Avatar of this page

Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public.

Bugs can also be followed on Twitter: @BugsChromium or Mastodon.

Bugs disclosed in 2017

Options
# Summary $$$ Disclosure date
765512 Security: METHOD_LOCALTIME browser->renderer infoleak $3337 2017-12-31
616671 Security: PDFium: Yet Another Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline - 2017-12-30
705778 Android: Omnibox doesn't elide origins correctly - 2017-12-30
760032 Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline - 2017-12-30
765301 Crash in v8::internal::Invoke - 2017-12-30
765495 Security: heap-use-after-free ScriptProcessorHandler::FireProcessEvent $3000 2017-12-30
767052 Crash in v8::internal::Invoke - 2017-12-30
766957 Security: UAF in CPWL_Edit::OnChar $5000 2017-12-30
767959 Crash in v8::internal::Invoke - 2017-12-30
730379 Heap-buffer-overflow in displayP4 - 2017-12-29
656479 Security: heap-buffer-overflow in pdfium - 2017-12-28
766996 CrOS: Vulnerability reported in net-nds/openldap - 2017-12-28
750239 Security: IDN spoofing with Combining Dot Above U+0307 $500 2017-12-27
761710 Heap-use-after-free in v8::Shell::RealmCurrent - 2017-12-27
762904 CVE-2017-14156 CrOS: Vulnerability reported in Linux kernel - 2017-12-27
765871 CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #NUMBER in simplifi - 2017-12-27
765921 Security: UAF in CPWL_Caret::SetCaret $5000 2017-12-27
627300 Security: ChromeVox on ChromeOS uses HTTP without SSL for some requests: $500 2017-12-26
682707 Security: DCHECK failure in MessagePort destructor in Blink - 2017-12-26
764477 Security: Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250 - 2017-12-25
765433 Security: V8 JIT escape analysis bug $7500 2017-12-25
760445 Stack-buffer-overflow in content::BlinkTestController::OnAllServiceWorkersCleared - 2017-12-24
760455 Security: Use-after-free in CPWL_Edit::OnKillFocus() $3000 2017-12-23
764320 Heap-use-after-free in _ZN7logging22MakeCheckOpValueStringIPcEENSt3__19enable_ifIXaasr4base8internal23S - 2017-12-23
765647 Use-of-uninitialized-value in mojo::edk::Core::CreateDataPipe - 2017-12-23
765384 Security: UAF in CFFL_InteractiveFormFiller::OnBeforeKeyStroke $3000 2017-12-23
763842 Security: WebRtc - Heap Buffer Overflow in cricket::Codec::Matches() $1000 2017-12-22
764177 Security: PDFium Out-Of-Bounds Read in CJPX_Decoder::Decode $3000 2017-12-22
759354 Heap-use-after-free in blink::PaintLayerScrollableArea::Box - 2017-12-21
761615 CVE-2017-14051 CrOS: Vulnerability reported in Linux kernel - 2017-12-20
762487 Security: Broadcom WiFi firmware vulnerabilities CVE-2017-11122 CVE-2017-11120 - 2017-12-20
762903 CVE-2017-14140 CrOS: Vulnerability reported in Linux kernel - 2017-12-20
763645 CVE-2017-13715 CrOS: Vulnerability reported in Linux kernel - 2017-12-20
763683 DCHECK failure in !__isolate__->has_pending_exception() in runtime-proxy.cc - 2017-12-20
763724 Heap-use-after-free in SkImage::getTextureHandle - 2017-12-20
764425 CVE-2017-1000251: CrOS: Security: Blueborne vulnerabilities in bluetooth stacks - 2017-12-20
761278 Security DCHECK failure: !object || (object->IsARIARow()) in AXARIAGridRow.h - 2017-12-19
761801 Security: heap-use-after-free in WebAudio $3000 2017-12-19
762374 Security: PDFium Heap Buffer Overflow Vulnerability in OpenJPEG $6337 2017-12-19
762439 Security: Check brcmfmac to see whether bcmdhd vulnerabilities are present - 2017-12-19
763383 DCHECK failure in IsWasmExportedFunction(object) in wasm-objects.cc - 2017-12-19
764073 Unknown exception in RaiseException - 2017-12-19
764196 CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug - 2017-12-19
762874 Security: off by one in TurboFan range optimization for String.indexOf - 2017-12-18
759355 Use-of-uninitialized-value in blink::LayoutText::LocalSelectionRect - 2017-12-17
756563 Security: Out-Of-Bounds Read Vulnerability in Skia $1000 2017-12-16
759288 CrOS: Vulnerability reported in net-vpn/strongswan - 2017-12-16
762106 PDFium TIFF Image Flate Decoder Code Execution Vulnerability $2000 2017-12-16
763097 Security: One byte OOB write in DTLS - 2017-12-15
761831 DCHECK failure in !already_resolved_ in scopes.cc - 2017-12-14
762472 DCHECK failure in !isolate->has_pending_exception() in asm-js.cc - 2017-12-14
762451 CVE-2017-14106 CrOS: Vulnerability reported in Linux kernel - 2017-12-14
761617 Heap-use-after-free in blink::BaseAudioContext::IsDestinationInitialized - 2017-12-13
761626 Stack-buffer-overflow in FPDFText_GetText - 2017-12-13
761639 DCHECK failure in !receiver_map->IsJSGlobalObjectMap() in ic.cc - 2017-12-13
761654 CHECK failure: len->ToUint32(&int_l) in builtins-typedarray.cc - 2017-12-13
749031 CVE-2017-11472: CrOS: Vulnerability reported in Linux kernel - 2017-12-09
749032 CVE-2017-11473: CrOS: Vulnerability reported in Linux kernel - 2017-12-09
749033 CVE-2017-7542: CrOS: Vulnerability reported in Linux kernel - 2017-12-09
759287 CVE-2017-12762 CrOS: Vulnerability reported in Linux kernel - 2017-12-09
761126 Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::LayoutObject::ContainerForFixedPosition;blink::LayoutObject::Container - 2017-12-09
761376 Bad-cast to blink::LayoutBlock from blink::LayoutTableSection;blink::ReplaceSelectionCommand::DoApply;blink::CompositeEditCommand::Apply - 2017-12-09
761354 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSObject()) in objects-inl - 2017-12-09
611420 WebAccessibleResources take too long to make a decision about loading if the extension is installed - 2017-12-08
745580 Security: Chrome extensions UI does not respect IDN display policy - 2017-12-08
759224 Security: Memory Corruption in Chrome - 2017-12-08
759111 Security: Rendertron bugs - 2017-12-07
760116 DCHECK failure in scope_data->get(index_++) == static_cast<uint32_t>(name->length()) in preparsed- - 2017-12-07
760112 Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}' - 2017-12-07
760793 Use-of-uninitialized-value in InstantController::ResetInstantTab - 2017-12-07
740278 Unused attributes may be read out-of-bounds by drivers - 2017-12-06
749228 Security: buffer overrun in ReplaceSubstringsAfterOffset - 2017-12-06
752003 Security: URL spoofing via crafted flash file and UI overlay $1000 2017-12-06
754424 Use-of-uninitialized-value in Document::MergePartialFromCodedStream - 2017-12-06
756316 Heap-use-after-free in extensions::ExtensionMessageBubbleController::UpdateExtensionIdList - 2017-12-06
755854 afl_webcrypto_rsa_import_key_pkcs8_fuzzer <no crash state available> - 2017-12-06
759294 Heap-buffer-overflow in media::mp4::TrackRunIterator::IsSampleEncrypted - 2017-12-06
760035 Global-buffer-overflow in media::VideoDecodeStatsReporter::UpdateFrameRateStability - 2017-12-06
760049 Bad-cast to const media::mp4::VideoSampleEntry from invalid vptr;media::mp4::TrackRunIterator::Init;media::mp4::MP4StreamParser::ParseMoof - 2017-12-06
760268 DCHECK failure in __isolate__->has_scheduled_exception() in runtime-proxy.cc - 2017-12-06
598265 Security: Bypassing web_accessible_resources protections $500 2017-12-05
752423 [wasm] OOB access in v8 wasm after Symbol.toPrimitive overwrite $3000 2017-12-05
756289 Use-of-uninitialized-value in fclamp - 2017-12-05
757705 Security: heap-use-after-free(ProbeForLowSeverityLifetimeIssue) in PDFium - 2017-12-05
759624 V8 type confusion in Web Assembly [ $7500 2017-12-05
760056 Heap-use-after-free in TetrahedralInterpFloat - 2017-12-05
271996 SOP not observed for local storage for file: URLs - 2017-12-05
757199 DCHECK failure in result->owns_descriptors() in objects.cc - 2017-12-04
743135 Crash in TetrahedralInterpFloat - 2017-12-02
752725 Heap-buffer-overflow in TetrahedralInterpFloat - pdf_codec_icc_fuzzer - 2017-12-02
756523 Use-of-uninitialized-value in content::mojom::URLLoaderFactoryStubDispatch::Accept - 2017-12-02
757412 Bad-cast to content::ResourceMessageFilter from invalid vptr;content::ResourceMessageFilter::CreateLoaderAndStart;content::mojom::URLLoaderFactoryStubDispatch::Accept - 2017-12-02
758283 Heap-use-after-free in v8::debug::ConsoleDelegate::`vcall'{56}' - 2017-12-02
758472 DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod - 2017-12-02
749851 Bad-cast to media::WebMediaPlayerImpl from content::WebMediaPlayerMS;content::HtmlVideoElementCapturerSource::CreateFromWebMediaPlayerImpl;content::RendererBlinkPlatformImpl::CreateHTMLVideoElementCapturer - 2017-12-01
755007 conent_shell: Heap-use-after-free in net::NetLog::AddEntry - 2017-12-01
757217 DCHECK failure in !it.done() in module-compiler.cc - 2017-11-30
757506 UAF in in CPWL_ListCtrl::~CPWL_ListCtrl() - 2017-11-30
758096 CHECK failure: Representation inference: unsupported opcode 59 (Dead), node #5 in simplified-lo - 2017-11-30
755044 DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h - 2017-11-29
755056 Security: It is currently possible to sideload non Play Store apks on a Chromebook in Verified Boot (non-Dev) mode via adb. $500 2017-11-29
756522 Heap-use-after-free in blink::PaintController::CommitNewDisplayItems - 2017-11-29
747847 Security: CSP not inherited after navigation to JavaScript scheme uri $1000 2017-11-28
754145 Security: Access to freed stack memory in blink::PerformanceMonitor::Did() $500 2017-11-28
756733 Security: Out of bounds at FindSharedFunctionInfo in v8 $3000 2017-11-28
757227 CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug - 2017-11-28
757157 Crash in v8::internal::Invoke - 2017-11-26
752544 Heap-use-after-free in blink::PaintLayerScrollableArea::Box - 2017-11-25
754205 CrOS: CVE-2017-7533: Vulnerability reported in Linux kernel - 2017-11-25
753722 Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed - 2017-11-25
756332 DCHECK failure in !node->is_rewritten() in pattern-rewriter.cc - 2017-11-25
756608 ProxyHasProperty stub crashes when trap is a Smi $3500 2017-11-25
756959 Use-of-uninitialized-value in profiling::MemlogClient::~MemlogClient - 2017-11-25
756963 DCHECK failure in kMaxUInt32 != index_ in lookup.h - 2017-11-25
755501 Heap-use-after-free in media::PipelineIntegrationTestBase::CheckFirstAudioPacketTimestamp - 2017-11-24
734729 Compromised renderer can draw form validation bubbles over omnibox - 2017-11-23
752796 Unknown exception in KERNELBASE.dll after CPDF_Parser::ParseAndAppendCrossRefSubsectionData - 2017-11-23
732751 Security: Referer leakage in chrome debug protocol - 2017-11-22
751147 Heap-use-after-free in blink::InlineFlowBox::RemoveChild - 2017-11-22
527499 Security: SAN-01-001 Angular ngSanitize using Unicode Whitespace & innerHTML in Blink - 2017-11-21
740367 Use-after-poison in blink::EventListenerIterator::NextListener - 2017-11-21
746909 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h - 2017-11-21
749397 Heap-buffer-overflow in xmlSAX2AttributeNs - 2017-11-20
750430 Heap-buffer-overflow in xmlStrndup - 2017-11-20
752476 Heap-buffer-overflow in GetAt - 2017-11-19
675658 Security: Malicious WebGL page can capture and upload contents of other tabs $2000 2017-11-18
746517 alert() titles from apps leak to webpages in the same process $500 2017-11-18
750066 Security DCHECK failure: i < length_ in StringImpl.h - 2017-11-18
751193 Security DCHECK failure: offset + length <= text.TextLength() in TextRunConstructor.cpp - 2017-11-18
752480 Heap-buffer-overflow in CFX_WideString::GetAt - 2017-11-18
754231 Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath - 2017-11-18
754560 Heap-use-after-free in v8_inspector::InjectedScript::ProtocolPromiseHandler::cleanup - 2017-11-18
701724 Heap-buffer-overflow in v8::internal::Simulator::DecodeType2 - 2017-11-17
751789 DCHECK failure in !is_async_function() in parser-base.h - 2017-11-17
752494 Use-after-poison in blink::EventListenerMap::Add - 2017-11-17
753293 Bad-cast to blink::EventListenerblink::EventTarget::TraceWrappers;blink::TraceTrait<blink::AccessibleNode>::TraceMarkedWrapper;blink::ScriptWrappableVisitor::AdvanceTracing - 2017-11-17
753718 Bad-cast to blink::ScriptWrappableblink::DOMDataStore::SetReturnValueFast;blink::V8Window::namedPropertyGetterCustom;blink::V8Window::namedPropertyGetterCallback - 2017-11-17
754209 DCHECK failure in InOldSpace(object) || InNewSpace(object) in heap.cc - 2017-11-17
754518 <no crash state available> - 2017-11-17
724880 Heap-buffer-overflow in gfx::internal::TextRunHarfBuzz::GetClusterAt - 2017-11-16
752478 Use-of-uninitialized-value in check_edge_against_rect - 2017-11-16
752537 Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint - 2017-11-16
752715 Heap-use-after-free in blink::LayoutSelection::ClearSelection - 2017-11-16
752764 DCHECK failure in size <= SeqOneByteString::kMaxSize in heap.cc - 2017-11-16
752941 Heap-buffer-overflow in blink::TextIteratorTextState::AppendTextTo - 2017-11-16
752832 Heap-buffer-overflow in GrTextUtils::DrawDFPosText - 2017-11-16
753616 CHECK failure: Unexpected operator #59:(null) @ node #NUMBER in instruction-selector.cc - 2017-11-16
753813 Use-of-uninitialized-value in SkMatrix::computeTypeMask - 2017-11-16
753896 DCHECK failure in var->mode() == VAR in scopes.cc - 2017-11-16
754088 CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug - 2017-11-16
697481 Use-of-uninitialized-value in FPDFAPI_inflate - 2017-11-15
735448 CHECK failure: Code::WASM_TO_JS_FUNCTION == code->kind() in wasm-interpreter.cc - 2017-11-15
748472 Heap-use-after-free in ui::AXPlatformNodeWin::Destroy - 2017-11-15
749853 Use-after-poison in blink::EventListenerIterator::NextListener - 2017-11-15
750009 Heap-buffer-overflow in mov_read_trun - 2017-11-14
752149 Security: Arbitrary bad cast in optimized Javascript code $7500 2017-11-14
752481 CHECK failure: args[1]->IsJSReceiver() in runtime-object.cc - 2017-11-14
752491 Use-of-uninitialized-value in DES_set_key - 2017-11-14
752712 Crash in v8::internal::Invoke - 2017-11-14
752829 Security: PDFium calls PartitionFree() on heap memory returned by opj_calloc() $3500 2017-11-14
752833 Heap-buffer-overflow in SkGradientShaderBase::SkGradientShaderBase - 2017-11-14
752846 CHECK failure: args[2]->IsJSReceiver() in runtime-proxy.cc - 2017-11-14
766276 Security: persistence with cryptohomed stateful recovery - 2017-11-13
766275 Security: chronos to root with crash reporter and /tmp symlink - 2017-11-13
766271 Security: crosh to chronos with awk injection - 2017-11-13
766262 Security: privesc to war-extensions with PageState - 2017-11-13
766260 Security: WebAsm OOB ArrayBuffer - 2017-11-13
766253 Chrome OS exploit: WebAsm, Site Isolation, crosh, crash reporter, cryptohomed $100000 2017-11-13
752492 Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint - 2017-11-12
709464 Detecting the presence of extensions through timing attacks (including Incognito) - 2017-11-11
750993 Security: heap-use-after-free in PDFium $3000 2017-11-11
752177 Security: `String` not isolated from global in ReadableStream.js, allowing out-of-order JavaScript execution $1000 2017-11-11
752483 CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc - 2017-11-11
752496 Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath - 2017-11-11
777737 Security: Google Chrome renders text file as HTML under file:// protocol - 2017-11-10
741244 Heap-buffer-overflow in media::BitReaderCore::Refill - 2017-11-10
751062 CVE-2017-7541: CrOS: Vulnerability reported in Linux kernel - 2017-11-10
751672 CHECK failure: deopt_data->get(1)->ToInt32(&index) in wasm-interpreter.cc - 2017-11-10
751109 CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc - 2017-11-09
751403 Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow - 2017-11-09
751463 Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow - 2017-11-09
751404 Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow - 2017-11-09
751572 Use-of-uninitialized-value in blink::LayoutTableCell::ShouldClipOverflow - 2017-11-09
749260 Crash in _sk_gather_bgra_avx - 2017-11-08
749389 Heap-buffer-overflow in SkFindAndPlaceGlyph::ArbitraryPositions::nextPoint - 2017-11-08
749472 Crash in GrAtlasTextBlob::Run::SubRunInfo::maskFormat - 2017-11-08
749470 Crash in _sk_gather_bgra_avx - 2017-11-08
749895 Stack-buffer-overflow in add_aa_span - 2017-11-08
750016 Heap-use-after-free in blink::LayoutTableSection::RowHasVisibilityCollapse - 2017-11-08
750070 Use-of-uninitialized-value in SkTHashTable<SkGlyph, SkPackedGlyphID, SkGlyph::HashTraits>::Slot::empty - 2017-11-08
750072 Use-of-uninitialized-value in SkPackedID::operator== - 2017-11-08
750071 Use-of-uninitialized-value in tt_glyph_load - 2017-11-08
750416 Stack-use-after-return in saturated_add - 2017-11-08
750438 Stack-buffer-overflow in add_aa_span - 2017-11-08
751055 Stack-use-after-return in MaskSuperBlitter::blitH - 2017-11-08
751358 CHECK failure: heap()->InToSpace(object) in mark-compact.cc - 2017-11-08
751278 Crash in v8::internal::VerifyPointersVisitor::VisitPointers - 2017-11-08
714401 Security: NtQueryValueKey may not return null-terminated string - 2017-11-07
748362 Security: Heap-use-after-free in ViewCacheHelper - 2017-11-07
750420 Heap-buffer-overflow in GrTextUtils::DrawPosTextAsPath - 2017-11-07
750435 Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::EndNode<>;blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm - 2017-11-05
750440 Bad-cast to bssl::(anonymous namespace)::X25519KeyShare from invalid vptr;blink::V8PerContextData::CreateWrapperFromCacheSlowCase;blink::V8PerContextData::CreateWrapperFromCache - 2017-11-05
734278 Null-dereference READ in gpu_angle_passthrough_fuzzer - 2017-11-04
743082 CHECK failure: args[0]->IsJSPromise() in runtime-promise.cc - 2017-11-04
731138 Heap-double-free in celt_header - 2017-11-03
739621 Security: Address bar spoof (repro Issue 648117) $500 2017-11-03
742380 Heap-double-free in ogg_read_close - 2017-11-03
748942 Use-of-uninitialized-value in cc::PaintOpReader::Read - 2017-11-03
749703 Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock - 2017-11-03
749898 Crash in blink::ImageData::CropRect - 2017-11-03
748069 Crash in Append - 2017-11-02
748539 CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d - 2017-11-02
748695 Security: overly permissive policy for dbus services owned by chrome process - 2017-11-02
748856 Use-of-uninitialized-value in mojo::edk::ChannelPosix::WriteNoLock - 2017-11-02
696729 Incorrect-function-pointer-type in _hb_blob_destroy_user_data - 2017-11-01
734559 Security: ChromeOS PPD Import Check Buffer Overflow $1000 2017-11-01
739677 Security DCHECK failure: i < length_ in StringImpl.h - 2017-11-01
740591 Function expressions in initializers of for-of/in loops are incorrectly scoped - 2017-11-01
745130 Use-of-uninitialized-value in update_current_folder_get_info_cb - 2017-11-01
748426 CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc - 2017-11-01
748464 Heap-use-after-free in ui::AXPlatformNodeWin::Destroy - 2017-11-01
748465 Heap-use-after-free in ui::AXPlatformNodeWin::Destroy - 2017-11-01
748466 Heap-use-after-free in ui::AXPlatformNodeWin::Destroy - 2017-11-01
748469 Use-of-uninitialized-value in cc::LayerTreeHostImpl::SetContentHasNonAAPaint - 2017-11-01
735912 Security: Use-after-free in CPDFSDK_PageView::DeleteAnnot (XFA) $3000 2017-10-31
747979 DCHECK failure in !IsInplaceGeneralizableField(details.constness(), details.representation(), desc - 2017-10-31
747995 Security: WebAssembly signature map is racy - 2017-10-31
539018 the risk of the "auto-download" feature on Google Chrome - 2017-10-30
746835 Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback - 2017-10-30
746946 Security: Chrome Type Confusion leads to Code Execution - 2017-10-30
747374 CHECK failure: #38:JSStackCheck should be followed by IfSuccess/IfException, but is only follow - 2017-10-30
724785 CrOS: CVE-2017-0627 - Vulnerability reported in Linux kernel - UVC driver - 2017-10-28
730446 Heap-buffer-overflow in sbr_x_gen - 2017-10-28
739147 Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset - 2017-10-28
746769 Use-after-poison in blink::CSSPropertyAnimationUtils::ConsumeAnimationShorthand - 2017-10-28
747188 CHECK failure: (owning_instance) != nullptr in runtime-wasm.cc - 2017-10-28
737023 Security: Use-after-free in ResetPDFWindow(); $5000 2017-10-27
744584 Fatal error in ../../v8/src/compiler/representation-change.cc, line 1055 $3000 2017-10-27
747154 CHECK failure: #28:JSStackCheck should be followed by IfSuccess/IfException, but is only follow - 2017-10-27
747359 DCHECK failure in pending_layout_change_object_ == nullptr || pending_layout_change_object_ == obj - 2017-10-27
719835 Heap-use-after-free in blink::VisualRectForDisplayItem $2500 2017-10-26
737384 Incorrect-function-pointer-type in getManagedStaticMutex - 2017-10-26
742659 Use-of-uninitialized-value in v8::internal::WasmSharedModuleData::is_asm_js - 2017-10-26
743614 CrOS: CVE-2017-11176: Vulnerability reported in Linux kernel - 2017-10-26
746073 Container-overflow in CFX_SAXReaderHandler::OnTagEnter - 2017-10-26
746223 Unknown exception in RaiseException - 2017-10-26
674577 extensions: match_patterns not matching FQDN with trailing dot - 2017-10-25
740022 Crash in _sk_byte_tables_avx - 2017-10-25
745844 CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat - 2017-10-25
740784 CHECK failure: dependent_code()->IsEmpty(DependentCode::kPrototypeCheckGroup) in objects-debug. - 2017-10-24
743106 Global-buffer-overflow in SkImageInfo::unflatten - 2017-10-24
743622 DCHECK failure in HasLength() in shared-function-info-inl.h - 2017-10-24
744292 DCHECK failure in __isolate__->has_pending_exception() in runtime-module.cc - 2017-10-24
744700 Crash in Relaxed_Load - 2017-10-24
743301 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i - 2017-10-23
723158 CHECK failure: IrOpcode::kFrameState == state->op()->opcode() in instruction-selector.cc - 2017-10-22
740166 Crash in __crt_stdio_output::output_processor<wchar_t,class __crt_stdio_output::string_ou $3500 2017-10-22
740426 Heap-buffer-overflow in gl::Texture::getWidth - 2017-10-22
740776 Security: BroadPwn bug on Broadcom WiFi chipsets (CVE-2017-9417) - 2017-10-22
740603 Security: heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels $5000 2017-10-22
741750 [wasm] Signature confusion in function table import/export/init - 2017-10-22
742346 DCHECK failure in target->constructor_or_backpointer() == map in mark-compact.cc - 2017-10-22
742381 DCHECK failure in maybe_transition->elements_kind() != transition_elements_kind in objects.cc - 2017-10-22
742967 CrOS: CVE-2017-10810: Vulnerability reported in Linux kernel - 2017-10-22
735279 Crash in avx::memset32 - 2017-10-19
738763 CHECK failure: !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat - 2017-10-19
740803 Security: Use After Free in v8 $3000 2017-10-19
741604 Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp;call_init;call_init - 2017-10-19
481202 Security: BoringSSL ecdsa_sign_setup timing leak in the inversion of k - 2017-10-19
736633 Use-after-poison in v8::internal::compiler::InstructionSelector::EmitTableSwitch - 2017-10-18
740710 Security: service_manager{client_process} Capability Not Properly Enforced - 2017-10-18
741078 CHECK failure: map->IsMap() in spaces.cc - 2017-10-18
724093 Security: Multiple flaws relating to stack/heap clash attacks - 2017-10-17
735419 Multiple Security vulnerabilities in OpenVPN - 2017-10-17
736133 Heap-use-after-free in CFX_FaceCache::~CFX_FaceCache - 2017-10-17
738228 Matrix attributes are not bounds-checked - 2017-10-17
740325 CHECK failure: is_api_object in objects.cc - 2017-10-17
736195 Heap-buffer-overflow in SkiaState::ClipRestore - 2017-10-16
736574 Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading - 2017-10-16
740199 CHECK failure: Smi::IsValid(value) in objects.h - 2017-10-16
740509 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed(INCLUDE_DEFERRE - 2017-10-16
736907 Heap-buffer-overflow in CCodec_ProgressiveDecoder::ReSampleScanline - 2017-10-14
734245 Crash in void LoadImageRow< - 2017-10-13
734328 CrOS: CVE-2017-0651: Vulnerability reported in Linux kernel - 2017-10-13
736357 Security: Credential Manager API origin confusion - 2017-10-13
737932 CrOS: CVE-2017-1000364: Vulnerability reported in Linux kernel - 2017-10-13
738652 Heap-use-after-free in cc::Display::~Display - 2017-10-13
738596 Heap-use-after-free in blink::Text::TextLayoutObjectIsNeeded - 2017-10-13
738952 Null-dereference READ in MemoryRead<unsigned - 2017-10-13
739186 Crash in MemoryRead<unsigned - 2017-10-13
739190 Security: use-of-uninitialized-value in SkPathMeasure::distanceToSegment $1000 2017-10-13
737315 Effective TLD wildcarding for ExtensionSettings not working - 2017-10-12
738682 Use-of-uninitialized-value in SkShaderBase::Context::Context - 2017-10-12
738746 Use-of-uninitialized-value in SkMatrix::postConcat - 2017-10-10
735884 CrOS: CVE-2017-1000380: Vulnerability reported in Linux kernel - 2017-10-08
737530 CrOS: CVE-2017-1000365: Vulnerability reported in Linux kernel - 2017-10-08
737534 CrOS: CVE-2017-9605: Vulnerability reported in Linux kernel - 2017-10-08
737889 Heap-use-after-free in media::VpxVideoDecoder::MemoryPool::OnVideoFrameDestroyed - 2017-10-08
738703 Wild-access in blink::Text::TextLayoutObjectIsNeeded - 2017-10-08
737877 Crash in v8::internal::Invoke - 2017-10-07
772194 Heap-use-after-free in base::internal::WeakReference::is_valid - 2017-10-06
732407 Incorrect-function-pointer-type in hb_font_destroy - 2017-10-06
733940 Security: Form field validation bubbles can appear after navigating to another origin $500 2017-10-06
736639 Unknown-crash in es2::VertexDataManager::writeAttributeData - 2017-10-05
736943 Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::DispatchTraceWrappers;blink::TraceTrait<blink::Modulator>::TraceMarkedWrapper - 2017-10-05
737069 Security: Heap-buffer-overflow in v8::wasm $1000 2017-10-05
737529 Heap-buffer-overflow in chrome_pdf::PDFiumEngine::OnMouseUp - 2017-10-05
669751 Security: Potential integer overflow in memory allocation expression in TerminatedArray - 2017-10-04
725975 Heap-buffer-overflow in copyFTBitmap - 2017-10-04
737100 Heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState - 2017-10-04
737104 CHECK failure: entry.code_offset >= 0 in source-position-table.cc - 2017-10-04
722847 Crash in gldMergeScanlines2x2 - 2017-10-03
736567 CHECK failure: MachineRepresentation::kNone == input_info->representation() in simplified-lower - 2017-10-03
736588 Heap-buffer-overflow in SkiaState::AdjustClip - 2017-10-03
736621 CHECK failure: is_neuterable() in objects.cc - 2017-10-03
736624 Bad-cast to gl::Surface from egl::PBufferSurface;es2::Context::makeCurrent;egl::MakeCurrent - 2017-10-03
731669 Security: bypassing CORS by XHR + MemoryCache + ServiceWorker (Ver 2) - 2017-10-02
732779 CSP script-sample and report-uri together with Embedded Enforcement is harmful $500 2017-10-02
736233 Heap-use-after-free in (unknown) - 2017-10-01
704132 CHECK failure: size_ <= capacity_ in identity-map.cc - 2017-09-30
728654 CHECK failure: backing_store_[index++] == static_cast<uint32_t>(name->length()) in preparsed-sc - 2017-09-30
733548 Chrome broker PP_Instance overwrite in IPC handler OnMsgDidCreateInProcessInstance - 2017-09-30
733549 Chrome sandbox escape due to use of invalid PP_Instance in IPC handler OnMsgDidDeleteInProcessInstance $5000 2017-09-30
734016 CrOS: Vulnerability reported in net-fs/samba - 2017-09-29
735718 Use-of-uninitialized-value in webrtc::FuzzAudioProcessing - 2017-09-29
422987 Security: AppCache FALLBACK should be limited to sub-paths of manifest directory - 2017-09-28
718676 Security: Potential HTTPS downgrade attacks by abusing WWW mismatch redirect - 2017-09-28
726072 Enlarge stack guard gap in Linux kernel - 2017-09-28
734109 Heap-buffer-overflow in (unknown) - 2017-09-28
735771 Heap-use-after-free in v8::internal::WasmSharedModuleData::is_asm_js - 2017-09-28
728992 Heap-use-after-free in CFX_UnownedPtr<CPDF_ShadingPattern>::ProbeForLowSeverityLifetimeIssue - 2017-09-27
732200 Heap-use-after-free in blink::LayoutText::SetText - 2017-09-27
733146 Bad-cast to blink::LayoutObject from invalid vptr;blink::LayoutText::SetText;blink::LayoutTextFragment::SetTextFragment - 2017-09-27
733254 Heap-buffer-overflow in indexed_db::mojom::DatabaseStubDispatch::Accept - 2017-09-27
734108 CHECK failure: !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h - 2017-09-27
734348 Heap-use-after-free in blink::LayoutQuote::DetachQuote - 2017-09-27
550017 Security: Modal dialogs overlaying Fullscreen permission dialog $3000 2017-09-26
733467 Use-after-poison in blink::HTMLSlotElement::LazyReattachDistributedNodesIfNeeded - 2017-09-26
734344 Use-of-uninitialized-value in base::Pickle::WriteData - 2017-09-26
729597 Null-dereference READ in heap - 2017-09-25
729105 Security: Mac-only URL bar spoofing via HTTPS error interstitial? $500 2017-09-24
722261 Security: RSA key generation weakness in certain TPM models - 2017-09-23
732597 Heap-use-after-free in blink::PaintController::CommitNewDisplayItems - 2017-09-23
733245 Crash in InvalidParameter - util::printd calling wcsftime - 2017-09-23
733283 Bad-cast to blink::ResourceFinishObserver from invalid vptr;blink::NotifyFinishObservers;base::internal::Invoker<base::internal::BindState<void - 2017-09-23
733507 Use-after-poison in base::internal::FunctorTraits<void - 2017-09-23
733829 Crash in blink::FontCache::CrashWithFontInfo - 2017-09-23
727077 Security DCHECK failure in value.IsIdentifierValue() in CSSIdentifierValue.h - 2017-09-22
732039 Security: Use-after-free in CPDFSDK_WidgetHandler::OnLoad $3000 2017-09-22
732051 Security: UAF in CFFL_FormFiller::GetPDFWindow() $3000 2017-09-22
732322 Use-after-free in CFFL_InteractiveFormFiller::OnFormat $3000 2017-09-22
733218 Bad-cast to blink::HTMLElement from blink::SVGSVGElement;blink::FocusController::NextFocusableElementInForm;blink::InputMethodController::TextInputFlags - 2017-09-22
616670 Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::ReSampleScanline - 2017-09-21
731629 Use-of-uninitialized-value in ui::XVisualManager::XVisualManager - 2017-09-21
731351 Crash in v8::internal::Invoke - 2017-09-21
732533 Global-buffer-overflow in GuessSizeForVSWPrintf - 2017-09-21
733059 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea - 2017-09-21
733118 CHECK failure: 0 != hash_ in hash-table.h - 2017-09-21
733163 Heap-use-after-free in v8::internal::wasm::AsyncCompileJob::DecodeModule::Run - 2017-09-21
733282 Crash in blink::FocusController::NextFocusableElementInForm - 2017-09-21
733491 Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine - 2017-09-21
729041 Heap-use-after-free in CPWL_Wnd::Destroy - 2017-09-20
729957 Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate - 2017-09-20
732409 Use-after-poison in void blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<blink::LocalFrameV - 2017-09-20
730171 Security: Crash in WTF::ArrayBufferContents::FreeMemory() - 2017-09-19
732031 CrOS: Vulnerability reported in net-fs/samba - 2017-09-19
732169 Ill in v8::internal::TranslatedState::MaterializeCapturedObjectAt - 2017-09-19
729298 Use-of-uninitialized-value in blink::StringResourceBase::~StringResourceBase - 2017-09-18
728984 CrOS: CVE-2017-9074: Vulnerability reported in Linux kernel - 2017-09-16
729383 Heap-use-after-free in blink::PaintController::CommitNewDisplayItems - 2017-09-16
729979 Near homograph URL Spoofing with Arabic $1000 2017-09-16
731495 CHECK failure: args[0]->IsString() in runtime-strings.cc - 2017-09-16
728559 CrOS: CVE-2017-9077: Vulnerability reported in Linux kernel - 2017-09-15
728560 CrOS: CVE-2017-9242: Vulnerability reported in Linux kernel - 2017-09-15
728986 CrOS: CVE-2017-9076: Vulnerability reported in Linux kernel - 2017-09-15
728985 CrOS: CVE-2017-9075: Vulnerability reported in Linux kernel - 2017-09-15
730297 Security DCHECK failure in !root_parent->IsSVGElement() || !ToSVGElement(root_parent) ->elements_with_relat - 2017-09-15
731105 Crash in sw::Renderer::taskLoop (SwiftShader) - 2017-09-15
677933 Security: Symlinks allow arbitrary file access to chronos-accessible file system locations via file:// - 2017-09-14
728887 Security: IndexedDB OpenCursor UaF $10000 2017-09-14
729147 CHECK failure: (materialized) != nullptr in bytecode-register-optimizer.cc - 2017-09-14
729991 Security: Information Disclosure Issue in v8::wasm $4000 2017-09-14
730429 Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::MachineOperatorGlobalCache::LoadAnyTaggedOperator;OpParameter<v8::internal::compiler::FrameStateInfo>;OpParameter<v8::internal::compiler::FrameStateInfo> - 2017-09-14
730253 CHECK failure: 1 == OperatorProperties::GetFrameStateInputCount(node->op()) in node-properties. - 2017-09-14
730854 Use-of-uninitialized-value in v8::internal::compiler::StateValuesAccess::size - 2017-09-14
722126 Security: Chrome ᮏĂȘϱ buffer overflow in mount.exfat-fuse after a call to malloc(0) $3000 2017-09-13
728094 CrOS: Vulnerability reported in sys-libs/zlib - 2017-09-13
728983 Use-of-uninitialized-value in ui::XVisualManager::XVisualManager - 2017-09-13
728756 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!owned || FindObject(address)->IsHea - 2017-09-13
728987 CrOS: Vulnerability reported in sys-libs/zlib - 2017-09-13
728998 Use-of-uninitialized-value in libnss3.so - 2017-09-13
729302 Use-of-uninitialized-value in libglib-2.0.so.0 - 2017-09-13
696806 Security: Allowed to set AppCache-manifest under CSP: Sandbox / Fallback on full origin $2000 2017-09-12
724608 CHECK failure: !map->is_deprecated() in compilation-dependencies.cc - 2017-09-12
727008 CrOS: (CVE-2017-9150) Vulnerability reported in Linux kernel - 2017-09-12
728185 Security: Unknown memory corruption in HTML rendering. $500 2017-09-12
728718 Heap-use-after-free in ProbeForLowSeverityLifetimeIssue - 2017-09-09
716262 Security: Out of Bounds write in NSS (used on ChromeOS) - 2017-09-08
723796 Security: data-uris can be loaded on the top frame using a (failed) server redirect followed and a history back() $500 2017-09-08
724972 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSArrayBuffer()) in object - 2017-09-08
725032 Security: Use-after-free in IndexedDB Transactions $10500 2017-09-08
725743 CHECK failure: interrupt_address == isolate->builtins()->InterruptCheck()->entry() in full-code - 2017-09-08
726716 Heap-use-after-free in blink::LayoutText::SetText - 2017-09-08
728158 Bad-cast to CXFA_Object from CXFA_FM2JSContext;CXFA_ScriptContext::ToObject;CXFA_FM2JSContext::GetObjectDefaultValue - 2017-09-08
728669 Heap-use-after-free in CFX_UnownedPtr<CCodec_GifModule::Delegate>::ProbeForLowSeverityLifetimeIssue - 2017-09-08
724973 CHECK failure: is_valid in conversions-inl.h - 2017-09-07
727048 Heap-use-after-free in CPWL_ScrollBar::~CPWL_ScrollBar - 2017-09-07
727972 Use-of-uninitialized-value in libglib-2.0.so.0 - 2017-09-07
727999 Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary - 2017-09-07
728323 Heap-use-after-free in CFX_UnownedPtr<CCodec_BmpModule::Delegate>::ProbeForLowSeverityLifetimeIssue - 2017-09-07
708237 Security: ExternalInterface.addCallback works across isolated worlds - 2017-09-06
725660 [IDN Phishing] Use the "xn--fgb" character to hide the real URL: Block U+0620 on Mac only. $2000 2017-09-06
726067 Compromised renderer can upload arbitrary files - 2017-09-06
726755 Heap-use-after-free in CFX_BitmapComposer::~CFX_BitmapComposer - 2017-09-06
726887 Heap-use-after-free in CFX_UnownedPtr<CCodec_TiffContext>::Probe - 2017-09-06
727218 CHECK failure: is_resolved() in ast.h - 2017-09-06
727245 Stack-use-after-return in CCodec_Jbig2Context::~CCodec_Jbig2Context - 2017-09-06
724884 Heap-use-after-free in v8::Shell::CreateRealm - 2017-09-05
725226 Crash in v8::internal::Invoke - 2017-09-05
725865 CHECK failure: (index >= 0) && (index < this->length()) in objects-inl.h - 2017-09-05
727090 Crash in v8::internal::Stats_Runtime_AllocateInNewSpace - 2017-09-05
725884 Use-of-uninitialized-value in ui::XVisualManager::XVisualManager - 2017-09-03
726710 Heap-use-after-free in blink::NodeListsNodeData::AddCache<blink::DocumentNameCollection> - 2017-09-03
726989 Heap-use-after-free in ??$insert@U?$HashMapTranslator@U?$HashMapValueTraits@U?$HashTraits@U?$pair@EPAVS - 2017-09-03
681740 Security: URL Spoofing (with HTTPS lock) by focusing the omnibox while changing the location hash and calling a modal dialog $1000 2017-09-02
725537 CHECK failure: map()->is_callable() in objects-debug.cc - 2017-09-02
726220 Use-after-poison in blink::SVGImage::ServiceAnimations - 2017-09-02
726253 Heap-use-after-free in IsEmpty - 2017-09-02
726299 CrOS: Vulnerability reported in media-libs/tiff - 2017-09-02
726503 Heap-use-after-free in CPDF_Parser::SetEncryptHandler - 2017-09-02
726622 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()) in objects-i - 2017-09-02
726636 Crash in v8::internal::Simulator::DecodeType2 - 2017-09-02
726653 Stack-use-after-return in CJBig2_Context::~CJBig2_Context - 2017-09-02
726728 Heap-use-after-free in CPDF_ShadingPattern::~CPDF_ShadingPattern - 2017-09-02
726732 Heap-use-after-free in Probe - 2017-09-02
726891 Heap-use-after-free in CFX_UnownedPtr<CPDF_ColorSpace>::Probe - 2017-09-02
726833 Heap-use-after-free in CFX_UnownedPtr<CJBig2_ArithDecoder>::Probe - 2017-09-02
720311 CHECK failure: isolate_status.count(args.GetIsolate()) == 1 in d8.cc - 2017-09-01
724606 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length() - 2017-09-01
724640 Heap-use-after-free in Probe - 2017-09-01
725017 CrOS: CVE-2017-8924 - Vulnerability reported in Linux kernel - usb edge_bulk_in_callback - 2017-09-01
725018 CrOS: CVE-2017-8925 - Vulnerability reported in Linux kernel - usb omninet_open - 2017-09-01
725201 CHECK failure: fixed_array->IsDictionary() in objects-inl.h - 2017-09-01
725929 Use-of-uninitialized-value in std::__1::pair<WTF::KeyValuePair<std::__1::pair<unsigned char, WTF::StringImpl*> - 2017-09-01
726080 NTLM implementation can have security downgraded by bad server - 2017-09-01
726276 Heap-use-after-free in blink::LayoutText::SetText - 2017-09-01
724460 Heap-use-after-free in CPDF_ImageCacheEntry::~CPDF_ImageCacheEntry - 2017-08-31
725974 Heap-use-after-free in blink::LayoutText::SetText - 2017-08-31
592686 Wrong tab goes fullscreen - 2017-08-30
716995 CrOS: Vulnerability reported in media-libs/freetype - 2017-08-30
722130 Heap-buffer-overflow in __printf_chk - 2017-08-30
722639 IDN URL Spoofing with TIFINAGH LETTER YAN $1000 2017-08-30
724768 CrOS: CVE-2017-0605 - Vulnerability reported in Linux kernel - kernel trace subsystem - 2017-08-30
724788 CrOS: CVE-2017-0630 - Vulnerability reported in Linux kernel - trace subsystem - 2017-08-30
656417 Security: Omnibox scrolls RTL domains off-screen (spoofing) $1000 2017-08-29
721731 CrOS: Vulnerability reported in Linux kernel - 2017-08-29
723582 CrOS: Vulnerability reported in media-libs/tiff - 2017-08-29
724829 <no crash state available> - 2017-08-29
724893 Heap-use-after-free in CFX_UnownedPtr<IJS_EventContext>::~CFX_UnownedPtr - 2017-08-29
724892 Heap-use-after-free in CFX_UnownedPtr<CXFA_PDFFontMgr>::~CFX_UnownedPtr - 2017-08-29
724960 Container-overflow in CFX_UnownedPtr<unsigned char const>::Probe - 2017-08-29
724637 Bus in CGifLZWDecoder::AddCode - 2017-08-28
697394 CrOS: Vulnerability reported in media-libs/libpng - 2017-08-26
697890 Heap-buffer-overflow in CGifLZWDecoder::ClearTable - 2017-08-26
702030 Security: chronos user local file read (ImageBurner) - 2017-08-26
716803 Use of an invalid mutex in pthread_mutex_unlock - 2017-08-26
723625 Use-of-uninitialized-value in CPDF_CMap::GetNextChar - 2017-08-26
724405 Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe - 2017-08-26
724500 Heap-buffer-overflow in CFX_UnownedPtr<unsigned int const>::Probe - 2017-08-26
722756 Type Confusion In Chrome Lead to RCE $7500 2017-08-25
723802 Ill in v8::internal::compiler::Verifier::Visitor::Check - 2017-08-25
723644 Heap-use-after-free in ~CFX_UnownedPtr - 2017-08-25
724021 CrOS: Vulnerability reported in Linux kernel - 2017-08-25
618021 Use-of-uninitialized-value in u_strToUTF8WithSub_56 - 2017-08-24
654173 Security: PDFium (XFA) Heap Buffer Overflow in CGifLZWDecoder::AddCode - 2017-08-24
722124 Use-of-uninitialized-value in u_strToUTF8WithSub_59 - 2017-08-24
722785 CrOS: Vulnerability reported in Linux kernel - 2017-08-24
723503 Security: Mismatched Origin Display in WebUSB and WebBluetooth Permissions Dialogs $500 2017-08-24
724022 CrOS: Vulnerability reported in dev-libs/openssl - 2017-08-24
722071 Heap-buffer-overflow in PackBitsDecode - 2017-08-23
710400 Permission Prompt not correctly dismissed on top window navigation - 2017-08-22
721579 Security: FLAG_SECURE not used on Android for credit cards pre-fills - 2017-08-22
721988 Security: Heap-use-after-free in payments::`anonymous namespace'::SheetView::RequestFocus $500 2017-08-22
722115 Heap-buffer-overflow in CGifLZWDecoder::ClearTable - 2017-08-22
711505 Security: Attacker Can Control Cookies in Chrome - 2017-08-21
722027 CrOS: Vulnerability reported in Linux kernel - 2017-08-21
722026 CrOS: Vulnerability reported in Linux kernel - 2017-08-21
721925 Security: Linux kernel CVE-2017-7895 - 2017-08-20
698693 Use-of-uninitialized-value in base::internal::JSONParser - 2017-08-19
719199 Security: disallow "Canadian Syllabics" unicode block from IDN domains $1000 2017-08-19
721789 <no crash state available> - 2017-08-19
658599 Heap-use-after-free in blink::HTMLMediaElement::startPlayerLoad - 2017-08-18
695830 Security: release assert trigger in pdfium - 2017-08-18
716510 Use-after-poison in void blink::FrameView::forAllNonThrottledFrameViews<blink::FrameView::updateLife - 2017-08-18
718946 URL Spoofing when access to initial document is not reported to browser process - 2017-08-18
721624 Use-of-uninitialized-value in run_analysis - 2017-08-18
663991 Security: sdcardfs stack overflow potentially leading to kernel code execution - 2017-08-17
711772 Subframe navigations can be used to add domains to history - 2017-08-17
714849 Security: Field validation bubbles can appear over the wrong tab with using print() - 2017-08-17
718526 Security: depthcharge write_sparse_image potential oob reads - 2017-08-17
720351 Use-of-uninitialized-value in gif_decode_extension - 2017-08-17
698082 Heap-buffer-overflow in CGifLZWDecoder::ClearTable - 2017-08-16
714196 Security: Domain spoofing thanks to U+0F8C rendered as 'space' on Mac $2000 2017-08-16
718498 Bad-cast to CXFA_ContainerLayoutItem from CXFA_FFSubForm;CXFA_LayoutPageMgr::MergePageSetContents;CXFA_LayoutPageMgr::SyncLayoutData - 2017-08-16
719291 Stack-buffer-overflow in sw::Nucleus::createConstantVector - 2017-08-16
719720 Stack-buffer-overflow in libGLESv2_swiftshader - 2017-08-16
714440 Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor - 2017-08-15
717476 Security: Chrome PaymentRequestAPI Payment-Origin Spoof - 2017-08-15
677817 Security: crosh shell sandbox escape - 2017-08-12
709327 Security: Crash in blink::ThreadHeap::isHeapObjectAlive - 2017-08-12
708819 Security: Heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing $500 2017-08-12
714580 Crash in v8::internal::Invoke - 2017-08-12
716713 Container-overflow in SkSL::Compiler::addDefinitions $1500 2017-08-12
717935 Use-of-uninitialized-value in approx_log2 - 2017-08-12
718977 Crash in v8::internal::ScavengingVisitor<1,1>::EvacuateObject<1,0> - 2017-08-12
670296 Heap-buffer-overflow in v8::internal::Simulator::DecodeType3 - 2017-08-11
705385 Heap-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate - 2017-08-11
718104 Use of an invalid mutex in pthread_mutex_unlock - 2017-08-11
713440 Security: mixed content in <picture> isn't blocked - 2017-08-10
716311 Heap-buffer-overflow in SkSpecularLightingImageFilter::onFilterImage $1000 2017-08-10
717891 Ill in v8::internal::ParserBase<v8::internal::Parser>::ParseClassPropertyDefinition - 2017-08-10
686128 Use-of-uninitialized-value in CRYPT_ArcFourSetup - 2017-08-09
712163 Use-of-uninitialized-value in OT::RangeRecord::cmp - 2017-08-09
713998 Heap-buffer-overflow in CXFA_Object::IsNode - 2017-08-09
716474 Security: Use-after-poison in blink::FrameView::AdjustMediaTypeForPrinting $2000 2017-08-09
716706 Stack-buffer-overflow in CFX_WideString::CFX_WideString - 2017-08-09
716936 Use-after-poison in v8::internal::wasm::ThreadImpl::Push - 2017-08-09
716945 Heap-use-after-free in blink::AudioBus::Zero $3500 2017-08-09
717056 Ill in v8::internal::wasm::ErrorThrower::Reify - 2017-08-09
717641 Security: Fix ghostcript bug - 2017-08-09
717845 Use-after-poison in blink::LocalFrame::DomWindow - 2017-08-09
716954 Use-of-uninitialized-value in approx_log2 - 2017-08-07
485550 Security: URL Spoof with link in pdf and slow url $2000 2017-08-05
712459 Heap-use-after-free in blink::EventHandler::SelectAutoCursor $1500 2017-08-05
713190 Heap-use-after-free in blink::LayoutBox::findAutoscrollable - 2017-08-05
714311 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::ApplyStyleCommand::applyRelativeFontStyleChange;blink::ApplyStyleCommand::doApply $3500 2017-08-05
714442 Security: Navigation from http: to file: etc. is possible (Android) - 2017-08-05
716519 Heap-use-after-free in CFX_WideString::operator - 2017-08-05
707549 Heap-use-after-free in printing::PrintWebViewHelper::RenderPageContent $3000 2017-08-04
709417 Security: RTL character in URL flips domain and path (Android 4.2 and earlier) $3000 2017-08-04
715454 Use-after-poison in v8::internal::wasm::ThreadImpl::DoStackTransfer - 2017-08-04
716207 Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy - 2017-08-04
716266 Use-of-uninitialized-value in approx_log2 - 2017-08-04
702041 Crash in bilinear_interpol - 2017-08-03
713545 Use-of-uninitialized-value in blink::Notification::PrepareShow - 2017-08-03
714819 Heap-use-after-free in v8_inspector::V8InspectorSessionImpl::breakProgram - 2017-08-03
715506 CrOS: Vulnerability reported in app-admin/sudo - 2017-08-03
715582 Security: Out of bound read in FindSharedFunctionInfo (V8) $3000 2017-08-03
715883 Heap-use-after-free in net::HttpCache::Transaction::DoCacheReadData - 2017-08-03
715018 Heap-use-after-free in views::View::RemoveObserver - 2017-08-02
715201 Global-buffer-overflow in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer - 2017-08-02
715220 Heap-buffer-overflow in v8::internal::TranslatedState::CreateNextTranslatedValue - 2017-08-02
715218 Heap-buffer-overflow in v8::internal::PreParsedScopeData::RestoreData - 2017-08-02
715408 Heap-buffer-overflow in PackBitsDecode - 2017-08-02
672008 Security: Extension's verification bypass - 2017-08-01
678776 Security: Content-Security-Policy reporting leaks the URL fragment $2000 2017-08-01
711889 Heap-buffer-overflow in CFX_SAXReader::ParseChar - 2017-08-01
713515 Bad-cast to media::MediaLog from invalid vptr;media::LogHelper::~LogHelper;media::ADTSStreamParser::ParseFrameHeader - 2017-08-01
714074 Use-of-uninitialized-value in CPDF_PatchDrawer::Draw - 2017-08-01
714426 Heap-buffer-overflow in interp_lut - 2017-08-01
714974 Use-of-uninitialized-value in CFX_SeekableStreamProxy::CFX_SeekableStreamProxy - 2017-08-01
714980 Use-of-uninitialized-value in approx_log2 - 2017-08-01
713686 Security: Field validation bubbles can appear over the wrong tab $500 2017-07-31
714003 Crash in v8::internal::Invoke - 2017-07-29
679306 WebRTC crash (?) on appear.in $500 2017-07-28
711020 Security: DoCanonicalizeMailtoURL() fails to canonicalize characters leading to command injection $1000 2017-07-28
711260 Use-of-uninitialized-value in CFX_SAXReader::ParseChar - 2017-07-28
713651 Heap-buffer-overflow in interp_lut - 2017-07-28
711609 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::PrePaintTreeWalkContext::PrePaintTreeWalkContext;blink::PrePaintTreeWalk::Walk - 2017-07-27
711638 CrOS: Vulnerability reported in media-libs/tiff - 2017-07-27
712624 Stack-buffer-overflow in sw::Nucleus::createConstantVector - 2017-07-27
712752 Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect - 2017-07-27
712639 Stack-buffer-overflow in libGLESv2_swiftshader - 2017-07-27
712839 Heap-use-after-free in blink::LayoutBoxModelObject::hasSelfPaintingLayer - 2017-07-27
712907 Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer - 2017-07-27
712910 Use-after-poison in v8::internal::compiler::Node::AppendUse - 2017-07-27
713175 Stack-buffer-overflow in IntersectSides - 2017-07-27
713184 Heap-buffer-underflow in SkiaState::ClipRestore - 2017-07-27
713330 Heap-buffer-overflow in CFX_ClipRgn::IntersectMaskRect - 2017-07-27
713336 Heap-use-after-free in content::BlinkTestController::~BlinkTestController - 2017-07-27
713472 Crash in v8::internal::Invoke - 2017-07-27
713453 Use-of-uninitialized-value in parametric - 2017-07-27
713473 Heap-buffer-overflow in load_rgb_from_tables<0> - 2017-07-27
711936 Heap-buffer-overflow in GrBufferAllocPool::putBack - 2017-07-26
711895 Heap-buffer-overflow in read_big_endian_u32 - 2017-07-26
712835 Crash in CFX_ImageTransformer::Continue - 2017-07-26
702920 Use-of-uninitialized-value in SkConic::evalAt - 2017-07-25
706207 Use-of-uninitialized-value in blink::Notification::prepareShow - 2017-07-25
711459 Use-of-uninitialized-value in CFX_ByteString::Compare - 2017-07-25
702884 Crash in sk_memset32 - 2017-07-24
704448 Use-of-uninitialized-value in SkRect::setBoundsCheck - 2017-07-24
704568 Stack-buffer-overflow in CFX_SkiaDeviceDriver::DrawShading - 2017-07-24
705193 Stack-use-after-return in CFX_Font::GetFace - 2017-07-24
705783 Use-of-uninitialized-value in SkPath::operator= - 2017-07-24
705821 Use-of-uninitialized-value in SkPath::operator= - 2017-07-24
711929 Use-of-uninitialized-value in CFGAS_TextStream::InitStream - 2017-07-23
703757 Security: cherry-pick PDFium tiff security fixes to the Chrome OS tiff repo. - 2017-07-22
706349 CrOS: Vulnerability reported in media-libs/tiff - 2017-07-22
710403 CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 - 2017-07-22
711876 Heap-use-after-free in ScopedObserver<OmniboxPopupModel, OmniboxPopupModelObserver>::~ScopedObserver - 2017-07-22
711890 Global-buffer-overflow in GuessSizeForVSWPrintf - 2017-07-22
711068 Negative-size-param in sfntly::MemoryByteArray::InternalGet - 2017-07-21
707071 Security: getInstalledRelatedApps: timing attack can leak installed status - 2017-07-20
710356 Use-of-uninitialized-value in LayoutTestBrowserMain - 2017-07-20
711113 Heap-buffer-overflow in CFX_SAXReader::ParseChar - 2017-07-20
711151 Use-of-uninitialized-value in CFGAS_TextStream::InitStream - 2017-07-20
711204 Heap-buffer-overflow in CFX_SAXReader::ParseChar - 2017-07-20
700690 Use-of-uninitialized-value in decode_pce - 2017-07-19
700673 Use-of-uninitialized-value in get_object_type - 2017-07-19
701754 Use-of-uninitialized-value in decode_eld_specific_config - 2017-07-19
709736 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::MediaStreamVideoSource::GetCurrentFormat;content::MediaStreamVideoTrack::getSettings - 2017-07-19
709749 Heap-buffer-overflow in cc::EndCompositingDisplayItem const& cc::DisplayItemList::CreateAndAppendPairedE - 2017-07-19
709941 Heap-buffer-overflow in SkColorLookUpTable::interp3D - 2017-07-19
710813 Use-of-uninitialized-value in decode_pce - 2017-07-19
746427 Are some tel: links a security issue on Android? - 2017-07-19
709737 Use-of-uninitialized-value in sqlite3VdbeExec - 2017-07-18
709741 Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch - 2017-07-18
709738 Use-of-uninitialized-value in DownloadHistory::OnDownloadUpdated - 2017-07-18
744789 CVE-2017-7526 gcrypt RSA side-channel - 2017-07-17
702695 Ill in blink::PropertyRegistration::registerProperty - 2017-07-16
709784 Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants - 2017-07-16
708247 Security: OOB access in RegExp Stubs - 2017-07-15
709015 Security: Possible arbitrary heap access through RegExp.prototype[@@match] - 2017-07-15
706234 Use-after-poison in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized - 2017-07-14
707173 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;content::ResolutionSet::SelectClosestPointToIdealAspectRatio;content::ResolutionSet::SelectClosestPointToIdeal - 2017-07-13
708383 Bad-cast to CFDE_XMLElement from CFDE_XMLNode;XFA_FDEExtension_ResolveNamespaceQualifier;GetElementTagNamespaceURI - 2017-07-13
708881 Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch - 2017-07-13
707479 Heap-buffer-overflow in TryVSWPrintf - 2017-07-12
708143 [qcms] Fix overflow when reading parametric gamma curves - 2017-07-12
708145 [qcms] Only accept valid input ranges when reading VCGT tag - 2017-07-12
707220 Global-buffer-overflow in v8::internal::Simulator::DecodeType2 - 2017-07-11
707221 Global-buffer-overflow in MemoryRead<unsigned - 2017-07-11
707222 Global-buffer-overflow in v8::internal::Simulator::DecodeTypeImmediate - 2017-07-11
707410 Heap-use-after-free in v8::internal::libc_memcpy - 2017-07-11
707472 Heap-use-after-free in v8::internal::libc_memcpy - 2017-07-11
707537 Use-of-uninitialized-value in OmniboxMetricsProvider::RecordOmniboxOpenedURL - 2017-07-11
707595 Heap-use-after-free in v8::internal::libc_memcpy - 2017-07-11
740615 Nonce stealing prevention (detecting "<script") bypass - 2017-07-10
692731 Heap-use-after-free in xmlAddID - 2017-07-10
691726 Security: Bypassing CORS restrictions using X-XSS-PROTECTION report value - 2017-07-08
696623 Use-of-uninitialized-value in sse41::blit_row_s32a_opaque - 2017-07-08
705008 Security: SEGV on unknown address 0x601ffe000c90 in SkNx_sse.h - 2017-07-08
707146 Stack-use-after-return in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterInfo::materialized - 2017-07-08
706244 Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine - 2017-07-07
706264 Use-of-uninitialized-value in CFX_ScanlineCompositor::CompositeRgbBitmapLine - 2017-07-07
706346 Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect - 2017-07-07
706265 Use-of-uninitialized-value in CompositeRow_Argb2Argb - 2017-07-07
706396 Use-of-uninitialized-value in CFX_Renderer::CompositeSpanARGB - 2017-07-07
706525 Crash in __tsan::CallUserSignalHandler - 2017-07-07
704352 Fix cross-origin security issue raised by PerformanceNavigationTiming. - 2017-07-06
705938 Roll libxml to e905f08123e4a6e7731549e6f09dadff4cab65bd - 2017-07-06
705912 Use-of-uninitialized-value in CFX_WideString::ReleaseBuffer - 2017-07-06
705944 Roll libxslt to ac341cbd792ee572941cc9a66e73800219a1a386 - 2017-07-06
705158 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<> - 2017-07-05
705280 Use-of-uninitialized-value in sse2::blit_row_s32a_opaque - 2017-07-05
705736 Use-of-uninitialized-value in SkPath::isRectContour - 2017-07-05
648117 Security: Address bar spoof with location.replace() $500 2017-07-04
704560 Security: Form field validation bubbles can appear over the wrong tab $500 2017-07-04
705131 Heap-use-after-free in CFX_DIBitmap::PreMultiply - 2017-07-04
703537 CVE Vulnerability of lib expat 2.1.0 - 2017-07-03
693338 Security: Heap-use-after-free in v8_inspector::protocol::Runtime::Frontend::consoleAPICalled - 2017-07-01
693974 Corrupted memory use in blink::visualRectForDisplayItem $1000 2017-07-01
705157 Use-of-uninitialized-value in v8::internal::compiler::ScheduleLateNodeVisitor::ScheduleRegion - 2017-07-01
686253 Security: Cross-origin pixel reading and history sniffing via SVG filter timing attack $2000 2017-06-30
637228 Heap-buffer-overflow in big2_toUtf8 - 2017-06-30
640574 (expat) Use-of-uninitialized-value in little2_nameMatchesAscii - 2017-06-30
692378 CSP bypass in domain "chrome://" via.bookmark? - 2017-06-30
702934 Heap-use-after-free in cr_png_set_longjmp_fn $3500 2017-06-30
704834 Heap-buffer-overflow in SkiaState::ClipRestore - 2017-06-30
703170 Heap-use-after-free in blink::LayoutBlock::dirtyForLayoutFromPercentageHeightDescendants - 2017-06-29
703397 Heap-buffer-overflow in load_rgb_from_tables<Order::kRGBA_Order> - 2017-06-29
703508 Heap-buffer-overflow in gl::Framebuffer::getDrawBufferState - 2017-06-29
703832 Bad-free in gpu::MemoryBufferBacking::~MemoryBufferBacking - 2017-06-29
703861 Heap-buffer-overflow in gpu::gles2::SizedResult<unsigned int>::SetNumResults - 2017-06-29
181623 Security: Prevent url spoofing that relies on the omnibox being narrow - 2017-06-28
702138 CrOS: Vulnerability reported in dev-libs/libpcre - 2017-06-28
702982 Bad-cast to const DOMUint8ClampedArray' (aka 'const DOMTypedArray<WTF::Uint8ClampedArray, v8::Uint8ClampedArray>') from blink::DOMTypedArray<WTF::Uint16Array, v8::Uint16Array>;blink::ImageData::ImageData;blink::ImageData::createImageData - 2017-06-28
700330 CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 - 2017-06-27
700836 Security: SEGV on unknown address 0x7f9b9b71c828 in (anonymous namespace)::PixelAccessor $1000 2017-06-27
703395 Heap-use-after-free in sqlite3DeleteTable - 2017-06-27
698622 UaF outside the sandbox (Print in onunload) $9337 2017-06-24
702058 Security: ZDI-CAN-4587 - chrome OOB read (pwn2own 2017) - 2017-06-24
689931 CrOS: Vulnerability reported in media-libs/tiff - 2017-06-23
694382 Security: Heap-use-after-free in PrintPreviewHandler::HandleGetPreview $2000 2017-06-23
699166 Security: heap-buffer-overflow hashtable. $3000 2017-06-23
701132 Security: Username/password information for other people available on my account - 2017-06-22
695826 Security: type confusion in JSPropGetter of pdfium $3000 2017-06-21
697486 Security: Heap-use-after-free in UsbChooserController::DisplayDevice $5000 2017-06-21
698151 Use-of-uninitialized-value in net::HttpNetworkSession::SetServerPushDelegate - 2017-06-21
700576 Bad-cast to CFX_DIBitmap from invalid vptr;CCodec_ProgressiveDecoder::ReSampleScanline;CCodec_ProgressiveDecoder::BmpReadScanline - 2017-06-21
701616 Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::SVGString::calculateAnimatedValue;blink::SVGAnimateElement::calculateAnimatedValue - 2017-06-21
699819 Use-after-poison in blink::ExecutionContext::isContextDestroyed - 2017-06-20
698455 Heap-use-after-free in blink::LayoutBlockFlow::addOverhangingFloats - 2017-06-19
700578 Use-of-uninitialized-value in XSetWMSizeHints - 2017-06-17
675450 Use-of-uninitialized-value in gl::GPUTimingImpl::DoTimeStampQuery - 2017-06-16
690821 Security: Chrome accepts a certificate whose signature algorithms identifiers are different without any warning $500 2017-06-16
672175 Crash in libgobject-2.0.so.0 - 2017-06-15
698593 Heap-use-after-free in _gdk_window_process_updates_recurse - 2017-06-15
662767 Security: LayoutBlock Security DCHECK FAILED $1000 2017-06-14
672847 Security: Address spoofing when switching away from tab and back $2000 2017-06-14
694067 Security: Out-Of-Bound read in Flash PCRE (regex engine) $2000 2017-06-14
698927 Security: Tab Crash is seen on closing chooser bubbles (USB/Bluetooth) $500 2017-06-14
699105 Bad-cast to cc::PaintRecord from SkMiniPicture<SkRecords::DrawRect>;blink::GraphicsContext::endRecording;blink::DrawingRecorder::~DrawingRecorder - 2017-06-14
619376 Crash in mojo::InterfacePtr<media::mojom::blink::ImageCapture>::reset - 2017-06-13
697847 Security: heap-buffer-overflow in FlateUncompress $1000 2017-06-13
698141 Heap-buffer-overflow in blink::readVersionEnvelope - 2017-06-12
698497 Use-of-uninitialized-value in v8::internal::compiler::NodeCache<int, v8::base::hash<int>, std::__1::equal_to<i - 2017-06-12
698166 Heap-use-after-free in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue - 2017-06-12
698503 Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant - 2017-06-12
697859 Stack-buffer-overflow in uloc_setKeywordValue_58 - 2017-06-09
695950 Heap-use-after-free in blink::LayoutBlockFlow::determineStartPosition - 2017-06-08
696918 Heap-buffer-overflow in copyFTBitmap - 2017-06-08
697191 Use-of-uninitialized-value in v8::internal::wasm::LEBHelper::write_i32v - 2017-06-08
697380 Use-of-uninitialized-value in v8::internal::compiler::JSGraph::Float32Constant - 2017-06-08
697530 Crash in v8::internal::JSArrayBuffer::cast - 2017-06-08
697532 Crash in v8::internal::IsOutOfBoundsAccess - 2017-06-08
697534 Crash in v8::internal::JSArrayBufferView::WasNeutered - 2017-06-08
667032 Heap-buffer-overflow in bmp_decode_rle4 - 2017-06-07
675155 Bad-cast to CFX_DIBitmap from invalid vptr;XFACodecFuzzer::Fuzz;_start - 2017-06-07
680883 Heap-buffer-overflow in CGifLZWDecoder::ClearTable - 2017-06-07
681908 Use-of-uninitialized-value in FPDFAPI_inflate - 2017-06-07
686434 Heap-buffer-overflow in ps_table_add - 2017-06-07
687062 Memcpy-param-overlap in BDF_Face_Init - 2017-06-07
688086 Use-of-uninitialized-value in base::internal::JSONParser::ConsumeNumber - 2017-06-07
693942 Heap-buffer-overflow in CGifLZWDecoder::ClearTable - 2017-06-07
694098 Stack-use-after-scope in SkGradientShaderBase::commonAsAGradient - 2017-06-07
694566 Security: Crash with es6 modules and unresolvable cyclic export with export* - 2017-06-07
696251 Heap-buffer-overflow in v8::internal::Invoke $1500 2017-06-07
697269 Heap-buffer-overflow in ps_table_add - 2017-06-07
688104 Stack-use-after-scope in ui::AXTree::DestroyNodeAndSubtree - 2017-06-04
688876 Crash in v8::internal::Invoke - 2017-06-04
696090 Heap-buffer-overflow in BilinearInterpFloat - 2017-06-04
688655 Use-of-uninitialized-value in ogg_find_codec - 2017-06-03
690219 Use-of-uninitialized-value in amr_read_header - 2017-06-03
642691 Adobe Flash Player NetStream Use-After-Free Remote Code Execution Vulnerability $3000 2017-06-02
678235 Use-of-uninitialized-value in EvalSegmentedFn - 2017-06-02
688425 Security: www.google.fr marked as "secure" with a Microsoft SSL certificate $3000 2017-06-02
693096 Use-of-uninitialized-value in base::time_internal::SaturatedAdd - 2017-06-02
668724 Security: Out of Bound Write/Invalid Pointer Write while parsing PDF $3000 2017-06-01
675617 Heap-buffer-overflow in TetrahedralInterpFloat - 2017-06-01
670457 Security: [FG-VD-16-088] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability $1000 2017-05-30
691323 Security: Information Leak in Array indexOf $2000 2017-05-30
688987 Security: Heap Buffer OverFlow Vulnerability in Skia $1000 2017-05-28
692761 Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::GetHelper - 2017-05-28
692443 Use-of-uninitialized-value in blink::LayoutBoxModelObject::hasSelfPaintingLayer - 2017-05-28
693072 Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::HandleGetBooleanv - 2017-05-28
690775 Security: Heap-use-after-free in ShareServiceImpl::OnPickerClosed $3000 2017-05-26
692274 Incorrect-function-pointer-type in gl::InitializeANGLEPlatform - 2017-05-26
594004 Security: Adobe Flash Player PSDK Use After Free Vulnerability $5000 2017-05-25
620961 Security: Adobe Flash MediaPlayerItemLoader.addEventListener Use After Free $3000 2017-05-25
620966 Security: Adobe Flash MemoryProtector Heap Buffer Overflow $3133 2017-05-25
669136 Security: [FG-VD-16-086] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability $500 2017-05-25
668830 Security: [FG-VD-16-084] Adobe Flash Player Handing MP4 Memory Corruption Vulnerability $500 2017-05-25
690216 Heap-use-after-free in gpu::gles2::Texture::AddTextureRef - 2017-05-25
691278 heap-buffer-overflow in fx_codec_progress.cpp in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback - 2017-05-25
691339 Wild-access in blink::visualRectForDisplayItem - 2017-05-25
692759 Use-of-uninitialized-value in gpu::gles2::TextureRef::TextureRef - 2017-05-25
716044 V8: OOB write in Array.prototype.map builtin - 2017-05-24
690218 Heap-buffer-overflow in blink::TextRun::codepointAtAndNext - 2017-05-24
690875 Use-of-uninitialized-value in SkPDFShader::State::operator== - 2017-05-23
691538 Crash in v8::internal::FixedArray::set - 2017-05-23
691196 Bad-cast to blink::LayoutInline from blink::LayoutSVGText;blink::LineLayoutInline::lastLineBox;blink::LayoutBlockFlow::createLineBoxes $3500 2017-05-21
609961 unprivileged renderers can send messages to arbitrary ports - 2017-05-20
689507 Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId - 2017-05-20
681306 CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 - 2017-05-19
686481 Heap-use-after-free in blink::visualRectForDisplayItem - 2017-05-19
688569 Security: Fix all ScriptWrappables stored in a static Persistent - 2017-05-19
690744 Bad-cast to v8::internal::compiler::Operator1<v8::internal::DeoptimizeReason, v8::internal::compiler::OpEqualTo<v8::internal::DeoptimizeReason>, v8::internal::compiler::OpHash<v8::internal::DeoptimizeReason> > from v8::internal::compiler::CommonOperatorGlobalCache::DeoptimizeIfOperator<(v8::internal::DeoptimizeKind)0, (v8::internal::DeoptimizeReason)37> - 2017-05-19
681785 CrOS: Vulnerability reported in net-nds/openldap - 2017-05-18
683087 Heap-use-after-free in views::MenuController::Cancel - 2017-05-18
684625 Security: CVE-2017-0403 - 2017-05-18
684626 Security: CVE-2017-0404 - 2017-05-18
690124 Security: Security bug in libtiff 4.0.6 - 2017-05-18
690139 Security: CVE-2016-8468 - 2017-05-18
674365 libtiff security holes unpatched in Chrome OS - 2017-05-17
689078 Crash in memchr - 2017-05-17
687614 Bad-cast to blink::BasePage from invalid vptr;v8::internal::GlobalHandles::Node::MakeWeak;blink::ScriptWrappable::setWrapper - 2017-05-12
687826 Bad-cast to blink::BasePage from invalid vptr;blink::Document::updateStyleAndLayoutTree;blink::shouldRepaintCaret - 2017-05-12
687908 Bad-cast to blink::BasePage from invalid vptr;blink::HTMLFrameElementBase::didNotifySubtreeInsertionsToDocument;blink::ContainerNode::insertNodeVector<> - 2017-05-12
687958 Bad-cast to blink::BasePage from invalid vptr;blink::LocalFrame::spellChecker;blink::HTMLElement::attributeChanged - 2017-05-12
677934 Security: Privilege escalation via command execution in crosh / top $5000 2017-05-11
682135 Crash in blink::WebFrameWidgetImpl::handleMouseDown - 2017-05-11
687844 window.external leaks the entire global object by way of the wrapper and also allows cross origin script access - 2017-05-11
666229 Security: Storage Manager - Memory corruption in mojo::internal::InterfacePtrState::Swap() $1000 2017-05-09
680409 Security: Spoofing location object by overriding Symbol.toPrimitive $500 2017-05-09
682570 !escape_analysis_->IsVirtual(node) in escape-analysis-reducer.cc - 2017-05-09
683040 Use-of-uninitialized-value in Decode - 2017-05-09
683211 Use-of-uninitialized-value in av_malloc - 2017-05-09
683406 Security: UAF in WorkerThreadableLoader in Blink $3000 2017-05-09
685201 Crash in GetCombinedHistogramEntropy - 2017-05-09
686387 Use-of-uninitialized-value in avio_seek - 2017-05-09
683104 Heap-use-after-free in blink::FloatingObject::FloatingObject - 2017-05-07
683845 Heap-use-after-free in layer - 2017-05-06
683835 Bad-cast to blink::EventTarget from blink::Bluetooth;blink::V8EventTarget::toImpl;blink::EventTargetV8Internal::addEventListenerMethodCallback - 2017-05-06
684407 <no crash state available> - 2017-05-06
686027 Crash in v8::internal::Invoke - 2017-05-06
682551 Global-buffer-overflow in CFDE_CSSTextBuf::GetChar - 2017-05-05
683718 Crash in v8::internal::FixedArray::set - 2017-05-05
685579 Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse - 2017-05-05
678917 Making long string occurs crash - 2017-05-04
681300 Crash in put1bitbwtile - 2017-05-04
683156 Security: Signed Integer Overflow in pdfium (openjpeg) - 2017-05-04
683629 Heap-buffer-overflow in xmlParseNameComplex - 2017-05-04
684684 Email Subject: ZDI-CAN-4429: New Vulnerability Report - 2017-05-04
685086 Crash in v8::internal::Simulator::DecodeType2 - 2017-05-04
685537 Crash in FromAddress - 2017-05-04
675209 Crash in SkPixmap::erase - 2017-05-03
679245 Desktop web payments crash when closing a tab $500 2017-05-03
679641 Security: Out-of-bounds write in ChunkDemuxer (SAIO box) $3000 2017-05-03
679640 Security: Out-of-bounds write in ChunkDemuxer (TRUN box) $3000 2017-05-03
679645 Out-of-bounds write in ChunkDemuxer (ELST box) $3000 2017-05-03
679646 Security: Out-of-bounds write in ChunkDemuxer (SBGP box) $1000 2017-05-03
679647 Security: Out-of-bounds write in ChunkDemuxer (SGPD box) $1000 2017-05-03
679653 Security: Out-of-bounds write in ChunkDemuxer (SDTP box) $1000 2017-05-03
681351 Security: Heap-use-after-free in CPWL_Wnd::GetWindowMatrix $5000 2017-05-03
683773 Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void - 2017-05-03
673929 Security: WebGL - Arbitrary memory read/write in GLES2Implementation::TexImage3D $2000 2017-05-02
680224 Heap-use-after-free in blink::LayoutBox::getPaginationBreakability - 2017-05-02
682673 CSP bypass with * host in source expressions - 2017-05-02
682873 Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse - 2017-05-02
682909 Crash in v8::internal::StringCharacterStream::Reset - 2017-05-02
682874 Crash in v8::internal::wasm::GrowWebAssemblyMemory - 2017-05-02
683493 Stack-use-after-scope in blink::PropertyRegistry::registration - 2017-05-02
683865 Global-buffer-overflow in blink::BindingSecurity::shouldAllowAccessTo - 2017-05-02
683533 Use-of-uninitialized-value in SkOpAngle::insert $1000 2017-05-02
682194 Security: Out-of-bounds read in V8 Array.concat $7500 2017-05-01
683072 Bad-cast to test_runner::WebTestDelegatetest_runner::MockColorChooser::endChooser;blink::ColorChooserUIController::~ColorChooserUIController;blink::NormalPage::sweep - 2017-05-01
678365 Security: chronos user local file read $500 2017-04-29
681843 Security: Heap buffer overflow in V8 ValueDeserializer::ReadJSArrayBuffer() $5500 2017-04-29
615585 Security: V2 apps can load web content in highly privileged app process - 2017-04-28
648836 Defend against long-running service workers - 2017-04-28
670720 Security: read heap overflow in libxslt xsltFunctionLocalTime() $500 2017-04-28
677961 Heap-use-after-free in base::ObserverListBase<content::MediaSessionObserver>::begin - 2017-04-28
678947 Use-of-uninitialized-value in OT::RangeRecord::cmp - 2017-04-28
681423 Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo - 2017-04-28
681350 Crash in base::PersistentMemoryAllocator::AllocateImpl - 2017-04-28
681369 Heap-use-after-free in document - 2017-04-28
681438 crashed caused by a READ memory access on different addresses - 2017-04-28
682020 Security: WebGL - Use After Free in Buffer11::updateBufferStorage() $5000 2017-04-28
682100 Use-after-poison in blink::ThreadHeap::popAndInvokeTraceCallback - 2017-04-28
682219 Heap-use-after-free in base::WaitableEvent::TimedWaitUntil - 2017-04-28
642490 Location Bar URL and SSL Spoofing Risk using "Confirm Form Resubmission" box and a targeted website which allow a redirect $1000 2017-04-27
680376 Heap-buffer-overflow in CPDF_Document::FindPageIndex - 2017-04-27
680941 CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_18 - 2017-04-27
681957 Security: CVE-2016-8399 - 2017-04-27
682585 Use-of-uninitialized-value in CFDE_CSSSyntaxParser::DoSyntaxParse - 2017-04-27
703750 Near-homoglyph whole-script IDN spoofing - 2017-04-26
558462 Tracking bug for auditing - 2017-04-26
558474 IPC Issues: Bad DCHECKs - 2017-04-26
558476 PDFium audit - 2017-04-26
652887 Non-web-accessible extension resource can be loaded into a web renderer process - 2017-04-26
669086 Security: Circumvent CSP Header restrictions via about:blank $1000 2017-04-26
676755 heap-buffer-overflow in SkPathRef::Iter::next $5000 2017-04-26
677738 Container-overflow in void blink::TraceTrait<blink::HeapVectorBacking<blink::MediaKeySystemConfigurati - 2017-04-26
677960 Heap-double-free in g_error_free - 2017-04-26
679649 Security: potential UAF in pdfium timer $500 2017-04-26
680244 Heap-buffer-overflow in xmlParseNameComplex - 2017-04-26
679915 WebTaskRunner::postTask is thread unsafe - 2017-04-26
680938 Crash in v8::internal::MemoryChunk::heap - 2017-04-26
681324 Heap-use-after-free in ~ScopedMacroReenabler - 2017-04-26
681462 Heap-use-after-free in views::MenuController::SetSelection - 2017-04-26
606374 Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper - 2017-04-25
679841 Stack-buffer-overflow in v8::internal::DoubleToRadixCString $3500 2017-04-25
714628 Security: Additional whole-script confusable domain label spoofing (Cyrillic) - 2017-04-24
679098 ImageLoader allows component rollbacks - 2017-04-24
681420 Crash in v8::internal::Invoke - 2017-04-24
679484 Security: CVE-2015-3288 - 2017-04-23
677800 Multiple Linux Kernel CVE vulnerability reports - 2017-04-23
616698 Use-of-uninitialized-value in xmlDictLookup - 2017-04-21
658194 Security: Promise constructor can be used to bypass Function constructor restrictions - 2017-04-21
673297 [wasm] Illegal reuse of contexts - 2017-04-21
675203 Stack-buffer-overflow in AffixMgr::defcpd_check - 2017-04-21
677716 Security: Address spoofing in Omnibox with HTTPS lock $2000 2017-04-21
679485 Security: CVE-2016-7042 - 2017-04-21
679490 Security: CVE-2016-9754 - 2017-04-21
679643 Security: Use after free in PDFium's Annot::name $3500 2017-04-21
679492 Security: CVE-2014-9420 - 2017-04-21
680609 Crash in v8::internal::Invoke - 2017-04-21
680882 Use-of-uninitialized-value in v8::internal::interpreter::BytecodeRegisterOptimizer::RegisterTransfer - 2017-04-21
680633 Crash in heap - 2017-04-21
653071 Use-of-uninitialized-value in TIFFReadDirectoryCheckOrder - 2017-04-20
653095 Use-of-uninitialized-value in TIFFReadDirectory - 2017-04-20
656621 Crash in put1bitbwtile - 2017-04-20
667093 Use-of-uninitialized-value in TIFFFillTile - 2017-04-20
666973 Use-of-uninitialized-value in TIFFReadDirEntryCheckedRational - 2017-04-20
668851 Use-of-uninitialized-value in tiff_read - 2017-04-20
669035 Use-of-uninitialized-value in decode_mcu_fast - 2017-04-20
670928 Use-of-uninitialized-value in tiff_seek - 2017-04-20
676294 Use-of-uninitialized-value in TIFFReadDirEntryFloatArray - 2017-04-20
676975 Security: Chrome webm rendering on OS X includes image artifacts from video memory $500 2017-04-20
676853 Use-of-uninitialized-value in FPDFAPI_inflate - 2017-04-20
677047 Use-of-uninitialized-value in TIFFFindField - 2017-04-20
678035 Security: chrome-devtools protocol allows to read the content of C:\ drive - 2017-04-20
678551 Use-of-uninitialized-value in chromium_jpeg_make_d_derived_tbl - 2017-04-20
678461 Security: PDFium OpenJPEG Use-After-Free Vulnerability $3000 2017-04-20
679230 Use-of-uninitialized-value in TIFFFetchNormalTag - 2017-04-20
679642 Security: Use after free in PDFium's Field::page $3000 2017-04-20
680313 Heap-use-after-free in v8::internal::Scope::is_function_scope - 2017-04-20
662769 use-after-poison content::WebURLLoaderImpl::Context::OnReceivedResponse - 2017-04-19
663549 Security: [FG-VD-16-075] Adobe Flash Player Handing MP4 Out-of-Bounds Read Vulnerability $500 2017-04-19
663551 Security: [FG-VD-16-076] Adobe Flash Player Handling ATF Heap Overflow Vulnerability $500 2017-04-19
664756 Security: Crash in Adobe Flash Player (24.0.0.154) $500 2017-04-19
679937 Crash in v8::internal::MemoryChunk::heap - 2017-04-19
678529 Heap-buffer-overflow in _get_bitmap_surface - 2017-04-19
712246 Security: CSS :visited with mix-blend-mode can leak browser history - 2017-04-19
683314 Security: Whole-script confusable domain label spoofing (Cyrillic) $2000 2017-04-19
620679 Heap-buffer-overflow in xmlDictComputeFastKey - 2017-04-18
675205 Heap-use-after-free in blink::visualRectForDisplayItem - 2017-04-18
678706 Potential execution of script inside forbidden scope in Animation - 2017-04-18
669395 Use-of-uninitialized-value in syncsearch - 2017-04-15
675444 Heap-buffer-overflow in S32_opaque_D32_filter_DX_SSSE3 - 2017-04-15
678962 Bad-cast to safe_browsing::DownloadFileType from invalid vptr;blink::intMod;blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset - 2017-04-15
667079 Security: Information Leak through XSS Auditor $500 2017-04-14
675109 Heap-use-after-free in cc::SurfaceManager::Destroy - 2017-04-14
677377 Use-of-uninitialized-value in FPDFAPI_inflate_fast - 2017-04-14
668138 Use-of-uninitialized-value in OT::RangeRecord::cmp - 2017-04-13
675150 Heap-use-after-free in app_list::TileItemView::SetSelected - 2017-04-13
676884 Heap-buffer-overflow in GrTextUtils::DrawBmpPosText - 2017-04-13
676921 Security: XSS in https://chromium-cq-status.appspot.com - 2017-04-13
676886 Crash in v8::internal::FixedArray::set - 2017-04-13
676974 Heap-use-after-free in blink::LayoutObject::visualRect - 2017-04-13
653555 Security: Stealing data cross domain using proxies and stealing JSON data using UTF-16BE $3000 2017-04-12
677859 Bad-cast to v8::internal::compiler::Operatoropcode;v8::internal::compiler::EscapeStatusAnalysis::Process;v8::internal::compiler::EscapeStatusAnalysis::RunStatusAnalysis - 2017-04-12
662859 Security: chrome-devtools protocol allows to read the content of C:\ drive $3000 2017-04-11
676767 Use-after-poison in v8::internal::compiler::Node::RemoveUse - 2017-04-11
677395 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2017-04-07
675176 Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::LayoutInline::addChildIgnoringContinuation;blink::LayoutBox::clientLeft - 2017-04-05
675124 Bad-cast to blink::LayoutBox from blink::LayoutRubyAsInline;blink::LayoutObject::isRubyRun;blink::LayoutRubyAsInline::addChild - 2017-04-05
677055 Bad-cast to icu_58::DateFormat from icu_58::DecimalFormat;__RT_impl_Runtime_InternalDateFormatToParts;v8::internal::Runtime_InternalDateFormatToParts - 2017-04-05
671102 Security: Universal XSS through bypassing ScopedPageSuspender with closing windows $8837 2017-04-04
676560 Bad-cast to blink::TraceWrapperBase from invalid vptr;blink::ScriptWrappableVisitor::dispatchTraceWrappers;blink::ScriptWrappableVisitor::AdvanceTracing - 2017-04-01
676876 Use-after-poison in blink::HTMLFormElement::reset - 2017-04-01
676587 Crash in v8::internal::Invoke - 2017-03-31
671932 Security: non-interactive request forcing $1000 2017-03-30
673971 Security: Unicode hyphens in domain names are not blacklisted $2000 2017-03-30
674472 CrOS: Vulnerability reported in app-arch/tar - 2017-03-30
675178 Heap-use-after-free in password_manager::FormFetcherImpl::OnGetPasswordStoreResults - 2017-03-30
675332 Security: heap-buffer-overflow in SkAlphaThresholdFilterImpl::onFilterImage $2000 2017-03-30
676276 Use-of-uninitialized-value in SkOpBuilder::FixWinding - 2017-03-30
673170 Security: Universal XSS using late widget updates $8000 2017-03-29
675122 Crash in mbsnrtowcs - 2017-03-29
675237 Use-after-poison in blink::HTMLFormElement::reset - 2017-03-29
675208 Crash in memchr - 2017-03-29
675900 Use-of-uninitialized-value in SkOpContour::rayCheck - 2017-03-29
676060 Use-of-uninitialized-value in approximately_between - 2017-03-29
634108 Security: Hijack navigation and spoofed alert dialog via. unbeforeload $500 2017-03-28
666858 No drag-and-drop events should fire in a same-page, cross-site frame (wrt drag source) - 2017-03-28
667142 AddressSanitizer: FPE v8/src/source-position-table.cc:37:9 - 2017-03-28
671328 Security DCHECK failed: offset + length <= impl.length() in StringView.h - 2017-03-28
675320 Heap-double-free in CPDF_StreamParser::ReadInlineStream - 2017-03-28
675132 Use-of-uninitialized-value in SkOpPtT::addOpp - 2017-03-28
668102 Use-of-uninitialized-value in fclamp - 2017-03-27
668814 Use-of-uninitialized-value in EvalSegmentedFn - 2017-03-27
665054 Heap-buffer-overflow in TetrahedralInterpFloat - 2017-03-26
675118 Use-of-uninitialized-value in __msan::MsanAllocate - 2017-03-26
675195 Use-of-uninitialized-value in __msan::MsanAllocate - 2017-03-26
653461 Use-of-uninitialized-value in pr_UnlockedFindLibrary - 2017-03-25
666284 Security: renderer->extension privesc via sync - 2017-03-25
666441 Heap-use-after-free in SkCanvas::getDevice - 2017-03-25
675072 Stack-buffer-overflow in SkOpEdgeBuilder::walk - 2017-03-25
676623 Security: libxslt generation of text nodes integer overflow $3000 2017-03-24
670596 Security: Same-name function declaration can overwrite window.location in Chrome 50+ - 2017-03-24
674203 Security: Merge general javascript: UXSS fix to beta / stable - 2017-03-24
624343 Crash in SuggestMgr::leftcommonsubstring - 2017-03-23
641841 Stack-buffer-overflow in Hunspell::suggest - 2017-03-23
673163 Security: Form validation bubbles allow spoofing on other tabs $1000 2017-03-23
672791 Crash in v8::internal::FixedArray::set - 2017-03-23
673336 Security: Stack-buffer-overflow in (anonymous namespace)::CalculateString $1000 2017-03-23
649270 Use-of-uninitialized-value in test_runner::MockWebSpeechRecognizer::PostRunTaskFromQueue - 2017-03-22
663614 Stack-buffer-overflow in Hunspell::suggest - 2017-03-22
673244 Crash in v8::internal::Simulator::DecodeType2 $3000 2017-03-21
668552 Security: Universal XSS by polluting private scripts with named properties $8000 2017-03-19
598812 Security: Flash file creation omits Mark-of-the-Web, bypassing SmartScreen/AES - 2017-03-17
643950 Security: FFMPEG MP4 Decoder chrome_child!mov_read_hdlr heap allocation wrap - 2017-03-17
663248 Security: Web Worker - Memory corruption in CrossThreadPersistentRegion::prepareForThreadStateTermination() - 2017-03-17
643951 Security: FFMPEG MP4 Decoder chrome_child!mov_read_uuid heap allocation wrap - 2017-03-16
643952 Security: FFMPEG MP4 Decoder - Non-exploitable issues (3 Issues: 2 heap allocation wraps, and ~out-of-bounds access) - 2017-03-16
474050 Web content can navigate to chrome-extension:// pages - 2017-03-15
554518 Security: any UXSS bug on Android can be turned into a persistent RCE bug via the play store - 2017-03-15
664551 Pwnfest 2016 meta bug - 2017-03-15
670927 Heap-use-after-free in void blink::PODIntervalTree<blink::LayoutUnit, blink::FloatingObject*>::searchFo - 2017-03-15
671312 Use-after-poison in webrtc::BitrateAllocation::SetBitrate - 2017-03-15
671037 Use-after-poison in blink::WebSocketHandleImpl::OnFailChannel - 2017-03-14
671327 Heap-use-after-free in blink::LayoutObject::visualRect - 2017-03-14
644632 Component cloud policy signature validation missing - 2017-03-11
663620 Bypass unsafe-inline mode CSP - 2017-03-11
670240 Heap-use-after-free in data_use_measurement::ChromeDataUseAscriber::ReadyToCommitMainFrameNavigation - 2017-03-11
656188 Chrome allows kiosk app user to create directories and files without the app's knowledge - 2017-03-10
668907 Heap-buffer-overflow in SkAlphaRuns::Break - 2017-03-10
669439 CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8 - 2017-03-10
669392 Heap-buffer-overflow in gpu::gles2::GLES2Implementation::ReadPixels - 2017-03-10
670438 Use-of-uninitialized-value in net::LayeredNetworkDelegate::OnURLRequestDestroyed - 2017-03-10
670546 Heap-buffer-overflow in SkColorSpaceXform_XYZ< - 2017-03-10
656752 Security: Can navigate to attacker-created blob/filesystem URLs in chrome-extension process - 2017-03-09
666714 Onbeforeunload use after free $2000 2017-03-09
669534 Heap-use-after-free in printing::PrintWebViewHelper::OnMessageReceived $1500 2017-03-09
647602 Heap-use-after-free in blink::LayoutTextFragment::setTextFragment - 2017-03-08
666616 Heap-use-after-free in printing::PrintWebViewHelper::RequestPrintPreview - 2017-03-08
667504 WebRTC UsingFlexibleMode OOB memory write from picture id $3000 2017-03-08
668553 Bad-cast to blink::LayoutBox from blink::LayoutBR;blink::PaintLayer::setNeedsCompositingInputsUpdate;blink::RootScrollerController::recomputeEffectiveRootScroller - 2017-03-08
668665 Security: XSS in chrome://apps (NTP) after drag and drop $500 2017-03-08
668653 Security: XSS in chrome://downloads, enables extensions to run any program $5000 2017-03-08
668784 Heap-buffer-overflow in table_r $1500 2017-03-08
649359 Shill proxy crash due to failure to set MSG_NOSIGNAL flag - 2017-03-07
667493 Minijail tty hijacking via TIOCSTI $500 2017-03-07
668750 Bad-cast to blink::DOMExceptionblink::GarbageCollectedFinalized<blink::DOMException>::finalizeGarbageCollectedObject;blink::NormalPage::sweep;blink::BaseArena::sweepUnsweptPage - 2017-03-07
668848 Use-after-poison in blink::EventListenerIterator::nextListener - 2017-03-07
668970 Security: Debugger API exposes UA shadow trees, and can cause bad-casts - 2017-03-07
668510 Crash in v8::internal::DoubleToRadixCString $500 2017-03-04
667044 Use-of-uninitialized-value in dec_build_inter_predictors - 2017-03-03
668337 Heap-use-after-free in v8_inspector::protocol::Runtime::DispatcherImpl::evaluate - 2017-03-03
656485 Security: Buffer Overflow in glBindBuffer $1000 2017-03-01
663476 Security: Universal XSS through removing link elements $7500 2017-03-01
666246 UA shadow DOM leak causes bad-cast to blink::HTMLSelectElement from blink::Text;blink::HTMLKeygenElement::shadowSelect;blink::HTMLKeygenElement::parseAttribute - 2017-03-01
666794 Global-buffer-overflow in libopus_decode_init - 2017-03-01
666770 Heap-buffer-overflow in ff_index_search_timestamp - 2017-03-01
666874 Use-of-uninitialized-value in check - 2017-03-01
667068 Use-of-uninitialized-value in fclamp - 2017-03-01
667092 Use-of-uninitialized-value in EvalSegmentedFn - 2017-03-01
667260 Heap-buffer-overflow in unibrow::Utf8::CalculateValue - 2017-03-01
667695 Heap-buffer-overflow in table - 2017-03-01
667694 Heap-buffer-overflow in SetMatShaper - 2017-03-01
666803 Double-delete possible in WiFiDisplayMediaServiceImpl / WiFiDisplaySessionServiceImpl - 2017-02-28
667157 Use-of-uninitialized-value in v8::internal::compiler::Node::New - 2017-02-27
666658 Crash in v8::internal::Invoke - 2017-02-27
658267 Use-after-poison in v8::internal::List<v8::internal::FuncNameInferrer::Name, v8::internal::ZoneAlloc - 2017-02-26
663726 Use-after-free in ChromeExtensionsBrowserClient::GetOriginalContext upon opening menu after switching from incognito mode - 2017-02-26
666486 Use-of-uninitialized-value in unibrow::Utf8::CalculateValue - 2017-02-25
666516 Heap-buffer-overflow in unibrow::Utf8::CalculateValue - 2017-02-25
666517 Heap-buffer-overflow in unibrow::Utf8::CalculateValue - 2017-02-25
662730 Stack-buffer-overflow in MaskAdditiveBlitter - 2017-02-22
661126 meta bug: Bypass unsafe-inline mode CSP - 2017-02-22
662780 Heap-buffer-overflow in next - 2017-02-22
655902 User-created BeforeInstallPromptEvent crashes when preventDefault() called - 2017-02-21
661413 Security: (libANGLE) Buffer Overflow in glUniform*v - 2017-02-21
660498 Security: Temporary addressbar spoof with PDF navigation to sites with long response time $2000 2017-02-21
664139 Security: Bad-Casting in ArrayBuffer resulting in Out-Of-Bounds write vulnerability $5000 2017-02-21
664713 Heap-use-after-free in app_list::TileItemView::SetSelected - 2017-02-20
654090 Security: libicu has buffer overflow in path traversal code - 2017-02-19
664284 Bad-cast to CPDF_Object from invalid vptr;CPDF_Creator::InitNewObjNumOffsets;CPDF_Creator::WriteDoc_Stage1 - 2017-02-19
664411 Pwnfest 2016: Chrome V8 Private Property Re-assign issue (bug in fast-path of Object.assign) - 2017-02-18
660854 Security: Incorrect validation of CopyBufferSubData in ANGLE $1000 2017-02-17
664469 Crash in v8::internal::Simulator::DecodeType3 - 2017-02-17
649645 Security: BroadcastChannel - Use After Free in WeakReference::is_valid() $1000 2017-02-16
659474 Pwn2own meta bug - 2017-02-16
662905 Heap-buffer-overflow in Break - 2017-02-16
663362 Use-after-poison in blink::IdTargetObserverRegistry::removeObserver - 2017-02-16
663402 Security: [arm] OOB r/w due to size computation bug in MacroAssembler::Allocate - 2017-02-16
663795 Heap-buffer-overflow in LinLerp1Dfloat - 2017-02-16
664023 Stack-buffer-overflow in IccLib_Translate - 2017-02-16
630332 CSP form-action seems to be ignored if target="_blank" - 2017-02-15
649118 TURN (via WebRTC) with via STUN_ERROR_TRY_ALTERNATE allows TCP connection with attacker-controlled data to localhost - 2017-02-15
654265 Heap-buffer-overflow in BilinearInterpFloat - 2017-02-15
663048 <a ping="..."> should be covered by connect-src CSP directive $500 2017-02-15
663666 Heap-use-after-free in CPDFSDK_WidgetHandler::ReleaseAnnot - 2017-02-15
663609 Crash in equal<blink::Member<blink::IdTargetObserver>, - 2017-02-15
657282 Heap-buffer-overflow in TetrahedralInterpFloat - 2017-02-14
662303 Bad-cast to blink::TraceWrapperV8Reference<v8::Value> from blink::TraceWrapperV8Reference<v8::Object>;blink::reportFatalErrorInMainThread;v8::Utils::ReportApiFailure - 2017-02-14
662775 Crash in void Sk4px::MapDstSrcAlpha<Sk4px - 2017-02-14
663194 Crash in sse2::blit_row_color32 - 2017-02-14
662410 Crash in v8::internal::Invoke - 2017-02-13
659492 Android content: scheme allows cross-origin data exfiltration - 2017-02-11
660760 Use-after-poison in blink::PersistentBase<blink::DummyGCBase, - 2017-02-11
652209 Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewAura - 2017-02-10
654172 Security: PDFium (LibTIFF / XFA) Heap Buffer Overflow in FPDFAPI_inflate - 2017-02-10
660262 Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak - 2017-02-10
640191 Security: type confusion vulnerability in flash player latest version $3000 2017-02-09
645150 Heap-buffer-overflow in v8::internal::Simulator::DecodeType3 - 2017-02-09
658440 Attempting free in buffer_replace - 2017-02-09
660678 expose() leaks privateClass via Object[@@hasInstance] $1000 2017-02-09
661058 Bad-cast to v8::Platform::TraceStateObserver from v8::tracing::TracingCategoryObserverImpl;blink::Node::mutationObserverRegistry;blink::Node::unregisterMutationObserver - 2017-02-09
659489 Pwn2Own: content: scheme allows cross-origin info leaks - 2017-02-07
658555 Heap-use-after-free in pp::MacroExpander::pushMacro - 2017-02-06
660685 Stack-buffer-overflow in MaskAdditiveBlitter - 2017-02-05
659594 Use-of-uninitialized-value in base::Pickle::WriteBytes - 2017-02-04
615851 Security: Timing attack on denormalized floating point arithmetic in SVG filters circumvents same-origin policy - 2017-02-03
655152 Heap-buffer-overflow in FPDFAPI_inflate_fast - 2017-02-03
658494 Heap-buffer-overflow in FPDFAPI_inflate - 2017-02-03
657568 Security: Heap-use-after-free in InspectedContext::createInjectedScript $1500 2017-02-03
657720 Security:Chrome Address Bar URL Spoofing $500 2017-02-03
653749 Security: Bypass of same-origin policy via range requests in PDF plugin $7500 2017-02-02
658584 Heap-use-after-free in blink::LayoutBlockFlow::moveAllChildrenIncludingFloatsTo - 2017-02-02
658516 Heap-buffer-overflow in v8::internal::wasm::WasmDecoder::OpcodeLength - 2017-02-02
658114 Security: V8 OOB read/write in asm.js $5000 2017-02-02
659361 Stack-buffer-overflow in tls1_set_curves - 2017-02-02
659475 Pwn2Own: V8 OOB Bug. - 2017-02-02
659477 Pwn2own: RenderViewImpl::LaunchAndroidContentIntent in renderer can open arbitrary content intent scheme urls - 2017-02-02
625878 Security: libsrtp is out of date and there are at least 2 known bugs in it - 2017-02-01
656817 Use-after-poison in virtual thunk to blink::Document::isHeapObjectAlive - 2017-02-01
658535 Security: Universal XSS using an <input type="color"> element $7500 2017-02-01
627748 Security: libsrtp uses a non-constant-time HMAC comparison - 2017-01-31
653134 Security: chrome-devtools protocol allows to read the content of C:\ drive $3000 2017-01-31
653656 Heap-buffer-overflow in WebRtcSpl_MaxIndexW16 - 2017-01-31
625475 Security: type confusion in GuestViewInternalCustomBindings::RegisterElementResizeCallback - 2017-01-28
655904 Security: Universal XSS via fullscreen element updates $7500 2017-01-28
656823 Heap-use-after-free in v8_inspector::V8ConsoleMessage::reportToFrontend - 2017-01-28
658037 Sync client -> server protection vulnerable to CRIME attack. - 2017-01-28
656314 Heap-use-after-free in blink::ScrollAnchor::clear - 2017-01-27
657740 Use-after-poison in blink::PersistentBase<blink::DummyGCBase, - 2017-01-27
657411 Crash in SkOpSpanBase::segment - 2017-01-27
657793 Use-of-uninitialized-value in ChromeSecurityStateModelClient::GetSecurityStyle - 2017-01-27
657862 Heap-use-after-free in base::debug::TaskAnnotator::RunTask - 2017-01-27
657863 Use-of-uninitialized-value in content::IndexedDBCallbacks::IOThreadHelper::SendSuccessInteger - 2017-01-27
646610 Security: Universal XSS using OOPIF $7500 2017-01-26
655686 Chrome: Crash Report - content::WebContents::FromRenderFrameHost - 2017-01-26
657281 Bad-cast to content::RenderFrameHostImpl from invalid vptr - 2017-01-26
657724 Heap-use-after-free in content::WebContents::FromRenderFrameHost - 2017-01-26
656274 Security: Cross-origin object leak via fetch $5000 2017-01-25
643948 Security: chrome_child!mov_read_keys - Heap corruption as a result of an off-by-1 zero allocation $5500 2017-01-24
650232 Security: Sandbox blocking of navigation dangerous when victim uses JavaScript: urls - 2017-01-24
652548 Security: UNKNOWN in v8::internal::GlobalHandles::Node::Release $500 2017-01-24
654676 Crash in LinLerp1Dfloat - 2017-01-24
654983 Use-of-uninitialized-value in webrtc::DspHelper::PeakDetection - 2017-01-24
656132 Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary - 2017-01-24
655990 Heap-use-after-free in PDF_CreatorAppendObject - 2017-01-24
656161 Heap-use-after-free in CPDF_Dictionary::~CPDF_Dictionary - 2017-01-24
656162 Heap-use-after-free in CPDF_Dictionary::GetDirectObjectFor - 2017-01-24
654183 Security: PDFium (XFA) Heap Buffer Overflow in CWeightTable::Calc $3500 2017-01-23
655632 Heap-use-after-free in blink::LayoutGrid::layoutBlock - 2017-01-23
656282 Heap-use-after-free in CPDF_Object::Release - 2017-01-22
629774 Security: Integer overflow in use counter of scoped pointers. - 2017-01-21
652276 Iframe Spoofing via subframe navigation - 2017-01-21
654199 Heap-use-after-free in content::VideoCaptureController::RemoveClient - 2017-01-21
654280 Security: Use of unvalidated URL in PDF viewer $2500 2017-01-21
654279 Security: PDFs can navigate to file:-URLs $1000 2017-01-21
655973 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2017-01-21
655991 Heap-buffer-overflow in chrome_pdf::PDFiumEngine::Form_GetCurrentPage - 2017-01-21
655672 Crash in SkBitmap::copyPixelsTo - 2017-01-20
652038 Security: PDFium Signed Integer Overflow Bug - 2017-01-19
653090 Security: Heap-use-after-free in Field::UpdateFormField $3000 2017-01-19
653459 Use-of-uninitialized-value in CPDFSDK_WidgetHandler::ReleaseAnnot - 2017-01-18
654272 Heap-use-after-free in CFX_SystemHandler::KillTimer - 2017-01-18
654198 Use-of-uninitialized-value in EvalSegmentedFn - 2017-01-18
654308 Heap-use-after-free in v8::internal::wasm::ThreadImpl::DoBreak - 2017-01-18
630372 Crash in base::debug::StackDumpExceptionFilter - 2017-01-17
653779 Captive portal interstitial shows neutral (i) icon, not red triangle - 2017-01-17
654668 Use-of-uninitialized-value in _start - 2017-01-17
653748 Security: uprev libcurl to 7.50.3 - 2017-01-16
653484 Heap-use-after-free in media::DecryptingDemuxerStream::~DecryptingDemuxerStream - 2017-01-15
637459 Security: ping attribute in href is not following spec, leads to information disclosure - 2017-01-14
653610 Security: Internal functions leaked when DevTools is open $1000 2017-01-14
622323 WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks - 2017-01-13
653034 Security: Leaking referrer using iframe (with referrer policy turned on) - 2017-01-13
653298 Double-delete in BatteryMonitorImpl - 2017-01-13
651142 Use-after-poison in blink::IndexedDBClient::from - 2017-01-12
651702 Use-after-poison in blink::LocalFileSystem::from - 2017-01-12
651849 Use-of-uninitialized-value in EvalSegmentedFn - 2017-01-12
653096 Use-of-uninitialized-value in AddValueForStrcmp - 2017-01-12
599865 Heap-buffer-overflow in parse_encoding - 2017-01-11
621836 Negative-size-param in XFACodecFuzzer::Reader::ReadBlock - 2017-01-11
633885 cross-origin restriction bypass in track tag src $1000 2017-01-11
643982 Heap-use-after-free in base::subtle::RefCountedThreadSafeBase::Release - 2017-01-11
644963 Security: Read Access Violation on Control Flow at content::devtools::service_worker::ServiceWorkerHandler::UpdateHosts $500 2017-01-11
645075 Heap-use-after-free in content::OutputDeviceBacking::UnregisterOutputDevice - 2017-01-11
648062 Crash in default_terminate_handler - 2017-01-11
651094 Crash in v8::internal::InnerPointerToCodeCache::GcSafeFindCodeForInnerPointer - 2017-01-11
639126 Security: UXSS introduced through bookmark containing user information $500 2017-01-10
649340 Heap-use-after-free in blink::PaintLayerScrollableArea::deregisterForAnimation - 2017-01-10
651166 Security: Buffer overread in Devtools / Blink JSON parsers - 2017-01-10
651632 Use-of-uninitialized-value in TIFFFetchDirectory - 2017-01-10
652103 Security: Heap-use-after-free in CPDFSDK_Document::RemovePageView $3000 2017-01-10
652127 Use-of-uninitialized-value in blink::PropertyHandle::operator== $2500 2017-01-10
647024 Use-of-uninitialized-value in blink::PointerEventManager::setPointerCapture - 2017-01-07
651443 Security: Histogram Type Confusion Crashes the Browser Process - 2017-01-07
651714 Crash in v8::internal::wasm::WasmCompiledModule::mem_size - 2017-01-07
651758 Bad-cast to v8::internal::LoadICNexus from v8::internal::LoadGlobalICNexus;v8::internal::LoadICNexus* v8::internal::IC::casted_nexus<v8::internal::LoadICNexus>;v8::internal::IC::ConfigureVectorState - 2017-01-07
629006 Crash in base::PendingTask::PendingTask - 2017-01-05
640571 Heap-use-after-free in WebsiteSettings::OnUIClosing - 2017-01-05
646795 Heap-use-after-free in id - 2017-01-05
648048 Heap-use-after-free in ui::AXNode::id - 2017-01-05
650078 Crash in v8::internal::Invoke - 2017-01-05
601538 Mark of the Web bypass in Chrome - 2017-01-04
639702 Chrome for Android - Quickly entering and exiting fullscreen allows for URL Spoofing $1000 2017-01-04
649659 Security: Heap-use-after-free in CFFL_InteractiveFormFiller::OnSetFocus $3000 2017-01-04
650736 Use-of-uninitialized-value in v8::internal::Simulator::ConditionPassed - 2017-01-04
649039 Security: ChromeOS Exploit persistence via symlink - 2017-01-03
647919 CrOS: Vulnerability reported in dev-libs/openssl - 2017-01-03
649040 Security: ChromeOS 1 byte write overflow in c-ares - 2017-01-03
649097 Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup - 2017-01-03
649461 Use-of-uninitialized-value in v8::internal::JSArrayBuffer::SetupAllocatingData - 2017-01-03
649810 Heap-buffer-overflow in blink::LazyLineBreakIterator::nextBreakablePositionIgnoringNBSP - 2017-01-03
650404 Security: OOB read/write in V8 using TypedArrays+Crankshaft+Turbofan - 2017-01-03
490015 Security: sendBeacon let's you send POST requests with arbitrary content type - 2017-01-02