer leak when Chrome Web App is installed on a path (repro issue 791216 on Mac)-2018-11-14
870178Heap-buffer-overflow in SkPaint::getTextWidths-2018-11-14
870571Heap-buffer-overflow in spvtools::val::ValidateCopyMemory-2018-11-14
870941Crash in SkRect::set-2018-11-14
863069Site Isolation: Attacker-controlled data URLs end up in wrong process after tab restore$30002018-11-13
870306Use-after-poison in void blink::Visitor::HandleWeakCell<blink::SVGElement>$35002018-11-13
870675Heap-use-after-free in base::DeleteHelper<content::ResolveProxyMsgHelper>::DoDelete-2018-11-13
862004Security: stack-buffer-underflow in Break-2018-11-12
866229CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc-2018-11-11
866895Security: Chrome OS: symlink traversal issue in /sbin/crash_reporter-2018-11-11
833138Consider blocking U+0307 after other i-like characters (e.g. U+1EC9)$5002018-11-10
870567Use-of-uninitialized-value in content::StatusCallbackAdapter-2018-11-10
870649Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem-2018-11-10
870682Crash in content::RunCallbacks-2018-11-10
751423heap-buffer-overflow in SkMatrix::setRSXform$5002018-11-09
868333CHECK failure: receiver->IsJSFunction() in objects.cc-2018-11-09
869313CHECK failure: Type cast failed in CAST(LoadObjectField(data_view, JSDataView::kByteLengthOffse-2018-11-09
870351Bad-cast to blink::V8EventListener from blink::V8LazyEventListener in blink::V8EventListenerHelper::GetEventListener-2018-11-09
865387Use-after-poison in blink::HTMLImportsController::Dispose-2018-11-08
866301Heap-use-after-free in views::Slider::SetValueInternal-2018-11-08
868463Security: libaom build default values-2018-11-08
868619Security: Kernel Level Memory Leak as a result of GDI object creations-2018-11-08
869593Heap-use-after-free in message_center::MessagePopupCollection::OnNotificationUpdated-2018-11-08
869716Heap-use-after-free in message_center::NotificationList::GetNotification-2018-11-08
822518iframe sandbox escape$10002018-11-07
848123Cross-origin-read attack by chaining three vulnerabilities$20002018-11-07
864162ASSERT: GTK_IS_WIDGET (widget)-2018-11-07
869347DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h-2018-11-07
751921Security: stack-buffer-overflow in SkPoint$10002018-11-06
750561Heap-buffer-overflow in ClipRestore$10002018-11-06
856967Crash in getAddress-2018-11-06
857383DCHECK failure in result in int64-lowering.cc-2018-11-06
860522Null-dereference READ in blink::AudioNode::Handler$5002018-11-06
867776V8 OOB write BigInt64Array.of and BigInt64Array.from side effect neuter$50002018-11-06
869293DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h-2018-11-06
805496Security: Self-update service worker to stay alive$5002018-11-05
867374Security: ARC: mount-passthrough sandbox bypass via procfs-2018-11-05
808407CSP bypass and XSS introduction via JavaScript URI in view source-2018-11-03
818376Security: Off-by-1 buffer over-read in Crashpad-2018-11-03
821704ASSERT: G_IS_OBJECT (object)-2018-11-03
845983Security: Android WebView can be tricked into navigating the top frame from a sandboxed iframe without allow-top-navigation-2018-11-03
848535Security: history.back() can be used to bypass multiple downloads restriction.-2018-11-03
858929Security: URL bar spoofing with Full-screen mode$5002018-11-03
866427Security: Taps on the parent window pass through to an iframe in Android Chrome-2018-11-03
866698Security: libaom/av1_dec_fuzzer_threaded: ASSERT: 0 <= sum && sum < (1 << (bd + FILTER_BITS + 1))-2018-11-03
867792Security: corrupt VP9 frame will cause tab crash-2018-11-03
868203Heap-use-after-free in base::sequence_manager::LazyNow::Now-2018-11-03
868586DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h-2018-11-03
868628DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h-2018-11-03
569955Security: Universal XSS by using fullscreen API-2018-11-02
760416Security: Python scripts use HTTP to interact with Closure compiler web service-2018-11-02
838098Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2018-11-02
865950Heap-use-after-free in blink::WorkerThread::PrepareForShutdownOnWorkerThread-2018-11-02
867314Use-of-uninitialized-value in SkOpAngle::lastMarked-2018-11-02
867762Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp in base::LoadNativeLibraryWithOptions-2018-11-02
868077Global-buffer-overflow in SkOpPtT::prev-2018-11-02
867789Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt-2018-11-02
842503Security: Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight$30002018-11-01
866282CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i-2018-11-01
866357DCHECK failure in UnusedPropertyFields() == map->UnusedPropertyFields() in map-inl.h-2018-11-01
866727DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc-2018-11-01
867306Fix DOMStorageNamespace UAF-2018-11-01
728200Security: PDFium JS: Field::m_pJSDoc lifetime issue-2018-10-31
860697Security: Use-after-free in CPDFSDK_Widget::Synchronize$30002018-10-31
866635gcm's SocketOutputStream::Flush can write arbitrary data to the network-2018-10-31
867048Use-of-uninitialized-value in v8::internal::Scanner::SkipMultiLineComment-2018-10-31
866208DCHECK failure in !Contains(string) in heap-inl.h-2018-10-30
532374Service Worker should not intercept the fetch requests which are initiated from opaque (cross-origin no-cors) stylesheet.-2018-10-29
861953DCHECK failure in (token.literal_chars) != nullptr in scanner.cc-2018-10-27
863623Security: Blob URL created from Data URL shares same process despite creator being cross-site$30002018-10-27
866210Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2018-10-27
866227Use-of-uninitialized-value in void cc::PaintOpReader::ReadFlattenable<SkMaskFilter>-2018-10-27
866233Use-of-uninitialized-value in cc::PaintOpReader::Read-2018-10-27
848306use-after-poison in operator blink::ExecutionContext *$10002018-10-26
863974Incomplete fix of issue 853937$31332018-10-25
864932Security: Little-CMS (lcms) Heap Buffer Overflow$25002018-10-25
865264DCHECK failure in !dictionary->requires_slow_elements() in elements.cc-2018-10-25
865312DCHECK failure in end <= array->length_value() in elements.cc-2018-10-25
862635Heap-use-after-free in blink::DisplayItemRasterInvalidator::Generate$35002018-10-24
862929Turbofan violates Liftoff's assumption of zero-extended 32-bit values in 64-bit registers-2018-10-24
864358Use-of-uninitialized-value in cc::PictureLayerImpl::AppendQuads-2018-10-24
864509Liftoff must ensure that i32 stack parameters are zero extended-2018-10-24
856823Security: WebRTC Out-of-bounds read in FEC-2018-10-23
862163OpenOffice extensions need to be flagged as potentially dangerous-2018-10-23
863810[turbofan] TruncateInt64ToInt32 must generate zero-extended value-2018-10-23
863840Crash in webrtc::ForwardErrorCorrection::XorPayloads-2018-10-23
863709Heap-use-after-free in ui::I18nSourceStream::FilterData-2018-10-22
863482Heap-use-after-free in views::Slider::SetValueInternal-2018-10-21
859032CrOS: Vulnerability reported in net-misc/curl-2018-10-20
862112CrOS: Vulnerability reported in net-vpn/strongswan: CVE-2018-5388-2018-10-20
863105DCHECK failure in external_backing_store_bytes_[type] >= amount in spaces.cc-2018-10-20
854455Security: Automatic file execution without any warnings$5002018-10-19
859511Security: Interrupted TPM firmware update doesn't clear out weak SRK-2018-10-19
862059Security: Bad cast in JSPropGetter in js_define.h$50002018-10-19
849192Stack-use-after-scope in bsdiff::SinkFile::Write-2018-10-18
853937XSS by hosting JS and JSON looking file$30002018-10-18
859303AddressSanitizer: attempting free on address which was not malloc()-ed in tt_face_vary_cvt-2018-10-18
855119URL spoofing with post urls-2018-10-17
858820Security: Credit card information leakage in Chrome autofill$10002018-10-17
861602Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate-2018-10-17
862536Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate-2018-10-17
835887Chrome exploit: WebAssembly type confusion + V8 OOB read + sandbox escape$406332018-10-16
836859Security: Privilege Escalation via chrome://resources filesystem URL-2018-10-16
846311signal 11 SEGV_MAPERR 000000000000 in get /v8/src/objects/fixed-array-inl.h:64:10-2018-10-16
860721ComputeRandomMagic produces less randomness on 64-bit platforms than 32-bit platforms-2018-10-16
860788CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc-2018-10-16
861571Security DCHECK failure: !node || (node->IsHTMLElement()) in html_element.h-2018-10-16
855211Security: WebRTC: Use-after-free in VP9 Processing-2018-10-15
853424Stack-use-after-return in TDiagnostics::writeDebug-2018-10-13
855932Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2018-10-13
860096Crash in v8_wasm_async_fuzzer-2018-10-13
861523Crash in v8_wasm_async_fuzzer-2018-10-13
859308Crash in v8_wasm_compile_fuzzer-2018-10-12
860392DCHECK failure in pc == code->instruction_start() in wasm-code-manager.cc-2018-10-12
860536CHECK failure: args[0]->IsObject() in async-hooks-wrapper.cc-2018-10-12
851662Security: WebRTC: Unchecked Optional Access in Updating timestamp after RED packet-2018-10-11
854887Bad-cast to blink::ScriptWrappable from invalid vptr in blink::V8Element::ToImpl-2018-10-11
855960DCHECK failure in Capacity() <= heap()->MaxOldGenerationSize() in spaces.cc-2018-10-11
857479[animationworklet] AnimationWorklet declared in child frame may override animations in parent-2018-10-11
843960Heap-use-after-free in content::RenderFrameImpl::PostAccessibilityEvent-2018-10-09
844845Bad-cast to content::RenderFrameImpl from invalid vptr in test_runner::WebFrameTestProxy<content::RenderFrameImpl, content::RenderFrameImpl::CreateParams>::PostAccessibilityEvent-2018-10-09
854816Heap-use-after-free in media::AudioManagerWin::InitializeOnAudioThread-2018-10-09
856999Use-of-uninitialized-value in OmniboxView::OpenMatch-2018-10-09
857500Heap-buffer-overflow in _ZNSt3__16vectorIhNS_9allocatorIhEEE18__construct_at_endIPKhEENS_9enable_ifIXsr2-2018-10-09
857524Heap-use-after-free in TemplateURLRef::SearchTermsArgs::SearchTermsArgs-2018-10-09
859809DCHECK failure in !object->IsFiller() in mark-compact.cc-2018-10-09
856578heap-use-after-free in memory_instrumentation::CoordinatorImpl::OnQueuedRequestTimedOut-2018-10-08
857439CVE-2018-1000199 CrOS: Vulnerability reported in Linux kernel-2018-10-08
859294Heap-use-after-free in blink::PaintController::FinishCycle-2018-10-08
850350Security: stack-buffer-overflow in Break$50002018-10-06
856474Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue-2018-10-06
856761Global-buffer-overflow in webrtc::internal::AudioSendStream::RegisterCngPayloadType-2018-10-06
857017CVE-2018-11412 CrOS: Vulnerability reported in Linux kernel-2018-10-06
853538Heap-use-after-free in blink::LayoutBlock::ComputeBlockPreferredLogicalWidths-2018-10-05
857139Heap-use-after-free in EnsureAncestorDependentCompositingInputs-2018-10-05
857262Heap-use-after-free in viz::SingleReleaseCallback::Run-2018-10-05
857311Use-after-poison in blink::PersistentBase<blink::DummyGCBase,-2018-10-05
327295speech-dispatcher crashes with window.speechSynthesis()$10002018-10-04
666299Security: debugger extension API bypasses normal opt-in for file:// access-2018-10-04
856532Heap-use-after-free in AutocompleteMatch::AutocompleteMatch-2018-10-04
856962Heap-buffer-overflow in autofill::FormStructure::RationalizeAddressStateCountry-2018-10-04
854556Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate-2018-10-03
856054Use-of-uninitialized-value in FXSYS_round-2018-10-03
856354Security: [pdfium] CJS_Field::m_pJSDoc may outlive the document.-2018-10-03
856471Heap-buffer-overflow in Decode-2018-10-03
856954Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate-2018-10-03
867501Security: Talos Security Advisory for Google PDFium (TALOS-2018-0639)$20002018-10-03
851241Crash in gfx::RenderTextHarfBuzz::DrawVisualText-2018-10-02
852085CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsSmi()) in objects-inl.h-2018-10-02
854883Security: Buffer overflow in usrsctplib-2018-09-30
849217Security: Reference count leak in SwiftShader OpenGL texture bindings-2018-09-29
850476Crash in quic::QuicConnection::OnAckRange-2018-09-28
852644Security: negative-size-param in Skia$10002018-09-28
853434Heap-use-after-free in ash::UnifiedSystemTrayBubble::ActivateBubble-2018-09-28
854066Security: OOB read in TypedArray.from-2018-09-28
854296Heap-buffer-overflow in avio_read-2018-09-28
854623Security: Out-of-bound access in CFXJSE_FormCalcContext::Lower$10002018-09-28
835613Heap-use-after-free in blink::FloatingObject::FloatingObject-2018-09-27
854213DCHECK failure in var < ParameterCount() in scope-info.cc-2018-09-27
854299Security: OOB read in Array.prototype.sort$40002018-09-27
854476Use-of-uninitialized-value in v8::internal::Isolate::RunHostImportModuleDynamicallyCallback-2018-09-27
854941DCHECK failure in var < ParameterCount() in scope-info.cc-2018-09-27
847570Security: heap-buffer-overflow in blink::ScriptFunction::~ScriptFunction()$30002018-09-26
848617Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate-2018-09-26
849840Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate-2018-09-26
852944DCHECK failure in !it.done() in module-compiler.cc-2018-09-26
854160Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback-2018-09-26
854463Crash in v8::internal::TypedElementsAccessor<-2018-09-26
849131Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext-2018-09-25
851398Stack-buffer-overflow in sw::Surface::Buffer::read-2018-09-25
851955Pixelbook embedded U2F Tokens Should be Locked to a Single Account and NOT be permitted in Guest Mode-2018-09-25
852592Security: OOB read/write in Array.prototype.sort$75002018-09-25
852641Stack-buffer-overflow in libGLESv2_swiftshader-2018-09-25
852759CVE-2018-10940 CrOS: Vulnerability reported in Linux kernel-2018-09-25
852258JSTypedArray ByteLength out of bounds-2018-09-24
853552Heap-use-after-free in blink::LayoutObject::ContainingBlock-2018-09-24
377995Security: CSP Sandbox bypass$10002018-09-22
840857Security: Browser process should catch commits of extension URLs in web processes-2018-09-22
848716Security: Multiple integer overflows in Skia GPU path rendering when computing vertex/idex count-2018-09-22
853421Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2018-09-22
853423Use-after-poison in void blink::ElementRuleCollector::CollectMatchingRulesForList<blink::HeapTermina-2018-09-22
853436Use-after-poison in blink::MemberBase<blink::ContentSecurityPolicy,-2018-09-22
835317Scroll TLD into view for publisher attribution in Custom Tabs-2018-09-21
850493Heap-buffer-overflow in webrtc::internal::CopyColumn-2018-09-21
847903Multiple UAF bugs fixed in the upstream kernel (most in the year 2017), but not patched in stable/latest chromeos4.4 kernel.-2018-09-20
850910CVE-2018-10675 CrOS: Vulnerability reported in Linux kernel-2018-09-20
845136heap use-after-free in link::VideoFrameSubmitter::~VideoFrameSubmitter()$5002018-09-19
847242Security: IDN URL Spoofing with Myanmar character "ဒ" (U+1012)-2018-09-19
849073Crash in blink::PersistentBase<blink::DummyGCBase,-2018-09-19
852207Crash in v8::internal::FullEvacuationVerifier::VerifyPointers-2018-09-19
849398Security: IDN URL Spoofing with Georgian Letter Vin$5002018-09-18
849329Security: CVE-2018-5383-2018-09-18
848786Cross-origin stylesheet content is readable using SW$5002018-09-17
831117Termination GC leaves behind persistents-2018-09-14
850354Use-of-uninitialized-value in blink::ImageFrame::BlendRGBARaw-2018-09-14
850407Crash in HintTableForFuzzing::Fuzz-2018-09-14
850440Crash in CPDF_HintTables::ReadPageHintTable-2018-09-14
850490CVE-2018-8781 CrOS: Vulnerability reported in Linux kernel-2018-09-14
839983Cross-origin audio leak using Web Audio API$10002018-09-13
847226Current update_engine code breaks rollback protection for enterprise devices-2018-09-13
847328Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h-2018-09-13
850005CHECK failure: Type cast failed in CAST(var_elements.value()) at ../../src/builtins/builtins-ca-2018-09-13
850305Use-of-uninitialized-value in disk_cache::SimpleEntryImpl::WriteDataInternal-2018-09-13
850365Use-of-uninitialized-value in void net::PrioritizedTaskRunner::PostTaskAndReplyWithResult<int, int>-2018-09-13
826552Redirect circumvents same-origin restrictions for AudioWorklet$10002018-09-12
841105Security: uXSS in Chrome on iOS$75002018-09-12
843736Security: ChromeOS Settings Template Injection-2018-09-12
844833heap-use-after-free on AudioOutputDevi$20002018-09-12
845859CVE-2018-10021 CrOS: Vulnerability reported in Linux kernel-2018-09-12
846295CVE-2018-10124 CrOS: Vulnerability reported in Linux kernel-2018-09-12
847060Heap-buffer-overflow in mov_read_saio-2018-09-12
848672Security: V8 Incorrect type cast in String.p.split function leads to OOB write$50002018-09-12
848779Use-of-uninitialized-value in content::SignedExchangePrologue::Parse-2018-09-12
849062Heap-buffer-overflow in avio_read-2018-09-12
849142Use-of-uninitialized-value in test_runner::CopyImageAtAndCapturePixels-2018-09-12
849144Heap-buffer-overflow in content::SignedExchangePrologue::ParseEncodedLength-2018-09-12
849663DCHECK failure in x <= INT_MAX in conversions.h-2018-09-12
813349Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser-2018-09-11
836760CrOS: Vulnerability reported in dev-libs/openssl-2018-09-11
848238Security: Floating-point precision errors in Swiftshader blitting-2018-09-11
848914Security: heap-buffer-overflow in gpu::gles2::StrictIdHandler::FreeIds$30002018-09-11
849595Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary-2018-09-11
840536Security: WebRTC: Type Confusion when processing H264 NAL packet-2018-09-10
848531Security: Simulated Alt + Click event can download a cross origin file-2018-09-10
849033Heap-use-after-free in blink::TransformPaintPropertyNode::GetTransformCache-2018-09-10
849036Heap-use-after-free in blink::GeometryMapper::SourceToDestinationProjectionInternal-2018-09-10
849072Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow-2018-09-10
849109Heap-use-after-free in blink::GeometryMapper::LocalToAncestorClipRectInternal-2018-09-10
847089Use-of-uninitialized-value in cc::PaintOp::AreSkMatricesEqual-2018-09-09
844828Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext-2018-09-08
847386Security: Skia: Uninitialized variable in gen_alpha_deltas-2018-09-08
833143Lao could lead to idn spoof$5002018-09-07
847718Chrome URL Spoofing (via refreshed)$5002018-09-07
839358CVE-2018-1094 CrOS: Vulnerability reported in Linux kernel-2018-09-06
844428Security: Extension is able to inject script into chrome://newtab/$5002018-09-06
845006ASSERT: GTK_IS_TREE_MODEL (tree_model)-2018-09-06
845489Security: Incomplete fix for crbug/844457 (Heap overflow in SkScan::FillPath due to precision error)-2018-09-06
846262Security: Qualys procps audit-2018-09-06
847346Use-of-uninitialized-value in CFX_DIBitmap::Clear-2018-09-06
847809Stack-buffer-overflow in webrtc::VideoQualityObserver::OnDecodedFrame-2018-09-06
847780DCHECK failure in !HasWeakHeapObjectTag(object) in scavenger.cc-2018-09-06
839357CVE-2018-1093 CrOS: Vulnerability reported in Linux kernel-2018-09-05
842265Security: WebRTC: Use-after-free in VP8 Block Decoding-2018-09-05
847728DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h-2018-09-05
849355Clickjacking on the inline extension installation dialog-2018-09-04
788936Steal local file contents by abusing liberal CSS parsing$20002018-09-04
847247Heap-buffer-overflow in CPDF_DeviceCS::GetRGB-2018-09-04
841280heap-use-after-free in BlinkGC$20002018-09-03
846635Heap-buffer-overflow in blink::NormalizeLineEndingsToCRLF$5002018-09-03
847012Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild-2018-09-03
847177Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2018-09-03
847182Heap-use-after-free in blink::LayoutObjectChildList::RemoveChildNode-2018-09-03
844195Security: SpeechSynthesisEvent exposes high-resolution timestamps$5002018-09-01
845961Security: Setting arbitrary http request headers via <iframe csp> attribute$31332018-09-01
846827Use-of-uninitialized-value in assist_ranker::RankerURLFetcher::Request-2018-09-01
846000Container-overflow in v8::internal::compiler::JsonPrintAllSourceWithPositions-2018-08-31
844872Heap-buffer-overflow in transform_scanline_bgrA-2018-08-31
846182Heap-use-after-free in blink::MIDIInput::DidReceiveMIDIData-2018-08-31
844578Bad-cast to blink::CSSProperty from invalid vptr in blink::ToCSSProperty-2018-08-30
844796Bad-cast to const blink::CSSProperty from invalid vptr in blink::CSSProperty::Get-2018-08-30
844840Bad-cast to const blink::CSSPropertyblink::CSSProperty::Get in blink::CSSComputedStyleDeclaration::SetPropertyInternal-2018-08-30
846192Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::RemoveChild-2018-08-30
845040Heap-use-after-free in blink::SVGResources::LayoutIfNeeded-2018-08-29
841962Security: WebRTC: Overflow in FEC Processing-2018-08-28
844301Heap-use-after-free in PreviousSibling-2018-08-27
844857Use-of-uninitialized-value in blink::LayoutObject::NextInPreOrderAfterChildren-2018-08-27
828265MediaError message property leaks cross-origin response status$5002018-08-25
835299Security: Integer overflow in Swiftshader texture allocation-2018-08-25
843970CrOS: Vulnerability reported in dev-libs/libxml2-2018-08-25
844089Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2018-08-25
844254Heap-buffer-overflow in void SkMatrixConvolutionImageFilter::filterPixels<RepeatPixelFetcher, true>-2018-08-25
844275CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge-2018-08-25
844366Bad-cast to SkPixelRef from invalid vptr in SkBitmap::getGenerationID-2018-08-25
844457Security: Chrome/Skia: Heap overflow in SkScan::FillPath due to precision error.-2018-08-25
685747Extension names aren't sanitized when displayed in the UI-2018-08-24
770709Latin "with dot below" not rendered as PunyCode-2018-08-24
826019Security: IDN URL Spoofing with using U+0525-2018-08-24
835554U+0153 (œ), U+00e6 (æ) may lead to url spoofing$5002018-08-24
836885Security: IDN URL Spoofing with “ҙ” (U+0499)-2018-08-24
840161Security: use-after-free or double-free in Virtio Wayland ChromiumOS code$15002018-08-24
842990Security: Sandbox Escape - Use After Free with IndexedDBConnection$100002018-08-24
843563[wasm] Shared js-to-wasm wrappers call to instance-specific wasm-to-js wrapper-2018-08-24
844200CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge-2018-08-24
817920Security: ChromeOS persistent command execution as root$333372018-08-23
818032Security: Passing PATH variable to Upstart jobs allows for privilege escalation.-2018-08-23
826434Security: Concern about WebAssembly table mutability-2018-08-23
835889Various filesystem CVEs-2018-08-23
843493Crash in CPWL_Timer::KillPWLTimer-2018-08-23
843543Security: OOB reads due to missing map check-2018-08-23
804123Security: TexImage3D heap-buffer-overflow in WebKit Webgl$10002018-08-22
836362Security: download.default_directory should not be modifiable via settingsPrivate.setPref-2018-08-22
839197Heap-use-after-free in PermissionRequestManager::AddRequest-2018-08-22
843022Security: OOB access in RegExpBuiltinsAssembler::LoadRegExpResultFirstMatch$20002018-08-22
843120[wasm] We call the start function with the wrong instance-2018-08-22
829528Heap-use-after-free in cc::ResourceProvider::ContextGL-2018-08-21
838886Crash in CFX_DIBitmap::~CFX_DIBitmap-2018-08-21
839822Chrome URL spoofing vulnerability on IOS$10002018-08-21
840695Heap-use-after-free in CJBig2_Image::~CJBig2_Image-2018-08-21
840855DCHECK failure in current_pos <= num_indices in runtime-array.cc-2018-08-21
842501Stack-buffer-overflow in v8::internal::compiler::VisitBinop-2018-08-21
842545Heap-use-after-free in TabStripModel::SendDetachWebContentsNotifications-2018-08-21
839695pdfium: global-buffer-overflow in CFX_BidiLine::ResolveImplicit$10002018-08-20
840320Security: type confusion trigger DCHECK fail in ReadableStreamBytesConsumer::OnFulfilled::Call$50002018-08-20
842028Security: libglesv2 heap-buffer-overflow in VertexBuffer11::storeVertexAttributes$10002018-08-20
837097Heap-use-after-free in base::debug::TaskAnnotator::RunTask-2018-08-19
830100Heap-use-after-free in cc::VideoResourceUpdater::HardwarePlaneResource::~HardwarePlaneResource-2018-08-18
839356CVE-2018-1092 CrOS: Vulnerability reported in Linux kernel-2018-08-18
839660TargetAutoAttacher::AutoAttachToFrame UaF (Sandbox Escape)-2018-08-18
842078Crash in v8::internal::String::MakeExternal-2018-08-18
812667Security: Cross-origin information leak via subresource integrity (SRI), fetch and Service Workers$10002018-08-17
840106Security: heap-use-after-free in TypedArrayBuiltinsAssembler::ConstructByArrayLike$75002018-08-17
838867CVE-2017-18255 CrOS: Vulnerability reported in Linux kernel-2018-08-17
823194Security: Long extension name allows spoofing of Debugging InfoBar$5002018-08-16
832246Bad-cast to blink::LayoutBlock from blink::LayoutText in blink::ToLayoutBlock-2018-08-16
836162Crash in blink::LayoutObject::NextInPreOrder-2018-08-16
837477Crash in _pthread_key_global_init-2018-08-16
838588Crash in blink::TextOffsetMapping::TextOffsetMapping-2018-08-16
838589Bad-cast to blink::LayoutBlock from blink::LayoutTextCombine in blink::TextOffsetMapping::ComputeContainigBlock-2018-08-16
838859Use-of-uninitialized-value in blink::SlotAssignment::Trace-2018-08-16
839961Heap-use-after-free in test_runner::PrintFrameDescription-2018-08-16
840776Bad-cast to blink::LayoutSVGResourceContainer from invalid vptr in blink::SVGResources::RemoveClientFromCacheAffectingObjectBounds-2018-08-16
840864Heap-use-after-free in blink::SVGFilterPainter::PrepareEffect-2018-08-16
840923Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject-2018-08-16
840924Heap-use-after-free in blink::SVGResources::LayoutIfNeeded-2018-08-16
840979TextOffsetMapping make blink::SlotAssignment::Trace() to crash-2018-08-16
841046Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::LayoutIfNeeded-2018-08-16
841055Use-of-uninitialized-value in blink::LayoutSVGResourceFilter::RemoveClientFromCache-2018-08-16
841109Heap-use-after-free in SelfNeedsLayout-2018-08-16
841059Heap-use-after-free in blink::LayoutSVGResourceFilter::ResourceBoundingBox-2018-08-16
841118Heap-use-after-free in Lookup<WTF::IdentityHashTranslator<WTF::MemberHash<blink::SVGResourceClient>,-2018-08-16
841153Heap-use-after-free in GetDocument-2018-08-16
841154Bad-cast to blink::SVGMarkerElement from blink::SVGPathElement in blink::SVGMarkerElement* blink::ToElement<blink::SVGMarkerElement>-2018-08-16
841201Heap-use-after-free in blink::SVGResources::LayoutIfNeeded-2018-08-16
841210Use-of-uninitialized-value in skcms_TransferFunction_eval-2018-08-16
841275Crash in blink::SVGAnimatedPropertyCommon<blink::SVGEnumerationBase>::CurrentValue-2018-08-16
841698Use-of-uninitialized-value in blink::HTMLMediaElement::StartPlayerLoad-2018-08-16
841592Crash in IntToSmi<31>-2018-08-16
841705Heap-use-after-free in blink::SVGResources::LayoutIfNeeded$35002018-08-16
826187Security: Cross Site Resource Size Estimation via OnProgress events$5002018-08-14
683418Don't allow web iframes on chrome:// pages-2018-08-14
835589Security: CSS Paint API leaks visited status of links (up to ~3k/sec)$20002018-08-14
839960Security: Use of uninitialized memory caused by AcmReceiver::AcmReceiver()$5002018-08-14
840376Add back retpoline for indirect function calls in wasm-2018-08-14
840220CHECK failure: Type cast failed in CAST(TypedArraySpeciesConstructor(context, exemplar)) at ../-2018-08-13
837048Security: URL spoofing (wrong url in omnibox after going back from search result)-2018-08-10
837585Security: CXFA_Node::FindSplitPos container overflow$10002018-08-10
839348Use-of-uninitialized-value in CFX_GifContext::LoadFrame-2018-08-10
839361Use-of-uninitialized-value in bool pdfium::base::internal::CheckedMulOp<unsigned int, unsigned int, void>::Do<-2018-08-10
839399Use-of-uninitialized-value in v8::internal::Serializer<v8::internal::DefaultSerializerAllocator>::ObjectSerial-2018-08-10
813155Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue-2018-08-09
837578Security: pdfium heap-use-after-free-2018-08-09
838402Security: WebRTC: Out-of-bounds memory access in WebRTC VP9 Frame Processing-2018-08-09
838672WebRTC: Out-of-bounds memory access in WebRTC VP9 Missing Frame Processing-2018-08-09
618264Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function-2018-08-08
618936Security: PDFium: Heap Buffer Overflow in libtiff's EstimateStripByteCounts Function-2018-08-08
818138Security: Download directory can be set to arbitrary paths via chrome://settings-2018-08-08
836858Security: Privilege Escalation using extension filesystem URLs-2018-08-08
837939Security: [v8] Information Leak in Map constructor$45002018-08-08
797461Security: Extensions can run code in the local/instant NTP$5002018-08-07
834624DCHECK failure in !trap_handler::IsThreadInWasm() in wasm-interpreter.cc-2018-08-07
835371Bad-cast to blink::LayoutBox from invalid vptr in blink::LayoutBlockFlow::XPositionForFloatIncludingMargin-2018-08-07
835577Flaky UaF when running TabRestoreTest.RestoreFirstBrowserWhenSessionServiceEnabled-2018-08-07
837943Heap-use-after-free in blink::ChunkToLayerMapper::SwitchToChunk-2018-08-05
803748Use-of-uninitialized-value in LZWPreDecode-2018-08-04
821640CSP bypass by navigating same-origin page to JavaScript URI$10002018-08-04
823864Make WebUI more robust to user gesture spoofing-2018-08-04
837417Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject-2018-08-04
830303Security: heap-use-after-free in check_client_download_request.cc when in incognito mode$30002018-08-03
834619DCHECK failure in func_index == code->index() in wasm-code-manager.cc-2018-08-03
837479Crash in CopyRow_ERMS-2018-08-03
808333Security: PDFium UAF in CXFA_Document::DoProtoMerge$30002018-08-01
826404Use-of-uninitialized-value in gdk_pixbuf_new-2018-08-01
832734Security: URL spoofing on iOS (repro issue 796777)$5002018-08-01
834716CVE-2018-7566 CrOS: Vulnerability reported in Linux kernel-2018-08-01
834875Container-overflow in webrtc::FftData::CopyToPackedArray-2018-08-01
836131Heap-buffer-overflow in angle::LoadToNative<signed char,1>$15002018-08-01
836141Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject-2018-08-01
791324Security: Fetch API reveals existence of Redirection in no-cors mode$5002018-07-31
834693Crash in Call-2018-07-31
835184Global-buffer-overflow in fxcrt::WideString::WStringLength-2018-07-31
835602Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut-2018-07-31
835639Security: FileReader - Use After Free in FileReaderLoader::OnCalculatedSize()$30002018-07-31
829280Heap-use-after-free in cc::VideoResourceUpdater::AllocateResource-2018-07-29
831054Security: Web Worker - Use After Free with Cross Thread Persisten Node$30002018-07-28
834850Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox-2018-07-28
834851Security DCHECK failure: box.IsInlineTextBox() in inline_text_box.h-2018-07-28
835048Use-of-uninitialized-value in SkPictureShader::onMakeContext$15002018-07-28
814987Heap-buffer-overflow in getAddress-2018-07-27
834149Security: PDFium UAF in CFX_XMLElement::Save$35002018-07-27
834941CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWeakCell()) in objects-inl-2018-07-27
834854CHECK failure: cell->cleared() || cell->value()->IsMap() in objects-debug.cc-2018-07-27
810220Security: Extension with <all_urls> permission can read arbitrary local files and chrome:// pages$20002018-07-26
831963Security: In-memory Cache UaF 2$105002018-07-26
832589Security: PDFium UAF in CFGAS_FontMgr::FindFont$55002018-07-26
833721Security: PDFium heap-buffer-overflow WRITE in CPDF_ExpIntFunc::v_Call$50002018-07-26
833729Improper Gzip Decompressing allows content to be added to the file-2018-07-26
816685Security: Extension popups can read local files if a Browser Action invoked on a file:/// URL$5002018-07-25
817247Security: IDN URL Spoofing with using U+04CF$5002018-07-25
827667Security: ANGLE LoadToNative memory corruption$10002018-07-25
831170Out-of-bounds read in Promise-2018-07-25
831984Ill in v8::internal::FullEvacuationVerifier::VerifyPointers-2018-07-25
832101TextOffsetMapping::ComputeContainigBlock() crashes with all elements are float-2018-07-25
832261TextOffsetMapping::ComputeContainigBlock() crashes with position:aboslute-2018-07-25
833172TextOffsetMapping::ComputeContaingBlock() crashes with position:fixed-2018-07-25
750298Security: Spoofing with chrome://cache (Chrome icon as SecurityIndicator)-2018-07-24
832787Use-of-uninitialized-value in TParseContext::nonInitErrorCheck-2018-07-22
801648Use-of-uninitialized-value in TType::operator==-2018-07-21
826041Multiple concurrent screen capture sessions are not handled correctly on ChromeOS-2018-07-21
831539CVE-2018-1068 CrOS: Vulnerability reported in Linux kernel-2018-07-21
796794Use-of-uninitialized-value in TParseContext::addIndexExpression-2018-07-20
797174Use-of-uninitialized-value in TParseContext::nonInitErrorCheck-2018-07-20
818133MacViews: views::Textfield doesn't enable secure input for password in HTTP Authentication prompt-2018-07-20
823074Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo-2018-07-20
831943Security: Crash with JavaScript RegExp subclassing$15002018-07-20
811158Bookmark Apps of non-secure origins do not show security indicators-2018-07-19
819809Security: SEE_MASK_FLAG_NO_UI behavior changes in Windows 10, allowing SmartScreen bypass$5002018-07-19
829213Security: Crash in content::SpeechRecognitionDispatcher::OnRecognitionEnded()$30002018-07-19
830194Heap-use-after-free in [thunk]:rtc::VideoSourceInterface<class-2018-07-19
831537CrOS: Vulnerability reported in net-misc/curl-2018-07-19
813376Crash in v8::internal::Invoke-2018-07-18
829777CVE-2018-7995 CrOS: Vulnerability reported in Linux kernel-2018-07-18
829881Security DCHECK failure: value.IsValueList() in CSSValueList.h-2018-07-18
831111CVE-2018-8087 CrOS: Vulnerability reported in Linux kernel-2018-07-18
831463CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWasmInstanceObject()) in w-2018-07-18
797465Referrer Policy bypass using Navigation Timing API$5002018-07-17
825480CVE-2017-18208 CrOS: Vulnerability reported in Linux kernel-2018-07-17
830179Heap-use-after-free in blink::PaintLayer::UpdateHasSelfPaintingLayerDescendant-2018-07-17
830256Heap-buffer-overflow in display::EdidParser::ParseEdid-2018-07-16
828323Bad-cast to blink::WebAudioSourceProvider from invalid vptr in blink::HTMLMediaElement::AudioSourceProviderImpl::Wrap-2018-07-15
830138Heap-buffer-overflow in display::EdidParser::ParseEdid-2018-07-15
830146Bad-cast to NiceMock<media::MockMediaLog> from media::MockMediaLog in testing::internal::NiceMockBase<media::MockMediaLog>::NiceMockBase-2018-07-14
823096Crash in sw::Renderer::executeTask-2018-07-13
825524Heap-buffer-overflow in Decode-2018-07-13
828234Use-of-uninitialized-value in send_delete_event-2018-07-13
829679CHECK failure: Type cast failed in CAST(properties) at ../../src/code-stub-assembler.cc:1412 in-2018-07-13
793402Mac: Add hardening to protect against sandboxed processes calling CTFontManagerRegisterFontsForURL(), tricking LoadFontOnFileThread()$5002018-07-12
826659Heap-use-after-free in blink::PaintController::GenerateRasterInvalidationsComparingChunks-2018-07-12
826166Security: Out-Of-Bounds Write Vulnerability in Skia$30002018-07-12
828359Heap-buffer-overflow in cast_message_fuzzer.cc-2018-07-12
828575Heap-use-after-free in base::internal::BindState<void-2018-07-12
828715Heap-use-after-free in base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase-2018-07-12
828924Crash in base::debug::TaskAnnotator::RunTask-2018-07-12
829058Bad-cast to safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState from invalid vptr in Invoke<scoped_refptr<safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState>>-2018-07-12
805224Security: chrome.debugger can attach to any target$20002018-07-11
826671CVE-2017-18221 CrOS: Vulnerability reported in Linux kernel-2018-07-11
827013CHECK failure: Type cast failed in CAST(LoadFixedArrayElement( descriptors, DescriptorArray::To-2018-07-11
827806Heap-use-after-free in v8::internal::Isolate::UnregisterFromReleaseAtTeardown-2018-07-11
828049pdfium: oob array write in CPDF_StreamParser::ParseNextElement$5002018-07-11
828522Use-of-uninitialized-value in v8::internal::Sweeper::PauseOrCompleteScope::PauseOrCompleteScope-2018-07-11
828524Heap-use-after-free in safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::GetURLLoaderF-2018-07-11
732718Security: X64 assembler incorrectly encodes RIP+disp operand when followed by immediate.-2018-07-10
825045DCHECK failure in descriptor_number < number_of_descriptors() in objects-inl.h-2018-07-10
826232Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing-2018-07-10
826626Security: Blockfile Media Cache UaF$100002018-07-10
827039Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel-2018-07-10
827046Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel-2018-07-10
827492Security: In-memory Cache UaF$105002018-07-10
828221Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing-2018-07-10
822821Heap-buffer-overflow in BrotliCopyBytes-2018-07-07
825545Security: Heap Buffer Overflow (4 byte read) in sw::Blitter::blit3D (swiftshader)-2018-07-07
826673CVE-2018-7740 CrOS: Vulnerability reported in Linux kernel-2018-07-07
826783Bad-cast to rtc::PacketTransportInternal from content::(anonymous namespace)::IpcPacketSocket in webrtc::RtpTransport::IsTransportWritable-2018-07-07
826876Use-of-uninitialized-value in webrtc::RtpTransport::OnWritableState-2018-07-07
827715Bad-cast to rtc::PacketTransportInternal from invalid vptr in webrtc::RtpTransport::IsTransportWritable-2018-07-07
810736Heap-use-after-free in sw::Renderer::finishRendering$30002018-07-06
823150Use-of-uninitialized-value in blink::ScrollAnchor::NotifyBeforeLayout-2018-07-06
826725Heap-use-after-free in webrtc::RtpTransport::OnWritableState-2018-07-06
827106DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h-2018-07-06
813541Security: Referrer leak + CSS injection at home page of remote debugging server = RCE$5002018-07-05
823039Stack-use-after-return in TDiagnostics::writeDebug-2018-07-05
826658Security: Unauthorized users can edit features on https://www.chromestatus.com$1002018-07-05
826785DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h-2018-07-05
826364Security: RFI / XSS on https://www.chromestatus.com/$5002018-07-04
826389Use-of-uninitialized-value in gpu::CommandBufferHelper::Finish-2018-07-04
825503Uninitialized variable usage in ANGLE may cause a memory disclosure$5002018-07-03
793715Heap-use-after-free in xmlParseGetLasts-2018-06-30
799707Chromium: Vulnerability reported in libxml-2018-06-30
813540Security: remote debugging + DNS rebinding = UXSS$5002018-06-30
818472Security: WebUSB HID Device Access + OOB Read / Crash Via WebUSB transferIn$50002018-06-30
822976Security: egl::Image::loadImageData - SwiftShader$10002018-06-30
823345Heap-use-after-free in xmlParseGetLasts-2018-06-30
825087DCHECK failure in is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b-2018-06-30
825273Security: Bug in BoringSSL P-256 point_add$5002018-06-30
791216Referrer leak when Chrome Web App is installed on a path-2018-06-29
821364Heap-buffer-overflow in base::internal::JSONParser::ConsumeStringRaw-2018-06-29
822120Heap-buffer-overflow in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >-2018-06-29
824531Security: Redirected URL leak on iOS-2018-06-29
824714CVE-2017-18203 CrOS: Vulnerability reported in Linux kernel-2018-06-29
820984CHECK failure: InstructionSelector::SupportsSpeculationPoisoning() in pipeline.cc-2018-06-28
821334CVE-2017-18174 CrOS: Vulnerability reported in Linux kernel-2018-06-28
823116Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2018-06-28
823048CVE-2018-6927 CrOS: Vulnerability reported in Linux kernel-2018-06-28
823125CVE-2018-7480 CrOS: Vulnerability reported in Linux kernel-2018-06-28
824102Chromium: Vulnerability reported in libxml-2018-06-28
824586Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2018-06-28
799711Security: Bypass password for PIN/lock on sleep settings on Chrome OS$5002018-06-27
820913Security: Heap-buffer-overflow in AAHairlineOp::onPrepareDraws$30002018-06-27
821138Privilege elevation via PDFium-2018-06-27
822799Security: WebRtc - Use After Free in AudioRtpSender::CanInsertDtmf()$50002018-06-27
823353Security: Show javascript alert on a site by clicking on a link from that site$10002018-06-27
823654Use-of-uninitialized-value in content::RenderFrameMetadataObserverImpl::OnRenderFrameSubmission-2018-06-27
818396Use-of-uninitialized-value in blink::SubresourceIntegrity::ParseAlgorithmPrefix-2018-06-26
818808Use-of-uninitialized-value in gtk_widget_destroy-2018-06-26
820703Heap-use-after-free in GrTextureStripAtlas::unlockRow-2018-06-26
822986Use-of-uninitialized-value in gdk_pixbuf_new-2018-06-26
823239Use-of-uninitialized-value in g_type_module_register_type-2018-06-26
822266Security:crash(SEGV_MAPERR ) in wasm module-2018-06-25
816769Security: IDN URL Spoofing with U+04FD, U+050F, U+050B-2018-06-23
817686Global-buffer-overflow in puffin::Huffer::HuffDeflate-2018-06-23
817733Heap-buffer-overflow in puffin::BufferPuffReader::GetNext-2018-06-23
818527Security: ChromeOS ff_debug command execution from crosh shell$5002018-06-23
820068Security: IDN URL Spoofing with using "U+0437" (cyrillic small letter Ze)$5002018-06-23
805924mXSS: Potential XSS via MathML gotten from innerHTML$5002018-06-22
822091Heap-use-after-free in PDFiumEngine::GetVisiblePageIndex$50002018-06-22
822284ThinStrings are incompatible with TurboFan SeqString types-2018-06-22
822424Security: Local Privilege Escalation due to unsafe use of Distributed Objects in Google Software Updater on MacOS-2018-06-22
813703Heap-buffer-overflow in swrast_dri.so-2018-06-21
819954Use-of-uninitialized-value in base::BaseCharToDigit<char, 16, false>::Convert-2018-06-21
821137OOB read/write using Array.prototype.from-2018-06-21
821367Use-after-poison in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >-2018-06-21
821596Security: Enforce blob/filesystem "local scheme" checks in FilterURL-2018-06-21
804198Security: Adobe Flash NetStream Object Use After Free$30002018-06-20
804636Security: Adobe Flash AdBannerAsset Object Type Confusion$30002018-06-20
821613Restrict PDFium extension from running script inside chrome:// URLs-2018-06-20
819330Crash in next-2018-06-19
819953Use-after-poison in base::internal::JSONParser::ConsumeStringRaw-2018-06-19
820399Use-of-uninitialized-value in cc::PaintOpReader::Read-2018-06-19
820685Heap-use-after-free in media::GpuMemoryBufferVideoFramePool::PoolImpl::GetOrCreateFrameResources-2018-06-19
820769Use-of-uninitialized-value in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage-2018-06-19
820779Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo-2018-06-19
820827Heap-use-after-free in rtc::TaskQueue::Impl::RunTask-2018-06-19
820830Bad-cast to webrtc::VideoStreamEncoder from invalid vptr in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage-2018-06-19
820834Bad-cast to blink::LayoutInline from blink::LayoutSVGForeignObject in blink::LineLayoutInline::LastLineBox-2018-06-19
819311DCHECK failure in op->opcode() == IrOpcode::kStateValues || op->opcode() == IrOpcode::kTypedStateV-2018-06-16
820312Security: V8: PromiseAllResolveElementClosure can cause elements kind confusion-2018-06-16
820341Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError-2018-06-16
820376DCHECK failure in IsInterpreted() in objects.cc-2018-06-16
820596DCHECK failure in static_cast<unsigned>(length_) > static_cast<unsigned>(i) in zone.h-2018-06-16
819563Security: Chrome OS drive and downloads exposed to arbitrary Android apps-2018-06-15
819869Security: Integer Overflow when Processing WebAssembly Locals-2018-06-15
819973Use-of-uninitialized-value in resource_coordinator::TabManager::PurgeBackgroundedTabsIfNeeded-2018-06-15
818592Security: WinUSB - multiple issues$50002018-06-13
807517Container-overflow in views::Textfield::UpdateAfterChange-2018-06-13
798222Security: DevTools protocol can be abused to download and run external programs$20002018-06-12
805445Security: arbitrarily file write + bypass dangerous file check via DevTools API$20002018-06-12
805905Security: Bad cast to ChromeDownloadManagerDelegate* from DevToolsDownloadManagerDelegate*$5002018-06-12
808205Should XSDB also block some headers (not just response body)?-2018-06-12
818135Potential root privilege escalation via debugd-2018-06-12
818177Merge VP9 RTP fix to M65-2018-06-12
818807Security: prevent WebUSB from accessing all Yubico devices-2018-06-12
818811Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in int const& v8::internal::compiler::OpParameter<int>-2018-06-12
819086CHECK failure: Node::New() Error: #392:DeoptimizeIf[1] is nullptr in node.cc-2018-06-12
817993Command injection bug in crash_sender-2018-06-10
816787Use-of-uninitialized-value in mov_read_packet-2018-06-09
816961Security: Use-after-free in TypedArrayOf and TypedArrayFrom$75002018-06-09
818144Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in OpParameter<int>-2018-06-09
816033Security: Permission request UI spoof$5002018-06-08
816768Security DCHECK failure: i < length_ in StringImpl.h$15002018-06-08
817380DCHECK failure in code->kind() == wasm::WasmCode::kFunction || code->kind() == wasm::WasmCode::kWa-2018-06-08
798105Chromium fails to leave full screen mode$10002018-06-07
674887tel: URL scheme Reference Origin Spoof in Chrome iOS$5002018-06-06
813621Crash in v8::internal::Code::marked_for_deoptimization-2018-06-06
796776Use-of-uninitialized-value in ConstantUnion::operator+-2018-06-05
797234Use-of-uninitialized-value in ConstantUnion::cast-2018-06-05
797281Heap-buffer-overflow in getIConst-2018-06-05
799499Heap-buffer-overflow in WebRtcSpl_DownsampleFastC-2018-06-05
812519Negative-size-param in SkPixmap::erase-2018-06-05
813632Crash in FromAddress-2018-06-05
813714Heap-buffer-overflow in TIntermConstantUnion::fold-2018-06-05
814913Some renderer-initiated network loads are bypassing ResourceDispatcherHost (with the network service disabled)-2018-06-05
816317DCHECK failure in source->length_value() <= destination->length_value() - offset in elements.cc-2018-06-05
797258CVE-2017-8824 CrOS: Vulnerability reported in Linux kernel-2018-06-02
810235user namespaces allow for unprivileged noexec bypass-2018-06-02
812567Heap-buffer-overflow in mov_read_trun-2018-06-02
815318Crash in libappindicator3.so.1-2018-06-02
806162Security: Chrome fullscreen without any warning and dialog no orgin for spoof$10002018-06-01
813012CVE-2017-18079 CrOS: Vulnerability reported in Linux kernel-2018-06-01
813142Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable-2018-06-01
813814Security: Whole-script confusable domain label spoofing (Cyrillic)$5002018-06-01
814562DCHECK failure in code->owner()->compiled_module()->owning_instance() == codemap()->instance() in-2018-06-01
814950Heap-buffer-overflow in SkPath::moveTo-2018-06-01
805900Security: URL spoofing via forward and backward navigation on iOS-2018-05-31
809823Make chrome://view-http-cache use WebUI bindings-2018-05-31
811691CSP object-src 'none' allows load of image in <object> tag-2018-05-31
813201Heap-buffer-overflow in wm::FocusController::SetActiveWindow-2018-05-31
771933SW can intercept potential-navigation-or-subresource request$5002018-05-30
810146Heap-use-after-free in blink::LayoutObject::WillBeDestroyed-2018-05-30
813427CHECK failure: constructor_initial_map->instance_size() <= instance_size in objects.cc-2018-05-30
737648Security: bypassing CORS of multipart images by ServiceWorker-2018-05-29
813590Crash in v8::internal::Code::unwinding_info_size-2018-05-29
813598Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse-2018-05-29
813593Crash in v8::internal::ConcurrentMarking::Run-2018-05-29
813605Crash in unwinding_info_start-2018-05-29
813628Crash in FromAddress-2018-05-29
813618Crash in v8::internal::FeedbackVector::GetKind-2018-05-29
813633Crash in v8::internal::HeapObject::map_word-2018-05-29
808316Security: IDN URL Spoofing with using ŋ (U+014B)-2018-05-28
811117Myanmar character in domain names can lead to spoofing$5002018-05-28
797298Heap-use-after-free in blink::PaintLayerScrollableArea::UpdateScrollOffset-2018-05-26
806122Crash in get_chroma_qp-2018-05-26
808838Security: Same origin bypass with Service Workers + PDF plugin$45002018-05-26
809759Security: Latest Win10 builds fail to set Mark-of-the-Web on downloaded filenames approaching MAX_PATH$10002018-05-26
482558Security: CSP does not block favicon request-2018-05-25
560695Security: Anchor Elements Ping attribute security settings bypass-2018-05-25
582387CSP not inherited to popups with "javascript:"-URL$5002018-05-25
758523Security: document.baseURI contains not-encoded representation of URI and may lead to DOM based XSS$5002018-05-25
776418Security: Fullscreen notification can be overlapped$10002018-05-25
798150Crash in v8::internal::Invoke-2018-05-25
811048CVE-2018-5750 CrOS: Vulnerability reported in Linux kernel-2018-05-25
811733Stack-buffer-overflow in CFX_MemoryStream::ReadBlock-2018-05-25
812923Crash in _fini-2018-05-25
441275referrer leakage with XSS Auditor page block-2018-05-24
481190Security: BoringSSL ECDSA signing is never constant time with p256-64.c.-2018-05-24
526341Adobe Flash Player PCRE find_parens Out-Of-Bounds Read Access$10002018-05-24
585555Security: Function constructor cotext escape when using template string as the default argument-2018-05-24
602625Security: untrusted code exec to kernel code exec, applicable from chrome render process as well-2018-05-24
644907Security: Linking to chrome:// and file:// urls inside print preview-2018-05-24
683824The browser and d8 crashed caused by segv-2018-05-24
685750Security: RTL characters are not handled properly in extension permission patterns-2018-05-24
754980Security: Permission changes in Guest mode persist for next Guest session-2018-05-24
766592Security: `\n` and `<` in `ping` aren't completely blocked.-2018-05-24
801821Heap-buffer-overflow in mov_read_stts-2018-05-24
804097Use-of-uninitialized-value in find_prev_closest_index-2018-05-24
807215Security: heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2018-05-24
811853Use-of-uninitialized-value in CFX_BmpDecompressor::ReadHeader-2018-05-24
812451Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse-2018-05-24
812512Use-of-uninitialized-value in sk_store_a8-2018-05-24
808192Security: V8 Integer overflow in object allocation size-2018-05-23
808825WebVTT CORS bypass using ServiceWorker$5002018-05-23
811049CrOS: Vulnerability reported in net-misc/curl-2018-05-23
811144Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject-2018-05-23
811246Heap-use-after-free in GetLayoutBox-2018-05-23
812167Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject-2018-05-23
810973CHECK failure: !result.failed() in wasm-engine.cc-2018-05-22
807985Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser-2018-05-20
808341Use-of-uninitialized-value in blink::LayoutObject::MaybeClearIsScrollAnchorObject-2018-05-20
784012DCHECK failure in last_slash != std::string::npos in d8.cc-2018-05-19
799477Cross-Origin image data leak via cache and canvas$40002018-05-19
810107DCHECK failure in obj->IsFixedArray() in wasm-objects-inl.h-2018-05-19
810368Use-after-poison in blink::ComputePresentationAttributeStyle-2018-05-19
810923Use-of-uninitialized-value in webrtc::AecState::Update-2018-05-19
511480Security: User not notified about an extension changing the NTP-2018-05-18
792538Improve extension content verification logic when the extension requests a resource at folder urls-2018-05-18
798099Security DCHECK failure: offset + length <= impl.length() in StringView.h-2018-05-18
798410Security DCHECK failure: !object || (object->IsTableCell()) in LayoutTableCell.h-2018-05-18
780694Security: Heap-use-after-free in content::protocol::NetworkHandler::SetNetworkConditions-2018-05-17
798933Chrome for Android - Window.open combined with the onbeforeunload dialog crashes Chrome's WebView render$20002018-05-17
800032Security: V8: Bugs in Genesis::InitializeGlobal-2018-05-17
802392Chrome: Crash Report - cc::LayerTreeHost::AnimateLayers-2018-05-17
806388Security: A bug in JSFunction::GetDerivedMap-2018-05-17
807096Security: Arrow function scope fixing bug-2018-05-17
809824Security: PDFium OOB Read in CFX_BmpDecompressor::ReadHeader$10002018-05-17
801861Web Store extensions can be made to have no toolbar icon-2018-05-16
808336Security: PDFium OOB Read in BMPDecompressor::ReadHeader$10002018-05-16
808389CVE-2018-5344 CrOS: Vulnerability reported in Linux kernel-2018-05-16
808786CVE-2018-1000004 CrOS: Vulnerability reported in Linux kernel-2018-05-16
809613Use-of-uninitialized-value in blink::MediaAttributeMatches-2018-05-16
767018Security: arc setup code in session_manager writes lots of untrusted file system locations carelessly-2018-05-15
773229Security: Use-After-Free in PDFium$75002018-05-15
803936Security: Heap Buffer Overflow (Read) in PlanGauss::Gauss::blur (using filter_fuzz_stub)-2018-05-15
808785CVE-2017-15129 CrOS: Vulnerability reported in Linux kernel-2018-05-15
808787CrOS: Vulnerability reported in media-libs/tiff-2018-05-15
808876Bad-cast to blink::LayoutTableRow from blink::LayoutTableCell in blink::ToLayoutTableRow-2018-05-15
808878Use-of-uninitialized-value in mojo::ScopedInterfaceEndpointHandle::id-2018-05-15
808980[v8] Uninitialized wasm_compiled_module for deserialized module$35002018-05-15
805892Heap-buffer-overflow in autofill::PagePasswordsAnalyser::AnalyseDocumentDOM-2018-05-14
805729Security: V8: AwaitedPromise update bug-2018-05-14
779428Security: global-buffer-overflow in SkBitmap IPC Deserialization$20002018-05-12
807887Heap-use-after-free in video_capture::DeviceMediaToMojoAdapter::Stop-2018-05-12
808386Heap-use-after-free in cc::PlaybackImageProvider::GetDecodedDrawImage-2018-05-12
780435Read cross-origin video using Canvas and Service Worker$40002018-05-11
802060DCHECK failure in op->IsAnyLocationOperand() in instruction.h-2018-05-11
807628Use-of-uninitialized-value in content::QuotaDispatcherHost::QueryStorageUsageAndQuota-2018-05-11
808320Bad-cast to gin::(anonymous namespace)::PageAllocator from invalid vptr in base::NoDestructor<gin::PageAllocator>::NoDestructor<>-2018-05-11
617149Security: libtiff in pdfium may have a security issue-2018-05-10
617494Security: PDFium: Heap Buffer Overflow in libtiff's NeXTDecode Function-2018-05-10
618254Security: PDFium: Out-Of-Bounds Read in libtiff's putRGBUAcontig8bittile Function-2018-05-10
780919Security: heap-use-after-free blink::AudioSummingJunction::UpdateRenderingState$30002018-05-10
806151Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2018-05-10
618931Security: PDFium: Heap Buffer Overflow in libtiff's TIFFFetchStripThing Function-2018-05-09
765605Security: ble adv flooding: kernel panics/crashes-2018-05-09
777104CrOS: Vulnerability reported in net-misc/curl-2018-05-09
797555Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow-2018-05-09
799705CrOS: Vulnerability reported in sys-libs/glibc-2018-05-09
806582Heap-use-after-free in get_scalar_from_data_ptr-2018-05-09
807214Security: global-buffer-overflow in CFX_GetCSSPropertyByName$10002018-05-09
807240Heap-use-after-free in blink::GraphicsLayer::PaintRecursivelyInternal-2018-05-09
807480Heap-use-after-free in blink::GraphicsLayer::UpdateContentsRect-2018-05-09
807508DCHECK failure in !__isolate__->has_pending_exception() in builtins-api.cc-2018-05-09
807529Null-dereference READ in base::CreateThread-2018-05-09
616667Security: PDFium: Heap Buffer Overflow in bmp_decode_rle4-2018-05-08
616668Security: PDFium: Heap Buffer Overflow in CGifLZWDecoder::ClearTable-2018-05-08
616669Security: PDFium: Out-Of-Bounds Read in GetDWord_LSBFirst-2018-05-08
616672Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback-2018-05-08
618939Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function 2-2018-05-08
771709PWA app installation can be requested from sandboxed page-2018-05-08
804118Security: WriteTexture heap-buffer-overflow in WebGL on macOS$10002018-05-08
806179DCHECK failure in top() >= to_space_.page_low() in spaces.h-2018-05-08
806539Use-of-uninitialized-value in net::QuicUrlUtilsImpl::GetPushPromiseUrl-2018-05-07
805396Use-of-uninitialized-value in WebRtcSpl_MaxAbsValueW16C-2018-05-06
633030Oilpan reintroduced inline meta-data$20002018-05-05
800257OOB in _sk_lerp_u8_sse2-2018-05-05
758848Security: Use after free vulnerability about psdk in the latest version$50002018-05-04
758863Security: Use after free vulnerability about psdk in the latest version of Flash player$50002018-05-04
792028Security: Information disclosure via "memory_instrumentation::mojom::Coordinator" interface in "resource_coordinator" service-2018-05-04
802333Security: V8: A bug in the ObjectDescriptor class-2018-05-04
794402Security: use-of-uninitialized-value in sse2::blit_row_s32a_opaque (filter_fuzz_stub)-2018-05-03
797796Crash in _sk_load_bgra_sse2-2018-05-03
798096Security: Linkified URLs in DevTools are not sanitized (can open privileged URLs)-2018-05-03
799775Security: use-of-unitialized-value in GetScale (SkUnPeMultiply.h:29) in filter_fuzz_stub-2018-05-03
803571'Security: IDN URL Spoofing with "Cyrillic Letter Ukrainian Ie"-2018-05-03
804476Security: use-of-uninitialized-value in unpremul_pm (filter_fuzz_stub)-2018-05-03
792900Security: Calling "mojo::WrapSharedMemoryHandle" is insufficient to produce read-only descriptors for IPC-2018-05-02
800389Security: use-of-unitialized-value in getType (SkMatrix.h:128) in filter_fuzz_stub-2018-05-02
803022DCHECK failure in current_ == next_ in node.h$35002018-05-02
804177DCHECK failure in map() != GetHeap()->fixed_cow_array_map() in fixed-array-inl.h-2018-05-02
804651Security: use-of-uninitialized-value in getType (filter_fuzz_stub)-2018-05-02
804801CHECK failure: Type cast failed in CAST(add_func) at ../../src/builtins/builtins-collections-ge-2018-05-02
804837CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep-2018-05-02
805039Use-after-poison in blink::TreeScope::Retarget-2018-05-02
805283Security: Use-of-uninitialized-value in SkReadBuffer.h (filter_fuzz_stub)-2018-05-02
789959Security: Read-only SharedMemory descriptors on Android are writable-2018-05-01
801514Security: local privilege escalation via glibc realpath() buffer underflow (CVE-2018-1000001)-2018-05-01
803352Heap-use-after-free in blink::HTMLCollection::NamedItems-2018-05-01
803812CVE-2017-18017 CrOS: Vulnerability reported in Linux kernel-2018-05-01
803427DCHECK failure in (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc-2018-05-01
804096Crash in v8::internal::Sweeper::EnsurePageIsIterable-2018-05-01
804631Heap-use-after-free in app_list::PageSwitcher::~PageSwitcher-2018-05-01
804288DCHECK failure in IsNativeContext() in contexts-inl.h-2018-05-01
791368DCHECK failure in descriptors->GetValue(descriptor) != value || value->FitsRepresentation(details.-2018-04-30
803788DCHECK failure in wasm::WasmCode::kLazyStub == code->kind() in module-compiler.cc-2018-04-30
803750CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc-2018-04-28
707539Security: Persistent pre and post login command execution as chronos user, with noexec bypass allowing any binary$50002018-04-27
802983Heap-buffer-overflow in CJBig2_Image::composeTo_opt2-2018-04-27
629431Security: extension system must respect the page load deferrer-2018-04-26
792163Review U+04CF confusable mapping and make it platform-dependent if necessary-2018-04-26
801378Use-of-uninitialized-value in v8::internal::Assembler::target_address_at-2018-04-26
801772DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparsed--2018-04-26
801789Use-of-uninitialized-value in SkIRect::isEmpty-2018-04-26
793074Cross-Directory Shared Worker$5002018-04-25
797497Security: Extension can run code in the chrome-devtools://devtools (e.g. to read local files)$25002018-04-25
798133CVE-2017-17712 CrOS: Vulnerability reported in Linux kernel-2018-04-25
801000iOS: wrong url in omnibox after going back from search result-2018-04-25
801602ASSERT: 0 <= value && value < symbolsCount-2018-04-25
801859Stack-use-after-return in TDiagnostics::writeDebug-2018-04-24
608669Security: a@download feature can be abused to leak sensitive information from third party sites$5002018-04-23
801627Security: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps-2018-04-23
668645Security: CSP in WebUI can trivially be bypassed by extensions$10002018-04-22
797500Security: chrome-devtools://devtools/remote/ can be modified by extensions$25002018-04-22
797511Security: heap-use-after-free in WebUIExtension::Send (chrome.send)-2018-04-22
797525Security: XSS in "Site blocked" (supervised user) interstitial and chrome://interstitials/supervised_user$10002018-04-22
798163Security: privileged XSS in chrome-devtools://devtools/remote with old frontend (insufficient validation of remoteFrontendUrl)$25002018-04-22
793628Security: IDN URL Spoofing with Cyrillic$5002018-04-21
797469Heap-buffer-overflow in xiph_lacing_16bit-2018-04-21
798892Security: IDN URL Spoofing with using "U+00FE"$5002018-04-21
799363Crash in mov_read_trun-2018-04-21
800810DCHECK failure in receiver->map() == *original_map in elements.cc-2018-04-21
801647Crash in __msan_memset-2018-04-21
797481Crash in v8::internal::Simulator::LoadStorePairHelper-2018-04-20
799715heap overflow read in filter_fuzz_stub$10002018-04-20
799847Redirect URL leak via error message of WebGL texture$20002018-04-20
799918Stack-buffer-overflow in SkPackBits::Unpack8$15002018-04-20
801105CrOS: Vulnerability reported in media-libs/tiff-2018-04-20
759289CrOS: Vulnerability reported in media-libs/tiff-2018-04-19
767354Security: Detect open SSH port via FTP protocol-2018-04-19
799706CrOS: Vulnerability reported in media-libs/tiff-2018-04-19
798644Security: V8: Type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl-2018-04-19
800230XSS on chrome-search://most-visited/title.html (NTP)-2018-04-19
800692Security DCHECK failure: object.IsBox() in LayoutBox.h-2018-04-19
800919Use-of-uninitialized-value in blink::ResourceLoadScheduler::TrafficMonitor::Report-2018-04-19
794091Security: race condition lead to many fatal Error D in WebAssembly.validate$30002018-04-18
800025Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor-2018-04-18
800077CHECK failure: Type cast failed in CAST(key) at ../../src/code-stub-assembler.cc:7137 in code-a-2018-04-18
800277CVE-2017-17805 CrOS: Vulnerability reported in Linux kernel-2018-04-18
800356CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString()-2018-04-18
799325Use-of-uninitialized-value in cc::PaintOpReader::Read-2018-04-17
799690DCHECK failure in total_offset == offset_table->get_int(kOTESize * left) in wasm-objects.cc-2018-04-17
799813DCHECK failure in index >= 0 && index < length() in string-inl.h-2018-04-17
800225Use-of-uninitialized-value in cc::PaintOpReader::Read-2018-04-17
800228CSS Injection on chrome-search://most-visited/single.html (NTP)-2018-04-17
789966Deadlysignal in base::internal::CallbackBase::CallbackBase-2018-04-15
798695Use-of-uninitialized-value in path_to_polys-2018-04-15
796107Heap-buffer-overflow in SkRecorder::onDrawPosTextH$20002018-04-14
798912Use-of-uninitialized-value in sweep_lt_vert-2018-04-14
799097Use-of-uninitialized-value in blink::LayoutBlock::AddChildBeforeDescendant-2018-04-14
799202Heap-use-after-free in blink::LayoutBlock::EnclosingFirstLineStyleBlock-2018-04-14
799341Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty-2018-04-14
790013Heap-buffer-overflow in safe_browsing::dmg::ConvertBigEndian-2018-04-13
795493Bad-cast to webrtc::MetricsObserverInterface from invalid vptr in cricket::BasicPortAllocator::OnIceRegathering-2018-04-13
796777Security: URL spoofing on iOS after UI action$5002018-04-13
797254CVE-2017-1000410 CrOS: Vulnerability reported in Linux kernel-2018-04-13
797483CrOS: Vulnerability reported in dev-libs/openssl-2018-04-13
799017Security DCHECK failure: value.IsValuePair() in CSSValuePair.h-2018-04-13
799051Use-of-uninitialized-value in blink::LayoutBox::WillBeDestroyed-2018-04-13
799052Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsRooted-2018-04-13
799055Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::Root-2018-04-13
799058Use-of-uninitialized-value in blink::InlineFlowBox::RemoveChild-2018-04-13
799060Heap-use-after-free in blink::InlineBox::Root-2018-04-13
799063Use-of-uninitialized-value in blink::InlineBox::Root-2018-04-13
799065Use-of-uninitialized-value in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded-2018-04-13
799067Use-of-uninitialized-value in blink::LayoutObject::PaintingLayer-2018-04-13
799068Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::AddChildBeforeDescendant-2018-04-13
799069Use-of-uninitialized-value in blink::StyleEngine::NodeWillBeRemoved-2018-04-13
799098Heap-use-after-free in blink::LayoutTableRow::StyleDidChange-2018-04-13
799100Use-of-uninitialized-value in blink::PODRedBlackTree<blink::PODInterval<blink::LayoutUnit, blink::LayoutMultiC-2018-04-13
799104Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2018-04-13
799108Heap-use-after-free in blink::LayoutTableCell::BorderLeft-2018-04-13
799110Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBox::IsOrthogonalWritingModeRoot-2018-04-13
799113Heap-use-after-free in blink::ScrollAnchor::NotifyBeforeLayout-2018-04-13
799119Heap-use-after-free in blink::ShouldEmitNewlinesBeforeAndAfterNode-2018-04-13
799121Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::DirtyLineBoxes-2018-04-13
799123Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2018-04-13
799128Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty-2018-04-13
799188Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2018-04-13
799206Heap-use-after-free in blink::LayoutBox::IsFlexItemIncludingDeprecated-2018-04-13
799207Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::EnclosingFirstLineStyleBlock-2018-04-13
799210Heap-use-after-free in blink::AXLayoutObject::LayoutParentObject-2018-04-13
799214Heap-use-after-free in blink::PrimaryDirectionOf-2018-04-13
799222Use-of-uninitialized-value in base::internal::CallbackBase::~CallbackBase-2018-04-13
799224Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject-2018-04-13
799263Security: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind-2018-04-13
799274Use-of-uninitialized-value in blink::PrimaryDirectionOf-2018-04-13
799276Bad-cast to blink::LayoutObject from invalid vptr in blink::ScrollAnchor::ComputeScrollAnchorDisablingStyleChanged-2018-04-13
799277Heap-use-after-free in blink::LayoutObject::NextInPreOrderAfterChildren-2018-04-13
799282Heap-use-after-free in blink::LayoutObject::OffsetParent-2018-04-13
799280Heap-use-after-free in SetNeedsCollectInlines-2018-04-13
799286Use-of-uninitialized-value in blink::InlineBox::DirtyLineBoxes-2018-04-13
799289Use-of-uninitialized-value in void blink::PODIntervalTree<blink::LayoutUnit, blink::LayoutMultiColumnSet*>::Se-2018-04-13
799295Use-of-uninitialized-value in blink::LayoutObject::IsRooted-2018-04-13
799298Use-of-uninitialized-value in blink::ObjectPaintInvalidator::SlowSetPaintingLayerNeedsRepaint-2018-04-13
799303Heap-use-after-free in blink::LayoutObject::SetNeedsPaintPropertyUpdate-2018-04-13
799340Heap-use-after-free in blink::LayoutObject::Container-2018-04-13
799366Heap-use-after-free in blink::ContainerNode::GetUpperLeftCorner-2018-04-13
799408Heap-use-after-free in blink::LayoutTableCell::BorderLeft-2018-04-13
799432Heap-use-after-free in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded-2018-04-13
759225CHECK failure in SyntheticGestureTargetBase::DispatchInputEventToPlatform()-2018-04-12
773930Security: Whole-script confusable domain label spoofing (Cyrillic)$5002018-04-12
798066heap-buffer-overflow in SkAAClip::quickContains$5002018-04-12
798256Heap-buffer-overflow in SkMatrix::setRSXform-2018-04-12
798173Use-of-uninitialized-value in SkMatrix::postConcat-2018-04-11
770106CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2018-04-10
786809Use-of-uninitialized-value in update_current_folder_get_info_cb-2018-04-06
797184Use-of-uninitialized-value in SkMatrix::postConcat-2018-04-06
797482CVE-2017-1000407 CrOS: Vulnerability reported in Linux kernel-2018-04-06
797596DCHECK failure in IrOpcode::kMerge == control->opcode() in node-properties.cc-2018-04-05
824799Security: Bug in X509_VERIFY_PARAM_set1_host() with namelen 0$5002018-04-04
779325Unknown exception in Register-2018-03-31
793620Security: Sandbox escape / automatic code execution via downloads.open$10002018-03-31
796930CHECK failure: Node #610:Phi in B121 is not dominated by input@1 #632:Call in verifier.cc-2018-03-31
797130DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc-2018-03-31
797192CHECK failure: Node #370:Phi in B34 is not dominated by input@1 #392:Call in verifier.cc-2018-03-31
716932Use-after-poison in blink::probe::breakableLocation-2018-03-30
736882Security: chrome://discards/ accepts WebContents pointers as URL parameters-2018-03-30
789001Container-overflow in views::Textfield::OnKeyPressed-2018-03-30
796473Heap-buffer-overflow in SkUTF8_NextUnichar$10002018-03-30
760914CrOS: Vulnerability reported in media-libs/tiff-2018-03-29
792851CrOS: Vulnerability reported in dev-libs/libxml2-2018-03-29
794126CVE-2017-12190 CrOS: Vulnerability reported in Linux kernel-2018-03-29
794491CVE-2017-12193 CrOS: Vulnerability reported in Linux kernel-2018-03-29
794504Security: CVE-2017-17558 - OOB write in kernel USB core-2018-03-29
796476Crash in sw::Surface::genericUpdate-2018-03-29
796570Heap-buffer-overflow in ConstantUnion::operator--2018-03-29
796825Use-of-uninitialized-value in media::internal::DecimatedSearch-2018-03-29
789393Security: V8: Integer overflow with PropertyArray-2018-03-28
792109Heap-buffer-overflow in ConstantUnion::operator--2018-03-28
792578Heap-buffer-overflow in TParseContext::addConstVectorNode-2018-03-28
792819Use-of-uninitialized-value in TParseContext::parseSingleDeclaration-2018-03-28
792896Use-of-uninitialized-value in ConstantUnion::cast-2018-03-28
792936Heap-buffer-overflow in getIConst-2018-03-28
794990Security: Pdfium: integer overflows in pattern shading-2018-03-28
795131Heap-buffer-overflow in unsigned char v8::internal::ReadUnalignedValue<unsigned char>-2018-03-28
795569Security: WebRTC - Memory corruption in PeerConnection::RemoveTrack()$30002018-03-28
795587Use-of-uninitialized-value in GrGLAttribArrayState::set-2018-03-28
795889heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2018-03-28
795922DCHECK failure in !has_null_prototype() in ast.cc-2018-03-28
793699Security: WebRTC - Memory corruption in WebRtcVoiceMediaChannel::GetSources()$30002018-03-27
794924Crash in v8::internal::Invoke-2018-03-27
794969Security: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access-2018-03-27
795501Container-overflow in content::AudioStreamMonitor::UpdateStreamAudibleStateOnUIThread-2018-03-27
795856Heap-buffer-overflow in v8::internal::SharedFunctionInfo::GetSourceCodeHarmony-2018-03-27
820848Incorrect-function-pointer-type in gl::Debug::insertMessage-2018-03-27
825679Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError-2018-03-27
793588Use-of-uninitialized-value in v8::internal::TextNode::GetQuickCheckDetails-2018-03-26
794825Security: V8: Empty BytecodeJumpTable may lead to OOB read-2018-03-25
795568Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow-2018-03-25
777150Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::AXLayoutObject::AccessibilityHitTest;blink::WebAXObject::HitTest-2018-03-24
786723DCHECK failure in !compilation_info()->dependencies() || !compilation_info()->dependencies()->HasA-2018-03-24
791256DCHECK failure in kNoSourcePosition != start_position() in scopes.cc-2018-03-24
792537Cherry-pick an upstream buffer overrun fix for Calendar class in ICU-2018-03-24
793714DCHECK failure in *code->owner()->compiled_module()->owning_instance() == codemap()->instance() in-2018-03-24
793793Use-after-poison in v8::internal::RegExpParser::GetCapture-2018-03-24
794390Cherry-pick an upstream fix for UTF-8 to UTF-8 converter-2018-03-24
794394Security: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null"-2018-03-24
794401Crash in GetValueByObjectIndex-2018-03-24
794406Security: Use of Uninitialized Value in approx_log2 (msan build filter_fuzz_stub)-2018-03-24
794492Security: pdfium: out-of-bounds read with nested colorspaces-2018-03-24
794822Security: V8: JIT: Type confusion in GetSpecializationContext-2018-03-24
794932CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc-2018-03-24
795251Security: pdfium: out-of-bounds read with shading pattern backed by pattern colorspace-2018-03-24
795502CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length()-2018-03-24
793196DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h-2018-03-22
793285Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2018-03-22
793372Bad-cast to CJX_Node from CJX_Content in CXFA_Node::JSNode-2018-03-22
793519DeviceSensorHost exposes shared memory handles from StartPolling as read-write-2018-03-22
793876chrome!ui::AXPlatformNodeWin::IsSameHypertextCharacter out-of-bounds read$5002018-03-22
794405CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep-2018-03-22
719907Security: Cert manager allows import of CA roots an messing with trust bits on Kiosk network config screen-2018-03-21
791317Use-of-uninitialized-value in sk_store_a8-2018-03-21
792464Global-buffer-overflow in blink::CSSParserToken::GetType-2018-03-21
793282DCHECK failure in size + CallSize(target, offset, cond, rs, rt, bd) == SizeOfCodeGeneratedSince(&s-2018-03-21
793292DCHECK failure in IsCodeTarget(rmode_) || IsRuntimeEntry(rmode_) in assembler-mips-inl.h-2018-03-21
793617Bad-cast to SkPathEffect from SkColorShader in sk_sp<SkPathEffect> SkReadBuffer::readFlattenable<SkPathEffect>-2018-03-21
793637Security: MSAN detects use of unitialized value in makeWithLocalMatrix (using filter_fuzz_stub)-2018-03-21
793639Security: global-buffer-overflow in MakeComposeFilter (filter_fuzz_stub)-2018-03-21
793863CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc-2018-03-21
738401CrOS: Vulnerability reported in media-libs/tiff-2018-03-20
791988CVE-2017-1000405: Security: "Dirty COW" variant on transparent huge pages-2018-03-20
793571Crash in SkPngEncoder::onEncodeRows-2018-03-20
793671Heap-buffer-overflow in v8::internal::FixedArray::set-2018-03-20
792439Security DCHECK failure: !object || (object->IsBox()) in LayoutBox.h-2018-03-19
793099Use-after-free in DnsTransaction, again-2018-03-18
791243Heap-use-after-free in ui::X11CursorFactoryOzone::RefImageCursor-2018-03-17
792221Navigation entry's SSL status is not updated when navigating to an existing page-2018-03-17
822465Manage Passwords is set to "Off" but it still autofills credentials-2018-03-16
648608PlzNavigate: Properly set the initator of the navigation.-2018-03-16
791253Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin-2018-03-16
792316Stack-buffer-overflow in SkGaussFilter::SkGaussFilter-2018-03-16
792422Security: buffer overflow in AudioSyncReader-2018-03-16
792549CHECK failure: dest_data + dest_byte_length <= source_data || source_data + source_byte_length-2018-03-16
792810Heap-buffer-overflow in SkReader32::readInt-2018-03-16
792827Heap-buffer-overflow in SkReadBuffer::readFlattenable-2018-03-16
793030Security: Merge CVE-2017-3738 fix to M64.-2018-03-16
793170Use-of-uninitialized-value in SkReadBuffer::readFlattenable-2018-03-16
746132bluetooth::mojom::AdapterFactory is available to any renderer without permission checks-2018-03-15
760342Issuing multiple redirects hangs any subsequent navigation. This allows URL Spoofing and also a crash.$5002018-03-15
774174Security: heap-buffer-overflow in UnpackOneRowOfRGBA5551LittleToRGBA8$10002018-03-15
784183signed integer overflow in blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle<blink::Image>$40002018-03-15
786784Crash in v8::internal::Invoke-2018-03-15
791245Security: V8: JIT: Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug-2018-03-15
791491Security: CVE-2017-17095 - libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c)-2018-03-15
792117shared_memory_posix.cc memfd_create does not support read-only segments-2018-03-15
792306Use-of-uninitialized-value in bool blink::FastParseColorInternal<unsigned char>-2018-03-15
792658DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h-2018-03-15
771482Use-of-uninitialized-value in media::DecoderBuffer::timestamp-2018-03-14
780354Heap-buffer-overflow in ConstantUnion::operator--2018-03-14
781147Heap-buffer-overflow in sw::Array<sw::Float4, 1>::operator-2018-03-14
784761U+0D1F and U+0D2F can be used to spoof 'so.com'-2018-03-14
785675pobfuzz: cc::DrawTextBlobOp::Deserialize -> use-of-uninitialized-value in int const& SkTMax<int>-2018-03-14
789479Security: Multiple vulnerabilities in libcurl-2018-03-14
791298Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin-2018-03-14
791345Security: Integer overflow in FastArraySliceCodeStubAssembler::HandleFastSlice$55002018-03-14
791607Use-of-uninitialized-value in SkFontRequestCache::Request::Create-2018-03-14
791616Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLParser>::ProbeForLowSeverityLifetimeIssue-2018-03-14
791953CHECK failure: NumberToUint32 of kRepWord32 (Range(1, NUMBER)) cannot be changed to kRepTaggedS-2018-03-14
791983Heap-use-after-free in net::DnsTransactionImpl::DoCallback-2018-03-14
780301Use-of-uninitialized-value in TParseContext::parseSingleDeclaration-2018-03-13
780451Use-of-uninitialized-value in TParseContext::nonInitErrorCheck-2018-03-13
780698Use-of-uninitialized-value in ConstantUnion::cast-2018-03-13
780750Heap-buffer-overflow in getAddress-2018-03-13
785150Heap-buffer-overflow in getIConst-2018-03-13
787301Stack-overflow in v8::internal::TranslatedState::MaterializeAt-2018-03-13
788070Use-of-uninitialized-value in net::DnsTransactionImpl::DoCallback-2018-03-13
788131Heap-use-after-free in net::DnsTransactionImpl::DoCallback-2018-03-13
788304Security: CVE-2017-16939 Linux Kernel XFRM Privilege Escalation-2018-03-13
789767MSAN detects use-of-uninitialized-value in analyze_3x4_matrix() in filter_fuzz_stub-2018-03-13
789764Crash in v8::internal::Script::FindSharedFunctionInfo-2018-03-13
791288Use-after-poison in blink::KURL::KURL-2018-03-13
791291Use-after-poison in blink::DocumentThreadableLoader::SetDefersLoading-2018-03-13
791347Bad-cast to blink::Resource from invalid vptr in blink::DocumentThreadableLoader::Cancel-2018-03-13
791348Use-after-poison in url::Parsed::Parsed-2018-03-13
791484Heap-use-after-free in blink::LayoutObject::NextInPreOrder-2018-03-13
791548CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc-2018-03-13
791589Bad-cast to blink::Resourceblink::DocumentThreadableLoader::SetDefersLoading in media::MultiBuffer::AddReader-2018-03-13
791597Crash in media::MultiBuffer::AddReader-2018-03-13
774382Security: Persian Calendar Integer overflow lead to OOB read-2018-03-12
782594[syzkaller] Linux kernel: multiple vulnerabilities in the USB subsystem-2018-03-12
779326Crash in sw::Renderer::taskLoop-2018-03-10
779364Security: SwiftShader sw::Renderer::taskLoop$10002018-03-10
788208Use-of-uninitialized-value in SkFontRequestCache::Request::Create-2018-03-10
791003Security: Sandbox escape via exposed "filesystem::mojom::Directory" mojo interface in "catalog" service-2018-03-10
791105Heap-use-after-free in blink::LayoutObject::NextInPreOrder-2018-03-10
765371Security: bluetooth LE advertisement storm can remotely hang/crash chromebooks, android devices, and some iOS devices with little or no user action needed-2018-03-09
789109CrOS: Vulnerability reported in net-misc/curl-2018-03-09
789492CVE-2017-16647 CrOS: Vulnerability reported in Linux kernel-2018-03-09
789494CVE-2017-16649 CrOS: Vulnerability reported in Linux kernel-2018-03-09
789496CrOS: Vulnerability reported in net-misc/rsync-2018-03-09
789682ServiceWorkerScriptURLLoader does not check for certificate errors properly-2018-03-09
789812Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2018-03-09
789952Security: NCSC Vulnerability Report - Google Chrome - V8 JavaScript Engine$20002018-03-09
790684Crash in FromAddress-2018-03-09
790687Crash in v8::internal::Heap::InNewSpace-2018-03-09
790696DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc-2018-03-09
790721Crash in v8::internal::HeapObject::map_word-2018-03-09
790729Crash in InNewSpace-2018-03-09
790753Crash in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ConcurrentM-2018-03-09
790758CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h-2018-03-09
790885DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc-2018-03-09
740556Security: HTML sandbox restrictions are removed after a redirect through docs.google.com-2018-03-08
777350Relative report-uri for CSP combined against wrong base$5002018-03-08
778658Security: content security policy bypass$10002018-03-08
787103Cross-origin Shared Worker$20002018-03-08
789497Security: Information Leak in mincore()-2018-03-08
734931Security: c-ares NAPTR parser out of bounds access-2018-03-07
787712Use After Free (write) in SkPerlinNoiseShaderImpl-2018-03-07
788441DCHECK failure in non_compiled_functions.size() == idx in module-compiler.cc-2018-03-07
788508Heap-use-after-free in media::PipelineImpl::RendererWrapper::Stop-2018-03-07
789113Global-buffer-overflow in CXFA_Node::NameToElement-2018-03-07
789372DCHECK failure in isolate == nullptr implies icache_flush_mode == SKIP_ICACHE_FLUSH in assembler-a-2018-03-07
788230Crash in mov_read_sidx-2018-03-06
788469Crash in v8::internal::CallInternal-2018-03-06
788539CHECK failure: frame_state->opcode() == IrOpcode::kFrameState || (node->opcode() == IrOpcode::k-2018-03-06
785809Security: Chrome does not percent-escape the URL passed to external handler$5002018-03-05
786020CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc-2018-03-05
779629Security: Google's Chrome Cleanup Tool DLL Preloading Vulnerability-2018-03-01
783132CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d-2018-03-01
784808CVE-2017-15951 CrOS: Vulnerability reported in Linux kernel-2018-03-01
784080Crash in v8::internal::Simulator::DecodeType3$15002018-03-01
787910Use-after-poison in parameter_count-2018-03-01
781529Crash in CPDF_HintTables::ReadPageHintTable-2018-02-28
783729CVE-2017-15649 CrOS: Vulnerability reported in Linux kernel-2018-02-28
786700CrOS: Vulnerability reported in net-misc/wget-2018-02-28
786754Bad-cast to const blink::BeginTransformDisplayItem from blink::DisplayItem in blink::BeginTransformDisplayItem::Equals-2018-02-28
787606Bad-cast to const blink::ClipDisplayItem from blink::DisplayItem in blink::ClipDisplayItem::Equals-2018-02-28
787661Heap-buffer-underflow in cc::DisplayItemList::EndPaintOfPairedEnd-2018-02-28
771973DCHECK failure in (location_) != nullptr in handles.cc-2018-02-27
786524Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord-2018-02-27
786573Security: V8: Integer overflow in Runtime_RegExpReplace-2018-02-27
786934Use-after-poison in std::__1::vector<v8::internal::MachineRepresentation, v8::internal::ZoneAllocato-2018-02-27
770734Heap-buffer-overflow in bool url::DoExtractQueryKeyValue<char>-2018-02-26
785804DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h-2018-02-26
774842Security: Visually-perfect domain spoofing using dotless-i plus combining mark$5002018-02-25
615608Security: Chrome browser not respecting no-referrer meta tag-2018-02-24
740314CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2018-02-24
774438Security: Permission request UI spoof (improper URL truncation)$5002018-02-24
775527Security: Privileged XSS in DevTools$10002018-02-24
776256CHECK failure: input->op()->ValueOutputCount() > index in verifier.cc-2018-02-24
780699Crash in __printf_chk-2018-02-24
782119Security DCHECK failure: value.IsPrimitiveValue() in CSSPrimitiveValue.h-2018-02-24
785760Heap-use-after-free in media::FrameBufferPool::OnVideoFrameDestroyed-2018-02-24
786278Crash in v8::internal::FreeList::Allocate-2018-02-24
786587DCHECK failure in raw_properties_or_hash()->IsSmi() || (raw_properties_or_hash()->IsDictionary() =-2018-02-24
786649Crash in v8::internal::Heap::AllocateCode-2018-02-24
617963Security: Service Workers Response Size Info Leak-2018-02-22
699028Security: Canvas composite operations and CSS blend modes leak cross-origin data via timing attacks.$20002018-02-22
772262DCHECK failure in cursor - bytes.get() + buffer->length() <= total_size_ in streaming-decoder.cc-2018-02-22
778668Crash in v8::internal::Invoke-2018-02-22
781766Crash in media::SourceBufferRangeByPts::GetBufferIndexAt-2018-02-22
784863CHECK failure: nof_elements <= array_length in objects-debug.cc-2018-02-22
784869pobfuzz: SkTextBlob::Deserialize -> SkPaint::unflatten heap-buffer-overflow-2018-02-22
784990DCHECK failure in nod == removed_holes_index in objects.cc-2018-02-22
785095DCHECK failure in !done() || handler_ == nullptr in frames.cc-2018-02-22
785270Heap-buffer-overflow in SkReadBuffer::readRect-2018-02-22
785520DCHECK failure in !heap->HasRecordedSlot( *object, HeapObject::RawField(*object, index.offset()))-2018-02-22
777041Crash in blink::PersistentBase<blink::DummyGCBase,-2018-02-21
779457DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc-2018-02-21
780402Pwn2own: V8 - isolate control via function deoptimization-2018-02-21
781518Chromium: Vulnerability reported in expat-2018-02-21
783914Heap-buffer-overflow in safe_browsing::dmg::HFSBTreeIterator::Next-2018-02-21
784862CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc-2018-02-21
784867DCHECK failure in node->id() < count_ in simplified-lowering.cc-2018-02-21
699461Security: HSTS Bypass via flooding of the HSTS policy file-2018-02-20
780484Security: unsafe navigation in chromecast plugin possibly causing UXSS and popup block bypass$5002018-02-20
780780CrOS: Vulnerability reported in net-misc/curl-2018-02-20
783119CHECK failure: nof_elements <= array_length in objects-debug.cc-2018-02-20
783815Heap-buffer-overflow in SkReader32::readInt-2018-02-20
783926DCHECK failure in kSmi == type() in ast.cc-2018-02-20
784146DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc-2018-02-20
784242Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord-2018-02-20
784533DCHECK failure in IsTyped(node) in node-properties.h-2018-02-20
758169Website thumbnail screenshot access even after all private data is deleted-2018-02-19
783902CHECK failure: method->map()->instance_descriptors()->GetKey(kHomeObjectPropertyIndex) == isola-2018-02-19
783828Heap-buffer-overflow in SkReadBuffer::readRect-2018-02-19
784054Heap-buffer-overflow in SkString::Rec::Make-2018-02-19
784336Heap-buffer-overflow in SkReadBuffer::peekByte-2018-02-19
778101SPAKE password-scalar not multiplied by 8$5002018-02-17
781520CVE-2017-12192 CrOS: Vulnerability reported in Linux kernel-2018-02-17
781592Received signal 11 SEGV_MAPERR running mutant1110_regress-arguments-slice.js-2018-02-17
783243CVE-2017-16528: CrOS: ALSA: seq: Use after free at unbind device-2018-02-17
783822DCHECK failure in key->IsSmi() in runtime-classes.cc-2018-02-17
797484CrOS: Vulnerability reported in net-misc/rsync-2018-02-16
776309CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i-2018-02-16
782754DCHECK failure in this->IsInhabited() in types.cc-2018-02-16
783019CHECK failure: #863:JSCallRuntime should be followed by IfSuccess/IfException, but is only foll-2018-02-16
783035CHECK failure: Representation inference: unsupported opcode 61 (Dead), node #NUMBER in simplifi-2018-02-16
676773Security: Adobe Flash MovieClip.createTextField Use After Free$30002018-02-15
676778Security: Adobe Flash Camera Object Use After Free$30002018-02-15
676789Security: Adobe Flash TextField.variable property setter Use After Free$30002018-02-15
708957Origin missing from AMP content delivered by AGSA-2018-02-15
726142Security: RenderFrameHostImpl::UpdatePermissionsForNavigation is called too often-2018-02-15
767359Security: Blink Bindings - Use After Free in blink::ScriptState::From-2018-02-15
779242Bad-cast to std::__1::__shared_weak_count from invalid vptr;v8::internal::wasm::AsyncCompile;v8::WebAssemblyCompile-2018-02-15
780782CVE-2017-1000111 CrOS: Vulnerability reported in Linux kernel-2018-02-15
780783CVE-2017-1000112 CrOS: Vulnerability reported in Linux kernel-2018-02-15
782267DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc-2018-02-15
782596Heap-buffer-overflow in CPDF_TextPage::IsHyphen-2018-02-15
347200Security: Drag-Drop is possible in fullscreen and not canceled on fullscreen exit-2018-02-14
591804Should an <iframe> access chrome://resources?-2018-02-14
782145Security:V8:Type Confusion Leads To OOB Read Write$30002018-02-14
782413DCHECK failure in slot == stack_state.end() in liftoff-assembler.cc-2018-02-14
775868Heap-use-after-free in SkPathRef::countVerbs-2018-02-13
779407DCHECK failure in !done() || handler_ == nullptr in frames.cc-2018-02-13
780784CVE-2017-15537 CrOS: Vulnerability reported in Linux kernel-2018-02-13
782075Use-of-uninitialized-value in gray_set_cell-2018-02-13
771972Heap-buffer-overflow in v8::internal::wasm::ModuleDecoderImpl::DecodeFunctionBody-2018-02-10
780558Heap-use-after-free in blink::LayoutObject::NextInPreOrder-2018-02-10
780708Security: "googlechrome" scheme allows opening downloaded files in content scheme-2018-02-10
777215Security: ChromeOS printer zeroconf remote code execution$20002018-02-09
778251InputScalesValid has a potential buffer overflow-2018-02-09
758478Incorrect-function-pointer-type in _hb_blob_destroy_user_data-2018-02-09
761245Incorrect-function-pointer-type in _hb_blob_destroy_user_data-2018-02-09
778505Security: OOB Write in QuicStreamSequencerBuffer::OnStreamData$105002018-02-09
781116DCHECK failure in false == cell_reports_intact in isolate.cc-2018-02-09
768203Heap-use-after-free in blink::AXLayoutObject::GetDocument-2018-02-08
774846Heap-buffer-overflow in base::BigEndianWriter::WriteBytes-2018-02-08
774854Use-of-uninitialized-value in void base::internal::VectorBuffer<std::__1::basic_string<char, std::__1::char_tr-2018-02-08
777728Security: Stack Buffer Overflow in QuicClientPromisedInfo::OnPromiseHeaders$105002018-02-08
778189CVE-2017-15265 CrOS: Vulnerability reported in Linux kernel-2018-02-08
779314Security: OOB Read in BlobStorageContext::BlobFlattener::BlobFlattener$25002018-02-08
779919Heap-use-after-free in net::HttpNetworkTransaction::~HttpNetworkTransaction-2018-02-08
779949Heap-buffer-overflow in SkPixmap::getColor-2018-02-08
666824Security: bypass user gesture requirement for dangerous download types: Chrome extension → local user privilege escalation-2018-02-07
753645Security: Autocomplete data can be stolen by malicious webpage$10002018-02-06
772897DCHECK failure in !has_pending_exception() in isolate.cc-2018-02-06
778940Crash in LoadImageRow<DataType::RGB565>-2018-02-06
778951Crash in LoadImageRow<DataType::Bytes_2>-2018-02-06
779327Use-of-uninitialized-value in sw::RegisterArray<16, false>::RegisterArray-2018-02-06
779826DCHECK failure in !has_pending_exception() in isolate.cc-2018-02-06
779918CHECK failure: !obj->IsHashTable() in code-serializer.cc-2018-02-06
617611Heap-buffer-overflow in CPDF_StreamParser::ParseNextElement-2018-02-03
771848Security: URL bar does not update correctly on redirects with extension blocking requests$5002018-02-02
777419Security: URL spoof when navigating back if the first real load ends up hitting an error$5002018-02-02
778926Crash in v8::internal::CopyObjectToObjectElements-2018-02-02
778931CHECK failure: !thrower.error() in module-compiler.cc-2018-02-02
479620Security: Omnibox data privacy leak and MITM vulnerability-2018-02-01
693991Security: Chrome Information Leakage - Prediction Service & Preload-2018-02-01
763194Referrer policy bypass with about:blank and document.write()$5002018-01-31
637098Security: Read all local files using minimal user interaction and gesture laundering$20002018-01-30
757882Unknown exception in C:\windows\SYSTEM32\KERNELBASE.dll-2018-01-30
770313Security: Enterprise ChromeOS OOBE page loads web URLs inside chrome:// process-2018-01-30
776673Use-of-uninitialized-value in WebRtcNs_ProcessCore-2018-01-30
772636DCHECK failure in CanSubclassHaveInobjectProperties(instance_type) in objects.cc-2018-01-29
776623Crash in sw::Renderer::taskLoop-2018-01-29
768975Heap-buffer-overflow in blink::DecodingImageGenerator::GetContentIdForFrame-2018-01-28
776677Security: V8:Use After Free Leads to Remote Code Execution$75002018-01-28
743276WPA1/2 all-zero session key & key reinstallation attacks$88372018-01-27
764197Security DCHECK failure: !object || (object->IsBox()) in LayoutBox.h-2018-01-27
774436CrOS: Vulnerability reported in net-vpn/openvpn-2018-01-27
774821Negative-size-param in mov_read_trun-2018-01-27
774833ASSERT: 0 <= value && value < symbolsCount-2018-01-27
775501Use-of-uninitialized-value in media::internal::DecimatedSearch-2018-01-27
775888DCHECK failure in array->map() != fixed_cow_array_map() in heap.cc-2018-01-27
776307Heap-buffer-overflow in safe_browsing::dmg::HFSBTreeIterator::Next-2018-01-27
776511DCHECK failure in BackingStore::get(backing_store, i, isolate)->IsSmi() || (IsHoleyElementsKind(Ki-2018-01-27
772420DCHECK failure in right_type()->Is(Type::PlainPrimitive()) in js-typed-lowering.cc-2018-01-24
773952Use-of-uninitialized-value in gpu::gles2::ScopedPixelUnpackBufferOverride::ScopedPixelUnpackBufferOverride-2018-01-24
772848CVE-2017-5123: Chrome Sandbox escape through linux kernel vulnerability introduced in 4.13 in waitid$150002018-01-24
774613DCHECK failure in !compilation_info()->dependencies()->HasAborted() in compiler.cc-2018-01-24
774780DCHECK failure in original_constructor->IsConstructor() in js-create-lowering.cc-2018-01-24
774824CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsFixedArray()) in objects-i-2018-01-24
775457Use-of-uninitialized-value in IconLabelBubbleView::SeparatorView::UpdateOpacity-2018-01-24
772331Heap-buffer-overflow in base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>,-2018-01-23
773161USB notification bubble: RTL text gets intermingled with URL.-2018-01-23
774475DCHECK failure in (function_) == nullptr in scopes.cc-2018-01-23
774860CHECK failure: map->IsMap() in spaces.cc-2018-01-23
768080CHECK failure: args[1]->IsJSReceiver() in runtime-object.cc-2018-01-20
774448CHECK failure: start_position == start_position_from_data in preparsed-scope-data.cc-2018-01-20
773620Security: WebRtc - Another Type Confusion in cricket::Codec::Matches()$10002018-01-20
766039Heap-use-after-free in test_runner::AccessibilityController::FocusedElement-2018-01-19
771697PVer4: Send chrome::NOTIFICATION_SAFE_BROWSING_UPDATE_COMPLETE notification when the database update completes-2018-01-19
771948Clusterfuzz UNKNOWN WRITE crash in D8 after enabling trap handlers-2018-01-19
773576CHECK failure: start_position == start_position_from_data in preparsed-scope-data.cc-2018-01-19
774015Bad-cast to blink::CSSPropertyAPIblink::ParseKeywordValue;blink::CSSParserFastPaths::MaybeParseValue;_start-2018-01-19
774020Bad-cast to blink::CSSPropertyAPI from __cxxabiv1::__function_type_info;blink::ParseKeywordValue;blink::CSSParserFastPaths::MaybeParseValue-2018-01-19
774060Global-buffer-overflow in blink::GetAPI-2018-01-19
767385CVE-2017-14489 CrOS: Vulnerability reported in Linux kernel-2018-01-18
770452Stack-buffer-overflow in icu_59::NumberingSystem::createInstance$30002018-01-18
770450Stack-buffer-overflow in Runtime_CanonicalizeLanguageTag$10002018-01-18
772720CHECK failure: NodeProperties::GetType(val)->Is(NodeProperties::GetType(node)) in verifier.cc-2018-01-18
773954DCHECK failure in 0 == node->op()->EffectOutputCount() in memory-optimizer.cc-2018-01-18
772151Heap-use-after-free in fxcrt::UnownedPtr<CPDF_Array const>::ProbeForLowSeverityLifetimeIssue-2018-01-17
771479Heap-use-after-free in CPDF_SecurityHandler::~CPDF_SecurityHandler-2018-01-17
772376Heap-use-after-free in CPDF_SecurityHandler::~CPDF_SecurityHandler-2018-01-17
772615Heap-buffer-overflow in chrome_pdf::PDFiumEngine::TraverseBookmarks-2018-01-17
772625DCHECK failure in isolate->context() == nullptr || isolate->context()->IsContext() in runtime-obje-2018-01-17
772666Heap-use-after-free in SkPathRef::countVerbs-2018-01-17
772752Use-of-uninitialized-value in GrCCPRCoverageOpsBuilder::parsePath-2018-01-17
773231CHECK failure: Unexpected operator #61:Dead @ node #4 in instruction-selector.cc-2018-01-17
771932CVE-2017-12153 CrOS: Vulnerability reported in Linux kernel-2018-01-16
772635CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc-2018-01-16
772873DCHECK failure in IsTyped(node) in node-properties.h-2018-01-16
772684Crash in _sk_table_r_sse2-2018-01-16
772878CHECK failure: Unexpected operator #61:Dead @ node #4 in instruction-selector.cc-2018-01-16
772621Heap-buffer-overflow in sandbox::ActualCallParams<1ul, 1024ul>::GetSize-2018-01-15
772689CHECK failure: 0 == field_count_ in deoptimizer.cc-2018-01-15
772640Heap-buffer-overflow in sandbox::ActualCallParams<3ul, 1024ul>::GetSize-2018-01-15
608494MixedContentChecker::handleCertificateErrors() does not downgrade lock icon for active broken-https subresource loads in iframes-2018-01-13
759457MediaStreamTrack.applyConstraints will crash the tab if executed in quick succession$10002018-01-13
771117Bad-cast to media::WebMediaPlayerImpl from base class subobject at offset 8;content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl;content::RendererBlinkPlatformImpl::CreateHTMLVideoElementCapturer-2018-01-13
771474CHECK failure: scope_data_->RemainingBytes() >= kUint8Size in preparsed-scope-data.cc-2018-01-13
771916DCHECK failure in units_.empty() in module-compiler.cc-2018-01-13
771971DCHECK failure in index < GetJSCallArity() in js-builtin-reducer.cc-2018-01-13
697451Heap-buffer-overflow in GetWord_LSBFirst-2018-01-12
756427Use-after-free in CFFL_TextField::SaveData$65002018-01-12
770337Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2018-01-12
772056DCHECK failure in new_len >= old_len in heap.cc-2018-01-12
771979Security: Use-after-free in Field::UpdateFormControl$30002018-01-12
799059Crash in blink::StyleEngine::NodeWillBeRemoved-2018-01-12
727039Security: UAF/double free with XSLT XPath expressions containing function calls in predicates$35002018-01-11
756456Security: IDN domain spoof with unicode (U+0F37 U+0F84)-2018-01-11
756226Security: URL spoofing with Armenian characters-2018-01-11
756735Security: Gujarati character in domain names are not blacklisted-2018-01-11
763021Crash in v8::internal::Invoke-2018-01-11
770148Security: UAF in CPWL_ComboBox::KillFocus$50002018-01-11
769976DCHECK failure in isolate->context() == nullptr || isolate->context()->IsContext() in runtime-obje-2018-01-11
770465Security: Insuficience punycode handling leading to address spoofing-2018-01-11
770458Use-of-uninitialized-value in blink::MojoWatcher::RunReadyCallback-2018-01-11
771470CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in objects-inl-2018-01-11
771822animated webp with frame < 8 bytes can cause a crash-2018-01-11
763382Crash in sw::Renderer::taskLoop-2018-01-10
763384Crash in libGLESv2_swiftshader-2018-01-10
765939Crash in sw::Thread::Thread-2018-01-10
768716Use-of-uninitialized-value in blink::InlineTextBox::GetSelectionState-2018-01-10
769252CVE-2017-14340 CrOS: Vulnerability reported in Linux kernel-2018-01-10
624515Heap-buffer-overflow in FPDFAPI_inflate-2018-01-09
763798Use-after-poison in blink::OfflineAudioDestinationHandler::RenderIfNotSuspended-2018-01-09
761622Security: Video streams sourced from cross-origin videos aren't tainted$40002018-01-08
764399Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2018-01-08
765479DCHECK failure in index < length() in builtins-utils.h-2018-01-08
770154CVE-2017-1000252 CrOS: Vulnerability reported in Linux kernel-2018-01-08
770155CVE-2017-12154 CrOS: Vulnerability reported in Linux kernel-2018-01-08
770257CHECK failure: Unexpected operator #60:DeadValue @ node #NUMBER in instruction-selector.cc-2018-01-07
769657Security: Linux PIE/stack corruption (CVE-2017-1000253)-2018-01-06
769846DCHECK failure in !IsThreadInWasm() in trap-handler.h-2018-01-06
770143Heap-use-after-free in base::internal::WeakReference::is_valid-2018-01-06
718858Chrome 32 bit only: Float argument passed to function is garbage inside the function$30002018-01-05
764921Stack-buffer-overflow in test_runner::EventSender::SendCurrentTouchEvent-2018-01-05
768910Security: Drag and drop of JavaScript to the URL bar incompletely blocked-2018-01-05
769173DCHECK failure in marking_state()->IsGrey(obj) || marking_state()->IsBlack(obj) in incremental-mar-2018-01-05
769134Security: Use-of-uninitialized-value on Heap-2018-01-05
769345Crash in Relaxed_Load-2018-01-05
769522Security: WebAssembly potential arbitrary code execution in render process with trap handlers-2018-01-05
769913DCHECK failure in IrOpcode::kFrameState == state->opcode() in instruction-selector.cc-2018-01-05
769842Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::CommonOperatorGlobalCache::DeadValueOperator;OpParameter<v8::internal::compiler::FrameStateInfo>;OpParameter<v8::internal::compiler::FrameStateInfo>-2018-01-05
769975CHECK failure: Unexpected operator #60:DeadValue @ node #NUMBER in instruction-selector.cc-2018-01-05
764248Crash in content::RenderWidgetHostInputEventRouter::RouteMouseWheelEvent-2018-01-04
765450Security: image_burner arbitrary root file-write$50002018-01-04
768185Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2018-01-04
769292Use-of-uninitialized-value in CFX_LZWDecoder::Create-2018-01-04
769580CHECK failure: map->IsMap() in spaces.cc-2018-01-04
769587Crash in v8::internal::NewSpace::Verify-2018-01-04
220189Security: [iSEC] Gobi3K Features Allow Code Execution, Persistent Changes-2018-01-03
722079libxml2 - Heap Overflow in xmlMemStrdupLoc-2018-01-03
763707CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_14-2018-01-03
765469Security: heap buffer overflow in WebGLImageConversion::PackPixels$30002018-01-03
768367DCHECK failure in kMaxUInt32 != index_ in lookup.h-2018-01-03
737531CrOS: CVE-2017-1000370: Vulnerability reported in Linux kernel-2018-01-02
765858Security: Use-of-uninitialized-value on Heap$10002018-01-02
768091Stack-buffer-overflow in content::BlinkTestController::OnAllServiceWorkersCleared-2018-01-02
758745Security: Hostname not elided securely-2018-01-01

Questions? Ask @SecurityMB