765512
|
Security: METHOD_LOCALTIME browser->renderer infoleak
|
$3337
|
2017-12-31
|
616671
|
Security: PDFium: Yet Another Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline
|
-
|
2017-12-30
|
705778
|
Android: Omnibox doesn't elide origins correctly
|
-
|
2017-12-30
|
760032
|
Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline
|
-
|
2017-12-30
|
765301
|
Crash in v8::internal::Invoke
|
-
|
2017-12-30
|
765495
|
Security: heap-use-after-free ScriptProcessorHandler::FireProcessEvent
|
$3000
|
2017-12-30
|
767052
|
Crash in v8::internal::Invoke
|
-
|
2017-12-30
|
766957
|
Security: UAF in CPWL_Edit::OnChar
|
$5000
|
2017-12-30
|
767959
|
Crash in v8::internal::Invoke
|
-
|
2017-12-30
|
730379
|
Heap-buffer-overflow in displayP4
|
-
|
2017-12-29
|
656479
|
Security: heap-buffer-overflow in pdfium
|
-
|
2017-12-28
|
766996
|
CrOS: Vulnerability reported in net-nds/openldap
|
-
|
2017-12-28
|
750239
|
Security: IDN spoofing with Combining Dot Above U+0307
|
$500
|
2017-12-27
|
761710
|
Heap-use-after-free in v8::Shell::RealmCurrent
|
-
|
2017-12-27
|
762904
|
CVE-2017-14156 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-27
|
765871
|
CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #NUMBER in simplifi
|
-
|
2017-12-27
|
765921
|
Security: UAF in CPWL_Caret::SetCaret
|
$5000
|
2017-12-27
|
627300
|
Security: ChromeVox on ChromeOS uses HTTP without SSL for some requests:
|
$500
|
2017-12-26
|
682707
|
Security: DCHECK failure in MessagePort destructor in Blink
|
-
|
2017-12-26
|
764477
|
Security: Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
|
-
|
2017-12-25
|
765433
|
Security: V8 JIT escape analysis bug
|
$7500
|
2017-12-25
|
760445
|
Stack-buffer-overflow in content::BlinkTestController::OnAllServiceWorkersCleared
|
-
|
2017-12-24
|
760455
|
Security: Use-after-free in CPWL_Edit::OnKillFocus()
|
$3000
|
2017-12-23
|
764320
|
Heap-use-after-free in _ZN7logging22MakeCheckOpValueStringIPcEENSt3__19enable_ifIXaasr4base8internal23S
|
-
|
2017-12-23
|
765647
|
Use-of-uninitialized-value in mojo::edk::Core::CreateDataPipe
|
-
|
2017-12-23
|
765384
|
Security: UAF in CFFL_InteractiveFormFiller::OnBeforeKeyStroke
|
$3000
|
2017-12-23
|
763842
|
Security: WebRtc - Heap Buffer Overflow in cricket::Codec::Matches()
|
$1000
|
2017-12-22
|
764177
|
Security: PDFium Out-Of-Bounds Read in CJPX_Decoder::Decode
|
$3000
|
2017-12-22
|
759354
|
Heap-use-after-free in blink::PaintLayerScrollableArea::Box
|
-
|
2017-12-21
|
761615
|
CVE-2017-14051 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-20
|
762487
|
Security: Broadcom WiFi firmware vulnerabilities CVE-2017-11122 CVE-2017-11120
|
-
|
2017-12-20
|
762903
|
CVE-2017-14140 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-20
|
763645
|
CVE-2017-13715 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-20
|
763683
|
DCHECK failure in !__isolate__->has_pending_exception() in runtime-proxy.cc
|
-
|
2017-12-20
|
763724
|
Heap-use-after-free in SkImage::getTextureHandle
|
-
|
2017-12-20
|
764425
|
CVE-2017-1000251: CrOS: Security: Blueborne vulnerabilities in bluetooth stacks
|
-
|
2017-12-20
|
761278
|
Security DCHECK failure: !object || (object->IsARIARow()) in AXARIAGridRow.h
|
-
|
2017-12-19
|
761801
|
Security: heap-use-after-free in WebAudio
|
$3000
|
2017-12-19
|
762374
|
Security: PDFium Heap Buffer Overflow Vulnerability in OpenJPEG
|
$6337
|
2017-12-19
|
762439
|
Security: Check brcmfmac to see whether bcmdhd vulnerabilities are present
|
-
|
2017-12-19
|
763383
|
DCHECK failure in IsWasmExportedFunction(object) in wasm-objects.cc
|
-
|
2017-12-19
|
764073
|
Unknown exception in RaiseException
|
-
|
2017-12-19
|
764196
|
CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug
|
-
|
2017-12-19
|
762874
|
Security: off by one in TurboFan range optimization for String.indexOf
|
-
|
2017-12-18
|
759355
|
Use-of-uninitialized-value in blink::LayoutText::LocalSelectionRect
|
-
|
2017-12-17
|
756563
|
Security: Out-Of-Bounds Read Vulnerability in Skia
|
$1000
|
2017-12-16
|
759288
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2017-12-16
|
762106
|
PDFium TIFF Image Flate Decoder Code Execution Vulnerability
|
$2000
|
2017-12-16
|
763097
|
Security: One byte OOB write in DTLS
|
-
|
2017-12-15
|
761831
|
DCHECK failure in !already_resolved_ in scopes.cc
|
-
|
2017-12-14
|
762472
|
DCHECK failure in !isolate->has_pending_exception() in asm-js.cc
|
-
|
2017-12-14
|
762451
|
CVE-2017-14106 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-14
|
761617
|
Heap-use-after-free in blink::BaseAudioContext::IsDestinationInitialized
|
-
|
2017-12-13
|
761626
|
Stack-buffer-overflow in FPDFText_GetText
|
-
|
2017-12-13
|
761639
|
DCHECK failure in !receiver_map->IsJSGlobalObjectMap() in ic.cc
|
-
|
2017-12-13
|
761654
|
CHECK failure: len->ToUint32(&int_l) in builtins-typedarray.cc
|
-
|
2017-12-13
|
749031
|
CVE-2017-11472: CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-09
|
749032
|
CVE-2017-11473: CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-09
|
749033
|
CVE-2017-7542: CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-09
|
759287
|
CVE-2017-12762 CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-12-09
|
761126
|
Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::LayoutObject::ContainerForFixedPosition;blink::LayoutObject::Container
|
-
|
2017-12-09
|
761376
|
Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::ReplaceSelectionCommand::DoApply;blink::CompositeEditCommand::Apply
|
-
|
2017-12-09
|
761354
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in objects-inl
|
-
|
2017-12-09
|
611420
|
WebAccessibleResources take too long to make a decision about loading if the extension is installed
|
-
|
2017-12-08
|
745580
|
Security: Chrome extensions UI does not respect IDN display policy
|
-
|
2017-12-08
|
759224
|
Security: Memory Corruption in Chrome
|
-
|
2017-12-08
|
759111
|
Security: Rendertron bugs
|
-
|
2017-12-07
|
760116
|
DCHECK failure in scope_data->get(index_++) == static_cast<uint32_t>(name->length()) in preparsed-
|
-
|
2017-12-07
|
760112
|
Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'
|
-
|
2017-12-07
|
760793
|
Use-of-uninitialized-value in InstantController::ResetInstantTab
|
-
|
2017-12-07
|
740278
|
Unused attributes may be read out-of-bounds by drivers
|
-
|
2017-12-06
|
749228
|
Security: buffer overrun in ReplaceSubstringsAfterOffset
|
-
|
2017-12-06
|
752003
|
Security: URL spoofing via crafted flash file and UI overlay
|
$1000
|
2017-12-06
|
754424
|
Use-of-uninitialized-value in Document::MergePartialFromCodedStream
|
-
|
2017-12-06
|
756316
|
Heap-use-after-free in extensions::ExtensionMessageBubbleController::UpdateExtensionIdList
|
-
|
2017-12-06
|
755854
|
afl_webcrypto_rsa_import_key_pkcs8_fuzzer <no crash state available>
|
-
|
2017-12-06
|
759294
|
Heap-buffer-overflow in media::mp4::TrackRunIterator::IsSampleEncrypted
|
-
|
2017-12-06
|
760035
|
Global-buffer-overflow in media::VideoDecodeStatsReporter::UpdateFrameRateStability
|
-
|
2017-12-06
|
760049
|
Bad-cast to const media::mp4::VideoSampleEntry from invalid vptr;media::mp4::TrackRunIterator::Init;media::mp4::MP4StreamParser::ParseMoof
|
-
|
2017-12-06
|
760268
|
DCHECK failure in __isolate__->has_scheduled_exception() in runtime-proxy.cc
|
-
|
2017-12-06
|
598265
|
Security: Bypassing web_accessible_resources protections
|
$500
|
2017-12-05
|
752423
|
[wasm] OOB access in v8 wasm after Symbol.toPrimitive overwrite
|
$3000
|
2017-12-05
|
756289
|
Use-of-uninitialized-value in fclamp
|
-
|
2017-12-05
|
757705
|
Security: heap-use-after-free(ProbeForLowSeverityLifetimeIssue) in PDFium
|
-
|
2017-12-05
|
759624
|
V8 type confusion in Web Assembly [
|
$7500
|
2017-12-05
|
760056
|
Heap-use-after-free in TetrahedralInterpFloat
|
-
|
2017-12-05
|
271996
|
SOP not observed for local storage for file: URLs
|
-
|
2017-12-05
|
757199
|
DCHECK failure in result->owns_descriptors() in objects.cc
|
-
|
2017-12-04
|
743135
|
Crash in TetrahedralInterpFloat
|
-
|
2017-12-02
|
752725
|
Heap-buffer-overflow in TetrahedralInterpFloat - pdf_codec_icc_fuzzer
|
-
|
2017-12-02
|
756523
|
Use-of-uninitialized-value in content::mojom::URLLoaderFactoryStubDispatch::Accept
|
-
|
2017-12-02
|
757412
|
Bad-cast to content::ResourceMessageFilter from invalid vptr;content::ResourceMessageFilter::CreateLoaderAndStart;content::mojom::URLLoaderFactoryStubDispatch::Accept
|
-
|
2017-12-02
|
758283
|
Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'
|
-
|
2017-12-02
|
758472
|
DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod
|
-
|
2017-12-02
|
749851
|
Bad-cast to media::WebMediaPlayerImpl from content::WebMediaPlayerMS;content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl;content::RendererBlinkPlatformImpl::CreateHTMLVideoElementCapturer
|
-
|
2017-12-01
|
755007
|
conent_shell: Heap-use-after-free in net::NetLog::AddEntry
|
-
|
2017-12-01
|
757217
|
DCHECK failure in !it.done() in module-compiler.cc
|
-
|
2017-11-30
|
757506
|
UAF in in CPWL_ListCtrl::~CPWL_ListCtrl()
|
-
|
2017-11-30
|
758096
|
CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #5 in simplified-lo
|
-
|
2017-11-30
|
755044
|
DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h
|
-
|
2017-11-29
|
755056
|
Security: It is currently possible to sideload non Play Store apks on a Chromebook in Verified Boot (non-Dev) mode via adb.
|
$500
|
2017-11-29
|
756522
|
Heap-use-after-free in blink::PaintController::CommitNewDisplayItems
|
-
|
2017-11-29
|
747847
|
Security: CSP not inherited after navigation to JavaScript scheme uri
|
$1000
|
2017-11-28
|
754145
|
Security: Access to freed stack memory in blink::PerformanceMonitor::Did()
|
$500
|
2017-11-28
|
756733
|
Security: Out of bounds at FindSharedFunctionInfo in v8
|
$3000
|
2017-11-28
|
757227
|
CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug
|
-
|
2017-11-28
|
757157
|
Crash in v8::internal::Invoke
|
-
|
2017-11-26
|
752544
|
Heap-use-after-free in blink::PaintLayerScrollableArea::Box
|
-
|
2017-11-25
|
754205
|
CrOS: CVE-2017-7533: Vulnerability reported in Linux kernel
|
-
|
2017-11-25
|
753722
|
Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed
|
-
|
2017-11-25
|
756332
|
DCHECK failure in !node->is_rewritten() in pattern-rewriter.cc
|
-
|
2017-11-25
|
756608
|
ProxyHasProperty stub crashes when trap is a Smi
|
$3500
|
2017-11-25
|
756959
|
Use-of-uninitialized-value in profiling::MemlogClient::~MemlogClient
|
-
|
2017-11-25
|
756963
|
DCHECK failure in kMaxUInt32 != index_ in lookup.h
|
-
|
2017-11-25
|
755501
|
Heap-use-after-free in media::PipelineIntegrationTestBase::CheckFirstAudioPacketTimestamp
|
-
|
2017-11-24
|
734729
|
Compromised renderer can draw form validation bubbles over omnibox
|
-
|
2017-11-23
|
752796
|
Unknown exception in KERNELBASE.dll after CPDF_Parser::ParseAndAppendCrossRefSubsectionData
|
-
|
2017-11-23
|
732751
|
Security: Referer leakage in chrome debug protocol
|
-
|
2017-11-22
|
751147
|
Heap-use-after-free in blink::InlineFlowBox::RemoveChild
|
-
|
2017-11-22
|
527499
|
Security: SAN-01-001 Angular ngSanitize using Unicode Whitespace & innerHTML in Blink
|
-
|
2017-11-21
|
740367
|
Use-after-poison in blink::EventListenerIterator::NextListener
|
-
|
2017-11-21
|
746909
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h
|
-
|
2017-11-21
|
749397
|
Heap-buffer-overflow in xmlSAX2AttributeNs
|
-
|
2017-11-20
|
750430
|
Heap-buffer-overflow in xmlStrndup
|
-
|
2017-11-20
|
752476
|
Heap-buffer-overflow in GetAt
|
-
|
2017-11-19
|
675658
|
Security: Malicious WebGL page can capture and upload contents of other tabs
|
$2000
|
2017-11-18
|
746517
|
alert() titles from apps leak to webpages in the same process
|
$500
|
2017-11-18
|
750066
|
Security DCHECK failure: i < length_ in StringImpl.h
|
-
|
2017-11-18
|
751193
|
Security DCHECK failure: offset + length <= text.TextLength() in TextRunConstructor.cpp
|
-
|
2017-11-18
|
752480
|
Heap-buffer-overflow in CFX_WideString::GetAt
|
-
|
2017-11-18
|
754231
|
Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath
|
-
|
2017-11-18
|
754560
|
Heap-use-after-free in v8_inspector::InjectedScript::ProtocolPromiseHandler::cleanup
|
-
|
2017-11-18
|
701724
|
Heap-buffer-overflow in v8::internal::Simulator::DecodeType2
|
-
|
2017-11-17
|
751789
|
DCHECK failure in !is_async_function() in parser-base.h
|
-
|
2017-11-17
|
752494
|
Use-after-poison in blink::EventListenerMap::Add
|
-
|
2017-11-17
|
753293
|
Bad-cast to blink::EventListenerblink::EventTarget::TraceWrappers;blink::TraceTrait<blink::AccessibleNode>::TraceMarkedWrapper;blink::ScriptWrappableVisitor::AdvanceTracing
|
-
|
2017-11-17
|
753718
|
Bad-cast to blink::ScriptWrappableblink::DOMDataStore::SetReturnValueFast;blink::V8Window::namedPropertyGetterCustom;blink::V8Window::namedPropertyGetterCallback
|
-
|
2017-11-17
|
754209
|
DCHECK failure in InOldSpace(object) || InNewSpace(object) in heap.cc
|
-
|
2017-11-17
|
754518
|
<no crash state available>
|
-
|
2017-11-17
|
724880
|
Heap-buffer-overflow in gfx::internal::TextRunHarfBuzz::GetClusterAt
|
-
|
2017-11-16
|
752478
|
Use-of-uninitialized-value in check_edge_against_rect
|
-
|
2017-11-16
|
752537
|
Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint
|
-
|
2017-11-16
|
752715
|
Heap-use-after-free in blink::LayoutSelection::ClearSelection
|
-
|
2017-11-16
|
752764
|
DCHECK failure in size <= SeqOneByteString::kMaxSize in heap.cc
|
-
|
2017-11-16
|
752941
|
Heap-buffer-overflow in blink::TextIteratorTextState::AppendTextTo
|
-
|
2017-11-16
|
752832
|
Heap-buffer-overflow in GrTextUtils::DrawDFPosText
|
-
|
2017-11-16
|
753616
|
CHECK failure: Unexpected operator #59:(null) @ node #NUMBER in instruction-selector.cc
|
-
|
2017-11-16
|
753813
|
Use-of-uninitialized-value in SkMatrix::computeTypeMask
|
-
|
2017-11-16
|
753896
|
DCHECK failure in var->mode() == VAR in scopes.cc
|
-
|
2017-11-16
|
754088
|
CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug
|
-
|
2017-11-16
|
697481
|
Use-of-uninitialized-value in FPDFAPI_inflate
|
-
|
2017-11-15
|
735448
|
CHECK failure: Code::WASM_TO_JS_FUNCTION == code->kind() in wasm-interpreter.cc
|
-
|
2017-11-15
|
748472
|
Heap-use-after-free in ui::AXPlatformNodeWin::Destroy
|
-
|
2017-11-15
|
749853
|
Use-after-poison in blink::EventListenerIterator::NextListener
|
-
|
2017-11-15
|
750009
|
Heap-buffer-overflow in mov_read_trun
|
-
|
2017-11-14
|
752149
|
Security: Arbitrary bad cast in optimized Javascript code
|
$7500
|
2017-11-14
|
752481
|
CHECK failure: args[1]->IsJSReceiver() in runtime-object.cc
|
-
|
2017-11-14
|
752491
|
Use-of-uninitialized-value in DES_set_key
|
-
|
2017-11-14
|
752712
|
Crash in v8::internal::Invoke
|
-
|
2017-11-14
|
752829
|
Security: PDFium calls PartitionFree() on heap memory returned by opj_calloc()
|
$3500
|
2017-11-14
|
752833
|
Heap-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase
|
-
|
2017-11-14
|
752846
|
CHECK failure: args[2]->IsJSReceiver() in runtime-proxy.cc
|
-
|
2017-11-14
|
766276
|
Security: persistence with cryptohomed stateful recovery
|
-
|
2017-11-13
|
766275
|
Security: chronos to root with crash reporter and /tmp symlink
|
-
|
2017-11-13
|
766271
|
Security: crosh to chronos with awk injection
|
-
|
2017-11-13
|
766262
|
Security: privesc to war-extensions with PageState
|
-
|
2017-11-13
|
766260
|
Security: WebAsm OOB ArrayBuffer
|
-
|
2017-11-13
|
766253
|
Chrome OS exploit: WebAsm, Site Isolation, crosh, crash reporter, cryptohomed
|
$100000
|
2017-11-13
|
752492
|
Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint
|
-
|
2017-11-12
|
709464
|
Detecting the presence of extensions through timing attacks (including Incognito)
|
-
|
2017-11-11
|
750993
|
Security: heap-use-after-free in PDFium
|
$3000
|
2017-11-11
|
752177
|
Security: `String` not isolated from global in ReadableStream.js, allowing out-of-order JavaScript execution
|
$1000
|
2017-11-11
|
752483
|
CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc
|
-
|
2017-11-11
|
752496
|
Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath
|
-
|
2017-11-11
|
777737
|
Security: Google Chrome renders text file as HTML under file:// protocol
|
-
|
2017-11-10
|
741244
|
Heap-buffer-overflow in media::BitReaderCore::Refill
|
-
|
2017-11-10
|
751062
|
CVE-2017-7541: CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-11-10
|
751672
|
CHECK failure: deopt_data->get(1)->ToInt32(&index) in wasm-interpreter.cc
|
-
|
2017-11-10
|
751109
|
CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc
|
-
|
2017-11-09
|
751403
|
Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow
|
-
|
2017-11-09
|
751463
|
Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow
|
-
|
2017-11-09
|
751404
|
Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow
|
-
|
2017-11-09
|
751572
|
Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow
|
-
|
2017-11-09
|
749260
|
Crash in _sk_gather_bgra_avx
|
-
|
2017-11-08
|
749389
|
Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint
|
-
|
2017-11-08
|
749472
|
Crash in GrAtlasTextBlob::Run::SubRunInfo::maskFormat
|
-
|
2017-11-08
|
749470
|
Crash in _sk_gather_bgra_avx
|
-
|
2017-11-08
|
749895
|
Stack-buffer-overflow in add_aa_span
|
-
|
2017-11-08
|
750016
|
Heap-use-after-free in blink::LayoutTableSection::RowHasVisibilityCollapse
|
-
|
2017-11-08
|
750070
|
Use-of-uninitialized-value in SkTHashTable<SkGlyph, SkPackedGlyphID, SkGlyph::HashTraits>::Slot::empty
|
-
|
2017-11-08
|
750072
|
Use-of-uninitialized-value in SkPackedID::operator==
|
-
|
2017-11-08
|
750071
|
Use-of-uninitialized-value in tt_glyph_load
|
-
|
2017-11-08
|
750416
|
Stack-use-after-return in saturated_add
|
-
|
2017-11-08
|
750438
|
Stack-buffer-overflow in add_aa_span
|
-
|
2017-11-08
|
751055
|
Stack-use-after-return in MaskSuperBlitter::blitH
|
-
|
2017-11-08
|
751358
|
CHECK failure: heap()->InToSpace(object) in mark-compact.cc
|
-
|
2017-11-08
|
751278
|
Crash in v8::internal::VerifyPointersVisitor::VisitPointers
|
-
|
2017-11-08
|
714401
|
Security: NtQueryValueKey may not return null-terminated string
|
-
|
2017-11-07
|
748362
|
Security: Heap-use-after-free in ViewCacheHelper
|
-
|
2017-11-07
|
750420
|
Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath
|
-
|
2017-11-07
|
750435
|
Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::EndNode<>;blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm
|
-
|
2017-11-05
|
750440
|
Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::V8PerContextData::CreateWrapperFromCacheSlowCase;blink::V8PerContextData::CreateWrapperFromCache
|
-
|
2017-11-05
|
734278
|
Null-dereference READ in gpu_angle_passthrough_fuzzer
|
-
|
2017-11-04
|
743082
|
CHECK failure: args[0]->IsJSPromise() in runtime-promise.cc
|
-
|
2017-11-04
|
731138
|
Heap-double-free in celt_header
|
-
|
2017-11-03
|
739621
|
Security: Address bar spoof (repro Issue 648117)
|
$500
|
2017-11-03
|
742380
|
Heap-double-free in ogg_read_close
|
-
|
2017-11-03
|
748942
|
Use-of-uninitialized-value in cc::PaintOpReader::Read
|
-
|
2017-11-03
|
749703
|
Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock
|
-
|
2017-11-03
|
749898
|
Crash in blink::ImageData::CropRect
|
-
|
2017-11-03
|
748069
|
Crash in Append
|
-
|
2017-11-02
|
748539
|
CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d
|
-
|
2017-11-02
|
748695
|
Security: overly permissive policy for dbus services owned by chrome process
|
-
|
2017-11-02
|
748856
|
Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock
|
-
|
2017-11-02
|
696729
|
Incorrect-function-pointer-type in _hb_blob_destroy_user_data
|
-
|
2017-11-01
|
734559
|
Security: ChromeOS PPD Import Check Buffer Overflow
|
$1000
|
2017-11-01
|
739677
|
Security DCHECK failure: i < length_ in StringImpl.h
|
-
|
2017-11-01
|
740591
|
Function expressions in initializers of for-of/in loops are incorrectly scoped
|
-
|
2017-11-01
|
745130
|
Use-of-uninitialized-value in update_current_folder_get_info_cb
|
-
|
2017-11-01
|
748426
|
CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc
|
-
|
2017-11-01
|
748464
|
Heap-use-after-free in ui::AXPlatformNodeWin::Destroy
|
-
|
2017-11-01
|
748465
|
Heap-use-after-free in ui::AXPlatformNodeWin::Destroy
|
-
|
2017-11-01
|
748466
|
Heap-use-after-free in ui::AXPlatformNodeWin::Destroy
|
-
|
2017-11-01
|
748469
|
Use-of-uninitialized-value in cc::LayerTreeHostImpl::SetContentHasNonAAPaint
|
-
|
2017-11-01
|
735912
|
Security: Use-after-free in CPDFSDK_PageView::DeleteAnnot (XFA)
|
$3000
|
2017-10-31
|
747979
|
DCHECK failure in !IsInplaceGeneralizableField(details.constness(), details.representation(), desc
|
-
|
2017-10-31
|
747995
|
Security: WebAssembly signature map is racy
|
-
|
2017-10-31
|
539018
|
the risk of the "auto-download" feature on Google Chrome
|
-
|
2017-10-30
|
746835
|
Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback
|
-
|
2017-10-30
|
746946
|
Security: Chrome Type Confusion leads to Code Execution
|
-
|
2017-10-30
|
747374
|
CHECK failure: #38:JSStackCheck should be followed by IfSuccess/IfException, but is only follow
|
-
|
2017-10-30
|
724785
|
CrOS: CVE-2017-0627 - Vulnerability reported in Linux kernel - UVC driver
|
-
|
2017-10-28
|
730446
|
Heap-buffer-overflow in sbr_x_gen
|
-
|
2017-10-28
|
739147
|
Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset
|
-
|
2017-10-28
|
746769
|
Use-after-poison in blink::CSSPropertyAnimationUtils::ConsumeAnimationShorthand
|
-
|
2017-10-28
|
747188
|
CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc
|
-
|
2017-10-28
|
737023
|
Security: Use-after-free in ResetPDFWindow();
|
$5000
|
2017-10-27
|
744584
|
Fatal error in ../../v8/src/compiler/representation-change.cc, line 1055
|
$3000
|
2017-10-27
|
747154
|
CHECK failure: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow
|
-
|
2017-10-27
|
747359
|
DCHECK failure in pending_layout_change_object_ == nullptr || pending_layout_change_object_ == obj
|
-
|
2017-10-27
|
719835
|
Heap-use-after-free in blink::VisualRectForDisplayItem
|
$2500
|
2017-10-26
|
737384
|
Incorrect-function-pointer-type in getManagedStaticMutex
|
-
|
2017-10-26
|
742659
|
Use-of-uninitialized-value in v8::internal::WasmSharedModuleData::is_asm_js
|
-
|
2017-10-26
|
743614
|
CrOS: CVE-2017-11176: Vulnerability reported in Linux kernel
|
-
|
2017-10-26
|
746073
|
Container-overflow in CFX_SAXReaderHandler::OnTagEnter
|
-
|
2017-10-26
|
746223
|
Unknown exception in RaiseException
|
-
|
2017-10-26
|
674577
|
extensions: match_patterns not matching FQDN with trailing dot
|
-
|
2017-10-25
|
740022
|
Crash in _sk_byte_tables_avx
|
-
|
2017-10-25
|
745844
|
CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat
|
-
|
2017-10-25
|
740784
|
CHECK failure: dependent_code()->IsEmpty(DependentCode::kPrototypeCheckGroup) in objects-debug.
|
-
|
2017-10-24
|
743106
|
Global-buffer-overflow in SkImageInfo::unflatten
|
-
|
2017-10-24
|
743622
|
DCHECK failure in HasLength() in shared-function-info-inl.h
|
-
|
2017-10-24
|
744292
|
DCHECK failure in __isolate__->has_pending_exception() in runtime-module.cc
|
-
|
2017-10-24
|
744700
|
Crash in Relaxed_Load
|
-
|
2017-10-24
|
743301
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i
|
-
|
2017-10-23
|
723158
|
CHECK failure: IrOpcode::kFrameState == state->op()->opcode() in instruction-selector.cc
|
-
|
2017-10-22
|
740166
|
Crash in __crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_ou
|
$3500
|
2017-10-22
|
740426
|
Heap-buffer-overflow in gl::Texture::getWidth
|
-
|
2017-10-22
|
740776
|
Security: BroadPwn bug on Broadcom WiFi chipsets (CVE-2017-9417)
|
-
|
2017-10-22
|
740603
|
Security: heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels
|
$5000
|
2017-10-22
|
741750
|
[wasm] Signature confusion in function table import/export/init
|
-
|
2017-10-22
|
742346
|
DCHECK failure in target->constructor_or_backpointer() == map in mark-compact.cc
|
-
|
2017-10-22
|
742381
|
DCHECK failure in maybe_transition->elements_kind() != transition_elements_kind in objects.cc
|
-
|
2017-10-22
|
742967
|
CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel
|
-
|
2017-10-22
|
735279
|
Crash in avx::memset32
|
-
|
2017-10-19
|
738763
|
CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat
|
-
|
2017-10-19
|
740803
|
Security: Use After Free in v8
|
$3000
|
2017-10-19
|
741604
|
Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp;call_init;call_init
|
-
|
2017-10-19
|
481202
|
Security: BoringSSL ecdsa_sign_setup timing leak in the inversion of k
|
-
|
2017-10-19
|
736633
|
Use-after-poison in v8::internal::compiler::InstructionSelector::EmitTableSwitch
|
-
|
2017-10-18
|
740710
|
Security: service_manager{client_process} Capability Not Properly Enforced
|
-
|
2017-10-18
|
741078
|
CHECK failure: map->IsMap() in spaces.cc
|
-
|
2017-10-18
|
724093
|
Security: Multiple flaws relating to stack/heap clash attacks
|
-
|
2017-10-17
|
735419
|
Multiple Security vulnerabilities in OpenVPN
|
-
|
2017-10-17
|
736133
|
Heap-use-after-free in CFX_FaceCache::~CFX_FaceCache
|
-
|
2017-10-17
|
738228
|
Matrix attributes are not bounds-checked
|
-
|
2017-10-17
|
740325
|
CHECK failure: is_api_object in objects.cc
|
-
|
2017-10-17
|
736195
|
Heap-buffer-overflow in SkiaState::ClipRestore
|
-
|
2017-10-16
|
736574
|
Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading
|
-
|
2017-10-16
|
740199
|
CHECK failure: Smi::IsValid(value) in objects.h
|
-
|
2017-10-16
|
740509
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed(INCLUDE_DEFERRE
|
-
|
2017-10-16
|
736907
|
Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline
|
-
|
2017-10-14
|
734245
|
Crash in void LoadImageRow<
|
-
|
2017-10-13
|
734328
|
CrOS: CVE-2017-0651: Vulnerability reported in Linux kernel
|
-
|
2017-10-13
|
736357
|
Security: Credential Manager API origin confusion
|
-
|
2017-10-13
|
737932
|
CrOS: CVE-2017-1000364: Vulnerability reported in Linux kernel
|
-
|
2017-10-13
|
738652
|
Heap-use-after-free in cc::Display::~Display
|
-
|
2017-10-13
|
738596
|
Heap-use-after-free in blink::Text::TextLayoutObjectIsNeeded
|
-
|
2017-10-13
|
738952
|
Null-dereference READ in MemoryRead<unsigned
|
-
|
2017-10-13
|
739186
|
Crash in MemoryRead<unsigned
|
-
|
2017-10-13
|
739190
|
Security: use-of-uninitialized-value in SkPathMeasure::distanceToSegment
|
$1000
|
2017-10-13
|
737315
|
Effective TLD wildcarding for ExtensionSettings not working
|
-
|
2017-10-12
|
738682
|
Use-of-uninitialized-value in SkShaderBase::Context::Context
|
-
|
2017-10-12
|
738746
|
Use-of-uninitialized-value in SkMatrix::postConcat
|
-
|
2017-10-10
|
735884
|
CrOS: CVE-2017-1000380: Vulnerability reported in Linux kernel
|
-
|
2017-10-08
|
737530
|
CrOS: CVE-2017-1000365: Vulnerability reported in Linux kernel
|
-
|
2017-10-08
|
737534
|
CrOS: CVE-2017-9605: Vulnerability reported in Linux kernel
|
-
|
2017-10-08
|
737889
|
Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed
|
-
|
2017-10-08
|
738703
|
Wild-access in blink::Text::TextLayoutObjectIsNeeded
|
-
|
2017-10-08
|
737877
|
Crash in v8::internal::Invoke
|
-
|
2017-10-07
|
772194
|
Heap-use-after-free in base::internal::WeakReference::is_valid
|
-
|
2017-10-06
|
732407
|
Incorrect-function-pointer-type in hb_font_destroy
|
-
|
2017-10-06
|
733940
|
Security: Form field validation bubbles can appear after navigating to another origin
|
$500
|
2017-10-06
|
736639
|
Unknown-crash in es2::VertexDataManager::writeAttributeData
|
-
|
2017-10-05
|
736943
|
Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::DispatchTraceWrappers;blink::TraceTrait<blink::Modulator>::TraceMarkedWrapper
|
-
|
2017-10-05
|
737069
|
Security: Heap-buffer-overflow in v8::wasm
|
$1000
|
2017-10-05
|
737529
|
Heap-buffer-overflow in chrome_pdf::PDFiumEngine::OnMouseUp
|
-
|
2017-10-05
|
669751
|
Security: Potential integer overflow in memory allocation expression in TerminatedArray
|
-
|
2017-10-04
|
725975
|
Heap-buffer-overflow in copyFTBitmap
|
-
|
2017-10-04
|
737100
|
Heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState
|
-
|
2017-10-04
|
737104
|
CHECK failure: entry.code_offset >= 0 in source-position-table.cc
|
-
|
2017-10-04
|
722847
|
Crash in gldMergeScanlines2x2
|
-
|
2017-10-03
|
736567
|
CHECK failure: MachineRepresentation::kNone == input_info->representation() in simplified-lower
|
-
|
2017-10-03
|
736588
|
Heap-buffer-overflow in SkiaState::AdjustClip
|
-
|
2017-10-03
|
736621
|
CHECK failure: is_neuterable() in objects.cc
|
-
|
2017-10-03
|
736624
|
Bad-cast to gl::Surface from egl::PBufferSurface;es2::Context::makeCurrent;egl::MakeCurrent
|
-
|
2017-10-03
|
731669
|
Security: bypassing CORS by XHR + MemoryCache + ServiceWorker (Ver 2)
|
-
|
2017-10-02
|
732779
|
CSP script-sample and report-uri together with Embedded Enforcement is harmful
|
$500
|
2017-10-02
|
736233
|
Heap-use-after-free in (unknown)
|
-
|
2017-10-01
|
704132
|
CHECK failure: size_ <= capacity_ in identity-map.cc
|
-
|
2017-09-30
|
728654
|
CHECK failure: backing_store_[index++] == static_cast<uint32_t>(name->length()) in preparsed-sc
|
-
|
2017-09-30
|
733548
|
Chrome broker PP_Instance overwrite in IPC handler OnMsgDidCreateInProcessInstance
|
-
|
2017-09-30
|
733549
|
Chrome sandbox escape due to use of invalid PP_Instance in IPC handler OnMsgDidDeleteInProcessInstance
|
$5000
|
2017-09-30
|
734016
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2017-09-29
|
735718
|
Use-of-uninitialized-value in webrtc::FuzzAudioProcessing
|
-
|
2017-09-29
|
422987
|
Security: AppCache FALLBACK should be limited to sub-paths of manifest directory
|
-
|
2017-09-28
|
718676
|
Security: Potential HTTPS downgrade attacks by abusing WWW mismatch redirect
|
-
|
2017-09-28
|
726072
|
Enlarge stack guard gap in Linux kernel
|
-
|
2017-09-28
|
734109
|
Heap-buffer-overflow in (unknown)
|
-
|
2017-09-28
|
735771
|
Heap-use-after-free in v8::internal::WasmSharedModuleData::is_asm_js
|
-
|
2017-09-28
|
728992
|
Heap-use-after-free in CFX_UnownedPtr<CPDF_ShadingPattern>::ProbeForLowSeverityLifetimeIssue
|
-
|
2017-09-27
|
732200
|
Heap-use-after-free in blink::LayoutText::SetText
|
-
|
2017-09-27
|
733146
|
Bad-cast to blink::LayoutObject from invalid vptr;blink::LayoutText::SetText;blink::LayoutTextFragment::SetTextFragment
|
-
|
2017-09-27
|
733254
|
Heap-buffer-overflow in indexed_db::mojom::DatabaseStubDispatch::Accept
|
-
|
2017-09-27
|
734108
|
CHECK failure: !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h
|
-
|
2017-09-27
|
734348
|
Heap-use-after-free in blink::LayoutQuote::DetachQuote
|
-
|
2017-09-27
|
550017
|
Security: Modal dialogs overlaying Fullscreen permission dialog
|
$3000
|
2017-09-26
|
733467
|
Use-after-poison in blink::HTMLSlotElement::LazyReattachDistributedNodesIfNeeded
|
-
|
2017-09-26
|
734344
|
Use-of-uninitialized-value in base::Pickle::WriteData
|
-
|
2017-09-26
|
729597
|
Null-dereference READ in heap
|
-
|
2017-09-25
|
729105
|
Security: Mac-only URL bar spoofing via HTTPS error interstitial?
|
$500
|
2017-09-24
|
722261
|
Security: RSA key generation weakness in certain TPM models
|
-
|
2017-09-23
|
732597
|
Heap-use-after-free in blink::PaintController::CommitNewDisplayItems
|
-
|
2017-09-23
|
733245
|
Crash in InvalidParameter - util::printd calling wcsftime
|
-
|
2017-09-23
|
733283
|
Bad-cast to blink::ResourceFinishObserver from invalid vptr;blink::NotifyFinishObservers;base::internal::Invoker<base::internal::BindState<void
|
-
|
2017-09-23
|
733507
|
Use-after-poison in base::internal::FunctorTraits<void
|
-
|
2017-09-23
|
733829
|
Crash in blink::FontCache::CrashWithFontInfo
|
-
|
2017-09-23
|
727077
|
Security DCHECK failure in value.IsIdentifierValue() in CSSIdentifierValue.h
|
-
|
2017-09-22
|
732039
|
Security: Use-after-free in CPDFSDK_WidgetHandler::OnLoad
|
$3000
|
2017-09-22
|
732051
|
Security: UAF in CFFL_FormFiller::GetPDFWindow()
|
$3000
|
2017-09-22
|
732322
|
Use-after-free in CFFL_InteractiveFormFiller::OnFormat
|
$3000
|
2017-09-22
|
733218
|
Bad-cast to blink::HTMLElement from blink::SVGSVGElement;blink::FocusController::NextFocusableElementInForm;blink::InputMethodController::TextInputFlags
|
-
|
2017-09-22
|
616670
|
Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline
|
-
|
2017-09-21
|
731629
|
Use-of-uninitialized-value in ui::XVisualManager::XVisualManager
|
-
|
2017-09-21
|
731351
|
Crash in v8::internal::Invoke
|
-
|
2017-09-21
|
732533
|
Global-buffer-overflow in GuessSizeForVSWPrintf
|
-
|
2017-09-21
|
733059
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea
|
-
|
2017-09-21
|
733118
|
CHECK failure: 0 != hash_ in hash-table.h
|
-
|
2017-09-21
|
733163
|
Heap-use-after-free in v8::internal::wasm::AsyncCompileJob::DecodeModule::Run
|
-
|
2017-09-21
|
733282
|
Crash in blink::FocusController::NextFocusableElementInForm
|
-
|
2017-09-21
|
733491
|
Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine
|
-
|
2017-09-21
|
729041
|
Heap-use-after-free in CPWL_Wnd::Destroy
|
-
|
2017-09-20
|
729957
|
Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate
|
-
|
2017-09-20
|
732409
|
Use-after-poison in void blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<blink::LocalFrameV
|
-
|
2017-09-20
|
730171
|
Security: Crash in WTF::ArrayBufferContents::FreeMemory()
|
-
|
2017-09-19
|
732031
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2017-09-19
|
732169
|
Ill in v8::internal::TranslatedState::MaterializeCapturedObjectAt
|
-
|
2017-09-19
|
729298
|
Use-of-uninitialized-value in blink::StringResourceBase::~StringResourceBase
|
-
|
2017-09-18
|
728984
|
CrOS: CVE-2017-9074: Vulnerability reported in Linux kernel
|
-
|
2017-09-16
|
729383
|
Heap-use-after-free in blink::PaintController::CommitNewDisplayItems
|
-
|
2017-09-16
|
729979
|
Near homograph URL Spoofing with Arabic
|
$1000
|
2017-09-16
|
731495
|
CHECK failure: args[0]->IsString() in runtime-strings.cc
|
-
|
2017-09-16
|
728559
|
CrOS: CVE-2017-9077: Vulnerability reported in Linux kernel
|
-
|
2017-09-15
|
728560
|
CrOS: CVE-2017-9242: Vulnerability reported in Linux kernel
|
-
|
2017-09-15
|
728986
|
CrOS: CVE-2017-9076: Vulnerability reported in Linux kernel
|
-
|
2017-09-15
|
728985
|
CrOS: CVE-2017-9075: Vulnerability reported in Linux kernel
|
-
|
2017-09-15
|
730297
|
Security DCHECK failure in !root_parent->IsSVGElement() || !ToSVGElement(root_parent) ->elements_with_relat
|
-
|
2017-09-15
|
731105
|
Crash in sw::Renderer::taskLoop (SwiftShader)
|
-
|
2017-09-15
|
677933
|
Security: Symlinks allow arbitrary file access to chronos-accessible file system locations via file://
|
-
|
2017-09-14
|
728887
|
Security: IndexedDB OpenCursor UaF
|
$10000
|
2017-09-14
|
729147
|
CHECK failure: (materialized) != nullptr in bytecode-register-optimizer.cc
|
-
|
2017-09-14
|
729991
|
Security: Information Disclosure Issue in v8::wasm
|
$4000
|
2017-09-14
|
730429
|
Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::MachineOperatorGlobalCache::LoadAnyTaggedOperator;OpParameter<v8::internal::compiler::FrameStateInfo>;OpParameter<v8::internal::compiler::FrameStateInfo>
|
-
|
2017-09-14
|
730253
|
CHECK failure: 1 == OperatorProperties::GetFrameStateInputCount(node->op()) in node-properties.
|
-
|
2017-09-14
|
730854
|
Use-of-uninitialized-value in v8::internal::compiler::StateValuesAccess::size
|
-
|
2017-09-14
|
722126
|
Security: Chrome ĂĄÂŽÂĂȘ± buffer overflow in mount.exfat-fuse after a call to malloc(0)
|
$3000
|
2017-09-13
|
728094
|
CrOS: Vulnerability reported in sys-libs/zlib
|
-
|
2017-09-13
|
728983
|
Use-of-uninitialized-value in ui::XVisualManager::XVisualManager
|
-
|
2017-09-13
|
728756
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea
|
-
|
2017-09-13
|
728987
|
CrOS: Vulnerability reported in sys-libs/zlib
|
-
|
2017-09-13
|
728998
|
Use-of-uninitialized-value in libnss3.so
|
-
|
2017-09-13
|
729302
|
Use-of-uninitialized-value in libglib-2.0.so.0
|
-
|
2017-09-13
|
696806
|
Security: Allowed to set AppCache-manifest under CSP: Sandbox / Fallback on full origin
|
$2000
|
2017-09-12
|
724608
|
CHECK failure: !map->is_deprecated() in compilation-dependencies.cc
|
-
|
2017-09-12
|
727008
|
CrOS: (CVE-2017-9150) Vulnerability reported in Linux kernel
|
-
|
2017-09-12
|
728185
|
Security: Unknown memory corruption in HTML rendering.
|
$500
|
2017-09-12
|
728718
|
Heap-use-after-free in ProbeForLowSeverityLifetimeIssue
|
-
|
2017-09-09
|
716262
|
Security: Out of Bounds write in NSS (used on ChromeOS)
|
-
|
2017-09-08
|
723796
|
Security: data-uris can be loaded on the top frame using a (failed) server redirect followed and a history back()
|
$500
|
2017-09-08
|
724972
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSArrayBuffer()) in object
|
-
|
2017-09-08
|
725032
|
Security: Use-after-free in IndexedDB Transactions
|
$10500
|
2017-09-08
|
725743
|
CHECK failure: interrupt_address == isolate->builtins()->InterruptCheck()->entry() in full-code
|
-
|
2017-09-08
|
726716
|
Heap-use-after-free in blink::LayoutText::SetText
|
-
|
2017-09-08
|
728158
|
Bad-cast to CXFA_Object from CXFA_FM2JSContext;CXFA_ScriptContext::ToObject;CXFA_FM2JSContext::GetObjectDefaultValue
|
-
|
2017-09-08
|
728669
|
Heap-use-after-free in CFX_UnownedPtr<CCodec_GifModule::Delegate>::ProbeForLowSeverityLifetimeIssue
|
-
|
2017-09-08
|
724973
|
CHECK failure: is_valid in conversions-inl.h
|
-
|
2017-09-07
|
727048
|
Heap-use-after-free in CPWL_ScrollBar::~CPWL_ScrollBar
|
-
|
2017-09-07
|
727972
|
Use-of-uninitialized-value in libglib-2.0.so.0
|
-
|
2017-09-07
|
727999
|
Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary
|
-
|
2017-09-07
|
728323
|
Heap-use-after-free in CFX_UnownedPtr<CCodec_BmpModule::Delegate>::ProbeForLowSeverityLifetimeIssue
|
-
|
2017-09-07
|
708237
|
Security: ExternalInterface.addCallback works across isolated worlds
|
-
|
2017-09-06
|
725660
|
[IDN Phishing] Use the "xn--fgb" character to hide the real URL: Block U+0620 on Mac only.
|
$2000
|
2017-09-06
|
726067
|
Compromised renderer can upload arbitrary files
|
-
|
2017-09-06
|
726755
|
Heap-use-after-free in CFX_BitmapComposer::~CFX_BitmapComposer
|
-
|
2017-09-06
|
726887
|
Heap-use-after-free in CFX_UnownedPtr<CCodec_TiffContext>::Probe
|
-
|
2017-09-06
|
727218
|
CHECK failure: is_resolved() in ast.h
|
-
|
2017-09-06
|
727245
|
Stack-use-after-return in CCodec_Jbig2Context::~CCodec_Jbig2Context
|
-
|
2017-09-06
|
724884
|
Heap-use-after-free in v8::Shell::CreateRealm
|
-
|
2017-09-05
|
725226
|
Crash in v8::internal::Invoke
|
-
|
2017-09-05
|
725865
|
CHECK failure: (index >= 0) && (index < this->length()) in objects-inl.h
|
-
|
2017-09-05
|
727090
|
Crash in v8::internal::Stats_Runtime_AllocateInNewSpace
|
-
|
2017-09-05
|
725884
|
Use-of-uninitialized-value in ui::XVisualManager::XVisualManager
|
-
|
2017-09-03
|
726710
|
Heap-use-after-free in blink::NodeListsNodeData::AddCache<blink::DocumentNameCollection>
|
-
|
2017-09-03
|
726989
|
Heap-use-after-free in ??$insert@U?$HashMapTranslator@U?$HashMapValueTraits@U?$HashTraits@U?$pair@EPAVS
|
-
|
2017-09-03
|
681740
|
Security: URL Spoofing (with HTTPS lock) by focusing the omnibox while changing the location hash and calling a modal dialog
|
$1000
|
2017-09-02
|
725537
|
CHECK failure: map()->is_callable() in objects-debug.cc
|
-
|
2017-09-02
|
726220
|
Use-after-poison in blink::SVGImage::ServiceAnimations
|
-
|
2017-09-02
|
726253
|
Heap-use-after-free in IsEmpty
|
-
|
2017-09-02
|
726299
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2017-09-02
|
726503
|
Heap-use-after-free in CPDF_Parser::SetEncryptHandler
|
-
|
2017-09-02
|
726622
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i
|
-
|
2017-09-02
|
726636
|
Crash in v8::internal::Simulator::DecodeType2
|
-
|
2017-09-02
|
726653
|
Stack-use-after-return in CJBig2_Context::~CJBig2_Context
|
-
|
2017-09-02
|
726728
|
Heap-use-after-free in CPDF_ShadingPattern::~CPDF_ShadingPattern
|
-
|
2017-09-02
|
726732
|
Heap-use-after-free in Probe
|
-
|
2017-09-02
|
726891
|
Heap-use-after-free in CFX_UnownedPtr<CPDF_ColorSpace>::Probe
|
-
|
2017-09-02
|
726833
|
Heap-use-after-free in CFX_UnownedPtr<CJBig2_ArithDecoder>::Probe
|
-
|
2017-09-02
|
720311
|
CHECK failure: isolate_status.count(args.GetIsolate()) == 1 in d8.cc
|
-
|
2017-09-01
|
724606
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length()
|
-
|
2017-09-01
|
724640
|
Heap-use-after-free in Probe
|
-
|
2017-09-01
|
725017
|
CrOS: CVE-2017-8924 - Vulnerability reported in Linux kernel - usb edge_bulk_in_callback
|
-
|
2017-09-01
|
725018
|
CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open
|
-
|
2017-09-01
|
725201
|
CHECK failure: fixed_array->IsDictionary() in objects-inl.h
|
-
|
2017-09-01
|
725929
|
Use-of-uninitialized-value in std::__1::pair<WTF::KeyValuePair<std::__1::pair<unsigned char, WTF::StringImpl*>
|
-
|
2017-09-01
|
726080
|
NTLM implementation can have security downgraded by bad server
|
-
|
2017-09-01
|
726276
|
Heap-use-after-free in blink::LayoutText::SetText
|
-
|
2017-09-01
|
724460
|
Heap-use-after-free in CPDF_ImageCacheEntry::~CPDF_ImageCacheEntry
|
-
|
2017-08-31
|
725974
|
Heap-use-after-free in blink::LayoutText::SetText
|
-
|
2017-08-31
|
592686
|
Wrong tab goes fullscreen
|
-
|
2017-08-30
|
716995
|
CrOS: Vulnerability reported in media-libs/freetype
|
-
|
2017-08-30
|
722130
|
Heap-buffer-overflow in __printf_chk
|
-
|
2017-08-30
|
722639
|
IDN URL Spoofing with TIFINAGH LETTER YAN
|
$1000
|
2017-08-30
|
724768
|
CrOS: CVE-2017-0605 - Vulnerability reported in Linux kernel - kernel trace subsystem
|
-
|
2017-08-30
|
724788
|
CrOS: CVE-2017-0630 - Vulnerability reported in Linux kernel - trace subsystem
|
-
|
2017-08-30
|
656417
|
Security: Omnibox scrolls RTL domains off-screen (spoofing)
|
$1000
|
2017-08-29
|
721731
|
CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-08-29
|
723582
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2017-08-29
|
724829
|
<no crash state available>
|
-
|
2017-08-29
|
724893
|
Heap-use-after-free in CFX_UnownedPtr<IJS_EventContext>::~CFX_UnownedPtr
|
-
|
2017-08-29
|
724892
|
Heap-use-after-free in CFX_UnownedPtr<CXFA_PDFFontMgr>::~CFX_UnownedPtr
|
-
|
2017-08-29
|
724960
|
Container-overflow in CFX_UnownedPtr<unsigned char const>::Probe
|
-
|
2017-08-29
|
724637
|
Bus in CGifLZWDecoder::AddCode
|
-
|
2017-08-28
|
697394
|
CrOS: Vulnerability reported in media-libs/libpng
|
-
|
2017-08-26
|
697890
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable
|
-
|
2017-08-26
|
702030
|
Security: chronos user local file read (ImageBurner)
|
-
|
2017-08-26
|
716803
|
Use of an invalid mutex in pthread_mutex_unlock
|
-
|
2017-08-26
|
723625
|
Use-of-uninitialized-value in CPDF_CMap::GetNextChar
|
-
|
2017-08-26
|
724405
|
Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe
|
-
|
2017-08-26
|
724500
|
Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe
|
-
|
2017-08-26
|
722756
|
Type Confusion In Chrome Lead to RCE
|
$7500
|
2017-08-25
|
723802
|
Ill in v8::internal::compiler::Verifier::Visitor::Check
|
-
|
2017-08-25
|
723644
|
Heap-use-after-free in ~CFX_UnownedPtr
|
-
|
2017-08-25
|
724021
|
CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-08-25
|
618021
|
Use-of-uninitialized-value in u_strToUTF8WithSub_56
|
-
|
2017-08-24
|
654173
|
Security: PDFium (XFA) Heap Buffer Overflow in CGifLZWDecoder::AddCode
|
-
|
2017-08-24
|
722124
|
Use-of-uninitialized-value in u_strToUTF8WithSub_59
|
-
|
2017-08-24
|
722785
|
CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-08-24
|
723503
|
Security: Mismatched Origin Display in WebUSB and WebBluetooth Permissions Dialogs
|
$500
|
2017-08-24
|
724022
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2017-08-24
|
722071
|
Heap-buffer-overflow in PackBitsDecode
|
-
|
2017-08-23
|
710400
|
Permission Prompt not correctly dismissed on top window navigation
|
-
|
2017-08-22
|
721579
|
Security: FLAG_SECURE not used on Android for credit cards pre-fills
|
-
|
2017-08-22
|
721988
|
Security: Heap-use-after-free in payments::`anonymous namespace'::SheetView::RequestFocus
|
$500
|
2017-08-22
|
722115
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable
|
-
|
2017-08-22
|
711505
|
Security: Attacker Can Control Cookies in Chrome
|
-
|
2017-08-21
|
722027
|
CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-08-21
|
722026
|
CrOS: Vulnerability reported in Linux kernel
|
-
|
2017-08-21
|
721925
|
Security: Linux kernel CVE-2017-7895
|
-
|
2017-08-20
|
698693
|
Use-of-uninitialized-value in base::internal::JSONParser
|
-
|
2017-08-19
|
719199
|
Security: disallow "Canadian Syllabics" unicode block from IDN domains
|
$1000
|
2017-08-19
|
721789
|
<no crash state available>
|
-
|
2017-08-19
|
658599
|
Heap-use-after-free in blink::HTMLMediaElement::startPlayerLoad
|
-
|
2017-08-18
|
695830
|
Security: release assert trigger in pdfium
|
-
|
2017-08-18
|
716510
|
Use-after-poison in void blink::FrameView::forAllNonThrottledFrameViews<blink::FrameView::updateLife
|
-
|
2017-08-18
|
718946
|
URL Spoofing when access to initial document is not reported to browser process
|
-
|
2017-08-18
|
721624
|
Use-of-uninitialized-value in run_analysis
|
-
|
2017-08-18
|
663991
|
Security: sdcardfs stack overflow potentially leading to kernel code execution
|
-
|
2017-08-17
|
711772
|
Subframe navigations can be used to add domains to history
|
-
|
2017-08-17
|
714849
|
Security: Field validation bubbles can appear over the wrong tab with using print()
|
-
|
2017-08-17
|
718526
|
Security: depthcharge write_sparse_image potential oob reads
|
-
|
2017-08-17
|
720351
|
Use-of-uninitialized-value in gif_decode_extension
|
-
|
2017-08-17
|
698082
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable
|
-
|
2017-08-16
|
714196
|
Security: Domain spoofing thanks to U+0F8C rendered as 'space' on Mac
|
$2000
|
2017-08-16
|
718498
|
Bad-cast to CXFA_ContainerLayoutItem from CXFA_FFSubForm;CXFA_LayoutPageMgr::MergePageSetContents;CXFA_LayoutPageMgr::SyncLayoutData
|
-
|
2017-08-16
|
719291
|
Stack-buffer-overflow in sw::Nucleus::createConstantVector
|
-
|
2017-08-16
|
719720
|
Stack-buffer-overflow in libGLESv2_swiftshader
|
-
|
2017-08-16
|
714440
|
Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor
|
-
|
2017-08-15
|
717476
|
Security: Chrome PaymentRequestAPI Payment-Origin Spoof
|
-
|
2017-08-15
|
677817
|
Security: crosh shell sandbox escape
|
-
|
2017-08-12
|
709327
|
Security: Crash in blink::ThreadHeap::isHeapObjectAlive
|
-
|
2017-08-12
|
708819
|
Security: Heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing
|
$500
|
2017-08-12
|
714580
|
Crash in v8::internal::Invoke
|
-
|
2017-08-12
|
716713
|
Container-overflow in SkSL::Compiler::addDefinitions
|
$1500
|
2017-08-12
|
717935
|
Use-of-uninitialized-value in approx_log2
|
-
|
2017-08-12
|
718977
|
Crash in v8::internal::ScavengingVisitor<1,1>::EvacuateObject<1,0>
|
-
|
2017-08-12
|
670296
|
Heap-buffer-overflow in v8::internal::Simulator::DecodeType3
|
-
|
2017-08-11
|
705385
|
Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate
|
-
|
2017-08-11
|
718104
|
Use of an invalid mutex in pthread_mutex_unlock
|
-
|
2017-08-11
|
713440
|
Security: mixed content in <picture> isn't blocked
|
-
|
2017-08-10
|
716311
|
Heap-buffer-overflow in SkSpecularLightingImageFilter::onFilterImage
|
$1000
|
2017-08-10
|
717891
|
Ill in v8::internal::ParserBase<v8::internal::Parser>::ParseClassPropertyDefinition
|
-
|
2017-08-10
|
686128
|
Use-of-uninitialized-value in CRYPT_ArcFourSetup
|
-
|
2017-08-09
|
712163
|
Use-of-uninitialized-value in OT::RangeRecord::cmp
|
-
|
2017-08-09
|
713998
|
Heap-buffer-overflow in CXFA_Object::IsNode
|
-
|
2017-08-09
|
716474
|
Security: Use-after-poison in blink::FrameView::AdjustMediaTypeForPrinting
|
$2000
|
2017-08-09
|
716706
|
Stack-buffer-overflow in CFX_WideString::CFX_WideString
|
-
|
2017-08-09
|
716936
|
Use-after-poison in v8::internal::wasm::ThreadImpl::Push
|
-
|
2017-08-09
|
716945
|
Heap-use-after-free in blink::AudioBus::Zero
|
$3500
|
2017-08-09
|
717056
|
Ill in v8::internal::wasm::ErrorThrower::Reify
|
-
|
2017-08-09
|
717641
|
Security: Fix ghostcript bug
|
-
|
2017-08-09
|
717845
|
Use-after-poison in blink::LocalFrame::DomWindow
|
-
|
2017-08-09
|
716954
|
Use-of-uninitialized-value in approx_log2
|
-
|
2017-08-07
|
485550
|
Security: URL Spoof with link in pdf and slow url
|
$2000
|
2017-08-05
|
712459
|
Heap-use-after-free in blink::EventHandler::SelectAutoCursor
|
$1500
|
2017-08-05
|
713190
|
Heap-use-after-free in blink::LayoutBox::findAutoscrollable
|
-
|
2017-08-05
|
714311
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::ApplyStyleCommand::applyRelativeFontStyleChange;blink::ApplyStyleCommand::doApply
|
$3500
|
2017-08-05
|
714442
|
Security: Navigation from http: to file: etc. is possible (Android)
|
-
|
2017-08-05
|
716519
|
Heap-use-after-free in CFX_WideString::operator
|
-
|
2017-08-05
|
707549
|
Heap-use-after-free in printing::PrintWebViewHelper::RenderPageContent
|
$3000
|
2017-08-04
|
709417
|
Security: RTL character in URL flips domain and path (Android 4.2 and earlier)
|
$3000
|
2017-08-04
|
715454
|
Use-after-poison in v8::internal::wasm::ThreadImpl::DoStackTransfer
|
-
|
2017-08-04
|
716207
|
Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy
|
-
|
2017-08-04
|
716266
|
Use-of-uninitialized-value in approx_log2
|
-
|
2017-08-04
|
702041
|
Crash in bilinear_interpol
|
-
|
2017-08-03
|
713545
|
Use-of-uninitialized-value in blink::Notification::PrepareShow
|
-
|
2017-08-03
|
714819
|
Heap-use-after-free in v8_inspector::V8InspectorSessionImpl::breakProgram
|
-
|
2017-08-03
|
715506
|
CrOS: Vulnerability reported in app-admin/sudo
|
-
|
2017-08-03
|
715582
|
Security: Out of bound read in FindSharedFunctionInfo (V8)
|
$3000
|
2017-08-03
|
715883
|
Heap-use-after-free in net::HttpCache::Transaction::DoCacheReadData
|
-
|
2017-08-03
|
715018
|
Heap-use-after-free in views::View::RemoveObserver
|
-
|
2017-08-02
|
715201
|
Global-buffer-overflow in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer
|
-
|
2017-08-02
|
715220
|
Heap-buffer-overflow in v8::internal::TranslatedState::CreateNextTranslatedValue
|
-
|
2017-08-02
|
715218
|
Heap-buffer-overflow in v8::internal::PreParsedScopeData::RestoreData
|
-
|
2017-08-02
|
715408
|
Heap-buffer-overflow in PackBitsDecode
|
-
|
2017-08-02
|
672008
|
Security: Extension's verification bypass
|
-
|
2017-08-01
|
678776
|
Security: Content-Security-Policy reporting leaks the URL fragment
|
$2000
|
2017-08-01
|
711889
|
Heap-buffer-overflow in CFX_SAXReader::ParseChar
|
-
|
2017-08-01
|
713515
|
Bad-cast to media::MediaLog from invalid vptr;media::LogHelper::~LogHelper;media::ADTSStreamParser::ParseFrameHeader
|
-
|
2017-08-01
|
714074
|
Use-of-uninitialized-value in CPDF_PatchDrawer::Draw
|
-
|
2017-08-01
|
714426
|
Heap-buffer-overflow in interp_lut
|
-
|
2017-08-01
|
714974
|
Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy
|
-
|
2017-08-01
|
714980
|
Use-of-uninitialized-value in approx_log2
|
-
|
2017-08-01
|
713686
|
Security: Field validation bubbles can appear over the wrong tab
|
$500
|
2017-07-31
|
714003
|
Crash in v8::internal::Invoke
|
-
|
2017-07-29
|
679306
|
WebRTC crash (?) on appear.in
|
$500
|
2017-07-28
|
711020
|
Security: DoCanonicalizeMailtoURL() fails to canonicalize characters leading to command injection
|
$1000
|
2017-07-28
|
711260
|
Use-of-uninitialized-value in CFX_SAXReader::ParseChar
|
-
|
2017-07-28
|
713651
|
Heap-buffer-overflow in interp_lut
|
-
|
2017-07-28
|
711609
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::PrePaintTreeWalkContext::PrePaintTreeWalkContext;blink::PrePaintTreeWalk::Walk
|
-
|
2017-07-27
|
711638
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2017-07-27
|
712624
|
Stack-buffer-overflow in sw::Nucleus::createConstantVector
|
-
|
2017-07-27
|
712752
|
Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect
|
-
|
2017-07-27
|
712639
|
Stack-buffer-overflow in libGLESv2_swiftshader
|
-
|
2017-07-27
|
712839
|
Heap-use-after-free in blink::LayoutBoxModelObject::hasSelfPaintingLayer
|
-
|
2017-07-27
|
712907
|
Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer
|
-
|
2017-07-27
|
712910
|
Use-after-poison in v8::internal::compiler::Node::AppendUse
|
-
|
2017-07-27
|
713175
|
Stack-buffer-overflow in IntersectSides
|
-
|
2017-07-27
|
713184
|
Heap-buffer-underflow in SkiaState::ClipRestore
|
-
|
2017-07-27
|
713330
|
Heap-buffer-overflow in CFX_ClipRgn::IntersectMaskRect
|
-
|
2017-07-27
|
713336
|
Heap-use-after-free in content::BlinkTestController::~BlinkTestController
|
-
|
2017-07-27
|
713472
|
Crash in v8::internal::Invoke
|
-
|
2017-07-27
|
713453
|
Use-of-uninitialized-value in parametric
|
-
|
2017-07-27
|
713473
|
Heap-buffer-overflow in load_rgb_from_tables<0>
|
-
|
2017-07-27
|
711936
|
Heap-buffer-overflow in GrBufferAllocPool::putBack
|
-
|
2017-07-26
|
711895
|
Heap-buffer-overflow in read_big_endian_u32
|
-
|
2017-07-26
|
712835
|
Crash in CFX_ImageTransformer::Continue
|
-
|
2017-07-26
|
702920
|
Use-of-uninitialized-value in SkConic::evalAt
|
-
|
2017-07-25
|
706207
|
Use-of-uninitialized-value in blink::Notification::prepareShow
|
-
|
2017-07-25
|
711459
|
Use-of-uninitialized-value in CFX_ByteString::Compare
|
-
|
2017-07-25
|
702884
|
Crash in sk_memset32
|
-
|
2017-07-24
|
704448
|
Use-of-uninitialized-value in SkRect::setBoundsCheck
|
-
|
2017-07-24
|
704568
|
Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading
|
-
|
2017-07-24
|
705193
|
Stack-use-after-return in CFX_Font::GetFace
|
-
|
2017-07-24
|
705783
|
Use-of-uninitialized-value in SkPath::operator=
|
-
|
2017-07-24
|
705821
|
Use-of-uninitialized-value in SkPath::operator=
|
-
|
2017-07-24
|
711929
|
Use-of-uninitialized-value in CFGAS_TextStream::InitStream
|
-
|
2017-07-23
|
703757
|
Security: cherry-pick PDFium tiff security fixes to the Chrome OS tiff repo.
|
-
|
2017-07-22
|
706349
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2017-07-22
|
710403
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18
|
-
|
2017-07-22
|
711876
|
Heap-use-after-free in ScopedObserver<OmniboxPopupModel, OmniboxPopupModelObserver>::~ScopedObserver
|
-
|
2017-07-22
|
711890
|
Global-buffer-overflow in GuessSizeForVSWPrintf
|
-
|
2017-07-22
|
711068
|
Negative-size-param in sfntly::MemoryByteArray::InternalGet
|
-
|
2017-07-21
|
707071
|
Security: getInstalledRelatedApps: timing attack can leak installed status
|
-
|
2017-07-20
|
710356
|
Use-of-uninitialized-value in LayoutTestBrowserMain
|
-
|
2017-07-20
|
711113
|
Heap-buffer-overflow in CFX_SAXReader::ParseChar
|
-
|
2017-07-20
|
711151
|
Use-of-uninitialized-value in CFGAS_TextStream::InitStream
|
-
|
2017-07-20
|
711204
|
Heap-buffer-overflow in CFX_SAXReader::ParseChar
|
-
|
2017-07-20
|
700690
|
Use-of-uninitialized-value in decode_pce
|
-
|
2017-07-19
|
700673
|
Use-of-uninitialized-value in get_object_type
|
-
|
2017-07-19
|
701754
|
Use-of-uninitialized-value in decode_eld_specific_config
|
-
|
2017-07-19
|
709736
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::MediaStreamVideoSource::GetCurrentFormat;content::MediaStreamVideoTrack::getSettings
|
-
|
2017-07-19
|
709749
|
Heap-buffer-overflow in cc::EndCompositingDisplayItem const& cc::DisplayItemList::CreateAndAppendPairedE
|
-
|
2017-07-19
|
709941
|
Heap-buffer-overflow in SkColorLookUpTable::interp3D
|
-
|
2017-07-19
|
710813
|
Use-of-uninitialized-value in decode_pce
|
-
|
2017-07-19
|
746427
|
Are some tel: links a security issue on Android?
|
-
|
2017-07-19
|
709737
|
Use-of-uninitialized-value in sqlite3VdbeExec
|
-
|
2017-07-18
|
709741
|
Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch
|
-
|
2017-07-18
|
709738
|
Use-of-uninitialized-value in DownloadHistory::OnDownloadUpdated
|
-
|
2017-07-18
|
744789
|
CVE-2017-7526 gcrypt RSA side-channel
|
-
|
2017-07-17
|
702695
|
Ill in blink::PropertyRegistration::registerProperty
|
-
|
2017-07-16
|
709784
|
Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants
|
-
|
2017-07-16
|
708247
|
Security: OOB access in RegExp Stubs
|
-
|
2017-07-15
|
709015
|
Security: Possible arbitrary heap access through RegExp.prototype[@@match]
|
-
|
2017-07-15
|
706234
|
Use-after-poison in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized
|
-
|
2017-07-14
|
707173
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::ResolutionSet::SelectClosestPointToIdealAspectRatio;content::ResolutionSet::SelectClosestPointToIdeal
|
-
|
2017-07-13
|
708383
|
Bad-cast to CFDE_XMLElement from CFDE_XMLNode;XFA_FDEExtension_ResolveNamespaceQualifier;GetElementTagNamespaceURI
|
-
|
2017-07-13
|
708881
|
Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch
|
-
|
2017-07-13
|
707479
|
Heap-buffer-overflow in TryVSWPrintf
|
-
|
2017-07-12
|
708143
|
[qcms] Fix overflow when reading parametric gamma curves
|
-
|
2017-07-12
|
708145
|
[qcms] Only accept valid input ranges when reading VCGT tag
|
-
|
2017-07-12
|
707220
|
Global-buffer-overflow in v8::internal::Simulator::DecodeType2
|
-
|
2017-07-11
|
707221
|
Global-buffer-overflow in MemoryRead<unsigned
|
-
|
2017-07-11
|
707222
|
Global-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate
|
-
|
2017-07-11
|
707410
|
Heap-use-after-free in v8::internal::libc_memcpy
|
-
|
2017-07-11
|
707472
|
Heap-use-after-free in v8::internal::libc_memcpy
|
-
|
2017-07-11
|
707537
|
Use-of-uninitialized-value in OmniboxMetricsProvider::RecordOmniboxOpenedURL
|
-
|
2017-07-11
|
707595
|
Heap-use-after-free in v8::internal::libc_memcpy
|
-
|
2017-07-11
|
740615
|
Nonce stealing prevention (detecting "<script") bypass
|
-
|
2017-07-10
|
692731
|
Heap-use-after-free in xmlAddID
|
-
|
2017-07-10
|
691726
|
Security: Bypassing CORS restrictions using X-XSS-PROTECTION report value
|
-
|
2017-07-08
|
696623
|
Use-of-uninitialized-value in sse41::blit_row_s32a_opaque
|
-
|
2017-07-08
|
705008
|
Security: SEGV on unknown address 0x601ffe000c90 in SkNx_sse.h
|
-
|
2017-07-08
|
707146
|
Stack-use-after-return in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized
|
-
|
2017-07-08
|
706244
|
Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine
|
-
|
2017-07-07
|
706264
|
Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine
|
-
|
2017-07-07
|
706346
|
Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect
|
-
|
2017-07-07
|
706265
|
Use-of-uninitialized-value in CompositeRow_Argb2Argb
|
-
|
2017-07-07
|
706396
|
Use-of-uninitialized-value in CFX_Renderer::CompositeSpanARGB
|
-
|
2017-07-07
|
706525
|
Crash in __tsan::CallUserSignalHandler
|
-
|
2017-07-07
|
704352
|
Fix cross-origin security issue raised by PerformanceNavigationTiming.
|
-
|
2017-07-06
|
705938
|
Roll libxml to e905f08123e4a6e7731549e6f09dadff4cab65bd
|
-
|
2017-07-06
|
705912
|
Use-of-uninitialized-value in CFX_WideString::ReleaseBuffer
|
-
|
2017-07-06
|
705944
|
Roll libxslt to ac341cbd792ee572941cc9a66e73800219a1a386
|
-
|
2017-07-06
|
705158
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>
|
-
|
2017-07-05
|
705280
|
Use-of-uninitialized-value in sse2::blit_row_s32a_opaque
|
-
|
2017-07-05
|
705736
|
Use-of-uninitialized-value in SkPath::isRectContour
|
-
|
2017-07-05
|
648117
|
Security: Address bar spoof with location.replace()
|
$500
|
2017-07-04
|
704560
|
Security: Form field validation bubbles can appear over the wrong tab
|
$500
|
2017-07-04
|
705131
|
Heap-use-after-free in CFX_DIBitmap::PreMultiply
|
-
|
2017-07-04
|
703537
|
CVE Vulnerability of lib expat 2.1.0
|
-
|
2017-07-03
|
693338
|
Security: Heap-use-after-free in v8_inspector::protocol::Runtime::Frontend::consoleAPICalled
|
-
|
2017-07-01
|
693974
|
Corrupted memory use in blink::visualRectForDisplayItem
|
$1000
|
2017-07-01
|
705157
|
Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion
|
-
|
2017-07-01
|
686253
|
Security: Cross-origin pixel reading and history sniffing via SVG filter timing attack
|
$2000
|
2017-06-30
|
637228
|
Heap-buffer-overflow in big2_toUtf8
|
-
|
2017-06-30
|
640574
|
(expat) Use-of-uninitialized-value in little2_nameMatchesAscii
|
-
|
2017-06-30
|
692378
|
CSP bypass in domain "chrome://" via.bookmark?
|
-
|
2017-06-30
|
702934
|
Heap-use-after-free in cr_png_set_longjmp_fn
|
$3500
|
2017-06-30
|
704834
|
Heap-buffer-overflow in SkiaState::ClipRestore
|
-
|
2017-06-30
|
703170
|
Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants
|
-
|
2017-06-29
|
703397
|
Heap-buffer-overflow in load_rgb_from_tables<Order::kRGBA_Order>
|
-
|
2017-06-29
|
703508
|
Heap-buffer-overflow in gl::Framebuffer::getDrawBufferState
|
-
|
2017-06-29
|
703832
|
Bad-free in gpu::MemoryBufferBacking::~MemoryBufferBacking
|
-
|
2017-06-29
|
703861
|
Heap-buffer-overflow in gpu::gles2::SizedResult<unsigned int>::SetNumResults
|
-
|
2017-06-29
|
181623
|
Security: Prevent url spoofing that relies on the omnibox being narrow
|
-
|
2017-06-28
|
702138
|
CrOS: Vulnerability reported in dev-libs/libpcre
|
-
|
2017-06-28
|
702982
|
Bad-cast to const DOMUint8ClampedArray' (aka 'const DOMTypedArray<WTF::Uint8ClampedArray, v8::Uint8ClampedArray>') from blink::DOMTypedArray<WTF::Uint16Array, v8::Uint16Array>;blink::ImageData::ImageData;blink::ImageData::createImageData
|
-
|
2017-06-28
|
700330
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18
|
-
|
2017-06-27
|
700836
|
Security: SEGV on unknown address 0x7f9b9b71c828 in (anonymous namespace)::PixelAccessor
|
$1000
|
2017-06-27
|
703395
|
Heap-use-after-free in sqlite3DeleteTable
|
-
|
2017-06-27
|
698622
|
UaF outside the sandbox (Print in onunload)
|
$9337
|
2017-06-24
|
702058
|
Security: ZDI-CAN-4587 - chrome OOB read (pwn2own 2017)
|
-
|
2017-06-24
|
689931
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2017-06-23
|
694382
|
Security: Heap-use-after-free in PrintPreviewHandler::HandleGetPreview
|
$2000
|
2017-06-23
|
699166
|
Security: heap-buffer-overflow hashtable.
|
$3000
|
2017-06-23
|
701132
|
Security: Username/password information for other people available on my account
|
-
|
2017-06-22
|
695826
|
Security: type confusion in JSPropGetter of pdfium
|
$3000
|
2017-06-21
|
697486
|
Security: Heap-use-after-free in UsbChooserController::DisplayDevice
|
$5000
|
2017-06-21
|
698151
|
Use-of-uninitialized-value in net::HttpNetworkSession::SetServerPushDelegate
|
-
|
2017-06-21
|
700576
|
Bad-cast to CFX_DIBitmap from invalid vptr;CCodec_ProgressiveDecoder::ReSampleScanline;CCodec_ProgressiveDecoder::BmpReadScanline
|
-
|
2017-06-21
|
701616
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::SVGString::calculateAnimatedValue;blink::SVGAnimateElement::calculateAnimatedValue
|
-
|
2017-06-21
|
699819
|
Use-after-poison in blink::ExecutionContext::isContextDestroyed
|
-
|
2017-06-20
|
698455
|
Heap-use-after-free in blink::LayoutBlockFlow::addOverhangingFloats
|
-
|
2017-06-19
|
700578
|
Use-of-uninitialized-value in XSetWMSizeHints
|
-
|
2017-06-17
|
675450
|
Use-of-uninitialized-value in gl::GPUTimingImpl::DoTimeStampQuery
|
-
|
2017-06-16
|
690821
|
Security: Chrome accepts a certificate whose signature algorithms identifiers are different without any warning
|
$500
|
2017-06-16
|
672175
|
Crash in libgobject-2.0.so.0
|
-
|
2017-06-15
|
698593
|
Heap-use-after-free in _gdk_window_process_updates_recurse
|
-
|
2017-06-15
|
662767
|
Security: LayoutBlock Security DCHECK FAILED
|
$1000
|
2017-06-14
|
672847
|
Security: Address spoofing when switching away from tab and back
|
$2000
|
2017-06-14
|
694067
|
Security: Out-Of-Bound read in Flash PCRE (regex engine)
|
$2000
|
2017-06-14
|
698927
|
Security: Tab Crash is seen on closing chooser bubbles (USB/Bluetooth)
|
$500
|
2017-06-14
|
699105
|
Bad-cast to cc::PaintRecord from SkMiniPicture<SkRecords::DrawRect>;blink::GraphicsContext::endRecording;blink::DrawingRecorder::~DrawingRecorder
|
-
|
2017-06-14
|
619376
|
Crash in mojo::InterfacePtr<media::mojom::blink::ImageCapture>::reset
|
-
|
2017-06-13
|
697847
|
Security: heap-buffer-overflow in FlateUncompress
|
$1000
|
2017-06-13
|
698141
|
Heap-buffer-overflow in blink::readVersionEnvelope
|
-
|
2017-06-12
|
698497
|
Use-of-uninitialized-value in v8::internal::compiler::NodeCache<int, v8::base::hash<int>, std::__1::equal_to<i
|
-
|
2017-06-12
|
698166
|
Heap-use-after-free in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue
|
-
|
2017-06-12
|
698503
|
Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant
|
-
|
2017-06-12
|
697859
|
Stack-buffer-overflow in uloc_setKeywordValue_58
|
-
|
2017-06-09
|
695950
|
Heap-use-after-free in blink::LayoutBlockFlow::determineStartPosition
|
-
|
2017-06-08
|
696918
|
Heap-buffer-overflow in copyFTBitmap
|
-
|
2017-06-08
|
697191
|
Use-of-uninitialized-value in v8::internal::wasm::LEBHelper::write_i32v
|
-
|
2017-06-08
|
697380
|
Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant
|
-
|
2017-06-08
|
697530
|
Crash in v8::internal::JSArrayBuffer::cast
|
-
|
2017-06-08
|
697532
|
Crash in v8::internal::IsOutOfBoundsAccess
|
-
|
2017-06-08
|
697534
|
Crash in v8::internal::JSArrayBufferView::WasNeutered
|
-
|
2017-06-08
|
667032
|
Heap-buffer-overflow in bmp_decode_rle4
|
-
|
2017-06-07
|
675155
|
Bad-cast to CFX_DIBitmap from invalid vptr;XFACodecFuzzer::Fuzz;_start
|
-
|
2017-06-07
|
680883
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable
|
-
|
2017-06-07
|
681908
|
Use-of-uninitialized-value in FPDFAPI_inflate
|
-
|
2017-06-07
|
686434
|
Heap-buffer-overflow in ps_table_add
|
-
|
2017-06-07
|
687062
|
Memcpy-param-overlap in BDF_Face_Init
|
-
|
2017-06-07
|
688086
|
Use-of-uninitialized-value in base::internal::JSONParser::ConsumeNumber
|
-
|
2017-06-07
|
693942
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable
|
-
|
2017-06-07
|
694098
|
Stack-use-after-scope in SkGradientShaderBase::commonAsAGradient
|
-
|
2017-06-07
|
694566
|
Security: Crash with es6 modules and unresolvable cyclic export with export*
|
-
|
2017-06-07
|
696251
|
Heap-buffer-overflow in v8::internal::Invoke
|
$1500
|
2017-06-07
|
697269
|
Heap-buffer-overflow in ps_table_add
|
-
|
2017-06-07
|
688104
|
Stack-use-after-scope in ui::AXTree::DestroyNodeAndSubtree
|
-
|
2017-06-04
|
688876
|
Crash in v8::internal::Invoke
|
-
|
2017-06-04
|
696090
|
Heap-buffer-overflow in BilinearInterpFloat
|
-
|
2017-06-04
|
688655
|
Use-of-uninitialized-value in ogg_find_codec
|
-
|
2017-06-03
|
690219
|
Use-of-uninitialized-value in amr_read_header
|
-
|
2017-06-03
|
642691
|
Adobe Flash Player NetStream Use-After-Free Remote Code Execution Vulnerability
|
$3000
|
2017-06-02
|
678235
|
Use-of-uninitialized-value in EvalSegmentedFn
|
-
|
2017-06-02
|
688425
|
Security: www.google.fr marked as "secure" with a Microsoft SSL certificate
|
$3000
|
2017-06-02
|
693096
|
Use-of-uninitialized-value in base::time_internal::SaturatedAdd
|
-
|
2017-06-02
|
668724
|
Security: Out of Bound Write/Invalid Pointer Write while parsing PDF
|
$3000
|
2017-06-01
|
675617
|
Heap-buffer-overflow in TetrahedralInterpFloat
|
-
|
2017-06-01
|
670457
|
Security: [FG-VD-16-088] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability
|
$1000
|
2017-05-30
|
691323
|
Security: Information Leak in Array indexOf
|
$2000
|
2017-05-30
|
688987
|
Security: Heap Buffer OverFlow Vulnerability in Skia
|
$1000
|
2017-05-28
|
692761
|
Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::GetHelper
|
-
|
2017-05-28
|
692443
|
Use-of-uninitialized-value in blink::LayoutBoxModelObject::hasSelfPaintingLayer
|
-
|
2017-05-28
|
693072
|
Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::HandleGetBooleanv
|
-
|
2017-05-28
|
690775
|
Security: Heap-use-after-free in ShareServiceImpl::OnPickerClosed
|
$3000
|
2017-05-26
|
692274
|
Incorrect-function-pointer-type in gl::InitializeANGLEPlatform
|
-
|
2017-05-26
|
594004
|
Security: Adobe Flash Player PSDK Use After Free Vulnerability
|
$5000
|
2017-05-25
|
620961
|
Security: Adobe Flash MediaPlayerItemLoader.addEventListener Use After Free
|
$3000
|
2017-05-25
|
620966
|
Security: Adobe Flash MemoryProtector Heap Buffer Overflow
|
$3133
|
2017-05-25
|
669136
|
Security: [FG-VD-16-086] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability
|
$500
|
2017-05-25
|
668830
|
Security: [FG-VD-16-084] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability
|
$500
|
2017-05-25
|
690216
|
Heap-use-after-free in gpu::gles2::Texture::AddTextureRef
|
-
|
2017-05-25
|
691278
|
heap-buffer-overflow in fx_codec_progress.cpp in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback
|
-
|
2017-05-25
|
691339
|
Wild-access in blink::visualRectForDisplayItem
|
-
|
2017-05-25
|
692759
|
Use-of-uninitialized-value in gpu::gles2::TextureRef::TextureRef
|
-
|
2017-05-25
|
716044
|
V8: OOB write in Array.prototype.map builtin
|
-
|
2017-05-24
|
690218
|
Heap-buffer-overflow in blink::TextRun::codepointAtAndNext
|
-
|
2017-05-24
|
690875
|
Use-of-uninitialized-value in SkPDFShader::State::operator==
|
-
|
2017-05-23
|
691538
|
Crash in v8::internal::FixedArray::set
|
-
|
2017-05-23
|
691196
|
Bad-cast to blink::LayoutInline from blink::LayoutSVGText;blink::LineLayoutInline::lastLineBox;blink::LayoutBlockFlow::createLineBoxes
|
$3500
|
2017-05-21
|
609961
|
unprivileged renderers can send messages to arbitrary ports
|
-
|
2017-05-20
|
689507
|
Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
|
-
|
2017-05-20
|
681306
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18
|
-
|
2017-05-19
|
686481
|
Heap-use-after-free in blink::visualRectForDisplayItem
|
-
|
2017-05-19
|
688569
|
Security: Fix all ScriptWrappables stored in a static Persistent
|
-
|
2017-05-19
|
690744
|
Bad-cast to v8::internal::compiler::Operator1<v8::internal::DeoptimizeReason, v8::internal::compiler::OpEqualTo<v8::internal::DeoptimizeReason>, v8::internal::compiler::OpHash<v8::internal::DeoptimizeReason> > from v8::internal::compiler::CommonOperatorGlobalCache::DeoptimizeIfOperator<(v8::internal::DeoptimizeKind)0, (v8::internal::DeoptimizeReason)37>
|
-
|
2017-05-19
|
681785
|
CrOS: Vulnerability reported in net-nds/openldap
|
-
|
2017-05-18
|
683087
|
Heap-use-after-free in views::MenuController::Cancel
|
-
|
2017-05-18
|
684625
|
Security: CVE-2017-0403
|
-
|
2017-05-18
|
684626
|
Security: CVE-2017-0404
|
-
|
2017-05-18
|
690124
|
Security: Security bug in libtiff 4.0.6
|
-
|
2017-05-18
|
690139
|
Security: CVE-2016-8468
|
-
|
2017-05-18
|
674365
|
libtiff security holes unpatched in Chrome OS
|
-
|
2017-05-17
|
689078
|
Crash in memchr
|
-
|
2017-05-17
|
687614
|
Bad-cast to blink::BasePage from invalid vptr;v8::internal::GlobalHandles::Node::MakeWeak;blink::ScriptWrappable::setWrapper
|
-
|
2017-05-12
|
687826
|
Bad-cast to blink::BasePage from invalid vptr;blink::Document::updateStyleAndLayoutTree;blink::shouldRepaintCaret
|
-
|
2017-05-12
|
687908
|
Bad-cast to blink::BasePage from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>
|
-
|
2017-05-12
|
687958
|
Bad-cast to blink::BasePage from invalid vptr;blink::LocalFrame::spellChecker;blink::HTMLElement::attributeChanged
|
-
|
2017-05-12
|
677934
|
Security: Privilege escalation via command execution in crosh / top
|
$5000
|
2017-05-11
|
682135
|
Crash in blink::WebFrameWidgetImpl::handleMouseDown
|
-
|
2017-05-11
|
687844
|
window.external leaks the entire global object by way of the wrapper and also allows cross origin script access
|
-
|
2017-05-11
|
666229
|
Security: Storage Manager - Memory corruption in mojo::internal::InterfacePtrState::Swap()
|
$1000
|
2017-05-09
|
680409
|
Security: Spoofing location object by overriding Symbol.toPrimitive
|
$500
|
2017-05-09
|
682570
|
!escape_analysis_->IsVirtual(node) in escape-analysis-reducer.cc
|
-
|
2017-05-09
|
683040
|
Use-of-uninitialized-value in Decode
|
-
|
2017-05-09
|
683211
|
Use-of-uninitialized-value in av_malloc
|
-
|
2017-05-09
|
683406
|
Security: UAF in WorkerThreadableLoader in Blink
|
$3000
|
2017-05-09
|
685201
|
Crash in GetCombinedHistogramEntropy
|
-
|
2017-05-09
|
686387
|
Use-of-uninitialized-value in avio_seek
|
-
|
2017-05-09
|
683104
|
Heap-use-after-free in blink::FloatingObject::FloatingObject
|
-
|
2017-05-07
|
683845
|
Heap-use-after-free in layer
|
-
|
2017-05-06
|
683835
|
Bad-cast to blink::EventTarget from blink::Bluetooth;blink::V8EventTarget::toImpl;blink::EventTargetV8Internal::addEventListenerMethodCallback
|
-
|
2017-05-06
|
684407
|
<no crash state available>
|
-
|
2017-05-06
|
686027
|
Crash in v8::internal::Invoke
|
-
|
2017-05-06
|
682551
|
Global-buffer-overflow in CFDE_CSSTextBuf::GetChar
|
-
|
2017-05-05
|
683718
|
Crash in v8::internal::FixedArray::set
|
-
|
2017-05-05
|
685579
|
Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse
|
-
|
2017-05-05
|
678917
|
Making long string occurs crash
|
-
|
2017-05-04
|
681300
|
Crash in put1bitbwtile
|
-
|
2017-05-04
|
683156
|
Security: Signed Integer Overflow in pdfium (openjpeg)
|
-
|
2017-05-04
|
683629
|
Heap-buffer-overflow in xmlParseNameComplex
|
-
|
2017-05-04
|
684684
|
Email Subject: ZDI-CAN-4429: New Vulnerability Report
|
-
|
2017-05-04
|
685086
|
Crash in v8::internal::Simulator::DecodeType2
|
-
|
2017-05-04
|
685537
|
Crash in FromAddress
|
-
|
2017-05-04
|
675209
|
Crash in SkPixmap::erase
|
-
|
2017-05-03
|
679245
|
Desktop web payments crash when closing a tab
|
$500
|
2017-05-03
|
679641
|
Security: Out-of-bounds write in ChunkDemuxer (SAIO box)
|
$3000
|
2017-05-03
|
679640
|
Security: Out-of-bounds write in ChunkDemuxer (TRUN box)
|
$3000
|
2017-05-03
|
679645
|
Out-of-bounds write in ChunkDemuxer (ELST box)
|
$3000
|
2017-05-03
|
679646
|
Security: Out-of-bounds write in ChunkDemuxer (SBGP box)
|
$1000
|
2017-05-03
|
679647
|
Security: Out-of-bounds write in ChunkDemuxer (SGPD box)
|
$1000
|
2017-05-03
|
679653
|
Security: Out-of-bounds write in ChunkDemuxer (SDTP box)
|
$1000
|
2017-05-03
|
681351
|
Security: Heap-use-after-free in CPWL_Wnd::GetWindowMatrix
|
$5000
|
2017-05-03
|
683773
|
Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void
|
-
|
2017-05-03
|
673929
|
Security: WebGL - Arbitrary memory read/write in GLES2Implementation::TexImage3D
|
$2000
|
2017-05-02
|
680224
|
Heap-use-after-free in blink::LayoutBox::getPaginationBreakability
|
-
|
2017-05-02
|
682673
|
CSP bypass with * host in source expressions
|
-
|
2017-05-02
|
682873
|
Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse
|
-
|
2017-05-02
|
682909
|
Crash in v8::internal::StringCharacterStream::Reset
|
-
|
2017-05-02
|
682874
|
Crash in v8::internal::wasm::GrowWebAssemblyMemory
|
-
|
2017-05-02
|
683493
|
Stack-use-after-scope in blink::PropertyRegistry::registration
|
-
|
2017-05-02
|
683865
|
Global-buffer-overflow in blink::BindingSecurity::shouldAllowAccessTo
|
-
|
2017-05-02
|
683533
|
Use-of-uninitialized-value in SkOpAngle::insert
|
$1000
|
2017-05-02
|
682194
|
Security: Out-of-bounds read in V8 Array.concat
|
$7500
|
2017-05-01
|
683072
|
Bad-cast to test_runner::WebTestDelegatetest_runner::MockColorChooser::endChooser;blink::ColorChooserUIController::~ColorChooserUIController;blink::NormalPage::sweep
|
-
|
2017-05-01
|
678365
|
Security: chronos user local file read
|
$500
|
2017-04-29
|
681843
|
Security: Heap buffer overflow in V8 ValueDeserializer::ReadJSArrayBuffer()
|
$5500
|
2017-04-29
|
615585
|
Security: V2 apps can load web content in highly privileged app process
|
-
|
2017-04-28
|
648836
|
Defend against long-running service workers
|
-
|
2017-04-28
|
670720
|
Security: read heap overflow in libxslt xsltFunctionLocalTime()
|
$500
|
2017-04-28
|
677961
|
Heap-use-after-free in base::ObserverListBase<content::MediaSessionObserver>::begin
|
-
|
2017-04-28
|
678947
|
Use-of-uninitialized-value in OT::RangeRecord::cmp
|
-
|
2017-04-28
|
681423
|
Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo
|
-
|
2017-04-28
|
681350
|
Crash in base::PersistentMemoryAllocator::AllocateImpl
|
-
|
2017-04-28
|
681369
|
Heap-use-after-free in document
|
-
|
2017-04-28
|
681438
|
crashed caused by a READ memory access on different addresses
|
-
|
2017-04-28
|
682020
|
Security: WebGL - Use After Free in Buffer11::updateBufferStorage()
|
$5000
|
2017-04-28
|
682100
|
Use-after-poison in blink::ThreadHeap::popAndInvokeTraceCallback
|
-
|
2017-04-28
|
682219
|
Heap-use-after-free in base::WaitableEvent::TimedWaitUntil
|
-
|
2017-04-28
|
642490
|
Location Bar URL and SSL Spoofing Risk using "Confirm Form Resubmission" box and a targeted website which allow a redirect
|
$1000
|
2017-04-27
|
680376
|
Heap-buffer-overflow in CPDF_Document::FindPageIndex
|
-
|
2017-04-27
|
680941
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18
|
-
|
2017-04-27
|
681957
|
Security: CVE-2016-8399
|
-
|
2017-04-27
|
682585
|
Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse
|
-
|
2017-04-27
|
703750
|
Near-homoglyph whole-script IDN spoofing
|
-
|
2017-04-26
|
558462
|
Tracking bug for auditing
|
-
|
2017-04-26
|
558474
|
IPC Issues: Bad DCHECKs
|
-
|
2017-04-26
|
558476
|
PDFium audit
|
-
|
2017-04-26
|
652887
|
Non-web-accessible extension resource can be loaded into a web renderer process
|
-
|
2017-04-26
|
669086
|
Security: Circumvent CSP Header restrictions via about:blank
|
$1000
|
2017-04-26
|
676755
|
heap-buffer-overflow in SkPathRef::Iter::next
|
$5000
|
2017-04-26
|
677738
|
Container-overflow in void blink::TraceTrait<blink::HeapVectorBacking<blink::MediaKeySystemConfigurati
|
-
|
2017-04-26
|
677960
|
Heap-double-free in g_error_free
|
-
|
2017-04-26
|
679649
|
Security: potential UAF in pdfium timer
|
$500
|
2017-04-26
|
680244
|
Heap-buffer-overflow in xmlParseNameComplex
|
-
|
2017-04-26
|
679915
|
WebTaskRunner::postTask is thread unsafe
|
-
|
2017-04-26
|
680938
|
Crash in v8::internal::MemoryChunk::heap
|
-
|
2017-04-26
|
681324
|
Heap-use-after-free in ~ScopedMacroReenabler
|
-
|
2017-04-26
|
681462
|
Heap-use-after-free in views::MenuController::SetSelection
|
-
|
2017-04-26
|
606374
|
Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper
|
-
|
2017-04-25
|
679841
|
Stack-buffer-overflow in v8::internal::DoubleToRadixCString
|
$3500
|
2017-04-25
|
714628
|
Security: Additional whole-script confusable domain label spoofing (Cyrillic)
|
-
|
2017-04-24
|
679098
|
ImageLoader allows component rollbacks
|
-
|
2017-04-24
|
681420
|
Crash in v8::internal::Invoke
|
-
|
2017-04-24
|
679484
|
Security: CVE-2015-3288
|
-
|
2017-04-23
|
677800
|
Multiple Linux Kernel CVE vulnerability reports
|
-
|
2017-04-23
|
616698
|
Use-of-uninitialized-value in xmlDictLookup
|
-
|
2017-04-21
|
658194
|
Security: Promise constructor can be used to bypass Function constructor restrictions
|
-
|
2017-04-21
|
673297
|
[wasm] Illegal reuse of contexts
|
-
|
2017-04-21
|
675203
|
Stack-buffer-overflow in AffixMgr::defcpd_check
|
-
|
2017-04-21
|
677716
|
Security: Address spoofing in Omnibox with HTTPS lock
|
$2000
|
2017-04-21
|
679485
|
Security: CVE-2016-7042
|
-
|
2017-04-21
|
679490
|
Security: CVE-2016-9754
|
-
|
2017-04-21
|
679643
|
Security: Use after free in PDFium's Annot::name
|
$3500
|
2017-04-21
|
679492
|
Security: CVE-2014-9420
|
-
|
2017-04-21
|
680609
|
Crash in v8::internal::Invoke
|
-
|
2017-04-21
|
680882
|
Use-of-uninitialized-value in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer
|
-
|
2017-04-21
|
680633
|
Crash in heap
|
-
|
2017-04-21
|
653071
|
Use-of-uninitialized-value in TIFFReadDirectoryCheckOrder
|
-
|
2017-04-20
|
653095
|
Use-of-uninitialized-value in TIFFReadDirectory
|
-
|
2017-04-20
|
656621
|
Crash in put1bitbwtile
|
-
|
2017-04-20
|
667093
|
Use-of-uninitialized-value in TIFFFillTile
|
-
|
2017-04-20
|
666973
|
Use-of-uninitialized-value in TIFFReadDirEntryCheckedRational
|
-
|
2017-04-20
|
668851
|
Use-of-uninitialized-value in tiff_read
|
-
|
2017-04-20
|
669035
|
Use-of-uninitialized-value in decode_mcu_fast
|
-
|
2017-04-20
|
670928
|
Use-of-uninitialized-value in tiff_seek
|
-
|
2017-04-20
|
676294
|
Use-of-uninitialized-value in TIFFReadDirEntryFloatArray
|
-
|
2017-04-20
|
676975
|
Security: Chrome webm rendering on OS X includes image artifacts from video memory
|
$500
|
2017-04-20
|
676853
|
Use-of-uninitialized-value in FPDFAPI_inflate
|
-
|
2017-04-20
|
677047
|
Use-of-uninitialized-value in TIFFFindField
|
-
|
2017-04-20
|
678035
|
Security: chrome-devtools protocol allows to read the content of C:\ drive
|
-
|
2017-04-20
|
678551
|
Use-of-uninitialized-value in chromium_jpeg_make_d_derived_tbl
|
-
|
2017-04-20
|
678461
|
Security: PDFium OpenJPEG Use-After-Free Vulnerability
|
$3000
|
2017-04-20
|
679230
|
Use-of-uninitialized-value in TIFFFetchNormalTag
|
-
|
2017-04-20
|
679642
|
Security: Use after free in PDFium's Field::page
|
$3000
|
2017-04-20
|
680313
|
Heap-use-after-free in v8::internal::Scope::is_function_scope
|
-
|
2017-04-20
|
662769
|
use-after-poison content::WebURLLoaderImpl::Context::OnReceivedResponse
|
-
|
2017-04-19
|
663549
|
Security: [FG-VD-16-075] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability
|
$500
|
2017-04-19
|
663551
|
Security: [FG-VD-16-076] Adobe Flash Player Handling ATF Heap Overflow Vulnerability
|
$500
|
2017-04-19
|
664756
|
Security: Crash in Adobe Flash Player (24.0.0.154)
|
$500
|
2017-04-19
|
679937
|
Crash in v8::internal::MemoryChunk::heap
|
-
|
2017-04-19
|
678529
|
Heap-buffer-overflow in _get_bitmap_surface
|
-
|
2017-04-19
|
712246
|
Security: CSS :visited with mix-blend-mode can leak browser history
|
-
|
2017-04-19
|
683314
|
Security: Whole-script confusable domain label spoofing (Cyrillic)
|
$2000
|
2017-04-19
|
620679
|
Heap-buffer-overflow in xmlDictComputeFastKey
|
-
|
2017-04-18
|
675205
|
Heap-use-after-free in blink::visualRectForDisplayItem
|
-
|
2017-04-18
|
678706
|
Potential execution of script inside forbidden scope in Animation
|
-
|
2017-04-18
|
669395
|
Use-of-uninitialized-value in syncsearch
|
-
|
2017-04-15
|
675444
|
Heap-buffer-overflow in S32_opaque_D32_filter_DX_SSSE3
|
-
|
2017-04-15
|
678962
|
Bad-cast to safe_browsing::DownloadFileType from invalid vptr;blink::intMod;blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset
|
-
|
2017-04-15
|
667079
|
Security: Information Leak through XSS Auditor
|
$500
|
2017-04-14
|
675109
|
Heap-use-after-free in cc::SurfaceManager::Destroy
|
-
|
2017-04-14
|
677377
|
Use-of-uninitialized-value in FPDFAPI_inflate_fast
|
-
|
2017-04-14
|
668138
|
Use-of-uninitialized-value in OT::RangeRecord::cmp
|
-
|
2017-04-13
|
675150
|
Heap-use-after-free in app_list::TileItemView::SetSelected
|
-
|
2017-04-13
|
676884
|
Heap-buffer-overflow in GrTextUtils::DrawBmpPosText
|
-
|
2017-04-13
|
676921
|
Security: XSS in https://chromium-cq-status.appspot.com
|
-
|
2017-04-13
|
676886
|
Crash in v8::internal::FixedArray::set
|
-
|
2017-04-13
|
676974
|
Heap-use-after-free in blink::LayoutObject::visualRect
|
-
|
2017-04-13
|
653555
|
Security: Stealing data cross domain using proxies and stealing JSON data using UTF-16BE
|
$3000
|
2017-04-12
|
677859
|
Bad-cast to v8::internal::compiler::Operatoropcode;v8::internal::compiler::EscapeStatusAnalysis::Process;v8::internal::compiler::EscapeStatusAnalysis::RunStatusAnalysis
|
-
|
2017-04-12
|
662859
|
Security: chrome-devtools protocol allows to read the content of C:\ drive
|
$3000
|
2017-04-11
|
676767
|
Use-after-poison in v8::internal::compiler::Node::RemoveUse
|
-
|
2017-04-11
|
677395
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2017-04-07
|
675176
|
Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::LayoutInline::addChildIgnoringContinuation;blink::LayoutBox::clientLeft
|
-
|
2017-04-05
|
675124
|
Bad-cast to blink::LayoutBox from blink::LayoutRubyAsInline;blink::LayoutObject::isRubyRun;blink::LayoutRubyAsInline::addChild
|
-
|
2017-04-05
|
677055
|
Bad-cast to icu_58::DateFormat from icu_58::DecimalFormat;__RT_impl_Runtime_InternalDateFormatToParts;v8::internal::Runtime_InternalDateFormatToParts
|
-
|
2017-04-05
|
671102
|
Security: Universal XSS through bypassing ScopedPageSuspender with closing windows
|
$8837
|
2017-04-04
|
676560
|
Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::dispatchTraceWrappers;blink::ScriptWrappableVisitor::AdvanceTracing
|
-
|
2017-04-01
|
676876
|
Use-after-poison in blink::HTMLFormElement::reset
|
-
|
2017-04-01
|
676587
|
Crash in v8::internal::Invoke
|
-
|
2017-03-31
|
671932
|
Security: non-interactive request forcing
|
$1000
|
2017-03-30
|
673971
|
Security: Unicode hyphens in domain names are not blacklisted
|
$2000
|
2017-03-30
|
674472
|
CrOS: Vulnerability reported in app-arch/tar
|
-
|
2017-03-30
|
675178
|
Heap-use-after-free in password_manager::FormFetcherImpl::OnGetPasswordStoreResults
|
-
|
2017-03-30
|
675332
|
Security: heap-buffer-overflow in SkAlphaThresholdFilterImpl::onFilterImage
|
$2000
|
2017-03-30
|
676276
|
Use-of-uninitialized-value in SkOpBuilder::FixWinding
|
-
|
2017-03-30
|
673170
|
Security: Universal XSS using late widget updates
|
$8000
|
2017-03-29
|
675122
|
Crash in mbsnrtowcs
|
-
|
2017-03-29
|
675237
|
Use-after-poison in blink::HTMLFormElement::reset
|
-
|
2017-03-29
|
675208
|
Crash in memchr
|
-
|
2017-03-29
|
675900
|
Use-of-uninitialized-value in SkOpContour::rayCheck
|
-
|
2017-03-29
|
676060
|
Use-of-uninitialized-value in approximately_between
|
-
|
2017-03-29
|
634108
|
Security: Hijack navigation and spoofed alert dialog via. unbeforeload
|
$500
|
2017-03-28
|
666858
|
No drag-and-drop events should fire in a same-page, cross-site frame (wrt drag source)
|
-
|
2017-03-28
|
667142
|
AddressSanitizer: FPE v8/src/source-position-table.cc:37:9
|
-
|
2017-03-28
|
671328
|
Security DCHECK failed: offset + length <= impl.length() in StringView.h
|
-
|
2017-03-28
|
675320
|
Heap-double-free in CPDF_StreamParser::ReadInlineStream
|
-
|
2017-03-28
|
675132
|
Use-of-uninitialized-value in SkOpPtT::addOpp
|
-
|
2017-03-28
|
668102
|
Use-of-uninitialized-value in fclamp
|
-
|
2017-03-27
|
668814
|
Use-of-uninitialized-value in EvalSegmentedFn
|
-
|
2017-03-27
|
665054
|
Heap-buffer-overflow in TetrahedralInterpFloat
|
-
|
2017-03-26
|
675118
|
Use-of-uninitialized-value in __msan::MsanAllocate
|
-
|
2017-03-26
|
675195
|
Use-of-uninitialized-value in __msan::MsanAllocate
|
-
|
2017-03-26
|
653461
|
Use-of-uninitialized-value in pr_UnlockedFindLibrary
|
-
|
2017-03-25
|
666284
|
Security: renderer->extension privesc via sync
|
-
|
2017-03-25
|
666441
|
Heap-use-after-free in SkCanvas::getDevice
|
-
|
2017-03-25
|
675072
|
Stack-buffer-overflow in SkOpEdgeBuilder::walk
|
-
|
2017-03-25
|
676623
|
Security: libxslt generation of text nodes integer overflow
|
$3000
|
2017-03-24
|
670596
|
Security: Same-name function declaration can overwrite window.location in Chrome 50+
|
-
|
2017-03-24
|
674203
|
Security: Merge general javascript: UXSS fix to beta / stable
|
-
|
2017-03-24
|
624343
|
Crash in SuggestMgr::leftcommonsubstring
|
-
|
2017-03-23
|
641841
|
Stack-buffer-overflow in Hunspell::suggest
|
-
|
2017-03-23
|
673163
|
Security: Form validation bubbles allow spoofing on other tabs
|
$1000
|
2017-03-23
|
672791
|
Crash in v8::internal::FixedArray::set
|
-
|
2017-03-23
|
673336
|
Security: Stack-buffer-overflow in (anonymous namespace)::CalculateString
|
$1000
|
2017-03-23
|
649270
|
Use-of-uninitialized-value in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue
|
-
|
2017-03-22
|
663614
|
Stack-buffer-overflow in Hunspell::suggest
|
-
|
2017-03-22
|
673244
|
Crash in v8::internal::Simulator::DecodeType2
|
$3000
|
2017-03-21
|
668552
|
Security: Universal XSS by polluting private scripts with named properties
|
$8000
|
2017-03-19
|
598812
|
Security: Flash file creation omits Mark-of-the-Web, bypassing SmartScreen/AES
|
-
|
2017-03-17
|
643950
|
Security: FFMPEG MP4 Decoder chrome_child!mov_read_hdlr heap allocation wrap
|
-
|
2017-03-17
|
663248
|
Security: Web Worker - Memory corruption in CrossThreadPersistentRegion::prepareForThreadStateTermination()
|
-
|
2017-03-17
|
643951
|
Security: FFMPEG MP4 Decoder chrome_child!mov_read_uuid heap allocation wrap
|
-
|
2017-03-16
|
643952
|
Security: FFMPEG MP4 Decoder - Non-exploitable issues (3 Issues: 2 heap allocation wraps, and ~out-of-bounds access)
|
-
|
2017-03-16
|
474050
|
Web content can navigate to chrome-extension:// pages
|
-
|
2017-03-15
|
554518
|
Security: any UXSS bug on Android can be turned into a persistent RCE bug via the play store
|
-
|
2017-03-15
|
664551
|
Pwnfest 2016 meta bug
|
-
|
2017-03-15
|
670927
|
Heap-use-after-free in void blink::PODIntervalTree<blink::LayoutUnit, blink::FloatingObject*>::searchFo
|
-
|
2017-03-15
|
671312
|
Use-after-poison in webrtc::BitrateAllocation::SetBitrate
|
-
|
2017-03-15
|
671037
|
Use-after-poison in blink::WebSocketHandleImpl::OnFailChannel
|
-
|
2017-03-14
|
671327
|
Heap-use-after-free in blink::LayoutObject::visualRect
|
-
|
2017-03-14
|
644632
|
Component cloud policy signature validation missing
|
-
|
2017-03-11
|
663620
|
Bypass unsafe-inline mode CSP
|
-
|
2017-03-11
|
670240
|
Heap-use-after-free in data_use_measurement::ChromeDataUseAscriber::ReadyToCommitMainFrameNavigation
|
-
|
2017-03-11
|
656188
|
Chrome allows kiosk app user to create directories and files without the app's knowledge
|
-
|
2017-03-10
|
668907
|
Heap-buffer-overflow in SkAlphaRuns::Break
|
-
|
2017-03-10
|
669439
|
CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8
|
-
|
2017-03-10
|
669392
|
Heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels
|
-
|
2017-03-10
|
670438
|
Use-of-uninitialized-value in net::LayeredNetworkDelegate::OnURLRequestDestroyed
|
-
|
2017-03-10
|
670546
|
Heap-buffer-overflow in SkColorSpaceXform_XYZ<
|
-
|
2017-03-10
|
656752
|
Security: Can navigate to attacker-created blob/filesystem URLs in chrome-extension process
|
-
|
2017-03-09
|
666714
|
Onbeforeunload use after free
|
$2000
|
2017-03-09
|
669534
|
Heap-use-after-free in printing::PrintWebViewHelper::OnMessageReceived
|
$1500
|
2017-03-09
|
647602
|
Heap-use-after-free in blink::LayoutTextFragment::setTextFragment
|
-
|
2017-03-08
|
666616
|
Heap-use-after-free in printing::PrintWebViewHelper::RequestPrintPreview
|
-
|
2017-03-08
|
667504
|
WebRTC UsingFlexibleMode OOB memory write from picture id
|
$3000
|
2017-03-08
|
668553
|
Bad-cast to blink::LayoutBox from blink::LayoutBR;blink::PaintLayer::setNeedsCompositingInputsUpdate;blink::RootScrollerController::recomputeEffectiveRootScroller
|
-
|
2017-03-08
|
668665
|
Security: XSS in chrome://apps (NTP) after drag and drop
|
$500
|
2017-03-08
|
668653
|
Security: XSS in chrome://downloads, enables extensions to run any program
|
$5000
|
2017-03-08
|
668784
|
Heap-buffer-overflow in table_r
|
$1500
|
2017-03-08
|
649359
|
Shill proxy crash due to failure to set MSG_NOSIGNAL flag
|
-
|
2017-03-07
|
667493
|
Minijail tty hijacking via TIOCSTI
|
$500
|
2017-03-07
|
668750
|
Bad-cast to blink::DOMExceptionblink::GarbageCollectedFinalized<blink::DOMException>::finalizeGarbageCollectedObject;blink::NormalPage::sweep;blink::BaseArena::sweepUnsweptPage
|
-
|
2017-03-07
|
668848
|
Use-after-poison in blink::EventListenerIterator::nextListener
|
-
|
2017-03-07
|
668970
|
Security: Debugger API exposes UA shadow trees, and can cause bad-casts
|
-
|
2017-03-07
|
668510
|
Crash in v8::internal::DoubleToRadixCString
|
$500
|
2017-03-04
|
667044
|
Use-of-uninitialized-value in dec_build_inter_predictors
|
-
|
2017-03-03
|
668337
|
Heap-use-after-free in v8_inspector::protocol::Runtime::DispatcherImpl::evaluate
|
-
|
2017-03-03
|
656485
|
Security: Buffer Overflow in glBindBuffer
|
$1000
|
2017-03-01
|
663476
|
Security: Universal XSS through removing link elements
|
$7500
|
2017-03-01
|
666246
|
UA shadow DOM leak causes bad-cast to blink::HTMLSelectElement from blink::Text;blink::HTMLKeygenElement::shadowSelect;blink::HTMLKeygenElement::parseAttribute
|
-
|
2017-03-01
|
666794
|
Global-buffer-overflow in libopus_decode_init
|
-
|
2017-03-01
|
666770
|
Heap-buffer-overflow in ff_index_search_timestamp
|
-
|
2017-03-01
|
666874
|
Use-of-uninitialized-value in check
|
-
|
2017-03-01
|
667068
|
Use-of-uninitialized-value in fclamp
|
-
|
2017-03-01
|
667092
|
Use-of-uninitialized-value in EvalSegmentedFn
|
-
|
2017-03-01
|
667260
|
Heap-buffer-overflow in unibrow::Utf8::CalculateValue
|
-
|
2017-03-01
|
667695
|
Heap-buffer-overflow in table
|
-
|
2017-03-01
|
667694
|
Heap-buffer-overflow in SetMatShaper
|
-
|
2017-03-01
|
666803
|
Double-delete possible in WiFiDisplayMediaServiceImpl / WiFiDisplaySessionServiceImpl
|
-
|
2017-02-28
|
667157
|
Use-of-uninitialized-value in v8::internal::compiler::Node::New
|
-
|
2017-02-27
|
666658
|
Crash in v8::internal::Invoke
|
-
|
2017-02-27
|
658267
|
Use-after-poison in v8::internal::List<v8::internal::FuncNameInferrer::Name, v8::internal::ZoneAlloc
|
-
|
2017-02-26
|
663726
|
Use-after-free in ChromeExtensionsBrowserClient::GetOriginalContext upon opening menu after switching from incognito mode
|
-
|
2017-02-26
|
666486
|
Use-of-uninitialized-value in unibrow::Utf8::CalculateValue
|
-
|
2017-02-25
|
666516
|
Heap-buffer-overflow in unibrow::Utf8::CalculateValue
|
-
|
2017-02-25
|
666517
|
Heap-buffer-overflow in unibrow::Utf8::CalculateValue
|
-
|
2017-02-25
|
662730
|
Stack-buffer-overflow in MaskAdditiveBlitter
|
-
|
2017-02-22
|
661126
|
meta bug: Bypass unsafe-inline mode CSP
|
-
|
2017-02-22
|
662780
|
Heap-buffer-overflow in next
|
-
|
2017-02-22
|
655902
|
User-created BeforeInstallPromptEvent crashes when preventDefault() called
|
-
|
2017-02-21
|
661413
|
Security: (libANGLE) Buffer Overflow in glUniform*v
|
-
|
2017-02-21
|
660498
|
Security: Temporary addressbar spoof with PDF navigation to sites with long response time
|
$2000
|
2017-02-21
|
664139
|
Security: Bad-Casting in ArrayBuffer resulting in Out-Of-Bounds write vulnerability
|
$5000
|
2017-02-21
|
664713
|
Heap-use-after-free in app_list::TileItemView::SetSelected
|
-
|
2017-02-20
|
654090
|
Security: libicu has buffer overflow in path traversal code
|
-
|
2017-02-19
|
664284
|
Bad-cast to CPDF_Object from invalid vptr;CPDF_Creator::InitNewObjNumOffsets;CPDF_Creator::WriteDoc_Stage1
|
-
|
2017-02-19
|
664411
|
Pwnfest 2016: Chrome V8 Private Property Re-assign issue (bug in fast-path of Object.assign)
|
-
|
2017-02-18
|
660854
|
Security: Incorrect validation of CopyBufferSubData in ANGLE
|
$1000
|
2017-02-17
|
664469
|
Crash in v8::internal::Simulator::DecodeType3
|
-
|
2017-02-17
|
649645
|
Security: BroadcastChannel - Use After Free in WeakReference::is_valid()
|
$1000
|
2017-02-16
|
659474
|
Pwn2own meta bug
|
-
|
2017-02-16
|
662905
|
Heap-buffer-overflow in Break
|
-
|
2017-02-16
|
663362
|
Use-after-poison in blink::IdTargetObserverRegistry::removeObserver
|
-
|
2017-02-16
|
663402
|
Security: [arm] OOB r/w due to size computation bug in MacroAssembler::Allocate
|
-
|
2017-02-16
|
663795
|
Heap-buffer-overflow in LinLerp1Dfloat
|
-
|
2017-02-16
|
664023
|
Stack-buffer-overflow in IccLib_Translate
|
-
|
2017-02-16
|
630332
|
CSP form-action seems to be ignored if target="_blank"
|
-
|
2017-02-15
|
649118
|
TURN (via WebRTC) with via STUN_ERROR_TRY_ALTERNATE allows TCP connection with attacker-controlled data to localhost
|
-
|
2017-02-15
|
654265
|
Heap-buffer-overflow in BilinearInterpFloat
|
-
|
2017-02-15
|
663048
|
<a ping="..."> should be covered by connect-src CSP directive
|
$500
|
2017-02-15
|
663666
|
Heap-use-after-free in CPDFSDK_WidgetHandler::ReleaseAnnot
|
-
|
2017-02-15
|
663609
|
Crash in equal<blink::Member<blink::IdTargetObserver>,
|
-
|
2017-02-15
|
657282
|
Heap-buffer-overflow in TetrahedralInterpFloat
|
-
|
2017-02-14
|
662303
|
Bad-cast to blink::TraceWrapperV8Reference<v8::Value> from blink::TraceWrapperV8Reference<v8::Object>;blink::reportFatalErrorInMainThread;v8::Utils::ReportApiFailure
|
-
|
2017-02-14
|
662775
|
Crash in void Sk4px::MapDstSrcAlpha<Sk4px
|
-
|
2017-02-14
|
663194
|
Crash in sse2::blit_row_color32
|
-
|
2017-02-14
|
662410
|
Crash in v8::internal::Invoke
|
-
|
2017-02-13
|
659492
|
Android content: scheme allows cross-origin data exfiltration
|
-
|
2017-02-11
|
660760
|
Use-after-poison in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2017-02-11
|
652209
|
Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewAura
|
-
|
2017-02-10
|
654172
|
Security: PDFium (LibTIFF / XFA) Heap Buffer Overflow in FPDFAPI_inflate
|
-
|
2017-02-10
|
660262
|
Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak
|
-
|
2017-02-10
|
640191
|
Security: type confusion vulnerability in flash player latest version
|
$3000
|
2017-02-09
|
645150
|
Heap-buffer-overflow in v8::internal::Simulator::DecodeType3
|
-
|
2017-02-09
|
658440
|
Attempting free in buffer_replace
|
-
|
2017-02-09
|
660678
|
expose() leaks privateClass via Object[@@hasInstance]
|
$1000
|
2017-02-09
|
661058
|
Bad-cast to v8::Platform::TraceStateObserver from v8::tracing::TracingCategoryObserverImpl;blink::Node::mutationObserverRegistry;blink::Node::unregisterMutationObserver
|
-
|
2017-02-09
|
659489
|
Pwn2Own: content: scheme allows cross-origin info leaks
|
-
|
2017-02-07
|
658555
|
Heap-use-after-free in pp::MacroExpander::pushMacro
|
-
|
2017-02-06
|
660685
|
Stack-buffer-overflow in MaskAdditiveBlitter
|
-
|
2017-02-05
|
659594
|
Use-of-uninitialized-value in base::Pickle::WriteBytes
|
-
|
2017-02-04
|
615851
|
Security: Timing attack on denormalized floating point arithmetic in SVG filters circumvents same-origin policy
|
-
|
2017-02-03
|
655152
|
Heap-buffer-overflow in FPDFAPI_inflate_fast
|
-
|
2017-02-03
|
658494
|
Heap-buffer-overflow in FPDFAPI_inflate
|
-
|
2017-02-03
|
657568
|
Security: Heap-use-after-free in InspectedContext::createInjectedScript
|
$1500
|
2017-02-03
|
657720
|
Security:Chrome Address Bar URL Spoofing
|
$500
|
2017-02-03
|
653749
|
Security: Bypass of same-origin policy via range requests in PDF plugin
|
$7500
|
2017-02-02
|
658584
|
Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo
|
-
|
2017-02-02
|
658516
|
Heap-buffer-overflow in v8::internal::wasm::WasmDecoder::OpcodeLength
|
-
|
2017-02-02
|
658114
|
Security: V8 OOB read/write in asm.js
|
$5000
|
2017-02-02
|
659361
|
Stack-buffer-overflow in tls1_set_curves
|
-
|
2017-02-02
|
659475
|
Pwn2Own: V8 OOB Bug.
|
-
|
2017-02-02
|
659477
|
Pwn2own: RenderViewImpl::LaunchAndroidContentIntent in renderer can open arbitrary content intent scheme urls
|
-
|
2017-02-02
|
625878
|
Security: libsrtp is out of date and there are at least 2 known bugs in it
|
-
|
2017-02-01
|
656817
|
Use-after-poison in virtual thunk to blink::Document::isHeapObjectAlive
|
-
|
2017-02-01
|
658535
|
Security: Universal XSS using an <input type="color"> element
|
$7500
|
2017-02-01
|
627748
|
Security: libsrtp uses a non-constant-time HMAC comparison
|
-
|
2017-01-31
|
653134
|
Security: chrome-devtools protocol allows to read the content of C:\ drive
|
$3000
|
2017-01-31
|
653656
|
Heap-buffer-overflow in WebRtcSpl_MaxIndexW16
|
-
|
2017-01-31
|
625475
|
Security: type confusion in GuestViewInternalCustomBindings::RegisterElementResizeCallback
|
-
|
2017-01-28
|
655904
|
Security: Universal XSS via fullscreen element updates
|
$7500
|
2017-01-28
|
656823
|
Heap-use-after-free in v8_inspector::V8ConsoleMessage::reportToFrontend
|
-
|
2017-01-28
|
658037
|
Sync client -> server protection vulnerable to CRIME attack.
|
-
|
2017-01-28
|
656314
|
Heap-use-after-free in blink::ScrollAnchor::clear
|
-
|
2017-01-27
|
657740
|
Use-after-poison in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2017-01-27
|
657411
|
Crash in SkOpSpanBase::segment
|
-
|
2017-01-27
|
657793
|
Use-of-uninitialized-value in ChromeSecurityStateModelClient::GetSecurityStyle
|
-
|
2017-01-27
|
657862
|
Heap-use-after-free in base::debug::TaskAnnotator::RunTask
|
-
|
2017-01-27
|
657863
|
Use-of-uninitialized-value in content::IndexedDBCallbacks::IOThreadHelper::SendSuccessInteger
|
-
|
2017-01-27
|
646610
|
Security: Universal XSS using OOPIF
|
$7500
|
2017-01-26
|
655686
|
Chrome: Crash Report - content::WebContents::FromRenderFrameHost
|
-
|
2017-01-26
|
657281
|
Bad-cast to content::RenderFrameHostImpl from invalid vptr
|
-
|
2017-01-26
|
657724
|
Heap-use-after-free in content::WebContents::FromRenderFrameHost
|
-
|
2017-01-26
|
656274
|
Security: Cross-origin object leak via fetch
|
$5000
|
2017-01-25
|
643948
|
Security: chrome_child!mov_read_keys - Heap corruption as a result of an off-by-1 zero allocation
|
$5500
|
2017-01-24
|
650232
|
Security: Sandbox blocking of navigation dangerous when victim uses JavaScript: urls
|
-
|
2017-01-24
|
652548
|
Security: UNKNOWN in v8::internal::GlobalHandles::Node::Release
|
$500
|
2017-01-24
|
654676
|
Crash in LinLerp1Dfloat
|
-
|
2017-01-24
|
654983
|
Use-of-uninitialized-value in webrtc::DspHelper::PeakDetection
|
-
|
2017-01-24
|
656132
|
Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary
|
-
|
2017-01-24
|
655990
|
Heap-use-after-free in PDF_CreatorAppendObject
|
-
|
2017-01-24
|
656161
|
Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary
|
-
|
2017-01-24
|
656162
|
Heap-use-after-free in CPDF_Dictionary::GetDirectObjectFor
|
-
|
2017-01-24
|
654183
|
Security: PDFium (XFA) Heap Buffer Overflow in CWeightTable::Calc
|
$3500
|
2017-01-23
|
655632
|
Heap-use-after-free in blink::LayoutGrid::layoutBlock
|
-
|
2017-01-23
|
656282
|
Heap-use-after-free in CPDF_Object::Release
|
-
|
2017-01-22
|
629774
|
Security: Integer overflow in use counter of scoped pointers.
|
-
|
2017-01-21
|
652276
|
Iframe Spoofing via subframe navigation
|
-
|
2017-01-21
|
654199
|
Heap-use-after-free in content::VideoCaptureController::RemoveClient
|
-
|
2017-01-21
|
654280
|
Security: Use of unvalidated URL in PDF viewer
|
$2500
|
2017-01-21
|
654279
|
Security: PDFs can navigate to file:-URLs
|
$1000
|
2017-01-21
|
655973
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2017-01-21
|
655991
|
Heap-buffer-overflow in chrome_pdf::PDFiumEngine::Form_GetCurrentPage
|
-
|
2017-01-21
|
655672
|
Crash in SkBitmap::copyPixelsTo
|
-
|
2017-01-20
|
652038
|
Security: PDFium Signed Integer Overflow Bug
|
-
|
2017-01-19
|
653090
|
Security: Heap-use-after-free in Field::UpdateFormField
|
$3000
|
2017-01-19
|
653459
|
Use-of-uninitialized-value in CPDFSDK_WidgetHandler::ReleaseAnnot
|
-
|
2017-01-18
|
654272
|
Heap-use-after-free in CFX_SystemHandler::KillTimer
|
-
|
2017-01-18
|
654198
|
Use-of-uninitialized-value in EvalSegmentedFn
|
-
|
2017-01-18
|
654308
|
Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak
|
-
|
2017-01-18
|
630372
|
Crash in base::debug::StackDumpExceptionFilter
|
-
|
2017-01-17
|
653779
|
Captive portal interstitial shows neutral (i) icon, not red triangle
|
-
|
2017-01-17
|
654668
|
Use-of-uninitialized-value in _start
|
-
|
2017-01-17
|
653748
|
Security: uprev libcurl to 7.50.3
|
-
|
2017-01-16
|
653484
|
Heap-use-after-free in media::DecryptingDemuxerStream::~DecryptingDemuxerStream
|
-
|
2017-01-15
|
637459
|
Security: ping attribute in href is not following spec, leads to information disclosure
|
-
|
2017-01-14
|
653610
|
Security: Internal functions leaked when DevTools is open
|
$1000
|
2017-01-14
|
622323
|
WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
|
-
|
2017-01-13
|
653034
|
Security: Leaking referrer using iframe (with referrer policy turned on)
|
-
|
2017-01-13
|
653298
|
Double-delete in BatteryMonitorImpl
|
-
|
2017-01-13
|
651142
|
Use-after-poison in blink::IndexedDBClient::from
|
-
|
2017-01-12
|
651702
|
Use-after-poison in blink::LocalFileSystem::from
|
-
|
2017-01-12
|
651849
|
Use-of-uninitialized-value in EvalSegmentedFn
|
-
|
2017-01-12
|
653096
|
Use-of-uninitialized-value in AddValueForStrcmp
|
-
|
2017-01-12
|
599865
|
Heap-buffer-overflow in parse_encoding
|
-
|
2017-01-11
|
621836
|
Negative-size-param in XFACodecFuzzer::Reader::ReadBlock
|
-
|
2017-01-11
|
633885
|
cross-origin restriction bypass in track tag src
|
$1000
|
2017-01-11
|
643982
|
Heap-use-after-free in base::subtle::RefCountedThreadSafeBase::Release
|
-
|
2017-01-11
|
644963
|
Security: Read Access Violation on Control Flow at content::devtools::service_worker::ServiceWorkerHandler::UpdateHosts
|
$500
|
2017-01-11
|
645075
|
Heap-use-after-free in content::OutputDeviceBacking::UnregisterOutputDevice
|
-
|
2017-01-11
|
648062
|
Crash in default_terminate_handler
|
-
|
2017-01-11
|
651094
|
Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer
|
-
|
2017-01-11
|
639126
|
Security: UXSS introduced through bookmark containing user information
|
$500
|
2017-01-10
|
649340
|
Heap-use-after-free in blink::PaintLayerScrollableArea::deregisterForAnimation
|
-
|
2017-01-10
|
651166
|
Security: Buffer overread in Devtools / Blink JSON parsers
|
-
|
2017-01-10
|
651632
|
Use-of-uninitialized-value in TIFFFetchDirectory
|
-
|
2017-01-10
|
652103
|
Security: Heap-use-after-free in CPDFSDK_Document::RemovePageView
|
$3000
|
2017-01-10
|
652127
|
Use-of-uninitialized-value in blink::PropertyHandle::operator==
|
$2500
|
2017-01-10
|
647024
|
Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture
|
-
|
2017-01-07
|
651443
|
Security: Histogram Type Confusion Crashes the Browser Process
|
-
|
2017-01-07
|
651714
|
Crash in v8::internal::wasm::WasmCompiledModule::mem_size
|
-
|
2017-01-07
|
651758
|
Bad-cast to v8::internal::LoadICNexus from v8::internal::LoadGlobalICNexus;v8::internal::LoadICNexus* v8::internal::IC::casted_nexus<v8::internal::LoadICNexus>;v8::internal::IC::ConfigureVectorState
|
-
|
2017-01-07
|
629006
|
Crash in base::PendingTask::PendingTask
|
-
|
2017-01-05
|
640571
|
Heap-use-after-free in WebsiteSettings::OnUIClosing
|
-
|
2017-01-05
|
646795
|
Heap-use-after-free in id
|
-
|
2017-01-05
|
648048
|
Heap-use-after-free in ui::AXNode::id
|
-
|
2017-01-05
|
650078
|
Crash in v8::internal::Invoke
|
-
|
2017-01-05
|
601538
|
Mark of the Web bypass in Chrome
|
-
|
2017-01-04
|
639702
|
Chrome for Android - Quickly entering and exiting fullscreen allows for URL Spoofing
|
$1000
|
2017-01-04
|
649659
|
Security: Heap-use-after-free in CFFL_InteractiveFormFiller::OnSetFocus
|
$3000
|
2017-01-04
|
650736
|
Use-of-uninitialized-value in v8::internal::Simulator::ConditionPassed
|
-
|
2017-01-04
|
649039
|
Security: ChromeOS Exploit persistence via symlink
|
-
|
2017-01-03
|
647919
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2017-01-03
|
649040
|
Security: ChromeOS 1 byte write overflow in c-ares
|
-
|
2017-01-03
|
649097
|
Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup
|
-
|
2017-01-03
|
649461
|
Use-of-uninitialized-value in v8::internal::JSArrayBuffer::SetupAllocatingData
|
-
|
2017-01-03
|
649810
|
Heap-buffer-overflow in blink::LazyLineBreakIterator::nextBreakablePositionIgnoringNBSP
|
-
|
2017-01-03
|
650404
|
Security: OOB read/write in V8 using TypedArrays+Crankshaft+Turbofan
|
-
|
2017-01-03
|
490015
|
Security: sendBeacon let's you send POST requests with arbitrary content type
|
-
|
2017-01-02
|