Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public. Bugs can also be followed on Twitter: @BugsChromium.

This website is not affiliated with Google.

Go to year: 2020 2019 2018 2017 2016

Security bugs disclosed in 2019

Options
#Summary$$$Disclosure date
961540Heap-buffer-overflow in courgette::DisassemblerElf32ARM::ParseRelocationSection-2019-12-31
981628Security: URL in Omnibox doesn't always match page content (repro 897641)$10002019-12-31
1001283CSP bypass with about:srcdoc$30002019-12-31
1006670v8_regexp_parser_fuzzer: Crash in v8::base::SmallVector<int, 64u>::Grow-2019-12-31
1006630CHECK failure: filter.IsValid(slot.address()) in mark-compact.cc-2019-12-30
442579It's possible to load chrome-extension:// URLs$5002019-12-28
922433CrOS: Vulnerability reported in app-text/poppler-2019-12-28
922434CrOS: Vulnerability reported in app-text/poppler-2019-12-28
953298Extension permission bypass by poisoning bookmarks with javascript url(Bookmarklet)-2019-12-27
990779CrOS: Vulnerability reported in x11-libs/pango-2019-12-27
998431Security: Accessing set::end in GamepadService$150002019-12-27
1004730Security: UaF in MojoAudioDecoder (Android)$150002019-12-27
929621CrOS: Vulnerability reported in media-gfx/imagemagick-2019-12-26
1005599Crash in Builtins_InterpreterEntryTrampoline-2019-12-26
966914Security: Possible to spoof the contents of the omnibox to display any http/https URL, some extension URLs and some internal URLs$30002019-12-25
977043Heap-buffer-overflow in ash::ShelfView::LayoutOverflowButton-2019-12-25
998284Security: Possible to temporarily spoof URL by navigating back then forward$10002019-12-25
1003241DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2019-12-25
1003336CVE-2019-15926 CrOS: Vulnerability reported in Linux kernel-2019-12-25
1003337CVE-2019-15927 CrOS: Vulnerability reported in Linux kernel-2019-12-25
1004912CHECK failure: Type cast failed in CAST(CallBuiltin(Builtins::kToName, p->context(), p->name())-2019-12-25
1003730CHECK failure: Object is not known to the heap broker in js-heap-broker.cc-2019-12-23
985451Security: Secuirty crash in TabAnimation::operator-2019-12-21
1001818Bad-cast to blink::LayoutBox from invalid vptr in blink::NGBlockNode::CopyChildFragmentPosition-2019-12-21
979441Security: Navigating to "chrome://" URLs on Android$5002019-12-20
1003327CVE-2019-15917 CrOS: Vulnerability reported in Linux kernel-2019-12-20
1003331CVE-2019-15921 CrOS: Vulnerability reported in Linux kernel-2019-12-20
955191Disk cache refcount overflows?-2019-12-19
1000922Crash in pthread_create-2019-12-19
1002388CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2019-12-19
1002687Security: Idn-spoof with using CJK character skeletons-2019-12-19
1003140Bad-cast to blink::ScriptWrappable from blink::NavigatorGeolocation in blink::FinalizerTrait<blink::ScriptWrappable>::Finalize-2019-12-19
1003341CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2019-12-19
990849Leaking size of cross-origin resource by using Range Requests and Service Workers$20002019-12-18
991568Security: forced redirection from cross-origin iframe$30002019-12-18
996786Check cookie domain on setting cookies-2019-12-18
1001159pdfium: oob read in PDF_DecodeText$20002019-12-18
803187Security: Interstitials WebUI should have a stricter CSP-2019-12-17
840180Address Bar Spoofing when spoofing target is NOT a top domain but a related domain is in the top list (e.g. adidas.de vs adidas.com )-2019-12-17
961651CrOS: Vulnerability reported in net-libs/gnutls-2019-12-17
995964Security: UAF in InProcessVideoCaptureDeviceLauncher$200002019-12-17
997401CHECK failure: U_SUCCESS(status) in intl-objects.cc-2019-12-17
999793CrOS: Vulnerability reported in media-libs/tiff-2019-12-17
1000002Security: OfflinePageAutoFetcher UAF 2$200002019-12-17
1000882Security: Regression : 'Press Esc to exit fullscreen' warning doesn't display$30002019-12-17
1000934Security: Heap-use-after-free in SharingDialogView::WindowClosing()$150002019-12-17
1001804CHECK failure: AllowJavascriptExecution::IsAllowed(isolate) in execution.cc-2019-12-17
999118CVE-2019-15213 CrOS: Vulnerability reported in Linux kernel-2019-12-14
982326ChromeVox extension injects attacker-controlled scripts and requests attacker-controlled URLs$50002019-12-13
1000635Security: Use After Free in the function JavaScriptFrame::Summarize$75002019-12-13
931894Security: http authentication spoof on chrome iOS$10002019-12-12
988590Overflow of the transform scale CSS property freezes/crashes the renderer allowing cross-origin content spoofing$5002019-12-12
994044Security: URL bar spoofing with using a file:/// URL$5002019-12-12
996741Security: Site Isolation bypass and local file disclosure via Payment Handler API-2019-12-12
1000563Heap-use-after-free in ash::OverviewHighlightController::OnViewDestroyingOrDisabling-2019-12-12
696454Security: Filesystem dialog box to cover the self-window and no origin for spoof$10002019-12-11
760855Security: Address bar RTL spoofing using hebrew$5002019-12-11
859349Security: Confused deputy attack against Chrome Android application might lead to internal storage file disclosure$10002019-12-11
991321Security: use-after-poison in blink::VideoTrackRecorder::InitializeEncoder$50002019-12-11
997403Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2019-12-11
998395Heap-use-after-free in blink::NGOffsetMappingUnit::AssertValid-2019-12-11
998548Security: UaF in ImageCapture$200002019-12-11
999469Crash in blink::NonSharedCharacterBreakIterator::Next-2019-12-11
999760Security: Tab sharing UI crash$5002019-12-11
1000050ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::StartPacketRecovery-2019-12-11
1000167Crash in blink::NonSharedCharacterBreakIterator::IsCRBeforeLF-2019-12-11
1000217Security: Potential UAF in Isolate::ReportPendingMessagesImpl-2019-12-11
996751DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-12-09
997449Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject-2019-12-09
999463Stack-use-after-scope in viz::LocalSurfaceId::parent_sequence_number-2019-12-08
998196Global-buffer-overflow in content::WebWidgetLockTarget::OnLockMouseACK-2019-12-07
999497Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged-2019-12-07
937131Feature Policy 'allow' attribute can override top-level policy in frames-2019-12-06
979443Security: URL bar spoofing via download redirect$20002019-12-06
997925Security: Possible to retrieve cross-origin data in certain cases using devtools custom formatters$5002019-12-06
998679Security: Crash in content::`anonymous namespace'::OnInstallPaymentApp$100002019-12-06
999470Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged-2019-12-06
972463Security: Multiple vulnerabilities in chromeos-disk-firmware.sh$10002019-12-05
996391v8_regexp_parser_fuzzer: DCHECK failure in index < length_ in vector.h-2019-12-05
998127Crash in blink::ScriptState::From-2019-12-05
998204Crash in v8::internal::LoopChoiceNode::Accept-2019-12-05
999005Heap-buffer-overflow in blink::NGInlineNodeDataEditor::Run-2019-12-05
982812CSS injection in any website using Color Enhancer extension$20002019-12-04
986751UAP in blink::PersistentBase-2019-12-04
997982Crash in v8::internal::GlobalHandles::CreateTraced-2019-12-04
998215Crash in v8::internal::MarkCompactCollector::IsUnmarkedHeapObject-2019-12-04
998322Crash in v8::HandleScope::CreateHandle-2019-12-04
997440Crash in v8::internal::Simulator::WriteW-2019-12-03
998093Bad-cast to blink::Nodeblink::Node::GetRegisteredMutationObserversOfType in blink::MutationObserverInterestGroup::CreateIfNeeded-2019-12-03
1005713Security: Parser bug can introduce mXSS and HTML sanitizers bypass-2019-12-02
997411CHECK failure: (map().has_fast_smi_or_object_elements() || map().has_frozen_or_sealed_elements(-2019-12-01
997421DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2019-12-01
987205Unknown signal in Builtins_JSEntryTrampoline-2019-11-30
995712Security: PDFium (XFA) Use-after-free in CFWL_PushButton::OnKeyDown$75002019-11-30
996515Use-of-uninitialized-value in OmniboxViewViews::HandleKeyEvent-2019-11-30
996526Heap-use-after-free in AutocompleteMatch::IsTabSwitchSuggestion-2019-11-30
996571Heap-buffer-overflow in AutocompleteMatch::IsTabSwitchSuggestion-2019-11-30
997190Security: UaF in MediaSession, Android only$200002019-11-30
901789Security: Same origin policy bypass via 401 page-2019-11-29
915538Security: Origin header-based CSRF protection bypass$5002019-11-29
990223CHECK failure: status == CompilationJob::SUCCEEDED in function-compiler.cc-2019-11-29
993553Security: PDFium (XFA) Use-after-free in CJX_HostPseudoModel::openList$95002019-11-29
997057Heap-use-after-free in v8::internal::compiler::ConstantFoldingReducer::Reduce-2019-11-29
595841Require browser process interaction to open files from chrome://downloads-2019-11-28
756825Chrome automatically downloads certain files even though the "Ask before downloading" option is enabled$5002019-11-28
769662Security: openvpn - CVE-2017-12166: out of bounds write in key-method 1-2019-11-28
839239Security: Fullscreen notification can be obscured by external protocol prompt-2019-11-28
875178Security: spoof google via onbeforeunload of ssl error page-2019-11-28
988024config_validator_fuzzer: Heap-buffer-overflow in parse_file-2019-11-28
988025config_validator_fuzzer: Use-of-uninitialized-value in krb5int_aes_enc_key-2019-11-28
989078Reading local files and cross-origin resources through an extension that only has the "downloads" permission$20002019-11-28
992838Security: URL bar spoofing on Android with a very long URL$30002019-11-28
995709Heap-use-after-free in blink::AutoplayPolicy::IsDocumentAllowedToPlay-2019-11-28
996211gpu_raster_passthrough_fuzzer: Use-of-uninitialized-value in SkDescriptor::isValid-2019-11-28
992914Security: v8 Map migration doesn't respect element kinds changes, leading to type confusion-2019-11-27
995591IndexedDB: GetDatabaseInfo() should check AllowIndexedDB() before issuing a request to the browser-2019-11-27
996099DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2019-11-27
992808Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::DoDelete-2019-11-26
995010Heap-use-after-free in chromeos::device_sync::CryptAuthGCMManagerImpl::~CryptAuthGCMManagerImpl-2019-11-26
967780Security: Code run by redirecting same-origin download to a javascript: URL gains user activation and bypasses CSP$10002019-11-25
993288Security: Possible to read cross-origin data using debug console utility function-2019-11-25
994203spvtools_opt_performance_fuzzer: Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-11-25
994248spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::opt::StructuredCFGAnalysis::AddBlocksInFunction-2019-11-25
995071spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator-2019-11-25
995114Use-of-uninitialized-value in blink::NGBlockLayoutAlgorithm::ComputeChildData-2019-11-25
995275DCHECK failure in nexus.IsMegamorphic() || nexus.GetFeedback().IsCleared() in js-heap-broker.cc-2019-11-25
925791Security: PDFium Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight$10002019-11-23
977527sequence_manager_fuzzer: Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-11-23
980183Unknown signal in Builtins_ArrayPrototypeFindIndex-2019-11-23
990635CVE-2018-20856 CrOS: Vulnerability reported in Linux kernel-2019-11-23
991125Security: Privilege Elevation via Google Chrome Elevation Service$50002019-11-23
993771Security: pdfium XFA m_pFocusWidget Use After Free$50002019-11-23
994086Crash in sw::Renderer::executeTask-2019-11-23
994089Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2019-11-23
984386Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc-2019-11-22
882812Security: fullscreen notification spoof (registerProtocolHandler)$10002019-11-21
990582DCHECK failure in maybe_table.IsSourcePositionTableWithFrameCache() in code.cc-2019-11-21
993223Security: Heap-use-after-free in payments::PaymentRequestSheetController::UpdateHeaderView$50002019-11-21
977871vtest_fuzzer: Crash in try_setup_line-2019-11-20
986043Security: Malicious Extension can ignore SOP, with only `downloads` permission.$30002019-11-20
992389Crash in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>-2019-11-20
993266blink_png_decoder_fuzzer: Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable-2019-11-20
993474CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2019-11-20
993601Security: PurpleWolf HTTP/2 denial of service attacks-2019-11-20
978793UAP in UpdatePlaceholderImage$55002019-11-19
986211Heap-buffer-overflow in net::SpdyReadQueue::Dequeue-2019-11-19
992844Crash in sw::Renderer::executeTask-2019-11-19
992679Crash in blink::HeapHashTableBacking<WTF::HashTable<WTF::LinkedHashSetNode<blink::WeakMem-2019-11-18
992688Use-of-uninitialized-value in Cr_z_crc32_z-2019-11-18
992703Use-of-uninitialized-value in Cr_z_crc32_sse42_simd_-2019-11-18
991328Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2019-11-17
981492UAP in SetDispatchContext$30002019-11-16
984811Use-after-free inside CFX_SkiaDeviceDriver::Flush() when SkiaPaths is enabled-2019-11-16
992285Security: use-after-free in payment app$5002019-11-16
991085Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage-2019-11-15
991901Crash in void v8::internal::MarkCompactCollector::ProcessMarkingWorklistInternal<-2019-11-15
960305Security: storage estimate allows obtaining size of cached cross-origin resource$5002019-11-14
986393Security: Possible to leak global window object via console$5002019-11-14
987502Security: Possible to leak exceptions across contexts via devtools-2019-11-14
991446Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPaintFragment::PopulateDescendants-2019-11-14
973928Heap-use-after-free in password_manager::PasswordReuseDetectionManager::OnPaste-2019-11-13
981597Pointer lock propagates user activation to sandboxed frame-2019-11-13
989305Bad-cast to blink::LayoutBoxModelObject from invalid vptr in blink::LayoutBlockFlow::AddOverhangingFloats-2019-11-13
990222content_security_policy_fuzzer: Crash in qos_class_main-2019-11-13
929763Security: BT classic MITM 1-byte key length negotiation-2019-11-12
989497Security: URL bar spoofing on iOS (with SlimNav ON)$30002019-11-12
989742Crash in blink::NGExclusionSpaceInternal::DerivedGeometry::FindLayoutOpportunity-2019-11-12
990590Heap-use-after-free in content::IndexedDBContextImpl::DatabaseDeleted-2019-11-12
956420CrOS: Vulnerability reported in media-libs/tiff-2019-11-11
986063Security: Calling console utility functions causes data to be shared between contexts$5002019-11-11
989909Accessors created from FunctionTemplate have the wrong native context-2019-11-11
921561CrOS: Vulnerability reported in net-wireless/hostapd-2019-11-08
946633Security: Download dialog spoofing$5002019-11-08
984344V8 Invalid Read in v8::internal::HeapObject::IsHeapNumber$20002019-11-08
985758Bad-cast to blink::WebView from invalid vptr in test_runner::TestRunner::FinishTestIfReady-2019-11-08
986007gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-11-08
986029transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-11-08
986792UAF in blink::ImageBitmapFactories::ImageBitmapLoader::DecodeImageOnDecoderThread$75002019-11-08
989827Security DCHECK failure: IsA<Derived>(from) in casting.h-2019-11-08
863661Security:IDN url spoofing using U+4e00$5002019-11-06
977989Security: pdfium heap-use-after-free in CXFA_ItemLayoutProcessor::InsertFlowedItem$5002019-11-06
981618CrOS: Vulnerability reported in dev-libs/glib-2019-11-06
988241Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2019-11-06
988541Security DCHECK failure: IsA<Derived>(from) in casting.h-2019-11-06
989471CVE-2007-6762 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989472CVE-2010-5331 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989473CVE-2010-5332 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989474CVE-2018-20784 CrOS: Vulnerability reported in Linux kernel-2019-11-06
994957Security: buffer OOB *read* in libc++ random-2019-11-05
866162Security: IDN URL Spoofing with Greek Letter-2019-11-05
927150Security: 'Press Esc to exit fullscreen' covered up by <select>-2019-11-05
982397PDFium (XFA) Use-after-free in CPDFSDK_XFAWidgetHandler::OnXFAChangedFocus$55002019-11-05
987956CVE-2019-13272 CrOS: Vulnerability reported in Linux kernel-2019-11-05
988304DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-11-05
988858[IndexedDB] Prevent using uninitialized memory in IndexedDBBackingStore-2019-11-05
988919DCHECK failure in loop_node_->EatsAtLeast(true) >= continue_node_->EatsAtLeast(true) in regexp-com-2019-11-05
972030CrOS: Vulnerability reported in dev-libs/glib-2019-11-04
868846Security: URL spoof using CJK combining character (U+3099 U+309A)$10002019-11-02
987270audio_decoder_fuzzer: Use-of-uninitialized-value in wav_parse_bext_string-2019-11-02
973360Use-after-free in WasmMemoryObject::Grow$50002019-11-01
980161Security: PDFium (XFA) Use-after-free in CPDFSDK_AnnotHandlerMgr::GetNextAnnot$55002019-11-01
983147DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-11-01
987507rtcp_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned int, 4u, false>::Get-2019-11-01
964938Use-of-uninitialized-value in ui::SolveLeastSquares-2019-10-31
987381Use-of-uninitialized-value in media_session::MediaPosition::operator==-2019-10-31
939108Isolate chrome.google.com from *.google.com$5002019-10-30
973228Heap-use-after-free in dawn_wire::server::Server::DoBufferUpdateMappedData-2019-10-30
986754UAP in IsEmptyValue-2019-10-30
987106Use-of-uninitialized-value in net::HostResolverManager::RecordTotalTime-2019-10-30
968451Security: http authentication spoof (repro issue 928974)-2019-10-29
984536sqlite3_lpm_fuzzer: Heap-buffer-overflow in sqlite3VdbeExec-2019-10-29
984650sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip-2019-10-29
985546sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3CompareAffinity-2019-10-29
985646Heap-use-after-free in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-29
985781pdfium_xfa_fuzzer: Heap-buffer-overflow in fxcrt::RetainPtr<fxcrt::StringDataTemplate<wchar_t> >::RetainPtr$50002019-10-29
986008Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-29
986064Security: pdfium XFA CJX_Object::SetContent Use After Free$50002019-10-29
986262CVE-2019-13233 CrOS: Vulnerability reported in Linux kernel-2019-10-29
548273Type confusion in ObjectBackedNativeHandler::Router$50002019-10-28
981873Security: UAF in ~LevelDBIteratorImpl-2019-10-27
984475sqlite3_lpm_fuzzer: Crash in estimateIndexWidth-2019-10-27
925269Use-of-uninitialized-value in TIFFYCbCrtoRGB-2019-10-26
981608spvtools_opt_performance_fuzzer: Heap-use-after-free in spvtools::opt::InlinePass::IsInlinableFunctionCall-2019-10-26
981609spvtools_opt_performance_fuzzer: Bad-cast to spvtools::opt::Instruction from invalid vptr in spvtools::opt::BasicBlock::id-2019-10-26
983938Heap-use-after-free in gpu::gles2::Texture::ClearRenderableLevels-2019-10-26
984868Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage-2019-10-26
984890Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::TraceRoot<blink::ImageDownloaderBase>-2019-10-26
985302Bad-cast to blink::ImageDownloaderBase from blink::ResponseBodyLoader in blink::MultiResolutionImageResourceFetcher::OnURLFetchComplete-2019-10-26
847035Security: Chrome for iOS (CVE-2017-5385) HTML documents sent with multipart/x-mixed-replace ignores Referrer-Policy response header-2019-10-25
981569spvtools_opt_legalization_fuzzer: Heap-use-after-free in spvtools::opt::BasicBlock::id-2019-10-25
983867Security: Use-after-free in CPDFSDK_ActionHandler::ExecuteFieldAction$50002019-10-25
984809dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::IsArrayLayerValidForTextureViewDimension-2019-10-25
985337CVE-2019-10639 CrOS: Vulnerability reported in Linux kernel-2019-10-25
896533Security: IDN URL Spoofing with Georgian Letter Jil "ძ"$5002019-10-24
984521Security: UAF due to double call to IndexedDBConnection::Close-2019-10-24
984917CVE-2019-10638 CrOS: Vulnerability reported in Linux kernel-2019-10-24
882363Security: fullscreen notification overlap$10002019-10-23
950027Incorrect-function-pointer-type in google::protobuf::internal::AddDescriptorsImpl-2019-10-23
971408Have secure context checks in browser side code of Native File System API-2019-10-23
974354GpuMemoryBufferImplIOSurface doesn't validate handle-2019-10-23
977462Security: UAF in OfflinePageAutoFetcher::CancelSchedule$100002019-10-23
981291net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ParsePriorityFrame-2019-10-23
981785UAF in PDFium due to incorrect ref count$30002019-10-23
982648net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-10-23
983775Security: heap-use-after-free in blink::LayoutBlockFlow::AddChild-2019-10-23
983785Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsAnonymousBlock-2019-10-23
983850Crash in v8::internal::Simulator::LoadStorePairHelper-2019-10-23
983856Heap-use-after-free in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2019-10-23
983865Heap-use-after-free in blink::LayoutBlockFlow::AddChild-2019-10-23
983970Heap-use-after-free in blink::LayoutBoxModelObject::MoveChildTo-2019-10-23
821194Use SHA256 for instance IDs-2019-10-22
921984CrOS: Vulnerability reported in app-text/qpdf-2019-10-22
949032Security: Use-after-free in CXFA_FFWidget::OnKillFocus$30002019-10-22
968914this.print() should required a user gesture-2019-10-22
980226Crash in Builtins_GetPropertyWithReceiver-2019-10-22
961513Heap-buffer-overflow in Json::Reader::readArray-2019-10-20
983344flexfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::XorPayloads-2019-10-20
983351forward_error_correction_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<rtc::RefCountedObject<rtc::BufferT<unsigned char, false> > >:-2019-10-20
983356ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned short, 2u, false>::ReadBigEndian-2019-10-20
983385forward_error_correction_fuzzer: Bad-cast to rtc::RefCountedObject<rtc::BufferT<unsigned char, false> >rtc::CopyOnWriteBuffer::CloneDataIfReferenced in unsigned char* rtc::CopyOnWriteBuffer::data<unsigned char,-2019-10-20
983400flexfec_receiver_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<webrtc::ForwardErrorCorrection::Packet>::~scoped_refptr-2019-10-20
983767Use-of-uninitialized-value in media::MediaMetricsProvider::GetUMANameForAVStream-2019-10-20
983768Use-of-uninitialized-value in =-2019-10-20
983773mediasource_WEBM_VP8_pipeline_integration_fuzzer: Use-of-uninitialized-value in media::operator==-2019-10-20
977107UAP in offline audio context$30002019-10-19
980475Security: WebAssembly Table.Copy lead to OOB Write$75002019-10-18
980672ipp_message_parser_fuzzer: Heap-buffer-overflow in libcups.so.2-2019-10-18
981234Heap-use-after-free in libswiftshader_libGLESv2.dylib-2019-10-18
981381ipp_message_parser_fuzzer: Heap-buffer-overflow in ipp_converter::ConvertIppToMojo-2019-10-18
981385Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
981573Use-of-uninitialized-value in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-18
981585heap-use-after-free : blink::CanvasResourceProviderSharedImage::WillDraw-2019-10-18
981590Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
982153Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-18
982530Incorrect optimization causes memory corruption-2019-10-18
982805Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
983137Security: PDFium Bad cast in ToNode in cxfa_object.cpp$50002019-10-18
983293Use-of-uninitialized-value in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed-2019-10-18
837936Security: Probing JS bytecode cache allows timing attack-2019-10-17
969285CrOS: Vulnerability reported in net-misc/curl-2019-10-17
979187CrOS: Vulnerability reported in dev-libs/expat-2019-10-17
979373Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in layout_bl-2019-10-17
980292Crash in Builtins_GetPropertyWithReceiver-2019-10-17
982768pdfium_fuzzer: Use-of-uninitialized-value in float const& pdfium::clamp<float>-2019-10-17
982828Security: heap-use-after-free in ~CPDFSDK_XFAWidget() (ProbeForLowSeverityLifetimeIssue)-2019-10-17
977341heap-use-after-free : GrTextBlobCache::purgeStaleBlobs-2019-10-16
979902pdf_codec_tiff_fuzzer: Negative-size-param in _TIFFmemcpy-2019-10-16
980168DCHECK failure in !new_map->has_frozen_or_sealed_elements() in js-objects.cc-2019-10-16
981232Crash in blink::PointerLockController::DidLosePointerLock-2019-10-16
981459Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutNGBlockFlow in blink::ToLayoutEmbeddedContent-2019-10-16
951487Security: Two autocomplete flaws STILL allow stealing credit card numbers$33372019-10-15
980891Security: CSA_ASSERT failed: IsRegularHeapObjectSize(size_in_bytes)-2019-10-15
981202Security: Memory corruption in BrowserList::NotifyBrowserNoLongerActive(Browser*) ()$5002019-10-15
981528Security: PDFium (XFA) Use-after-free in CPDFSDK_Widget::HasXFAAAction$50002019-10-15
981602Heap-use-after-free in blink::InlineFlowBox::DeleteLine-2019-10-15
971550Crash in qos_class_main-2019-10-12
979923Use-of-uninitialized-value in blink::NGOffsetMapping::GetLastPosition-2019-10-12
979972Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-12
980448Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-12
980450Crash in blink::FindBuffer::FindMatchInRange-2019-10-12
980816OOB in SwiftShader textureSize$20002019-10-12
980843Sig11 in wasm$5002019-10-12
981412Container-overflow in CPDF_DeviceCS::GetRGB-2019-10-12
977926Heap-use-after-free in blink::LargeTextFirst$35002019-10-10
979023DCHECK failure in number_of_own_descriptors > 0 in map-inl.h-2019-10-10
980422DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-10-10
980811devtools_protocol_encoding_cbor_fuzzer: Heap-buffer-overflow in inspector_protocol_encoding::json::JSONEncoder<std::__Cr::basic_string<char, std-2019-10-10
937587Heap-buffer-overflow in libcups.so.2-2019-10-09
937662Use-of-uninitialized-value in ipp_converter::ConvertIppToMojo-2019-10-09
937664Use-of-uninitialized-value in ippReadIO-2019-10-09
976753Security: heap-buffer-overflow in CFDE_TextEditEngine::AdjustGap-2019-10-09
978180Use-After-Free in FT_Stream_ReleaseFrame-2019-10-09
978575Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnSetFocus$30002019-10-09
978382Incorrect heap object handling in v8$5002019-10-09
980065Crash in v8::internal::SourcePositionTableIterator::Advance-2019-10-08
979942Heap-use-after-free in blink::LayoutObject::UpdateFirstLineImageObservers-2019-10-07
979951Heap-use-after-free in base::subtle::RefCountedBase::AddRefImpl-2019-10-07
979505Bad-cast to net::URLRequestFtpJob from invalid vptr in net::URLRequestFtpJob::OnStartCompleted$35002019-10-06
976713Security: Possible to leak internal objects like arrayBufferConstructor_DoNotInitialize and InternalPackedArray via console utility functions-2019-10-05
977778NGOffsetMappingBuilder::CollapseTrailingSpace() crashes with white-space:pre-wrap-2019-10-05
953516Potential map end() access in MojoMjpegDecodeAcceleratorService-2019-10-04
973352Heap-use-after-free in dawn_native::null::Buffer::CopyFromStaging-2019-10-04
976573Bad-cast to dawn_native::null::Buffer from invalid vptr in dawn_native::null::BufferMapReadOperation::Execute-2019-10-04
978082heap-use-after-free : cc::LayerTreeHostImpl::ImageDecodeFinished-2019-10-04
979069Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-04
979228DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-10-04
971544Use-of-uninitialized-value in GrBackendTexture::operator=-2019-10-03
946260AppCache can be registered to arbitrary site with renderer compromise$10002019-10-02
970378Security: Sites can bypass restrictions on multiple downloads by redirecting page to about:srcdoc$5002019-10-02
976627v8 crash on regexp length check$30002019-10-02
977012DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-10-02
977458Use-of-uninitialized-value in blink::LayoutTreeBuilderForText::CreateLayoutObject-2019-10-02
977832Heap-buffer-overflow in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset-2019-10-02
978277DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-10-02
978335Use-of-uninitialized-value in PageInfoUI::GetSecurityDescription-2019-10-02
888322CVE-2018-14610 CrOS: Vulnerability reported in Linux kernel-2019-10-01
949425pdfium (XFA): invalid vptr / uaf in CXFA_FFDocView::RunBindItems$30002019-10-01
976652CVE-2018-20669 CrOS: Vulnerability reported in Linux kernel-2019-10-01
976939DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &-2019-10-01
978050Use-of-uninitialized-value in v8::internal::GCTracer::CurrentEmbedderAllocationThroughputInBytesPerMillisecond-2019-10-01
949999Bad-cast to MetricsLibraryInterface from MetricsLibrary in p2p::server::HttpServerExternalProcess::OnMessageReceived-2019-09-30
960106ChromeOS Kernel integer overflow-2019-09-30
966309Use-of-uninitialized-value in v8::internal::Simulator::FPCompare-2019-09-29
977855CVE-2019-3896 CrOS: Vulnerability reported in Linux kernel-2019-09-29
969256Int-overflow in CPDF_PSEngine::DoOperator-2019-09-28
976136heap-use-after-free in ContextProvider$30002019-09-28
977089DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &-2019-09-28
977467Crash in blink::MojoHandle::writeMessage-2019-09-28
768526Cast should not use a web iframe inside a WebUI page-2019-09-27
950328v8 crash on map-check$30002019-09-27
961674DCHECK failure in __isolate__->has_scheduled_exception() in isolate.cc-2019-09-27
971293heap-use-after-free in Cancel::wasm-engine.cc$10002019-09-27
971702UAF in chrome!content::Portal::Activate$80002019-09-27
972354CVE-2019-3846 CrOS: Vulnerability reported in Linux kernel-2019-09-27
973137Crash in quic::QuicDataReader::PeekVarInt62Length-2019-09-27
973893Potential bad cast with non-string values-2019-09-27
976859Security: heap-use-after-free in blink::NGPaintFragment::AssociateWithLayoutObject$30002019-09-27
976922DCHECK failure in fixed_array.IsNumberDictionary() in js-objects-inl.h-2019-09-27
976923DCHECK failure in 0 == memcmp(reinterpret_cast<void*>(fresh->address()), reinterpret_cast<void*>(n-2019-09-27
976932DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-09-27
976935Heap-use-after-free in CFX_Font::LoadSubst-2019-09-27
976940Crash in ReadUnalignedValue<double>-2019-09-27
976944Crash in v8::internal::Object::Number-2019-09-27
964639CVE-2019-11833 CrOS: Vulnerability reported in Linux kernel-2019-09-26
967993Crash in base::ObserverListThreadSafe<base::PowerObserver>::RemoveObserver-2019-09-26
972921Security: v8 dcheck failure and fatal error$30002019-09-26
974760Security: heap-use-after-free in blink::NGBlockNode::SaveStaticOffsetForLegacy$30002019-09-26
976231Heap-use-after-free in CFX_Font::LoadSubst-2019-09-26
976429Security: Use-of-uninitialized-value in CFWL_WidgetMgr::NextTab if Ctrl-Tab is pressed while editing an XFA form.-2019-09-26
976924Crash in v8::internal::DictionaryElementsAccessor::CollectElementIndicesImpl-2019-09-26
962572Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli-2019-09-25
971740Security: URL bar spoofing on iOS with history.back()$30002019-09-25
972031CrOS: Vulnerability reported in app-editors/vim-2019-09-25
974627DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h-2019-09-25
958002cros-machine-id-regen should quote file path when computing timestamp path$10002019-09-24
969368CHECK failure: (location_) != nullptr in maybe-handles.h-2019-09-24
974091Security: PDFium Font Parsing Heap Use After Free Vulnerability$30002019-09-24
968081Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2019-09-23
964872Security: signed-integer-overflow in FX_RECT::Height-2019-09-22
965067URL is updated incorrectly after navigating to an invalid URL-2019-09-22
973103Security: site isolation bypass: request headers overwrite via URLLoader::FollowRedirect-2019-09-22
973628Don't rewrite about:srcdoc into chrome://srcdoc (just as we make an exception for about:blank)-2019-09-21
961237Security: jit difference on comparison in d8-2019-09-20
971904Heap-use-after-free in content::GpuChildThread::QuitMainMessageLoop-2019-09-20
972239Heap-use-after-free in base::internal::WeakReference::IsValid-2019-09-20
972413Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject-2019-09-20
972657Potential UAF in TRACE_EVENT call in FontLoader::openStream-2019-09-20
973363Integer overflow in FastGetOwnValuesOrEntries-2019-09-20
971761Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::begin_function_scope-2019-09-19
972623Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options::~shaderc_spvc_compile_options-2019-09-19
972627Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options_release-2019-09-19
973121Crash in v8::Value::ToString-2019-09-19
973132Crash in v8::internal::ConcurrentMarkingVisitor::MarkObject-2019-09-19
973136Crash in _platform_memmove$VARIANT$Nehalem-2019-09-19
973138Crash in v8::internal::LookupIterator::State v8::internal::LookupIterator::LookupInRegula-2019-09-19
973146Crash in v8::internal::String::GetFlatContent-2019-09-19
973151Bad-cast to v8::String::ExternalStringResource from invalid vptr in v8::internal::ExternalTwoByteString::GetChars-2019-09-19
972390Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length-2019-09-18
972394Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-18
973056URL is updated incorrectly when navigating to external app urls$5002019-09-18
973122Use-of-uninitialized-value in v8::internal::FixStaleLeftTrimmedHandlesVisitor::VisitRootPointers-2019-09-18
964245Site Isolation breaking bug in filesystem$50002019-09-17
968988CVE-2019-12381 CrOS: Vulnerability reported in Linux kernel-2019-09-17
968994CrOS: Vulnerability reported in dev-db/sqlite-2019-09-17
968870Crash in blink::RemoteFrame::SetCcLayer-2019-09-16
971752Heap-use-after-free in blink::LayoutBlockFlow::AddOverhangingFloats-2019-09-16
972295Bad-cast to v8::internal::wasm::(anonymous namespace)::WasmGCForegroundTask from invalid vptr in v8::internal::wasm::WasmEngine::RemoveIsolateFromCurrentGC-2019-09-16
968006Heap-buffer-overflow in mojo::SyncHandleRegistry::Wait-2019-09-15
968007Heap-use-after-free in quic::QuicDataReader::ReadBytes-2019-09-15
969321Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-09-15
970644Bad-free in shaderc_spvc_compile_options_release-2019-09-15
970909Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-15
971551Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-15
971746Crash in AddressIsPoisoned-2019-09-15
971757Crash in shaderc_spvc_compile_options::~shaderc_spvc_compile_options-2019-09-15
929578Any extension can be disbled by simply adding a trailing slash$5002019-09-14
968985CVE-2019-12378 CrOS: Vulnerability reported in Linux kernel-2019-09-14
968987CVE-2019-12380 CrOS: Vulnerability reported in Linux kernel-2019-09-14
969333Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture-2019-09-14
969525Crash in v8::internal::Heap::GcSafeFindCodeForInnerPointer-2019-09-14
971606Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::PackStringsToBucket-2019-09-14
969083Heap-use-after-free in content::IndexedDBOriginState::AbortAllTransactions-2019-09-13
969363Use-of-uninitialized-value in blink::GraphicsLayerUpdater::UpdateContext::CompositingContainer-2019-09-13
971538Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-13
971545Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-13
901306CrOS: Vulnerability reported in media-libs/tiff-2019-09-12
923647CrOS: Vulnerability reported in media-libs/tiff-2019-09-12
959640Multiple file download protection bypass$5002019-09-12
960785Security: Heap-use-after-free in blink::PresentationAvailabilityState::UpdateAvailability-2019-09-12
962947Use-of-uninitialized-value in vfnprintf-2019-09-12
969055URL doesn't update correctly when tapped on Stop icon to stop page loading-2019-09-12
969261Heap-buffer-overflow in CFF::CFF2FDSelect::sanitize-2019-09-12
971537Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-12
951974Crash in shaderc_spvc_compile_options::shaderc_spvc_compile_options-2019-09-11
952081Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-11
953985Crash in AddressIsPoisoned-2019-09-11
954955Crash in shaderc_spvc_compile_options_release-2019-09-11
955949Security: Chronos user can delete files as root at boot (cleanup-shutdown-logs.conf)-2019-09-11
961413Use-after-poison in blink::xpath::Expression::AddSubExpression-2019-09-11
967592Crash in shaderc_spvc_compile_options_clone-2019-09-11
969520Crash in spirv_cross::Variant::empty-2019-09-11
969521Heap-buffer-overflow in spirv_cross::Variant::Variant-2019-09-11
957516Security: Heap-use-after-free in ProjectionFromFieldOfView-2019-09-10
958318CVE-2019-11487 CrOS: Vulnerability reported in Linux kernel-2019-09-10
959508Crash in blink::PersistentBase<blink::DummyGCBase,-2019-09-10
962916CVE-2019-11884 CrOS: Vulnerability reported in Linux kernel-2019-09-10
966263Security: signed integer overflow in CPDF_RenderStatus::ProcessType3Text-2019-09-10
968984CVE-2019-11190 CrOS: Vulnerability reported in Linux kernel-2019-09-10
969444Crash in blink::Deprecation::GenerateReport-2019-09-10
969286Chromium: Vulnerability reported in sqlite-2019-09-08
831725SameSite cookie bypass via prerender$20002019-09-07
907344Heap-buffer-overflow in spirv_cross::Compiler::parse-2019-09-07
907718Crash in spirv_cross::Variant::get_type-2019-09-07
943494Security: UAF on WebUSB (Windows, windows_usb.c)-2019-09-07
950256Use-of-uninitialized-value in spirv_cross::SPIRConstant::SPIRConstant-2019-09-07
951525Security: IntersectionObserver V2 fails for CSS property scale transform$5002019-09-07
951902Crash in spirv_cross::Variant::empty-2019-09-07
952050Crash in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-07
952156Heap-buffer-overflow in spirv_cross::Variant::Variant-2019-09-07
952505Crash in spirv_cross::VectorView<unsigned int>::begin-2019-09-07
953094Heap-buffer-overflow in shaderc_spvc_compile_into_glsl-2019-09-07
953935Heap-buffer-overflow in spirv_cross::Meta::Decoration::Decoration-2019-09-07
954785Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-07
954969Heap-buffer-overflow in ??$allocate@AEBIAEBI_N@?$ObjectPool@USPIRConstant@spirv_cross@@@spirv_cross@@QEA-2019-09-07
962956Crash in spirv_cross::ParsedIR::remove_typed_id-2019-09-07
964768heap-use-after-free : strlen-2019-09-07
965918Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>-2019-09-07
967152Crash in spirv_cross::SPIRFunction const& spirv_cross::Variant::get<spirv_cross::SPIRFunc-2019-09-07
967926Security: [Non-Exploitable] Crosh sandbox escape via command injection-2019-09-07
967933Security: [Not Exploitable] seconds_compare method in network_diag does not quote parameters-2019-09-07
967943Security: Command Injection in periodic_scheduler-2019-09-07
968075Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>-2019-09-07
964667Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli-2019-09-06
966460DCHECK failure in object->HasSmiOrObjectElements() || object->HasDoubleElements() || object->HasFa-2019-09-06
967978Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length-2019-09-06
967996Use-of-uninitialized-value in blink::PerformanceResourceTiming::secureConnectionStart-2019-09-06
968080Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-09-06
929300BrowserPlugin architecture causes PDFs to be fetched into a cross-origin web renderer-2019-09-05
966557Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::Perform-2019-09-05
966960Heap-use-after-free in blink::TaskBase::TaskCompleted-2019-09-05
967196Heap-use-after-free in ash::OverviewWindowDragController::StartNormalDragMode-2019-09-05
967361Heap-use-after-free in blink::NGPaintFragment::RecalcContentsInkOverflow-2019-09-05
964002Security: Latin KRA homograph-2019-09-04
966784UAF in content::IndexedDBOriginState::AbortAllTransactions$50002019-09-04
967167Use-of-uninitialized-value in int blink::LazyLineBreakIterator::NextBreakablePosition<unsigned short,-2019-09-04
967938Security: Command Injection in cr50-verify-ro.sh-2019-09-04
665766Change on the credentials mode on redirect specified by the CORS algorithm should be propagated to net/$10002019-09-03
953294Omnibox spoofing with data urls-2019-09-03
962500Security: Security: Same Origin Policy bypass and local file disclosure via <portal> element$100002019-09-03
966762UAF in content::IndexedDBDatabase::ProcessRequestQueueAndMaybeRelease$155002019-09-03
967151CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsExternalOneByteString()) in string-2019-09-03
967118Heap-buffer-overflow in dawn_native::DeviceBase::CreateBufferMapped-2019-09-01
958717DCHECK failure in IrOpcode::kPhi == callee->opcode() in js-inlining-heuristic.cc-2019-08-31
966454Container-overflow in content::IndexedDBFactoryImpl::ContextDestroyed-2019-08-31
966572Container-overflow in base::TaskAnnotator::RunTask-2019-08-31
966812Crash in blink::WorkletPendingTasks::Abort-2019-08-31
936900Security: CORS issue with Chrome Extensions$5002019-08-30
950000Incorrect-function-pointer-type in base::internal::CallbackBase<-2019-08-30
964607Security: WebAssembly duplicate indirect_function_table lead to OOB Write$30002019-08-30
965633Heap-use-after-free in dawn_native::SamplerBase::EqualityFunc::operator-2019-08-30
966224Use-of-uninitialized-value in v8::internal::wasm::CompilationStateImpl::GetNextCompilationUnit-2019-08-30
966555Use-of-uninitialized-value in extensions::MimeHandlerViewContainerManager::DestroyFrameContainer-2019-08-30
961597Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::RootScrollerController::ApplyRootScrollerProperties-2019-08-29
964818Integer-overflow in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken-2019-08-29
964928Security: JS execution inside ScriptForbiddenScope leading to UAF-2019-08-29
964924Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow* blink::DynamicTo<blink::LayoutBlockFlow, blink::LayoutOb-2019-08-28
965630Use-of-uninitialized-value in v8::internal::Factory::NewStringFromTwoByte-2019-08-28
957324CrOS: Vulnerability reported in app-text/ghostscript-gpl-2019-08-27
963346CHECK failure: (map()->has_fast_smi_or_object_elements() || map()->has_frozen_or_sealed_element-2019-08-27
964762Heap-use-after-free in AppListClientImpl::OpenSearchResult-2019-08-27
964813Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutBox::ResolvedDirection-2019-08-27
965299DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim-2019-08-27
958532Use-of-uninitialized-value in p2p::server::HttpServerExternalProcess::OnMessageReceived-2019-08-26
960111ChromeOS privilege escalation-2019-08-26
964619Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutText::FirstLineBoxTopLeft-2019-08-26
963341Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2019-08-25
964171Use-of-uninitialized-value in blink::ListItemOrdinal::NextListItem-2019-08-25
964675Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-08-25
962083Use-of-uninitialized-value in sqlite3IntFloatCompare-2019-08-24
963831Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline-2019-08-24
963579Use-of-uninitialized-value in blink::LayoutTreeBuilderTraversal::NextSiblingLayoutObject-2019-08-24
960109ChromeOS persistence bug-2019-08-24
961998Crash in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken-2019-08-24
963409Use-of-uninitialized-value in base::UTF16ToUTF8-2019-08-24
964218Heap-buffer-overflow in void inspector_protocol_encoding::cbor::EncodeBinaryTmpl<std::__Cr::vector<unsig-2019-08-24
964178DCHECK failure in TypeOf(node->InputAt(0)).IsNone() in simplified-lowering.cc-2019-08-23
952073Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-08-23
958689UaF in SharedWorkerClient::OnScriptLoadFailed-2019-08-23
958963Security: Sign in to Chrome OS using Smart Lock without entering PIN on Android device$63372019-08-23
959193Heap-buffer-overflow in u_strlen_64-2019-08-23
962368Security: Wrong url in omnibox on iOS (URL spoof)-2019-08-23
963060Bad-cast to blink::DisplayItemClient from invalid vptr in blink::DisplayItemRasterInvalidator::Generate-2019-08-23
963076Use-of-uninitialized-value in handle_vdm_request-2019-08-23
963463Crash in v8::internal::FullMaybeObjectSlot::Relaxed_Store-2019-08-23
963464Crash in ptr-2019-08-23
963466Crash in v8::internal::FeedbackVector::SetOptimizationMarker-2019-08-23
963681Crash in chrome-2019-08-23
963687Crash in v8::internal::Simulator::LoadStoreHelper-2019-08-23
963890Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPhysicalFragment::HasLayer-2019-08-23
964109Use-of-uninitialized-value in pd_update_pdo_flags-2019-08-23
951880URL spoofing with post urls-2019-08-22
960209Chrome CORS Causes Unauthorized File Download and Arbitrary File Execution on macOS$5002019-08-22
963278Heap-use-after-free in SlowLastChild-2019-08-22
963461DCHECK failure in has_feedback_vector() in js-objects-inl.h-2019-08-22
963568DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-08-22
622974Another case where incorrect origin is sent with message event-2019-08-21
952709Heap-use-after-free in SerialChooserController::OnGetDevices-2019-08-21
958718DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line-2019-08-21
960331Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short-2019-08-21
961972Use-of-uninitialized-value in blink::LayoutInline::ContinuationBefore-2019-08-21
961973Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::WillBeDestroyed-2019-08-21
961977Use-of-uninitialized-value in blink::FloatRoundedRect::IncludeLogicalEdges-2019-08-21
961989Crash in blink::LayoutBlockFlow::WillBeDestroyed-2019-08-21
961990Use-of-uninitialized-value in blink::BoxPainterBase::FillLayerInfo::FillLayerInfo-2019-08-21
962008Heap-use-after-free in blink::NGPaintFragment::TryMarkLastLineBoxDirtyFor-2019-08-21
962027Bad-cast to blink::LayoutObject from invalid vptr in blink::HTMLFrameOwnerElement::GetLayoutEmbeddedContent-2019-08-21
962086[LayoutNG] Bad-cast to blink::LayoutObject from invalid vptr in blink::Node::DetachLayoutTree-2019-08-21
962088Bad-cast to blink::LayoutObject from invalid vptr in blink::EndsOfNodeAreVisuallyDistinctPositions-2019-08-21
962141Heap-use-after-free in GetDocument-2019-08-21
962273Heap-use-after-free in IsInline-2019-08-21
962338Use-of-uninitialized-value in blink::NGBoxFragmentPainter::PaintObject-2019-08-21
962841Heap-use-after-free in blink::LayoutObject::PreviousInPreOrder-2019-08-21
961979Crash in blink::Document::View-2019-08-20
961985Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::InlineElementContinuation-2019-08-20
962065Heap-use-after-free in blink::LayoutBlockFlow::InlineElementContinuation-2019-08-20
962172Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline-2019-08-20
962197Heap-use-after-free in blink::LayoutBlockFlow::NodeForHitTest-2019-08-20
962275Security DCHECK failure: !object || (object->IsText()) in layout_text.h$35002019-08-20
962468Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2019-08-20
962474DCHECK failure in effect_edges > 0 in verifier.cc-2019-08-20
957160Use-after-poison in blink::UpdatePlaceholderImage-2019-08-19
958510Use-of-uninitialized-value in pd_partner_port_reset-2019-08-19
961943Use-of-uninitialized-value in blink::NGInlineLayoutStateStack::UpdateAfterReorder-2019-08-19
961773DCHECK failure in !ExpectedTransitionKey().is_null() in transitions-inl.h-2019-08-18
950230Heap-buffer-overflow in materialize-2019-08-17
959390Security: Access-Control-Expose-Headers is not honored for redirects$5002019-08-17
949413pdfium (XFA): wrong object type / uaf in SyncContainer$30002019-08-16
957521Security: Heap-use-after-free in XRView::UpdateProjectionMatrixFromAspect-2019-08-16
958072Heap-buffer-overflow in libGLESv2_swiftshader-2019-08-16
959747Unknown signal in Builtins_StoreFastElementIC_GrowNoTransitionHandleCOW-2019-08-16
954818Security: Crosh privilege escalation / sandbox escape via command injection in set_arpgw$55002019-08-15
957405DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim-2019-08-15
957522Security: Heap-use-after-free in ShapeDetector::DetectShapesOnImageData-2019-08-15
959727DCHECK failure in !IsElement() in lookup.h-2019-08-15
960520Use-of-uninitialized-value in BN_bin2bn-2019-08-15
960680Bad-cast to v8::String::ExternalOneByteStringResource from v8::internal::SimpleStringResource<unsigned short, v8::String::ExternalStringResource> in v8::internal::ExternalOneByteString::GetChars-2019-08-15
960735Heap-use-after-free in blink::SnapCoordinator::UpdateSnapContainerData-2019-08-15
960753CVE-2019-11811 CrOS: Vulnerability reported in Linux kernel-2019-08-15
960775Use-after-poison in blink::PersistentBase<blink::Document,-2019-08-15
949418Heap-buffer-overflow in courgette::DisassemblerElf32::ExtractAbs32Locations-2019-08-14
959066Use-of-uninitialized-value in courgette::DisassemblerElf32ARM::RelToRVA-2019-08-14
959264Use-of-uninitialized-value in setvar_-2019-08-14
959534CVE-2019-11599 CrOS: Vulnerability reported in Linux kernel-2019-08-14
959538CVE-2019-7222 CrOS: Vulnerability reported in Linux kernel-2019-08-14
959563Heap-use-after-free in headless::HeadlessShell::Shutdown-2019-08-14
959745Crash in blink::FrameLoader::StartNavigation-2019-08-14
951795Security: Use-after-free in WasmMemoryObject::Grow-2019-08-13
957092Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture-2019-08-13
957285Bad-cast to base::sequence_manager::TaskQueue from invalid vptr in base::sequence_manager::ThreadManager::PostDelayedTask-2019-08-13
958528Use-of-uninitialized-value in BN_div-2019-08-13
958525Use-of-uninitialized-value in bn_mul_comba8-2019-08-13
958755Bad-cast to headless::HeadlessWebContents from invalid vptr in headless::HeadlessShell::Shutdown-2019-08-13
959192Heap-use-after-free in content::FileSystemManagerImpl::Open-2019-08-13
959518Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockContext::kChildren) in l-2019-08-13
959645DCHECK failure in value->IsSmi() in objects-debug.cc-2019-08-13
959835Security DCHECK failure: !object || (object->IsLayoutEmbeddedContent()) in layout_embedded_content.h-2019-08-13
956851Heap-use-after-free in fts3DisconnectMethod-2019-08-11
958787Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutImage in blink::HTMLFrameOwnerElement::SetEmbeddedContentView-2019-08-11
959387Bad-cast to v8::internal::compiler::GapResolver::Assembler from invalid vptr in v8::internal::compiler::GapResolver::Resolve-2019-08-11
959381Crash in v8::internal::OwnedVector<unsigned char>::New-2019-08-11
959541Heap-buffer-overflow in v8::internal::Assembler::jmp-2019-08-11
952682DCHECK failure in value->IsSmi() in objects-debug.cc-2019-08-10
956391CrOS: Vulnerability reported in dev-db/sqlite-2019-08-10
958307Heap-use-after-free in net::MDnsClientImpl::Core::DoCleanup-2019-08-10
958531Use-of-uninitialized-value in setvar-2019-08-10
958759CHECK failure: (location_) != nullptr in maybe-handles.h-2019-08-10
958872Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber-2019-08-10
959024Incorrect-function-pointer-type in blink::InputType::Create-2019-08-10
959014Crash in v8::internal::wasm::NativeModule::AddCodeWithCodeSpace-2019-08-10
959031Crash in v8::internal::wasm::NativeModule::runtime_stub_entry-2019-08-10
959064Crash in apply-2019-08-10
959107Crash in v8::internal::OwnedVector<unsigned char>::New-2019-08-10
959190Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer-2019-08-10
959197Heap-buffer-overflow in WriteUnalignedValue<unsigned-2019-08-10
959199Bad-cast to v8::internal::compiler::CodeGeneratorv8::internal::compiler::CodeGenerator::AssembleCode in void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::AssembleC-2019-08-10
959263Heap-buffer-overflow in emit-2019-08-10
959275Bad-cast to v8::internal::AssemblerBufferv8::internal::Assembler::GrowBuffer in v8::internal::Assembler::emit_mov-2019-08-10
959271Crash in ReadUnalignedValue<unsigned-2019-08-10
959386Crash in apply-2019-08-10
959472Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer-2019-08-10
959484Crash in v8::internal::compiler::InstructionSequence::InstructionBlockAt-2019-08-10
954891Security: OOB Read in ReflexHash::checkTriangle-2019-08-09
957323CVE-2019-8980 CrOS: Vulnerability reported in Linux kernel-2019-08-09
947858Crash in Builtins_InterpreterEntryTrampoline-2019-08-08
956531CrOS: Vulnerability reported in app-arch/tar-2019-08-08
957335Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal-2019-08-08
957436Security: heap-use-after-free in content::RenderFrameImpl::CommitFailedNavigationInternal$30002019-08-08
957830Use-of-uninitialized-value in inspector_protocol_encoding::json::JsonParser<unsigned char>::Parse-2019-08-08
958151Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber-2019-08-08
958457Use after free in PresentationAvailabilityState-2019-08-08
875546Use-of-uninitialized-value in gfx::Tween::IntValueBetween-2019-08-07
893087Security: pageCapture permission allows access to arbitrary local files and chrome:// pages$5002019-08-07
951322Crash in v8::internal::Simulator::LoadStorePairHelper-2019-08-07
954762Heap-buffer-overflow in webrtc::MouseCursorMonitorX11::CaptureCursor-2019-08-07
956414CVE-2019-10125 CrOS: Vulnerability reported in Linux kernel-2019-08-07
956597Security: UAF in ServiceWorkerPaymentInstrument$50002019-08-07
956947Heap-use-after-free in CPDF_ShadingPattern::Load()$60002019-08-07
957321CVE-2013-7470 CrOS: Vulnerability reported in Linux kernel-2019-08-07
956389CrOS: Vulnerability reported in net-misc/curl-2019-08-06
957814Heap-use-after-free in CPDF_RenderStatus::RenderObjectList-2019-08-06
956416CVE-2019-7221 CrOS: Vulnerability reported in Linux kernel-2019-08-05
956426DCHECK failure in old_descriptors_->GetDetails(modified_descriptor_) .representation() .Equals(new-2019-08-05
949887Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-08-04
956418CVE-2019-9213 CrOS: Vulnerability reported in Linux kernel-2019-08-04
928551HTTPS proxies can redirect CONNECT-2019-08-03
956415CVE-2019-6974 CrOS: Vulnerability reported in Linux kernel-2019-08-03
956428Crash in v8::Isolate::GetCurrentContext-2019-08-03
946395Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal-2019-08-02
955047Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-08-02
956427Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::HTMLFrameOwnerElement::OnViewportIntersectionChanged-2019-08-02
893258WebAuthN dialog elides long RP ID (hostnames) on the right-2019-08-01
948564Parameter passing error and Integer overflow in media_stream.mojom which could be used through ipc-2019-08-01
956393CVE-2019-10124 CrOS: Vulnerability reported in Linux kernel-2019-08-01
951712Security: pdfium SEGV on unknown address in CXFA_Graphics::FillPathWithShading$10002019-07-31
952301pdfium (XFA): oob array read in CXFA_Graphics::FillPathWithShading$10002019-07-31
952581Use-of-uninitialized-value in quic::QuicFramer::DecryptPayload-2019-07-31
952849Security: Use-after-free in AudioWorkletGlobalScope::Process-2019-07-31
953659v8 engine element kind type logic panic-2019-07-31
952406Security: Possible OOB related to chrome_sqlite3_malloc$5002019-07-30
954703Heap-buffer-overflow in DirectiveHeaderValueParser::DirectiveHeaderValueParser-2019-07-30
954760Heap-buffer-overflow in domain_reliability::DomainReliabilityHeader::Parse-2019-07-30
951262Crash in rr::optimize-2019-07-28
952041Heap-buffer-overflow in shaderc_spvc_compile_options_clone-2019-07-28
951218Heap-use-after-free in blink::NGOffsetMappingUnit::AssociatedNode-2019-07-27
932610Roll libxslt to downstream a security fix-2019-07-25
940285Heap-use-after-free in content::UtilityServiceFactory::RunNetworkServiceOnIOThread-2019-07-25
951988DCHECK failure in 0u == length in builtins-array.cc-2019-07-25
952749CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSGlobalProxy()) in js-objects-inl-2019-07-25
953157DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc-2019-07-25
953179DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc-2019-07-25
919300Use-of-uninitialized-value in avx::store_bgra$15002019-07-24
926219Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2019-07-24
934161Use-of-uninitialized-value in avx::store_NUMBER$15002019-07-24
950531Security: LoadComBaseFunction susceptible to dll preloading-2019-07-24
952340Use-of-uninitialized-value in blink::UserMediaRequest::Create-2019-07-24
952658VP9 deadlock with change in tile count-2019-07-24
952722DCHECK failure in is_resolved() in ast.h-2019-07-24
953233Use-of-uninitialized-value in v8::internal::interpreter::ConstantArrayBuilder::ToFixedArray-2019-07-24
947029Security: heap-use-after-free in SMILTimeContainer::UpdateAnimations()$30002019-07-23
949417Use-of-uninitialized-value in disk_cache::BackendImpl::NewEntry-2019-07-23
952594Security: SEGV with canvas strokeText-2019-07-23
952389Bad-cast to blink::LayoutBlockFlow from blink::LayoutInline in blink::CompositeEditCommand::AddBlockPlaceholderIfNeeded-2019-07-22
952384Bad-cast to blink::LayoutBlockFlow from blink::LayoutTable in blink::LayoutBlockFlow& blink::To<blink::LayoutBlockFlow, blink::LayoutObject>-2019-07-22
952564Crash in avx::lowp::scale_u8-2019-07-22
952565Crash in ssse3::blit_mask_d32_a8-2019-07-22
952566Crash in _ZN3avx4lowpL7lerp_u8EmPPvmmDv8_tS3_S3_S3_S3_S3_S3_S3_$dc6b7024eef44a823ed47e292-2019-07-22
952568Crash in Sk4px::Load4Alphas-2019-07-22
952574Crash in void mergeT<unsigned char>-2019-07-22
952575Crash in blend_row_A8-2019-07-22
952582Crash in load<unsigned char __attribute__-2019-07-22
952590Crash in SkARGB32_Opaque_Blitter::blitMask-2019-07-22
952595Crash in load<unsigned char __attribute__-2019-07-22
952598Crash in _platform_memmove$VARIANT$Nehalem-2019-07-22
952603Crash in SkBlitter::blitMask-2019-07-22
952615Crash in bits_to_runs-2019-07-22
952626Crash in MapDstAlpha<-2019-07-22
952629Crash in void Sk4px::MapDstAlpha<ssse3::blit_mask_d32_a8_black-2019-07-22
952666Crash in sse2::lerp_u8-2019-07-22
952649Crash in void Sk4px::MapDstSrcAlpha<Sk4px-2019-07-22
948499Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2019-07-21
951438DCHECK failure in GetReadOnlyRoots().fixed_cow_array_map() != map() in fixed-array-inl.h$35002019-07-21
924227Heap-buffer-overflow in spirv_cross::SPIRConstant& spirv_cross::variant_set<spirv_cross::SPIRConstant, u-2019-07-20
924735Security: Marvell Avastar WiFi vulnerability-2019-07-20
951164DCHECK failure in IsFastElementsKind(array->GetElementsKind()) in elements.cc-2019-07-20
951780DCHECK failure in IsDoubleElementsKind(Subclass::kind()) in elements.cc-2019-07-20
925244CHECK failure: node->opcode() == IrOpcode::kParameter || node->opcode() == IrOpcode::kProjectio-2019-07-19
948575Security: Potential UAF in FidoBleDiscovery-2019-07-19
948944CHECK failure: !address.is_initialized() || sizeof(*data_) == address.BlockSize() in storage_bl-2019-07-19
950318Heap-use-after-free in disk_cache::MappedFile::Load-2019-07-19
951374DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsF-2019-07-19
925788Security: PDFium Heap Buffer Overflow in CXFA_TextLayout::DoLayout$10002019-07-18
932900pdfium XFA CXFA_FFDocView::RunSubformIndexChange Use After Free$30002019-07-18
947342Security: heap-buffer-overflow TextureD3D_2DArray::getImage$10002019-07-18
950848Use-of-uninitialized-value in webrtc::AudioDecoderMultiChannelOpusConfig::IsOk-2019-07-18
950747DCHECK: !initializing_store && property_details_.constness() == PropertyConstness::kConst implies IsConstFieldValueEqualTo(*value)-2019-07-18
951216Use-after-poison in blink::ThreadableLoader::Cancel-2019-07-18
925787Security: PDFium Heap Buffer Overflow in CXFA_LayoutPageMgr::FinishPaginatedPageSets$10002019-07-17
933163pdfium XFA CXFA_FFDocView::RunValidate Use After Free$30002019-07-17
950005Security: PDF plugin is allowed to use Pepper TCPServerSocketPrivate API-2019-07-17
950592Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-07-17
944424UAF in TaskQueueImpl::CreateTaskRunner$30002019-07-16
949996CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName()) in name-inl.h-2019-07-16
950275Use-of-uninitialized-value in blink::TransformationMatrix::ToSkMatrix44-2019-07-15
950254Use-of-uninitialized-value in SkMatrix44::recomputeTypeMask-2019-07-15
935735Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-07-14
901665Index-out-of-bounds in vrend_set_single_abo-2019-07-13
936741Heap-buffer-overflow in courgette::DetectDisassembler-2019-07-13
925614protocol property of URL including specific character doesn't return correct value$5002019-07-12
934112Heap-buffer-overflow in courgette::DisassemblerWin32::ParseHeader-2019-07-12
943709libANGLE heap-buffer-overflow triggered by WebGL2 on Windows 10$10002019-07-12
944865DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2019-07-12
948172Security: PDF plugin is allowed to use Pepper Socket API-2019-07-12
948990Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::ToLayoutBox-2019-07-12
949015Bad-cast to blink::LayoutObject from invalid vptr in blink::SVGResources::LayoutIfNeeded-2019-07-12
947410Bad-cast to Ice::OperandOptimizer::getUses in rr::optimize-2019-07-11
947493Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent-2019-07-11
947784Use-of-uninitialized-value in cc::PaintImageBuilder::TakePaintImage-2019-07-11
881267Chrome v69 URL spoofing vulnerability on IOS$10002019-07-10
943424use-after-free in libANGLE triggered by WebGL2 on Windows 10$30002019-07-10
943538libANGLE use-after-free (gl::State::syncTextures) triggered through WebGL2 in the GPU process$30002019-07-10
944800Use-after-poison in blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<`lambda-2019-07-10
945246DCHECK failure in map_.is_stable() in compilation-dependencies.cc-2019-07-10
946550Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-07-10
947865Use-of-uninitialized-value in dawn_native::TextureBase::Destroy-2019-07-10
948228DCHECK failure in *isolate->external_caught_exception_address() in wasm-engine.cc-2019-07-10
948248Security: Debug check failed: name->is_one_byte() src/parsing/parser.cc, line 350-2019-07-10
943087Integer overflow in libANGLE that results in memory corruption in GPU process$30002019-07-09
948307DCHECK failure in ObjectInYoungGeneration(HeapObjectSlot(slot).ToHeapObject()) in heap.cc-2019-07-09
944930Regenerate chromeos-base/chromeos-ca-certificates with the latest set of pki.goog/roots.pem-2019-07-08
946889v8 debug version crash when CreateGraph phase-2019-07-08
947240use-after-free happening in unittest LayerTreeHostImplTest.ScrollSnapOnY$30002019-07-08
947949CHECK failure: this->first()->length() > 0 in objects-debug.cc-2019-07-08
946539Heap-buffer-overflow in disk_cache::EntryImpl::UserBuffer::Write-2019-07-07
947378Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-07-07
947499Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-07-07
892875Security: crosvm: integer overflow in read_struct_slice-2019-07-06
897641Security: URL in Omnibox doesn't always match page content$10002019-07-06
901603Index-out-of-bounds in BZ2_decompress-2019-07-06
916838Security: Two autocomplete flaws together allow sites to invisibly read credit card numbers after a single keypress$33372019-07-06
939644Integer overflows in disk caches-2019-07-06
943387Security: Regression : URL bar spoofing with "file:///" URL on iOS-2019-07-06
946862Heap-use-after-free in net::PrioritizedDispatcher::MaybeDispatchJob-2019-07-06
947323Use-of-uninitialized-value in dawn_native::TextureBase::Destroy-2019-07-06
945644Security: Failed Debug Check in src/compiler/verifier.cc, line 121$30002019-07-05
945855Heap-use-after-free in BEInt<unsigned int, 4>::operator unsigned int-2019-07-05
946006Heap-use-after-free in blink::LocalFrameUkmAggregator::RecordSample-2019-07-05
946434Heap-use-after-free in base::LinkNode<disk_cache::MemEntryImpl>::RemoveFromList-2019-07-05
946543Heap-buffer-overflow in BEInt<short, 2>::operator short-2019-07-05
946806Crash in BEInt<unsigned int, 4>::operator unsigned int-2019-07-05
947150Use-of-uninitialized-value in dawn_native::ValidateTextureViewDescriptor-2019-07-05
918293Security: Cross origin resource size infoleak$10002019-07-04
927764Download Protection: Malicious extensions Mac OS (Safe Browsing)-2019-07-04
944346Crash in BEInt<unsigned int, 4>::operator unsigned int-2019-07-04
944945CHECK failure: !result.failed() in wasm-engine.cc-2019-07-04
945370UAF in IndexedDB$80002019-07-04
946175Crash in v8::internal::Map::instance_type-2019-07-04
946301Heap-use-after-free in ash::CaptionContainerView::SetBackdropVisibility-2019-07-04
933221Wild read within ASAN instrumentation in __sanitizer_cov_trace_pc_guard-2019-07-03
937773CVE-2019-8912: Security: Linux Kernel: Potential priv esc via UAF in sockfs_settattr-2019-07-03
944391Stack-buffer-overflow in sh::TInfoSinkBase::operator<<-2019-07-03
944971Security: OOB memory access in v8 regexp-2019-07-03
945084Crash in vpx_subtract_block_sse2-2019-07-03
945341CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsFixedArrayBase()) in fixed-array-i-2019-07-03
946310CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc-2019-07-03
946350Crash in v8::internal::Object::Number-2019-07-03
944435CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-07-02
945124Heap-use-after-free in disk_cache::SimpleEntryImpl::CreationOperationComplete-2019-07-02
945152Heap-use-after-free in blink::PaintController::FinishCycle-2019-07-01
941340CSP bypass with import maps$10002019-06-30
940205Heap-use-after-free in renameTokenCheckAll-2019-06-29
943913Stack-buffer-overflow in quic::QuicDataReader::ReadConnectionId-2019-06-29
944013Stack-buffer-overflow in quic::QuicDataReader::ReadBytes-2019-06-29
944062Security: v8: turbofan: JSCallReducer::ReduceArrayIndexOfIncludes fails to insert Map checks-2019-06-28
937663Use-of-uninitialized-value in mov_read_dfla-2019-06-27
942699Security: Google V8 Array.prototype Memory Corruption Vulnerability (TALOS-2019-0791)$20002019-06-27
942898UAF in indexeddb IndexedDBDatabase::RequestComplete$100002019-06-27
942671URL spoofing using invalid urls (invalid prototype)-2019-06-26
939316V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct-2019-06-25
941952DCHECK failure in 0 <= index && index < node->op()->ValueInputCount() in node-properties.cc$15002019-06-25
941743Security: OOB write in v8::internal::(anonymous namespace)::ElementsAccessorBase-2019-06-24
941746Security: UAF in content::IndexedDBDatabase-2019-06-22
940283Use-of-uninitialized-value in content::PowerMonitorTestImpl::~PowerMonitorTestImpl-2019-06-21
941360Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-06-21
941542Use-of-uninitialized-value in Deserializer::readDescriptor-2019-06-21
941991Chromium: Vulnerability reported in libxml-2019-06-21
936531heap-use-after-free : base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront-2019-06-20
939689Security: Android : http authentication spoof$10002019-06-20
939746CHECK failure: TypeError: node #171:StringCharCodeAt(input @1 = PoisonIndex:PoisonIndex) type (-2019-06-20
940284Stack-buffer-overflow in auto_descriptor_from_desc-2019-06-20
941008Security: UAF in FileChooserImpl-2019-06-20
940296Crash in unsigned long v8::base::AsAtomicImpl<long>::Relaxed_Load<unsigned long>-2019-06-19
940843Stack-buffer-overflow in SkDescriptor::findEntry-2019-06-19
885215Security: SiteInstanceImpl::GetSiteForURL ignores hash in Data URL$5002019-06-18
937199pdfium (XFA): heap-use-after-free in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset$10002019-06-18
938724pdfium (XFA): oob read in CFGAS_FormatString::FormatStrNum$10002019-06-18
940000heap-use-after-free : base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase-2019-06-18
940245Security: Security: Chrome renderer process persistence bug on android$10002019-06-18
932908Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement-2019-06-17
939239Arbitrary Read in swiftshader$10002019-06-15
938867Bad-cast to blink::HTMLInputElement in IsMenulistInput-2019-06-14
930550Heap-buffer-overflow in bn_cmp_part_words-2019-06-13
937799Security: Invalid read. SEGV on CXFA_Radial::Draw.$30002019-06-13
938311heap-use-after-free in AsyncCompileJob$30002019-06-13
938626pdfium (XFA): oob read in CFGAS_FormatString::GetNumericFormat-2019-06-13
937412Crash in update_tricolor_matrix-2019-06-12
937628Crash in dawn_native::TextureFormatPixelSize-2019-06-12
938251Security: Integer overflow in NewFixedDoubleArray-2019-06-12
913320Heap-use-after-free in CPDF_ShadingPattern::Load()$30002019-06-11
917688use-after-poison on blink::CanvasResourceDispatcher::OnBeginFrame-2019-06-11
925598Security: URL bar spoofing on iOS (repro issue 844881)$20002019-06-11
926160CVE-2019-3819 CrOS: Vulnerability reported in Linux kernel-2019-06-11
937487chrome.dashboardPrivate API is exposed to whole origin of https://chrome.google.com$5002019-06-11
937649Unknown signal in Builtins_JSEntryTrampoline-2019-06-11
928014Crash in base::FilePath::FilePath-2019-06-10
935209Use-after-free in GenerateNetworkErrorLoggingReport-2019-06-10
915423Use-of-uninitialized-value in v8::internal::Factory::NewNumberFromUint-2019-06-08
935374Bad-cast to blink::LayoutImage from invalid vptr in blink::LayoutImage::ImageNotifyFinished-2019-06-08
937155Bad-free in _pthread_tsd_cleanup-2019-06-08
937206Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent-2019-06-08
929198Crash in _cupsStrFree-2019-06-07
933743Heap-buffer-overflow in media::mp4::ConvertAVCToAnnexBInPlaceForLengthSize4-2019-06-07
934166Security: other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() (0x563015eb2cf8 vs. 0x563015eb2cf8).-2019-06-07
935076Heap-use-after-free in blink::LayoutImage::ImageNotifyFinished-2019-06-07
936346Crash in Ice::XNUMBER::InstImpl<struct Ice::XNUMBER::TargetX8664Traits>::InstX86Movd::emi-2019-06-07
936448Heap-use-after-free WRITE 4 · v8::internal::ElementsAccessorBase-2019-06-07
913964UAP in blink::UpdatePlaceHolderImage$30002019-06-06
919046use-after-poison in blink::CanvasResourceDispatcher::OnBeginFrame-2019-06-06
929757Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept-2019-06-06
930035Security: Stack out-of-bounds writes in WebmMuxer::AddAudioTrack$5002019-06-06
930057Security: CORS policy not applied for bitmap canvases loaded without CORS support$10002019-06-06
932922Heap-use-after-free in aura::EventObserverAdapter::~EventObserverAdapter$15002019-06-06
934201Security: Internal object leak in ReadableStream-2019-06-06
935175Security: Address bar spoofing with mishandling canceled requests.$10002019-06-06
934128Heap-buffer-overflow in gpr_murmur_hash3-2019-06-05
936302CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-06-05
933004Security: command line injection in Windows (--user-data-dir)$5002019-06-04
933664OOB read and write in BigUint64Array-2019-06-04
935078Crash in dawn_native::InputStateBuilder::SetAttribute-2019-06-04
935026Global-buffer-overflow in dawn_native::VertexFormatComponentSize-2019-06-04
935138Use-of-uninitialized-value in v8::internal::compiler::TurbofanWasmCompilationUnit::BuildGraphForWasmFunction-2019-06-04
931949Security: Type confusion in JSPromise::TriggerPromiseReactions-2019-06-03
935101CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc-2019-06-03
894933Heap-buffer-overflow in xmlParseAttValueInternal-2019-06-02
927982Heap-use-after-free in egl::Surface::deleteResources-2019-06-02
929088Heap-use-after-free in egl::Display::terminate-2019-06-02
929962Code review: ReadBits may return uninitialized value due to unchecked return status.$5002019-06-01
930663Security: READ heap-buffer-overflow in libxslt (type confusion?)$10002019-06-01
933418ptrace syscall on Android can bypass seccomp on Linux <4.8-2019-06-01
934869Crash in Ice::CfgNode::appendInst-2019-06-01
924209Use-of-uninitialized-value in sw::Shader::analyzeIndirectAddressing-2019-05-31
933851Bad-cast to (anonymous namespace)::WebrtcTaskQueue from invalid vptr in base::internal::Invoker<base::internal::BindState<void-2019-05-31
933977Heap-buffer-overflow in sw::PixelProgram::CALL-2019-05-31
934085Crash in llvm::ilist_base<true>::insertBeforeImpl-2019-05-31
352465Security: terminalPrivate API should use an unforgeable process reference-2019-05-30
490720Security: ping utility includes process id in echo requests-2019-05-30
920169CrOS: Vulnerability reported in dev-libs/elfutils-2019-05-30
921983CrOS: Vulnerability reported in dev-libs/libtasn1-2019-05-30
929652DOMParser APIs send DNS request via preconnect link tag-2019-05-30
932034Size calculation overflow can lead to heap buffer overflow$50002019-05-30
932867Stack-buffer-overflow in sw::Shader::analyzeCallSites-2019-05-30
932953CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda-2019-05-30
933179DCHECK failure in old_map_->is_stable() in map-updater.cc-2019-05-30
933212Heap-use-after-free in CFX_ReadOnlyMemoryStream::~CFX_ReadOnlyMemoryStream-2019-05-30
933341Heap-use-after-free in dawn_native::CommandEncoderBase::HandleBuilderError-2019-05-30
933760Use-of-uninitialized-value in =-2019-05-30
927432Use-after-poison in base::internal::Invoker<base::internal::BindState<void-2019-05-29
930154Security: Possible to override browser-initiated navigation using WindowClient.navigate$5002019-05-29
932895Crash in HandleDynamicTypeCacheMiss-2019-05-29
933135Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::WriteNextFil-2019-05-29
933211mXSS: Potential XSS via noembed tags parsed by DOMParser APIs$5002019-05-29
933521DCHECK failure in length_ < capacity() in string-builder.cc-2019-05-29
928051Crash in base::Thread::ThreadMain-2019-05-28
929521Crash in metrics::CallStackProfile_Location* google::protobuf::Arena::CreateMaybeMessage<-2019-05-27
928863Crash in sw::Thread::Thread-2019-05-26
908669Bad-free in base::internal::BindState<void-2019-05-24
923654Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive-2019-05-24
924972Security: site isolation bypass: websockets leak cross-origin cookies-2019-05-24
926651Security: [v8] Type Confusion in Builtins_CallUndefinedReceiver1Handler$60002019-05-24
927646Security: heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidationWithoutGeometryChange$30002019-05-24
928974Security: http authentication spoof (repro issue 884179)$10002019-05-24
930948CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-05-24
931175Security: Invalid read. SEGV on CXFA_Graphics::FillPathWithShading$5002019-05-24
920580CrOS: Vulnerability reported in dev-libs/libzip-2019-05-23
928138Crash in base::CreateThread-2019-05-23
928223Crash in base::RunLoop::Run-2019-05-23
878805Weird crash in V8 javascript engine-2019-05-22
921581Security: UAF in MidiManagerWin-2019-05-22
906342CVE-2018-14625 CrOS: Vulnerability reported in Linux kernel-2019-05-21
913561Security: pdfium heap BOF in RelocateTableRowCells$10002019-05-21
926853CrOS: Vulnerability reported in dev-libs/openssl-2019-05-21
927438Heap-use-after-free in blink::LayoutBlockFlow::DetermineStartPosition-2019-05-21
928044Crash in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run-2019-05-21
929624CVE-2018-16880 CrOS: Vulnerability reported in Linux kernel-2019-05-21
930474Bad-cast to blink::LayoutText from invalid vptr in blink::ToLayoutText-2019-05-21
930580DCHECK failure in !var->has_forced_context_allocation() || var->is_used() in scopes.cc-2019-05-20
930045CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda-2019-05-19
927307Github Wiki Pages for GoogleChrome are publicly editable.$5002019-05-18
927471AppCache may be used to bypass CORB (URLs covered by manifest)-2019-05-18
927849is_corb_enabled=false for requests from shared workers-2019-05-18
929711Security: Idn-spoof with using U+00F0 (ð)$5002019-05-18
930026Heap-buffer-overflow in base::WideToUTF8-2019-05-18
914983pdfium: signed-integer-overflow in AdjustGlyphSpace / CFX_DIBBase::GetOverlapRect$5002019-05-17
919635pdfium: signed-integer-overflow in CFX_RenderDevice::DrawNormalText-2019-05-17
919640pdfium: signed-integer-overflow in CFX_AggDeviceDriver::StretchDIBits-2019-05-17
922446crash_sender: invalid crash report names can trigger arbitrary file deletion as root$5002019-05-17
928720Security: Type confusion in V8TrustedTypePolicyOptions::ToImpl-2019-05-17
929217Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$15002019-05-17
929623CVE-2018-16862 CrOS: Vulnerability reported in Linux kernel-2019-05-17
929625CVE-2018-18397 CrOS: Vulnerability reported in Linux kernel-2019-05-17
929626CVE-2018-19854 CrOS: Vulnerability reported in Linux kernel-2019-05-17
919643pdfium: signed-integer-overflow in FX_RECT::Width-2019-05-16
921351Crash in _cupsStrFree-2019-05-16
926854CrOS: Vulnerability reported in app-admin/rsyslog-2019-05-16
928640Use-of-uninitialized-value in bool base::internal::CheckedAddOp<long, long, void>::Do<long>-2019-05-16
928755Heap-use-after-free in v8::internal::wasm::CompilationStateImpl::OnFinishedUnit-2019-05-16
929020Crash in base::WaitableEvent::TimedWaitUntil-2019-05-16
926105Framebusting protection bypass because a download redirected cross-origin gets processed as a main frame navigation$5002019-05-15
927396Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept-2019-05-15
928061Heap-use-after-free in v8::internal::wasm::BackgroundCompileTask::RunInternal-2019-05-15
927555Security DCHECK failure: RotateTransformOperation::IsMatchingOperationType(transform.GetType()) in rotate$15002019-05-14
927644PDFium Use After Free on CXFA_FFNotify::OpenDropDownList (XFA enable)$35002019-05-14
925232CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-05-13
928062Crash in base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity-2019-05-13
928239CVE-2018-16884 CrOS: Vulnerability reported in Linux kernel-2019-05-13
826030webRequest extensions can see other extensions' requests.-2019-05-11
925050CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc-2019-05-11
915455Crash in spirv_cross::Compiler::traverse_all_reachable_opcodes-2019-05-10
919176Heap-buffer-overflow in spirv_cross::CompilerGLSL::emit_instruction-2019-05-10
925641Crash in gldRenderFillPolygonPtr-2019-05-10
925790Security: PDFium Use After Free in CXFA_ItemLayoutProcessor::ExtractLayoutItem$30002019-05-10
926640pdfium: use-after-dtor in CPDF_GeneralState::StateData::~StateData()$10002019-05-10
913564Security: pdfium heap use after free in cxfa_layoutitem$30002019-05-09
919813CrOS: Vulnerability reported in media-libs/lcms-2019-05-09
924450Security: heap-use-after-free in blink::CSSToLengthConversionData::FontSizes::FontSizes$30002019-05-09
926852CVE-2018-16882 CrOS: Vulnerability reported in Linux kernel-2019-05-09
926964Security DCHECK failure: node.IsElementNode() in element.h-2019-05-09
867509Security: Chrome OS: almost-exploitable AVFS behavior: argument injection; subdir/bind bypass-2019-05-08
906601Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2019-05-08
915197OOB write in sw::VertexProgram::Program$30002019-05-08
915206OOB write in sw::VertexProgram::WHILE$30002019-05-08
915218OOB operation in SwiftShader JIT code.$10002019-05-08
923695Security: URL bar spoofing on iOS-2019-05-08
923951Security: heap-use-after-free in blink::ImageResourceContent::UpdateImageAnimationPolicy$30002019-05-08
924843DCHECK failure in IsAligned(DistanceTo(target), kInstrSize) in instructions-arm64.cc-2019-05-08
925864Security: UAF in FileSystemOperationRunner-2019-05-08
926027Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement-2019-05-08
926036DCHECK failure in (decl.pattern) != nullptr in parser.cc-2019-05-08
921390Security: Hostname not elided securely (URL spoofing on iOS)$5002019-05-07
925671DCHECK failure in 0 < outstanding_tiering_units_ in module-compiler.cc-2019-05-07
919356Security: RCE via "copy as curl" on mac-2019-05-05
924133Security: V8: Fatal error in ../../src/runtime/runtime-array.cc, line 167-2019-05-05
913314Security: Permission request UI spoof$5002019-05-04
922864pdfium (XFA): wrong object type in CFXJSE_FormCalcContext::ParseResolveResult$30002019-05-04
924388Use-of-uninitialized-value in views::View::GetWidget-2019-05-04
924457Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers-2019-05-04
925146CHECK failure: 2 == total_number_of_control_uses in verifier.cc-2019-05-04
903233Heap-buffer-overflow in quipper::PerfSerializer::SerializeMMap2Event-2019-05-03
903237Heap-buffer-overflow in quipper::PerfReader::ReadPipedData-2019-05-03
904382Heap-buffer-overflow in quipper::PerfReader::ReadBuildIDMetadataWithoutHeader-2019-05-03
915975V8 HeapObject pointing to JIT memory$30002019-05-03
923205Bad-cast to cc::ContentLayerClient from invalid vptr in cc::PictureLayer::Update-2019-05-03
924375Heap-buffer-overflow in sh::OutputVariable::~OutputVariable-2019-05-03
924411Bad parameters to --sanitizer-annotate-contiguous-container in sh::TCompiler::~TCompiler-2019-05-03
924382Crash in sh::ShaderVariable::~ShaderVariable-2019-05-03
924537Crash in sh::Attribute::~Attribute-2019-05-03
924905DCHECK failure in lsb == base::bits::CountTrailingZeros32(value) in instruction-selector-arm.cc-2019-05-03
924928pdfium (XFA): double-free in CJX_Node::saveXML$30002019-05-03
924950Heap-use-after-free in views::View::~View-2019-05-03
923913Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition-2019-05-02
924418Heap-use-after-free in ui::PropertyHandler::SetPropertyInternal-2019-05-02
915541Security: ChromeOS Persistent root Command Execution$750002019-05-01
922627Chromium - Exposed GPU profiler allows to dump all URLs and headers from requested pages$40002019-05-01
922844Use-of-uninitialized-value in sqlite3BtreeMovetoUnpacked-2019-05-01
923630Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser-2019-05-01
923646CrOS: Vulnerability reported in net-misc/curl-2019-05-01
923675DCHECK failure in candidate->location.IsValid() in modules.cc-2019-05-01
920120CHECK failure: #14 ADDRESS (/mnt/scratch0/clusterfuzz/bot/builds/v8-asan_linux-debug_ddc8d9b4e-2019-04-30
920276Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage-2019-04-30
920421Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-04-30
923264CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString()-2019-04-30
922933DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-29
912602Crash in sw::Thread::Thread-2019-04-28
914925Crash in libX11.so.6-2019-04-28
921393Crash in cc::SaveOp::Serialize-2019-04-28
922303Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition-2019-04-28
910305Security: Make JIT payment Service Worker registrations same-origin only-2019-04-27
918022Heap-buffer-overflow in scan_bos_continue-2019-04-27
918232Security: chromedriver LCE-2019-04-27
918311Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-04-27
919181Container-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-04-27
920995CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-27
921380CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-27
922077Bad-cast to content::(anonymous namespace)::WebServiceWorkerNetworkProviderImplForFrame from content::WebServiceWorkerNetworkProviderImplForWorker in content::ServiceWorkerNetworkProvider::FromWebServiceWorkerNetworkProvider-2019-04-27
922668Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char-2019-04-27
888311CrOS: Vulnerability reported in app-crypt/mit-krb5-2019-04-26
916523Security: Double-destruction race in StoragePartitionService-2019-04-26
916152Security: symlinks in /var/log can be abused to create messy arbitrary file write primitives-2019-04-25
916870CrossCallParamsEx::GetParameterStr causes Heap-buffer-overflow-2019-04-25
919486Clean up extended attributes inadvertently being set on user data files-2019-04-25
920115Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::PriorityFromObserver-2019-04-25
921074Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char-2019-04-25
922432Heap-buffer-overflow in unsigned int v8::internal::wasm::Decoder::read_leb_tail<unsigned int,-2019-04-25
922677Security: UAF in FileWriterImpl-2019-04-25
910906Upgrade SQLite to 3.26.0-2019-04-24
912074heap-use-after-free on RTCPeerConnectionHandler$30002019-04-24
912983Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short-2019-04-24
916874Heap-buffer-overflow in bool base::UTFConversion<base::BasicStringPiece<std::__1::basic_string<wchar_t,-2019-04-24
917702Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-04-24
917936Heap-buffer-overflow in AAT::KerxSubTableFormat4<struct AAT::KerxSubTableHeader>::driver_context_t::tran-2019-04-24
918340Use-of-uninitialized-value in AAT::ankr::get_anchor-2019-04-24
920579CrOS: Vulnerability reported in net-dns/avahi-2019-04-24
920990CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920991CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920992CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920993CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920994CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921376CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921377CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921378CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921379CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921382Security: Debug check failed: nary->op() == Token::COMMA in V8 parsing-2019-04-24
921563CrOS: Vulnerability reported in dev-libs/nettle-2019-04-24
921935Crash in webrtc::video_coding::DecodedFramesHistory::InsertDecoded-2019-04-24
921838Heap-buffer-overflow in blink::PropertyTreeManager::CreateCompositorScrollNode-2019-04-24
921951Use-of-uninitialized-value in webrtc::video_coding::DecodedFramesHistory::WasDecoded-2019-04-24
921952Heap-use-after-free in base::MessageLoopCurrent::GetWorkId-2019-04-24
914507Use-of-uninitialized-value in sqlite3BtreeDelete-2019-04-23
916140Security: /run/ipsec and /run/l2tpipsec_vpn should ideally not be group-writable-2019-04-23
920733getDisplayMedia() prompts from background tab, not obvious who's asking.$5002019-04-23
920859Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-04-22
921299Use-of-uninitialized-value in SkPerlinNoiseShaderImpl::PaintingData::stitch-2019-04-22
921341Security DCHECK failure: it != clients_.end() in css_image_generator_value.cc-2019-04-22
902650Heap-use-after-free in vp8dx_bool_decoder_fill-2019-04-21
921076CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsPreparseData()) in shared-function-2019-04-21
911253SQLite3 exprCodeBetween heap-buffer overflow-2019-04-20
911255sqlite3ExprCompare Assertion Failure: (combinedFlags & EP_Reduced)==0-2019-04-20
917588DCHECK failure in is_fp() in liftoff-register.h-2019-04-20
918284DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-20
918861Security: Data race in ExtensionsGuestViewMessageFilter-2019-04-20
919717CVE-2017-0553 libnl-2019-04-20
919754DCHECK failure in !std::isnan(value) in js-operator.h-2019-04-20
920164CHECK failure: value->IsSmi() || value->IsTheHole(isolate) in objects-debug.cc-2019-04-20
920491CHECK failure: Type cast failed in CAST(elements) at ../../src/ic/accessor-assembler.cc:1830 in-2019-04-20
920769DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-20
780039kmod: kill support for /run/modprobe.d-2019-04-19
905509Audit (and remove as appropriate) use of size_t in command buffer code-2019-04-19
914736Security: Heap buffer overflow in the V8 language parser$75002019-04-19
918470Security: Extensions can add host permissions for chrome:// pages$5002019-04-19
919533DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-19
919649pdfium (XFA): oob array read in CFX_TxtBreak::GetBreakPos-2019-04-19
920048Security: http authentication spoof on chrome iOS (repro issue 884179)$5002019-04-19
920566Heap-use-after-free in PriorityFromObserver-2019-04-19
884122Security: Use-after-free in CPDFSDK_Widget::GetMixXFAWidget$30002019-04-18
892574Security: Use-after-free in CPDFXFA_Page::GetDisplayMatrix$30002019-04-18
915819sqlite3 allows arbitrary binary extension loading-2019-04-18
918771Heap-use-after-free in http2::HpackDecoderStringBuffer::BufferStringIfUnbuffered-2019-04-18
919800Heap-use-after-free in SelectFileDialogExtension::ExtensionDialogClosing$25002019-04-18
916080Security: UAF in RenderProcessHostImpl binding for P2PSocketDispatcherHost-2019-04-17
916960CrOS: Vulnerability reported in net-vpn/strongswan-2019-04-17
918273Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2019-04-17
918917DCHECK failure in HasRegisterMove(dst, src, type) in liftoff-assembler.cc-2019-04-17
919200Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::DoMultiDrawEndCHROMIUM-2019-04-17
919340CHECK failure: TypeError: node #169:DeadValue[kRepTagged](input @0 = CheckString:CheckString) t-2019-04-17
911822Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage-2019-04-16
913836Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-04-16
915857vpn-manager must sanitize ipsec certificate fields-2019-04-16
919572DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc-2019-04-16
918149DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc-2019-04-14
919014Heap-use-after-free in quic::QuicStreamSequencerBuffer::FirstMissingByte-2019-04-14
919073Heap-use-after-free in net::IntervalSet<unsigned long long>::Empty-2019-04-14
888323CVE-2018-14611 CrOS: Vulnerability reported in Linux kernel-2019-04-13
888324CVE-2018-14612 CrOS: Vulnerability reported in Linux kernel-2019-04-13
888325CVE-2018-14613 CrOS: Vulnerability reported in Linux kernel-2019-04-13
918260Heap-buffer-overflow in dawn_wire::QueueSubmitDeserialize-2019-04-13
918094Heap-buffer-overflow in dawn_wire::dawnShaderModuleDescriptorDeserialize-2019-04-13
918323Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-04-13
918348Heap-buffer-overflow in dawn_wire::dawnRenderPassColorAttachmentDescriptorDeserialize-2019-04-13
918849Heap-use-after-free in base::small_map<class std::unordered_map<unsigned int,class std::unique_ptr<clas-2019-04-13
906252Security: LUCI - Best practice in html escaping content before rendering not followed-2019-04-12
910222Use-of-uninitialized-value in avx::store_bgra-2019-04-12
914731Security: The serialized data is corrupted because the return value is always true.$10002019-04-12
917151CHECK failure: U_SUCCESS(status) in intl-objects.cc-2019-04-12
917412DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-12
917450DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h-2019-04-12
917785Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator-2019-04-12
917589Heap-use-after-free in gfx::ToEnclosingRect-2019-04-12
917980Security: Heap-use-after-free in TypedArray.join$50002019-04-12
917988DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc-2019-04-12
918222Heap-buffer-overflow in BEInt<unsigned char, 1>::operator unsigned char-2019-04-12
918450Heap-use-after-free in cc::Layer::SetOffsetToTransformParent-2019-04-12
905975Security: use-after-poison in mojo::SimpleWatcher::OnHandleReady$30002019-04-11
914756Bad-cast to spvtools::utils::SmallVector<unsigned int, 2> from invalid vptr in spvtools::opt::Instruction::GetSingleWordOperand-2019-04-11
918454Security: World Editable GitHub Repository Wikis for chromium$5002019-04-11
856973Security: Type confusion bypasses Spectre mitigation-2019-04-10
917021Crash in AddressIsPoisoned-2019-04-10
917025Heap-buffer-overflow in (std::is_function<std::__1::remove_pointer<unsigned-2019-04-10
915636CVE-2018-20169: Security: Linux kernel: BOF in drivers/usb/core/hub.c allowing read, maybe write-2019-04-09
917032Heap-use-after-free in cc::Layer::SetOffsetToTransformParent-2019-04-08
916558Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId-2019-04-07
905815DCHECK failure in pc <= end_ in decoder.h-2019-04-06
916861Crash in media::Vp9Parser::ParseSuperframe-2019-04-06
917036Crash in media::IvfParser::ParseNextFrame-2019-04-06
917608Crash in AddressIsPoisoned-2019-04-06
917645DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-04-06
918027Heap-use-after-free in blink::LayoutTableCell::CompareInDOMOrder-2019-04-06
931640Security: Type confusion in JSPromise::TriggerPromiseReactions-2019-04-05
749852Page still eats the page until the next `'`$5002019-04-05
910824DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-05
914511IsolatedOrigins should ignore port numbers-2019-04-05
916871Heap-buffer-overflow in dawn_wire::dawnBindGroupLayoutBindingDeserialize-2019-04-05
916916Heap-buffer-overflow in dawn_wire::ComputePassEncoderSetPushConstantsDeserialize-2019-04-05
881024Use-of-uninitialized-value in gtk_widget_destroy-2019-04-04
917668Security: Cross Domain Bug of Indexeddb Database-2019-04-04
913270Heap-use-after-free in midi::MidiManager::~MidiManager-2019-04-03
900145Crash in _platform_memmove$VARIANT$Nehalem-2019-03-31
908191Crash in SkBinaryWriteBuffer::writePad32-2019-03-31
916873Heap-buffer-overflow in hunspell::BDict::Verify-2019-03-31
912508Heap-buffer-overflow in sh::SetUnionArrayFromMatrix-2019-03-30
912592DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-03-30
913805Crash in es2::Shader::compile-2019-03-30
916897Crash in blink::FindBuffer::PositionAtStartOfCharacterAtIndex-2019-03-30
917147Crash in FromHeapObject-2019-03-30
917545abort in pdfium_test (copied from PDFium tracker)-2019-03-30
733943Do not store URLs in xattr-2019-03-29
901768Need a reliable mechanism to make the login profile inaccessible after login completes-2019-03-29
912211Security: a use-after-free in RenderFrameImple can lead to an RCE$30002019-03-29
910916Heap-use-after-free in baseline::run_program-2019-03-28
916428Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith-2019-03-28
916525DCHECK failure in HasSimpleParameters() || is_block_scope() || is_being_lazily_parsed_ in scopes.c-2019-03-28
916869Ill in v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule-2019-03-28
901677Heap-use-after-free in baseline::exec_ops-2019-03-27
906437Use-of-uninitialized-value in av_tolower-2019-03-27
914240Crash in dawn_native::null::Buffer::SetSubDataImpl-2019-03-27
915205Crash in dawn_native::BufferBase::SetSubData-2019-03-27
915446Security: Background fetch leaks cross-origin response size$10002019-03-27
915469Security: Type Confusion in LayoutBlockFlow::CreateLineBoxes$30002019-03-27
915492Crash in dawn_wire::server::Server::OnMapReadAsyncCallback-2019-03-27
915550Heap-use-after-free in content::BackgroundFetchContext::StartFetch-2019-03-27
915587Use-of-uninitialized-value in blink::MarkingVisitor::ConservativelyMarkAddress-2019-03-27
915783Security: Heap-use-after-free in TypedArray.toLocaleString$50002019-03-27
916288DCHECK failure in IsAssignmentContext() in pattern-rewriter.cc-2019-03-27
899689Security: Incorrect convexity assumptions in Skia leading to buffer overflows-2019-03-26
906333Use-of-uninitialized-value in mz_zip_entry_read_header-2019-03-26
912947Security: UAFs in PaymentRequest service-2019-03-26
912997Heap-use-after-free in media::AudioThreadHangMonitor::StartTimer-2019-03-26
913246WebRTC: Potential Use-after-free in VP8 Block Decoding (MFQE feature)$10002019-03-26
914615Bad-cast to dawn_wire::server::Serverdawn_wire::server::ForwardBufferMapReadAsync in dawn_native::BufferBase::~BufferBase-2019-03-24
914562Heap-use-after-free in gcm::GCMDriver::Shutdown-2019-03-24
914620Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2019-03-24
915299Crash in net_http_server_fuzzer-2019-03-24
905940OOB Write in ValueDeserializer::ReadDenseJSArray (Tian Fu Cup exploit)-2019-03-23
908358Heap-buffer-overflow in mov_read_trun-2019-03-23
913970UAP in blink::FileReaderLoader::OnStartLoading$30002019-03-23
912520Security: UAF in RenderFrameHostImpl::CreateMediaStreamDispatcherHost-2019-03-23
914020Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith-2019-03-23
914262Use-of-uninitialized-value in content::RenderFrameImpl::CommitNavigation-2019-03-23
915293Heap-use-after-free in content::RenderFrameImpl::CommitNavigation-2019-03-23
896838Heap-buffer-overflow in libX11.so.6-2019-03-22
904105quipper_perf_reader_read_fuzzer Crash in _fini-2019-03-22
906379Use-of-uninitialized-value in WebRtcIsacfix_PitchFilterCore-2019-03-22
910014Heap-use-after-free in aura::Env::last_mouse_location-2019-03-22
913807Heap-use-after-free in BadgeServiceImpl::ClearBadge-2019-03-22
913975Chrome tab crashes when a pattern containing a Hebrew character followed by 2 horizontal tabs and then another character is clicked.$10002019-03-22
914216Incorrect-function-pointer-type in base::OnceCallback<void-2019-03-22
914251Bad-cast to std::__1::__function::__base<void ()> from std::__1::__function::__func<void (*)(), std::__1::allocator<void (*)()>, void ()> in v8::base::CallOnceImpl-2019-03-22
914325Bad-cast to gl::Object from es2::Context in egl::Display::createContext-2019-03-22
914497QUIC proxying breaks end-to-end encryption$75002019-03-22
914697Heap-buffer-overflow in av_reallocp-2019-03-22
914699Heap-buffer-overflow in av_realloc_f-2019-03-22
914701Heap-buffer-overflow in ff_hNUMBER_packet_split-2019-03-22
914812Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void-2019-03-22
914820Use-of-uninitialized-value in v8::internal::compiler::Node::AppendUse-2019-03-22
901206Memcpy-param-overlap in av1_convolve_2d_copy_sr_sse2-2019-03-21
902427Permissions request clickjacking flaw report:$20002019-03-21
913232DCHECK failure in HasIncomingBackEdges(block) implies block_effects.For(block->PredecessorAt(0), b-2019-03-21
912504CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-03-21
913822DCHECK failure in !failed_ in asm-parser.cc-2019-03-21
914388CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-03-21
888310CrOS: Vulnerability reported in dev-libs/libxml2-2019-03-20
893395ASSERT: failed: expected exception __c_0, got RangeError: Array buffer allocation-2019-03-20
910098Heap-use-after-free in blink::AudioNodeOutput::RemoveInput-2019-03-20
912887CVE-2018-17972 CrOS: Vulnerability reported in Linux kernel-2019-03-20
912922Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void-2019-03-20
913212DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h-2019-03-20
883596Security: Skia missing reset fLastMoveToIndex in SkPath::transform() lead to out-of-bound-2019-03-19
896538Security: Skia fLastMoveToIndex wrong state-2019-03-19
902516Security: Lock Screen allows pasting of contents from locked session-2019-03-19
913296Security: V8: Incorrect type information on SpeculativeSafeIntegerSubtract$50002019-03-19
767635CSP inheritance to cross-origin navigated data URL allows cross-origin info leak$5002019-03-18
907937DCHECK failure in (pending_foreground_task_) == nullptr in module-compiler.cc-2019-03-18
912980Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException-2019-03-17
911416Security: SEGV_ACCERR in Symbol.prototype.description hash calc-2019-03-16
912600Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-16
912596Use-of-uninitialized-value in v8::internal::Simulator::FPCompare-2019-03-16
912601Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-16
912693Global-buffer-overflow in CreateECCBlock-2019-03-16
912646Use-of-uninitialized-value in dawn_native::DeviceBase::Release-2019-03-16
883265CrOS: Vulnerability reported in net-misc/curl-2019-03-15
904182Downloaded .desktop file execution in Linux-2019-03-15
907211Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId-2019-03-15
909865Security: iframe.contentWindow.location.href can bypass CSP for javascript URLs$10002019-03-15
910663Crash in Builtins_PromiseRejectReactionJob-2019-03-15
911907DCHECK failure in !is_running_microtasks_ in isolate.cc-2019-03-15
89453UXSS with empty SecurityOrigin$10002019-03-15
456518HTML parser may leave frame element in an incorrect state$75002019-03-15
906383Use-of-uninitialized-value in quic::QuicFramer::ProcessIetfFrameData-2019-03-14
906652Use-of-uninitialized-value in gpu::gles2::ContextState::InitState-2019-03-14
908829Crash in dawn_native::BufferBase::SetSubData-2019-03-14
910210In presence of NetworkService, AppCache may be used to bypass CORB-2019-03-14
911827Bad-cast to dawn_native::DeviceBase from invalid vptr in dawn_native::ValidatingDeviceRelease-2019-03-14
912125Heap-buffer-overflow in fxcrt::WideString::SetAt-2019-03-14
884511Security: ChromeOS root Command Execution$113372019-03-13
900386Use-of-uninitialized-value in SuperBlitter::blitH-2019-03-13
905542Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2019-03-13
906427Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-03-13
906837User can open browser in sign-in profile from captive profile dialog-2019-03-13
907278Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
907345Use-of-uninitialized-value in dawn_native::DeviceBase::Release-2019-03-13
907386Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
910223DCHECK failure in left != right in macro-assembler-arm.cc-2019-03-13
910903DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-03-13
910852Heap-use-after-free in spvtools::opt::VectorDCE::HasScalarResult-2019-03-13
911155Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
911686Heap-buffer-overflow in SuperBlitter::blitH-2019-03-13
831112CrOS: Vulnerability reported in net-misc/curl-2019-03-12
836148CSP should always inherit same-origin opener's CSP$5002019-03-12
894228CSP bypass with blob URL$10002019-03-12
901605CrOS: Vulnerability reported in media-libs/tiff-2019-03-12
905301Security: CSP does not propagate to blob: URIs$10002019-03-12
908207Security: CSP(Content-security-policy) vulnerabilities are not completely repaired in Chrome 70.0.3538.110 and can still be bypassed-2019-03-12
909990unknow memory write in v8-2019-03-12
905571Use-of-uninitialized-value in extensions::ChromeExtensionsBrowserClient::GetOriginalContext-2019-03-10
910480Heap-buffer-overflow in safe_browsing::PeImageReader::EnumCertificates-2019-03-10
910850CHECK failure: size <= elements()->length() || elements() == ReadOnlyRoots(isolate).empty_fixed-2019-03-10
867807Security: Symlinks on user-supplied file systems allow are risky-2019-03-09
898306Raw cookies are disclosed to cross-site renderer (in presence of DevTools and NetworkService)-2019-03-09
910593Crash in VisitPointersImpl<v8::internal::ObjectSlot>-2019-03-09
910632Crash in FromHeapObject-2019-03-09
910634Crash in MemCopy-2019-03-09
910662Crash in void v8::internal::EvacuateVisitorBase::RawMigrateObject<-2019-03-09
904265OOB operation in swiftshader's JIT$10002019-03-08
908834Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-03-08
909678CrOS: Vulnerability reported in net-vpn/strongswan-2019-03-08
909796Bad-cast to blink::StringResource8 from blink::ParkableStringResource8 in blink::V8Element::GetElementsByClassNameMethodCallback-2019-03-08
909976Heap-use-after-free in v8::internal::Scope::Snapshot::RestoreEvalFlag-2019-03-08
910247Global-buffer-overflow in blink::Element::HasPart-2019-03-08
884917shill privilege escalation-2019-03-07
895117Heap-use-after-free in hb_buffer_t::replace_glyphs-2019-03-07
903500Potential Use-After-Free in ui/accessibility/ax_tree.cc-2019-03-07
906436Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-03-07
906465Global-buffer-overflow in CBC_PDF417HighLevelEncoder::EncodeText-2019-03-07
907324Heap-buffer-overflow in v8::internal::wasm::WasmDecoder<1>::OpcodeLength-2019-03-07
907524Heap-use-after-free in content::ResolveProxyMsgHelper::OnProxyLookupComplete-2019-03-07
908749Security: WebGL heap-buffer-overflow in clearBufferuiv()$10002019-03-07
909609Use-after-poison in blink::V8Element::PartAttributeGetterCallbackForMainWorld-2019-03-07
908975DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc-2019-03-07
909613Use-after-poison in blink::Element::HasPart-2019-03-07
909643Use-after-poison in blink::PartNames::PartNames-2019-03-07
909656Crash in Builtins_TestEqualHandler-2019-03-07
909648Use-after-poison in blink::V8Element::PartAttributeGetterCallbackForMainWorld-2019-03-07
909691Crash in v8::internal::FunctionCallbackArguments::Call-2019-03-07
910042Use-after-poison in blink::AddToSet-2019-03-07
900910Multiple vulnerabilities in sqlite; Cast is 1 attack vector/target$103372019-03-06
904057Crash in Builtins_PromiseRejectReactionJob-2019-03-06
904368Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2019-03-06
904772Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2019-03-06
907427Security: pdfium heap-use-after-free-2019-03-06
907430Security: pdfium SEGV on unknown address / wild jump$30002019-03-06
907479Use-of-uninitialized-value in v8::internal::CopyDoubleToObjectElements-2019-03-06
907714Debug check failed JSFunction::GetDerivedMap$10002019-03-06
908877DCHECK failure in obj->IsHashTable() || obj->IsPropertyArray() || obj->IsFixedArray() || obj->IsJS-2019-03-06
909588Crash in v8::internal::JSNumberFormat::set_locale-2019-03-06
805557Security: DevTools protocol clients (e.g. extensions) can read arbitrary local files via DOM.setFileInputFiles$20002019-03-05
873453CrOS: Vulnerability reported in dev-libs/openssl-2019-03-05
904167DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(ptr()) in objects.h-2019-03-05
906043Security: Tianfu CUP RCE-2019-03-05
907847Heap-buffer-overflow in shill::Nl80211Frame::Nl80211Frame-2019-03-05
908183Global-buffer-overflow in v8::internal::KeywordOrIdentifierToken-2019-03-05
908199Global-buffer-overflow in v8::internal::Scanner::ScanIdentifierOrKeywordInnerSlow-2019-03-05
908202Global-buffer-overflow in v8::internal::PerfectKeywordHash::Hash-2019-03-05
908231DCHECK failure in parse_lazily() implies allow_lazy_ in parser.cc-2019-03-05
908282Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-03-05
908292Security: heap-use-after-free in __tree_next_iter$5002019-03-05
908304Security: chrome.wallpaper and chrome.wallpaperPrivate issues$10002019-03-05
908495DCHECK failure in !AllowHeapAllocation::IsAllowed() in string-inl.h-2019-03-05
904026DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc-2019-03-04
904219Security: Sites can open extension pages using WindowClient.navigate$5002019-03-04
906305UAF in Network Service in CorsURLLoaderFactory-2019-03-04
907047Security: Possible to retrieve cross-origin image data from canvas$40002019-03-04
908234Global-buffer-overflow in CBC_ErrorCorrection::createECCBlock-2019-03-04
908309Unknown signal in Builtins_InterpreterEntryTrampoline-2019-03-04
908196DCHECK failure in !has_error() implies FunctionKind::kArrowFunction == next_arrow_function_kind_ i-2019-03-02
917897Security: beaconing users via Google Chrome's pdf viewer-2019-03-01
901801Security: Linux: mremap() TLB flush too late with concurrent ftruncate()-2019-03-01
903690Heap-use-after-free in mz_zip_path_compare-2019-03-01
904606DCHECK failure in 0 != kLiftoffAssemblerFpCacheRegs & reg.bit() in liftoff-register.h-2019-03-01
907575DCHECK failure in binop->op() == Token::COMMA in parser.cc-2019-03-01
907669DCHECK failure in !has_error() implies !next_arrow_formals_parenthesized_ in parser-base.h-2019-03-01
907813Bad-cast to media::DecoderFactory from GoogleURLLoaderThrottle in media::DefaultRendererFactory::CreateAudioDecoders-2019-03-01
907814Heap-use-after-free in media::DefaultRendererFactory::CreateAudioDecoders-2019-03-01
907815Bad-cast to media::DefaultRendererFactory from invalid vptr in base::internal::Invoker<base::internal::BindState<std::__1::vector<std::__1::unique_ptr<media::AudioDecoder, std::__1::default_delete<media::AudioDecoder> >, std::__1::allocator<std::__1::unique_ptr<media::AudioDecoder, std::__1::default_delete<media::AudioDecoder> > > >-2019-03-01
906457Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-02-28
906313redefine unconfiguable length attribute of array object$30002019-02-27
906349Incorrect-function-pointer-type in dawn_wire::server::Server::Server-2019-02-27
906391Crash in dawn_native::SwapChainBuilder::SetImplementation-2019-02-27
906893ASSERT: CSA_ASSERT failed: IsFastRegExpWithOriginalExec(context, regexp)-2019-02-26
906975Global-buffer-overflow in CBC_ErrorCorrection::createECCBlock-2019-02-26
906220DCHECK failure in index >= 0 in escape-analysis.cc-2019-02-25
906334Stack-use-after-scope in blink::ExpandEndToSentenceBoundary-2019-02-24
896114Use-of-uninitialized-value in blink::WorkletAnimation::UpdateCompositingState-2019-02-23
904093Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-02-23
905614CVE-2018-16658 CrOS: Vulnerability reported in Linux kernel-2019-02-23
906280Stack-use-after-scope in blink::ExpandEndToSentenceBoundary-2019-02-23
891521Uninitialized-read when constructing DnsResponse from DnsQuery-2019-02-22
894020CrOS: Vulnerability reported in media-libs/tiff-2019-02-22
899209CrOS: Vulnerability reported in media-libs/tiff-2019-02-22
903566DCHECK failure in array->HasFastPackedElements() in js-list-format.cc-2019-02-22
904241Security: Type confusion in blink::GetTypeExtension$50002019-02-22
904545Use-after-poison in v8::internal::BufferedCharacterStream<v8::internal::ExternalStringStream>::ReadB-2019-02-22
904655Crash in mz_stream_mem_read-2019-02-22
904736Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp in ld-linux-x86-64.so.2-2019-02-22
904714heap-use-after-free on sw::Renderer::finishRendering$30002019-02-22
905587DCHECK failure in token.invalid_template_escape_message == MessageTemplate::kNone in scanner.cc-2019-02-22
905907DCHECK failure in (function_) == nullptr in scopes.cc-2019-02-22
904027Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-02-21
619166Universal XSS with global proxies, interceptors, and synchronous page loads$75002019-02-21
354123UXSS with Object.setPrototypeOf$50002019-02-21
590275Internal object leak in ModuleSystem::RequireForJsInner => Universal XSS$75002019-02-21
546677Universal XSS with SendRequestNatives::GetGlobal$75002019-02-21
601073Security: Universal XSS in extension bindings$75002019-02-21
504011Security: Cross-origin scripting possible via module system leak$75002019-02-20
901307CVE-2018-10902 CrOS: Vulnerability reported in Linux kernel-2019-02-20
903440Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::GetScrollableArea-2019-02-20
904138Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId-2019-02-20
904272Debug check failed in DefineClass-2019-02-20
904688Crash in blink::LocalDOMWindow::document-2019-02-20
904806Bad-cast to blink::DOMTimer from blink::TimerBase in blink::TraceTrait<blink::DOMTimer>::Trace-2019-02-20
902672CSA_ASSERT in Array.p.join-2019-02-19
902691Use-of-uninitialized-value in vp8_signed_char_clamp-2019-02-19
902621Use-of-uninitialized-value in blink::AXObjectCacheImpl::GetOrCreate-2019-02-18
903697CHECK failure: heap_->Contains(object) in heap.cc-2019-02-18
904036Use-of-uninitialized-value in blink::AXObjectCacheImpl::GetOrCreate-2019-02-18
903701Use-of-uninitialized-value in SkColorTypeToGrColorType-2019-02-17
881252Crash in v8::internal::Simulator::LoadStorePairHelper-2019-02-16
896326Crash in MemoryWrite<unsigned-2019-02-16
903245DCHECK failure in index >= 0 && index < this->capacity() in fixed-array-inl.h-2019-02-16
903586Use-after-poison in blink::SetWeakCallbackForGCObservation-2019-02-16
903790Bad-cast to blink::SVGPropertyBase from invalid vptr in blink::MarkingVisitor::Visit-2019-02-16
645211Security: Universal XSS using blink::HTMLMarqueeElement$75002019-02-16
516377UAF/DOM tree corruption in blink::ContainerNode::parserRemoveChild$75002019-02-16
464552Heap-use-after-free in blink::ContainerNode::attach$75002019-02-16
616225Security: Universal XSS in V8Console::memoryGetterCallback$75002019-02-16
896736Security: use-after-poison in blink::AsyncMethodRunner<class blink::MediaRecorder>::RunAsync$30002019-02-15
902608Crash in GetValueByObjectIndex-2019-02-15
902610Crash in Builtins_MovExtraWideHandler-2019-02-15
903070ASSERT: CSA_ASSERT failed: IsStrong(object)-2019-02-15
903231Use-of-uninitialized-value in send_delete_event-2019-02-15
543292Security: Integer type and overflow problems in crazy linker-2019-02-14
899126Security: malicious WPAD server can proxy localhost (leading to XSS in http://localhost:*/*)-2019-02-14
902395Security: bytecode-graph-builder values_[index] != builder()->jsgraph()->OptimizedOutConstant()-2019-02-14
902552DCHECK failure in AllowCodeDependencyChange::IsAllowed() in objects.cc-2019-02-14
902693Heap-use-after-free in mz_zip_entry_is_dir-2019-02-14
830177Presentation API doesn't show initiator info for opaque origin-2019-02-13
895336Security: Release the Kraken: New KRACKs in the 802.11 Standard-2019-02-13
895942CHECK failure: bcp47_length == parsed_length in intl-objects.cc-2019-02-13
901651Use-of-uninitialized-value in content::BlinkTestController::CompositeAllFramesThen-2019-02-13
901782Crash in mz_stream_mem_read-2019-02-13
902208Heap-use-after-free in views::InkDropHostView::OnMouseEvent-2019-02-13
897263Security: potential integer overflow in SkStreamBuffer.cpp-2019-02-12
900552Heap-use-after-free in CPDF_OCContext::CheckOCGVisible$30002019-02-12
901633ASSERT: CSA_ASSERT failed: Torque assert 'srcPos <= GetReceiverLengthProperty(sortState)-2019-02-12
901598Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2019-02-12
901944ASSERT: CSA_ASSERT failed: IntPtrOrSmiLessThanOrEqual( capacity, IntPtrOrSmiConstant(JSA-2019-02-12
901040Unknown signal in libv8.so-2019-02-11
883666Security: Skia integer-overflow in SkPathRef::resetToSize()-2019-02-09
884473Security: Skia heap-buffer-overflow in SkMaskBlurFilter::blur()-2019-02-09
901030Heap-buffer-overflow in bool WTF::TextCodecUTF8::HandlePartialSequence<unsigned short>$30002019-02-09
520275Chromium Prerender page is able to play voice synthesis audio before going to page-2019-02-08
890576heap buffer overflow in skia::SkTDPQueue::insert$30002019-02-08
898785ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2019-02-08
526404Security: events can be tracked inside PDF viewer for cross origin PDFs-2019-02-07
849421Security: IDN URL spoofing - "ଠ" can be used to spoof "o2.co.uk"-2019-02-07
891559Use-of-uninitialized-value in blink::AXObjectCacheImpl::ChildrenChanged-2019-02-07
891697Security: macOS: the option to "Allow JavaScript From Apple Events" can easily be activated by malicious apps.$5002019-02-07
896717Security: IDN URL Spoofing with U+02ec$5002019-02-07
896987Security: Skia heap-buffer-overflow in SkGenerateDistanceFieldFromA8Image-2019-02-07
899537Crash in v8::internal::interpreter::BytecodeGenerator::BuildVariableAssignment-2019-02-07
900087Bad-cast to content::RenderFrameHost from invalid vptr in content::BlinkTestController::CompositeNodeQueueThen-2019-02-07
900474Unknown signal in libv8.so-2019-02-07
900451Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2019-02-07
900560DCHECK failure in ok == (result != nullptr) in parser.cc-2019-02-07
892646Security: Gujarati digits could lead to idn spoof-2019-02-06
900133Security: assert 'value == Float64SilenceNaN(value)' failed at ../../src/builtins/array-reverse.tq:53:-2019-02-06
898147Security: Imageloader allows mounting of components over almost arbitrary file system paths-2019-02-05
899495DCHECK failure in (expression) != nullptr in parser.h-2019-02-05
900103Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-02-05
900104Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-02-05
896776Security: Skia: Out-of-bounds Read in src/codec/SkSwizzler$10002019-02-04
899464ASSERT: CSA_ASSERT failed: Word32Or(Word32Equal(var_unicode.value(), zero), Word32Equal(-2019-02-04
895081Security: Markup injection is possible in the Preview feature in the Developer Tools due to mishandling of URI encoded strings$5002019-02-02
895084CrOS: Vulnerability reported in dev-libs/libxml2-2019-02-02
899212CrOS: Vulnerability reported in dev-libs/libxml2-2019-02-02
899133DCHECK failure in success in pattern-rewriter.cc-2019-02-02
899294Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser-2019-02-02
893176Heap-buffer-overflow in translate-2019-02-01
897491ASSERT: mutex->__data.__owner == 0-2019-02-01
897510Heap-use-after-free in GrCCPathCache::find-2019-02-01
898343Security: Idn spoof checker not checking some domains properly-2019-02-01
898531Security: Use-after-free in CPWL_Wnd::Destroy$50002019-02-01
898936DCHECK failure in is_async implies classifier()->is_valid_async_arrow_formal_parameters() in parse-2019-02-01
896725Security: IDN URL Spoofing with U+0a24-2019-01-31
897413Heap-use-after-free in GrCCPathCache::purgeAsNeeded-2019-01-31
897512Security: assert 'srcPos <= GetReceiverLengthProperty(sortState) - length' at array-sort.tq:613:$10002019-01-31
898452Crash in SkTHashTable<GrCCPathCache::HashNode, GrCCPathCache::HashKey, GrCCPathCache::Has-2019-01-31
833847SameSite Lax bypass with multiple-nested scenarios$10002019-01-30
864286Stealing cross-origin video pixel with HLS$40002019-01-30
896722Security: IDN URL Spoofing with U+0a67-2019-01-30
897366DCHECK failure in *p != to_check_ in heap.cc-2019-01-30
897409Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2019-01-30
897404ASSERT: CSA_ASSERT failed: IntPtrOrSmiGreaterThan(capacity, IntPtrOrSmiConstant(0, mode)-2019-01-30
897436ASSERT: CSA_ASSERT failed: TaggedDoesntHaveInstanceType(value, JS_PROMISE_TYPE)-2019-01-30
897455Heap-buffer-overflow in SimplifyDebug-2019-01-30
897514ASSERT: CSA_ASSERT failed: Word32Equal(DecodeWord32<PropertyDetails::KindField>(details)-2019-01-30
897766DCHECK failure in next().location.beg_pos == static_cast<int>(position) in scanner.cc-2019-01-30
897815CHECK failure: start_position == start_position_from_data in preparsed-scope-data.cc-2019-01-30
897999Heap-use-after-free in Browser::~Browser-2019-01-30
898031Use-of-uninitialized-value in libgtkui::SelectFileDialogImplGTK::~SelectFileDialogImplGTK-2019-01-30
898455DCHECK failure in IrOpcode::kSpeculativeNumberEqual != node->opcode() in simplified-lowering.cc-2019-01-30
881247Fatal error related to field tracking-2019-01-29
892904Security: crosvm: integer overflow in PluginVcpu::handle_request$50002019-01-29
894399Security: window.location update methods don't always restrict access to local resources$20002019-01-29
897395Use-of-uninitialized-value in SkImageGenerator::queryYUVA8-2019-01-29
897110CSA_ASSERT failed: IsFastElementsKind(LoadElementsKind(array))$5002019-01-28
897439Crash in SkTHashTable<GrCCPathCache::HashNode, GrCCPathCache::HashKey, GrCCPathCache::Has-2019-01-28
882876Crash in _platform_memmove$VARIANT$Nehalem-2019-01-26
896986DCHECK failure in Token::ARROW == peek() in parser-base.h-2019-01-26
891187Security: heap-use-after-free in blink::AudioNodeOutput::Pull$30002019-01-25
896619Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-01-25
695474Broken prefetch links can exfiltrate adjacent page text$5002019-01-24
856135heap-use-after-free in ProfileCompare::operator()$5002019-01-24
863663Security:IDN url spoofing using U+0517(ԗ)-2019-01-24
895799DCHECK failure in isolate->context() == nullptr || isolate->context()->IsContext() in runtime-inte-2019-01-24
895885\u0909, \u0993 may lead to IDN URL Spoof-2019-01-24
895970Update expat to latest stable-2019-01-24
896117Bad-cast to pdfium::base::PartitionRootGeneric from invalid vptr in FPDF_InitLibraryWithConfig-2019-01-24
896206Heap-use-after-free in drivefs::DriveFsHost::MountState::OnMountEvent-2019-01-24
894812Security: Extensions can temporarily persist file access, even after it's been revoked-2019-01-23
895152Security: Heap-use-after-free in CJS_Document::get_info$50002019-01-23
895207Security: IDN URL Spoofing with U+10de-2019-01-23
721833Security: %2e in Set-Cookie domain attribute treated as equivalent to "."-2019-01-22
888318CVE-2018-10880 CrOS: Vulnerability reported in Linux kernel-2019-01-22
894673Heap-buffer-overflow in blink::ImageDecoderWrapper::Decode-2019-01-22
895009Negative-size-param in CFX_CodecMemory::Consume-2019-01-22
894934Stack-buffer-overflow in v8::internal::GenerateSourceString-2019-01-22
895048CHECK failure: marking_state_->IsBlackOrGrey(object) in mark-compact.cc-2019-01-22
895441DCHECK failure in kFullTransitionArray == encoding() in transitions.cc-2019-01-22
895199DCHECK failure in restriction_type.Is(info->restriction_type()) in simplified-lowering.cc-2019-01-21
895083Use-of-uninitialized-value in storage::DatabaseTracker::UpdateOpenDatabaseInfoAndNotify-2019-01-21
879544CVE-2018-13053 CrOS: Vulnerability reported in Linux kernel-2019-01-19
895026Heap-use-after-free in fxcrt::UnownedPtr<unsigned char const>::ProbeForLowSeverityLifetimeIssue-2019-01-19
851821Security: Chrome PDF reader has no restrictions/user confirmation on URI action-2019-01-18
866426Security: debugger extension API is too powerful-2019-01-18
894374[liftoff] [ia32] Debug check failed: !unpinned.is_empty()-2019-01-18
849942ServiceWorker circumvents same-origin restrictions for Audio$10002019-01-17
879512Heap-use-after-free in fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue-2019-01-17
892598CVE-2018-10883 CrOS: Vulnerability reported in Linux kernel-2019-01-17
892643Stack-use-after-return in gpu::raster::ClientFontManager::Serialize-2019-01-17
888268Security: Open restriction url by google optimize-2019-01-16
799747CSP bypass with blob URL$10002019-01-15
839250Heap-use-after-free in content::ClipboardHostImpl::ReadText-2019-01-15
889459Security: remote code execution attack chain$10002019-01-15
890558Data URLs can be loaded on the top frame using iOS Mobile Chrome$5002019-01-15
893096[wasm] Code space management broken on windows-2019-01-14
892858Global-buffer-overflow in MemoryRead<unsigned-2019-01-14
850824Self-XSS via modal, window.open, and delayed navigation$20002019-01-12
870119Heap-buffer-overflow in translate-2019-01-12
843151use-after-poison in operator-> (from HTMLImportsController::Dispose)$5002019-01-11
878130Security: Samba CVEs were missed by Vomit, and an uprev is needed-2019-01-11
878353CVE-2018-13406 CrOS: Vulnerability reported in Linux kernel-2019-01-11
884932Extensions can intercept sensitive browser initiated requests-2019-01-11
889724Upstart variable import filtering doesn't work correctly-2019-01-11
891210Security: Use-after-free in CFFL_FormFiller::KillFocusForAnnot$30002019-01-11
892026Crash in AtomicallySetQuarantineFlagIfAllocated-2019-01-11
892472DCHECK failure in code->kind() == Code::OPTIMIZED_FUNCTION in frames.cc-2019-01-11
874397Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2019-01-10
877791CHECK failure: it->second == vreg in register-allocator-verifier.h-2019-01-10
881659Security: URL Spoofing via Bidirectional Domain Names$20002019-01-10
888321CVE-2018-14609 CrOS: Vulnerability reported in Linux kernel-2019-01-10
891627CHECK failure: NumberModulus of kRepWord32 ((MinusZero | Range(-1, 0))) cannot be changed to kR-2019-01-10
891668CVE-2018-10901 CrOS: Vulnerability reported in Linux kernel-2019-01-10
848521Security: Heap overflow write in SkEdgeBuilder::buildPoly-2019-01-09
886976Security: Site Isolation bypass using Blob URL$80002019-01-08
888001Security: Site Isolation bypass using FileSystem URL$5002019-01-08
888319CVE-2018-10881 CrOS: Vulnerability reported in Linux kernel-2019-01-08
888315CVE-2018-10877 CrOS: Vulnerability reported in Linux kernel-2019-01-08
888329CVE-2018-14617 CrOS: Vulnerability reported in Linux kernel-2019-01-08
889448Security: Integer overflow in Linux's create_elf_tables()-2019-01-08
890553DCHECK failure in (function_) == nullptr in scopes.cc-2019-01-08
882270Security: url spoofing using 304 status code$5002019-01-08
864283Stealing cross-origin video pixel with HLS$40002019-01-08
890609CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsTransitionArray()) in tran-2019-01-07
888312CVE-2017-2618 CrOS: Vulnerability reported in Linux kernel-2019-01-05
888366heap-use-after-free on incontent::RenderFrameHostImpl::AudioContextPlaybackStarted(int)$55002019-01-05
889450Security: potential local priviledge escalation bug in vmacache code-2019-01-05
877843Heap-buffer-overflow in rtc::BitBuffer::PeekBits-2019-01-04
880665Heap-use-after-free in base::debug::TaskAnnotator::RunTask-2019-01-04
888320CVE-2018-10882 CrOS: Vulnerability reported in Linux kernel-2019-01-04
888678Heap-use-after-free in content::KeyboardLockServiceImpl::GetKeyboardLayoutMap-2019-01-04
888926Security: UaF in Appcache-2019-01-04
606104Chrome for Android - Modal dialog being executed after window.open is called allows for URL Spoofing$20002019-01-03
884778dc: add a --sandbox flag-2019-01-03
888923Security: Chrome RCE-2019-01-03
889441Use-of-uninitialized-value in blink::LocalFrameUkmAggregator::RecordPrimarySample-2019-01-03
817851CUPS: eliminate use of symlink in /var/spool/cups-2019-01-02
887273Security:Chrome URL Spoofing in Omnibox$30002019-01-02
886753Security: use-after-poison in MarkSheetListDirty$30002019-01-02
888299CHECK failure: !maybe_skeleton.FromJust().empty() in js-date-time-format.cc-2019-01-02
888825DCHECK failure in byte_data_->size() % ByteData::kSkippableFunctionDataSize == ByteData::kPlacehol-2019-01-02
882423Security: Skia heap use-after-freed in SkPath::addPath$10002019-01-01

Questions? Ask @SecurityMB