Avatar of this page

Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public.

Bugs can also be followed on Twitter: @BugsChromium or Mastodon.

Bugs disclosed in 2018

Options
# Summary $$$ Disclosure date
881763 Index-out-of-bounds in vrend_set_single_ssbo - 2018-12-29
887626 Heap-use-after-free in CPDF_StreamAcc::~CPDF_StreamAcc - 2018-12-29
877767 CHECK failure: FinalAssessment::cast(assessment)->virtual_register() == virtual_register in reg - 2018-12-28
879965 Canceling a browser-initiated navigation by using the history.back function $500 2018-12-28
880675 Security: heap-buffer-overflow in CPDF_DIBSource::DownSampleScanline8Bit $1000 2018-12-28
880207 Security: incorrect type information on Math.expm1 - 2018-12-28
887891 CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc - 2018-12-28
779028 Security: content security policy bypass by writing to loading Frame's ContentDocument $1000 2018-12-27
880173 heap use-after-free on AsyncCompileJob::CompileTask::Cancel - 2018-12-27
884052 DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line - 2018-12-26
884664 Security: Use-after-free in XFA_DataExporter_DealWithDataGroupNode $3000 2018-12-26
885383 Use-of-uninitialized-value in blink::LayoutTable::RecalcSections - 2018-12-26
885907 Use-of-uninitialized-value in blink::LayoutTable::RecalcSections - 2018-12-26
852634 Security: Chrome for iOS URL spoofing using location.replace and history.back $500 2018-12-25
863703 Extension popovers do not overlap the Chrome, so they can be spoofed in the viewport. - 2018-12-25
880786 CrOS: Vulnerability reported in sys-apps/busybox - 2018-12-25
884179 Security: http authentication spoof on chrome android $1000 2018-12-25
884242 P2P TCP sockets may crash the network service after receiving invalid packet - 2018-12-25
879543 CrOS: Vulnerability reported in sys-apps/busybox - 2018-12-24
868592 Window state leaking from one page to another. - 2018-12-22
879226 Crash in es2::Texture2D::getFormat - 2018-12-22
881917 Heap-buffer-overflow in cc::SurfaceLayer::SetHasPointerEventsNone - 2018-12-22
883492 DCHECK failure in !array_buffer_transfer_map_.Find(array_buffer) in value-serializer.cc $3500 2018-12-22
882078 Security: IDN URL Spoofing with “ก” $500 2018-12-21
880906 Security: ANGLE TextureStorage11::setData Memory Corruption $1000 2018-12-21
883172 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSNumberFormat()) in js-nu - 2018-12-21
835667 pdfium: stack-buffer-overflow in IntersectSides $500 2018-12-20
880015 Security: Mixed content check is bypassed when loading Worklets - 2018-12-20
880023 Security: Mixed content check is bypassed in data: workers created from HTTPS Documents - 2018-12-20
882449 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2018-12-20
883059 DCHECK failure in is_resolved() in ast.h - 2018-12-20
883164 Use-after-poison in v8::internal::interpreter::BytecodeGenerator::BuildVariableLoad - 2018-12-20
883215 Use-after-poison in v8::internal::Variable::location - 2018-12-20
883280 DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h - 2018-12-20
872651 DCHECK failure in !name->AsArrayIndex(&index) in lookup-inl.h - 2018-12-19
882686 Stack-buffer-overflow in content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin - 2018-12-19
883181 Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::GetRegisterInfo - 2018-12-19
824130 Security: Several CORS security issues in browsers and specs, asking for comments $2000 2018-12-17
876252 Use-of-uninitialized-value in v8::internal::Factory::NewNumber - 2018-12-15
877785 Crash in cc::RestoreOp::Serialize - 2018-12-15
880123 Crash in _platform_memmove$VARIANT$Nehalem - 2018-12-15
875579 Bad-cast to v8::internal::wasm::AsyncCompileJob::CompileTask from invalid vptr in v8::internal::wasm::AsyncCompileJob::CancelPendingForegroundTask - 2018-12-14
880322 Security: Update third_party/libpng to mitigate CVE-2016-10087 - 2018-12-14
881644 Bad-cast to const blink::LayoutBlock from blink::LayoutEmbeddedObject in blink::BoxModelObjectPainter::PaintTextClipMask - 2018-12-14
881736 Security DCHECK failure: object.IsLayoutBlock() in layout_block.h - 2018-12-14
840163 Crash in glvmRasterOpRead - 2018-12-13
866016 Security: Chrome OS (dev channel): app->VM via garcon TCP command socket - 2018-12-13
880697 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i - 2018-12-13
880759 Chrome 69 URL Spoof via double-click $1000 2018-12-13
881021 DCHECK failure in CanSubclassHaveInobjectProperties(instance_type) in objects.cc - 2018-12-13
731640 CrOS: Vulnerability reported in net-nds/openldap - 2018-12-12
855008 CrOS: Vulnerability reported in sys-libs/glibc - 2018-12-12
877036 CVE-2018-1000204 CrOS: Vulnerability reported in Linux kernel - 2018-12-12
879142 Use-of-uninitialized-value in v8::internal::Simulator::FPCompare - 2018-12-11
879898 CHECK failure: TypeError: node #28:JSToNumber type Numeric is not Number in verifier.cc - 2018-12-11
880181 Use-of-uninitialized-value in network::P2PSocketUdp::HandleReadResult - 2018-12-11
844881 Security: Address spoofing in Omnibox $3000 2018-12-08
870804 Crash in es2::Program::linkAttributes - 2018-12-08
508641 Integer overflow checking in SkAutoTMalloc/SkAutoSTMalloc - 2018-12-07
846296 CrOS: Vulnerability reported in dev-libs/openssl - 2018-12-07
872189 Security: Little-CMS (lcms) Heap Buffer Overflow in AllocateDataSet $3500 2018-12-07
875322 Function Signature Mismatch Error When Using Dynamic Linking for WebAssembly $3000 2018-12-07
878652 Use-of-uninitialized-value in content::FileSystemDispatcher::ReadDirectorySync - 2018-12-07
878725 Bad-cast to blink::LayoutTableRow from blink::LayoutSVGText in blink::ToLayoutTableRow - 2018-12-07
878735 CVE-2018-13405 CrOS: Vulnerability reported in Linux kernel - 2018-12-07
879085 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2018-12-07
879025 Security: PDFium UAF in CFX_CodecMemory::~CFX_CodecMemory - 2018-12-07
874030 CrOS: Vulnerability reported in net-dialup/ppp - 2018-12-06
874614 CVE-2018-3620: L1 Terminal Fault: OS/SMM - 2018-12-06
874617 CVE-2018-3646: L1 Terminal Fault: VMM - 2018-12-06
877874 Crash in gpu::gles2::Texture::ClearRenderableLevels $1000 2018-12-06
878761 Use-after-poison in blink::HTMLImportsController::Dispose - 2018-12-06
878845 CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass - 2018-12-06
877182 Security: Mojo DataPipe*Dispatcher deserialization lacking validation - 2018-12-05
877766 Heap-use-after-free in fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue - 2018-12-05
812769 Security: Cast UI hides Full-screen warning $500 2018-12-04
853520 use-after-free in operator-> buildtools/third_party/libc++/trunk/include/memory (WebAudio thread) $1000 2018-12-04
870678 heap-use-after-free on IsSweepingInProgress() $1000 2018-12-04
875621 Read AV in browser process $5000 2018-12-04
875680 Crash in vp8_decode_mb_tokens - 2018-12-04
877641 Stack overflow - 2018-12-04
867356 Security: Chrome OS: filesystem restrictions bypass using crosvm sshfs - 2018-12-03
877470 SVG element can cause bad-cast to LayoutTableCell - 2018-12-03
877498 Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox - 2018-12-03
857469 CHECK failure: ==NUMBER==ABORTING in int64-lowering.cc - 2018-12-02
340512 Security: ImageBurner path validation on ChromeOS - 2018-12-01
866129 Security: Chrome OS runs ancient unrar in CAP_SYS_ADMIN context - 2018-12-01
875739 Security: Unauthenticated EAPOL-Key decryption in wpa_supplicant - 2018-12-01
869941 CVE-2018-5391: Issue 3: FragmentSmack (IP fragments) - 2018-11-30
875494 heap-buffer-overflow in [@ SkDashPath::InternalFilter] - 2018-11-30
876696 DCHECK failure in kSmiValueSize < layout_descriptor_length in layout-descriptor.cc - 2018-11-30
877198 Bad-cast to v8::(anonymous namespace)::ArrayBufferAllocator from v8::(anonymous namespace)::ShellArrayBufferAllocator in v8::ArrayBufferDeleter - 2018-11-30
817595 Crash in libappindicator3.so.1 - 2018-11-29
876443 CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass - 2018-11-29
876991 Crash in gldRenderFillPolygonPtr - 2018-11-29
875556 Heap-buffer-overflow in int v8::internal::wasm::Decoder::read_leb_tail<int, - 2018-11-28
876222 Container-overflow in CJBig2_GRDProc::ProgressiveArithDecodeState::~ProgressiveArithDecodeState - 2018-11-28
870226 Security: v8 compactor may operate on undefined slots $3000 2018-11-27
875158 Heap-buffer-overflow in media::VideoFrame::visible_data $1500 2018-11-27
875712 Bad-cast to blink::MediaKeySystemConfiguration from invalid vptr in bool WTF::TraceInCollectionTrait< - 2018-11-27
875847 DCHECK failure in obj->IsExternalString() in heap.cc - 2018-11-27
875885 Bad-cast to CharacterStream<uint16_t>' (aka 'CharacterStream<unsigned short>') from v8::internal::RelocatingCharacterStream<unsigned char> in v8::internal::wasm::AsmJsParser::AsmJsParser - 2018-11-27
876255 CHECK failure: mem_size <= wasm::kV8MaxWasmMemoryBytes in wasm-objects.cc - 2018-11-27
874460 Heap-use-after-free in message_center::MessagePopupView::UpdateContents - 2018-11-26
873436 Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow - 2018-11-24
852251 Heap-use-after-free in blink::LayoutObject::WillBeDestroyed - 2018-11-23
873529 Heap-use-after-free in base::MessageLoop::DeletePendingTasks - 2018-11-23
874416 CrOS: Vulnerability reported in net-vpn/strongswan - 2018-11-23
874433 Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut - 2018-11-23
874572 Global-buffer-overflow in MemoryRead<unsigned - 2018-11-23
874613 CVE-2018-3615: L1 Terminal Fault: SGX - 2018-11-23
853422 DCHECK failure in address % access_size == 0 in simulator-arm64.cc - 2018-11-22
872746 Security: Vulnerable SRK may survive in case of interrupted TPM firmware update - 2018-11-22
873080 Security: fullscreen UI spoof using pdf prompt $1000 2018-11-22
873500 CVE-2018-1120 CrOS: Vulnerability reported in Linux kernel - 2018-11-22
874359 Security: heap-buffer-overflow in CJS_PublicMethods::AFRange_Validate - 2018-11-22
874396 Crash in blink::HeapLinkedHashSet<blink::WeakMember<blink::SVGSMILElement>, WTF::MemberHa - 2018-11-22
874393 Crash in TableSizeMask - 2018-11-22
874420 Crash in blink::SMILTimeContainer::Unschedule - 2018-11-22
874461 Use-after-poison in blink::SMILTimeContainer::UpdateAnimations - 2018-11-22
874458 Crash in blink::HeapHashTableBacking<WTF::HashTable<blink::QualifiedName, WTF::KeyValuePa - 2018-11-22
874462 Crash in blink::SMILTimeContainer::SetElapsed - 2018-11-22
874469 Crash in Unlink - 2018-11-22
874528 Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::Trace<blink::SVGAnimatedPropertyBase> - 2018-11-22
874568 Crash in blink::SMILTimeContainer::SetElapsed - 2018-11-22
874582 Crash in Unlink - 2018-11-22
874578 Bad-cast to blink::ActiveScriptWrappableBase from invalid vptr in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables - 2018-11-22
874585 Bad-cast to blink::SVGElement from invalid vptr in blink::SVGElement::RemoveAllOutgoingReferences - 2018-11-22
874600 Crash in InsertBefore - 2018-11-22
874757 Use-after-poison in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables - 2018-11-22
874714 Use-after-poison in blink::TreeScope::RemoveElementById - 2018-11-22
873693 Heap-buffer-overflow in av_encryption_init_info_add_side_data - 2018-11-21
873914 Bad-cast to blink::ImageBitmap from base class subobject at offset 80 in blink::WebGLRenderingContextBase::TexImageByGPU - 2018-11-21
873993 Use-of-uninitialized-value in spvtools::val::CheckDecorationsOfEntryPoints - 2018-11-21
865380 Use-of-uninitialized-value in test_runner::PrintFrameDescription - 2018-11-20
866766 Use-of-uninitialized-value in gpu::CommonDecoder::Bucket::GetAsStrings - 2018-11-20
869837 Crash in v8::internal::Simulator::LoadStoreHelper - 2018-11-20
873442 Heap-buffer-overflow in spvtools::val::Instruction::word - 2018-11-20
871787 Use-of-uninitialized-value in storage::DatabaseTracker::UpdateOpenDatabaseInfoAndNotify - 2018-11-18
871731 CVE-2018-12232 CrOS: Vulnerability reported in Linux kernel - 2018-11-17
872514 CHECK failure: 0 < icu_length in intl-objects.cc - 2018-11-17
849691 Android app on CrOS allows capture of a HTML select tag when FLAG_SECURE is set - 2018-11-16
872140 Bad-cast to content::BrowserGpuClientDelegate from device::mojom::ScreenOrientationRequestValidator in void base::internal::FunctorTraits<void - 2018-11-16
872219 Bad-cast to content::BrowserGpuClientDelegatevoid base::internal::FunctorTraits<void in MakeItSo<void - 2018-11-16
872244 Crash in __ubsan::checkDynamicType - 2018-11-16
872573 Heap-use-after-free in spvtools::opt::Instruction::NumOperands - 2018-11-16
867370 use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage) $3000 2018-11-15
871005 Heap-use-after-free in views::Slider::SetValueInternal - 2018-11-15
871928 Security: libaom/av1_dec_fuzzer: Crash in av1_decode_tg_tiles_and_wrapup - 2018-11-15
859218 Security: Referrer leak when Chrome Web App is installed on a path (repro issue 791216 on Mac) - 2018-11-14
870178 Heap-buffer-overflow in SkPaint::getTextWidths - 2018-11-14
870571 Heap-buffer-overflow in spvtools::val::ValidateCopyMemory - 2018-11-14
870941 Crash in SkRect::set - 2018-11-14
863069 Site Isolation: Attacker-controlled data URLs end up in wrong process after tab restore $3000 2018-11-13
870306 Use-after-poison in void blink::Visitor::HandleWeakCell<blink::SVGElement> $3500 2018-11-13
870675 Heap-use-after-free in base::DeleteHelper<content::ResolveProxyMsgHelper>::DoDelete - 2018-11-13
862004 Security: stack-buffer-underflow in Break - 2018-11-12
866229 CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc - 2018-11-11
866895 Security: Chrome OS: symlink traversal issue in /sbin/crash_reporter - 2018-11-11
833138 Consider blocking U+0307 after other i-like characters (e.g. U+1EC9) $500 2018-11-10
870567 Use-of-uninitialized-value in content::StatusCallbackAdapter - 2018-11-10
870649 Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem - 2018-11-10
870682 Crash in content::RunCallbacks - 2018-11-10
751423 heap-buffer-overflow in SkMatrix::setRSXform $500 2018-11-09
868333 CHECK failure: receiver->IsJSFunction() in objects.cc - 2018-11-09
869313 CHECK failure: Type cast failed in CAST(LoadObjectField(data_view, JSDataView::kByteLengthOffse - 2018-11-09
870351 Bad-cast to blink::V8EventListener from blink::V8LazyEventListener in blink::V8EventListenerHelper::GetEventListener - 2018-11-09
865387 Use-after-poison in blink::HTMLImportsController::Dispose - 2018-11-08
866301 Heap-use-after-free in views::Slider::SetValueInternal - 2018-11-08
868463 Security: libaom build default values - 2018-11-08
868619 Security: Kernel Level Memory Leak as a result of GDI object creations - 2018-11-08
869593 Heap-use-after-free in message_center::MessagePopupCollection::OnNotificationUpdated - 2018-11-08
869716 Heap-use-after-free in message_center::NotificationList::GetNotification - 2018-11-08
822518 iframe sandbox escape $1000 2018-11-07
848123 Cross-origin-read attack by chaining three vulnerabilities $2000 2018-11-07
864162 ASSERT: GTK_IS_WIDGET (widget) - 2018-11-07
869347 DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h - 2018-11-07
751921 Security: stack-buffer-overflow in SkPoint $1000 2018-11-06
750561 Heap-buffer-overflow in ClipRestore $1000 2018-11-06
856967 Crash in getAddress - 2018-11-06
857383 DCHECK failure in result in int64-lowering.cc - 2018-11-06
860522 Null-dereference READ in blink::AudioNode::Handler $500 2018-11-06
867776 V8 OOB write BigInt64Array.of and BigInt64Array.from side effect neuter $5000 2018-11-06
869293 DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h - 2018-11-06
805496 Security: Self-update service worker to stay alive $500 2018-11-05
867374 Security: ARC: mount-passthrough sandbox bypass via procfs - 2018-11-05
808407 CSP bypass and XSS introduction via JavaScript URI in view source - 2018-11-03
818376 Security: Off-by-1 buffer over-read in Crashpad - 2018-11-03
821704 ASSERT: G_IS_OBJECT (object) - 2018-11-03
845983 Security: Android WebView can be tricked into navigating the top frame from a sandboxed iframe without allow-top-navigation - 2018-11-03
848535 Security: history.back() can be used to bypass multiple downloads restriction. - 2018-11-03
858929 Security: URL bar spoofing with Full-screen mode $500 2018-11-03
866427 Security: Taps on the parent window pass through to an iframe in Android Chrome - 2018-11-03
866698 Security: libaom/av1_dec_fuzzer_threaded: ASSERT: 0 <= sum && sum < (1 << (bd + FILTER_BITS + 1)) - 2018-11-03
867792 Security: corrupt VP9 frame will cause tab crash - 2018-11-03
868203 Heap-use-after-free in base::sequence_manager::LazyNow::Now - 2018-11-03
868586 DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h - 2018-11-03
868628 DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h - 2018-11-03
569955 Security: Universal XSS by using fullscreen API - 2018-11-02
760416 Security: Python scripts use HTTP to interact with Closure compiler web service - 2018-11-02
838098 Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt - 2018-11-02
865950 Heap-use-after-free in blink::WorkerThread::PrepareForShutdownOnWorkerThread - 2018-11-02
867314 Use-of-uninitialized-value in SkOpAngle::lastMarked - 2018-11-02
867762 Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp in base::LoadNativeLibraryWithOptions - 2018-11-02
868077 Global-buffer-overflow in SkOpPtT::prev - 2018-11-02
867789 Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt - 2018-11-02
842503 Security: Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight $3000 2018-11-01
866282 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i - 2018-11-01
866357 DCHECK failure in UnusedPropertyFields() == map->UnusedPropertyFields() in map-inl.h - 2018-11-01
866727 DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc - 2018-11-01
867306 Fix DOMStorageNamespace UAF - 2018-11-01
728200 Security: PDFium JS: Field::m_pJSDoc lifetime issue - 2018-10-31
860697 Security: Use-after-free in CPDFSDK_Widget::Synchronize $3000 2018-10-31
866635 gcm's SocketOutputStream::Flush can write arbitrary data to the network - 2018-10-31
867048 Use-of-uninitialized-value in v8::internal::Scanner::SkipMultiLineComment - 2018-10-31
866208 DCHECK failure in !Contains(string) in heap-inl.h - 2018-10-30
532374 Service Worker should not intercept the fetch requests which are initiated from opaque (cross-origin no-cors) stylesheet. - 2018-10-29
861953 DCHECK failure in (token.literal_chars) != nullptr in scanner.cc - 2018-10-27
863623 Security: Blob URL created from Data URL shares same process despite creator being cross-site $3000 2018-10-27
866210 Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock - 2018-10-27
866227 Use-of-uninitialized-value in void cc::PaintOpReader::ReadFlattenable<SkMaskFilter> - 2018-10-27
866233 Use-of-uninitialized-value in cc::PaintOpReader::Read - 2018-10-27
848306 use-after-poison in operator blink::ExecutionContext * $1000 2018-10-26
863974 Incomplete fix of issue 853937 $3133 2018-10-25
864932 Security: Little-CMS (lcms) Heap Buffer Overflow $2500 2018-10-25
865264 DCHECK failure in !dictionary->requires_slow_elements() in elements.cc - 2018-10-25
865312 DCHECK failure in end <= array->length_value() in elements.cc - 2018-10-25
862635 Heap-use-after-free in blink::DisplayItemRasterInvalidator::Generate $3500 2018-10-24
862929 Turbofan violates Liftoff's assumption of zero-extended 32-bit values in 64-bit registers - 2018-10-24
864358 Use-of-uninitialized-value in cc::PictureLayerImpl::AppendQuads - 2018-10-24
864509 Liftoff must ensure that i32 stack parameters are zero extended - 2018-10-24
856823 Security: WebRTC Out-of-bounds read in FEC - 2018-10-23
862163 OpenOffice extensions need to be flagged as potentially dangerous - 2018-10-23
863810 [turbofan] TruncateInt64ToInt32 must generate zero-extended value - 2018-10-23
863840 Crash in webrtc::ForwardErrorCorrection::XorPayloads - 2018-10-23
863709 Heap-use-after-free in ui::I18nSourceStream::FilterData - 2018-10-22
863482 Heap-use-after-free in views::Slider::SetValueInternal - 2018-10-21
859032 CrOS: Vulnerability reported in net-misc/curl - 2018-10-20
862112 CrOS: Vulnerability reported in net-vpn/strongswan: CVE-2018-5388 - 2018-10-20
863105 DCHECK failure in external_backing_store_bytes_[type] >= amount in spaces.cc - 2018-10-20
854455 Security: Automatic file execution without any warnings $500 2018-10-19
859511 Security: Interrupted TPM firmware update doesn't clear out weak SRK - 2018-10-19
862059 Security: Bad cast in JSPropGetter in js_define.h $5000 2018-10-19
849192 Stack-use-after-scope in bsdiff::SinkFile::Write - 2018-10-18
853937 XSS by hosting JS and JSON looking file $3000 2018-10-18
859303 AddressSanitizer: attempting free on address which was not malloc()-ed in tt_face_vary_cvt - 2018-10-18
855119 URL spoofing with post urls - 2018-10-17
858820 Security: Credit card information leakage in Chrome autofill $1000 2018-10-17
861602 Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate - 2018-10-17
862536 Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate - 2018-10-17
835887 Chrome exploit: WebAssembly type confusion + V8 OOB read + sandbox escape $40633 2018-10-16
836859 Security: Privilege Escalation via chrome://resources filesystem URL - 2018-10-16
846311 signal 11 SEGV_MAPERR 000000000000 in get /v8/src/objects/fixed-array-inl.h:64:10 - 2018-10-16
860721 ComputeRandomMagic produces less randomness on 64-bit platforms than 32-bit platforms - 2018-10-16
860788 CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc - 2018-10-16
861571 Security DCHECK failure: !node || (node->IsHTMLElement()) in html_element.h - 2018-10-16
855211 Security: WebRTC: Use-after-free in VP9 Processing - 2018-10-15
853424 Stack-use-after-return in TDiagnostics::writeDebug - 2018-10-13
855932 Security DCHECK failure: !object || (object->IsBox()) in layout_box.h - 2018-10-13
860096 Crash in v8_wasm_async_fuzzer - 2018-10-13
861523 Crash in v8_wasm_async_fuzzer - 2018-10-13
859308 Crash in v8_wasm_compile_fuzzer - 2018-10-12
860392 DCHECK failure in pc == code->instruction_start() in wasm-code-manager.cc - 2018-10-12
860536 CHECK failure: args[0]->IsObject() in async-hooks-wrapper.cc - 2018-10-12
851662 Security: WebRTC: Unchecked Optional Access in Updating timestamp after RED packet - 2018-10-11
854887 Bad-cast to blink::ScriptWrappable from invalid vptr in blink::V8Element::ToImpl - 2018-10-11
855960 DCHECK failure in Capacity() <= heap()->MaxOldGenerationSize() in spaces.cc - 2018-10-11
857479 [animationworklet] AnimationWorklet declared in child frame may override animations in parent - 2018-10-11
843960 Heap-use-after-free in content::RenderFrameImpl::PostAccessibilityEvent - 2018-10-09
844845 Bad-cast to content::RenderFrameImpl from invalid vptr in test_runner::WebFrameTestProxy<content::RenderFrameImpl, content::RenderFrameImpl::CreateParams>::PostAccessibilityEvent - 2018-10-09
854816 Heap-use-after-free in media::AudioManagerWin::InitializeOnAudioThread - 2018-10-09
856999 Use-of-uninitialized-value in OmniboxView::OpenMatch - 2018-10-09
857500 Heap-buffer-overflow in _ZNSt3__16vectorIhNS_9allocatorIhEEE18__construct_at_endIPKhEENS_9enable_ifIXsr2 - 2018-10-09
857524 Heap-use-after-free in TemplateURLRef::SearchTermsArgs::SearchTermsArgs - 2018-10-09
859809 DCHECK failure in !object->IsFiller() in mark-compact.cc - 2018-10-09
856578 heap-use-after-free in memory_instrumentation::CoordinatorImpl::OnQueuedRequestTimedOut - 2018-10-08
857439 CVE-2018-1000199 CrOS: Vulnerability reported in Linux kernel - 2018-10-08
859294 Heap-use-after-free in blink::PaintController::FinishCycle - 2018-10-08
850350 Security: stack-buffer-overflow in Break $5000 2018-10-06
856474 Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue - 2018-10-06
856761 Global-buffer-overflow in webrtc::internal::AudioSendStream::RegisterCngPayloadType - 2018-10-06
857017 CVE-2018-11412 CrOS: Vulnerability reported in Linux kernel - 2018-10-06
853538 Heap-use-after-free in blink::LayoutBlock::ComputeBlockPreferredLogicalWidths - 2018-10-05
857139 Heap-use-after-free in EnsureAncestorDependentCompositingInputs - 2018-10-05
857262 Heap-use-after-free in viz::SingleReleaseCallback::Run - 2018-10-05
857311 Use-after-poison in blink::PersistentBase<blink::DummyGCBase, - 2018-10-05
327295 speech-dispatcher crashes with window.speechSynthesis() $1000 2018-10-04
666299 Security: debugger extension API bypasses normal opt-in for file:// access - 2018-10-04
856532 Heap-use-after-free in AutocompleteMatch::AutocompleteMatch - 2018-10-04
856962 Heap-buffer-overflow in autofill::FormStructure::RationalizeAddressStateCountry - 2018-10-04
854556 Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate - 2018-10-03
856054 Use-of-uninitialized-value in FXSYS_round - 2018-10-03
856354 Security: [pdfium] CJS_Field::m_pJSDoc may outlive the document. - 2018-10-03
856471 Heap-buffer-overflow in Decode - 2018-10-03
856954 Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate - 2018-10-03
867501 Security: Talos Security Advisory for Google PDFium (TALOS-2018-0639) $2000 2018-10-03
851241 Crash in gfx::RenderTextHarfBuzz::DrawVisualText - 2018-10-02
852085 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsSmi()) in objects-inl.h - 2018-10-02
854883 Security: Buffer overflow in usrsctplib - 2018-09-30
849217 Security: Reference count leak in SwiftShader OpenGL texture bindings - 2018-09-29
850476 Crash in quic::QuicConnection::OnAckRange - 2018-09-28
852644 Security: negative-size-param in Skia $1000 2018-09-28
853434 Heap-use-after-free in ash::UnifiedSystemTrayBubble::ActivateBubble - 2018-09-28
854066 Security: OOB read in TypedArray.from - 2018-09-28
854296 Heap-buffer-overflow in avio_read - 2018-09-28
854623 Security: Out-of-bound access in CFXJSE_FormCalcContext::Lower $1000 2018-09-28
835613 Heap-use-after-free in blink::FloatingObject::FloatingObject - 2018-09-27
854213 DCHECK failure in var < ParameterCount() in scope-info.cc - 2018-09-27
854299 Security: OOB read in Array.prototype.sort $4000 2018-09-27
854476 Use-of-uninitialized-value in v8::internal::Isolate::RunHostImportModuleDynamicallyCallback - 2018-09-27
854941 DCHECK failure in var < ParameterCount() in scope-info.cc - 2018-09-27
847570 Security: heap-buffer-overflow in blink::ScriptFunction::~ScriptFunction() $3000 2018-09-26
848617 Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate - 2018-09-26
849840 Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate - 2018-09-26
852944 DCHECK failure in !it.done() in module-compiler.cc - 2018-09-26
854160 Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback - 2018-09-26
854463 Crash in v8::internal::TypedElementsAccessor< - 2018-09-26
849131 Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext - 2018-09-25
851398 Stack-buffer-overflow in sw::Surface::Buffer::read - 2018-09-25
851955 Pixelbook embedded U2F Tokens Should be Locked to a Single Account and NOT be permitted in Guest Mode - 2018-09-25
852592 Security: OOB read/write in Array.prototype.sort $7500 2018-09-25
852641 Stack-buffer-overflow in libGLESv2_swiftshader - 2018-09-25
852759 CVE-2018-10940 CrOS: Vulnerability reported in Linux kernel - 2018-09-25
852258 JSTypedArray ByteLength out of bounds - 2018-09-24
853552 Heap-use-after-free in blink::LayoutObject::ContainingBlock - 2018-09-24
377995 Security: CSP Sandbox bypass $1000 2018-09-22
840857 Security: Browser process should catch commits of extension URLs in web processes - 2018-09-22
848716 Security: Multiple integer overflows in Skia GPU path rendering when computing vertex/idex count - 2018-09-22
853421 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2018-09-22
853423 Use-after-poison in void blink::ElementRuleCollector::CollectMatchingRulesForList<blink::HeapTermina - 2018-09-22
853436 Use-after-poison in blink::MemberBase<blink::ContentSecurityPolicy, - 2018-09-22
835317 Scroll TLD into view for publisher attribution in Custom Tabs - 2018-09-21
850493 Heap-buffer-overflow in webrtc::internal::CopyColumn - 2018-09-21
847903 Multiple UAF bugs fixed in the upstream kernel (most in the year 2017), but not patched in stable/latest chromeos4.4 kernel. - 2018-09-20
850910 CVE-2018-10675 CrOS: Vulnerability reported in Linux kernel - 2018-09-20
845136 heap use-after-free in link::VideoFrameSubmitter::~VideoFrameSubmitter() $500 2018-09-19
847242 Security: IDN URL Spoofing with Myanmar character "ဒ" (U+1012) - 2018-09-19
849073 Crash in blink::PersistentBase<blink::DummyGCBase, - 2018-09-19
852207 Crash in v8::internal::FullEvacuationVerifier::VerifyPointers - 2018-09-19
849398 Security: IDN URL Spoofing with Georgian Letter Vin $500 2018-09-18
849329 Security: CVE-2018-5383 - 2018-09-18
848786 Cross-origin stylesheet content is readable using SW $500 2018-09-17
831117 Termination GC leaves behind persistents - 2018-09-14
850354 Use-of-uninitialized-value in blink::ImageFrame::BlendRGBARaw - 2018-09-14
850407 Crash in HintTableForFuzzing::Fuzz - 2018-09-14
850440 Crash in CPDF_HintTables::ReadPageHintTable - 2018-09-14
850490 CVE-2018-8781 CrOS: Vulnerability reported in Linux kernel - 2018-09-14
839983 Cross-origin audio leak using Web Audio API $1000 2018-09-13
847226 Current update_engine code breaks rollback protection for enterprise devices - 2018-09-13
847328 Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h - 2018-09-13
850005 CHECK failure: Type cast failed in CAST(var_elements.value()) at ../../src/builtins/builtins-ca - 2018-09-13
850305 Use-of-uninitialized-value in disk_cache::SimpleEntryImpl::WriteDataInternal - 2018-09-13
850365 Use-of-uninitialized-value in void net::PrioritizedTaskRunner::PostTaskAndReplyWithResult<int, int> - 2018-09-13
826552 Redirect circumvents same-origin restrictions for AudioWorklet $1000 2018-09-12
841105 Security: uXSS in Chrome on iOS $7500 2018-09-12
843736 Security: ChromeOS Settings Template Injection - 2018-09-12
844833 heap-use-after-free on AudioOutputDevi $2000 2018-09-12
845859 CVE-2018-10021 CrOS: Vulnerability reported in Linux kernel - 2018-09-12
846295 CVE-2018-10124 CrOS: Vulnerability reported in Linux kernel - 2018-09-12
847060 Heap-buffer-overflow in mov_read_saio - 2018-09-12
848672 Security: V8 Incorrect type cast in String.p.split function leads to OOB write $5000 2018-09-12
848779 Use-of-uninitialized-value in content::SignedExchangePrologue::Parse - 2018-09-12
849062 Heap-buffer-overflow in avio_read - 2018-09-12
849142 Use-of-uninitialized-value in test_runner::CopyImageAtAndCapturePixels - 2018-09-12
849144 Heap-buffer-overflow in content::SignedExchangePrologue::ParseEncodedLength - 2018-09-12
849663 DCHECK failure in x <= INT_MAX in conversions.h - 2018-09-12
813349 Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser - 2018-09-11
836760 CrOS: Vulnerability reported in dev-libs/openssl - 2018-09-11
848238 Security: Floating-point precision errors in Swiftshader blitting - 2018-09-11
848914 Security: heap-buffer-overflow in gpu::gles2::StrictIdHandler::FreeIds $3000 2018-09-11
849595 Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary - 2018-09-11
840536 Security: WebRTC: Type Confusion when processing H264 NAL packet - 2018-09-10
848531 Security: Simulated Alt + Click event can download a cross origin file - 2018-09-10
849033 Heap-use-after-free in blink::TransformPaintPropertyNode::GetTransformCache - 2018-09-10
849036 Heap-use-after-free in blink::GeometryMapper::SourceToDestinationProjectionInternal - 2018-09-10
849072 Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow - 2018-09-10
849109 Heap-use-after-free in blink::GeometryMapper::LocalToAncestorClipRectInternal - 2018-09-10
847089 Use-of-uninitialized-value in cc::PaintOp::AreSkMatricesEqual - 2018-09-09
844828 Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext - 2018-09-08
847386 Security: Skia: Uninitialized variable in gen_alpha_deltas - 2018-09-08
833143 Lao could lead to idn spoof $500 2018-09-07
847718 Chrome URL Spoofing (via refreshed) $500 2018-09-07
839358 CVE-2018-1094 CrOS: Vulnerability reported in Linux kernel - 2018-09-06
844428 Security: Extension is able to inject script into chrome://newtab/ $500 2018-09-06
845006 ASSERT: GTK_IS_TREE_MODEL (tree_model) - 2018-09-06
845489 Security: Incomplete fix for crbug/844457 (Heap overflow in SkScan::FillPath due to precision error) - 2018-09-06
846262 Security: Qualys procps audit - 2018-09-06
847346 Use-of-uninitialized-value in CFX_DIBitmap::Clear - 2018-09-06
847809 Stack-buffer-overflow in webrtc::VideoQualityObserver::OnDecodedFrame - 2018-09-06
847780 DCHECK failure in !HasWeakHeapObjectTag(object) in scavenger.cc - 2018-09-06
839357 CVE-2018-1093 CrOS: Vulnerability reported in Linux kernel - 2018-09-05
842265 Security: WebRTC: Use-after-free in VP8 Block Decoding - 2018-09-05
847728 DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h - 2018-09-05
849355 Clickjacking on the inline extension installation dialog - 2018-09-04
788936 Steal local file contents by abusing liberal CSS parsing $2000 2018-09-04
847247 Heap-buffer-overflow in CPDF_DeviceCS::GetRGB - 2018-09-04
841280 heap-use-after-free in BlinkGC $2000 2018-09-03
846635 Heap-buffer-overflow in blink::NormalizeLineEndingsToCRLF $500 2018-09-03
847012 Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild - 2018-09-03
847177 Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree - 2018-09-03
847182 Heap-use-after-free in blink::LayoutObjectChildList::RemoveChildNode - 2018-09-03
844195 Security: SpeechSynthesisEvent exposes high-resolution timestamps $500 2018-09-01
845961 Security: Setting arbitrary http request headers via <iframe csp> attribute $3133 2018-09-01
846827 Use-of-uninitialized-value in assist_ranker::RankerURLFetcher::Request - 2018-09-01
846000 Container-overflow in v8::internal::compiler::JsonPrintAllSourceWithPositions - 2018-08-31
844872 Heap-buffer-overflow in transform_scanline_bgrA - 2018-08-31
846182 Heap-use-after-free in blink::MIDIInput::DidReceiveMIDIData - 2018-08-31
844578 Bad-cast to blink::CSSProperty from invalid vptr in blink::ToCSSProperty - 2018-08-30
844796 Bad-cast to const blink::CSSProperty from invalid vptr in blink::CSSProperty::Get - 2018-08-30
844840 Bad-cast to const blink::CSSPropertyblink::CSSProperty::Get in blink::CSSComputedStyleDeclaration::SetPropertyInternal - 2018-08-30
846192 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::RemoveChild - 2018-08-30
845040 Heap-use-after-free in blink::SVGResources::LayoutIfNeeded - 2018-08-29
841962 Security: WebRTC: Overflow in FEC Processing - 2018-08-28
844301 Heap-use-after-free in PreviousSibling - 2018-08-27
844857 Use-of-uninitialized-value in blink::LayoutObject::NextInPreOrderAfterChildren - 2018-08-27
828265 MediaError message property leaks cross-origin response status $500 2018-08-25
835299 Security: Integer overflow in Swiftshader texture allocation - 2018-08-25
843970 CrOS: Vulnerability reported in dev-libs/libxml2 - 2018-08-25
844089 Security DCHECK failure: !object || (object->IsBox()) in layout_box.h - 2018-08-25
844254 Heap-buffer-overflow in void SkMatrixConvolutionImageFilter::filterPixels<RepeatPixelFetcher, true> - 2018-08-25
844275 CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge - 2018-08-25
844366 Bad-cast to SkPixelRef from invalid vptr in SkBitmap::getGenerationID - 2018-08-25
844457 Security: Chrome/Skia: Heap overflow in SkScan::FillPath due to precision error. - 2018-08-25
685747 Extension names aren't sanitized when displayed in the UI - 2018-08-24
770709 Latin "with dot below" not rendered as PunyCode - 2018-08-24
826019 Security: IDN URL Spoofing with using U+0525 - 2018-08-24
835554 U+0153 (œ), U+00e6 (æ) may lead to url spoofing $500 2018-08-24
836885 Security: IDN URL Spoofing with “ҙ” (U+0499) - 2018-08-24
840161 Security: use-after-free or double-free in Virtio Wayland ChromiumOS code $1500 2018-08-24
842990 Security: Sandbox Escape - Use After Free with IndexedDBConnection $10000 2018-08-24
843563 [wasm] Shared js-to-wasm wrappers call to instance-specific wasm-to-js wrapper - 2018-08-24
844200 CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge - 2018-08-24
817920 Security: ChromeOS persistent command execution as root $33337 2018-08-23
818032 Security: Passing PATH variable to Upstart jobs allows for privilege escalation. - 2018-08-23
826434 Security: Concern about WebAssembly table mutability - 2018-08-23
835889 Various filesystem CVEs - 2018-08-23
843493 Crash in CPWL_Timer::KillPWLTimer - 2018-08-23
843543 Security: OOB reads due to missing map check - 2018-08-23
804123 Security: TexImage3D heap-buffer-overflow in WebKit Webgl $1000 2018-08-22
836362 Security: download.default_directory should not be modifiable via settingsPrivate.setPref - 2018-08-22
839197 Heap-use-after-free in PermissionRequestManager::AddRequest - 2018-08-22
843022 Security: OOB access in RegExpBuiltinsAssembler::LoadRegExpResultFirstMatch $2000 2018-08-22
843120 [wasm] We call the start function with the wrong instance - 2018-08-22
829528 Heap-use-after-free in cc::ResourceProvider::ContextGL - 2018-08-21
838886 Crash in CFX_DIBitmap::~CFX_DIBitmap - 2018-08-21
839822 Chrome URL spoofing vulnerability on IOS $1000 2018-08-21
840695 Heap-use-after-free in CJBig2_Image::~CJBig2_Image - 2018-08-21
840855 DCHECK failure in current_pos <= num_indices in runtime-array.cc - 2018-08-21
842501 Stack-buffer-overflow in v8::internal::compiler::VisitBinop - 2018-08-21
842545 Heap-use-after-free in TabStripModel::SendDetachWebContentsNotifications - 2018-08-21
839695 pdfium: global-buffer-overflow in CFX_BidiLine::ResolveImplicit $1000 2018-08-20
840320 Security: type confusion trigger DCHECK fail in ReadableStreamBytesConsumer::OnFulfilled::Call $5000 2018-08-20
842028 Security: libglesv2 heap-buffer-overflow in VertexBuffer11::storeVertexAttributes $1000 2018-08-20
837097 Heap-use-after-free in base::debug::TaskAnnotator::RunTask - 2018-08-19
830100 Heap-use-after-free in cc::VideoResourceUpdater::HardwarePlaneResource::~HardwarePlaneResource - 2018-08-18
839356 CVE-2018-1092 CrOS: Vulnerability reported in Linux kernel - 2018-08-18
839660 TargetAutoAttacher::AutoAttachToFrame UaF (Sandbox Escape) - 2018-08-18
842078 Crash in v8::internal::String::MakeExternal - 2018-08-18
812667 Security: Cross-origin information leak via subresource integrity (SRI), fetch and Service Workers $1000 2018-08-17
840106 Security: heap-use-after-free in TypedArrayBuiltinsAssembler::ConstructByArrayLike $7500 2018-08-17
838867 CVE-2017-18255 CrOS: Vulnerability reported in Linux kernel - 2018-08-17
823194 Security: Long extension name allows spoofing of Debugging InfoBar $500 2018-08-16
832246 Bad-cast to blink::LayoutBlock from blink::LayoutText in blink::ToLayoutBlock - 2018-08-16
836162 Crash in blink::LayoutObject::NextInPreOrder - 2018-08-16
837477 Crash in _pthread_key_global_init - 2018-08-16
838588 Crash in blink::TextOffsetMapping::TextOffsetMapping - 2018-08-16
838589 Bad-cast to blink::LayoutBlock from blink::LayoutTextCombine in blink::TextOffsetMapping::ComputeContainigBlock - 2018-08-16
838859 Use-of-uninitialized-value in blink::SlotAssignment::Trace - 2018-08-16
839961 Heap-use-after-free in test_runner::PrintFrameDescription - 2018-08-16
840776 Bad-cast to blink::LayoutSVGResourceContainer from invalid vptr in blink::SVGResources::RemoveClientFromCacheAffectingObjectBounds - 2018-08-16
840864 Heap-use-after-free in blink::SVGFilterPainter::PrepareEffect - 2018-08-16
840923 Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject - 2018-08-16
840924 Heap-use-after-free in blink::SVGResources::LayoutIfNeeded - 2018-08-16
840979 TextOffsetMapping make blink::SlotAssignment::Trace() to crash - 2018-08-16
841046 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::LayoutIfNeeded - 2018-08-16
841055 Use-of-uninitialized-value in blink::LayoutSVGResourceFilter::RemoveClientFromCache - 2018-08-16
841109 Heap-use-after-free in SelfNeedsLayout - 2018-08-16
841059 Heap-use-after-free in blink::LayoutSVGResourceFilter::ResourceBoundingBox - 2018-08-16
841118 Heap-use-after-free in Lookup<WTF::IdentityHashTranslator<WTF::MemberHash<blink::SVGResourceClient>, - 2018-08-16
841153 Heap-use-after-free in GetDocument - 2018-08-16
841154 Bad-cast to blink::SVGMarkerElement from blink::SVGPathElement in blink::SVGMarkerElement* blink::ToElement<blink::SVGMarkerElement> - 2018-08-16
841201 Heap-use-after-free in blink::SVGResources::LayoutIfNeeded - 2018-08-16
841210 Use-of-uninitialized-value in skcms_TransferFunction_eval - 2018-08-16
841275 Crash in blink::SVGAnimatedPropertyCommon<blink::SVGEnumerationBase>::CurrentValue - 2018-08-16
841698 Use-of-uninitialized-value in blink::HTMLMediaElement::StartPlayerLoad - 2018-08-16
841592 Crash in IntToSmi<31> - 2018-08-16
841705 Heap-use-after-free in blink::SVGResources::LayoutIfNeeded $3500 2018-08-16
826187 Security: Cross Site Resource Size Estimation via OnProgress events $500 2018-08-14
683418 Don't allow web iframes on chrome:// pages - 2018-08-14
835589 Security: CSS Paint API leaks visited status of links (up to ~3k/sec) $2000 2018-08-14
839960 Security: Use of uninitialized memory caused by AcmReceiver::AcmReceiver() $500 2018-08-14
840376 Add back retpoline for indirect function calls in wasm - 2018-08-14
840220 CHECK failure: Type cast failed in CAST(TypedArraySpeciesConstructor(context, exemplar)) at ../ - 2018-08-13
837048 Security: URL spoofing (wrong url in omnibox after going back from search result) - 2018-08-10
837585 Security: CXFA_Node::FindSplitPos container overflow $1000 2018-08-10
839348 Use-of-uninitialized-value in CFX_GifContext::LoadFrame - 2018-08-10
839361 Use-of-uninitialized-value in bool pdfium::base::internal::CheckedMulOp<unsigned int, unsigned int, void>::Do< - 2018-08-10
839399 Use-of-uninitialized-value in v8::internal::Serializer<v8::internal::DefaultSerializerAllocator>::ObjectSerial - 2018-08-10
813155 Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue - 2018-08-09
837578 Security: pdfium heap-use-after-free - 2018-08-09
838402 Security: WebRTC: Out-of-bounds memory access in WebRTC VP9 Frame Processing - 2018-08-09
838672 WebRTC: Out-of-bounds memory access in WebRTC VP9 Missing Frame Processing - 2018-08-09
618264 Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function - 2018-08-08
618936 Security: PDFium: Heap Buffer Overflow in libtiff's EstimateStripByteCounts Function - 2018-08-08
818138 Security: Download directory can be set to arbitrary paths via chrome://settings - 2018-08-08
836858 Security: Privilege Escalation using extension filesystem URLs - 2018-08-08
837939 Security: [v8] Information Leak in Map constructor $4500 2018-08-08
797461 Security: Extensions can run code in the local/instant NTP $500 2018-08-07
834624 DCHECK failure in !trap_handler::IsThreadInWasm() in wasm-interpreter.cc - 2018-08-07
835371 Bad-cast to blink::LayoutBox from invalid vptr in blink::LayoutBlockFlow::XPositionForFloatIncludingMargin - 2018-08-07
835577 Flaky UaF when running TabRestoreTest.RestoreFirstBrowserWhenSessionServiceEnabled - 2018-08-07
837943 Heap-use-after-free in blink::ChunkToLayerMapper::SwitchToChunk - 2018-08-05
803748 Use-of-uninitialized-value in LZWPreDecode - 2018-08-04
821640 CSP bypass by navigating same-origin page to JavaScript URI $1000 2018-08-04
823864 Make WebUI more robust to user gesture spoofing - 2018-08-04
837417 Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject - 2018-08-04
830303 Security: heap-use-after-free in check_client_download_request.cc when in incognito mode $3000 2018-08-03
834619 DCHECK failure in func_index == code->index() in wasm-code-manager.cc - 2018-08-03
837479 Crash in CopyRow_ERMS - 2018-08-03
808333 Security: PDFium UAF in CXFA_Document::DoProtoMerge $3000 2018-08-01
826404 Use-of-uninitialized-value in gdk_pixbuf_new - 2018-08-01
832734 Security: URL spoofing on iOS (repro issue 796777) $500 2018-08-01
834716 CVE-2018-7566 CrOS: Vulnerability reported in Linux kernel - 2018-08-01
834875 Container-overflow in webrtc::FftData::CopyToPackedArray - 2018-08-01
836131 Heap-buffer-overflow in angle::LoadToNative<signed char,1> $1500 2018-08-01
836141 Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject - 2018-08-01
791324 Security: Fetch API reveals existence of Redirection in no-cors mode $500 2018-07-31
834693 Crash in Call - 2018-07-31
835184 Global-buffer-overflow in fxcrt::WideString::WStringLength - 2018-07-31
835602 Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut - 2018-07-31
835639 Security: FileReader - Use After Free in FileReaderLoader::OnCalculatedSize() $3000 2018-07-31
829280 Heap-use-after-free in cc::VideoResourceUpdater::AllocateResource - 2018-07-29
831054 Security: Web Worker - Use After Free with Cross Thread Persisten Node $3000 2018-07-28
834850 Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox - 2018-07-28
834851 Security DCHECK failure: box.IsInlineTextBox() in inline_text_box.h - 2018-07-28
835048 Use-of-uninitialized-value in SkPictureShader::onMakeContext $1500 2018-07-28
814987 Heap-buffer-overflow in getAddress - 2018-07-27
834149 Security: PDFium UAF in CFX_XMLElement::Save $3500 2018-07-27
834941 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWeakCell()) in objects-inl - 2018-07-27
834854 CHECK failure: cell->cleared() || cell->value()->IsMap() in objects-debug.cc - 2018-07-27
810220 Security: Extension with <all_urls> permission can read arbitrary local files and chrome:// pages $2000 2018-07-26
831963 Security: In-memory Cache UaF 2 $10500 2018-07-26
832589 Security: PDFium UAF in CFGAS_FontMgr::FindFont $5500 2018-07-26
833721 Security: PDFium heap-buffer-overflow WRITE in CPDF_ExpIntFunc::v_Call $5000 2018-07-26
833729 Improper Gzip Decompressing allows content to be added to the file - 2018-07-26
816685 Security: Extension popups can read local files if a Browser Action invoked on a file:/// URL $500 2018-07-25
817247 Security: IDN URL Spoofing with using U+04CF $500 2018-07-25
827667 Security: ANGLE LoadToNative memory corruption $1000 2018-07-25
831170 Out-of-bounds read in Promise - 2018-07-25
831984 Ill in v8::internal::FullEvacuationVerifier::VerifyPointers - 2018-07-25
832101 TextOffsetMapping::ComputeContainigBlock() crashes with all elements are float - 2018-07-25
832261 TextOffsetMapping::ComputeContainigBlock() crashes with position:aboslute - 2018-07-25
833172 TextOffsetMapping::ComputeContaingBlock() crashes with position:fixed - 2018-07-25
750298 Security: Spoofing with chrome://cache (Chrome icon as SecurityIndicator) - 2018-07-24
832787 Use-of-uninitialized-value in TParseContext::nonInitErrorCheck - 2018-07-22
801648 Use-of-uninitialized-value in TType::operator== - 2018-07-21
826041 Multiple concurrent screen capture sessions are not handled correctly on ChromeOS - 2018-07-21
831539 CVE-2018-1068 CrOS: Vulnerability reported in Linux kernel - 2018-07-21
796794 Use-of-uninitialized-value in TParseContext::addIndexExpression - 2018-07-20
797174 Use-of-uninitialized-value in TParseContext::nonInitErrorCheck - 2018-07-20
818133 MacViews: views::Textfield doesn't enable secure input for password in HTTP Authentication prompt - 2018-07-20
823074 Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo - 2018-07-20
831943 Security: Crash with JavaScript RegExp subclassing $1500 2018-07-20
811158 Bookmark Apps of non-secure origins do not show security indicators - 2018-07-19
819809 Security: SEE_MASK_FLAG_NO_UI behavior changes in Windows 10, allowing SmartScreen bypass $500 2018-07-19
829213 Security: Crash in content::SpeechRecognitionDispatcher::OnRecognitionEnded() $3000 2018-07-19
830194 Heap-use-after-free in [thunk]:rtc::VideoSourceInterface<class - 2018-07-19
831537 CrOS: Vulnerability reported in net-misc/curl - 2018-07-19
813376 Crash in v8::internal::Invoke - 2018-07-18
829777 CVE-2018-7995 CrOS: Vulnerability reported in Linux kernel - 2018-07-18
829881 Security DCHECK failure: value.IsValueList() in CSSValueList.h - 2018-07-18
831111 CVE-2018-8087 CrOS: Vulnerability reported in Linux kernel - 2018-07-18
831463 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWasmInstanceObject()) in w - 2018-07-18
797465 Referrer Policy bypass using Navigation Timing API $500 2018-07-17
825480 CVE-2017-18208 CrOS: Vulnerability reported in Linux kernel - 2018-07-17
830179 Heap-use-after-free in blink::PaintLayer::UpdateHasSelfPaintingLayerDescendant - 2018-07-17
830256 Heap-buffer-overflow in display::EdidParser::ParseEdid - 2018-07-16
828323 Bad-cast to blink::WebAudioSourceProvider from invalid vptr in blink::HTMLMediaElement::AudioSourceProviderImpl::Wrap - 2018-07-15
830138 Heap-buffer-overflow in display::EdidParser::ParseEdid - 2018-07-15
830146 Bad-cast to NiceMock<media::MockMediaLog> from media::MockMediaLog in testing::internal::NiceMockBase<media::MockMediaLog>::NiceMockBase - 2018-07-14
823096 Crash in sw::Renderer::executeTask - 2018-07-13
825524 Heap-buffer-overflow in Decode - 2018-07-13
828234 Use-of-uninitialized-value in send_delete_event - 2018-07-13
829679 CHECK failure: Type cast failed in CAST(properties) at ../../src/code-stub-assembler.cc:1412 in - 2018-07-13
793402 Mac: Add hardening to protect against sandboxed processes calling CTFontManagerRegisterFontsForURL(), tricking LoadFontOnFileThread() $500 2018-07-12
826659 Heap-use-after-free in blink::PaintController::GenerateRasterInvalidationsComparingChunks - 2018-07-12
826166 Security: Out-Of-Bounds Write Vulnerability in Skia $3000 2018-07-12
828359 Heap-buffer-overflow in cast_message_fuzzer.cc - 2018-07-12
828575 Heap-use-after-free in base::internal::BindState<void - 2018-07-12
828715 Heap-use-after-free in base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase - 2018-07-12
828924 Crash in base::debug::TaskAnnotator::RunTask - 2018-07-12
829058 Bad-cast to safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState from invalid vptr in Invoke<scoped_refptr<safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState>> - 2018-07-12
805224 Security: chrome.debugger can attach to any target $2000 2018-07-11
826671 CVE-2017-18221 CrOS: Vulnerability reported in Linux kernel - 2018-07-11
827013 CHECK failure: Type cast failed in CAST(LoadFixedArrayElement( descriptors, DescriptorArray::To - 2018-07-11
827806 Heap-use-after-free in v8::internal::Isolate::UnregisterFromReleaseAtTeardown - 2018-07-11
828049 pdfium: oob array write in CPDF_StreamParser::ParseNextElement $500 2018-07-11
828522 Use-of-uninitialized-value in v8::internal::Sweeper::PauseOrCompleteScope::PauseOrCompleteScope - 2018-07-11
828524 Heap-use-after-free in safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::GetURLLoaderF - 2018-07-11
732718 Security: X64 assembler incorrectly encodes RIP+disp operand when followed by immediate. - 2018-07-10
825045 DCHECK failure in descriptor_number < number_of_descriptors() in objects-inl.h - 2018-07-10
826232 Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing - 2018-07-10
826626 Security: Blockfile Media Cache UaF $10000 2018-07-10
827039 Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel - 2018-07-10
827046 Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel - 2018-07-10
827492 Security: In-memory Cache UaF $10500 2018-07-10
828221 Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing - 2018-07-10
822821 Heap-buffer-overflow in BrotliCopyBytes - 2018-07-07
825545 Security: Heap Buffer Overflow (4 byte read) in sw::Blitter::blit3D (swiftshader) - 2018-07-07
826673 CVE-2018-7740 CrOS: Vulnerability reported in Linux kernel - 2018-07-07
826783 Bad-cast to rtc::PacketTransportInternal from content::(anonymous namespace)::IpcPacketSocket in webrtc::RtpTransport::IsTransportWritable - 2018-07-07
826876 Use-of-uninitialized-value in webrtc::RtpTransport::OnWritableState - 2018-07-07
827715 Bad-cast to rtc::PacketTransportInternal from invalid vptr in webrtc::RtpTransport::IsTransportWritable - 2018-07-07
810736 Heap-use-after-free in sw::Renderer::finishRendering $3000 2018-07-06
823150 Use-of-uninitialized-value in blink::ScrollAnchor::NotifyBeforeLayout - 2018-07-06
826725 Heap-use-after-free in webrtc::RtpTransport::OnWritableState - 2018-07-06
827106 DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h - 2018-07-06
813541 Security: Referrer leak + CSS injection at home page of remote debugging server = RCE $500 2018-07-05
823039 Stack-use-after-return in TDiagnostics::writeDebug - 2018-07-05
826658 Security: Unauthorized users can edit features on https://www.chromestatus.com $100 2018-07-05
826785 DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h - 2018-07-05
826364 Security: RFI / XSS on https://www.chromestatus.com/ $500 2018-07-04
826389 Use-of-uninitialized-value in gpu::CommandBufferHelper::Finish - 2018-07-04
825503 Uninitialized variable usage in ANGLE may cause a memory disclosure $500 2018-07-03
793715 Heap-use-after-free in xmlParseGetLasts - 2018-06-30
799707 Chromium: Vulnerability reported in libxml - 2018-06-30
813540 Security: remote debugging + DNS rebinding = UXSS $500 2018-06-30
818472 Security: WebUSB HID Device Access + OOB Read / Crash Via WebUSB transferIn $5000 2018-06-30
822976 Security: egl::Image::loadImageData - SwiftShader $1000 2018-06-30
823345 Heap-use-after-free in xmlParseGetLasts - 2018-06-30
825087 DCHECK failure in is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b - 2018-06-30
825273 Security: Bug in BoringSSL P-256 point_add $500 2018-06-30
791216 Referrer leak when Chrome Web App is installed on a path - 2018-06-29
821364 Heap-buffer-overflow in base::internal::JSONParser::ConsumeStringRaw - 2018-06-29
822120 Heap-buffer-overflow in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> > - 2018-06-29
824531 Security: Redirected URL leak on iOS - 2018-06-29
824714 CVE-2017-18203 CrOS: Vulnerability reported in Linux kernel - 2018-06-29
820984 CHECK failure: InstructionSelector::SupportsSpeculationPoisoning() in pipeline.cc - 2018-06-28
821334 CVE-2017-18174 CrOS: Vulnerability reported in Linux kernel - 2018-06-28
823116 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2018-06-28
823048 CVE-2018-6927 CrOS: Vulnerability reported in Linux kernel - 2018-06-28
823125 CVE-2018-7480 CrOS: Vulnerability reported in Linux kernel - 2018-06-28
824102 Chromium: Vulnerability reported in libxml - 2018-06-28
824586 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2018-06-28
799711 Security: Bypass password for PIN/lock on sleep settings on Chrome OS $500 2018-06-27
820913 Security: Heap-buffer-overflow in AAHairlineOp::onPrepareDraws $3000 2018-06-27
821138 Privilege elevation via PDFium - 2018-06-27
822799 Security: WebRtc - Use After Free in AudioRtpSender::CanInsertDtmf() $5000 2018-06-27
823353 Security: Show javascript alert on a site by clicking on a link from that site $1000 2018-06-27
823654 Use-of-uninitialized-value in content::RenderFrameMetadataObserverImpl::OnRenderFrameSubmission - 2018-06-27
818396 Use-of-uninitialized-value in blink::SubresourceIntegrity::ParseAlgorithmPrefix - 2018-06-26
818808 Use-of-uninitialized-value in gtk_widget_destroy - 2018-06-26
820703 Heap-use-after-free in GrTextureStripAtlas::unlockRow - 2018-06-26
822986 Use-of-uninitialized-value in gdk_pixbuf_new - 2018-06-26
823239 Use-of-uninitialized-value in g_type_module_register_type - 2018-06-26
822266 Security:crash(SEGV_MAPERR ) in wasm module - 2018-06-25
816769 Security: IDN URL Spoofing with U+04FD, U+050F, U+050B - 2018-06-23
817686 Global-buffer-overflow in puffin::Huffer::HuffDeflate - 2018-06-23
817733 Heap-buffer-overflow in puffin::BufferPuffReader::GetNext - 2018-06-23
818527 Security: ChromeOS ff_debug command execution from crosh shell $500 2018-06-23
820068 Security: IDN URL Spoofing with using "U+0437" (cyrillic small letter Ze) $500 2018-06-23
805924 mXSS: Potential XSS via MathML gotten from innerHTML $500 2018-06-22
822091 Heap-use-after-free in PDFiumEngine::GetVisiblePageIndex $5000 2018-06-22
822284 ThinStrings are incompatible with TurboFan SeqString types - 2018-06-22
822424 Security: Local Privilege Escalation due to unsafe use of Distributed Objects in Google Software Updater on MacOS - 2018-06-22
813703 Heap-buffer-overflow in swrast_dri.so - 2018-06-21
819954 Use-of-uninitialized-value in base::BaseCharToDigit<char, 16, false>::Convert - 2018-06-21
821137 OOB read/write using Array.prototype.from - 2018-06-21
821367 Use-after-poison in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> > - 2018-06-21
821596 Security: Enforce blob/filesystem "local scheme" checks in FilterURL - 2018-06-21
804198 Security: Adobe Flash NetStream Object Use After Free $3000 2018-06-20
804636 Security: Adobe Flash AdBannerAsset Object Type Confusion $3000 2018-06-20
821613 Restrict PDFium extension from running script inside chrome:// URLs - 2018-06-20
819330 Crash in next - 2018-06-19
819953 Use-after-poison in base::internal::JSONParser::ConsumeStringRaw - 2018-06-19
820399 Use-of-uninitialized-value in cc::PaintOpReader::Read - 2018-06-19
820685 Heap-use-after-free in media::GpuMemoryBufferVideoFramePool::PoolImpl::GetOrCreateFrameResources - 2018-06-19
820769 Use-of-uninitialized-value in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage - 2018-06-19
820779 Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo - 2018-06-19
820827 Heap-use-after-free in rtc::TaskQueue::Impl::RunTask - 2018-06-19
820830 Bad-cast to webrtc::VideoStreamEncoder from invalid vptr in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage - 2018-06-19
820834 Bad-cast to blink::LayoutInline from blink::LayoutSVGForeignObject in blink::LineLayoutInline::LastLineBox - 2018-06-19
819311 DCHECK failure in op->opcode() == IrOpcode::kStateValues || op->opcode() == IrOpcode::kTypedStateV - 2018-06-16
820312 Security: V8: PromiseAllResolveElementClosure can cause elements kind confusion - 2018-06-16
820341 Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError - 2018-06-16
820376 DCHECK failure in IsInterpreted() in objects.cc - 2018-06-16
820596 DCHECK failure in static_cast<unsigned>(length_) > static_cast<unsigned>(i) in zone.h - 2018-06-16
819563 Security: Chrome OS drive and downloads exposed to arbitrary Android apps - 2018-06-15
819869 Security: Integer Overflow when Processing WebAssembly Locals - 2018-06-15
819973 Use-of-uninitialized-value in resource_coordinator::TabManager::PurgeBackgroundedTabsIfNeeded - 2018-06-15
818592 Security: WinUSB - multiple issues $5000 2018-06-13
807517 Container-overflow in views::Textfield::UpdateAfterChange - 2018-06-13
798222 Security: DevTools protocol can be abused to download and run external programs $2000 2018-06-12
805445 Security: arbitrarily file write + bypass dangerous file check via DevTools API $2000 2018-06-12
805905 Security: Bad cast to ChromeDownloadManagerDelegate* from DevToolsDownloadManagerDelegate* $500 2018-06-12
808205 Should XSDB also block some headers (not just response body)? - 2018-06-12
818135 Potential root privilege escalation via debugd - 2018-06-12
818177 Merge VP9 RTP fix to M65 - 2018-06-12
818807 Security: prevent WebUSB from accessing all Yubico devices - 2018-06-12
818811 Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in int const& v8::internal::compiler::OpParameter<int> - 2018-06-12
819086 CHECK failure: Node::New() Error: #392:DeoptimizeIf[1] is nullptr in node.cc - 2018-06-12
817993 Command injection bug in crash_sender - 2018-06-10
816787 Use-of-uninitialized-value in mov_read_packet - 2018-06-09
816961 Security: Use-after-free in TypedArrayOf and TypedArrayFrom $7500 2018-06-09
818144 Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in OpParameter<int> - 2018-06-09
816033 Security: Permission request UI spoof $500 2018-06-08
816768 Security DCHECK failure: i < length_ in StringImpl.h $1500 2018-06-08
817380 DCHECK failure in code->kind() == wasm::WasmCode::kFunction || code->kind() == wasm::WasmCode::kWa - 2018-06-08
798105 Chromium fails to leave full screen mode $1000 2018-06-07
674887 tel: URL scheme Reference Origin Spoof in Chrome iOS $500 2018-06-06
813621 Crash in v8::internal::Code::marked_for_deoptimization - 2018-06-06
796776 Use-of-uninitialized-value in ConstantUnion::operator+ - 2018-06-05
797234 Use-of-uninitialized-value in ConstantUnion::cast - 2018-06-05
797281 Heap-buffer-overflow in getIConst - 2018-06-05
799499 Heap-buffer-overflow in WebRtcSpl_DownsampleFastC - 2018-06-05
812519 Negative-size-param in SkPixmap::erase - 2018-06-05
813632 Crash in FromAddress - 2018-06-05
813714 Heap-buffer-overflow in TIntermConstantUnion::fold - 2018-06-05
814913 Some renderer-initiated network loads are bypassing ResourceDispatcherHost (with the network service disabled) - 2018-06-05
816317 DCHECK failure in source->length_value() <= destination->length_value() - offset in elements.cc - 2018-06-05
797258 CVE-2017-8824 CrOS: Vulnerability reported in Linux kernel - 2018-06-02
810235 user namespaces allow for unprivileged noexec bypass - 2018-06-02
812567 Heap-buffer-overflow in mov_read_trun - 2018-06-02
815318 Crash in libappindicator3.so.1 - 2018-06-02
806162 Security: Chrome fullscreen without any warning and dialog no orgin for spoof $1000 2018-06-01
813012 CVE-2017-18079 CrOS: Vulnerability reported in Linux kernel - 2018-06-01
813142 Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable - 2018-06-01
813814 Security: Whole-script confusable domain label spoofing (Cyrillic) $500 2018-06-01
814562 DCHECK failure in code->owner()->compiled_module()->owning_instance() == codemap()->instance() in - 2018-06-01
814950 Heap-buffer-overflow in SkPath::moveTo - 2018-06-01
805900 Security: URL spoofing via forward and backward navigation on iOS - 2018-05-31
809823 Make chrome://view-http-cache use WebUI bindings - 2018-05-31
811691 CSP object-src 'none' allows load of image in <object> tag - 2018-05-31
813201 Heap-buffer-overflow in wm::FocusController::SetActiveWindow - 2018-05-31
771933 SW can intercept potential-navigation-or-subresource request $500 2018-05-30
810146 Heap-use-after-free in blink::LayoutObject::WillBeDestroyed - 2018-05-30
813427 CHECK failure: constructor_initial_map->instance_size() <= instance_size in objects.cc - 2018-05-30
737648 Security: bypassing CORS of multipart images by ServiceWorker - 2018-05-29
813590 Crash in v8::internal::Code::unwinding_info_size - 2018-05-29
813598 Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse - 2018-05-29
813593 Crash in v8::internal::ConcurrentMarking::Run - 2018-05-29
813605 Crash in unwinding_info_start - 2018-05-29
813628 Crash in FromAddress - 2018-05-29
813618 Crash in v8::internal::FeedbackVector::GetKind - 2018-05-29
813633 Crash in v8::internal::HeapObject::map_word - 2018-05-29
808316 Security: IDN URL Spoofing with using ŋ (U+014B) - 2018-05-28
811117 Myanmar character in domain names can lead to spoofing $500 2018-05-28
797298 Heap-use-after-free in blink::PaintLayerScrollableArea::UpdateScrollOffset - 2018-05-26
806122 Crash in get_chroma_qp - 2018-05-26
808838 Security: Same origin bypass with Service Workers + PDF plugin $4500 2018-05-26
809759 Security: Latest Win10 builds fail to set Mark-of-the-Web on downloaded filenames approaching MAX_PATH $1000 2018-05-26
482558 Security: CSP does not block favicon request - 2018-05-25
560695 Security: Anchor Elements Ping attribute security settings bypass - 2018-05-25
582387 CSP not inherited to popups with "javascript:"-URL $500 2018-05-25
758523 Security: document.baseURI contains not-encoded representation of URI and may lead to DOM based XSS $500 2018-05-25
776418 Security: Fullscreen notification can be overlapped $1000 2018-05-25
798150 Crash in v8::internal::Invoke - 2018-05-25
811048 CVE-2018-5750 CrOS: Vulnerability reported in Linux kernel - 2018-05-25
811733 Stack-buffer-overflow in CFX_MemoryStream::ReadBlock - 2018-05-25
812923 Crash in _fini - 2018-05-25
441275 referrer leakage with XSS Auditor page block - 2018-05-24
481190 Security: BoringSSL ECDSA signing is never constant time with p256-64.c. - 2018-05-24
526341 Adobe Flash Player PCRE find_parens Out-Of-Bounds Read Access $1000 2018-05-24
585555 Security: Function constructor cotext escape when using template string as the default argument - 2018-05-24
602625 Security: untrusted code exec to kernel code exec, applicable from chrome render process as well - 2018-05-24
644907 Security: Linking to chrome:// and file:// urls inside print preview - 2018-05-24
683824 The browser and d8 crashed caused by segv - 2018-05-24
685750 Security: RTL characters are not handled properly in extension permission patterns - 2018-05-24
754980 Security: Permission changes in Guest mode persist for next Guest session - 2018-05-24
766592 Security: `\n` and `<` in `ping` aren't completely blocked. - 2018-05-24
801821 Heap-buffer-overflow in mov_read_stts - 2018-05-24
804097 Use-of-uninitialized-value in find_prev_closest_index - 2018-05-24
807215 Security: heap-use-after-free in ProbeForLowSeverityLifetimeIssue - 2018-05-24
811853 Use-of-uninitialized-value in CFX_BmpDecompressor::ReadHeader - 2018-05-24
812451 Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse - 2018-05-24
812512 Use-of-uninitialized-value in sk_store_a8 - 2018-05-24
808192 Security: V8 Integer overflow in object allocation size - 2018-05-23
808825 WebVTT CORS bypass using ServiceWorker $500 2018-05-23
811049 CrOS: Vulnerability reported in net-misc/curl - 2018-05-23
811144 Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject - 2018-05-23
811246 Heap-use-after-free in GetLayoutBox - 2018-05-23
812167 Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject - 2018-05-23
810973 CHECK failure: !result.failed() in wasm-engine.cc - 2018-05-22
807985 Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser - 2018-05-20
808341 Use-of-uninitialized-value in blink::LayoutObject::MaybeClearIsScrollAnchorObject - 2018-05-20
784012 DCHECK failure in last_slash != std::string::npos in d8.cc - 2018-05-19
799477 Cross-Origin image data leak via cache and canvas $4000 2018-05-19
810107 DCHECK failure in obj->IsFixedArray() in wasm-objects-inl.h - 2018-05-19
810368 Use-after-poison in blink::ComputePresentationAttributeStyle - 2018-05-19
810923 Use-of-uninitialized-value in webrtc::AecState::Update - 2018-05-19
511480 Security: User not notified about an extension changing the NTP - 2018-05-18
792538 Improve extension content verification logic when the extension requests a resource at folder urls - 2018-05-18
798099 Security DCHECK failure: offset + length <= impl.length() in StringView.h - 2018-05-18
798410 Security DCHECK failure: !object || (object->IsTableCell()) in LayoutTableCell.h - 2018-05-18
780694 Security: Heap-use-after-free in content::protocol::NetworkHandler::SetNetworkConditions - 2018-05-17
798933 Chrome for Android - Window.open combined with the onbeforeunload dialog crashes Chrome's WebView render $2000 2018-05-17
800032 Security: V8: Bugs in Genesis::InitializeGlobal - 2018-05-17
802392 Chrome: Crash Report - cc::LayerTreeHost::AnimateLayers - 2018-05-17
806388 Security: A bug in JSFunction::GetDerivedMap - 2018-05-17
807096 Security: Arrow function scope fixing bug - 2018-05-17
809824 Security: PDFium OOB Read in CFX_BmpDecompressor::ReadHeader $1000 2018-05-17
801861 Web Store extensions can be made to have no toolbar icon - 2018-05-16
808336 Security: PDFium OOB Read in BMPDecompressor::ReadHeader $1000 2018-05-16
808389 CVE-2018-5344 CrOS: Vulnerability reported in Linux kernel - 2018-05-16
808786 CVE-2018-1000004 CrOS: Vulnerability reported in Linux kernel - 2018-05-16
809613 Use-of-uninitialized-value in blink::MediaAttributeMatches - 2018-05-16
767018 Security: arc setup code in session_manager writes lots of untrusted file system locations carelessly - 2018-05-15
773229 Security: Use-After-Free in PDFium $7500 2018-05-15
803936 Security: Heap Buffer Overflow (Read) in PlanGauss::Gauss::blur (using filter_fuzz_stub) - 2018-05-15
808785 CVE-2017-15129 CrOS: Vulnerability reported in Linux kernel - 2018-05-15
808787 CrOS: Vulnerability reported in media-libs/tiff - 2018-05-15
808876 Bad-cast to blink::LayoutTableRow from blink::LayoutTableCell in blink::ToLayoutTableRow - 2018-05-15
808878 Use-of-uninitialized-value in mojo::ScopedInterfaceEndpointHandle::id - 2018-05-15
808980 [v8] Uninitialized wasm_compiled_module for deserialized module $3500 2018-05-15
805892 Heap-buffer-overflow in autofill::PagePasswordsAnalyser::AnalyseDocumentDOM - 2018-05-14
805729 Security: V8: AwaitedPromise update bug - 2018-05-14
779428 Security: global-buffer-overflow in SkBitmap IPC Deserialization $2000 2018-05-12
807887 Heap-use-after-free in video_capture::DeviceMediaToMojoAdapter::Stop - 2018-05-12
808386 Heap-use-after-free in cc::PlaybackImageProvider::GetDecodedDrawImage - 2018-05-12
780435 Read cross-origin video using Canvas and Service Worker $4000 2018-05-11
802060 DCHECK failure in op->IsAnyLocationOperand() in instruction.h - 2018-05-11
807628 Use-of-uninitialized-value in content::QuotaDispatcherHost::QueryStorageUsageAndQuota - 2018-05-11
808320 Bad-cast to gin::(anonymous namespace)::PageAllocator from invalid vptr in base::NoDestructor<gin::PageAllocator>::NoDestructor<> - 2018-05-11
617149 Security: libtiff in pdfium may have a security issue - 2018-05-10
617494 Security: PDFium: Heap Buffer Overflow in libtiff's NeXTDecode Function - 2018-05-10
618254 Security: PDFium: Out-Of-Bounds Read in libtiff's putRGBUAcontig8bittile Function - 2018-05-10
780919 Security: heap-use-after-free blink::AudioSummingJunction::UpdateRenderingState $3000 2018-05-10
806151 Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2018-05-10
618931 Security: PDFium: Heap Buffer Overflow in libtiff's TIFFFetchStripThing Function - 2018-05-09
765605 Security: ble adv flooding: kernel panics/crashes - 2018-05-09
777104 CrOS: Vulnerability reported in net-misc/curl - 2018-05-09
797555 Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow - 2018-05-09
799705 CrOS: Vulnerability reported in sys-libs/glibc - 2018-05-09
806582 Heap-use-after-free in get_scalar_from_data_ptr - 2018-05-09
807214 Security: global-buffer-overflow in CFX_GetCSSPropertyByName $1000 2018-05-09
807240 Heap-use-after-free in blink::GraphicsLayer::PaintRecursivelyInternal - 2018-05-09
807480 Heap-use-after-free in blink::GraphicsLayer::UpdateContentsRect - 2018-05-09
807508 DCHECK failure in !__isolate__->has_pending_exception() in builtins-api.cc - 2018-05-09
807529 Null-dereference READ in base::CreateThread - 2018-05-09
616667 Security: PDFium: Heap Buffer Overflow in bmp_decode_rle4 - 2018-05-08
616668 Security: PDFium: Heap Buffer Overflow in CGifLZWDecoder::ClearTable - 2018-05-08
616669 Security: PDFium: Out-Of-Bounds Read in GetDWord_LSBFirst - 2018-05-08
616672 Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback - 2018-05-08
618939 Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function 2 - 2018-05-08
771709 PWA app installation can be requested from sandboxed page - 2018-05-08
804118 Security: WriteTexture heap-buffer-overflow in WebGL on macOS $1000 2018-05-08
806179 DCHECK failure in top() >= to_space_.page_low() in spaces.h - 2018-05-08
806539 Use-of-uninitialized-value in net::QuicUrlUtilsImpl::GetPushPromiseUrl - 2018-05-07
805396 Use-of-uninitialized-value in WebRtcSpl_MaxAbsValueW16C - 2018-05-06
633030 Oilpan reintroduced inline meta-data $2000 2018-05-05
800257 OOB in _sk_lerp_u8_sse2 - 2018-05-05
758848 Security: Use after free vulnerability about psdk in the latest version $5000 2018-05-04
758863 Security: Use after free vulnerability about psdk in the latest version of Flash player $5000 2018-05-04
792028 Security: Information disclosure via "memory_instrumentation::mojom::Coordinator" interface in "resource_coordinator" service - 2018-05-04
802333 Security: V8: A bug in the ObjectDescriptor class - 2018-05-04
794402 Security: use-of-uninitialized-value in sse2::blit_row_s32a_opaque (filter_fuzz_stub) - 2018-05-03
797796 Crash in _sk_load_bgra_sse2 - 2018-05-03
798096 Security: Linkified URLs in DevTools are not sanitized (can open privileged URLs) - 2018-05-03
799775 Security: use-of-unitialized-value in GetScale (SkUnPeMultiply.h:29) in filter_fuzz_stub - 2018-05-03
803571 'Security: IDN URL Spoofing with "Cyrillic Letter Ukrainian Ie" - 2018-05-03
804476 Security: use-of-uninitialized-value in unpremul_pm (filter_fuzz_stub) - 2018-05-03
792900 Security: Calling "mojo::WrapSharedMemoryHandle" is insufficient to produce read-only descriptors for IPC - 2018-05-02
800389 Security: use-of-unitialized-value in getType (SkMatrix.h:128) in filter_fuzz_stub - 2018-05-02
803022 DCHECK failure in current_ == next_ in node.h $3500 2018-05-02
804177 DCHECK failure in map() != GetHeap()->fixed_cow_array_map() in fixed-array-inl.h - 2018-05-02
804651 Security: use-of-uninitialized-value in getType (filter_fuzz_stub) - 2018-05-02
804801 CHECK failure: Type cast failed in CAST(add_func) at ../../src/builtins/builtins-collections-ge - 2018-05-02
804837 CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep - 2018-05-02
805039 Use-after-poison in blink::TreeScope::Retarget - 2018-05-02
805283 Security: Use-of-uninitialized-value in SkReadBuffer.h (filter_fuzz_stub) - 2018-05-02
789959 Security: Read-only SharedMemory descriptors on Android are writable - 2018-05-01
801514 Security: local privilege escalation via glibc realpath() buffer underflow (CVE-2018-1000001) - 2018-05-01
803352 Heap-use-after-free in blink::HTMLCollection::NamedItems - 2018-05-01
803812 CVE-2017-18017 CrOS: Vulnerability reported in Linux kernel - 2018-05-01
803427 DCHECK failure in (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc - 2018-05-01
804096 Crash in v8::internal::Sweeper::EnsurePageIsIterable - 2018-05-01
804631 Heap-use-after-free in app_list::PageSwitcher::~PageSwitcher - 2018-05-01
804288 DCHECK failure in IsNativeContext() in contexts-inl.h - 2018-05-01
791368 DCHECK failure in descriptors->GetValue(descriptor) != value || value->FitsRepresentation(details. - 2018-04-30
803788 DCHECK failure in wasm::WasmCode::kLazyStub == code->kind() in module-compiler.cc - 2018-04-30
803750 CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc - 2018-04-28
707539 Security: Persistent pre and post login command execution as chronos user, with noexec bypass allowing any binary $5000 2018-04-27
802983 Heap-buffer-overflow in CJBig2_Image::composeTo_opt2 - 2018-04-27
629431 Security: extension system must respect the page load deferrer - 2018-04-26
792163 Review U+04CF confusable mapping and make it platform-dependent if necessary - 2018-04-26
801378 Use-of-uninitialized-value in v8::internal::Assembler::target_address_at - 2018-04-26
801772 DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparsed- - 2018-04-26
801789 Use-of-uninitialized-value in SkIRect::isEmpty - 2018-04-26
793074 Cross-Directory Shared Worker $500 2018-04-25
797497 Security: Extension can run code in the chrome-devtools://devtools (e.g. to read local files) $2500 2018-04-25
798133 CVE-2017-17712 CrOS: Vulnerability reported in Linux kernel - 2018-04-25
801000 iOS: wrong url in omnibox after going back from search result - 2018-04-25
801602 ASSERT: 0 <= value && value < symbolsCount - 2018-04-25
801859 Stack-use-after-return in TDiagnostics::writeDebug - 2018-04-24
608669 Security: a@download feature can be abused to leak sensitive information from third party sites $500 2018-04-23
801627 Security: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps - 2018-04-23
668645 Security: CSP in WebUI can trivially be bypassed by extensions $1000 2018-04-22
797500 Security: chrome-devtools://devtools/remote/ can be modified by extensions $2500 2018-04-22
797511 Security: heap-use-after-free in WebUIExtension::Send (chrome.send) - 2018-04-22
797525 Security: XSS in "Site blocked" (supervised user) interstitial and chrome://interstitials/supervised_user $1000 2018-04-22
798163 Security: privileged XSS in chrome-devtools://devtools/remote with old frontend (insufficient validation of remoteFrontendUrl) $2500 2018-04-22
793628 Security: IDN URL Spoofing with Cyrillic $500 2018-04-21
797469 Heap-buffer-overflow in xiph_lacing_16bit - 2018-04-21
798892 Security: IDN URL Spoofing with using "U+00FE" $500 2018-04-21
799363 Crash in mov_read_trun - 2018-04-21
800810 DCHECK failure in receiver->map() == *original_map in elements.cc - 2018-04-21
801647 Crash in __msan_memset - 2018-04-21
797481 Crash in v8::internal::Simulator::LoadStorePairHelper - 2018-04-20
799715 heap overflow read in filter_fuzz_stub $1000 2018-04-20
799847 Redirect URL leak via error message of WebGL texture $2000 2018-04-20
799918 Stack-buffer-overflow in SkPackBits::Unpack8 $1500 2018-04-20
801105 CrOS: Vulnerability reported in media-libs/tiff - 2018-04-20
759289 CrOS: Vulnerability reported in media-libs/tiff - 2018-04-19
767354 Security: Detect open SSH port via FTP protocol - 2018-04-19
799706 CrOS: Vulnerability reported in media-libs/tiff - 2018-04-19
798644 Security: V8: Type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl - 2018-04-19
800230 XSS on chrome-search://most-visited/title.html (NTP) - 2018-04-19
800692 Security DCHECK failure: object.IsBox() in LayoutBox.h - 2018-04-19
800919 Use-of-uninitialized-value in blink::ResourceLoadScheduler::TrafficMonitor::Report - 2018-04-19
794091 Security: race condition lead to many fatal Error D in WebAssembly.validate $3000 2018-04-18
800025 Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor - 2018-04-18
800077 CHECK failure: Type cast failed in CAST(key) at ../../src/code-stub-assembler.cc:7137 in code-a - 2018-04-18
800277 CVE-2017-17805 CrOS: Vulnerability reported in Linux kernel - 2018-04-18
800356 CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString() - 2018-04-18
799325 Use-of-uninitialized-value in cc::PaintOpReader::Read - 2018-04-17
799690 DCHECK failure in total_offset == offset_table->get_int(kOTESize * left) in wasm-objects.cc - 2018-04-17
799813 DCHECK failure in index >= 0 && index < length() in string-inl.h - 2018-04-17
800225 Use-of-uninitialized-value in cc::PaintOpReader::Read - 2018-04-17
800228 CSS Injection on chrome-search://most-visited/single.html (NTP) - 2018-04-17
789966 Deadlysignal in base::internal::CallbackBase::CallbackBase - 2018-04-15
798695 Use-of-uninitialized-value in path_to_polys - 2018-04-15
796107 Heap-buffer-overflow in SkRecorder::onDrawPosTextH $2000 2018-04-14
798912 Use-of-uninitialized-value in sweep_lt_vert - 2018-04-14
799097 Use-of-uninitialized-value in blink::LayoutBlock::AddChildBeforeDescendant - 2018-04-14
799202 Heap-use-after-free in blink::LayoutBlock::EnclosingFirstLineStyleBlock - 2018-04-14
799341 Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty - 2018-04-14
790013 Heap-buffer-overflow in safe_browsing::dmg::ConvertBigEndian - 2018-04-13
795493 Bad-cast to webrtc::MetricsObserverInterface from invalid vptr in cricket::BasicPortAllocator::OnIceRegathering - 2018-04-13
796777 Security: URL spoofing on iOS after UI action $500 2018-04-13
797254 CVE-2017-1000410 CrOS: Vulnerability reported in Linux kernel - 2018-04-13
797483 CrOS: Vulnerability reported in dev-libs/openssl - 2018-04-13
799017 Security DCHECK failure: value.IsValuePair() in CSSValuePair.h - 2018-04-13
799051 Use-of-uninitialized-value in blink::LayoutBox::WillBeDestroyed - 2018-04-13
799052 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsRooted - 2018-04-13
799055 Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::Root - 2018-04-13
799058 Use-of-uninitialized-value in blink::InlineFlowBox::RemoveChild - 2018-04-13
799060 Heap-use-after-free in blink::InlineBox::Root - 2018-04-13
799063 Use-of-uninitialized-value in blink::InlineBox::Root - 2018-04-13
799065 Use-of-uninitialized-value in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded - 2018-04-13
799067 Use-of-uninitialized-value in blink::LayoutObject::PaintingLayer - 2018-04-13
799068 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::AddChildBeforeDescendant - 2018-04-13
799069 Use-of-uninitialized-value in blink::StyleEngine::NodeWillBeRemoved - 2018-04-13
799098 Heap-use-after-free in blink::LayoutTableRow::StyleDidChange - 2018-04-13
799100 Use-of-uninitialized-value in blink::PODRedBlackTree<blink::PODInterval<blink::LayoutUnit, blink::LayoutMultiC - 2018-04-13
799104 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2018-04-13
799108 Heap-use-after-free in blink::LayoutTableCell::BorderLeft - 2018-04-13
799110 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBox::IsOrthogonalWritingModeRoot - 2018-04-13
799113 Heap-use-after-free in blink::ScrollAnchor::NotifyBeforeLayout - 2018-04-13
799119 Heap-use-after-free in blink::ShouldEmitNewlinesBeforeAndAfterNode - 2018-04-13
799121 Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::DirtyLineBoxes - 2018-04-13
799123 Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2018-04-13
799128 Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty - 2018-04-13
799188 Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild - 2018-04-13
799206 Heap-use-after-free in blink::LayoutBox::IsFlexItemIncludingDeprecated - 2018-04-13
799207 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::EnclosingFirstLineStyleBlock - 2018-04-13
799210 Heap-use-after-free in blink::AXLayoutObject::LayoutParentObject - 2018-04-13
799214 Heap-use-after-free in blink::PrimaryDirectionOf - 2018-04-13
799222 Use-of-uninitialized-value in base::internal::CallbackBase::~CallbackBase - 2018-04-13
799224 Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject - 2018-04-13
799263 Security: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind - 2018-04-13
799274 Use-of-uninitialized-value in blink::PrimaryDirectionOf - 2018-04-13
799276 Bad-cast to blink::LayoutObject from invalid vptr in blink::ScrollAnchor::ComputeScrollAnchorDisablingStyleChanged - 2018-04-13
799277 Heap-use-after-free in blink::LayoutObject::NextInPreOrderAfterChildren - 2018-04-13
799282 Heap-use-after-free in blink::LayoutObject::OffsetParent - 2018-04-13
799280 Heap-use-after-free in SetNeedsCollectInlines - 2018-04-13
799286 Use-of-uninitialized-value in blink::InlineBox::DirtyLineBoxes - 2018-04-13
799289 Use-of-uninitialized-value in void blink::PODIntervalTree<blink::LayoutUnit, blink::LayoutMultiColumnSet*>::Se - 2018-04-13
799295 Use-of-uninitialized-value in blink::LayoutObject::IsRooted - 2018-04-13
799298 Use-of-uninitialized-value in blink::ObjectPaintInvalidator::SlowSetPaintingLayerNeedsRepaint - 2018-04-13
799303 Heap-use-after-free in blink::LayoutObject::SetNeedsPaintPropertyUpdate - 2018-04-13
799340 Heap-use-after-free in blink::LayoutObject::Container - 2018-04-13
799366 Heap-use-after-free in blink::ContainerNode::GetUpperLeftCorner - 2018-04-13
799408 Heap-use-after-free in blink::LayoutTableCell::BorderLeft - 2018-04-13
799432 Heap-use-after-free in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded - 2018-04-13
759225 CHECK failure in SyntheticGestureTargetBase::DispatchInputEventToPlatform() - 2018-04-12
773930 Security: Whole-script confusable domain label spoofing (Cyrillic) $500 2018-04-12
798066 heap-buffer-overflow in SkAAClip::quickContains $500 2018-04-12
798256 Heap-buffer-overflow in SkMatrix::setRSXform - 2018-04-12
798173 Use-of-uninitialized-value in SkMatrix::postConcat - 2018-04-11
770106 CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug - 2018-04-10
786809 Use-of-uninitialized-value in update_current_folder_get_info_cb - 2018-04-06
797184 Use-of-uninitialized-value in SkMatrix::postConcat - 2018-04-06
797482 CVE-2017-1000407 CrOS: Vulnerability reported in Linux kernel - 2018-04-06
797596 DCHECK failure in IrOpcode::kMerge == control->opcode() in node-properties.cc - 2018-04-05
824799 Security: Bug in X509_VERIFY_PARAM_set1_host() with namelen 0 $500 2018-04-04
779325 Unknown exception in Register - 2018-03-31
793620 Security: Sandbox escape / automatic code execution via downloads.open $1000 2018-03-31
796930 CHECK failure: Node #610:Phi in B121 is not dominated by input@1 #632:Call in verifier.cc - 2018-03-31
797130 DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc - 2018-03-31
797192 CHECK failure: Node #370:Phi in B34 is not dominated by input@1 #392:Call in verifier.cc - 2018-03-31
716932 Use-after-poison in blink::probe::breakableLocation - 2018-03-30
736882 Security: chrome://discards/ accepts WebContents pointers as URL parameters - 2018-03-30
789001 Container-overflow in views::Textfield::OnKeyPressed - 2018-03-30
796473 Heap-buffer-overflow in SkUTF8_NextUnichar $1000 2018-03-30
760914 CrOS: Vulnerability reported in media-libs/tiff - 2018-03-29
792851 CrOS: Vulnerability reported in dev-libs/libxml2 - 2018-03-29
794126 CVE-2017-12190 CrOS: Vulnerability reported in Linux kernel - 2018-03-29
794491 CVE-2017-12193 CrOS: Vulnerability reported in Linux kernel - 2018-03-29
794504 Security: CVE-2017-17558 - OOB write in kernel USB core - 2018-03-29
796476 Crash in sw::Surface::genericUpdate - 2018-03-29
796570 Heap-buffer-overflow in ConstantUnion::operator- - 2018-03-29
796825 Use-of-uninitialized-value in media::internal::DecimatedSearch - 2018-03-29
789393 Security: V8: Integer overflow with PropertyArray - 2018-03-28
792109 Heap-buffer-overflow in ConstantUnion::operator- - 2018-03-28
792578 Heap-buffer-overflow in TParseContext::addConstVectorNode - 2018-03-28
792819 Use-of-uninitialized-value in TParseContext::parseSingleDeclaration - 2018-03-28
792896 Use-of-uninitialized-value in ConstantUnion::cast - 2018-03-28
792936 Heap-buffer-overflow in getIConst - 2018-03-28
794990 Security: Pdfium: integer overflows in pattern shading - 2018-03-28
795131 Heap-buffer-overflow in unsigned char v8::internal::ReadUnalignedValue<unsigned char> - 2018-03-28
795569 Security: WebRTC - Memory corruption in PeerConnection::RemoveTrack() $3000 2018-03-28
795587 Use-of-uninitialized-value in GrGLAttribArrayState::set - 2018-03-28
795889 heap-use-after-free in ProbeForLowSeverityLifetimeIssue - 2018-03-28
795922 DCHECK failure in !has_null_prototype() in ast.cc - 2018-03-28
793699 Security: WebRTC - Memory corruption in WebRtcVoiceMediaChannel::GetSources() $3000 2018-03-27
794924 Crash in v8::internal::Invoke - 2018-03-27
794969 Security: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access - 2018-03-27
795501 Container-overflow in content::AudioStreamMonitor::UpdateStreamAudibleStateOnUIThread - 2018-03-27
795856 Heap-buffer-overflow in v8::internal::SharedFunctionInfo::GetSourceCodeHarmony - 2018-03-27
820848 Incorrect-function-pointer-type in gl::Debug::insertMessage - 2018-03-27
825679 Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError - 2018-03-27
793588 Use-of-uninitialized-value in v8::internal::TextNode::GetQuickCheckDetails - 2018-03-26
794825 Security: V8: Empty BytecodeJumpTable may lead to OOB read - 2018-03-25
795568 Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow - 2018-03-25
777150 Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::AXLayoutObject::AccessibilityHitTest;blink::WebAXObject::HitTest - 2018-03-24
786723 DCHECK failure in !compilation_info()->dependencies() || !compilation_info()->dependencies()->HasA - 2018-03-24
791256 DCHECK failure in kNoSourcePosition != start_position() in scopes.cc - 2018-03-24
792537 Cherry-pick an upstream buffer overrun fix for Calendar class in ICU - 2018-03-24
793714 DCHECK failure in *code->owner()->compiled_module()->owning_instance() == codemap()->instance() in - 2018-03-24
793793 Use-after-poison in v8::internal::RegExpParser::GetCapture - 2018-03-24
794390 Cherry-pick an upstream fix for UTF-8 to UTF-8 converter - 2018-03-24
794394 Security: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null" - 2018-03-24
794401 Crash in GetValueByObjectIndex - 2018-03-24
794406 Security: Use of Uninitialized Value in approx_log2 (msan build filter_fuzz_stub) - 2018-03-24
794492 Security: pdfium: out-of-bounds read with nested colorspaces - 2018-03-24
794822 Security: V8: JIT: Type confusion in GetSpecializationContext - 2018-03-24
794932 CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc - 2018-03-24
795251 Security: pdfium: out-of-bounds read with shading pattern backed by pattern colorspace - 2018-03-24
795502 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length() - 2018-03-24
793196 DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h - 2018-03-22
793285 Use-of-uninitialized-value in sse41::blit_row_s32a_opaque - 2018-03-22
793372 Bad-cast to CJX_Node from CJX_Content in CXFA_Node::JSNode - 2018-03-22
793519 DeviceSensorHost exposes shared memory handles from StartPolling as read-write - 2018-03-22
793876 chrome!ui::AXPlatformNodeWin::IsSameHypertextCharacter out-of-bounds read $500 2018-03-22
794405 CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep - 2018-03-22
719907 Security: Cert manager allows import of CA roots an messing with trust bits on Kiosk network config screen - 2018-03-21
791317 Use-of-uninitialized-value in sk_store_a8 - 2018-03-21
792464 Global-buffer-overflow in blink::CSSParserToken::GetType - 2018-03-21
793282 DCHECK failure in size + CallSize(target, offset, cond, rs, rt, bd) == SizeOfCodeGeneratedSince(&s - 2018-03-21
793292 DCHECK failure in IsCodeTarget(rmode_) || IsRuntimeEntry(rmode_) in assembler-mips-inl.h - 2018-03-21
793617 Bad-cast to SkPathEffect from SkColorShader in sk_sp<SkPathEffect> SkReadBuffer::readFlattenable<SkPathEffect> - 2018-03-21
793637 Security: MSAN detects use of unitialized value in makeWithLocalMatrix (using filter_fuzz_stub) - 2018-03-21
793639 Security: global-buffer-overflow in MakeComposeFilter (filter_fuzz_stub) - 2018-03-21
793863 CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc - 2018-03-21
738401 CrOS: Vulnerability reported in media-libs/tiff - 2018-03-20
791988 CVE-2017-1000405: Security: "Dirty COW" variant on transparent huge pages - 2018-03-20
793571 Crash in SkPngEncoder::onEncodeRows - 2018-03-20
793671 Heap-buffer-overflow in v8::internal::FixedArray::set - 2018-03-20
792439 Security DCHECK failure: !object || (object->IsBox()) in LayoutBox.h - 2018-03-19
793099 Use-after-free in DnsTransaction, again - 2018-03-18
791243 Heap-use-after-free in ui::X11CursorFactoryOzone::RefImageCursor - 2018-03-17
792221 Navigation entry's SSL status is not updated when navigating to an existing page - 2018-03-17
822465 Manage Passwords is set to "Off" but it still autofills credentials - 2018-03-16
648608 PlzNavigate: Properly set the initator of the navigation. - 2018-03-16
791253 Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin - 2018-03-16
792316 Stack-buffer-overflow in SkGaussFilter::SkGaussFilter - 2018-03-16
792422 Security: buffer overflow in AudioSyncReader - 2018-03-16
792549 CHECK failure: dest_data + dest_byte_length <= source_data || source_data + source_byte_length - 2018-03-16
792810 Heap-buffer-overflow in SkReader32::readInt - 2018-03-16
792827 Heap-buffer-overflow in SkReadBuffer::readFlattenable - 2018-03-16
793030 Security: Merge CVE-2017-3738 fix to M64. - 2018-03-16
793170 Use-of-uninitialized-value in SkReadBuffer::readFlattenable - 2018-03-16
746132 bluetooth::mojom::AdapterFactory is available to any renderer without permission checks - 2018-03-15
760342 Issuing multiple redirects hangs any subsequent navigation. This allows URL Spoofing and also a crash. $500 2018-03-15
774174 Security: heap-buffer-overflow in UnpackOneRowOfRGBA5551LittleToRGBA8 $1000 2018-03-15
784183 signed integer overflow in blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle<blink::Image> $4000 2018-03-15
786784 Crash in v8::internal::Invoke - 2018-03-15
791245 Security: V8: JIT: Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug - 2018-03-15
791491 Security: CVE-2017-17095 - libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c) - 2018-03-15
792117 shared_memory_posix.cc memfd_create does not support read-only segments - 2018-03-15
792306 Use-of-uninitialized-value in bool blink::FastParseColorInternal<unsigned char> - 2018-03-15
792658 DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h - 2018-03-15
771482 Use-of-uninitialized-value in media::DecoderBuffer::timestamp - 2018-03-14
780354 Heap-buffer-overflow in ConstantUnion::operator- - 2018-03-14
781147 Heap-buffer-overflow in sw::Array<sw::Float4, 1>::operator - 2018-03-14
784761 U+0D1F and U+0D2F can be used to spoof 'so.com' - 2018-03-14
785675 pobfuzz: cc::DrawTextBlobOp::Deserialize -> use-of-uninitialized-value in int const& SkTMax<int> - 2018-03-14
789479 Security: Multiple vulnerabilities in libcurl - 2018-03-14
791298 Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin - 2018-03-14
791345 Security: Integer overflow in FastArraySliceCodeStubAssembler::HandleFastSlice $5500 2018-03-14
791607 Use-of-uninitialized-value in SkFontRequestCache::Request::Create - 2018-03-14
791616 Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLParser>::ProbeForLowSeverityLifetimeIssue - 2018-03-14
791953 CHECK failure: NumberToUint32 of kRepWord32 (Range(1, NUMBER)) cannot be changed to kRepTaggedS - 2018-03-14
791983 Heap-use-after-free in net::DnsTransactionImpl::DoCallback - 2018-03-14
780301 Use-of-uninitialized-value in TParseContext::parseSingleDeclaration - 2018-03-13
780451 Use-of-uninitialized-value in TParseContext::nonInitErrorCheck - 2018-03-13
780698 Use-of-uninitialized-value in ConstantUnion::cast - 2018-03-13
780750 Heap-buffer-overflow in getAddress - 2018-03-13
785150 Heap-buffer-overflow in getIConst - 2018-03-13
787301 Stack-overflow in v8::internal::TranslatedState::MaterializeAt - 2018-03-13
788070 Use-of-uninitialized-value in net::DnsTransactionImpl::DoCallback - 2018-03-13
788131 Heap-use-after-free in net::DnsTransactionImpl::DoCallback - 2018-03-13
788304 Security: CVE-2017-16939 Linux Kernel XFRM Privilege Escalation - 2018-03-13
789767 MSAN detects use-of-uninitialized-value in analyze_3x4_matrix() in filter_fuzz_stub - 2018-03-13
789764 Crash in v8::internal::Script::FindSharedFunctionInfo - 2018-03-13
791288 Use-after-poison in blink::KURL::KURL - 2018-03-13
791291 Use-after-poison in blink::DocumentThreadableLoader::SetDefersLoading - 2018-03-13
791347 Bad-cast to blink::Resource from invalid vptr in blink::DocumentThreadableLoader::Cancel - 2018-03-13
791348 Use-after-poison in url::Parsed::Parsed - 2018-03-13
791484 Heap-use-after-free in blink::LayoutObject::NextInPreOrder - 2018-03-13
791548 CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc - 2018-03-13
791589 Bad-cast to blink::Resourceblink::DocumentThreadableLoader::SetDefersLoading in media::MultiBuffer::AddReader - 2018-03-13
791597 Crash in media::MultiBuffer::AddReader - 2018-03-13
774382 Security: Persian Calendar Integer overflow lead to OOB read - 2018-03-12
782594 [syzkaller] Linux kernel: multiple vulnerabilities in the USB subsystem - 2018-03-12
779326 Crash in sw::Renderer::taskLoop - 2018-03-10
779364 Security: SwiftShader sw::Renderer::taskLoop $1000 2018-03-10
788208 Use-of-uninitialized-value in SkFontRequestCache::Request::Create - 2018-03-10
791003 Security: Sandbox escape via exposed "filesystem::mojom::Directory" mojo interface in "catalog" service - 2018-03-10
791105 Heap-use-after-free in blink::LayoutObject::NextInPreOrder - 2018-03-10
765371 Security: bluetooth LE advertisement storm can remotely hang/crash chromebooks, android devices, and some iOS devices with little or no user action needed - 2018-03-09
789109 CrOS: Vulnerability reported in net-misc/curl - 2018-03-09
789492 CVE-2017-16647 CrOS: Vulnerability reported in Linux kernel - 2018-03-09
789494 CVE-2017-16649 CrOS: Vulnerability reported in Linux kernel - 2018-03-09
789496 CrOS: Vulnerability reported in net-misc/rsync - 2018-03-09
789682 ServiceWorkerScriptURLLoader does not check for certificate errors properly - 2018-03-09
789812 Use-of-uninitialized-value in sse41::blit_row_s32a_opaque - 2018-03-09
789952 Security: NCSC Vulnerability Report - Google Chrome - V8 JavaScript Engine $2000 2018-03-09
790684 Crash in FromAddress - 2018-03-09
790687 Crash in v8::internal::Heap::InNewSpace - 2018-03-09
790696 DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc - 2018-03-09
790721 Crash in v8::internal::HeapObject::map_word - 2018-03-09
790729 Crash in InNewSpace - 2018-03-09
790753 Crash in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ConcurrentM - 2018-03-09
790758 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h - 2018-03-09
790885 DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc - 2018-03-09
740556 Security: HTML sandbox restrictions are removed after a redirect through docs.google.com - 2018-03-08
777350 Relative report-uri for CSP combined against wrong base $500 2018-03-08
778658 Security: content security policy bypass $1000 2018-03-08
787103 Cross-origin Shared Worker $2000 2018-03-08
789497 Security: Information Leak in mincore() - 2018-03-08
734931 Security: c-ares NAPTR parser out of bounds access - 2018-03-07
787712 Use After Free (write) in SkPerlinNoiseShaderImpl - 2018-03-07
788441 DCHECK failure in non_compiled_functions.size() == idx in module-compiler.cc - 2018-03-07
788508 Heap-use-after-free in media::PipelineImpl::RendererWrapper::Stop - 2018-03-07
789113 Global-buffer-overflow in CXFA_Node::NameToElement - 2018-03-07
789372 DCHECK failure in isolate == nullptr implies icache_flush_mode == SKIP_ICACHE_FLUSH in assembler-a - 2018-03-07
788230 Crash in mov_read_sidx - 2018-03-06
788469 Crash in v8::internal::CallInternal - 2018-03-06
788539 CHECK failure: frame_state->opcode() == IrOpcode::kFrameState || (node->opcode() == IrOpcode::k - 2018-03-06
785809 Security: Chrome does not percent-escape the URL passed to external handler $500 2018-03-05
786020 CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc - 2018-03-05
779629 Security: Google's Chrome Cleanup Tool DLL Preloading Vulnerability - 2018-03-01
783132 CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d - 2018-03-01
784808 CVE-2017-15951 CrOS: Vulnerability reported in Linux kernel - 2018-03-01
784080 Crash in v8::internal::Simulator::DecodeType3 $1500 2018-03-01
787910 Use-after-poison in parameter_count - 2018-03-01
781529 Crash in CPDF_HintTables::ReadPageHintTable - 2018-02-28
783729 CVE-2017-15649 CrOS: Vulnerability reported in Linux kernel - 2018-02-28
786700 CrOS: Vulnerability reported in net-misc/wget - 2018-02-28
786754 Bad-cast to const blink::BeginTransformDisplayItem from blink::DisplayItem in blink::BeginTransformDisplayItem::Equals - 2018-02-28
787606 Bad-cast to const blink::ClipDisplayItem from blink::DisplayItem in blink::ClipDisplayItem::Equals - 2018-02-28
787661 Heap-buffer-underflow in cc::DisplayItemList::EndPaintOfPairedEnd - 2018-02-28
771973 DCHECK failure in (location_) != nullptr in handles.cc - 2018-02-27
786524 Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord - 2018-02-27
786573 Security: V8: Integer overflow in Runtime_RegExpReplace - 2018-02-27
786934 Use-after-poison in std::__1::vector<v8::internal::MachineRepresentation, v8::internal::ZoneAllocato - 2018-02-27
770734 Heap-buffer-overflow in bool url::DoExtractQueryKeyValue<char> - 2018-02-26
785804 DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h - 2018-02-26
774842 Security: Visually-perfect domain spoofing using dotless-i plus combining mark $500 2018-02-25
615608 Security: Chrome browser not respecting no-referrer meta tag - 2018-02-24
740314 CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug - 2018-02-24
774438 Security: Permission request UI spoof (improper URL truncation) $500 2018-02-24
775527 Security: Privileged XSS in DevTools $1000 2018-02-24
776256 CHECK failure: input->op()->ValueOutputCount() > index in verifier.cc - 2018-02-24
780699 Crash in __printf_chk - 2018-02-24
782119 Security DCHECK failure: value.IsPrimitiveValue() in CSSPrimitiveValue.h - 2018-02-24
785760 Heap-use-after-free in media::FrameBufferPool::OnVideoFrameDestroyed - 2018-02-24
786278 Crash in v8::internal::FreeList::Allocate - 2018-02-24
786587 DCHECK failure in raw_properties_or_hash()->IsSmi() || (raw_properties_or_hash()->IsDictionary() = - 2018-02-24
786649 Crash in v8::internal::Heap::AllocateCode - 2018-02-24
617963 Security: Service Workers Response Size Info Leak - 2018-02-22
699028 Security: Canvas composite operations and CSS blend modes leak cross-origin data via timing attacks. $2000 2018-02-22
772262 DCHECK failure in cursor - bytes.get() + buffer->length() <= total_size_ in streaming-decoder.cc - 2018-02-22
778668 Crash in v8::internal::Invoke - 2018-02-22
781766 Crash in media::SourceBufferRangeByPts::GetBufferIndexAt - 2018-02-22
784863 CHECK failure: nof_elements <= array_length in objects-debug.cc - 2018-02-22
784869 pobfuzz: SkTextBlob::Deserialize -> SkPaint::unflatten heap-buffer-overflow - 2018-02-22
784990 DCHECK failure in nod == removed_holes_index in objects.cc - 2018-02-22
785095 DCHECK failure in !done() || handler_ == nullptr in frames.cc - 2018-02-22
785270 Heap-buffer-overflow in SkReadBuffer::readRect - 2018-02-22
785520 DCHECK failure in !heap->HasRecordedSlot( *object, HeapObject::RawField(*object, index.offset())) - 2018-02-22
777041 Crash in blink::PersistentBase<blink::DummyGCBase, - 2018-02-21
779457 DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc - 2018-02-21
780402 Pwn2own: V8 - isolate control via function deoptimization - 2018-02-21
781518 Chromium: Vulnerability reported in expat - 2018-02-21
783914 Heap-buffer-overflow in safe_browsing::dmg::HFSBTreeIterator::Next - 2018-02-21
784862 CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc - 2018-02-21
784867 DCHECK failure in node->id() < count_ in simplified-lowering.cc - 2018-02-21
699461 Security: HSTS Bypass via flooding of the HSTS policy file - 2018-02-20
780484 Security: unsafe navigation in chromecast plugin possibly causing UXSS and popup block bypass $500 2018-02-20
780780 CrOS: Vulnerability reported in net-misc/curl - 2018-02-20
783119 CHECK failure: nof_elements <= array_length in objects-debug.cc - 2018-02-20
783815 Heap-buffer-overflow in SkReader32::readInt - 2018-02-20
783926 DCHECK failure in kSmi == type() in ast.cc - 2018-02-20
784146 DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc - 2018-02-20
784242 Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord - 2018-02-20
784533 DCHECK failure in IsTyped(node) in node-properties.h - 2018-02-20
758169 Website thumbnail screenshot access even after all private data is deleted - 2018-02-19
783902 CHECK failure: method->map()->instance_descriptors()->GetKey(kHomeObjectPropertyIndex) == isola - 2018-02-19
783828 Heap-buffer-overflow in SkReadBuffer::readRect - 2018-02-19
784054 Heap-buffer-overflow in SkString::Rec::Make - 2018-02-19
784336 Heap-buffer-overflow in SkReadBuffer::peekByte - 2018-02-19
778101 SPAKE password-scalar not multiplied by 8 $500 2018-02-17
781520 CVE-2017-12192 CrOS: Vulnerability reported in Linux kernel - 2018-02-17
781592 Received signal 11 SEGV_MAPERR running mutant1110_regress-arguments-slice.js - 2018-02-17
783243 CVE-2017-16528: CrOS: ALSA: seq: Use after free at unbind device - 2018-02-17
783822 DCHECK failure in key->IsSmi() in runtime-classes.cc - 2018-02-17
797484 CrOS: Vulnerability reported in net-misc/rsync - 2018-02-16
776309 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i - 2018-02-16
782754 DCHECK failure in this->IsInhabited() in types.cc - 2018-02-16
783019 CHECK failure: #863:JSCallRuntime should be followed by IfSuccess/IfException, but is only foll - 2018-02-16
783035 CHECK failure: Representation inference: unsupported opcode 61 (Dead), node #NUMBER in simplifi - 2018-02-16
676773 Security: Adobe Flash MovieClip.createTextField Use After Free $3000 2018-02-15
676778 Security: Adobe Flash Camera Object Use After Free $3000 2018-02-15
676789 Security: Adobe Flash TextField.variable property setter Use After Free $3000 2018-02-15
708957 Origin missing from AMP content delivered by AGSA - 2018-02-15
726142 Security: RenderFrameHostImpl::UpdatePermissionsForNavigation is called too often - 2018-02-15
767359 Security: Blink Bindings - Use After Free in blink::ScriptState::From - 2018-02-15
779242 Bad-cast to std::__1::__shared_weak_count from invalid vptr;v8::internal::wasm::AsyncCompile;v8::WebAssemblyCompile - 2018-02-15
780782 CVE-2017-1000111 CrOS: Vulnerability reported in Linux kernel - 2018-02-15
780783 CVE-2017-1000112 CrOS: Vulnerability reported in Linux kernel - 2018-02-15
782267 DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc - 2018-02-15
782596 Heap-buffer-overflow in CPDF_TextPage::IsHyphen - 2018-02-15
347200 Security: Drag-Drop is possible in fullscreen and not canceled on fullscreen exit - 2018-02-14
591804 Should an <iframe> access chrome://resources? - 2018-02-14
782145 Security:V8:Type Confusion Leads To OOB Read Write $3000 2018-02-14
782413 DCHECK failure in slot == stack_state.end() in liftoff-assembler.cc - 2018-02-14
775868 Heap-use-after-free in SkPathRef::countVerbs - 2018-02-13
779407 DCHECK failure in !done() || handler_ == nullptr in frames.cc - 2018-02-13
780784 CVE-2017-15537 CrOS: Vulnerability reported in Linux kernel - 2018-02-13
782075 Use-of-uninitialized-value in gray_set_cell - 2018-02-13
771972 Heap-buffer-overflow in v8::internal::wasm::ModuleDecoderImpl::DecodeFunctionBody - 2018-02-10
780558 Heap-use-after-free in blink::LayoutObject::NextInPreOrder - 2018-02-10
780708 Security: "googlechrome" scheme allows opening downloaded files in content scheme - 2018-02-10
777215 Security: ChromeOS printer zeroconf remote code execution $2000 2018-02-09
778251 InputScalesValid has a potential buffer overflow - 2018-02-09
758478 Incorrect-function-pointer-type in _hb_blob_destroy_user_data - 2018-02-09
761245 Incorrect-function-pointer-type in _hb_blob_destroy_user_data - 2018-02-09
778505 Security: OOB Write in QuicStreamSequencerBuffer::OnStreamData $10500 2018-02-09
781116 DCHECK failure in false == cell_reports_intact in isolate.cc - 2018-02-09
768203 Heap-use-after-free in blink::AXLayoutObject::GetDocument - 2018-02-08
774846 Heap-buffer-overflow in base::BigEndianWriter::WriteBytes - 2018-02-08
774854 Use-of-uninitialized-value in void base::internal::VectorBuffer<std::__1::basic_string<char, std::__1::char_tr - 2018-02-08
777728 Security: Stack Buffer Overflow in QuicClientPromisedInfo::OnPromiseHeaders $10500 2018-02-08
778189 CVE-2017-15265 CrOS: Vulnerability reported in Linux kernel - 2018-02-08
779314 Security: OOB Read in BlobStorageContext::BlobFlattener::BlobFlattener $2500 2018-02-08
779919 Heap-use-after-free in net::HttpNetworkTransaction::~HttpNetworkTransaction - 2018-02-08
779949 Heap-buffer-overflow in SkPixmap::getColor - 2018-02-08
666824 Security: bypass user gesture requirement for dangerous download types: Chrome extension → local user privilege escalation - 2018-02-07
753645 Security: Autocomplete data can be stolen by malicious webpage $1000 2018-02-06
772897 DCHECK failure in !has_pending_exception() in isolate.cc - 2018-02-06
778940 Crash in LoadImageRow<DataType::RGB565> - 2018-02-06
778951 Crash in LoadImageRow<DataType::Bytes_2> - 2018-02-06
779327 Use-of-uninitialized-value in sw::RegisterArray<16, false>::RegisterArray - 2018-02-06
779826