Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2017.json

Options
#Summary$$$Disclosure date
765512Security: METHOD_LOCALTIME browser->renderer infoleak$3,3372017-12-31
616671Security: PDFium: Yet Another Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline-2017-12-30
705778Android: Omnibox doesn't elide origins correctly-2017-12-30
760032Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2017-12-30
765301Crash in v8::internal::Invoke-2017-12-30
765495Security: heap-use-after-free ScriptProcessorHandler::FireProcessEvent$3,0002017-12-30
767052Crash in v8::internal::Invoke-2017-12-30
766957Security: UAF in CPWL_Edit::OnChar$5,0002017-12-30
767959Crash in v8::internal::Invoke-2017-12-30
730379Heap-buffer-overflow in displayP4-2017-12-29
656479Security: heap-buffer-overflow in pdfium-2017-12-28
766996CrOS: Vulnerability reported in net-nds/openldap-2017-12-28
750239Security: IDN spoofing with Combining Dot Above U+0307$5002017-12-27
761710Heap-use-after-free in v8::Shell::RealmCurrent-2017-12-27
762904CVE-2017-14156 CrOS: Vulnerability reported in Linux kernel-2017-12-27
765871CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #NUMBER in simplifi-2017-12-27
765921Security: UAF in CPWL_Caret::SetCaret$5,0002017-12-27
627300Security: ChromeVox on ChromeOS uses HTTP without SSL for some requests:$5002017-12-26
682707Security: DCHECK failure in MessagePort destructor in Blink-2017-12-26
764477Security: Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250-2017-12-25
765433Security: V8 JIT escape analysis bug$7,5002017-12-25
760445Stack-buffer-overflow in content::BlinkTestController::OnAllServiceWorkersCleared-2017-12-24
760455Security: Use-after-free in CPWL_Edit::OnKillFocus()$3,0002017-12-23
764320Heap-use-after-free in _ZN7logging22MakeCheckOpValueStringIPcEENSt3__19enable_ifIXaasr4base8internal23S-2017-12-23
765647Use-of-uninitialized-value in mojo::edk::Core::CreateDataPipe-2017-12-23
765384Security: UAF in CFFL_InteractiveFormFiller::OnBeforeKeyStroke$3,0002017-12-23
763842Security: WebRtc - Heap Buffer Overflow in cricket::Codec::Matches()$1,0002017-12-22
764177Security: PDFium Out-Of-Bounds Read in CJPX_Decoder::Decode$3,0002017-12-22
759354Heap-use-after-free in blink::PaintLayerScrollableArea::Box-2017-12-21
761615CVE-2017-14051 CrOS: Vulnerability reported in Linux kernel-2017-12-20
762487Security: Broadcom WiFi firmware vulnerabilities CVE-2017-11122 CVE-2017-11120-2017-12-20
762903CVE-2017-14140 CrOS: Vulnerability reported in Linux kernel-2017-12-20
763645CVE-2017-13715 CrOS: Vulnerability reported in Linux kernel-2017-12-20
763683DCHECK failure in !__isolate__->has_pending_exception() in runtime-proxy.cc-2017-12-20
763724Heap-use-after-free in SkImage::getTextureHandle-2017-12-20
764425CVE-2017-1000251: CrOS: Security: Blueborne vulnerabilities in bluetooth stacks-2017-12-20
761278Security DCHECK failure: !object || (object->IsARIARow()) in AXARIAGridRow.h-2017-12-19
761801Security: heap-use-after-free in WebAudio$3,0002017-12-19
762374Security: PDFium Heap Buffer Overflow Vulnerability in OpenJPEG$6,3372017-12-19
762439Security: Check brcmfmac to see whether bcmdhd vulnerabilities are present-2017-12-19
763383DCHECK failure in IsWasmExportedFunction(object) in wasm-objects.cc-2017-12-19
764073Unknown exception in RaiseException-2017-12-19
764196CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-12-19
762874Security: off by one in TurboFan range optimization for String.indexOf-2017-12-18
759355Use-of-uninitialized-value in blink::LayoutText::LocalSelectionRect-2017-12-17
756563Security: Out-Of-Bounds Read Vulnerability in Skia$1,0002017-12-16
759288CrOS: Vulnerability reported in net-vpn/strongswan-2017-12-16
762106PDFium TIFF Image Flate Decoder Code Execution Vulnerability$2,0002017-12-16
763097Security: One byte OOB write in DTLS-2017-12-15
761831DCHECK failure in !already_resolved_ in scopes.cc-2017-12-14
762472DCHECK failure in !isolate->has_pending_exception() in asm-js.cc-2017-12-14
762451CVE-2017-14106 CrOS: Vulnerability reported in Linux kernel-2017-12-14
761617Heap-use-after-free in blink::BaseAudioContext::IsDestinationInitialized-2017-12-13
761626Stack-buffer-overflow in FPDFText_GetText-2017-12-13
761639DCHECK failure in !receiver_map->IsJSGlobalObjectMap() in ic.cc-2017-12-13
761654CHECK failure: len->ToUint32(&int_l) in builtins-typedarray.cc-2017-12-13
749031CVE-2017-11472: CrOS: Vulnerability reported in Linux kernel-2017-12-09
749032CVE-2017-11473: CrOS: Vulnerability reported in Linux kernel-2017-12-09
749033CVE-2017-7542: CrOS: Vulnerability reported in Linux kernel-2017-12-09
759287CVE-2017-12762 CrOS: Vulnerability reported in Linux kernel-2017-12-09
761126Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::LayoutObject::ContainerForFixedPosition;blink::LayoutObject::Container-2017-12-09
761376Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::ReplaceSelectionCommand::DoApply;blink::CompositeEditCommand::Apply-2017-12-09
761354CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in objects-inl-2017-12-09
611420WebAccessibleResources take too long to make a decision about loading if the extension is installed-2017-12-08
745580Security: Chrome extensions UI does not respect IDN display policy-2017-12-08
759224Security: Memory Corruption in Chrome-2017-12-08
759111Security: Rendertron bugs-2017-12-07
760116DCHECK failure in scope_data->get(index_++) == static_cast<uint32_t>(name->length()) in preparsed--2017-12-07
760112Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'-2017-12-07
760793Use-of-uninitialized-value in InstantController::ResetInstantTab-2017-12-07
740278Unused attributes may be read out-of-bounds by drivers-2017-12-06
749228Security: buffer overrun in ReplaceSubstringsAfterOffset-2017-12-06
752003Security: URL spoofing via crafted flash file and UI overlay$1,0002017-12-06
754424Use-of-uninitialized-value in Document::MergePartialFromCodedStream-2017-12-06
756316Heap-use-after-free in extensions::ExtensionMessageBubbleController::UpdateExtensionIdList-2017-12-06
755854afl_webcrypto_rsa_import_key_pkcs8_fuzzer <no crash state available>-2017-12-06
759294Heap-buffer-overflow in media::mp4::TrackRunIterator::IsSampleEncrypted-2017-12-06
760035Global-buffer-overflow in media::VideoDecodeStatsReporter::UpdateFrameRateStability-2017-12-06
760049Bad-cast to const media::mp4::VideoSampleEntry from invalid vptr;media::mp4::TrackRunIterator::Init;media::mp4::MP4StreamParser::ParseMoof-2017-12-06
760268DCHECK failure in __isolate__->has_scheduled_exception() in runtime-proxy.cc-2017-12-06
598265Security: Bypassing web_accessible_resources protections$5002017-12-05
752423[wasm] OOB access in v8 wasm after Symbol.toPrimitive overwrite$3,0002017-12-05
756289Use-of-uninitialized-value in fclamp-2017-12-05
757705Security: heap-use-after-free(ProbeForLowSeverityLifetimeIssue) in PDFium-2017-12-05
759624V8 type confusion in Web Assembly [$7,5002017-12-05
760056Heap-use-after-free in TetrahedralInterpFloat-2017-12-05
271996SOP not observed for local storage for file: URLs-2017-12-05
757199DCHECK failure in result->owns_descriptors() in objects.cc-2017-12-04
743135Crash in TetrahedralInterpFloat-2017-12-02
752725Heap-buffer-overflow in TetrahedralInterpFloat - pdf_codec_icc_fuzzer-2017-12-02
756523Use-of-uninitialized-value in content::mojom::URLLoaderFactoryStubDispatch::Accept-2017-12-02
757412Bad-cast to content::ResourceMessageFilter from invalid vptr;content::ResourceMessageFilter::CreateLoaderAndStart;content::mojom::URLLoaderFactoryStubDispatch::Accept-2017-12-02
758283Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}'-2017-12-02
758472DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod-2017-12-02
749851Bad-cast to media::WebMediaPlayerImpl from content::WebMediaPlayerMS;content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl;content::RendererBlinkPlatformImpl::CreateHTMLVideoElementCapturer-2017-12-01
755007conent_shell: Heap-use-after-free in net::NetLog::AddEntry-2017-12-01
757217DCHECK failure in !it.done() in module-compiler.cc-2017-11-30
757506UAF in in CPWL_ListCtrl::~CPWL_ListCtrl()-2017-11-30
758096CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #5 in simplified-lo-2017-11-30
755044DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h-2017-11-29
755056Security: It is currently possible to sideload non Play Store apks on a Chromebook in Verified Boot (non-Dev) mode via adb.$5002017-11-29
756522Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-11-29
747847Security: CSP not inherited after navigation to JavaScript scheme uri$1,0002017-11-28
754145Security: Access to freed stack memory in blink::PerformanceMonitor::Did()$5002017-11-28
756733Security: Out of bounds at FindSharedFunctionInfo in v8$3,0002017-11-28
757227CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-11-28
757157Crash in v8::internal::Invoke-2017-11-26
752544Heap-use-after-free in blink::PaintLayerScrollableArea::Box-2017-11-25
754205CrOS: CVE-2017-7533: Vulnerability reported in Linux kernel-2017-11-25
753722Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed-2017-11-25
756332DCHECK failure in !node->is_rewritten() in pattern-rewriter.cc-2017-11-25
756608ProxyHasProperty stub crashes when trap is a Smi$3,5002017-11-25
756959Use-of-uninitialized-value in profiling::MemlogClient::~MemlogClient-2017-11-25
756963DCHECK failure in kMaxUInt32 != index_ in lookup.h-2017-11-25
755501Heap-use-after-free in media::PipelineIntegrationTestBase::CheckFirstAudioPacketTimestamp-2017-11-24
734729Compromised renderer can draw form validation bubbles over omnibox-2017-11-23
752796Unknown exception in KERNELBASE.dll after CPDF_Parser::ParseAndAppendCrossRefSubsectionData-2017-11-23
732751Security: Referer leakage in chrome debug protocol-2017-11-22
751147Heap-use-after-free in blink::InlineFlowBox::RemoveChild-2017-11-22
527499Security: SAN-01-001 Angular ngSanitize using Unicode Whitespace & innerHTML in Blink-2017-11-21
740367Use-after-poison in blink::EventListenerIterator::NextListener-2017-11-21
746909CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h-2017-11-21
749397Heap-buffer-overflow in xmlSAX2AttributeNs-2017-11-20
750430Heap-buffer-overflow in xmlStrndup-2017-11-20
752476Heap-buffer-overflow in GetAt-2017-11-19
675658Security: Malicious WebGL page can capture and upload contents of other tabs$2,0002017-11-18
746517alert() titles from apps leak to webpages in the same process$5002017-11-18
750066Security DCHECK failure: i < length_ in StringImpl.h-2017-11-18
751193Security DCHECK failure: offset + length <= text.TextLength() in TextRunConstructor.cpp-2017-11-18
752480Heap-buffer-overflow in CFX_WideString::GetAt-2017-11-18
754231Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-18
754560Heap-use-after-free in v8_inspector::InjectedScript::ProtocolPromiseHandler::cleanup-2017-11-18
701724Heap-buffer-overflow in v8::internal::Simulator::DecodeType2-2017-11-17
751789DCHECK failure in !is_async_function() in parser-base.h-2017-11-17
752494Use-after-poison in blink::EventListenerMap::Add-2017-11-17
753293Bad-cast to blink::EventListenerblink::EventTarget::TraceWrappers;blink::TraceTrait<blink::AccessibleNode>::TraceMarkedWrapper;blink::ScriptWrappableVisitor::AdvanceTracing-2017-11-17
753718Bad-cast to blink::ScriptWrappableblink::DOMDataStore::SetReturnValueFast;blink::V8Window::namedPropertyGetterCustom;blink::V8Window::namedPropertyGetterCallback-2017-11-17
754209DCHECK failure in InOldSpace(object) || InNewSpace(object) in heap.cc-2017-11-17
754518<no crash state available>-2017-11-17
724880Heap-buffer-overflow in gfx::internal::TextRunHarfBuzz::GetClusterAt-2017-11-16
752478Use-of-uninitialized-value in check_edge_against_rect-2017-11-16
752537Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-16
752715Heap-use-after-free in blink::LayoutSelection::ClearSelection-2017-11-16
752764DCHECK failure in size <= SeqOneByteString::kMaxSize in heap.cc-2017-11-16
752941Heap-buffer-overflow in blink::TextIteratorTextState::AppendTextTo-2017-11-16
752832Heap-buffer-overflow in GrTextUtils::DrawDFPosText-2017-11-16
753616CHECK failure: Unexpected operator #59:(null) @ node #NUMBER in instruction-selector.cc-2017-11-16
753813Use-of-uninitialized-value in SkMatrix::computeTypeMask-2017-11-16
753896DCHECK failure in var->mode() == VAR in scopes.cc-2017-11-16
754088CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug-2017-11-16
697481Use-of-uninitialized-value in FPDFAPI_inflate-2017-11-15
735448CHECK failure: Code::WASM_TO_JS_FUNCTION == code->kind() in wasm-interpreter.cc-2017-11-15
748472Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-15
749853Use-after-poison in blink::EventListenerIterator::NextListener-2017-11-15
750009Heap-buffer-overflow in mov_read_trun-2017-11-14
752149Security: Arbitrary bad cast in optimized Javascript code$7,5002017-11-14
752481CHECK failure: args[1]->IsJSReceiver() in runtime-object.cc-2017-11-14
752491Use-of-uninitialized-value in DES_set_key-2017-11-14
752712Crash in v8::internal::Invoke-2017-11-14
752829Security: PDFium calls PartitionFree() on heap memory returned by opj_calloc()$3,5002017-11-14
752833Heap-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase-2017-11-14
752846CHECK failure: args[2]->IsJSReceiver() in runtime-proxy.cc-2017-11-14
766276Security: persistence with cryptohomed stateful recovery-2017-11-13
766275Security: chronos to root with crash reporter and /tmp symlink-2017-11-13
766271Security: crosh to chronos with awk injection-2017-11-13
766262Security: privesc to war-extensions with PageState-2017-11-13
766260Security: WebAsm OOB ArrayBuffer-2017-11-13
766253Chrome OS exploit: WebAsm, Site Isolation, crosh, crash reporter, cryptohomed$100,0002017-11-13
752492Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-12
709464Detecting the presence of extensions through timing attacks (including Incognito)-2017-11-11
750993Security: heap-use-after-free in PDFium$3,0002017-11-11
752177Security: `String` not isolated from global in ReadableStream.js, allowing out-of-order JavaScript execution$1,0002017-11-11
752483CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc-2017-11-11
752496Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-11
777737Security: Google Chrome renders text file as HTML under file:// protocol-2017-11-10
741244Heap-buffer-overflow in media::BitReaderCore::Refill-2017-11-10
751062CVE-2017-7541: CrOS: Vulnerability reported in Linux kernel-2017-11-10
751672CHECK failure: deopt_data->get(1)->ToInt32(&index) in wasm-interpreter.cc-2017-11-10
751109CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc-2017-11-09
751403Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751463Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751404Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
751572Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow-2017-11-09
749260Crash in _sk_gather_bgra_avx-2017-11-08
749389Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint-2017-11-08
749472Crash in GrAtlasTextBlob::Run::SubRunInfo::maskFormat-2017-11-08
749470Crash in _sk_gather_bgra_avx-2017-11-08
749895Stack-buffer-overflow in add_aa_span-2017-11-08
750016Heap-use-after-free in blink::LayoutTableSection::RowHasVisibilityCollapse-2017-11-08
750070Use-of-uninitialized-value in SkTHashTable<SkGlyph, SkPackedGlyphID, SkGlyph::HashTraits>::Slot::empty-2017-11-08
750072Use-of-uninitialized-value in SkPackedID::operator==-2017-11-08
750071Use-of-uninitialized-value in tt_glyph_load-2017-11-08
750416Stack-use-after-return in saturated_add-2017-11-08
750438Stack-buffer-overflow in add_aa_span-2017-11-08
751055Stack-use-after-return in MaskSuperBlitter::blitH-2017-11-08
751358CHECK failure: heap()->InToSpace(object) in mark-compact.cc-2017-11-08
751278Crash in v8::internal::VerifyPointersVisitor::VisitPointers-2017-11-08
714401Security: NtQueryValueKey may not return null-terminated string-2017-11-07
748362Security: Heap-use-after-free in ViewCacheHelper-2017-11-07
750420Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath-2017-11-07
750435Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::EndNode<>;blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm-2017-11-05
750440Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::V8PerContextData::CreateWrapperFromCacheSlowCase;blink::V8PerContextData::CreateWrapperFromCache-2017-11-05
734278Null-dereference READ in gpu_angle_passthrough_fuzzer-2017-11-04
743082CHECK failure: args[0]->IsJSPromise() in runtime-promise.cc-2017-11-04
731138Heap-double-free in celt_header-2017-11-03
739621Security: Address bar spoof (repro Issue 648117)$5002017-11-03
742380Heap-double-free in ogg_read_close-2017-11-03
748942Use-of-uninitialized-value in cc::PaintOpReader::Read-2017-11-03
749703Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock-2017-11-03
749898Crash in blink::ImageData::CropRect-2017-11-03
748069Crash in Append-2017-11-02
748539CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d-2017-11-02
748695Security: overly permissive policy for dbus services owned by chrome process-2017-11-02
748856Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock-2017-11-02
696729Incorrect-function-pointer-type in _hb_blob_destroy_user_data-2017-11-01
734559Security: ChromeOS PPD Import Check Buffer Overflow$1,0002017-11-01
739677Security DCHECK failure: i < length_ in StringImpl.h-2017-11-01
740591Function expressions in initializers of for-of/in loops are incorrectly scoped-2017-11-01
745130Use-of-uninitialized-value in update_current_folder_get_info_cb-2017-11-01
748426CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc-2017-11-01
748464Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748465Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748466Heap-use-after-free in ui::AXPlatformNodeWin::Destroy-2017-11-01
748469Use-of-uninitialized-value in cc::LayerTreeHostImpl::SetContentHasNonAAPaint-2017-11-01
735912Security: Use-after-free in CPDFSDK_PageView::DeleteAnnot (XFA)$3,0002017-10-31
747979DCHECK failure in !IsInplaceGeneralizableField(details.constness(), details.representation(), desc-2017-10-31
747995Security: WebAssembly signature map is racy-2017-10-31
539018the risk of the "auto-download" feature on Google Chrome-2017-10-30
746835Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback-2017-10-30
746946Security: Chrome Type Confusion leads to Code Execution-2017-10-30
747374CHECK failure: #38:JSStackCheck should be followed by IfSuccess/IfException, but is only follow-2017-10-30
724785CrOS: CVE-2017-0627 - Vulnerability reported in Linux kernel - UVC driver-2017-10-28
730446Heap-buffer-overflow in sbr_x_gen-2017-10-28
739147Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset-2017-10-28
746769Use-after-poison in blink::CSSPropertyAnimationUtils::ConsumeAnimationShorthand-2017-10-28
747188CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc-2017-10-28
737023Security: Use-after-free in ResetPDFWindow();$5,0002017-10-27
744584Fatal error in ../../v8/src/compiler/representation-change.cc, line 1055$3,0002017-10-27
747154CHECK failure: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow-2017-10-27
747359DCHECK failure in pending_layout_change_object_ == nullptr || pending_layout_change_object_ == obj-2017-10-27
719835Heap-use-after-free in blink::VisualRectForDisplayItem$2,5002017-10-26
737384Incorrect-function-pointer-type in getManagedStaticMutex-2017-10-26
742659Use-of-uninitialized-value in v8::internal::WasmSharedModuleData::is_asm_js-2017-10-26
743614CrOS: CVE-2017-11176: Vulnerability reported in Linux kernel-2017-10-26
746073Container-overflow in CFX_SAXReaderHandler::OnTagEnter-2017-10-26
746223Unknown exception in RaiseException-2017-10-26
674577extensions: match_patterns not matching FQDN with trailing dot-2017-10-25
740022Crash in _sk_byte_tables_avx-2017-10-25
745844CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat-2017-10-25
740784CHECK failure: dependent_code()->IsEmpty(DependentCode::kPrototypeCheckGroup) in objects-debug.-2017-10-24
743106Global-buffer-overflow in SkImageInfo::unflatten-2017-10-24
743622DCHECK failure in HasLength() in shared-function-info-inl.h-2017-10-24
744292DCHECK failure in __isolate__->has_pending_exception() in runtime-module.cc-2017-10-24
744700Crash in Relaxed_Load-2017-10-24
743301CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i-2017-10-23
723158CHECK failure: IrOpcode::kFrameState == state->op()->opcode() in instruction-selector.cc-2017-10-22
740166Crash in __crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_ou$3,5002017-10-22
740426Heap-buffer-overflow in gl::Texture::getWidth-2017-10-22
740776Security: BroadPwn bug on Broadcom WiFi chipsets (CVE-2017-9417)-2017-10-22
740603Security: heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels$5,0002017-10-22
741750[wasm] Signature confusion in function table import/export/init-2017-10-22
742346DCHECK failure in target->constructor_or_backpointer() == map in mark-compact.cc-2017-10-22
742381DCHECK failure in maybe_transition->elements_kind() != transition_elements_kind in objects.cc-2017-10-22
742967CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel-2017-10-22
735279Crash in avx::memset32-2017-10-19
738763CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat-2017-10-19
740803Security: Use After Free in v8$3,0002017-10-19
741604Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp;call_init;call_init-2017-10-19
481202Security: BoringSSL ecdsa_sign_setup timing leak in the inversion of k-2017-10-19
736633Use-after-poison in v8::internal::compiler::InstructionSelector::EmitTableSwitch-2017-10-18
740710Security: service_manager{client_process} Capability Not Properly Enforced-2017-10-18
741078CHECK failure: map->IsMap() in spaces.cc-2017-10-18
724093Security: Multiple flaws relating to stack/heap clash attacks-2017-10-17
735419Multiple Security vulnerabilities in OpenVPN-2017-10-17
736133Heap-use-after-free in CFX_FaceCache::~CFX_FaceCache-2017-10-17
738228Matrix attributes are not bounds-checked-2017-10-17
740325CHECK failure: is_api_object in objects.cc-2017-10-17
736195Heap-buffer-overflow in SkiaState::ClipRestore-2017-10-16
736574Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading-2017-10-16
740199CHECK failure: Smi::IsValid(value) in objects.h-2017-10-16
740509CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed(INCLUDE_DEFERRE-2017-10-16
736907Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline-2017-10-14
734245Crash in void LoadImageRow<-2017-10-13
734328CrOS: CVE-2017-0651: Vulnerability reported in Linux kernel-2017-10-13
736357Security: Credential Manager API origin confusion-2017-10-13
737932CrOS: CVE-2017-1000364: Vulnerability reported in Linux kernel-2017-10-13
738652Heap-use-after-free in cc::Display::~Display-2017-10-13
738596Heap-use-after-free in blink::Text::TextLayoutObjectIsNeeded-2017-10-13
738952Null-dereference READ in MemoryRead<unsigned-2017-10-13
739186Crash in MemoryRead<unsigned-2017-10-13
739190Security: use-of-uninitialized-value in SkPathMeasure::distanceToSegment$1,0002017-10-13
737315Effective TLD wildcarding for ExtensionSettings not working-2017-10-12
738682Use-of-uninitialized-value in SkShaderBase::Context::Context-2017-10-12
738746Use-of-uninitialized-value in SkMatrix::postConcat-2017-10-10
735884CrOS: CVE-2017-1000380: Vulnerability reported in Linux kernel-2017-10-08
737530CrOS: CVE-2017-1000365: Vulnerability reported in Linux kernel-2017-10-08
737534CrOS: CVE-2017-9605: Vulnerability reported in Linux kernel-2017-10-08
737889Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed-2017-10-08
738703Wild-access in blink::Text::TextLayoutObjectIsNeeded-2017-10-08
737877Crash in v8::internal::Invoke-2017-10-07
772194Heap-use-after-free in base::internal::WeakReference::is_valid-2017-10-06
732407Incorrect-function-pointer-type in hb_font_destroy-2017-10-06
733940Security: Form field validation bubbles can appear after navigating to another origin$5002017-10-06
736639Unknown-crash in es2::VertexDataManager::writeAttributeData-2017-10-05
736943Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::DispatchTraceWrappers;blink::TraceTrait<blink::Modulator>::TraceMarkedWrapper-2017-10-05
737069Security: Heap-buffer-overflow in v8::wasm$1,0002017-10-05
737529Heap-buffer-overflow in chrome_pdf::PDFiumEngine::OnMouseUp-2017-10-05
669751Security: Potential integer overflow in memory allocation expression in TerminatedArray-2017-10-04
725975Heap-buffer-overflow in copyFTBitmap-2017-10-04
737100Heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState-2017-10-04
737104CHECK failure: entry.code_offset >= 0 in source-position-table.cc-2017-10-04
722847Crash in gldMergeScanlines2x2-2017-10-03
736567CHECK failure: MachineRepresentation::kNone == input_info->representation() in simplified-lower-2017-10-03
736588Heap-buffer-overflow in SkiaState::AdjustClip-2017-10-03
736621CHECK failure: is_neuterable() in objects.cc-2017-10-03
736624Bad-cast to gl::Surface from egl::PBufferSurface;es2::Context::makeCurrent;egl::MakeCurrent-2017-10-03
731669Security: bypassing CORS by XHR + MemoryCache + ServiceWorker (Ver 2)-2017-10-02
732779CSP script-sample and report-uri together with Embedded Enforcement is harmful$5002017-10-02
736233Heap-use-after-free in (unknown)-2017-10-01
704132CHECK failure: size_ <= capacity_ in identity-map.cc-2017-09-30
728654CHECK failure: backing_store_[index++] == static_cast<uint32_t>(name->length()) in preparsed-sc-2017-09-30
733548Chrome broker PP_Instance overwrite in IPC handler OnMsgDidCreateInProcessInstance-2017-09-30
733549Chrome sandbox escape due to use of invalid PP_Instance in IPC handler OnMsgDidDeleteInProcessInstance$5,0002017-09-30
734016CrOS: Vulnerability reported in net-fs/samba-2017-09-29
735718Use-of-uninitialized-value in webrtc::FuzzAudioProcessing-2017-09-29
422987Security: AppCache FALLBACK should be limited to sub-paths of manifest directory-2017-09-28
718676Security: Potential HTTPS downgrade attacks by abusing WWW mismatch redirect-2017-09-28
726072Enlarge stack guard gap in Linux kernel-2017-09-28
734109Heap-buffer-overflow in (unknown)-2017-09-28
735771Heap-use-after-free in v8::internal::WasmSharedModuleData::is_asm_js-2017-09-28
728992Heap-use-after-free in CFX_UnownedPtr<CPDF_ShadingPattern>::ProbeForLowSeverityLifetimeIssue-2017-09-27
732200Heap-use-after-free in blink::LayoutText::SetText-2017-09-27
733146Bad-cast to blink::LayoutObject from invalid vptr;blink::LayoutText::SetText;blink::LayoutTextFragment::SetTextFragment-2017-09-27
733254Heap-buffer-overflow in indexed_db::mojom::DatabaseStubDispatch::Accept-2017-09-27
734108CHECK failure: !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h-2017-09-27
734348Heap-use-after-free in blink::LayoutQuote::DetachQuote-2017-09-27
550017Security: Modal dialogs overlaying Fullscreen permission dialog$3,0002017-09-26
733467Use-after-poison in blink::HTMLSlotElement::LazyReattachDistributedNodesIfNeeded-2017-09-26
734344Use-of-uninitialized-value in base::Pickle::WriteData-2017-09-26
729597Null-dereference READ in heap-2017-09-25
729105Security: Mac-only URL bar spoofing via HTTPS error interstitial?$5002017-09-24
722261Security: RSA key generation weakness in certain TPM models-2017-09-23
732597Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-09-23
733245Crash in InvalidParameter - util::printd calling wcsftime-2017-09-23
733283Bad-cast to blink::ResourceFinishObserver from invalid vptr;blink::NotifyFinishObservers;base::internal::Invoker<base::internal::BindState<void-2017-09-23
733507Use-after-poison in base::internal::FunctorTraits<void-2017-09-23
733829Crash in blink::FontCache::CrashWithFontInfo-2017-09-23
727077Security DCHECK failure in value.IsIdentifierValue() in CSSIdentifierValue.h-2017-09-22
732039Security: Use-after-free in CPDFSDK_WidgetHandler::OnLoad$3,0002017-09-22
732051Security: UAF in CFFL_FormFiller::GetPDFWindow()$3,0002017-09-22
732322Use-after-free in CFFL_InteractiveFormFiller::OnFormat$3,0002017-09-22
733218Bad-cast to blink::HTMLElement from blink::SVGSVGElement;blink::FocusController::NextFocusableElementInForm;blink::InputMethodController::TextInputFlags-2017-09-22
616670Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline-2017-09-21
731629Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-21
731351Crash in v8::internal::Invoke-2017-09-21
732533Global-buffer-overflow in GuessSizeForVSWPrintf-2017-09-21
733059CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea-2017-09-21
733118CHECK failure: 0 != hash_ in hash-table.h-2017-09-21
733163Heap-use-after-free in v8::internal::wasm::AsyncCompileJob::DecodeModule::Run-2017-09-21
733282Crash in blink::FocusController::NextFocusableElementInForm-2017-09-21
733491Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine-2017-09-21
729041Heap-use-after-free in CPWL_Wnd::Destroy-2017-09-20
729957Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-09-20
732409Use-after-poison in void blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<blink::LocalFrameV-2017-09-20
730171Security: Crash in WTF::ArrayBufferContents::FreeMemory()-2017-09-19
732031CrOS: Vulnerability reported in net-fs/samba-2017-09-19
732169Ill in v8::internal::TranslatedState::MaterializeCapturedObjectAt-2017-09-19
729298Use-of-uninitialized-value in blink::StringResourceBase::~StringResourceBase-2017-09-18
728984CrOS: CVE-2017-9074: Vulnerability reported in Linux kernel-2017-09-16
729383Heap-use-after-free in blink::PaintController::CommitNewDisplayItems-2017-09-16
729979Near homograph URL Spoofing with Arabic$1,0002017-09-16
731495CHECK failure: args[0]->IsString() in runtime-strings.cc-2017-09-16
728559CrOS: CVE-2017-9077: Vulnerability reported in Linux kernel-2017-09-15
728560CrOS: CVE-2017-9242: Vulnerability reported in Linux kernel-2017-09-15
728986CrOS: CVE-2017-9076: Vulnerability reported in Linux kernel-2017-09-15
728985CrOS: CVE-2017-9075: Vulnerability reported in Linux kernel-2017-09-15
730297Security DCHECK failure in !root_parent->IsSVGElement() || !ToSVGElement(root_parent) ->elements_with_relat-2017-09-15
731105Crash in sw::Renderer::taskLoop (SwiftShader)-2017-09-15
677933Security: Symlinks allow arbitrary file access to chronos-accessible file system locations via file://-2017-09-14
728887Security: IndexedDB OpenCursor UaF$10,0002017-09-14
729147CHECK failure: (materialized) != nullptr in bytecode-register-optimizer.cc-2017-09-14
729991Security: Information Disclosure Issue in v8::wasm$4,0002017-09-14
730429Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::MachineOperatorGlobalCache::LoadAnyTaggedOperator;OpParameter<v8::internal::compiler::FrameStateInfo>;OpParameter<v8::internal::compiler::FrameStateInfo>-2017-09-14
730253CHECK failure: 1 == OperatorProperties::GetFrameStateInputCount(node->op()) in node-properties.-2017-09-14
730854Use-of-uninitialized-value in v8::internal::compiler::StateValuesAccess::size-2017-09-14
722126Security: Chrome ᴏꜱ buffer overflow in mount.exfat-fuse after a call to malloc(0)$3,0002017-09-13
728094CrOS: Vulnerability reported in sys-libs/zlib-2017-09-13
728983Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-13
728756CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea-2017-09-13
728987CrOS: Vulnerability reported in sys-libs/zlib-2017-09-13
728998Use-of-uninitialized-value in libnss3.so-2017-09-13
729302Use-of-uninitialized-value in libglib-2.0.so.0-2017-09-13
696806Security: Allowed to set AppCache-manifest under CSP: Sandbox / Fallback on full origin$2,0002017-09-12
724608CHECK failure: !map->is_deprecated() in compilation-dependencies.cc-2017-09-12
727008CrOS: (CVE-2017-9150) Vulnerability reported in Linux kernel-2017-09-12
728185Security: Unknown memory corruption in HTML rendering.$5002017-09-12
728718Heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2017-09-09
716262Security: Out of Bounds write in NSS (used on ChromeOS)-2017-09-08
723796Security: data-uris can be loaded on the top frame using a (failed) server redirect followed and a history back()$5002017-09-08
724972CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSArrayBuffer()) in object-2017-09-08
725032Security: Use-after-free in IndexedDB Transactions$10,5002017-09-08
725743CHECK failure: interrupt_address == isolate->builtins()->InterruptCheck()->entry() in full-code-2017-09-08
726716Heap-use-after-free in blink::LayoutText::SetText-2017-09-08
728158Bad-cast to CXFA_Object from CXFA_FM2JSContext;CXFA_ScriptContext::ToObject;CXFA_FM2JSContext::GetObjectDefaultValue-2017-09-08
728669Heap-use-after-free in CFX_UnownedPtr<CCodec_GifModule::Delegate>::ProbeForLowSeverityLifetimeIssue-2017-09-08
724973CHECK failure: is_valid in conversions-inl.h-2017-09-07
727048Heap-use-after-free in CPWL_ScrollBar::~CPWL_ScrollBar-2017-09-07
727972Use-of-uninitialized-value in libglib-2.0.so.0-2017-09-07
727999Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary-2017-09-07
728323Heap-use-after-free in CFX_UnownedPtr<CCodec_BmpModule::Delegate>::ProbeForLowSeverityLifetimeIssue-2017-09-07
708237Security: ExternalInterface.addCallback works across isolated worlds-2017-09-06
725660[IDN Phishing] Use the "xn--fgb" character to hide the real URL: Block U+0620 on Mac only.$2,0002017-09-06
726067Compromised renderer can upload arbitrary files-2017-09-06
726755Heap-use-after-free in CFX_BitmapComposer::~CFX_BitmapComposer-2017-09-06
726887Heap-use-after-free in CFX_UnownedPtr<CCodec_TiffContext>::Probe-2017-09-06
727218CHECK failure: is_resolved() in ast.h-2017-09-06
727245Stack-use-after-return in CCodec_Jbig2Context::~CCodec_Jbig2Context-2017-09-06
724884Heap-use-after-free in v8::Shell::CreateRealm-2017-09-05
725226Crash in v8::internal::Invoke-2017-09-05
725865CHECK failure: (index >= 0) && (index < this->length()) in objects-inl.h-2017-09-05
727090Crash in v8::internal::Stats_Runtime_AllocateInNewSpace-2017-09-05
725884Use-of-uninitialized-value in ui::XVisualManager::XVisualManager-2017-09-03
726710Heap-use-after-free in blink::NodeListsNodeData::AddCache<blink::DocumentNameCollection>-2017-09-03
726989Heap-use-after-free in ??$insert@U?$HashMapTranslator@U?$HashMapValueTraits@U?$HashTraits@U?$pair@EPAVS-2017-09-03
681740Security: URL Spoofing (with HTTPS lock) by focusing the omnibox while changing the location hash and calling a modal dialog$1,0002017-09-02
725537CHECK failure: map()->is_callable() in objects-debug.cc-2017-09-02
726220Use-after-poison in blink::SVGImage::ServiceAnimations-2017-09-02
726253Heap-use-after-free in IsEmpty-2017-09-02
726299CrOS: Vulnerability reported in media-libs/tiff-2017-09-02
726503Heap-use-after-free in CPDF_Parser::SetEncryptHandler-2017-09-02
726622CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i-2017-09-02
726636Crash in v8::internal::Simulator::DecodeType2-2017-09-02
726653Stack-use-after-return in CJBig2_Context::~CJBig2_Context-2017-09-02
726728Heap-use-after-free in CPDF_ShadingPattern::~CPDF_ShadingPattern-2017-09-02
726732Heap-use-after-free in Probe-2017-09-02
726891Heap-use-after-free in CFX_UnownedPtr<CPDF_ColorSpace>::Probe-2017-09-02
726833Heap-use-after-free in CFX_UnownedPtr<CJBig2_ArithDecoder>::Probe-2017-09-02
720311CHECK failure: isolate_status.count(args.GetIsolate()) == 1 in d8.cc-2017-09-01
724606CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length()-2017-09-01
724640Heap-use-after-free in Probe-2017-09-01
725017CrOS: CVE-2017-8924 - Vulnerability reported in Linux kernel - usb edge_bulk_in_callback-2017-09-01
725018CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open-2017-09-01
725201CHECK failure: fixed_array->IsDictionary() in objects-inl.h-2017-09-01
725929Use-of-uninitialized-value in std::__1::pair<WTF::KeyValuePair<std::__1::pair<unsigned char, WTF::StringImpl*>-2017-09-01
726080NTLM implementation can have security downgraded by bad server-2017-09-01
726276Heap-use-after-free in blink::LayoutText::SetText-2017-09-01
724460Heap-use-after-free in CPDF_ImageCacheEntry::~CPDF_ImageCacheEntry-2017-08-31
725974Heap-use-after-free in blink::LayoutText::SetText-2017-08-31
592686Wrong tab goes fullscreen-2017-08-30
716995CrOS: Vulnerability reported in media-libs/freetype-2017-08-30
722130Heap-buffer-overflow in __printf_chk-2017-08-30
722639IDN URL Spoofing with TIFINAGH LETTER YAN$1,0002017-08-30
724768CrOS: CVE-2017-0605 - Vulnerability reported in Linux kernel - kernel trace subsystem-2017-08-30
724788CrOS: CVE-2017-0630 - Vulnerability reported in Linux kernel - trace subsystem-2017-08-30
656417Security: Omnibox scrolls RTL domains off-screen (spoofing)$1,0002017-08-29
721731CrOS: Vulnerability reported in Linux kernel-2017-08-29
723582CrOS: Vulnerability reported in media-libs/tiff-2017-08-29
724829<no crash state available>-2017-08-29
724893Heap-use-after-free in CFX_UnownedPtr<IJS_EventContext>::~CFX_UnownedPtr-2017-08-29
724892Heap-use-after-free in CFX_UnownedPtr<CXFA_PDFFontMgr>::~CFX_UnownedPtr-2017-08-29
724960Container-overflow in CFX_UnownedPtr<unsigned char const>::Probe-2017-08-29
724637Bus in CGifLZWDecoder::AddCode-2017-08-28
697394CrOS: Vulnerability reported in media-libs/libpng-2017-08-26
697890Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-26
702030Security: chronos user local file read (ImageBurner)-2017-08-26
716803Use of an invalid mutex in pthread_mutex_unlock-2017-08-26
723625Use-of-uninitialized-value in CPDF_CMap::GetNextChar-2017-08-26
724405Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe-2017-08-26
724500Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe-2017-08-26
722756Type Confusion In Chrome Lead to RCE$7,5002017-08-25
723802Ill in v8::internal::compiler::Verifier::Visitor::Check-2017-08-25
723644Heap-use-after-free in ~CFX_UnownedPtr-2017-08-25
724021CrOS: Vulnerability reported in Linux kernel-2017-08-25
618021Use-of-uninitialized-value in u_strToUTF8WithSub_56-2017-08-24
654173Security: PDFium (XFA) Heap Buffer Overflow in CGifLZWDecoder::AddCode-2017-08-24
722124Use-of-uninitialized-value in u_strToUTF8WithSub_59-2017-08-24
722785CrOS: Vulnerability reported in Linux kernel-2017-08-24
723503Security: Mismatched Origin Display in WebUSB and WebBluetooth Permissions Dialogs$5002017-08-24
724022CrOS: Vulnerability reported in dev-libs/openssl-2017-08-24
722071Heap-buffer-overflow in PackBitsDecode-2017-08-23
710400Permission Prompt not correctly dismissed on top window navigation-2017-08-22
721579Security: FLAG_SECURE not used on Android for credit cards pre-fills-2017-08-22
721988Security: Heap-use-after-free in payments::`anonymous namespace'::SheetView::RequestFocus$5002017-08-22
722115Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-22
711505Security: Attacker Can Control Cookies in Chrome-2017-08-21
722027CrOS: Vulnerability reported in Linux kernel-2017-08-21
722026CrOS: Vulnerability reported in Linux kernel-2017-08-21
721925Security: Linux kernel CVE-2017-7895-2017-08-20
698693Use-of-uninitialized-value in base::internal::JSONParser-2017-08-19
719199Security: disallow "Canadian Syllabics" unicode block from IDN domains$1,0002017-08-19
721789<no crash state available>-2017-08-19
658599Heap-use-after-free in blink::HTMLMediaElement::startPlayerLoad-2017-08-18
695830Security: release assert trigger in pdfium-2017-08-18
716510Use-after-poison in void blink::FrameView::forAllNonThrottledFrameViews<blink::FrameView::updateLife-2017-08-18
718946URL Spoofing when access to initial document is not reported to browser process-2017-08-18
721624Use-of-uninitialized-value in run_analysis-2017-08-18
663991Security: sdcardfs stack overflow potentially leading to kernel code execution-2017-08-17
711772Subframe navigations can be used to add domains to history-2017-08-17
714849Security: Field validation bubbles can appear over the wrong tab with using print()-2017-08-17
718526Security: depthcharge write_sparse_image potential oob reads-2017-08-17
720351Use-of-uninitialized-value in gif_decode_extension-2017-08-17
698082Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-08-16
714196Security: Domain spoofing thanks to U+0F8C rendered as 'space' on Mac$2,0002017-08-16
718498Bad-cast to CXFA_ContainerLayoutItem from CXFA_FFSubForm;CXFA_LayoutPageMgr::MergePageSetContents;CXFA_LayoutPageMgr::SyncLayoutData-2017-08-16
719291Stack-buffer-overflow in sw::Nucleus::createConstantVector-2017-08-16
719720Stack-buffer-overflow in libGLESv2_swiftshader-2017-08-16
714440Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor-2017-08-15
717476Security: Chrome PaymentRequestAPI Payment-Origin Spoof-2017-08-15
677817Security: crosh shell sandbox escape-2017-08-12
709327Security: Crash in blink::ThreadHeap::isHeapObjectAlive-2017-08-12
708819Security: Heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing$5002017-08-12
714580Crash in v8::internal::Invoke-2017-08-12
716713Container-overflow in SkSL::Compiler::addDefinitions$1,5002017-08-12
717935Use-of-uninitialized-value in approx_log2-2017-08-12
718977Crash in v8::internal::ScavengingVisitor<1,1>::EvacuateObject<1,0>-2017-08-12
670296Heap-buffer-overflow in v8::internal::Simulator::DecodeType3-2017-08-11
705385Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-08-11
718104Use of an invalid mutex in pthread_mutex_unlock-2017-08-11
713440Security: mixed content in <picture> isn't blocked-2017-08-10
716311Heap-buffer-overflow in SkSpecularLightingImageFilter::onFilterImage$1,0002017-08-10
717891Ill in v8::internal::ParserBase<v8::internal::Parser>::ParseClassPropertyDefinition-2017-08-10
686128Use-of-uninitialized-value in CRYPT_ArcFourSetup-2017-08-09
712163Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-08-09
713998Heap-buffer-overflow in CXFA_Object::IsNode-2017-08-09
716474Security: Use-after-poison in blink::FrameView::AdjustMediaTypeForPrinting$2,0002017-08-09
716706Stack-buffer-overflow in CFX_WideString::CFX_WideString-2017-08-09
716936Use-after-poison in v8::internal::wasm::ThreadImpl::Push-2017-08-09
716945Heap-use-after-free in blink::AudioBus::Zero$3,5002017-08-09
717056Ill in v8::internal::wasm::ErrorThrower::Reify-2017-08-09
717641Security: Fix ghostcript bug-2017-08-09
717845Use-after-poison in blink::LocalFrame::DomWindow-2017-08-09
716954Use-of-uninitialized-value in approx_log2-2017-08-07
485550Security: URL Spoof with link in pdf and slow url$2,0002017-08-05
712459Heap-use-after-free in blink::EventHandler::SelectAutoCursor$1,5002017-08-05
713190Heap-use-after-free in blink::LayoutBox::findAutoscrollable-2017-08-05
714311Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::ApplyStyleCommand::applyRelativeFontStyleChange;blink::ApplyStyleCommand::doApply$3,5002017-08-05
714442Security: Navigation from http: to file: etc. is possible (Android)-2017-08-05
716519Heap-use-after-free in CFX_WideString::operator-2017-08-05
707549Heap-use-after-free in printing::PrintWebViewHelper::RenderPageContent$3,0002017-08-04
709417Security: RTL character in URL flips domain and path (Android 4.2 and earlier)$3,0002017-08-04
715454Use-after-poison in v8::internal::wasm::ThreadImpl::DoStackTransfer-2017-08-04
716207Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy-2017-08-04
716266Use-of-uninitialized-value in approx_log2-2017-08-04
702041Crash in bilinear_interpol-2017-08-03
713545Use-of-uninitialized-value in blink::Notification::PrepareShow-2017-08-03
714819Heap-use-after-free in v8_inspector::V8InspectorSessionImpl::breakProgram-2017-08-03
715506CrOS: Vulnerability reported in app-admin/sudo-2017-08-03
715582Security: Out of bound read in FindSharedFunctionInfo (V8)$3,0002017-08-03
715883Heap-use-after-free in net::HttpCache::Transaction::DoCacheReadData-2017-08-03
715018Heap-use-after-free in views::View::RemoveObserver-2017-08-02
715201Global-buffer-overflow in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-08-02
715220Heap-buffer-overflow in v8::internal::TranslatedState::CreateNextTranslatedValue-2017-08-02
715218Heap-buffer-overflow in v8::internal::PreParsedScopeData::RestoreData-2017-08-02
715408Heap-buffer-overflow in PackBitsDecode-2017-08-02
672008Security: Extension's verification bypass-2017-08-01
678776Security: Content-Security-Policy reporting leaks the URL fragment$2,0002017-08-01
711889Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-08-01
713515Bad-cast to media::MediaLog from invalid vptr;media::LogHelper::~LogHelper;media::ADTSStreamParser::ParseFrameHeader-2017-08-01
714074Use-of-uninitialized-value in CPDF_PatchDrawer::Draw-2017-08-01
714426Heap-buffer-overflow in interp_lut-2017-08-01
714974Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy-2017-08-01
714980Use-of-uninitialized-value in approx_log2-2017-08-01
713686Security: Field validation bubbles can appear over the wrong tab$5002017-07-31
714003Crash in v8::internal::Invoke-2017-07-29
679306WebRTC crash (?) on appear.in$5002017-07-28
711020Security: DoCanonicalizeMailtoURL() fails to canonicalize characters leading to command injection$1,0002017-07-28
711260Use-of-uninitialized-value in CFX_SAXReader::ParseChar-2017-07-28
713651Heap-buffer-overflow in interp_lut-2017-07-28
711609Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::PrePaintTreeWalkContext::PrePaintTreeWalkContext;blink::PrePaintTreeWalk::Walk-2017-07-27
711638CrOS: Vulnerability reported in media-libs/tiff-2017-07-27
712624Stack-buffer-overflow in sw::Nucleus::createConstantVector-2017-07-27
712752Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect-2017-07-27
712639Stack-buffer-overflow in libGLESv2_swiftshader-2017-07-27
712839Heap-use-after-free in blink::LayoutBoxModelObject::hasSelfPaintingLayer-2017-07-27
712907Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-07-27
712910Use-after-poison in v8::internal::compiler::Node::AppendUse-2017-07-27
713175Stack-buffer-overflow in IntersectSides-2017-07-27
713184Heap-buffer-underflow in SkiaState::ClipRestore-2017-07-27
713330Heap-buffer-overflow in CFX_ClipRgn::IntersectMaskRect-2017-07-27
713336Heap-use-after-free in content::BlinkTestController::~BlinkTestController-2017-07-27
713472Crash in v8::internal::Invoke-2017-07-27
713453Use-of-uninitialized-value in parametric-2017-07-27
713473Heap-buffer-overflow in load_rgb_from_tables<0>-2017-07-27
711936Heap-buffer-overflow in GrBufferAllocPool::putBack-2017-07-26
711895Heap-buffer-overflow in read_big_endian_u32-2017-07-26
712835Crash in CFX_ImageTransformer::Continue-2017-07-26
702920Use-of-uninitialized-value in SkConic::evalAt-2017-07-25
706207Use-of-uninitialized-value in blink::Notification::prepareShow-2017-07-25
711459Use-of-uninitialized-value in CFX_ByteString::Compare-2017-07-25
702884Crash in sk_memset32-2017-07-24
704448Use-of-uninitialized-value in SkRect::setBoundsCheck-2017-07-24
704568Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading-2017-07-24
705193Stack-use-after-return in CFX_Font::GetFace-2017-07-24
705783Use-of-uninitialized-value in SkPath::operator=-2017-07-24
705821Use-of-uninitialized-value in SkPath::operator=-2017-07-24
711929Use-of-uninitialized-value in CFGAS_TextStream::InitStream-2017-07-23
703757Security: cherry-pick PDFium tiff security fixes to the Chrome OS tiff repo.-2017-07-22
706349CrOS: Vulnerability reported in media-libs/tiff-2017-07-22
710403CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-07-22
711876Heap-use-after-free in ScopedObserver<OmniboxPopupModel, OmniboxPopupModelObserver>::~ScopedObserver-2017-07-22
711890Global-buffer-overflow in GuessSizeForVSWPrintf-2017-07-22
711068Negative-size-param in sfntly::MemoryByteArray::InternalGet-2017-07-21
707071Security: getInstalledRelatedApps: timing attack can leak installed status-2017-07-20
710356Use-of-uninitialized-value in LayoutTestBrowserMain-2017-07-20
711113Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-07-20
711151Use-of-uninitialized-value in CFGAS_TextStream::InitStream-2017-07-20
711204Heap-buffer-overflow in CFX_SAXReader::ParseChar-2017-07-20
700690Use-of-uninitialized-value in decode_pce-2017-07-19
700673Use-of-uninitialized-value in get_object_type-2017-07-19
701754Use-of-uninitialized-value in decode_eld_specific_config-2017-07-19
709736Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::MediaStreamVideoSource::GetCurrentFormat;content::MediaStreamVideoTrack::getSettings-2017-07-19
709749Heap-buffer-overflow in cc::EndCompositingDisplayItem const& cc::DisplayItemList::CreateAndAppendPairedE-2017-07-19
709941Heap-buffer-overflow in SkColorLookUpTable::interp3D-2017-07-19
710813Use-of-uninitialized-value in decode_pce-2017-07-19
746427Are some tel: links a security issue on Android?-2017-07-19
709737Use-of-uninitialized-value in sqlite3VdbeExec-2017-07-18
709741Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2017-07-18
709738Use-of-uninitialized-value in DownloadHistory::OnDownloadUpdated-2017-07-18
744789CVE-2017-7526 gcrypt RSA side-channel-2017-07-17
702695Ill in blink::PropertyRegistration::registerProperty-2017-07-16
709784Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants-2017-07-16
708247Security: OOB access in RegExp Stubs-2017-07-15
709015Security: Possible arbitrary heap access through RegExp.prototype[@@match]-2017-07-15
706234Use-after-poison in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized-2017-07-14
707173Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::ResolutionSet::SelectClosestPointToIdealAspectRatio;content::ResolutionSet::SelectClosestPointToIdeal-2017-07-13
708383Bad-cast to CFDE_XMLElement from CFDE_XMLNode;XFA_FDEExtension_ResolveNamespaceQualifier;GetElementTagNamespaceURI-2017-07-13
708881Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2017-07-13
707479Heap-buffer-overflow in TryVSWPrintf-2017-07-12
708143[qcms] Fix overflow when reading parametric gamma curves-2017-07-12
708145[qcms] Only accept valid input ranges when reading VCGT tag-2017-07-12
707220Global-buffer-overflow in v8::internal::Simulator::DecodeType2-2017-07-11
707221Global-buffer-overflow in MemoryRead<unsigned-2017-07-11
707222Global-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate-2017-07-11
707410Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
707472Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
707537Use-of-uninitialized-value in OmniboxMetricsProvider::RecordOmniboxOpenedURL-2017-07-11
707595Heap-use-after-free in v8::internal::libc_memcpy-2017-07-11
740615Nonce stealing prevention (detecting "<script") bypass-2017-07-10
692731Heap-use-after-free in xmlAddID-2017-07-10
691726Security: Bypassing CORS restrictions using X-XSS-PROTECTION report value-2017-07-08
696623Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2017-07-08
705008Security: SEGV on unknown address 0x601ffe000c90 in SkNx_sse.h-2017-07-08
707146Stack-use-after-return in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized-2017-07-08
706244Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine-2017-07-07
706264Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine-2017-07-07
706346Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect-2017-07-07
706265Use-of-uninitialized-value in CompositeRow_Argb2Argb-2017-07-07
706396Use-of-uninitialized-value in CFX_Renderer::CompositeSpanARGB-2017-07-07
706525Crash in __tsan::CallUserSignalHandler-2017-07-07
704352Fix cross-origin security issue raised by PerformanceNavigationTiming.-2017-07-06
705938Roll libxml to e905f08123e4a6e7731549e6f09dadff4cab65bd-2017-07-06
705912Use-of-uninitialized-value in CFX_WideString::ReleaseBuffer-2017-07-06
705944Roll libxslt to ac341cbd792ee572941cc9a66e73800219a1a386-2017-07-06
705158Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>-2017-07-05
705280Use-of-uninitialized-value in sse2::blit_row_s32a_opaque-2017-07-05
705736Use-of-uninitialized-value in SkPath::isRectContour-2017-07-05
648117Security: Address bar spoof with location.replace()$5002017-07-04
704560Security: Form field validation bubbles can appear over the wrong tab$5002017-07-04
705131Heap-use-after-free in CFX_DIBitmap::PreMultiply-2017-07-04
703537CVE Vulnerability of lib expat 2.1.0-2017-07-03
693338Security: Heap-use-after-free in v8_inspector::protocol::Runtime::Frontend::consoleAPICalled-2017-07-01
693974Corrupted memory use in blink::visualRectForDisplayItem$1,0002017-07-01
705157Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion-2017-07-01
686253Security: Cross-origin pixel reading and history sniffing via SVG filter timing attack$2,0002017-06-30
637228Heap-buffer-overflow in big2_toUtf8-2017-06-30
640574(expat) Use-of-uninitialized-value in little2_nameMatchesAscii-2017-06-30
692378CSP bypass in domain "chrome://" via.bookmark?-2017-06-30
702934Heap-use-after-free in cr_png_set_longjmp_fn$3,5002017-06-30
704834Heap-buffer-overflow in SkiaState::ClipRestore-2017-06-30
703170Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants-2017-06-29
703397Heap-buffer-overflow in load_rgb_from_tables<Order::kRGBA_Order>-2017-06-29
703508Heap-buffer-overflow in gl::Framebuffer::getDrawBufferState-2017-06-29
703832Bad-free in gpu::MemoryBufferBacking::~MemoryBufferBacking-2017-06-29
703861Heap-buffer-overflow in gpu::gles2::SizedResult<unsigned int>::SetNumResults-2017-06-29
181623Security: Prevent url spoofing that relies on the omnibox being narrow-2017-06-28
702138CrOS: Vulnerability reported in dev-libs/libpcre-2017-06-28
702982Bad-cast to const DOMUint8ClampedArray' (aka 'const DOMTypedArray<WTF::Uint8ClampedArray, v8::Uint8ClampedArray>') from blink::DOMTypedArray<WTF::Uint16Array, v8::Uint16Array>;blink::ImageData::ImageData;blink::ImageData::createImageData-2017-06-28
700330CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-06-27
700836Security: SEGV on unknown address 0x7f9b9b71c828 in (anonymous namespace)::PixelAccessor$1,0002017-06-27
703395Heap-use-after-free in sqlite3DeleteTable-2017-06-27
698622UaF outside the sandbox (Print in onunload)$9,3372017-06-24
702058Security: ZDI-CAN-4587 - chrome OOB read (pwn2own 2017)-2017-06-24
689931CrOS: Vulnerability reported in media-libs/tiff-2017-06-23
694382Security: Heap-use-after-free in PrintPreviewHandler::HandleGetPreview$2,0002017-06-23
699166Security: heap-buffer-overflow hashtable.$3,0002017-06-23
701132Security: Username/password information for other people available on my account-2017-06-22
695826Security: type confusion in JSPropGetter of pdfium$3,0002017-06-21
697486Security: Heap-use-after-free in UsbChooserController::DisplayDevice$5,0002017-06-21
698151Use-of-uninitialized-value in net::HttpNetworkSession::SetServerPushDelegate-2017-06-21
700576Bad-cast to CFX_DIBitmap from invalid vptr;CCodec_ProgressiveDecoder::ReSampleScanline;CCodec_ProgressiveDecoder::BmpReadScanline-2017-06-21
701616Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::SVGString::calculateAnimatedValue;blink::SVGAnimateElement::calculateAnimatedValue-2017-06-21
699819Use-after-poison in blink::ExecutionContext::isContextDestroyed-2017-06-20
698455Heap-use-after-free in blink::LayoutBlockFlow::addOverhangingFloats-2017-06-19
700578Use-of-uninitialized-value in XSetWMSizeHints-2017-06-17
675450Use-of-uninitialized-value in gl::GPUTimingImpl::DoTimeStampQuery-2017-06-16
690821Security: Chrome accepts a certificate whose signature algorithms identifiers are different without any warning$5002017-06-16
672175Crash in libgobject-2.0.so.0-2017-06-15
698593Heap-use-after-free in _gdk_window_process_updates_recurse-2017-06-15
662767Security: LayoutBlock Security DCHECK FAILED$1,0002017-06-14
672847Security: Address spoofing when switching away from tab and back$2,0002017-06-14
694067Security: Out-Of-Bound read in Flash PCRE (regex engine)$2,0002017-06-14
698927Security: Tab Crash is seen on closing chooser bubbles (USB/Bluetooth)$5002017-06-14
699105Bad-cast to cc::PaintRecord from SkMiniPicture<SkRecords::DrawRect>;blink::GraphicsContext::endRecording;blink::DrawingRecorder::~DrawingRecorder-2017-06-14
619376Crash in mojo::InterfacePtr<media::mojom::blink::ImageCapture>::reset-2017-06-13
697847Security: heap-buffer-overflow in FlateUncompress$1,0002017-06-13
698141Heap-buffer-overflow in blink::readVersionEnvelope-2017-06-12
698497Use-of-uninitialized-value in v8::internal::compiler::NodeCache<int, v8::base::hash<int>, std::__1::equal_to<i-2017-06-12
698166Heap-use-after-free in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue-2017-06-12
698503Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant-2017-06-12
697859Stack-buffer-overflow in uloc_setKeywordValue_58-2017-06-09
695950Heap-use-after-free in blink::LayoutBlockFlow::determineStartPosition-2017-06-08
696918Heap-buffer-overflow in copyFTBitmap-2017-06-08
697191Use-of-uninitialized-value in v8::internal::wasm::LEBHelper::write_i32v-2017-06-08
697380Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant-2017-06-08
697530Crash in v8::internal::JSArrayBuffer::cast-2017-06-08
697532Crash in v8::internal::IsOutOfBoundsAccess-2017-06-08
697534Crash in v8::internal::JSArrayBufferView::WasNeutered-2017-06-08
667032Heap-buffer-overflow in bmp_decode_rle4-2017-06-07
675155Bad-cast to CFX_DIBitmap from invalid vptr;XFACodecFuzzer::Fuzz;_start-2017-06-07
680883Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-06-07
681908Use-of-uninitialized-value in FPDFAPI_inflate-2017-06-07
686434Heap-buffer-overflow in ps_table_add-2017-06-07
687062Memcpy-param-overlap in BDF_Face_Init-2017-06-07
688086Use-of-uninitialized-value in base::internal::JSONParser::ConsumeNumber-2017-06-07
693942Heap-buffer-overflow in CGifLZWDecoder::ClearTable-2017-06-07
694098Stack-use-after-scope in SkGradientShaderBase::commonAsAGradient-2017-06-07
694566Security: Crash with es6 modules and unresolvable cyclic export with export*-2017-06-07
696251Heap-buffer-overflow in v8::internal::Invoke$1,5002017-06-07
697269Heap-buffer-overflow in ps_table_add-2017-06-07
688104Stack-use-after-scope in ui::AXTree::DestroyNodeAndSubtree-2017-06-04
688876Crash in v8::internal::Invoke-2017-06-04
696090Heap-buffer-overflow in BilinearInterpFloat-2017-06-04
688655Use-of-uninitialized-value in ogg_find_codec-2017-06-03
690219Use-of-uninitialized-value in amr_read_header-2017-06-03
642691Adobe Flash Player NetStream Use-After-Free Remote Code Execution Vulnerability$3,0002017-06-02
678235Use-of-uninitialized-value in EvalSegmentedFn-2017-06-02
688425Security: www.google.fr marked as "secure" with a Microsoft SSL certificate$3,0002017-06-02
693096Use-of-uninitialized-value in base::time_internal::SaturatedAdd-2017-06-02
668724Security: Out of Bound Write/Invalid Pointer Write while parsing PDF$3,0002017-06-01
675617Heap-buffer-overflow in TetrahedralInterpFloat-2017-06-01
670457Security: [FG-VD-16-088] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability$1,0002017-05-30
691323Security: Information Leak in Array indexOf$2,0002017-05-30
688987Security: Heap Buffer OverFlow Vulnerability in Skia$1,0002017-05-28
692761Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::GetHelper-2017-05-28
692443Use-of-uninitialized-value in blink::LayoutBoxModelObject::hasSelfPaintingLayer-2017-05-28
693072Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::HandleGetBooleanv-2017-05-28
690775Security: Heap-use-after-free in ShareServiceImpl::OnPickerClosed$3,0002017-05-26
692274Incorrect-function-pointer-type in gl::InitializeANGLEPlatform-2017-05-26
594004Security: Adobe Flash Player PSDK Use After Free Vulnerability$5,0002017-05-25
620961Security: Adobe Flash MediaPlayerItemLoader.addEventListener Use After Free$3,0002017-05-25
620966Security: Adobe Flash MemoryProtector Heap Buffer Overflow$3,1332017-05-25
669136Security: [FG-VD-16-086] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability$5002017-05-25
668830Security: [FG-VD-16-084] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability$5002017-05-25
690216Heap-use-after-free in gpu::gles2::Texture::AddTextureRef-2017-05-25
691278heap-buffer-overflow in fx_codec_progress.cpp in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback-2017-05-25
691339Wild-access in blink::visualRectForDisplayItem-2017-05-25
692759Use-of-uninitialized-value in gpu::gles2::TextureRef::TextureRef-2017-05-25
716044V8: OOB write in Array.prototype.map builtin-2017-05-24
690218Heap-buffer-overflow in blink::TextRun::codepointAtAndNext-2017-05-24
690875Use-of-uninitialized-value in SkPDFShader::State::operator==-2017-05-23
691538Crash in v8::internal::FixedArray::set-2017-05-23
691196Bad-cast to blink::LayoutInline from blink::LayoutSVGText;blink::LineLayoutInline::lastLineBox;blink::LayoutBlockFlow::createLineBoxes$3,5002017-05-21
609961unprivileged renderers can send messages to arbitrary ports-2017-05-20
689507Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId-2017-05-20
681306CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-05-19
686481Heap-use-after-free in blink::visualRectForDisplayItem-2017-05-19
688569Security: Fix all ScriptWrappables stored in a static Persistent-2017-05-19
690744Bad-cast to v8::internal::compiler::Operator1<v8::internal::DeoptimizeReason, v8::internal::compiler::OpEqualTo<v8::internal::DeoptimizeReason>, v8::internal::compiler::OpHash<v8::internal::DeoptimizeReason> > from v8::internal::compiler::CommonOperatorGlobalCache::DeoptimizeIfOperator<(v8::internal::DeoptimizeKind)0, (v8::internal::DeoptimizeReason)37>-2017-05-19
681785CrOS: Vulnerability reported in net-nds/openldap-2017-05-18
683087Heap-use-after-free in views::MenuController::Cancel-2017-05-18
684625Security: CVE-2017-0403-2017-05-18
684626Security: CVE-2017-0404-2017-05-18
690124Security: Security bug in libtiff 4.0.6-2017-05-18
690139Security: CVE-2016-8468-2017-05-18
674365libtiff security holes unpatched in Chrome OS-2017-05-17
689078Crash in memchr-2017-05-17
687614Bad-cast to blink::BasePage from invalid vptr;v8::internal::GlobalHandles::Node::MakeWeak;blink::ScriptWrappable::setWrapper-2017-05-12
687826Bad-cast to blink::BasePage from invalid vptr;blink::Document::updateStyleAndLayoutTree;blink::shouldRepaintCaret-2017-05-12
687908Bad-cast to blink::BasePage from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<>-2017-05-12
687958Bad-cast to blink::BasePage from invalid vptr;blink::LocalFrame::spellChecker;blink::HTMLElement::attributeChanged-2017-05-12
677934Security: Privilege escalation via command execution in crosh / top$5,0002017-05-11
682135Crash in blink::WebFrameWidgetImpl::handleMouseDown-2017-05-11
687844window.external leaks the entire global object by way of the wrapper and also allows cross origin script access-2017-05-11
666229Security: Storage Manager - Memory corruption in mojo::internal::InterfacePtrState::Swap()$1,0002017-05-09
680409Security: Spoofing location object by overriding Symbol.toPrimitive$5002017-05-09
682570!escape_analysis_->IsVirtual(node) in escape-analysis-reducer.cc-2017-05-09
683040Use-of-uninitialized-value in Decode-2017-05-09
683211Use-of-uninitialized-value in av_malloc-2017-05-09
683406Security: UAF in WorkerThreadableLoader in Blink$3,0002017-05-09
685201Crash in GetCombinedHistogramEntropy-2017-05-09
686387Use-of-uninitialized-value in avio_seek-2017-05-09
683104Heap-use-after-free in blink::FloatingObject::FloatingObject-2017-05-07
683845Heap-use-after-free in layer-2017-05-06
683835Bad-cast to blink::EventTarget from blink::Bluetooth;blink::V8EventTarget::toImpl;blink::EventTargetV8Internal::addEventListenerMethodCallback-2017-05-06
684407<no crash state available>-2017-05-06
686027Crash in v8::internal::Invoke-2017-05-06
682551Global-buffer-overflow in CFDE_CSSTextBuf::GetChar-2017-05-05
683718Crash in v8::internal::FixedArray::set-2017-05-05
685579Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-05-05
678917Making long string occurs crash-2017-05-04
681300Crash in put1bitbwtile-2017-05-04
683156Security: Signed Integer Overflow in pdfium (openjpeg)-2017-05-04
683629Heap-buffer-overflow in xmlParseNameComplex-2017-05-04
684684Email Subject: ZDI-CAN-4429: New Vulnerability Report-2017-05-04
685086Crash in v8::internal::Simulator::DecodeType2-2017-05-04
685537Crash in FromAddress-2017-05-04
675209Crash in SkPixmap::erase-2017-05-03
679245Desktop web payments crash when closing a tab$5002017-05-03
679641Security: Out-of-bounds write in ChunkDemuxer (SAIO box)$3,0002017-05-03
679640Security: Out-of-bounds write in ChunkDemuxer (TRUN box)$3,0002017-05-03
679645Out-of-bounds write in ChunkDemuxer (ELST box)$3,0002017-05-03
679646Security: Out-of-bounds write in ChunkDemuxer (SBGP box)$1,0002017-05-03
679647Security: Out-of-bounds write in ChunkDemuxer (SGPD box)$1,0002017-05-03
679653Security: Out-of-bounds write in ChunkDemuxer (SDTP box)$1,0002017-05-03
681351Security: Heap-use-after-free in CPWL_Wnd::GetWindowMatrix$5,0002017-05-03
683773Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2017-05-03
673929Security: WebGL - Arbitrary memory read/write in GLES2Implementation::TexImage3D$2,0002017-05-02
680224Heap-use-after-free in blink::LayoutBox::getPaginationBreakability-2017-05-02
682673CSP bypass with * host in source expressions-2017-05-02
682873Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-05-02
682909Crash in v8::internal::StringCharacterStream::Reset-2017-05-02
682874Crash in v8::internal::wasm::GrowWebAssemblyMemory-2017-05-02
683493Stack-use-after-scope in blink::PropertyRegistry::registration-2017-05-02
683865Global-buffer-overflow in blink::BindingSecurity::shouldAllowAccessTo-2017-05-02
683533Use-of-uninitialized-value in SkOpAngle::insert$1,0002017-05-02
682194Security: Out-of-bounds read in V8 Array.concat$7,5002017-05-01
683072Bad-cast to test_runner::WebTestDelegatetest_runner::MockColorChooser::endChooser;blink::ColorChooserUIController::~ColorChooserUIController;blink::NormalPage::sweep-2017-05-01
678365Security: chronos user local file read$5002017-04-29
681843Security: Heap buffer overflow in V8 ValueDeserializer::ReadJSArrayBuffer()$5,5002017-04-29
615585Security: V2 apps can load web content in highly privileged app process-2017-04-28
648836Defend against long-running service workers-2017-04-28
670720Security: read heap overflow in libxslt xsltFunctionLocalTime()$5002017-04-28
677961Heap-use-after-free in base::ObserverListBase<content::MediaSessionObserver>::begin-2017-04-28
678947Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-04-28
681423Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo-2017-04-28
681350Crash in base::PersistentMemoryAllocator::AllocateImpl-2017-04-28
681369Heap-use-after-free in document-2017-04-28
681438crashed caused by a READ memory access on different addresses-2017-04-28
682020Security: WebGL - Use After Free in Buffer11::updateBufferStorage()$5,0002017-04-28
682100Use-after-poison in blink::ThreadHeap::popAndInvokeTraceCallback-2017-04-28
682219Heap-use-after-free in base::WaitableEvent::TimedWaitUntil-2017-04-28
642490Location Bar URL and SSL Spoofing Risk using "Confirm Form Resubmission" box and a targeted website which allow a redirect$1,0002017-04-27
680376Heap-buffer-overflow in CPDF_Document::FindPageIndex-2017-04-27
680941CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18-2017-04-27
681957Security: CVE-2016-8399-2017-04-27
682585Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse-2017-04-27
703750Near-homoglyph whole-script IDN spoofing-2017-04-26
558462Tracking bug for auditing-2017-04-26
558474IPC Issues: Bad DCHECKs-2017-04-26
558476PDFium audit-2017-04-26
652887Non-web-accessible extension resource can be loaded into a web renderer process-2017-04-26
669086Security: Circumvent CSP Header restrictions via about:blank$1,0002017-04-26
676755heap-buffer-overflow in SkPathRef::Iter::next$5,0002017-04-26
677738Container-overflow in void blink::TraceTrait<blink::HeapVectorBacking<blink::MediaKeySystemConfigurati-2017-04-26
677960Heap-double-free in g_error_free-2017-04-26
679649Security: potential UAF in pdfium timer$5002017-04-26
680244Heap-buffer-overflow in xmlParseNameComplex-2017-04-26
679915WebTaskRunner::postTask is thread unsafe-2017-04-26
680938Crash in v8::internal::MemoryChunk::heap-2017-04-26
681324Heap-use-after-free in ~ScopedMacroReenabler-2017-04-26
681462Heap-use-after-free in views::MenuController::SetSelection-2017-04-26
606374Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper-2017-04-25
679841Stack-buffer-overflow in v8::internal::DoubleToRadixCString$3,5002017-04-25
714628Security: Additional whole-script confusable domain label spoofing (Cyrillic)-2017-04-24
679098ImageLoader allows component rollbacks-2017-04-24
681420Crash in v8::internal::Invoke-2017-04-24
679484Security: CVE-2015-3288-2017-04-23
677800Multiple Linux Kernel CVE vulnerability reports-2017-04-23
616698Use-of-uninitialized-value in xmlDictLookup-2017-04-21
658194Security: Promise constructor can be used to bypass Function constructor restrictions-2017-04-21
673297[wasm] Illegal reuse of contexts-2017-04-21
675203Stack-buffer-overflow in AffixMgr::defcpd_check-2017-04-21
677716Security: Address spoofing in Omnibox with HTTPS lock$2,0002017-04-21
679485Security: CVE-2016-7042-2017-04-21
679490Security: CVE-2016-9754-2017-04-21
679643Security: Use after free in PDFium's Annot::name$3,5002017-04-21
679492Security: CVE-2014-9420-2017-04-21
680609Crash in v8::internal::Invoke-2017-04-21
680882Use-of-uninitialized-value in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer-2017-04-21
680633Crash in heap-2017-04-21
653071Use-of-uninitialized-value in TIFFReadDirectoryCheckOrder-2017-04-20
653095Use-of-uninitialized-value in TIFFReadDirectory-2017-04-20
656621Crash in put1bitbwtile-2017-04-20
667093Use-of-uninitialized-value in TIFFFillTile-2017-04-20
666973Use-of-uninitialized-value in TIFFReadDirEntryCheckedRational-2017-04-20
668851Use-of-uninitialized-value in tiff_read-2017-04-20
669035Use-of-uninitialized-value in decode_mcu_fast-2017-04-20
670928Use-of-uninitialized-value in tiff_seek-2017-04-20
676294Use-of-uninitialized-value in TIFFReadDirEntryFloatArray-2017-04-20
676975Security: Chrome webm rendering on OS X includes image artifacts from video memory$5002017-04-20
676853Use-of-uninitialized-value in FPDFAPI_inflate-2017-04-20
677047Use-of-uninitialized-value in TIFFFindField-2017-04-20
678035Security: chrome-devtools protocol allows to read the content of C:\ drive-2017-04-20
678551Use-of-uninitialized-value in chromium_jpeg_make_d_derived_tbl-2017-04-20
678461Security: PDFium OpenJPEG Use-After-Free Vulnerability$3,0002017-04-20
679230Use-of-uninitialized-value in TIFFFetchNormalTag-2017-04-20
679642Security: Use after free in PDFium's Field::page$3,0002017-04-20
680313Heap-use-after-free in v8::internal::Scope::is_function_scope-2017-04-20
662769use-after-poison content::WebURLLoaderImpl::Context::OnReceivedResponse-2017-04-19
663549Security: [FG-VD-16-075] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability$5002017-04-19
663551Security: [FG-VD-16-076] Adobe Flash Player Handling ATF Heap Overflow Vulnerability$5002017-04-19
664756Security: Crash in Adobe Flash Player (24.0.0.154)$5002017-04-19
679937Crash in v8::internal::MemoryChunk::heap-2017-04-19
678529Heap-buffer-overflow in _get_bitmap_surface-2017-04-19
712246Security: CSS :visited with mix-blend-mode can leak browser history-2017-04-19
683314Security: Whole-script confusable domain label spoofing (Cyrillic)$2,0002017-04-19
620679Heap-buffer-overflow in xmlDictComputeFastKey-2017-04-18
675205Heap-use-after-free in blink::visualRectForDisplayItem-2017-04-18
678706Potential execution of script inside forbidden scope in Animation-2017-04-18
669395Use-of-uninitialized-value in syncsearch-2017-04-15
675444Heap-buffer-overflow in S32_opaque_D32_filter_DX_SSSE3-2017-04-15
678962Bad-cast to safe_browsing::DownloadFileType from invalid vptr;blink::intMod;blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset-2017-04-15
667079Security: Information Leak through XSS Auditor$5002017-04-14
675109Heap-use-after-free in cc::SurfaceManager::Destroy-2017-04-14
677377Use-of-uninitialized-value in FPDFAPI_inflate_fast-2017-04-14
668138Use-of-uninitialized-value in OT::RangeRecord::cmp-2017-04-13
675150Heap-use-after-free in app_list::TileItemView::SetSelected-2017-04-13
676884Heap-buffer-overflow in GrTextUtils::DrawBmpPosText-2017-04-13
676921Security: XSS in https://chromium-cq-status.appspot.com-2017-04-13
676886Crash in v8::internal::FixedArray::set-2017-04-13
676974Heap-use-after-free in blink::LayoutObject::visualRect-2017-04-13
653555Security: Stealing data cross domain using proxies and stealing JSON data using UTF-16BE$3,0002017-04-12
677859Bad-cast to v8::internal::compiler::Operatoropcode;v8::internal::compiler::EscapeStatusAnalysis::Process;v8::internal::compiler::EscapeStatusAnalysis::RunStatusAnalysis-2017-04-12
662859Security: chrome-devtools protocol allows to read the content of C:\ drive$3,0002017-04-11
676767Use-after-poison in v8::internal::compiler::Node::RemoveUse-2017-04-11
677395Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2017-04-07
675176Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::LayoutInline::addChildIgnoringContinuation;blink::LayoutBox::clientLeft-2017-04-05
675124Bad-cast to blink::LayoutBox from blink::LayoutRubyAsInline;blink::LayoutObject::isRubyRun;blink::LayoutRubyAsInline::addChild-2017-04-05
677055Bad-cast to icu_58::DateFormat from icu_58::DecimalFormat;__RT_impl_Runtime_InternalDateFormatToParts;v8::internal::Runtime_InternalDateFormatToParts-2017-04-05
671102Security: Universal XSS through bypassing ScopedPageSuspender with closing windows$8,8372017-04-04
676560Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::dispatchTraceWrappers;blink::ScriptWrappableVisitor::AdvanceTracing-2017-04-01
676876Use-after-poison in blink::HTMLFormElement::reset-2017-04-01
676587Crash in v8::internal::Invoke-2017-03-31
671932Security: non-interactive request forcing$1,0002017-03-30
673971Security: Unicode hyphens in domain names are not blacklisted$2,0002017-03-30
674472CrOS: Vulnerability reported in app-arch/tar-2017-03-30
675178Heap-use-after-free in password_manager::FormFetcherImpl::OnGetPasswordStoreResults-2017-03-30
675332Security: heap-buffer-overflow in SkAlphaThresholdFilterImpl::onFilterImage$2,0002017-03-30
676276Use-of-uninitialized-value in SkOpBuilder::FixWinding-2017-03-30
673170Security: Universal XSS using late widget updates$8,0002017-03-29
675122Crash in mbsnrtowcs-2017-03-29
675237Use-after-poison in blink::HTMLFormElement::reset-2017-03-29
675208Crash in memchr-2017-03-29
675900Use-of-uninitialized-value in SkOpContour::rayCheck-2017-03-29
676060Use-of-uninitialized-value in approximately_between-2017-03-29
634108Security: Hijack navigation and spoofed alert dialog via. unbeforeload$5002017-03-28
666858No drag-and-drop events should fire in a same-page, cross-site frame (wrt drag source)-2017-03-28
667142AddressSanitizer: FPE v8/src/source-position-table.cc:37:9-2017-03-28
671328Security DCHECK failed: offset + length <= impl.length() in StringView.h-2017-03-28
675320Heap-double-free in CPDF_StreamParser::ReadInlineStream-2017-03-28
675132Use-of-uninitialized-value in SkOpPtT::addOpp-2017-03-28
668102Use-of-uninitialized-value in fclamp-2017-03-27
668814Use-of-uninitialized-value in EvalSegmentedFn-2017-03-27
665054Heap-buffer-overflow in TetrahedralInterpFloat-2017-03-26
675118Use-of-uninitialized-value in __msan::MsanAllocate-2017-03-26
675195Use-of-uninitialized-value in __msan::MsanAllocate-2017-03-26
653461Use-of-uninitialized-value in pr_UnlockedFindLibrary-2017-03-25
666284Security: renderer->extension privesc via sync-2017-03-25
666441Heap-use-after-free in SkCanvas::getDevice-2017-03-25
675072Stack-buffer-overflow in SkOpEdgeBuilder::walk-2017-03-25
676623Security: libxslt generation of text nodes integer overflow$3,0002017-03-24
670596Security: Same-name function declaration can overwrite window.location in Chrome 50+-2017-03-24
674203Security: Merge general javascript: UXSS fix to beta / stable-2017-03-24
624343Crash in SuggestMgr::leftcommonsubstring-2017-03-23
641841Stack-buffer-overflow in Hunspell::suggest-2017-03-23
673163Security: Form validation bubbles allow spoofing on other tabs$1,0002017-03-23
672791Crash in v8::internal::FixedArray::set-2017-03-23
673336Security: Stack-buffer-overflow in (anonymous namespace)::CalculateString$1,0002017-03-23
649270Use-of-uninitialized-value in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue-2017-03-22
663614Stack-buffer-overflow in Hunspell::suggest-2017-03-22
673244Crash in v8::internal::Simulator::DecodeType2$3,0002017-03-21
668552Security: Universal XSS by polluting private scripts with named properties$8,0002017-03-19
598812Security: Flash file creation omits Mark-of-the-Web, bypassing SmartScreen/AES-2017-03-17
643950Security: FFMPEG MP4 Decoder chrome_child!mov_read_hdlr heap allocation wrap-2017-03-17
663248Security: Web Worker - Memory corruption in CrossThreadPersistentRegion::prepareForThreadStateTermination()-2017-03-17
643951Security: FFMPEG MP4 Decoder chrome_child!mov_read_uuid heap allocation wrap-2017-03-16
643952Security: FFMPEG MP4 Decoder - Non-exploitable issues (3 Issues: 2 heap allocation wraps, and ~out-of-bounds access)-2017-03-16
474050Web content can navigate to chrome-extension:// pages-2017-03-15
554518Security: any UXSS bug on Android can be turned into a persistent RCE bug via the play store-2017-03-15
664551Pwnfest 2016 meta bug-2017-03-15
670927Heap-use-after-free in void blink::PODIntervalTree<blink::LayoutUnit, blink::FloatingObject*>::searchFo-2017-03-15
671312Use-after-poison in webrtc::BitrateAllocation::SetBitrate-2017-03-15
671037Use-after-poison in blink::WebSocketHandleImpl::OnFailChannel-2017-03-14
671327Heap-use-after-free in blink::LayoutObject::visualRect-2017-03-14
644632Component cloud policy signature validation missing-2017-03-11
663620Bypass unsafe-inline mode CSP-2017-03-11
670240Heap-use-after-free in data_use_measurement::ChromeDataUseAscriber::ReadyToCommitMainFrameNavigation-2017-03-11
656188Chrome allows kiosk app user to create directories and files without the app's knowledge-2017-03-10
668907Heap-buffer-overflow in SkAlphaRuns::Break-2017-03-10
669439CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8-2017-03-10
669392Heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels-2017-03-10
670438Use-of-uninitialized-value in net::LayeredNetworkDelegate::OnURLRequestDestroyed-2017-03-10
670546Heap-buffer-overflow in SkColorSpaceXform_XYZ<-2017-03-10
656752Security: Can navigate to attacker-created blob/filesystem URLs in chrome-extension process-2017-03-09
666714Onbeforeunload use after free$2,0002017-03-09
669534Heap-use-after-free in printing::PrintWebViewHelper::OnMessageReceived$1,5002017-03-09
647602Heap-use-after-free in blink::LayoutTextFragment::setTextFragment-2017-03-08
666616Heap-use-after-free in printing::PrintWebViewHelper::RequestPrintPreview-2017-03-08
667504WebRTC UsingFlexibleMode OOB memory write from picture id$3,0002017-03-08
668553Bad-cast to blink::LayoutBox from blink::LayoutBR;blink::PaintLayer::setNeedsCompositingInputsUpdate;blink::RootScrollerController::recomputeEffectiveRootScroller-2017-03-08
668665Security: XSS in chrome://apps (NTP) after drag and drop$5002017-03-08
668653Security: XSS in chrome://downloads, enables extensions to run any program$5,0002017-03-08
668784Heap-buffer-overflow in table_r$1,5002017-03-08
649359Shill proxy crash due to failure to set MSG_NOSIGNAL flag-2017-03-07
667493Minijail tty hijacking via TIOCSTI$5002017-03-07
668750Bad-cast to blink::DOMExceptionblink::GarbageCollectedFinalized<blink::DOMException>::finalizeGarbageCollectedObject;blink::NormalPage::sweep;blink::BaseArena::sweepUnsweptPage-2017-03-07
668848Use-after-poison in blink::EventListenerIterator::nextListener-2017-03-07
668970Security: Debugger API exposes UA shadow trees, and can cause bad-casts-2017-03-07
668510Crash in v8::internal::DoubleToRadixCString$5002017-03-04
667044Use-of-uninitialized-value in dec_build_inter_predictors-2017-03-03
668337Heap-use-after-free in v8_inspector::protocol::Runtime::DispatcherImpl::evaluate-2017-03-03
656485Security: Buffer Overflow in glBindBuffer$1,0002017-03-01
663476Security: Universal XSS through removing link elements$7,5002017-03-01
666246UA shadow DOM leak causes bad-cast to blink::HTMLSelectElement from blink::Text;blink::HTMLKeygenElement::shadowSelect;blink::HTMLKeygenElement::parseAttribute-2017-03-01
666794Global-buffer-overflow in libopus_decode_init-2017-03-01
666770Heap-buffer-overflow in ff_index_search_timestamp-2017-03-01
666874Use-of-uninitialized-value in check-2017-03-01
667068Use-of-uninitialized-value in fclamp-2017-03-01
667092Use-of-uninitialized-value in EvalSegmentedFn-2017-03-01
667260Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-03-01
667695Heap-buffer-overflow in table-2017-03-01
667694Heap-buffer-overflow in SetMatShaper-2017-03-01
666803Double-delete possible in WiFiDisplayMediaServiceImpl / WiFiDisplaySessionServiceImpl-2017-02-28
667157Use-of-uninitialized-value in v8::internal::compiler::Node::New-2017-02-27
666658Crash in v8::internal::Invoke-2017-02-27
658267Use-after-poison in v8::internal::List<v8::internal::FuncNameInferrer::Name, v8::internal::ZoneAlloc-2017-02-26
663726Use-after-free in ChromeExtensionsBrowserClient::GetOriginalContext upon opening menu after switching from incognito mode-2017-02-26
666486Use-of-uninitialized-value in unibrow::Utf8::CalculateValue-2017-02-25
666516Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-02-25
666517Heap-buffer-overflow in unibrow::Utf8::CalculateValue-2017-02-25
662730Stack-buffer-overflow in MaskAdditiveBlitter-2017-02-22
661126meta bug: Bypass unsafe-inline mode CSP-2017-02-22
662780Heap-buffer-overflow in next-2017-02-22
655902User-created BeforeInstallPromptEvent crashes when preventDefault() called-2017-02-21
661413Security: (libANGLE) Buffer Overflow in glUniform*v-2017-02-21
660498Security: Temporary addressbar spoof with PDF navigation to sites with long response time$2,0002017-02-21
664139Security: Bad-Casting in ArrayBuffer resulting in Out-Of-Bounds write vulnerability$5,0002017-02-21
664713Heap-use-after-free in app_list::TileItemView::SetSelected-2017-02-20
654090Security: libicu has buffer overflow in path traversal code-2017-02-19
664284Bad-cast to CPDF_Object from invalid vptr;CPDF_Creator::InitNewObjNumOffsets;CPDF_Creator::WriteDoc_Stage1-2017-02-19
664411Pwnfest 2016: Chrome V8 Private Property Re-assign issue (bug in fast-path of Object.assign)-2017-02-18
660854Security: Incorrect validation of CopyBufferSubData in ANGLE$1,0002017-02-17
664469Crash in v8::internal::Simulator::DecodeType3-2017-02-17
649645Security: BroadcastChannel - Use After Free in WeakReference::is_valid()$1,0002017-02-16
659474Pwn2own meta bug-2017-02-16
662905Heap-buffer-overflow in Break-2017-02-16
663362Use-after-poison in blink::IdTargetObserverRegistry::removeObserver-2017-02-16
663402Security: [arm] OOB r/w due to size computation bug in MacroAssembler::Allocate-2017-02-16
663795Heap-buffer-overflow in LinLerp1Dfloat-2017-02-16
664023Stack-buffer-overflow in IccLib_Translate-2017-02-16
630332CSP form-action seems to be ignored if target="_blank"-2017-02-15
649118TURN (via WebRTC) with via STUN_ERROR_TRY_ALTERNATE allows TCP connection with attacker-controlled data to localhost-2017-02-15
654265Heap-buffer-overflow in BilinearInterpFloat-2017-02-15
663048<a ping="..."> should be covered by connect-src CSP directive$5002017-02-15
663666Heap-use-after-free in CPDFSDK_WidgetHandler::ReleaseAnnot-2017-02-15
663609Crash in equal<blink::Member<blink::IdTargetObserver>,-2017-02-15
657282Heap-buffer-overflow in TetrahedralInterpFloat-2017-02-14
662303Bad-cast to blink::TraceWrapperV8Reference<v8::Value> from blink::TraceWrapperV8Reference<v8::Object>;blink::reportFatalErrorInMainThread;v8::Utils::ReportApiFailure-2017-02-14
662775Crash in void Sk4px::MapDstSrcAlpha<Sk4px-2017-02-14
663194Crash in sse2::blit_row_color32-2017-02-14
662410Crash in v8::internal::Invoke-2017-02-13
659492Android content: scheme allows cross-origin data exfiltration-2017-02-11
660760Use-after-poison in blink::PersistentBase<blink::DummyGCBase,-2017-02-11
652209Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewAura-2017-02-10
654172Security: PDFium (LibTIFF / XFA) Heap Buffer Overflow in FPDFAPI_inflate-2017-02-10
660262Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak-2017-02-10
640191Security: type confusion vulnerability in flash player latest version$3,0002017-02-09
645150Heap-buffer-overflow in v8::internal::Simulator::DecodeType3-2017-02-09
658440Attempting free in buffer_replace-2017-02-09
660678expose() leaks privateClass via Object[@@hasInstance]$1,0002017-02-09
661058Bad-cast to v8::Platform::TraceStateObserver from v8::tracing::TracingCategoryObserverImpl;blink::Node::mutationObserverRegistry;blink::Node::unregisterMutationObserver-2017-02-09
659489Pwn2Own: content: scheme allows cross-origin info leaks-2017-02-07
658555Heap-use-after-free in pp::MacroExpander::pushMacro-2017-02-06
660685Stack-buffer-overflow in MaskAdditiveBlitter-2017-02-05
659594Use-of-uninitialized-value in base::Pickle::WriteBytes-2017-02-04
615851Security: Timing attack on denormalized floating point arithmetic in SVG filters circumvents same-origin policy-2017-02-03
655152Heap-buffer-overflow in FPDFAPI_inflate_fast-2017-02-03
658494Heap-buffer-overflow in FPDFAPI_inflate-2017-02-03
657568Security: Heap-use-after-free in InspectedContext::createInjectedScript$1,5002017-02-03
657720Security:Chrome Address Bar URL Spoofing$5002017-02-03
653749Security: Bypass of same-origin policy via range requests in PDF plugin$7,5002017-02-02
658584Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo-2017-02-02
658516Heap-buffer-overflow in v8::internal::wasm::WasmDecoder::OpcodeLength-2017-02-02
658114Security: V8 OOB read/write in asm.js$5,0002017-02-02
659361Stack-buffer-overflow in tls1_set_curves-2017-02-02
659475Pwn2Own: V8 OOB Bug.-2017-02-02
659477Pwn2own: RenderViewImpl::LaunchAndroidContentIntent in renderer can open arbitrary content intent scheme urls-2017-02-02
625878Security: libsrtp is out of date and there are at least 2 known bugs in it-2017-02-01
656817Use-after-poison in virtual thunk to blink::Document::isHeapObjectAlive-2017-02-01
658535Security: Universal XSS using an <input type="color"> element$7,5002017-02-01
627748Security: libsrtp uses a non-constant-time HMAC comparison-2017-01-31
653134Security: chrome-devtools protocol allows to read the content of C:\ drive$3,0002017-01-31
653656Heap-buffer-overflow in WebRtcSpl_MaxIndexW16-2017-01-31
625475Security: type confusion in GuestViewInternalCustomBindings::RegisterElementResizeCallback-2017-01-28
655904Security: Universal XSS via fullscreen element updates$7,5002017-01-28
656823Heap-use-after-free in v8_inspector::V8ConsoleMessage::reportToFrontend-2017-01-28
658037Sync client -> server protection vulnerable to CRIME attack.-2017-01-28
656314Heap-use-after-free in blink::ScrollAnchor::clear-2017-01-27
657740Use-after-poison in blink::PersistentBase<blink::DummyGCBase,-2017-01-27
657411Crash in SkOpSpanBase::segment-2017-01-27
657793Use-of-uninitialized-value in ChromeSecurityStateModelClient::GetSecurityStyle-2017-01-27
657862Heap-use-after-free in base::debug::TaskAnnotator::RunTask-2017-01-27
657863Use-of-uninitialized-value in content::IndexedDBCallbacks::IOThreadHelper::SendSuccessInteger-2017-01-27
646610Security: Universal XSS using OOPIF$7,5002017-01-26
655686Chrome: Crash Report - content::WebContents::FromRenderFrameHost-2017-01-26
657281Bad-cast to content::RenderFrameHostImpl from invalid vptr-2017-01-26
657724Heap-use-after-free in content::WebContents::FromRenderFrameHost-2017-01-26
656274Security: Cross-origin object leak via fetch$5,0002017-01-25
643948Security: chrome_child!mov_read_keys - Heap corruption as a result of an off-by-1 zero allocation$5,5002017-01-24
650232Security: Sandbox blocking of navigation dangerous when victim uses JavaScript: urls-2017-01-24
652548Security: UNKNOWN in v8::internal::GlobalHandles::Node::Release$5002017-01-24
654676Crash in LinLerp1Dfloat-2017-01-24
654983Use-of-uninitialized-value in webrtc::DspHelper::PeakDetection-2017-01-24
656132Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary-2017-01-24
655990Heap-use-after-free in PDF_CreatorAppendObject-2017-01-24
656161Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary-2017-01-24
656162Heap-use-after-free in CPDF_Dictionary::GetDirectObjectFor-2017-01-24
654183Security: PDFium (XFA) Heap Buffer Overflow in CWeightTable::Calc$3,5002017-01-23
655632Heap-use-after-free in blink::LayoutGrid::layoutBlock-2017-01-23
656282Heap-use-after-free in CPDF_Object::Release-2017-01-22
629774Security: Integer overflow in use counter of scoped pointers.-2017-01-21
652276Iframe Spoofing via subframe navigation-2017-01-21
654199Heap-use-after-free in content::VideoCaptureController::RemoveClient-2017-01-21
654280Security: Use of unvalidated URL in PDF viewer$2,5002017-01-21
654279Security: PDFs can navigate to file:-URLs$1,0002017-01-21
655973Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2017-01-21
655991Heap-buffer-overflow in chrome_pdf::PDFiumEngine::Form_GetCurrentPage-2017-01-21
655672Crash in SkBitmap::copyPixelsTo-2017-01-20
652038Security: PDFium Signed Integer Overflow Bug-2017-01-19
653090Security: Heap-use-after-free in Field::UpdateFormField$3,0002017-01-19
653459Use-of-uninitialized-value in CPDFSDK_WidgetHandler::ReleaseAnnot-2017-01-18
654272Heap-use-after-free in CFX_SystemHandler::KillTimer-2017-01-18
654198Use-of-uninitialized-value in EvalSegmentedFn-2017-01-18
654308Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak-2017-01-18
630372Crash in base::debug::StackDumpExceptionFilter-2017-01-17
653779Captive portal interstitial shows neutral (i) icon, not red triangle-2017-01-17
654668Use-of-uninitialized-value in _start-2017-01-17
653748Security: uprev libcurl to 7.50.3-2017-01-16
653484Heap-use-after-free in media::DecryptingDemuxerStream::~DecryptingDemuxerStream-2017-01-15
637459Security: ping attribute in href is not following spec, leads to information disclosure-2017-01-14
653610Security: Internal functions leaked when DevTools is open$1,0002017-01-14
622323WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks-2017-01-13
653034Security: Leaking referrer using iframe (with referrer policy turned on)-2017-01-13
653298Double-delete in BatteryMonitorImpl-2017-01-13
651142Use-after-poison in blink::IndexedDBClient::from-2017-01-12
651702Use-after-poison in blink::LocalFileSystem::from-2017-01-12
651849Use-of-uninitialized-value in EvalSegmentedFn-2017-01-12
653096Use-of-uninitialized-value in AddValueForStrcmp-2017-01-12
599865Heap-buffer-overflow in parse_encoding-2017-01-11
621836Negative-size-param in XFACodecFuzzer::Reader::ReadBlock-2017-01-11
633885cross-origin restriction bypass in track tag src$1,0002017-01-11
643982Heap-use-after-free in base::subtle::RefCountedThreadSafeBase::Release-2017-01-11
644963Security: Read Access Violation on Control Flow at content::devtools::service_worker::ServiceWorkerHandler::UpdateHosts$5002017-01-11
645075Heap-use-after-free in content::OutputDeviceBacking::UnregisterOutputDevice-2017-01-11
648062Crash in default_terminate_handler-2017-01-11
651094Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer-2017-01-11
639126Security: UXSS introduced through bookmark containing user information$5002017-01-10
649340Heap-use-after-free in blink::PaintLayerScrollableArea::deregisterForAnimation-2017-01-10
651166Security: Buffer overread in Devtools / Blink JSON parsers-2017-01-10
651632Use-of-uninitialized-value in TIFFFetchDirectory-2017-01-10
652103Security: Heap-use-after-free in CPDFSDK_Document::RemovePageView$3,0002017-01-10
652127Use-of-uninitialized-value in blink::PropertyHandle::operator==$2,5002017-01-10
647024Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture-2017-01-07
651443Security: Histogram Type Confusion Crashes the Browser Process-2017-01-07
651714Crash in v8::internal::wasm::WasmCompiledModule::mem_size-2017-01-07
651758Bad-cast to v8::internal::LoadICNexus from v8::internal::LoadGlobalICNexus;v8::internal::LoadICNexus* v8::internal::IC::casted_nexus<v8::internal::LoadICNexus>;v8::internal::IC::ConfigureVectorState-2017-01-07
629006Crash in base::PendingTask::PendingTask-2017-01-05
640571Heap-use-after-free in WebsiteSettings::OnUIClosing-2017-01-05
646795Heap-use-after-free in id-2017-01-05
648048Heap-use-after-free in ui::AXNode::id-2017-01-05
650078Crash in v8::internal::Invoke-2017-01-05
601538Mark of the Web bypass in Chrome-2017-01-04
639702Chrome for Android - Quickly entering and exiting fullscreen allows for URL Spoofing$1,0002017-01-04
649659Security: Heap-use-after-free in CFFL_InteractiveFormFiller::OnSetFocus$3,0002017-01-04
650736Use-of-uninitialized-value in v8::internal::Simulator::ConditionPassed-2017-01-04
649039Security: ChromeOS Exploit persistence via symlink-2017-01-03
647919CrOS: Vulnerability reported in dev-libs/openssl-2017-01-03
649040Security: ChromeOS 1 byte write overflow in c-ares-2017-01-03
649097Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup-2017-01-03
649461Use-of-uninitialized-value in v8::internal::JSArrayBuffer::SetupAllocatingData-2017-01-03
649810Heap-buffer-overflow in blink::LazyLineBreakIterator::nextBreakablePositionIgnoringNBSP-2017-01-03
650404Security: OOB read/write in V8 using TypedArrays+Crankshaft+Turbofan-2017-01-03
490015Security: sendBeacon let's you send POST requests with arbitrary content type-2017-01-02