881763
|
Index-out-of-bounds in vrend_set_single_ssbo
|
-
|
2018-12-29
|
887626
|
Heap-use-after-free in CPDF_StreamAcc::~CPDF_StreamAcc
|
-
|
2018-12-29
|
877767
|
CHECK failure: FinalAssessment::cast(assessment)->virtual_register() == virtual_register in reg
|
-
|
2018-12-28
|
879965
|
Canceling a browser-initiated navigation by using the history.back function
|
$500
|
2018-12-28
|
880675
|
Security: heap-buffer-overflow in CPDF_DIBSource::DownSampleScanline8Bit
|
$1000
|
2018-12-28
|
880207
|
Security: incorrect type information on Math.expm1
|
-
|
2018-12-28
|
887891
|
CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc
|
-
|
2018-12-28
|
779028
|
Security: content security policy bypass by writing to loading Frame's ContentDocument
|
$1000
|
2018-12-27
|
880173
|
heap use-after-free on AsyncCompileJob::CompileTask::Cancel
|
-
|
2018-12-27
|
884052
|
DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line
|
-
|
2018-12-26
|
884664
|
Security: Use-after-free in XFA_DataExporter_DealWithDataGroupNode
|
$3000
|
2018-12-26
|
885383
|
Use-of-uninitialized-value in blink::LayoutTable::RecalcSections
|
-
|
2018-12-26
|
885907
|
Use-of-uninitialized-value in blink::LayoutTable::RecalcSections
|
-
|
2018-12-26
|
852634
|
Security: Chrome for iOS URL spoofing using location.replace and history.back
|
$500
|
2018-12-25
|
863703
|
Extension popovers do not overlap the Chrome, so they can be spoofed in the viewport.
|
-
|
2018-12-25
|
880786
|
CrOS: Vulnerability reported in sys-apps/busybox
|
-
|
2018-12-25
|
884179
|
Security: http authentication spoof on chrome android
|
$1000
|
2018-12-25
|
884242
|
P2P TCP sockets may crash the network service after receiving invalid packet
|
-
|
2018-12-25
|
879543
|
CrOS: Vulnerability reported in sys-apps/busybox
|
-
|
2018-12-24
|
868592
|
Window state leaking from one page to another.
|
-
|
2018-12-22
|
879226
|
Crash in es2::Texture2D::getFormat
|
-
|
2018-12-22
|
881917
|
Heap-buffer-overflow in cc::SurfaceLayer::SetHasPointerEventsNone
|
-
|
2018-12-22
|
883492
|
DCHECK failure in !array_buffer_transfer_map_.Find(array_buffer) in value-serializer.cc
|
$3500
|
2018-12-22
|
882078
|
Security: IDN URL Spoofing with âà¸â
|
$500
|
2018-12-21
|
880906
|
Security: ANGLE TextureStorage11::setData Memory Corruption
|
$1000
|
2018-12-21
|
883172
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSNumberFormat()) in js-nu
|
-
|
2018-12-21
|
835667
|
pdfium: stack-buffer-overflow in IntersectSides
|
$500
|
2018-12-20
|
880015
|
Security: Mixed content check is bypassed when loading Worklets
|
-
|
2018-12-20
|
880023
|
Security: Mixed content check is bypassed in data: workers created from HTTPS Documents
|
-
|
2018-12-20
|
882449
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2018-12-20
|
883059
|
DCHECK failure in is_resolved() in ast.h
|
-
|
2018-12-20
|
883164
|
Use-after-poison in v8::internal::interpreter::BytecodeGenerator::BuildVariableLoad
|
-
|
2018-12-20
|
883215
|
Use-after-poison in v8::internal::Variable::location
|
-
|
2018-12-20
|
883280
|
DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h
|
-
|
2018-12-20
|
872651
|
DCHECK failure in !name->AsArrayIndex(&index) in lookup-inl.h
|
-
|
2018-12-19
|
882686
|
Stack-buffer-overflow in content::ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin
|
-
|
2018-12-19
|
883181
|
Crash in v8::internal::interpreter::BytecodeRegisterOptimizer::GetRegisterInfo
|
-
|
2018-12-19
|
824130
|
Security: Several CORS security issues in browsers and specs, asking for comments
|
$2000
|
2018-12-17
|
876252
|
Use-of-uninitialized-value in v8::internal::Factory::NewNumber
|
-
|
2018-12-15
|
877785
|
Crash in cc::RestoreOp::Serialize
|
-
|
2018-12-15
|
880123
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2018-12-15
|
875579
|
Bad-cast to v8::internal::wasm::AsyncCompileJob::CompileTask from invalid vptr in v8::internal::wasm::AsyncCompileJob::CancelPendingForegroundTask
|
-
|
2018-12-14
|
880322
|
Security: Update third_party/libpng to mitigate CVE-2016-10087
|
-
|
2018-12-14
|
881644
|
Bad-cast to const blink::LayoutBlock from blink::LayoutEmbeddedObject in blink::BoxModelObjectPainter::PaintTextClipMask
|
-
|
2018-12-14
|
881736
|
Security DCHECK failure: object.IsLayoutBlock() in layout_block.h
|
-
|
2018-12-14
|
840163
|
Crash in glvmRasterOpRead
|
-
|
2018-12-13
|
866016
|
Security: Chrome OS (dev channel): app->VM via garcon TCP command socket
|
-
|
2018-12-13
|
880697
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i
|
-
|
2018-12-13
|
880759
|
Chrome 69 URL Spoof via double-click
|
$1000
|
2018-12-13
|
881021
|
DCHECK failure in CanSubclassHaveInobjectProperties(instance_type) in objects.cc
|
-
|
2018-12-13
|
731640
|
CrOS: Vulnerability reported in net-nds/openldap
|
-
|
2018-12-12
|
855008
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2018-12-12
|
877036
|
CVE-2018-1000204 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-12-12
|
879142
|
Use-of-uninitialized-value in v8::internal::Simulator::FPCompare
|
-
|
2018-12-11
|
879898
|
CHECK failure: TypeError: node #28:JSToNumber type Numeric is not Number in verifier.cc
|
-
|
2018-12-11
|
880181
|
Use-of-uninitialized-value in network::P2PSocketUdp::HandleReadResult
|
-
|
2018-12-11
|
844881
|
Security: Address spoofing in Omnibox
|
$3000
|
2018-12-08
|
870804
|
Crash in es2::Program::linkAttributes
|
-
|
2018-12-08
|
508641
|
Integer overflow checking in SkAutoTMalloc/SkAutoSTMalloc
|
-
|
2018-12-07
|
846296
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2018-12-07
|
872189
|
Security: Little-CMS (lcms) Heap Buffer Overflow in AllocateDataSet
|
$3500
|
2018-12-07
|
875322
|
Function Signature Mismatch Error When Using Dynamic Linking for WebAssembly
|
$3000
|
2018-12-07
|
878652
|
Use-of-uninitialized-value in content::FileSystemDispatcher::ReadDirectorySync
|
-
|
2018-12-07
|
878725
|
Bad-cast to blink::LayoutTableRow from blink::LayoutSVGText in blink::ToLayoutTableRow
|
-
|
2018-12-07
|
878735
|
CVE-2018-13405 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-12-07
|
879085
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2018-12-07
|
879025
|
Security: PDFium UAF in CFX_CodecMemory::~CFX_CodecMemory
|
-
|
2018-12-07
|
874030
|
CrOS: Vulnerability reported in net-dialup/ppp
|
-
|
2018-12-06
|
874614
|
CVE-2018-3620: L1 Terminal Fault: OS/SMM
|
-
|
2018-12-06
|
874617
|
CVE-2018-3646: L1 Terminal Fault: VMM
|
-
|
2018-12-06
|
877874
|
Crash in gpu::gles2::Texture::ClearRenderableLevels
|
$1000
|
2018-12-06
|
878761
|
Use-after-poison in blink::HTMLImportsController::Dispose
|
-
|
2018-12-06
|
878845
|
CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass
|
-
|
2018-12-06
|
877182
|
Security: Mojo DataPipe*Dispatcher deserialization lacking validation
|
-
|
2018-12-05
|
877766
|
Heap-use-after-free in fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue
|
-
|
2018-12-05
|
812769
|
Security: Cast UI hides Full-screen warning
|
$500
|
2018-12-04
|
853520
|
use-after-free in operator-> buildtools/third_party/libc++/trunk/include/memory (WebAudio thread)
|
$1000
|
2018-12-04
|
870678
|
heap-use-after-free on IsSweepingInProgress()
|
$1000
|
2018-12-04
|
875621
|
Read AV in browser process
|
$5000
|
2018-12-04
|
875680
|
Crash in vp8_decode_mb_tokens
|
-
|
2018-12-04
|
877641
|
Stack overflow
|
-
|
2018-12-04
|
867356
|
Security: Chrome OS: filesystem restrictions bypass using crosvm sshfs
|
-
|
2018-12-03
|
877470
|
SVG element can cause bad-cast to LayoutTableCell
|
-
|
2018-12-03
|
877498
|
Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox
|
-
|
2018-12-03
|
857469
|
CHECK failure: ==NUMBER==ABORTING in int64-lowering.cc
|
-
|
2018-12-02
|
340512
|
Security: ImageBurner path validation on ChromeOS
|
-
|
2018-12-01
|
866129
|
Security: Chrome OS runs ancient unrar in CAP_SYS_ADMIN context
|
-
|
2018-12-01
|
875739
|
Security: Unauthenticated EAPOL-Key decryption in wpa_supplicant
|
-
|
2018-12-01
|
869941
|
CVE-2018-5391: Issue 3: FragmentSmack (IP fragments)
|
-
|
2018-11-30
|
875494
|
heap-buffer-overflow in [@ SkDashPath::InternalFilter]
|
-
|
2018-11-30
|
876696
|
DCHECK failure in kSmiValueSize < layout_descriptor_length in layout-descriptor.cc
|
-
|
2018-11-30
|
877198
|
Bad-cast to v8::(anonymous namespace)::ArrayBufferAllocator from v8::(anonymous namespace)::ShellArrayBufferAllocator in v8::ArrayBufferDeleter
|
-
|
2018-11-30
|
817595
|
Crash in libappindicator3.so.1
|
-
|
2018-11-29
|
876443
|
CHECK failure: Type cast failed in CAST(p_o) at ../../src/code-stub-assembler.h:351 in code-ass
|
-
|
2018-11-29
|
876991
|
Crash in gldRenderFillPolygonPtr
|
-
|
2018-11-29
|
875556
|
Heap-buffer-overflow in int v8::internal::wasm::Decoder::read_leb_tail<int,
|
-
|
2018-11-28
|
876222
|
Container-overflow in CJBig2_GRDProc::ProgressiveArithDecodeState::~ProgressiveArithDecodeState
|
-
|
2018-11-28
|
870226
|
Security: v8 compactor may operate on undefined slots
|
$3000
|
2018-11-27
|
875158
|
Heap-buffer-overflow in media::VideoFrame::visible_data
|
$1500
|
2018-11-27
|
875712
|
Bad-cast to blink::MediaKeySystemConfiguration from invalid vptr in bool WTF::TraceInCollectionTrait<
|
-
|
2018-11-27
|
875847
|
DCHECK failure in obj->IsExternalString() in heap.cc
|
-
|
2018-11-27
|
875885
|
Bad-cast to CharacterStream<uint16_t>' (aka 'CharacterStream<unsigned short>') from v8::internal::RelocatingCharacterStream<unsigned char> in v8::internal::wasm::AsmJsParser::AsmJsParser
|
-
|
2018-11-27
|
876255
|
CHECK failure: mem_size <= wasm::kV8MaxWasmMemoryBytes in wasm-objects.cc
|
-
|
2018-11-27
|
874460
|
Heap-use-after-free in message_center::MessagePopupView::UpdateContents
|
-
|
2018-11-26
|
873436
|
Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow
|
-
|
2018-11-24
|
852251
|
Heap-use-after-free in blink::LayoutObject::WillBeDestroyed
|
-
|
2018-11-23
|
873529
|
Heap-use-after-free in base::MessageLoop::DeletePendingTasks
|
-
|
2018-11-23
|
874416
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2018-11-23
|
874433
|
Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut
|
-
|
2018-11-23
|
874572
|
Global-buffer-overflow in MemoryRead<unsigned
|
-
|
2018-11-23
|
874613
|
CVE-2018-3615: L1 Terminal Fault: SGX
|
-
|
2018-11-23
|
853422
|
DCHECK failure in address % access_size == 0 in simulator-arm64.cc
|
-
|
2018-11-22
|
872746
|
Security: Vulnerable SRK may survive in case of interrupted TPM firmware update
|
-
|
2018-11-22
|
873080
|
Security: fullscreen UI spoof using pdf prompt
|
$1000
|
2018-11-22
|
873500
|
CVE-2018-1120 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-11-22
|
874359
|
Security: heap-buffer-overflow in CJS_PublicMethods::AFRange_Validate
|
-
|
2018-11-22
|
874396
|
Crash in blink::HeapLinkedHashSet<blink::WeakMember<blink::SVGSMILElement>, WTF::MemberHa
|
-
|
2018-11-22
|
874393
|
Crash in TableSizeMask
|
-
|
2018-11-22
|
874420
|
Crash in blink::SMILTimeContainer::Unschedule
|
-
|
2018-11-22
|
874461
|
Use-after-poison in blink::SMILTimeContainer::UpdateAnimations
|
-
|
2018-11-22
|
874458
|
Crash in blink::HeapHashTableBacking<WTF::HashTable<blink::QualifiedName, WTF::KeyValuePa
|
-
|
2018-11-22
|
874462
|
Crash in blink::SMILTimeContainer::SetElapsed
|
-
|
2018-11-22
|
874469
|
Crash in Unlink
|
-
|
2018-11-22
|
874528
|
Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::Trace<blink::SVGAnimatedPropertyBase>
|
-
|
2018-11-22
|
874568
|
Crash in blink::SMILTimeContainer::SetElapsed
|
-
|
2018-11-22
|
874582
|
Crash in Unlink
|
-
|
2018-11-22
|
874578
|
Bad-cast to blink::ActiveScriptWrappableBase from invalid vptr in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables
|
-
|
2018-11-22
|
874585
|
Bad-cast to blink::SVGElement from invalid vptr in blink::SVGElement::RemoveAllOutgoingReferences
|
-
|
2018-11-22
|
874600
|
Crash in InsertBefore
|
-
|
2018-11-22
|
874757
|
Use-after-poison in blink::ActiveScriptWrappableBase::TraceActiveScriptWrappables
|
-
|
2018-11-22
|
874714
|
Use-after-poison in blink::TreeScope::RemoveElementById
|
-
|
2018-11-22
|
873693
|
Heap-buffer-overflow in av_encryption_init_info_add_side_data
|
-
|
2018-11-21
|
873914
|
Bad-cast to blink::ImageBitmap from base class subobject at offset 80 in blink::WebGLRenderingContextBase::TexImageByGPU
|
-
|
2018-11-21
|
873993
|
Use-of-uninitialized-value in spvtools::val::CheckDecorationsOfEntryPoints
|
-
|
2018-11-21
|
865380
|
Use-of-uninitialized-value in test_runner::PrintFrameDescription
|
-
|
2018-11-20
|
866766
|
Use-of-uninitialized-value in gpu::CommonDecoder::Bucket::GetAsStrings
|
-
|
2018-11-20
|
869837
|
Crash in v8::internal::Simulator::LoadStoreHelper
|
-
|
2018-11-20
|
873442
|
Heap-buffer-overflow in spvtools::val::Instruction::word
|
-
|
2018-11-20
|
871787
|
Use-of-uninitialized-value in storage::DatabaseTracker::UpdateOpenDatabaseInfoAndNotify
|
-
|
2018-11-18
|
871731
|
CVE-2018-12232 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-11-17
|
872514
|
CHECK failure: 0 < icu_length in intl-objects.cc
|
-
|
2018-11-17
|
849691
|
Android app on CrOS allows capture of a HTML select tag when FLAG_SECURE is set
|
-
|
2018-11-16
|
872140
|
Bad-cast to content::BrowserGpuClientDelegate from device::mojom::ScreenOrientationRequestValidator in void base::internal::FunctorTraits<void
|
-
|
2018-11-16
|
872219
|
Bad-cast to content::BrowserGpuClientDelegatevoid base::internal::FunctorTraits<void in MakeItSo<void
|
-
|
2018-11-16
|
872244
|
Crash in __ubsan::checkDynamicType
|
-
|
2018-11-16
|
872573
|
Heap-use-after-free in spvtools::opt::Instruction::NumOperands
|
-
|
2018-11-16
|
867370
|
use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage)
|
$3000
|
2018-11-15
|
871005
|
Heap-use-after-free in views::Slider::SetValueInternal
|
-
|
2018-11-15
|
871928
|
Security: libaom/av1_dec_fuzzer: Crash in av1_decode_tg_tiles_and_wrapup
|
-
|
2018-11-15
|
859218
|
Security: Referrer leak when Chrome Web App is installed on a path (repro issue 791216 on Mac)
|
-
|
2018-11-14
|
870178
|
Heap-buffer-overflow in SkPaint::getTextWidths
|
-
|
2018-11-14
|
870571
|
Heap-buffer-overflow in spvtools::val::ValidateCopyMemory
|
-
|
2018-11-14
|
870941
|
Crash in SkRect::set
|
-
|
2018-11-14
|
863069
|
Site Isolation: Attacker-controlled data URLs end up in wrong process after tab restore
|
$3000
|
2018-11-13
|
870306
|
Use-after-poison in void blink::Visitor::HandleWeakCell<blink::SVGElement>
|
$3500
|
2018-11-13
|
870675
|
Heap-use-after-free in base::DeleteHelper<content::ResolveProxyMsgHelper>::DoDelete
|
-
|
2018-11-13
|
862004
|
Security: stack-buffer-underflow in Break
|
-
|
2018-11-12
|
866229
|
CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc
|
-
|
2018-11-11
|
866895
|
Security: Chrome OS: symlink traversal issue in /sbin/crash_reporter
|
-
|
2018-11-11
|
833138
|
Consider blocking U+0307 after other i-like characters (e.g. U+1EC9)
|
$500
|
2018-11-10
|
870567
|
Use-of-uninitialized-value in content::StatusCallbackAdapter
|
-
|
2018-11-10
|
870649
|
Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
|
-
|
2018-11-10
|
870682
|
Crash in content::RunCallbacks
|
-
|
2018-11-10
|
751423
|
heap-buffer-overflow in SkMatrix::setRSXform
|
$500
|
2018-11-09
|
868333
|
CHECK failure: receiver->IsJSFunction() in objects.cc
|
-
|
2018-11-09
|
869313
|
CHECK failure: Type cast failed in CAST(LoadObjectField(data_view, JSDataView::kByteLengthOffse
|
-
|
2018-11-09
|
870351
|
Bad-cast to blink::V8EventListener from blink::V8LazyEventListener in blink::V8EventListenerHelper::GetEventListener
|
-
|
2018-11-09
|
865387
|
Use-after-poison in blink::HTMLImportsController::Dispose
|
-
|
2018-11-08
|
866301
|
Heap-use-after-free in views::Slider::SetValueInternal
|
-
|
2018-11-08
|
868463
|
Security: libaom build default values
|
-
|
2018-11-08
|
868619
|
Security: Kernel Level Memory Leak as a result of GDI object creations
|
-
|
2018-11-08
|
869593
|
Heap-use-after-free in message_center::MessagePopupCollection::OnNotificationUpdated
|
-
|
2018-11-08
|
869716
|
Heap-use-after-free in message_center::NotificationList::GetNotification
|
-
|
2018-11-08
|
822518
|
iframe sandbox escape
|
$1000
|
2018-11-07
|
848123
|
Cross-origin-read attack by chaining three vulnerabilities
|
$2000
|
2018-11-07
|
864162
|
ASSERT: GTK_IS_WIDGET (widget)
|
-
|
2018-11-07
|
869347
|
DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h
|
-
|
2018-11-07
|
751921
|
Security: stack-buffer-overflow in SkPoint
|
$1000
|
2018-11-06
|
750561
|
Heap-buffer-overflow in ClipRestore
|
$1000
|
2018-11-06
|
856967
|
Crash in getAddress
|
-
|
2018-11-06
|
857383
|
DCHECK failure in result in int64-lowering.cc
|
-
|
2018-11-06
|
860522
|
Null-dereference READ in blink::AudioNode::Handler
|
$500
|
2018-11-06
|
867776
|
V8 OOB write BigInt64Array.of and BigInt64Array.from side effect neuter
|
$5000
|
2018-11-06
|
869293
|
DCHECK failure in !IsClearedWeakHeapObject() in maybe-object-inl.h
|
-
|
2018-11-06
|
805496
|
Security: Self-update service worker to stay alive
|
$500
|
2018-11-05
|
867374
|
Security: ARC: mount-passthrough sandbox bypass via procfs
|
-
|
2018-11-05
|
808407
|
CSP bypass and XSS introduction via JavaScript URI in view source
|
-
|
2018-11-03
|
818376
|
Security: Off-by-1 buffer over-read in Crashpad
|
-
|
2018-11-03
|
821704
|
ASSERT: G_IS_OBJECT (object)
|
-
|
2018-11-03
|
845983
|
Security: Android WebView can be tricked into navigating the top frame from a sandboxed iframe without allow-top-navigation
|
-
|
2018-11-03
|
848535
|
Security: history.back() can be used to bypass multiple downloads restriction.
|
-
|
2018-11-03
|
858929
|
Security: URL bar spoofing with Full-screen mode
|
$500
|
2018-11-03
|
866427
|
Security: Taps on the parent window pass through to an iframe in Android Chrome
|
-
|
2018-11-03
|
866698
|
Security: libaom/av1_dec_fuzzer_threaded: ASSERT: 0 <= sum && sum < (1 << (bd + FILTER_BITS + 1))
|
-
|
2018-11-03
|
867792
|
Security: corrupt VP9 frame will cause tab crash
|
-
|
2018-11-03
|
868203
|
Heap-use-after-free in base::sequence_manager::LazyNow::Now
|
-
|
2018-11-03
|
868586
|
DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h
|
-
|
2018-11-03
|
868628
|
DCHECK failure in !object->IsClearedWeakHeapObject() in maybe-handles-inl.h
|
-
|
2018-11-03
|
569955
|
Security: Universal XSS by using fullscreen API
|
-
|
2018-11-02
|
760416
|
Security: Python scripts use HTTP to interact with Closure compiler web service
|
-
|
2018-11-02
|
838098
|
Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt
|
-
|
2018-11-02
|
865950
|
Heap-use-after-free in blink::WorkerThread::PrepareForShutdownOnWorkerThread
|
-
|
2018-11-02
|
867314
|
Use-of-uninitialized-value in SkOpAngle::lastMarked
|
-
|
2018-11-02
|
867762
|
Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp in base::LoadNativeLibraryWithOptions
|
-
|
2018-11-02
|
868077
|
Global-buffer-overflow in SkOpPtT::prev
|
-
|
2018-11-02
|
867789
|
Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt
|
-
|
2018-11-02
|
842503
|
Security: Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight
|
$3000
|
2018-11-01
|
866282
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i
|
-
|
2018-11-01
|
866357
|
DCHECK failure in UnusedPropertyFields() == map->UnusedPropertyFields() in map-inl.h
|
-
|
2018-11-01
|
866727
|
DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc
|
-
|
2018-11-01
|
867306
|
Fix DOMStorageNamespace UAF
|
-
|
2018-11-01
|
728200
|
Security: PDFium JS: Field::m_pJSDoc lifetime issue
|
-
|
2018-10-31
|
860697
|
Security: Use-after-free in CPDFSDK_Widget::Synchronize
|
$3000
|
2018-10-31
|
866635
|
gcm's SocketOutputStream::Flush can write arbitrary data to the network
|
-
|
2018-10-31
|
867048
|
Use-of-uninitialized-value in v8::internal::Scanner::SkipMultiLineComment
|
-
|
2018-10-31
|
866208
|
DCHECK failure in !Contains(string) in heap-inl.h
|
-
|
2018-10-30
|
532374
|
Service Worker should not intercept the fetch requests which are initiated from opaque (cross-origin no-cors) stylesheet.
|
-
|
2018-10-29
|
861953
|
DCHECK failure in (token.literal_chars) != nullptr in scanner.cc
|
-
|
2018-10-27
|
863623
|
Security: Blob URL created from Data URL shares same process despite creator being cross-site
|
$3000
|
2018-10-27
|
866210
|
Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock
|
-
|
2018-10-27
|
866227
|
Use-of-uninitialized-value in void cc::PaintOpReader::ReadFlattenable<SkMaskFilter>
|
-
|
2018-10-27
|
866233
|
Use-of-uninitialized-value in cc::PaintOpReader::Read
|
-
|
2018-10-27
|
848306
|
use-after-poison in operator blink::ExecutionContext *
|
$1000
|
2018-10-26
|
863974
|
Incomplete fix of issue 853937
|
$3133
|
2018-10-25
|
864932
|
Security: Little-CMS (lcms) Heap Buffer Overflow
|
$2500
|
2018-10-25
|
865264
|
DCHECK failure in !dictionary->requires_slow_elements() in elements.cc
|
-
|
2018-10-25
|
865312
|
DCHECK failure in end <= array->length_value() in elements.cc
|
-
|
2018-10-25
|
862635
|
Heap-use-after-free in blink::DisplayItemRasterInvalidator::Generate
|
$3500
|
2018-10-24
|
862929
|
Turbofan violates Liftoff's assumption of zero-extended 32-bit values in 64-bit registers
|
-
|
2018-10-24
|
864358
|
Use-of-uninitialized-value in cc::PictureLayerImpl::AppendQuads
|
-
|
2018-10-24
|
864509
|
Liftoff must ensure that i32 stack parameters are zero extended
|
-
|
2018-10-24
|
856823
|
Security: WebRTC Out-of-bounds read in FEC
|
-
|
2018-10-23
|
862163
|
OpenOffice extensions need to be flagged as potentially dangerous
|
-
|
2018-10-23
|
863810
|
[turbofan] TruncateInt64ToInt32 must generate zero-extended value
|
-
|
2018-10-23
|
863840
|
Crash in webrtc::ForwardErrorCorrection::XorPayloads
|
-
|
2018-10-23
|
863709
|
Heap-use-after-free in ui::I18nSourceStream::FilterData
|
-
|
2018-10-22
|
863482
|
Heap-use-after-free in views::Slider::SetValueInternal
|
-
|
2018-10-21
|
859032
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-10-20
|
862112
|
CrOS: Vulnerability reported in net-vpn/strongswan: CVE-2018-5388
|
-
|
2018-10-20
|
863105
|
DCHECK failure in external_backing_store_bytes_[type] >= amount in spaces.cc
|
-
|
2018-10-20
|
854455
|
Security: Automatic file execution without any warnings
|
$500
|
2018-10-19
|
859511
|
Security: Interrupted TPM firmware update doesn't clear out weak SRK
|
-
|
2018-10-19
|
862059
|
Security: Bad cast in JSPropGetter in js_define.h
|
$5000
|
2018-10-19
|
849192
|
Stack-use-after-scope in bsdiff::SinkFile::Write
|
-
|
2018-10-18
|
853937
|
XSS by hosting JS and JSON looking file
|
$3000
|
2018-10-18
|
859303
|
AddressSanitizer: attempting free on address which was not malloc()-ed in tt_face_vary_cvt
|
-
|
2018-10-18
|
855119
|
URL spoofing with post urls
|
-
|
2018-10-17
|
858820
|
Security: Credit card information leakage in Chrome autofill
|
$1000
|
2018-10-17
|
861602
|
Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-10-17
|
862536
|
Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-10-17
|
835887
|
Chrome exploit: WebAssembly type confusion + V8 OOB read + sandbox escape
|
$40633
|
2018-10-16
|
836859
|
Security: Privilege Escalation via chrome://resources filesystem URL
|
-
|
2018-10-16
|
846311
|
signal 11 SEGV_MAPERR 000000000000 in get /v8/src/objects/fixed-array-inl.h:64:10
|
-
|
2018-10-16
|
860721
|
ComputeRandomMagic produces less randomness on 64-bit platforms than 32-bit platforms
|
-
|
2018-10-16
|
860788
|
CHECK failure: !isolate->has_scheduled_exception() in builtins-console.cc
|
-
|
2018-10-16
|
861571
|
Security DCHECK failure: !node || (node->IsHTMLElement()) in html_element.h
|
-
|
2018-10-16
|
855211
|
Security: WebRTC: Use-after-free in VP9 Processing
|
-
|
2018-10-15
|
853424
|
Stack-use-after-return in TDiagnostics::writeDebug
|
-
|
2018-10-13
|
855932
|
Security DCHECK failure: !object || (object->IsBox()) in layout_box.h
|
-
|
2018-10-13
|
860096
|
Crash in v8_wasm_async_fuzzer
|
-
|
2018-10-13
|
861523
|
Crash in v8_wasm_async_fuzzer
|
-
|
2018-10-13
|
859308
|
Crash in v8_wasm_compile_fuzzer
|
-
|
2018-10-12
|
860392
|
DCHECK failure in pc == code->instruction_start() in wasm-code-manager.cc
|
-
|
2018-10-12
|
860536
|
CHECK failure: args[0]->IsObject() in async-hooks-wrapper.cc
|
-
|
2018-10-12
|
851662
|
Security: WebRTC: Unchecked Optional Access in Updating timestamp after RED packet
|
-
|
2018-10-11
|
854887
|
Bad-cast to blink::ScriptWrappable from invalid vptr in blink::V8Element::ToImpl
|
-
|
2018-10-11
|
855960
|
DCHECK failure in Capacity() <= heap()->MaxOldGenerationSize() in spaces.cc
|
-
|
2018-10-11
|
857479
|
[animationworklet] AnimationWorklet declared in child frame may override animations in parent
|
-
|
2018-10-11
|
843960
|
Heap-use-after-free in content::RenderFrameImpl::PostAccessibilityEvent
|
-
|
2018-10-09
|
844845
|
Bad-cast to content::RenderFrameImpl from invalid vptr in test_runner::WebFrameTestProxy<content::RenderFrameImpl, content::RenderFrameImpl::CreateParams>::PostAccessibilityEvent
|
-
|
2018-10-09
|
854816
|
Heap-use-after-free in media::AudioManagerWin::InitializeOnAudioThread
|
-
|
2018-10-09
|
856999
|
Use-of-uninitialized-value in OmniboxView::OpenMatch
|
-
|
2018-10-09
|
857500
|
Heap-buffer-overflow in _ZNSt3__16vectorIhNS_9allocatorIhEEE18__construct_at_endIPKhEENS_9enable_ifIXsr2
|
-
|
2018-10-09
|
857524
|
Heap-use-after-free in TemplateURLRef::SearchTermsArgs::SearchTermsArgs
|
-
|
2018-10-09
|
859809
|
DCHECK failure in !object->IsFiller() in mark-compact.cc
|
-
|
2018-10-09
|
856578
|
heap-use-after-free in memory_instrumentation::CoordinatorImpl::OnQueuedRequestTimedOut
|
-
|
2018-10-08
|
857439
|
CVE-2018-1000199 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-10-08
|
859294
|
Heap-use-after-free in blink::PaintController::FinishCycle
|
-
|
2018-10-08
|
850350
|
Security: stack-buffer-overflow in Break
|
$5000
|
2018-10-06
|
856474
|
Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue
|
-
|
2018-10-06
|
856761
|
Global-buffer-overflow in webrtc::internal::AudioSendStream::RegisterCngPayloadType
|
-
|
2018-10-06
|
857017
|
CVE-2018-11412 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-10-06
|
853538
|
Heap-use-after-free in blink::LayoutBlock::ComputeBlockPreferredLogicalWidths
|
-
|
2018-10-05
|
857139
|
Heap-use-after-free in EnsureAncestorDependentCompositingInputs
|
-
|
2018-10-05
|
857262
|
Heap-use-after-free in viz::SingleReleaseCallback::Run
|
-
|
2018-10-05
|
857311
|
Use-after-poison in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2018-10-05
|
327295
|
speech-dispatcher crashes with window.speechSynthesis()
|
$1000
|
2018-10-04
|
666299
|
Security: debugger extension API bypasses normal opt-in for file:// access
|
-
|
2018-10-04
|
856532
|
Heap-use-after-free in AutocompleteMatch::AutocompleteMatch
|
-
|
2018-10-04
|
856962
|
Heap-buffer-overflow in autofill::FormStructure::RationalizeAddressStateCountry
|
-
|
2018-10-04
|
854556
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-10-03
|
856054
|
Use-of-uninitialized-value in FXSYS_round
|
-
|
2018-10-03
|
856354
|
Security: [pdfium] CJS_Field::m_pJSDoc may outlive the document.
|
-
|
2018-10-03
|
856471
|
Heap-buffer-overflow in Decode
|
-
|
2018-10-03
|
856954
|
Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-10-03
|
867501
|
Security: Talos Security Advisory for Google PDFium (TALOS-2018-0639)
|
$2000
|
2018-10-03
|
851241
|
Crash in gfx::RenderTextHarfBuzz::DrawVisualText
|
-
|
2018-10-02
|
852085
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsSmi()) in objects-inl.h
|
-
|
2018-10-02
|
854883
|
Security: Buffer overflow in usrsctplib
|
-
|
2018-09-30
|
849217
|
Security: Reference count leak in SwiftShader OpenGL texture bindings
|
-
|
2018-09-29
|
850476
|
Crash in quic::QuicConnection::OnAckRange
|
-
|
2018-09-28
|
852644
|
Security: negative-size-param in Skia
|
$1000
|
2018-09-28
|
853434
|
Heap-use-after-free in ash::UnifiedSystemTrayBubble::ActivateBubble
|
-
|
2018-09-28
|
854066
|
Security: OOB read in TypedArray.from
|
-
|
2018-09-28
|
854296
|
Heap-buffer-overflow in avio_read
|
-
|
2018-09-28
|
854623
|
Security: Out-of-bound access in CFXJSE_FormCalcContext::Lower
|
$1000
|
2018-09-28
|
835613
|
Heap-use-after-free in blink::FloatingObject::FloatingObject
|
-
|
2018-09-27
|
854213
|
DCHECK failure in var < ParameterCount() in scope-info.cc
|
-
|
2018-09-27
|
854299
|
Security: OOB read in Array.prototype.sort
|
$4000
|
2018-09-27
|
854476
|
Use-of-uninitialized-value in v8::internal::Isolate::RunHostImportModuleDynamicallyCallback
|
-
|
2018-09-27
|
854941
|
DCHECK failure in var < ParameterCount() in scope-info.cc
|
-
|
2018-09-27
|
847570
|
Security: heap-buffer-overflow in blink::ScriptFunction::~ScriptFunction()
|
$3000
|
2018-09-26
|
848617
|
Heap-use-after-free in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-09-26
|
849840
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::AXObjectCacheImpl::GetOrCreate
|
-
|
2018-09-26
|
852944
|
DCHECK failure in !it.done() in module-compiler.cc
|
-
|
2018-09-26
|
854160
|
Crash in v8::internal::Heap::MergeAllocationSitePretenuringFeedback
|
-
|
2018-09-26
|
854463
|
Crash in v8::internal::TypedElementsAccessor<
|
-
|
2018-09-26
|
849131
|
Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext
|
-
|
2018-09-25
|
851398
|
Stack-buffer-overflow in sw::Surface::Buffer::read
|
-
|
2018-09-25
|
851955
|
Pixelbook embedded U2F Tokens Should be Locked to a Single Account and NOT be permitted in Guest Mode
|
-
|
2018-09-25
|
852592
|
Security: OOB read/write in Array.prototype.sort
|
$7500
|
2018-09-25
|
852641
|
Stack-buffer-overflow in libGLESv2_swiftshader
|
-
|
2018-09-25
|
852759
|
CVE-2018-10940 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-25
|
852258
|
JSTypedArray ByteLength out of bounds
|
-
|
2018-09-24
|
853552
|
Heap-use-after-free in blink::LayoutObject::ContainingBlock
|
-
|
2018-09-24
|
377995
|
Security: CSP Sandbox bypass
|
$1000
|
2018-09-22
|
840857
|
Security: Browser process should catch commits of extension URLs in web processes
|
-
|
2018-09-22
|
848716
|
Security: Multiple integer overflows in Skia GPU path rendering when computing vertex/idex count
|
-
|
2018-09-22
|
853421
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2018-09-22
|
853423
|
Use-after-poison in void blink::ElementRuleCollector::CollectMatchingRulesForList<blink::HeapTermina
|
-
|
2018-09-22
|
853436
|
Use-after-poison in blink::MemberBase<blink::ContentSecurityPolicy,
|
-
|
2018-09-22
|
835317
|
Scroll TLD into view for publisher attribution in Custom Tabs
|
-
|
2018-09-21
|
850493
|
Heap-buffer-overflow in webrtc::internal::CopyColumn
|
-
|
2018-09-21
|
847903
|
Multiple UAF bugs fixed in the upstream kernel (most in the year 2017), but not patched in stable/latest chromeos4.4 kernel.
|
-
|
2018-09-20
|
850910
|
CVE-2018-10675 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-20
|
845136
|
heap use-after-free in link::VideoFrameSubmitter::~VideoFrameSubmitter()
|
$500
|
2018-09-19
|
847242
|
Security: IDN URL Spoofing with Myanmar character "á" (U+1012)
|
-
|
2018-09-19
|
849073
|
Crash in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2018-09-19
|
852207
|
Crash in v8::internal::FullEvacuationVerifier::VerifyPointers
|
-
|
2018-09-19
|
849398
|
Security: IDN URL Spoofing with Georgian Letter Vin
|
$500
|
2018-09-18
|
849329
|
Security: CVE-2018-5383
|
-
|
2018-09-18
|
848786
|
Cross-origin stylesheet content is readable using SW
|
$500
|
2018-09-17
|
831117
|
Termination GC leaves behind persistents
|
-
|
2018-09-14
|
850354
|
Use-of-uninitialized-value in blink::ImageFrame::BlendRGBARaw
|
-
|
2018-09-14
|
850407
|
Crash in HintTableForFuzzing::Fuzz
|
-
|
2018-09-14
|
850440
|
Crash in CPDF_HintTables::ReadPageHintTable
|
-
|
2018-09-14
|
850490
|
CVE-2018-8781 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-14
|
839983
|
Cross-origin audio leak using Web Audio API
|
$1000
|
2018-09-13
|
847226
|
Current update_engine code breaks rollback protection for enterprise devices
|
-
|
2018-09-13
|
847328
|
Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h
|
-
|
2018-09-13
|
850005
|
CHECK failure: Type cast failed in CAST(var_elements.value()) at ../../src/builtins/builtins-ca
|
-
|
2018-09-13
|
850305
|
Use-of-uninitialized-value in disk_cache::SimpleEntryImpl::WriteDataInternal
|
-
|
2018-09-13
|
850365
|
Use-of-uninitialized-value in void net::PrioritizedTaskRunner::PostTaskAndReplyWithResult<int, int>
|
-
|
2018-09-13
|
826552
|
Redirect circumvents same-origin restrictions for AudioWorklet
|
$1000
|
2018-09-12
|
841105
|
Security: uXSS in Chrome on iOS
|
$7500
|
2018-09-12
|
843736
|
Security: ChromeOS Settings Template Injection
|
-
|
2018-09-12
|
844833
|
heap-use-after-free on AudioOutputDevi
|
$2000
|
2018-09-12
|
845859
|
CVE-2018-10021 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-12
|
846295
|
CVE-2018-10124 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-12
|
847060
|
Heap-buffer-overflow in mov_read_saio
|
-
|
2018-09-12
|
848672
|
Security: V8 Incorrect type cast in String.p.split function leads to OOB write
|
$5000
|
2018-09-12
|
848779
|
Use-of-uninitialized-value in content::SignedExchangePrologue::Parse
|
-
|
2018-09-12
|
849062
|
Heap-buffer-overflow in avio_read
|
-
|
2018-09-12
|
849142
|
Use-of-uninitialized-value in test_runner::CopyImageAtAndCapturePixels
|
-
|
2018-09-12
|
849144
|
Heap-buffer-overflow in content::SignedExchangePrologue::ParseEncodedLength
|
-
|
2018-09-12
|
849663
|
DCHECK failure in x <= INT_MAX in conversions.h
|
-
|
2018-09-12
|
813349
|
Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser
|
-
|
2018-09-11
|
836760
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2018-09-11
|
848238
|
Security: Floating-point precision errors in Swiftshader blitting
|
-
|
2018-09-11
|
848914
|
Security: heap-buffer-overflow in gpu::gles2::StrictIdHandler::FreeIds
|
$3000
|
2018-09-11
|
849595
|
Use-of-uninitialized-value in blink::AudioHandler::ProcessIfNecessary
|
-
|
2018-09-11
|
840536
|
Security: WebRTC: Type Confusion when processing H264 NAL packet
|
-
|
2018-09-10
|
848531
|
Security: Simulated Alt + Click event can download a cross origin file
|
-
|
2018-09-10
|
849033
|
Heap-use-after-free in blink::TransformPaintPropertyNode::GetTransformCache
|
-
|
2018-09-10
|
849036
|
Heap-use-after-free in blink::GeometryMapper::SourceToDestinationProjectionInternal
|
-
|
2018-09-10
|
849072
|
Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow
|
-
|
2018-09-10
|
849109
|
Heap-use-after-free in blink::GeometryMapper::LocalToAncestorClipRectInternal
|
-
|
2018-09-10
|
847089
|
Use-of-uninitialized-value in cc::PaintOp::AreSkMatricesEqual
|
-
|
2018-09-09
|
844828
|
Heap-use-after-free in gpu::gles2::GLES2Implementation::OnGpuControlLostContext
|
-
|
2018-09-08
|
847386
|
Security: Skia: Uninitialized variable in gen_alpha_deltas
|
-
|
2018-09-08
|
833143
|
Lao could lead to idn spoof
|
$500
|
2018-09-07
|
847718
|
Chrome URL Spoofing (via refreshed)
|
$500
|
2018-09-07
|
839358
|
CVE-2018-1094 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-06
|
844428
|
Security: Extension is able to inject script into chrome://newtab/
|
$500
|
2018-09-06
|
845006
|
ASSERT: GTK_IS_TREE_MODEL (tree_model)
|
-
|
2018-09-06
|
845489
|
Security: Incomplete fix for crbug/844457 (Heap overflow in SkScan::FillPath due to precision error)
|
-
|
2018-09-06
|
846262
|
Security: Qualys procps audit
|
-
|
2018-09-06
|
847346
|
Use-of-uninitialized-value in CFX_DIBitmap::Clear
|
-
|
2018-09-06
|
847809
|
Stack-buffer-overflow in webrtc::VideoQualityObserver::OnDecodedFrame
|
-
|
2018-09-06
|
847780
|
DCHECK failure in !HasWeakHeapObjectTag(object) in scavenger.cc
|
-
|
2018-09-06
|
839357
|
CVE-2018-1093 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-09-05
|
842265
|
Security: WebRTC: Use-after-free in VP8 Block Decoding
|
-
|
2018-09-05
|
847728
|
DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h
|
-
|
2018-09-05
|
849355
|
Clickjacking on the inline extension installation dialog
|
-
|
2018-09-04
|
788936
|
Steal local file contents by abusing liberal CSS parsing
|
$2000
|
2018-09-04
|
847247
|
Heap-buffer-overflow in CPDF_DeviceCS::GetRGB
|
-
|
2018-09-04
|
841280
|
heap-use-after-free in BlinkGC
|
$2000
|
2018-09-03
|
846635
|
Heap-buffer-overflow in blink::NormalizeLineEndingsToCRLF
|
$500
|
2018-09-03
|
847012
|
Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild
|
-
|
2018-09-03
|
847177
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2018-09-03
|
847182
|
Heap-use-after-free in blink::LayoutObjectChildList::RemoveChildNode
|
-
|
2018-09-03
|
844195
|
Security: SpeechSynthesisEvent exposes high-resolution timestamps
|
$500
|
2018-09-01
|
845961
|
Security: Setting arbitrary http request headers via <iframe csp> attribute
|
$3133
|
2018-09-01
|
846827
|
Use-of-uninitialized-value in assist_ranker::RankerURLFetcher::Request
|
-
|
2018-09-01
|
846000
|
Container-overflow in v8::internal::compiler::JsonPrintAllSourceWithPositions
|
-
|
2018-08-31
|
844872
|
Heap-buffer-overflow in transform_scanline_bgrA
|
-
|
2018-08-31
|
846182
|
Heap-use-after-free in blink::MIDIInput::DidReceiveMIDIData
|
-
|
2018-08-31
|
844578
|
Bad-cast to blink::CSSProperty from invalid vptr in blink::ToCSSProperty
|
-
|
2018-08-30
|
844796
|
Bad-cast to const blink::CSSProperty from invalid vptr in blink::CSSProperty::Get
|
-
|
2018-08-30
|
844840
|
Bad-cast to const blink::CSSPropertyblink::CSSProperty::Get in blink::CSSComputedStyleDeclaration::SetPropertyInternal
|
-
|
2018-08-30
|
846192
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::RemoveChild
|
-
|
2018-08-30
|
845040
|
Heap-use-after-free in blink::SVGResources::LayoutIfNeeded
|
-
|
2018-08-29
|
841962
|
Security: WebRTC: Overflow in FEC Processing
|
-
|
2018-08-28
|
844301
|
Heap-use-after-free in PreviousSibling
|
-
|
2018-08-27
|
844857
|
Use-of-uninitialized-value in blink::LayoutObject::NextInPreOrderAfterChildren
|
-
|
2018-08-27
|
828265
|
MediaError message property leaks cross-origin response status
|
$500
|
2018-08-25
|
835299
|
Security: Integer overflow in Swiftshader texture allocation
|
-
|
2018-08-25
|
843970
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2018-08-25
|
844089
|
Security DCHECK failure: !object || (object->IsBox()) in layout_box.h
|
-
|
2018-08-25
|
844254
|
Heap-buffer-overflow in void SkMatrixConvolutionImageFilter::filterPixels<RepeatPixelFetcher, true>
|
-
|
2018-08-25
|
844275
|
CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge
|
-
|
2018-08-25
|
844366
|
Bad-cast to SkPixelRef from invalid vptr in SkBitmap::getGenerationID
|
-
|
2018-08-25
|
844457
|
Security: Chrome/Skia: Heap overflow in SkScan::FillPath due to precision error.
|
-
|
2018-08-25
|
685747
|
Extension names aren't sanitized when displayed in the UI
|
-
|
2018-08-24
|
770709
|
Latin "with dot below" not rendered as PunyCode
|
-
|
2018-08-24
|
826019
|
Security: IDN URL Spoofing with using U+0525
|
-
|
2018-08-24
|
835554
|
U+0153 (Å), U+00e6 (æ) may lead to url spoofing
|
$500
|
2018-08-24
|
836885
|
Security: IDN URL Spoofing with âÒâ (U+0499)
|
-
|
2018-08-24
|
840161
|
Security: use-after-free or double-free in Virtio Wayland ChromiumOS code
|
$1500
|
2018-08-24
|
842990
|
Security: Sandbox Escape - Use After Free with IndexedDBConnection
|
$10000
|
2018-08-24
|
843563
|
[wasm] Shared js-to-wasm wrappers call to instance-specific wasm-to-js wrapper
|
-
|
2018-08-24
|
844200
|
CHECK failure: Type cast failed in CAST(length.value()) at ../../src/builtins/builtins-array-ge
|
-
|
2018-08-24
|
817920
|
Security: ChromeOS persistent command execution as root
|
$33337
|
2018-08-23
|
818032
|
Security: Passing PATH variable to Upstart jobs allows for privilege escalation.
|
-
|
2018-08-23
|
826434
|
Security: Concern about WebAssembly table mutability
|
-
|
2018-08-23
|
835889
|
Various filesystem CVEs
|
-
|
2018-08-23
|
843493
|
Crash in CPWL_Timer::KillPWLTimer
|
-
|
2018-08-23
|
843543
|
Security: OOB reads due to missing map check
|
-
|
2018-08-23
|
804123
|
Security: TexImage3D heap-buffer-overflow in WebKit Webgl
|
$1000
|
2018-08-22
|
836362
|
Security: download.default_directory should not be modifiable via settingsPrivate.setPref
|
-
|
2018-08-22
|
839197
|
Heap-use-after-free in PermissionRequestManager::AddRequest
|
-
|
2018-08-22
|
843022
|
Security: OOB access in RegExpBuiltinsAssembler::LoadRegExpResultFirstMatch
|
$2000
|
2018-08-22
|
843120
|
[wasm] We call the start function with the wrong instance
|
-
|
2018-08-22
|
829528
|
Heap-use-after-free in cc::ResourceProvider::ContextGL
|
-
|
2018-08-21
|
838886
|
Crash in CFX_DIBitmap::~CFX_DIBitmap
|
-
|
2018-08-21
|
839822
|
Chrome URL spoofing vulnerability on IOS
|
$1000
|
2018-08-21
|
840695
|
Heap-use-after-free in CJBig2_Image::~CJBig2_Image
|
-
|
2018-08-21
|
840855
|
DCHECK failure in current_pos <= num_indices in runtime-array.cc
|
-
|
2018-08-21
|
842501
|
Stack-buffer-overflow in v8::internal::compiler::VisitBinop
|
-
|
2018-08-21
|
842545
|
Heap-use-after-free in TabStripModel::SendDetachWebContentsNotifications
|
-
|
2018-08-21
|
839695
|
pdfium: global-buffer-overflow in CFX_BidiLine::ResolveImplicit
|
$1000
|
2018-08-20
|
840320
|
Security: type confusion trigger DCHECK fail in ReadableStreamBytesConsumer::OnFulfilled::Call
|
$5000
|
2018-08-20
|
842028
|
Security: libglesv2 heap-buffer-overflow in VertexBuffer11::storeVertexAttributes
|
$1000
|
2018-08-20
|
837097
|
Heap-use-after-free in base::debug::TaskAnnotator::RunTask
|
-
|
2018-08-19
|
830100
|
Heap-use-after-free in cc::VideoResourceUpdater::HardwarePlaneResource::~HardwarePlaneResource
|
-
|
2018-08-18
|
839356
|
CVE-2018-1092 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-08-18
|
839660
|
TargetAutoAttacher::AutoAttachToFrame UaF (Sandbox Escape)
|
-
|
2018-08-18
|
842078
|
Crash in v8::internal::String::MakeExternal
|
-
|
2018-08-18
|
812667
|
Security: Cross-origin information leak via subresource integrity (SRI), fetch and Service Workers
|
$1000
|
2018-08-17
|
840106
|
Security: heap-use-after-free in TypedArrayBuiltinsAssembler::ConstructByArrayLike
|
$7500
|
2018-08-17
|
838867
|
CVE-2017-18255 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-08-17
|
823194
|
Security: Long extension name allows spoofing of Debugging InfoBar
|
$500
|
2018-08-16
|
832246
|
Bad-cast to blink::LayoutBlock from blink::LayoutText in blink::ToLayoutBlock
|
-
|
2018-08-16
|
836162
|
Crash in blink::LayoutObject::NextInPreOrder
|
-
|
2018-08-16
|
837477
|
Crash in _pthread_key_global_init
|
-
|
2018-08-16
|
838588
|
Crash in blink::TextOffsetMapping::TextOffsetMapping
|
-
|
2018-08-16
|
838589
|
Bad-cast to blink::LayoutBlock from blink::LayoutTextCombine in blink::TextOffsetMapping::ComputeContainigBlock
|
-
|
2018-08-16
|
838859
|
Use-of-uninitialized-value in blink::SlotAssignment::Trace
|
-
|
2018-08-16
|
839961
|
Heap-use-after-free in test_runner::PrintFrameDescription
|
-
|
2018-08-16
|
840776
|
Bad-cast to blink::LayoutSVGResourceContainer from invalid vptr in blink::SVGResources::RemoveClientFromCacheAffectingObjectBounds
|
-
|
2018-08-16
|
840864
|
Heap-use-after-free in blink::SVGFilterPainter::PrepareEffect
|
-
|
2018-08-16
|
840923
|
Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject
|
-
|
2018-08-16
|
840924
|
Heap-use-after-free in blink::SVGResources::LayoutIfNeeded
|
-
|
2018-08-16
|
840979
|
TextOffsetMapping make blink::SlotAssignment::Trace() to crash
|
-
|
2018-08-16
|
841046
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::LayoutIfNeeded
|
-
|
2018-08-16
|
841055
|
Use-of-uninitialized-value in blink::LayoutSVGResourceFilter::RemoveClientFromCache
|
-
|
2018-08-16
|
841109
|
Heap-use-after-free in SelfNeedsLayout
|
-
|
2018-08-16
|
841059
|
Heap-use-after-free in blink::LayoutSVGResourceFilter::ResourceBoundingBox
|
-
|
2018-08-16
|
841118
|
Heap-use-after-free in Lookup<WTF::IdentityHashTranslator<WTF::MemberHash<blink::SVGResourceClient>,
|
-
|
2018-08-16
|
841153
|
Heap-use-after-free in GetDocument
|
-
|
2018-08-16
|
841154
|
Bad-cast to blink::SVGMarkerElement from blink::SVGPathElement in blink::SVGMarkerElement* blink::ToElement<blink::SVGMarkerElement>
|
-
|
2018-08-16
|
841201
|
Heap-use-after-free in blink::SVGResources::LayoutIfNeeded
|
-
|
2018-08-16
|
841210
|
Use-of-uninitialized-value in skcms_TransferFunction_eval
|
-
|
2018-08-16
|
841275
|
Crash in blink::SVGAnimatedPropertyCommon<blink::SVGEnumerationBase>::CurrentValue
|
-
|
2018-08-16
|
841698
|
Use-of-uninitialized-value in blink::HTMLMediaElement::StartPlayerLoad
|
-
|
2018-08-16
|
841592
|
Crash in IntToSmi<31>
|
-
|
2018-08-16
|
841705
|
Heap-use-after-free in blink::SVGResources::LayoutIfNeeded
|
$3500
|
2018-08-16
|
826187
|
Security: Cross Site Resource Size Estimation via OnProgress events
|
$500
|
2018-08-14
|
683418
|
Don't allow web iframes on chrome:// pages
|
-
|
2018-08-14
|
835589
|
Security: CSS Paint API leaks visited status of links (up to ~3k/sec)
|
$2000
|
2018-08-14
|
839960
|
Security: Use of uninitialized memory caused by AcmReceiver::AcmReceiver()
|
$500
|
2018-08-14
|
840376
|
Add back retpoline for indirect function calls in wasm
|
-
|
2018-08-14
|
840220
|
CHECK failure: Type cast failed in CAST(TypedArraySpeciesConstructor(context, exemplar)) at ../
|
-
|
2018-08-13
|
837048
|
Security: URL spoofing (wrong url in omnibox after going back from search result)
|
-
|
2018-08-10
|
837585
|
Security: CXFA_Node::FindSplitPos container overflow
|
$1000
|
2018-08-10
|
839348
|
Use-of-uninitialized-value in CFX_GifContext::LoadFrame
|
-
|
2018-08-10
|
839361
|
Use-of-uninitialized-value in bool pdfium::base::internal::CheckedMulOp<unsigned int, unsigned int, void>::Do<
|
-
|
2018-08-10
|
839399
|
Use-of-uninitialized-value in v8::internal::Serializer<v8::internal::DefaultSerializerAllocator>::ObjectSerial
|
-
|
2018-08-10
|
813155
|
Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLNode>::ProbeForLowSeverityLifetimeIssue
|
-
|
2018-08-09
|
837578
|
Security: pdfium heap-use-after-free
|
-
|
2018-08-09
|
838402
|
Security: WebRTC: Out-of-bounds memory access in WebRTC VP9 Frame Processing
|
-
|
2018-08-09
|
838672
|
WebRTC: Out-of-bounds memory access in WebRTC VP9 Missing Frame Processing
|
-
|
2018-08-09
|
618264
|
Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function
|
-
|
2018-08-08
|
618936
|
Security: PDFium: Heap Buffer Overflow in libtiff's EstimateStripByteCounts Function
|
-
|
2018-08-08
|
818138
|
Security: Download directory can be set to arbitrary paths via chrome://settings
|
-
|
2018-08-08
|
836858
|
Security: Privilege Escalation using extension filesystem URLs
|
-
|
2018-08-08
|
837939
|
Security: [v8] Information Leak in Map constructor
|
$4500
|
2018-08-08
|
797461
|
Security: Extensions can run code in the local/instant NTP
|
$500
|
2018-08-07
|
834624
|
DCHECK failure in !trap_handler::IsThreadInWasm() in wasm-interpreter.cc
|
-
|
2018-08-07
|
835371
|
Bad-cast to blink::LayoutBox from invalid vptr in blink::LayoutBlockFlow::XPositionForFloatIncludingMargin
|
-
|
2018-08-07
|
835577
|
Flaky UaF when running TabRestoreTest.RestoreFirstBrowserWhenSessionServiceEnabled
|
-
|
2018-08-07
|
837943
|
Heap-use-after-free in blink::ChunkToLayerMapper::SwitchToChunk
|
-
|
2018-08-05
|
803748
|
Use-of-uninitialized-value in LZWPreDecode
|
-
|
2018-08-04
|
821640
|
CSP bypass by navigating same-origin page to JavaScript URI
|
$1000
|
2018-08-04
|
823864
|
Make WebUI more robust to user gesture spoofing
|
-
|
2018-08-04
|
837417
|
Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject
|
-
|
2018-08-04
|
830303
|
Security: heap-use-after-free in check_client_download_request.cc when in incognito mode
|
$3000
|
2018-08-03
|
834619
|
DCHECK failure in func_index == code->index() in wasm-code-manager.cc
|
-
|
2018-08-03
|
837479
|
Crash in CopyRow_ERMS
|
-
|
2018-08-03
|
808333
|
Security: PDFium UAF in CXFA_Document::DoProtoMerge
|
$3000
|
2018-08-01
|
826404
|
Use-of-uninitialized-value in gdk_pixbuf_new
|
-
|
2018-08-01
|
832734
|
Security: URL spoofing on iOS (repro issue 796777)
|
$500
|
2018-08-01
|
834716
|
CVE-2018-7566 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-08-01
|
834875
|
Container-overflow in webrtc::FftData::CopyToPackedArray
|
-
|
2018-08-01
|
836131
|
Heap-buffer-overflow in angle::LoadToNative<signed char,1>
|
$1500
|
2018-08-01
|
836141
|
Null-dereference READ in v8::internal::wasm::InstantiateToInstanceObject
|
-
|
2018-08-01
|
791324
|
Security: Fetch API reveals existence of Redirection in no-cors mode
|
$500
|
2018-07-31
|
834693
|
Crash in Call
|
-
|
2018-07-31
|
835184
|
Global-buffer-overflow in fxcrt::WideString::WStringLength
|
-
|
2018-07-31
|
835602
|
Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut
|
-
|
2018-07-31
|
835639
|
Security: FileReader - Use After Free in FileReaderLoader::OnCalculatedSize()
|
$3000
|
2018-07-31
|
829280
|
Heap-use-after-free in cc::VideoResourceUpdater::AllocateResource
|
-
|
2018-07-29
|
831054
|
Security: Web Worker - Use After Free with Cross Thread Persisten Node
|
$3000
|
2018-07-28
|
834850
|
Bad-cast to blink::InlineTextBox from blink::InlineBox in blink::ToInlineTextBox
|
-
|
2018-07-28
|
834851
|
Security DCHECK failure: box.IsInlineTextBox() in inline_text_box.h
|
-
|
2018-07-28
|
835048
|
Use-of-uninitialized-value in SkPictureShader::onMakeContext
|
$1500
|
2018-07-28
|
814987
|
Heap-buffer-overflow in getAddress
|
-
|
2018-07-27
|
834149
|
Security: PDFium UAF in CFX_XMLElement::Save
|
$3500
|
2018-07-27
|
834941
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWeakCell()) in objects-inl
|
-
|
2018-07-27
|
834854
|
CHECK failure: cell->cleared() || cell->value()->IsMap() in objects-debug.cc
|
-
|
2018-07-27
|
810220
|
Security: Extension with <all_urls> permission can read arbitrary local files and chrome:// pages
|
$2000
|
2018-07-26
|
831963
|
Security: In-memory Cache UaF 2
|
$10500
|
2018-07-26
|
832589
|
Security: PDFium UAF in CFGAS_FontMgr::FindFont
|
$5500
|
2018-07-26
|
833721
|
Security: PDFium heap-buffer-overflow WRITE in CPDF_ExpIntFunc::v_Call
|
$5000
|
2018-07-26
|
833729
|
Improper Gzip Decompressing allows content to be added to the file
|
-
|
2018-07-26
|
816685
|
Security: Extension popups can read local files if a Browser Action invoked on a file:/// URL
|
$500
|
2018-07-25
|
817247
|
Security: IDN URL Spoofing with using U+04CF
|
$500
|
2018-07-25
|
827667
|
Security: ANGLE LoadToNative memory corruption
|
$1000
|
2018-07-25
|
831170
|
Out-of-bounds read in Promise
|
-
|
2018-07-25
|
831984
|
Ill in v8::internal::FullEvacuationVerifier::VerifyPointers
|
-
|
2018-07-25
|
832101
|
TextOffsetMapping::ComputeContainigBlock() crashes with all elements are float
|
-
|
2018-07-25
|
832261
|
TextOffsetMapping::ComputeContainigBlock() crashes with position:aboslute
|
-
|
2018-07-25
|
833172
|
TextOffsetMapping::ComputeContaingBlock() crashes with position:fixed
|
-
|
2018-07-25
|
750298
|
Security: Spoofing with chrome://cache (Chrome icon as SecurityIndicator)
|
-
|
2018-07-24
|
832787
|
Use-of-uninitialized-value in TParseContext::nonInitErrorCheck
|
-
|
2018-07-22
|
801648
|
Use-of-uninitialized-value in TType::operator==
|
-
|
2018-07-21
|
826041
|
Multiple concurrent screen capture sessions are not handled correctly on ChromeOS
|
-
|
2018-07-21
|
831539
|
CVE-2018-1068 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-21
|
796794
|
Use-of-uninitialized-value in TParseContext::addIndexExpression
|
-
|
2018-07-20
|
797174
|
Use-of-uninitialized-value in TParseContext::nonInitErrorCheck
|
-
|
2018-07-20
|
818133
|
MacViews: views::Textfield doesn't enable secure input for password in HTTP Authentication prompt
|
-
|
2018-07-20
|
823074
|
Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo
|
-
|
2018-07-20
|
831943
|
Security: Crash with JavaScript RegExp subclassing
|
$1500
|
2018-07-20
|
811158
|
Bookmark Apps of non-secure origins do not show security indicators
|
-
|
2018-07-19
|
819809
|
Security: SEE_MASK_FLAG_NO_UI behavior changes in Windows 10, allowing SmartScreen bypass
|
$500
|
2018-07-19
|
829213
|
Security: Crash in content::SpeechRecognitionDispatcher::OnRecognitionEnded()
|
$3000
|
2018-07-19
|
830194
|
Heap-use-after-free in [thunk]:rtc::VideoSourceInterface<class
|
-
|
2018-07-19
|
831537
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-07-19
|
813376
|
Crash in v8::internal::Invoke
|
-
|
2018-07-18
|
829777
|
CVE-2018-7995 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-18
|
829881
|
Security DCHECK failure: value.IsValueList() in CSSValueList.h
|
-
|
2018-07-18
|
831111
|
CVE-2018-8087 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-18
|
831463
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsWasmInstanceObject()) in w
|
-
|
2018-07-18
|
797465
|
Referrer Policy bypass using Navigation Timing API
|
$500
|
2018-07-17
|
825480
|
CVE-2017-18208 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-17
|
830179
|
Heap-use-after-free in blink::PaintLayer::UpdateHasSelfPaintingLayerDescendant
|
-
|
2018-07-17
|
830256
|
Heap-buffer-overflow in display::EdidParser::ParseEdid
|
-
|
2018-07-16
|
828323
|
Bad-cast to blink::WebAudioSourceProvider from invalid vptr in blink::HTMLMediaElement::AudioSourceProviderImpl::Wrap
|
-
|
2018-07-15
|
830138
|
Heap-buffer-overflow in display::EdidParser::ParseEdid
|
-
|
2018-07-15
|
830146
|
Bad-cast to NiceMock<media::MockMediaLog> from media::MockMediaLog in testing::internal::NiceMockBase<media::MockMediaLog>::NiceMockBase
|
-
|
2018-07-14
|
823096
|
Crash in sw::Renderer::executeTask
|
-
|
2018-07-13
|
825524
|
Heap-buffer-overflow in Decode
|
-
|
2018-07-13
|
828234
|
Use-of-uninitialized-value in send_delete_event
|
-
|
2018-07-13
|
829679
|
CHECK failure: Type cast failed in CAST(properties) at ../../src/code-stub-assembler.cc:1412 in
|
-
|
2018-07-13
|
793402
|
Mac: Add hardening to protect against sandboxed processes calling CTFontManagerRegisterFontsForURL(), tricking LoadFontOnFileThread()
|
$500
|
2018-07-12
|
826659
|
Heap-use-after-free in blink::PaintController::GenerateRasterInvalidationsComparingChunks
|
-
|
2018-07-12
|
826166
|
Security: Out-Of-Bounds Write Vulnerability in Skia
|
$3000
|
2018-07-12
|
828359
|
Heap-buffer-overflow in cast_message_fuzzer.cc
|
-
|
2018-07-12
|
828575
|
Heap-use-after-free in base::internal::BindState<void
|
-
|
2018-07-12
|
828715
|
Heap-use-after-free in base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase
|
-
|
2018-07-12
|
828924
|
Crash in base::debug::TaskAnnotator::RunTask
|
-
|
2018-07-12
|
829058
|
Bad-cast to safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState from invalid vptr in Invoke<scoped_refptr<safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::InternalState>>
|
-
|
2018-07-12
|
805224
|
Security: chrome.debugger can attach to any target
|
$2000
|
2018-07-11
|
826671
|
CVE-2017-18221 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-11
|
827013
|
CHECK failure: Type cast failed in CAST(LoadFixedArrayElement( descriptors, DescriptorArray::To
|
-
|
2018-07-11
|
827806
|
Heap-use-after-free in v8::internal::Isolate::UnregisterFromReleaseAtTeardown
|
-
|
2018-07-11
|
828049
|
pdfium: oob array write in CPDF_StreamParser::ParseNextElement
|
$500
|
2018-07-11
|
828522
|
Use-of-uninitialized-value in v8::internal::Sweeper::PauseOrCompleteScope::PauseOrCompleteScope
|
-
|
2018-07-11
|
828524
|
Heap-use-after-free in safe_browsing::SafeBrowsingNetworkContext::SharedURLLoaderFactory::GetURLLoaderF
|
-
|
2018-07-11
|
732718
|
Security: X64 assembler incorrectly encodes RIP+disp operand when followed by immediate.
|
-
|
2018-07-10
|
825045
|
DCHECK failure in descriptor_number < number_of_descriptors() in objects-inl.h
|
-
|
2018-07-10
|
826232
|
Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing
|
-
|
2018-07-10
|
826626
|
Security: Blockfile Media Cache UaF
|
$10000
|
2018-07-10
|
827039
|
Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel
|
-
|
2018-07-10
|
827046
|
Heap-use-after-free in gpu::CommandBufferProxyImpl::DisconnectChannel
|
-
|
2018-07-10
|
827492
|
Security: In-memory Cache UaF
|
$10500
|
2018-07-10
|
828221
|
Heap-use-after-free in blink::DeferredTaskHandler::FinishTailProcessing
|
-
|
2018-07-10
|
822821
|
Heap-buffer-overflow in BrotliCopyBytes
|
-
|
2018-07-07
|
825545
|
Security: Heap Buffer Overflow (4 byte read) in sw::Blitter::blit3D (swiftshader)
|
-
|
2018-07-07
|
826673
|
CVE-2018-7740 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-07-07
|
826783
|
Bad-cast to rtc::PacketTransportInternal from content::(anonymous namespace)::IpcPacketSocket in webrtc::RtpTransport::IsTransportWritable
|
-
|
2018-07-07
|
826876
|
Use-of-uninitialized-value in webrtc::RtpTransport::OnWritableState
|
-
|
2018-07-07
|
827715
|
Bad-cast to rtc::PacketTransportInternal from invalid vptr in webrtc::RtpTransport::IsTransportWritable
|
-
|
2018-07-07
|
810736
|
Heap-use-after-free in sw::Renderer::finishRendering
|
$3000
|
2018-07-06
|
823150
|
Use-of-uninitialized-value in blink::ScrollAnchor::NotifyBeforeLayout
|
-
|
2018-07-06
|
826725
|
Heap-use-after-free in webrtc::RtpTransport::OnWritableState
|
-
|
2018-07-06
|
827106
|
DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h
|
-
|
2018-07-06
|
813541
|
Security: Referrer leak + CSS injection at home page of remote debugging server = RCE
|
$500
|
2018-07-05
|
823039
|
Stack-use-after-return in TDiagnostics::writeDebug
|
-
|
2018-07-05
|
826658
|
Security: Unauthorized users can edit features on https://www.chromestatus.com
|
$100
|
2018-07-05
|
826785
|
DCHECK failure in handler->IsStoreHandler() in handler-configuration-inl.h
|
-
|
2018-07-05
|
826364
|
Security: RFI / XSS on https://www.chromestatus.com/
|
$500
|
2018-07-04
|
826389
|
Use-of-uninitialized-value in gpu::CommandBufferHelper::Finish
|
-
|
2018-07-04
|
825503
|
Uninitialized variable usage in ANGLE may cause a memory disclosure
|
$500
|
2018-07-03
|
793715
|
Heap-use-after-free in xmlParseGetLasts
|
-
|
2018-06-30
|
799707
|
Chromium: Vulnerability reported in libxml
|
-
|
2018-06-30
|
813540
|
Security: remote debugging + DNS rebinding = UXSS
|
$500
|
2018-06-30
|
818472
|
Security: WebUSB HID Device Access + OOB Read / Crash Via WebUSB transferIn
|
$5000
|
2018-06-30
|
822976
|
Security: egl::Image::loadImageData - SwiftShader
|
$1000
|
2018-06-30
|
823345
|
Heap-use-after-free in xmlParseGetLasts
|
-
|
2018-06-30
|
825087
|
DCHECK failure in is_wasm_memory == GetIsolate()->wasm_engine()->memory_tracker()->IsWasmMemory( b
|
-
|
2018-06-30
|
825273
|
Security: Bug in BoringSSL P-256 point_add
|
$500
|
2018-06-30
|
791216
|
Referrer leak when Chrome Web App is installed on a path
|
-
|
2018-06-29
|
821364
|
Heap-buffer-overflow in base::internal::JSONParser::ConsumeStringRaw
|
-
|
2018-06-29
|
822120
|
Heap-buffer-overflow in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >
|
-
|
2018-06-29
|
824531
|
Security: Redirected URL leak on iOS
|
-
|
2018-06-29
|
824714
|
CVE-2017-18203 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-29
|
820984
|
CHECK failure: InstructionSelector::SupportsSpeculationPoisoning() in pipeline.cc
|
-
|
2018-06-28
|
821334
|
CVE-2017-18174 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-28
|
823116
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2018-06-28
|
823048
|
CVE-2018-6927 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-28
|
823125
|
CVE-2018-7480 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-28
|
824102
|
Chromium: Vulnerability reported in libxml
|
-
|
2018-06-28
|
824586
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2018-06-28
|
799711
|
Security: Bypass password for PIN/lock on sleep settings on Chrome OS
|
$500
|
2018-06-27
|
820913
|
Security: Heap-buffer-overflow in AAHairlineOp::onPrepareDraws
|
$3000
|
2018-06-27
|
821138
|
Privilege elevation via PDFium
|
-
|
2018-06-27
|
822799
|
Security: WebRtc - Use After Free in AudioRtpSender::CanInsertDtmf()
|
$5000
|
2018-06-27
|
823353
|
Security: Show javascript alert on a site by clicking on a link from that site
|
$1000
|
2018-06-27
|
823654
|
Use-of-uninitialized-value in content::RenderFrameMetadataObserverImpl::OnRenderFrameSubmission
|
-
|
2018-06-27
|
818396
|
Use-of-uninitialized-value in blink::SubresourceIntegrity::ParseAlgorithmPrefix
|
-
|
2018-06-26
|
818808
|
Use-of-uninitialized-value in gtk_widget_destroy
|
-
|
2018-06-26
|
820703
|
Heap-use-after-free in GrTextureStripAtlas::unlockRow
|
-
|
2018-06-26
|
822986
|
Use-of-uninitialized-value in gdk_pixbuf_new
|
-
|
2018-06-26
|
823239
|
Use-of-uninitialized-value in g_type_module_register_type
|
-
|
2018-06-26
|
822266
|
Security:crash(SEGV_MAPERR ) in wasm module
|
-
|
2018-06-25
|
816769
|
Security: IDN URL Spoofing with U+04FD, U+050F, U+050B
|
-
|
2018-06-23
|
817686
|
Global-buffer-overflow in puffin::Huffer::HuffDeflate
|
-
|
2018-06-23
|
817733
|
Heap-buffer-overflow in puffin::BufferPuffReader::GetNext
|
-
|
2018-06-23
|
818527
|
Security: ChromeOS ff_debug command execution from crosh shell
|
$500
|
2018-06-23
|
820068
|
Security: IDN URL Spoofing with using "U+0437" (cyrillic small letter Ze)
|
$500
|
2018-06-23
|
805924
|
mXSS: Potential XSS via MathML gotten from innerHTML
|
$500
|
2018-06-22
|
822091
|
Heap-use-after-free in PDFiumEngine::GetVisiblePageIndex
|
$5000
|
2018-06-22
|
822284
|
ThinStrings are incompatible with TurboFan SeqString types
|
-
|
2018-06-22
|
822424
|
Security: Local Privilege Escalation due to unsafe use of Distributed Objects in Google Software Updater on MacOS
|
-
|
2018-06-22
|
813703
|
Heap-buffer-overflow in swrast_dri.so
|
-
|
2018-06-21
|
819954
|
Use-of-uninitialized-value in base::BaseCharToDigit<char, 16, false>::Convert
|
-
|
2018-06-21
|
821137
|
OOB read/write using Array.prototype.from
|
-
|
2018-06-21
|
821367
|
Use-after-poison in base::IteratorRangeToNumber<base::BaseHexIteratorRangeToIntTraits<char const*> >
|
-
|
2018-06-21
|
821596
|
Security: Enforce blob/filesystem "local scheme" checks in FilterURL
|
-
|
2018-06-21
|
804198
|
Security: Adobe Flash NetStream Object Use After Free
|
$3000
|
2018-06-20
|
804636
|
Security: Adobe Flash AdBannerAsset Object Type Confusion
|
$3000
|
2018-06-20
|
821613
|
Restrict PDFium extension from running script inside chrome:// URLs
|
-
|
2018-06-20
|
819330
|
Crash in next
|
-
|
2018-06-19
|
819953
|
Use-after-poison in base::internal::JSONParser::ConsumeStringRaw
|
-
|
2018-06-19
|
820399
|
Use-of-uninitialized-value in cc::PaintOpReader::Read
|
-
|
2018-06-19
|
820685
|
Heap-use-after-free in media::GpuMemoryBufferVideoFramePool::PoolImpl::GetOrCreateFrameResources
|
-
|
2018-06-19
|
820769
|
Use-of-uninitialized-value in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage
|
-
|
2018-06-19
|
820779
|
Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in LayoutBlo
|
-
|
2018-06-19
|
820827
|
Heap-use-after-free in rtc::TaskQueue::Impl::RunTask
|
-
|
2018-06-19
|
820830
|
Bad-cast to webrtc::VideoStreamEncoder from invalid vptr in rtc::ClosureTask<webrtc::VideoStreamEncoder::OnEncodedImage
|
-
|
2018-06-19
|
820834
|
Bad-cast to blink::LayoutInline from blink::LayoutSVGForeignObject in blink::LineLayoutInline::LastLineBox
|
-
|
2018-06-19
|
819311
|
DCHECK failure in op->opcode() == IrOpcode::kStateValues || op->opcode() == IrOpcode::kTypedStateV
|
-
|
2018-06-16
|
820312
|
Security: V8: PromiseAllResolveElementClosure can cause elements kind confusion
|
-
|
2018-06-16
|
820341
|
Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError
|
-
|
2018-06-16
|
820376
|
DCHECK failure in IsInterpreted() in objects.cc
|
-
|
2018-06-16
|
820596
|
DCHECK failure in static_cast<unsigned>(length_) > static_cast<unsigned>(i) in zone.h
|
-
|
2018-06-16
|
819563
|
Security: Chrome OS drive and downloads exposed to arbitrary Android apps
|
-
|
2018-06-15
|
819869
|
Security: Integer Overflow when Processing WebAssembly Locals
|
-
|
2018-06-15
|
819973
|
Use-of-uninitialized-value in resource_coordinator::TabManager::PurgeBackgroundedTabsIfNeeded
|
-
|
2018-06-15
|
818592
|
Security: WinUSB - multiple issues
|
$5000
|
2018-06-13
|
807517
|
Container-overflow in views::Textfield::UpdateAfterChange
|
-
|
2018-06-13
|
798222
|
Security: DevTools protocol can be abused to download and run external programs
|
$2000
|
2018-06-12
|
805445
|
Security: arbitrarily file write + bypass dangerous file check via DevTools API
|
$2000
|
2018-06-12
|
805905
|
Security: Bad cast to ChromeDownloadManagerDelegate* from DevToolsDownloadManagerDelegate*
|
$500
|
2018-06-12
|
808205
|
Should XSDB also block some headers (not just response body)?
|
-
|
2018-06-12
|
818135
|
Potential root privilege escalation via debugd
|
-
|
2018-06-12
|
818177
|
Merge VP9 RTP fix to M65
|
-
|
2018-06-12
|
818807
|
Security: prevent WebUSB from accessing all Yubico devices
|
-
|
2018-06-12
|
818811
|
Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in int const& v8::internal::compiler::OpParameter<int>
|
-
|
2018-06-12
|
819086
|
CHECK failure: Node::New() Error: #392:DeoptimizeIf[1] is nullptr in node.cc
|
-
|
2018-06-12
|
817993
|
Command injection bug in crash_sender
|
-
|
2018-06-10
|
816787
|
Use-of-uninitialized-value in mov_read_packet
|
-
|
2018-06-09
|
816961
|
Security: Use-after-free in TypedArrayOf and TypedArrayFrom
|
$7500
|
2018-06-09
|
818144
|
Bad-cast to v8::internal::compiler::Operator1<int, v8::internal::compiler::OpEqualTo<int>, v8::internal::compiler::OpHash<int> > from v8::internal::compiler::Operator1<v8::internal::compiler::IfValueParameters, v8::internal::compiler::OpEqualTo<v8::internal::compiler::IfValueParameters>, v8::internal::compiler::OpHash<v8::internal::compiler::IfValueParameters> > in OpParameter<int>
|
-
|
2018-06-09
|
816033
|
Security: Permission request UI spoof
|
$500
|
2018-06-08
|
816768
|
Security DCHECK failure: i < length_ in StringImpl.h
|
$1500
|
2018-06-08
|
817380
|
DCHECK failure in code->kind() == wasm::WasmCode::kFunction || code->kind() == wasm::WasmCode::kWa
|
-
|
2018-06-08
|
798105
|
Chromium fails to leave full screen mode
|
$1000
|
2018-06-07
|
674887
|
tel: URL scheme Reference Origin Spoof in Chrome iOS
|
$500
|
2018-06-06
|
813621
|
Crash in v8::internal::Code::marked_for_deoptimization
|
-
|
2018-06-06
|
796776
|
Use-of-uninitialized-value in ConstantUnion::operator+
|
-
|
2018-06-05
|
797234
|
Use-of-uninitialized-value in ConstantUnion::cast
|
-
|
2018-06-05
|
797281
|
Heap-buffer-overflow in getIConst
|
-
|
2018-06-05
|
799499
|
Heap-buffer-overflow in WebRtcSpl_DownsampleFastC
|
-
|
2018-06-05
|
812519
|
Negative-size-param in SkPixmap::erase
|
-
|
2018-06-05
|
813632
|
Crash in FromAddress
|
-
|
2018-06-05
|
813714
|
Heap-buffer-overflow in TIntermConstantUnion::fold
|
-
|
2018-06-05
|
814913
|
Some renderer-initiated network loads are bypassing ResourceDispatcherHost (with the network service disabled)
|
-
|
2018-06-05
|
816317
|
DCHECK failure in source->length_value() <= destination->length_value() - offset in elements.cc
|
-
|
2018-06-05
|
797258
|
CVE-2017-8824 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-02
|
810235
|
user namespaces allow for unprivileged noexec bypass
|
-
|
2018-06-02
|
812567
|
Heap-buffer-overflow in mov_read_trun
|
-
|
2018-06-02
|
815318
|
Crash in libappindicator3.so.1
|
-
|
2018-06-02
|
806162
|
Security: Chrome fullscreen without any warning and dialog no orgin for spoof
|
$1000
|
2018-06-01
|
813012
|
CVE-2017-18079 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-06-01
|
813142
|
Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable
|
-
|
2018-06-01
|
813814
|
Security: Whole-script confusable domain label spoofing (Cyrillic)
|
$500
|
2018-06-01
|
814562
|
DCHECK failure in code->owner()->compiled_module()->owning_instance() == codemap()->instance() in
|
-
|
2018-06-01
|
814950
|
Heap-buffer-overflow in SkPath::moveTo
|
-
|
2018-06-01
|
805900
|
Security: URL spoofing via forward and backward navigation on iOS
|
-
|
2018-05-31
|
809823
|
Make chrome://view-http-cache use WebUI bindings
|
-
|
2018-05-31
|
811691
|
CSP object-src 'none' allows load of image in <object> tag
|
-
|
2018-05-31
|
813201
|
Heap-buffer-overflow in wm::FocusController::SetActiveWindow
|
-
|
2018-05-31
|
771933
|
SW can intercept potential-navigation-or-subresource request
|
$500
|
2018-05-30
|
810146
|
Heap-use-after-free in blink::LayoutObject::WillBeDestroyed
|
-
|
2018-05-30
|
813427
|
CHECK failure: constructor_initial_map->instance_size() <= instance_size in objects.cc
|
-
|
2018-05-30
|
737648
|
Security: bypassing CORS of multipart images by ServiceWorker
|
-
|
2018-05-29
|
813590
|
Crash in v8::internal::Code::unwinding_info_size
|
-
|
2018-05-29
|
813598
|
Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse
|
-
|
2018-05-29
|
813593
|
Crash in v8::internal::ConcurrentMarking::Run
|
-
|
2018-05-29
|
813605
|
Crash in unwinding_info_start
|
-
|
2018-05-29
|
813628
|
Crash in FromAddress
|
-
|
2018-05-29
|
813618
|
Crash in v8::internal::FeedbackVector::GetKind
|
-
|
2018-05-29
|
813633
|
Crash in v8::internal::HeapObject::map_word
|
-
|
2018-05-29
|
808316
|
Security: IDN URL Spoofing with using Å (U+014B)
|
-
|
2018-05-28
|
811117
|
Myanmar character in domain names can lead to spoofing
|
$500
|
2018-05-28
|
797298
|
Heap-use-after-free in blink::PaintLayerScrollableArea::UpdateScrollOffset
|
-
|
2018-05-26
|
806122
|
Crash in get_chroma_qp
|
-
|
2018-05-26
|
808838
|
Security: Same origin bypass with Service Workers + PDF plugin
|
$4500
|
2018-05-26
|
809759
|
Security: Latest Win10 builds fail to set Mark-of-the-Web on downloaded filenames approaching MAX_PATH
|
$1000
|
2018-05-26
|
482558
|
Security: CSP does not block favicon request
|
-
|
2018-05-25
|
560695
|
Security: Anchor Elements Ping attribute security settings bypass
|
-
|
2018-05-25
|
582387
|
CSP not inherited to popups with "javascript:"-URL
|
$500
|
2018-05-25
|
758523
|
Security: document.baseURI contains not-encoded representation of URI and may lead to DOM based XSS
|
$500
|
2018-05-25
|
776418
|
Security: Fullscreen notification can be overlapped
|
$1000
|
2018-05-25
|
798150
|
Crash in v8::internal::Invoke
|
-
|
2018-05-25
|
811048
|
CVE-2018-5750 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-05-25
|
811733
|
Stack-buffer-overflow in CFX_MemoryStream::ReadBlock
|
-
|
2018-05-25
|
812923
|
Crash in _fini
|
-
|
2018-05-25
|
441275
|
referrer leakage with XSS Auditor page block
|
-
|
2018-05-24
|
481190
|
Security: BoringSSL ECDSA signing is never constant time with p256-64.c.
|
-
|
2018-05-24
|
526341
|
Adobe Flash Player PCRE find_parens Out-Of-Bounds Read Access
|
$1000
|
2018-05-24
|
585555
|
Security: Function constructor cotext escape when using template string as the default argument
|
-
|
2018-05-24
|
602625
|
Security: untrusted code exec to kernel code exec, applicable from chrome render process as well
|
-
|
2018-05-24
|
644907
|
Security: Linking to chrome:// and file:// urls inside print preview
|
-
|
2018-05-24
|
683824
|
The browser and d8 crashed caused by segv
|
-
|
2018-05-24
|
685750
|
Security: RTL characters are not handled properly in extension permission patterns
|
-
|
2018-05-24
|
754980
|
Security: Permission changes in Guest mode persist for next Guest session
|
-
|
2018-05-24
|
766592
|
Security: `\n` and `<` in `ping` aren't completely blocked.
|
-
|
2018-05-24
|
801821
|
Heap-buffer-overflow in mov_read_stts
|
-
|
2018-05-24
|
804097
|
Use-of-uninitialized-value in find_prev_closest_index
|
-
|
2018-05-24
|
807215
|
Security: heap-use-after-free in ProbeForLowSeverityLifetimeIssue
|
-
|
2018-05-24
|
811853
|
Use-of-uninitialized-value in CFX_BmpDecompressor::ReadHeader
|
-
|
2018-05-24
|
812451
|
Crash in /build/eglibc-ripdx6/eglibc-NUMBER/string/../sysdeps/x86_64/multiarch/memcpy-sse
|
-
|
2018-05-24
|
812512
|
Use-of-uninitialized-value in sk_store_a8
|
-
|
2018-05-24
|
808192
|
Security: V8 Integer overflow in object allocation size
|
-
|
2018-05-23
|
808825
|
WebVTT CORS bypass using ServiceWorker
|
$500
|
2018-05-23
|
811049
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-05-23
|
811144
|
Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject
|
-
|
2018-05-23
|
811246
|
Heap-use-after-free in GetLayoutBox
|
-
|
2018-05-23
|
812167
|
Heap-use-after-free in blink::LayoutObject::MaybeClearIsScrollAnchorObject
|
-
|
2018-05-23
|
810973
|
CHECK failure: !result.failed() in wasm-engine.cc
|
-
|
2018-05-22
|
807985
|
Heap-use-after-free in CPDF_ContentParser::~CPDF_ContentParser
|
-
|
2018-05-20
|
808341
|
Use-of-uninitialized-value in blink::LayoutObject::MaybeClearIsScrollAnchorObject
|
-
|
2018-05-20
|
784012
|
DCHECK failure in last_slash != std::string::npos in d8.cc
|
-
|
2018-05-19
|
799477
|
Cross-Origin image data leak via cache and canvas
|
$4000
|
2018-05-19
|
810107
|
DCHECK failure in obj->IsFixedArray() in wasm-objects-inl.h
|
-
|
2018-05-19
|
810368
|
Use-after-poison in blink::ComputePresentationAttributeStyle
|
-
|
2018-05-19
|
810923
|
Use-of-uninitialized-value in webrtc::AecState::Update
|
-
|
2018-05-19
|
511480
|
Security: User not notified about an extension changing the NTP
|
-
|
2018-05-18
|
792538
|
Improve extension content verification logic when the extension requests a resource at folder urls
|
-
|
2018-05-18
|
798099
|
Security DCHECK failure: offset + length <= impl.length() in StringView.h
|
-
|
2018-05-18
|
798410
|
Security DCHECK failure: !object || (object->IsTableCell()) in LayoutTableCell.h
|
-
|
2018-05-18
|
780694
|
Security: Heap-use-after-free in content::protocol::NetworkHandler::SetNetworkConditions
|
-
|
2018-05-17
|
798933
|
Chrome for Android - Window.open combined with the onbeforeunload dialog crashes Chrome's WebView render
|
$2000
|
2018-05-17
|
800032
|
Security: V8: Bugs in Genesis::InitializeGlobal
|
-
|
2018-05-17
|
802392
|
Chrome: Crash Report - cc::LayerTreeHost::AnimateLayers
|
-
|
2018-05-17
|
806388
|
Security: A bug in JSFunction::GetDerivedMap
|
-
|
2018-05-17
|
807096
|
Security: Arrow function scope fixing bug
|
-
|
2018-05-17
|
809824
|
Security: PDFium OOB Read in CFX_BmpDecompressor::ReadHeader
|
$1000
|
2018-05-17
|
801861
|
Web Store extensions can be made to have no toolbar icon
|
-
|
2018-05-16
|
808336
|
Security: PDFium OOB Read in BMPDecompressor::ReadHeader
|
$1000
|
2018-05-16
|
808389
|
CVE-2018-5344 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-05-16
|
808786
|
CVE-2018-1000004 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-05-16
|
809613
|
Use-of-uninitialized-value in blink::MediaAttributeMatches
|
-
|
2018-05-16
|
767018
|
Security: arc setup code in session_manager writes lots of untrusted file system locations carelessly
|
-
|
2018-05-15
|
773229
|
Security: Use-After-Free in PDFium
|
$7500
|
2018-05-15
|
803936
|
Security: Heap Buffer Overflow (Read) in PlanGauss::Gauss::blur (using filter_fuzz_stub)
|
-
|
2018-05-15
|
808785
|
CVE-2017-15129 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-05-15
|
808787
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-05-15
|
808876
|
Bad-cast to blink::LayoutTableRow from blink::LayoutTableCell in blink::ToLayoutTableRow
|
-
|
2018-05-15
|
808878
|
Use-of-uninitialized-value in mojo::ScopedInterfaceEndpointHandle::id
|
-
|
2018-05-15
|
808980
|
[v8] Uninitialized wasm_compiled_module for deserialized module
|
$3500
|
2018-05-15
|
805892
|
Heap-buffer-overflow in autofill::PagePasswordsAnalyser::AnalyseDocumentDOM
|
-
|
2018-05-14
|
805729
|
Security: V8: AwaitedPromise update bug
|
-
|
2018-05-14
|
779428
|
Security: global-buffer-overflow in SkBitmap IPC Deserialization
|
$2000
|
2018-05-12
|
807887
|
Heap-use-after-free in video_capture::DeviceMediaToMojoAdapter::Stop
|
-
|
2018-05-12
|
808386
|
Heap-use-after-free in cc::PlaybackImageProvider::GetDecodedDrawImage
|
-
|
2018-05-12
|
780435
|
Read cross-origin video using Canvas and Service Worker
|
$4000
|
2018-05-11
|
802060
|
DCHECK failure in op->IsAnyLocationOperand() in instruction.h
|
-
|
2018-05-11
|
807628
|
Use-of-uninitialized-value in content::QuotaDispatcherHost::QueryStorageUsageAndQuota
|
-
|
2018-05-11
|
808320
|
Bad-cast to gin::(anonymous namespace)::PageAllocator from invalid vptr in base::NoDestructor<gin::PageAllocator>::NoDestructor<>
|
-
|
2018-05-11
|
617149
|
Security: libtiff in pdfium may have a security issue
|
-
|
2018-05-10
|
617494
|
Security: PDFium: Heap Buffer Overflow in libtiff's NeXTDecode Function
|
-
|
2018-05-10
|
618254
|
Security: PDFium: Out-Of-Bounds Read in libtiff's putRGBUAcontig8bittile Function
|
-
|
2018-05-10
|
780919
|
Security: heap-use-after-free blink::AudioSummingJunction::UpdateRenderingState
|
$3000
|
2018-05-10
|
806151
|
Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2018-05-10
|
618931
|
Security: PDFium: Heap Buffer Overflow in libtiff's TIFFFetchStripThing Function
|
-
|
2018-05-09
|
765605
|
Security: ble adv flooding: kernel panics/crashes
|
-
|
2018-05-09
|
777104
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-05-09
|
797555
|
Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow
|
-
|
2018-05-09
|
799705
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2018-05-09
|
806582
|
Heap-use-after-free in get_scalar_from_data_ptr
|
-
|
2018-05-09
|
807214
|
Security: global-buffer-overflow in CFX_GetCSSPropertyByName
|
$1000
|
2018-05-09
|
807240
|
Heap-use-after-free in blink::GraphicsLayer::PaintRecursivelyInternal
|
-
|
2018-05-09
|
807480
|
Heap-use-after-free in blink::GraphicsLayer::UpdateContentsRect
|
-
|
2018-05-09
|
807508
|
DCHECK failure in !__isolate__->has_pending_exception() in builtins-api.cc
|
-
|
2018-05-09
|
807529
|
Null-dereference READ in base::CreateThread
|
-
|
2018-05-09
|
616667
|
Security: PDFium: Heap Buffer Overflow in bmp_decode_rle4
|
-
|
2018-05-08
|
616668
|
Security: PDFium: Heap Buffer Overflow in CGifLZWDecoder::ClearTable
|
-
|
2018-05-08
|
616669
|
Security: PDFium: Out-Of-Bounds Read in GetDWord_LSBFirst
|
-
|
2018-05-08
|
616672
|
Security: PDFium: Out-Of-Bounds Read in CCodec_ProgressiveDecoder::GifInputRecordPositionBufCallback
|
-
|
2018-05-08
|
618939
|
Security: PDFium: Out-Of-Bounds Read in libtiff's TIFFReadDirectory Function 2
|
-
|
2018-05-08
|
771709
|
PWA app installation can be requested from sandboxed page
|
-
|
2018-05-08
|
804118
|
Security: WriteTexture heap-buffer-overflow in WebGL on macOS
|
$1000
|
2018-05-08
|
806179
|
DCHECK failure in top() >= to_space_.page_low() in spaces.h
|
-
|
2018-05-08
|
806539
|
Use-of-uninitialized-value in net::QuicUrlUtilsImpl::GetPushPromiseUrl
|
-
|
2018-05-07
|
805396
|
Use-of-uninitialized-value in WebRtcSpl_MaxAbsValueW16C
|
-
|
2018-05-06
|
633030
|
Oilpan reintroduced inline meta-data
|
$2000
|
2018-05-05
|
800257
|
OOB in _sk_lerp_u8_sse2
|
-
|
2018-05-05
|
758848
|
Security: Use after free vulnerability about psdk in the latest version
|
$5000
|
2018-05-04
|
758863
|
Security: Use after free vulnerability about psdk in the latest version of Flash player
|
$5000
|
2018-05-04
|
792028
|
Security: Information disclosure via "memory_instrumentation::mojom::Coordinator" interface in "resource_coordinator" service
|
-
|
2018-05-04
|
802333
|
Security: V8: A bug in the ObjectDescriptor class
|
-
|
2018-05-04
|
794402
|
Security: use-of-uninitialized-value in sse2::blit_row_s32a_opaque (filter_fuzz_stub)
|
-
|
2018-05-03
|
797796
|
Crash in _sk_load_bgra_sse2
|
-
|
2018-05-03
|
798096
|
Security: Linkified URLs in DevTools are not sanitized (can open privileged URLs)
|
-
|
2018-05-03
|
799775
|
Security: use-of-unitialized-value in GetScale (SkUnPeMultiply.h:29) in filter_fuzz_stub
|
-
|
2018-05-03
|
803571
|
'Security: IDN URL Spoofing with "Cyrillic Letter Ukrainian Ie"
|
-
|
2018-05-03
|
804476
|
Security: use-of-uninitialized-value in unpremul_pm (filter_fuzz_stub)
|
-
|
2018-05-03
|
792900
|
Security: Calling "mojo::WrapSharedMemoryHandle" is insufficient to produce read-only descriptors for IPC
|
-
|
2018-05-02
|
800389
|
Security: use-of-unitialized-value in getType (SkMatrix.h:128) in filter_fuzz_stub
|
-
|
2018-05-02
|
803022
|
DCHECK failure in current_ == next_ in node.h
|
$3500
|
2018-05-02
|
804177
|
DCHECK failure in map() != GetHeap()->fixed_cow_array_map() in fixed-array-inl.h
|
-
|
2018-05-02
|
804651
|
Security: use-of-uninitialized-value in getType (filter_fuzz_stub)
|
-
|
2018-05-02
|
804801
|
CHECK failure: Type cast failed in CAST(add_func) at ../../src/builtins/builtins-collections-ge
|
-
|
2018-05-02
|
804837
|
CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep
|
-
|
2018-05-02
|
805039
|
Use-after-poison in blink::TreeScope::Retarget
|
-
|
2018-05-02
|
805283
|
Security: Use-of-uninitialized-value in SkReadBuffer.h (filter_fuzz_stub)
|
-
|
2018-05-02
|
789959
|
Security: Read-only SharedMemory descriptors on Android are writable
|
-
|
2018-05-01
|
801514
|
Security: local privilege escalation via glibc realpath() buffer underflow (CVE-2018-1000001)
|
-
|
2018-05-01
|
803352
|
Heap-use-after-free in blink::HTMLCollection::NamedItems
|
-
|
2018-05-01
|
803812
|
CVE-2017-18017 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-05-01
|
803427
|
DCHECK failure in (native_module_->lazy_builtin_) == nullptr in wasm-serialization.cc
|
-
|
2018-05-01
|
804096
|
Crash in v8::internal::Sweeper::EnsurePageIsIterable
|
-
|
2018-05-01
|
804631
|
Heap-use-after-free in app_list::PageSwitcher::~PageSwitcher
|
-
|
2018-05-01
|
804288
|
DCHECK failure in IsNativeContext() in contexts-inl.h
|
-
|
2018-05-01
|
791368
|
DCHECK failure in descriptors->GetValue(descriptor) != value || value->FitsRepresentation(details.
|
-
|
2018-04-30
|
803788
|
DCHECK failure in wasm::WasmCode::kLazyStub == code->kind() in module-compiler.cc
|
-
|
2018-04-30
|
803750
|
CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc
|
-
|
2018-04-28
|
707539
|
Security: Persistent pre and post login command execution as chronos user, with noexec bypass allowing any binary
|
$5000
|
2018-04-27
|
802983
|
Heap-buffer-overflow in CJBig2_Image::composeTo_opt2
|
-
|
2018-04-27
|
629431
|
Security: extension system must respect the page load deferrer
|
-
|
2018-04-26
|
792163
|
Review U+04CF confusable mapping and make it platform-dependent if necessary
|
-
|
2018-04-26
|
801378
|
Use-of-uninitialized-value in v8::internal::Assembler::target_address_at
|
-
|
2018-04-26
|
801772
|
DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparsed-
|
-
|
2018-04-26
|
801789
|
Use-of-uninitialized-value in SkIRect::isEmpty
|
-
|
2018-04-26
|
793074
|
Cross-Directory Shared Worker
|
$500
|
2018-04-25
|
797497
|
Security: Extension can run code in the chrome-devtools://devtools (e.g. to read local files)
|
$2500
|
2018-04-25
|
798133
|
CVE-2017-17712 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-04-25
|
801000
|
iOS: wrong url in omnibox after going back from search result
|
-
|
2018-04-25
|
801602
|
ASSERT: 0 <= value && value < symbolsCount
|
-
|
2018-04-25
|
801859
|
Stack-use-after-return in TDiagnostics::writeDebug
|
-
|
2018-04-24
|
608669
|
Security: a@download feature can be abused to leak sensitive information from third party sites
|
$500
|
2018-04-23
|
801627
|
Security: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps
|
-
|
2018-04-23
|
668645
|
Security: CSP in WebUI can trivially be bypassed by extensions
|
$1000
|
2018-04-22
|
797500
|
Security: chrome-devtools://devtools/remote/ can be modified by extensions
|
$2500
|
2018-04-22
|
797511
|
Security: heap-use-after-free in WebUIExtension::Send (chrome.send)
|
-
|
2018-04-22
|
797525
|
Security: XSS in "Site blocked" (supervised user) interstitial and chrome://interstitials/supervised_user
|
$1000
|
2018-04-22
|
798163
|
Security: privileged XSS in chrome-devtools://devtools/remote with old frontend (insufficient validation of remoteFrontendUrl)
|
$2500
|
2018-04-22
|
793628
|
Security: IDN URL Spoofing with Cyrillic
|
$500
|
2018-04-21
|
797469
|
Heap-buffer-overflow in xiph_lacing_16bit
|
-
|
2018-04-21
|
798892
|
Security: IDN URL Spoofing with using "U+00FE"
|
$500
|
2018-04-21
|
799363
|
Crash in mov_read_trun
|
-
|
2018-04-21
|
800810
|
DCHECK failure in receiver->map() == *original_map in elements.cc
|
-
|
2018-04-21
|
801647
|
Crash in __msan_memset
|
-
|
2018-04-21
|
797481
|
Crash in v8::internal::Simulator::LoadStorePairHelper
|
-
|
2018-04-20
|
799715
|
heap overflow read in filter_fuzz_stub
|
$1000
|
2018-04-20
|
799847
|
Redirect URL leak via error message of WebGL texture
|
$2000
|
2018-04-20
|
799918
|
Stack-buffer-overflow in SkPackBits::Unpack8
|
$1500
|
2018-04-20
|
801105
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-04-20
|
759289
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-04-19
|
767354
|
Security: Detect open SSH port via FTP protocol
|
-
|
2018-04-19
|
799706
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-04-19
|
798644
|
Security: V8: Type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl
|
-
|
2018-04-19
|
800230
|
XSS on chrome-search://most-visited/title.html (NTP)
|
-
|
2018-04-19
|
800692
|
Security DCHECK failure: object.IsBox() in LayoutBox.h
|
-
|
2018-04-19
|
800919
|
Use-of-uninitialized-value in blink::ResourceLoadScheduler::TrafficMonitor::Report
|
-
|
2018-04-19
|
794091
|
Security: race condition lead to many fatal Error D in WebAssembly.validate
|
$3000
|
2018-04-18
|
800025
|
Heap-use-after-free in blink::ShapeOutsideInfo::IsEnabledFor
|
-
|
2018-04-18
|
800077
|
CHECK failure: Type cast failed in CAST(key) at ../../src/code-stub-assembler.cc:7137 in code-a
|
-
|
2018-04-18
|
800277
|
CVE-2017-17805 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-04-18
|
800356
|
CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString()
|
-
|
2018-04-18
|
799325
|
Use-of-uninitialized-value in cc::PaintOpReader::Read
|
-
|
2018-04-17
|
799690
|
DCHECK failure in total_offset == offset_table->get_int(kOTESize * left) in wasm-objects.cc
|
-
|
2018-04-17
|
799813
|
DCHECK failure in index >= 0 && index < length() in string-inl.h
|
-
|
2018-04-17
|
800225
|
Use-of-uninitialized-value in cc::PaintOpReader::Read
|
-
|
2018-04-17
|
800228
|
CSS Injection on chrome-search://most-visited/single.html (NTP)
|
-
|
2018-04-17
|
789966
|
Deadlysignal in base::internal::CallbackBase::CallbackBase
|
-
|
2018-04-15
|
798695
|
Use-of-uninitialized-value in path_to_polys
|
-
|
2018-04-15
|
796107
|
Heap-buffer-overflow in SkRecorder::onDrawPosTextH
|
$2000
|
2018-04-14
|
798912
|
Use-of-uninitialized-value in sweep_lt_vert
|
-
|
2018-04-14
|
799097
|
Use-of-uninitialized-value in blink::LayoutBlock::AddChildBeforeDescendant
|
-
|
2018-04-14
|
799202
|
Heap-use-after-free in blink::LayoutBlock::EnclosingFirstLineStyleBlock
|
-
|
2018-04-14
|
799341
|
Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty
|
-
|
2018-04-14
|
790013
|
Heap-buffer-overflow in safe_browsing::dmg::ConvertBigEndian
|
-
|
2018-04-13
|
795493
|
Bad-cast to webrtc::MetricsObserverInterface from invalid vptr in cricket::BasicPortAllocator::OnIceRegathering
|
-
|
2018-04-13
|
796777
|
Security: URL spoofing on iOS after UI action
|
$500
|
2018-04-13
|
797254
|
CVE-2017-1000410 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-04-13
|
797483
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2018-04-13
|
799017
|
Security DCHECK failure: value.IsValuePair() in CSSValuePair.h
|
-
|
2018-04-13
|
799051
|
Use-of-uninitialized-value in blink::LayoutBox::WillBeDestroyed
|
-
|
2018-04-13
|
799052
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsRooted
|
-
|
2018-04-13
|
799055
|
Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::Root
|
-
|
2018-04-13
|
799058
|
Use-of-uninitialized-value in blink::InlineFlowBox::RemoveChild
|
-
|
2018-04-13
|
799060
|
Heap-use-after-free in blink::InlineBox::Root
|
-
|
2018-04-13
|
799063
|
Use-of-uninitialized-value in blink::InlineBox::Root
|
-
|
2018-04-13
|
799065
|
Use-of-uninitialized-value in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded
|
-
|
2018-04-13
|
799067
|
Use-of-uninitialized-value in blink::LayoutObject::PaintingLayer
|
-
|
2018-04-13
|
799068
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::AddChildBeforeDescendant
|
-
|
2018-04-13
|
799069
|
Use-of-uninitialized-value in blink::StyleEngine::NodeWillBeRemoved
|
-
|
2018-04-13
|
799098
|
Heap-use-after-free in blink::LayoutTableRow::StyleDidChange
|
-
|
2018-04-13
|
799100
|
Use-of-uninitialized-value in blink::PODRedBlackTree<blink::PODInterval<blink::LayoutUnit, blink::LayoutMultiC
|
-
|
2018-04-13
|
799104
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2018-04-13
|
799108
|
Heap-use-after-free in blink::LayoutTableCell::BorderLeft
|
-
|
2018-04-13
|
799110
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBox::IsOrthogonalWritingModeRoot
|
-
|
2018-04-13
|
799113
|
Heap-use-after-free in blink::ScrollAnchor::NotifyBeforeLayout
|
-
|
2018-04-13
|
799119
|
Heap-use-after-free in blink::ShouldEmitNewlinesBeforeAndAfterNode
|
-
|
2018-04-13
|
799121
|
Bad-cast to blink::InlineBox from invalid vptr in blink::InlineBox::DirtyLineBoxes
|
-
|
2018-04-13
|
799123
|
Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2018-04-13
|
799128
|
Heap-use-after-free in blink::LayoutObject::SetPreferredLogicalWidthsDirty
|
-
|
2018-04-13
|
799188
|
Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild
|
-
|
2018-04-13
|
799206
|
Heap-use-after-free in blink::LayoutBox::IsFlexItemIncludingDeprecated
|
-
|
2018-04-13
|
799207
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlock::EnclosingFirstLineStyleBlock
|
-
|
2018-04-13
|
799210
|
Heap-use-after-free in blink::AXLayoutObject::LayoutParentObject
|
-
|
2018-04-13
|
799214
|
Heap-use-after-free in blink::PrimaryDirectionOf
|
-
|
2018-04-13
|
799222
|
Use-of-uninitialized-value in base::internal::CallbackBase::~CallbackBase
|
-
|
2018-04-13
|
799224
|
Heap-use-after-free in blink::SVGResourcesCache::CachedResourcesForLayoutObject
|
-
|
2018-04-13
|
799263
|
Security: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind
|
-
|
2018-04-13
|
799274
|
Use-of-uninitialized-value in blink::PrimaryDirectionOf
|
-
|
2018-04-13
|
799276
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::ScrollAnchor::ComputeScrollAnchorDisablingStyleChanged
|
-
|
2018-04-13
|
799277
|
Heap-use-after-free in blink::LayoutObject::NextInPreOrderAfterChildren
|
-
|
2018-04-13
|
799282
|
Heap-use-after-free in blink::LayoutObject::OffsetParent
|
-
|
2018-04-13
|
799280
|
Heap-use-after-free in SetNeedsCollectInlines
|
-
|
2018-04-13
|
799286
|
Use-of-uninitialized-value in blink::InlineBox::DirtyLineBoxes
|
-
|
2018-04-13
|
799289
|
Use-of-uninitialized-value in void blink::PODIntervalTree<blink::LayoutUnit, blink::LayoutMultiColumnSet*>::Se
|
-
|
2018-04-13
|
799295
|
Use-of-uninitialized-value in blink::LayoutObject::IsRooted
|
-
|
2018-04-13
|
799298
|
Use-of-uninitialized-value in blink::ObjectPaintInvalidator::SlowSetPaintingLayerNeedsRepaint
|
-
|
2018-04-13
|
799303
|
Heap-use-after-free in blink::LayoutObject::SetNeedsPaintPropertyUpdate
|
-
|
2018-04-13
|
799340
|
Heap-use-after-free in blink::LayoutObject::Container
|
-
|
2018-04-13
|
799366
|
Heap-use-after-free in blink::ContainerNode::GetUpperLeftCorner
|
-
|
2018-04-13
|
799408
|
Heap-use-after-free in blink::LayoutTableCell::BorderLeft
|
-
|
2018-04-13
|
799432
|
Heap-use-after-free in blink::LayoutBlock::MarkFixedPositionObjectForLayoutIfNeeded
|
-
|
2018-04-13
|
759225
|
CHECK failure in SyntheticGestureTargetBase::DispatchInputEventToPlatform()
|
-
|
2018-04-12
|
773930
|
Security: Whole-script confusable domain label spoofing (Cyrillic)
|
$500
|
2018-04-12
|
798066
|
heap-buffer-overflow in SkAAClip::quickContains
|
$500
|
2018-04-12
|
798256
|
Heap-buffer-overflow in SkMatrix::setRSXform
|
-
|
2018-04-12
|
798173
|
Use-of-uninitialized-value in SkMatrix::postConcat
|
-
|
2018-04-11
|
770106
|
CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug
|
-
|
2018-04-10
|
786809
|
Use-of-uninitialized-value in update_current_folder_get_info_cb
|
-
|
2018-04-06
|
797184
|
Use-of-uninitialized-value in SkMatrix::postConcat
|
-
|
2018-04-06
|
797482
|
CVE-2017-1000407 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-04-06
|
797596
|
DCHECK failure in IrOpcode::kMerge == control->opcode() in node-properties.cc
|
-
|
2018-04-05
|
824799
|
Security: Bug in X509_VERIFY_PARAM_set1_host() with namelen 0
|
$500
|
2018-04-04
|
779325
|
Unknown exception in Register
|
-
|
2018-03-31
|
793620
|
Security: Sandbox escape / automatic code execution via downloads.open
|
$1000
|
2018-03-31
|
796930
|
CHECK failure: Node #610:Phi in B121 is not dominated by input@1 #632:Call in verifier.cc
|
-
|
2018-03-31
|
797130
|
DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc
|
-
|
2018-03-31
|
797192
|
CHECK failure: Node #370:Phi in B34 is not dominated by input@1 #392:Call in verifier.cc
|
-
|
2018-03-31
|
716932
|
Use-after-poison in blink::probe::breakableLocation
|
-
|
2018-03-30
|
736882
|
Security: chrome://discards/ accepts WebContents pointers as URL parameters
|
-
|
2018-03-30
|
789001
|
Container-overflow in views::Textfield::OnKeyPressed
|
-
|
2018-03-30
|
796473
|
Heap-buffer-overflow in SkUTF8_NextUnichar
|
$1000
|
2018-03-30
|
760914
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-03-29
|
792851
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2018-03-29
|
794126
|
CVE-2017-12190 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-03-29
|
794491
|
CVE-2017-12193 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-03-29
|
794504
|
Security: CVE-2017-17558 - OOB write in kernel USB core
|
-
|
2018-03-29
|
796476
|
Crash in sw::Surface::genericUpdate
|
-
|
2018-03-29
|
796570
|
Heap-buffer-overflow in ConstantUnion::operator-
|
-
|
2018-03-29
|
796825
|
Use-of-uninitialized-value in media::internal::DecimatedSearch
|
-
|
2018-03-29
|
789393
|
Security: V8: Integer overflow with PropertyArray
|
-
|
2018-03-28
|
792109
|
Heap-buffer-overflow in ConstantUnion::operator-
|
-
|
2018-03-28
|
792578
|
Heap-buffer-overflow in TParseContext::addConstVectorNode
|
-
|
2018-03-28
|
792819
|
Use-of-uninitialized-value in TParseContext::parseSingleDeclaration
|
-
|
2018-03-28
|
792896
|
Use-of-uninitialized-value in ConstantUnion::cast
|
-
|
2018-03-28
|
792936
|
Heap-buffer-overflow in getIConst
|
-
|
2018-03-28
|
794990
|
Security: Pdfium: integer overflows in pattern shading
|
-
|
2018-03-28
|
795131
|
Heap-buffer-overflow in unsigned char v8::internal::ReadUnalignedValue<unsigned char>
|
-
|
2018-03-28
|
795569
|
Security: WebRTC - Memory corruption in PeerConnection::RemoveTrack()
|
$3000
|
2018-03-28
|
795587
|
Use-of-uninitialized-value in GrGLAttribArrayState::set
|
-
|
2018-03-28
|
795889
|
heap-use-after-free in ProbeForLowSeverityLifetimeIssue
|
-
|
2018-03-28
|
795922
|
DCHECK failure in !has_null_prototype() in ast.cc
|
-
|
2018-03-28
|
793699
|
Security: WebRTC - Memory corruption in WebRtcVoiceMediaChannel::GetSources()
|
$3000
|
2018-03-27
|
794924
|
Crash in v8::internal::Invoke
|
-
|
2018-03-27
|
794969
|
Security: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access
|
-
|
2018-03-27
|
795501
|
Container-overflow in content::AudioStreamMonitor::UpdateStreamAudibleStateOnUIThread
|
-
|
2018-03-27
|
795856
|
Heap-buffer-overflow in v8::internal::SharedFunctionInfo::GetSourceCodeHarmony
|
-
|
2018-03-27
|
820848
|
Incorrect-function-pointer-type in gl::Debug::insertMessage
|
-
|
2018-03-27
|
825679
|
Use of an invalid mutex in media::AudioOutputDevice::NotifyRenderCallbackOfError
|
-
|
2018-03-27
|
793588
|
Use-of-uninitialized-value in v8::internal::TextNode::GetQuickCheckDetails
|
-
|
2018-03-26
|
794825
|
Security: V8: Empty BytecodeJumpTable may lead to OOB read
|
-
|
2018-03-25
|
795568
|
Heap-use-after-free in test_runner::WebWidgetTestClient::AnimateNow
|
-
|
2018-03-25
|
777150
|
Bad-cast to blink::LayoutBox from blink::LayoutInline;blink::AXLayoutObject::AccessibilityHitTest;blink::WebAXObject::HitTest
|
-
|
2018-03-24
|
786723
|
DCHECK failure in !compilation_info()->dependencies() || !compilation_info()->dependencies()->HasA
|
-
|
2018-03-24
|
791256
|
DCHECK failure in kNoSourcePosition != start_position() in scopes.cc
|
-
|
2018-03-24
|
792537
|
Cherry-pick an upstream buffer overrun fix for Calendar class in ICU
|
-
|
2018-03-24
|
793714
|
DCHECK failure in *code->owner()->compiled_module()->owning_instance() == codemap()->instance() in
|
-
|
2018-03-24
|
793793
|
Use-after-poison in v8::internal::RegExpParser::GetCapture
|
-
|
2018-03-24
|
794390
|
Cherry-pick an upstream fix for UTF-8 to UTF-8 converter
|
-
|
2018-03-24
|
794394
|
Security: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null"
|
-
|
2018-03-24
|
794401
|
Crash in GetValueByObjectIndex
|
-
|
2018-03-24
|
794406
|
Security: Use of Uninitialized Value in approx_log2 (msan build filter_fuzz_stub)
|
-
|
2018-03-24
|
794492
|
Security: pdfium: out-of-bounds read with nested colorspaces
|
-
|
2018-03-24
|
794822
|
Security: V8: JIT: Type confusion in GetSpecializationContext
|
-
|
2018-03-24
|
794932
|
CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc
|
-
|
2018-03-24
|
795251
|
Security: pdfium: out-of-bounds read with shading pattern backed by pattern colorspace
|
-
|
2018-03-24
|
795502
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (index >= 0 && index < this->length()
|
-
|
2018-03-24
|
793196
|
DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h
|
-
|
2018-03-22
|
793285
|
Use-of-uninitialized-value in sse41::blit_row_s32a_opaque
|
-
|
2018-03-22
|
793372
|
Bad-cast to CJX_Node from CJX_Content in CXFA_Node::JSNode
|
-
|
2018-03-22
|
793519
|
DeviceSensorHost exposes shared memory handles from StartPolling as read-write
|
-
|
2018-03-22
|
793876
|
chrome!ui::AXPlatformNodeWin::IsSameHypertextCharacter out-of-bounds read
|
$500
|
2018-03-22
|
794405
|
CHECK failure: LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep
|
-
|
2018-03-22
|
719907
|
Security: Cert manager allows import of CA roots an messing with trust bits on Kiosk network config screen
|
-
|
2018-03-21
|
791317
|
Use-of-uninitialized-value in sk_store_a8
|
-
|
2018-03-21
|
792464
|
Global-buffer-overflow in blink::CSSParserToken::GetType
|
-
|
2018-03-21
|
793282
|
DCHECK failure in size + CallSize(target, offset, cond, rs, rt, bd) == SizeOfCodeGeneratedSince(&s
|
-
|
2018-03-21
|
793292
|
DCHECK failure in IsCodeTarget(rmode_) || IsRuntimeEntry(rmode_) in assembler-mips-inl.h
|
-
|
2018-03-21
|
793617
|
Bad-cast to SkPathEffect from SkColorShader in sk_sp<SkPathEffect> SkReadBuffer::readFlattenable<SkPathEffect>
|
-
|
2018-03-21
|
793637
|
Security: MSAN detects use of unitialized value in makeWithLocalMatrix (using filter_fuzz_stub)
|
-
|
2018-03-21
|
793639
|
Security: global-buffer-overflow in MakeComposeFilter (filter_fuzz_stub)
|
-
|
2018-03-21
|
793863
|
CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc
|
-
|
2018-03-21
|
738401
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2018-03-20
|
791988
|
CVE-2017-1000405: Security: "Dirty COW" variant on transparent huge pages
|
-
|
2018-03-20
|
793571
|
Crash in SkPngEncoder::onEncodeRows
|
-
|
2018-03-20
|
793671
|
Heap-buffer-overflow in v8::internal::FixedArray::set
|
-
|
2018-03-20
|
792439
|
Security DCHECK failure: !object || (object->IsBox()) in LayoutBox.h
|
-
|
2018-03-19
|
793099
|
Use-after-free in DnsTransaction, again
|
-
|
2018-03-18
|
791243
|
Heap-use-after-free in ui::X11CursorFactoryOzone::RefImageCursor
|
-
|
2018-03-17
|
792221
|
Navigation entry's SSL status is not updated when navigating to an existing page
|
-
|
2018-03-17
|
822465
|
Manage Passwords is set to "Off" but it still autofills credentials
|
-
|
2018-03-16
|
648608
|
PlzNavigate: Properly set the initator of the navigation.
|
-
|
2018-03-16
|
791253
|
Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin
|
-
|
2018-03-16
|
792316
|
Stack-buffer-overflow in SkGaussFilter::SkGaussFilter
|
-
|
2018-03-16
|
792422
|
Security: buffer overflow in AudioSyncReader
|
-
|
2018-03-16
|
792549
|
CHECK failure: dest_data + dest_byte_length <= source_data || source_data + source_byte_length
|
-
|
2018-03-16
|
792810
|
Heap-buffer-overflow in SkReader32::readInt
|
-
|
2018-03-16
|
792827
|
Heap-buffer-overflow in SkReadBuffer::readFlattenable
|
-
|
2018-03-16
|
793030
|
Security: Merge CVE-2017-3738 fix to M64.
|
-
|
2018-03-16
|
793170
|
Use-of-uninitialized-value in SkReadBuffer::readFlattenable
|
-
|
2018-03-16
|
746132
|
bluetooth::mojom::AdapterFactory is available to any renderer without permission checks
|
-
|
2018-03-15
|
760342
|
Issuing multiple redirects hangs any subsequent navigation. This allows URL Spoofing and also a crash.
|
$500
|
2018-03-15
|
774174
|
Security: heap-buffer-overflow in UnpackOneRowOfRGBA5551LittleToRGBA8
|
$1000
|
2018-03-15
|
784183
|
signed integer overflow in blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle<blink::Image>
|
$4000
|
2018-03-15
|
786784
|
Crash in v8::internal::Invoke
|
-
|
2018-03-15
|
791245
|
Security: V8: JIT: Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug
|
-
|
2018-03-15
|
791491
|
Security: CVE-2017-17095 - libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c)
|
-
|
2018-03-15
|
792117
|
shared_memory_posix.cc memfd_create does not support read-only segments
|
-
|
2018-03-15
|
792306
|
Use-of-uninitialized-value in bool blink::FastParseColorInternal<unsigned char>
|
-
|
2018-03-15
|
792658
|
DCHECK failure in retained_size_ + length >= retained_size_ in array-buffer-tracker-inl.h
|
-
|
2018-03-15
|
771482
|
Use-of-uninitialized-value in media::DecoderBuffer::timestamp
|
-
|
2018-03-14
|
780354
|
Heap-buffer-overflow in ConstantUnion::operator-
|
-
|
2018-03-14
|
781147
|
Heap-buffer-overflow in sw::Array<sw::Float4, 1>::operator
|
-
|
2018-03-14
|
784761
|
U+0D1F and U+0D2F can be used to spoof 'so.com'
|
-
|
2018-03-14
|
785675
|
pobfuzz: cc::DrawTextBlobOp::Deserialize -> use-of-uninitialized-value in int const& SkTMax<int>
|
-
|
2018-03-14
|
789479
|
Security: Multiple vulnerabilities in libcurl
|
-
|
2018-03-14
|
791298
|
Heap-use-after-free in ui::AXSystemCaretWin::~AXSystemCaretWin
|
-
|
2018-03-14
|
791345
|
Security: Integer overflow in FastArraySliceCodeStubAssembler::HandleFastSlice
|
$5500
|
2018-03-14
|
791607
|
Use-of-uninitialized-value in SkFontRequestCache::Request::Create
|
-
|
2018-03-14
|
791616
|
Heap-use-after-free in fxcrt::UnownedPtr<CFX_XMLParser>::ProbeForLowSeverityLifetimeIssue
|
-
|
2018-03-14
|
791953
|
CHECK failure: NumberToUint32 of kRepWord32 (Range(1, NUMBER)) cannot be changed to kRepTaggedS
|
-
|
2018-03-14
|
791983
|
Heap-use-after-free in net::DnsTransactionImpl::DoCallback
|
-
|
2018-03-14
|
780301
|
Use-of-uninitialized-value in TParseContext::parseSingleDeclaration
|
-
|
2018-03-13
|
780451
|
Use-of-uninitialized-value in TParseContext::nonInitErrorCheck
|
-
|
2018-03-13
|
780698
|
Use-of-uninitialized-value in ConstantUnion::cast
|
-
|
2018-03-13
|
780750
|
Heap-buffer-overflow in getAddress
|
-
|
2018-03-13
|
785150
|
Heap-buffer-overflow in getIConst
|
-
|
2018-03-13
|
787301
|
Stack-overflow in v8::internal::TranslatedState::MaterializeAt
|
-
|
2018-03-13
|
788070
|
Use-of-uninitialized-value in net::DnsTransactionImpl::DoCallback
|
-
|
2018-03-13
|
788131
|
Heap-use-after-free in net::DnsTransactionImpl::DoCallback
|
-
|
2018-03-13
|
788304
|
Security: CVE-2017-16939 Linux Kernel XFRM Privilege Escalation
|
-
|
2018-03-13
|
789767
|
MSAN detects use-of-uninitialized-value in analyze_3x4_matrix() in filter_fuzz_stub
|
-
|
2018-03-13
|
789764
|
Crash in v8::internal::Script::FindSharedFunctionInfo
|
-
|
2018-03-13
|
791288
|
Use-after-poison in blink::KURL::KURL
|
-
|
2018-03-13
|
791291
|
Use-after-poison in blink::DocumentThreadableLoader::SetDefersLoading
|
-
|
2018-03-13
|
791347
|
Bad-cast to blink::Resource from invalid vptr in blink::DocumentThreadableLoader::Cancel
|
-
|
2018-03-13
|
791348
|
Use-after-poison in url::Parsed::Parsed
|
-
|
2018-03-13
|
791484
|
Heap-use-after-free in blink::LayoutObject::NextInPreOrder
|
-
|
2018-03-13
|
791548
|
CHECK failure: arg_elements == isolate->heap()->empty_fixed_array() in objects-debug.cc
|
-
|
2018-03-13
|
791589
|
Bad-cast to blink::Resourceblink::DocumentThreadableLoader::SetDefersLoading in media::MultiBuffer::AddReader
|
-
|
2018-03-13
|
791597
|
Crash in media::MultiBuffer::AddReader
|
-
|
2018-03-13
|
774382
|
Security: Persian Calendar Integer overflow lead to OOB read
|
-
|
2018-03-12
|
782594
|
[syzkaller] Linux kernel: multiple vulnerabilities in the USB subsystem
|
-
|
2018-03-12
|
779326
|
Crash in sw::Renderer::taskLoop
|
-
|
2018-03-10
|
779364
|
Security: SwiftShader sw::Renderer::taskLoop
|
$1000
|
2018-03-10
|
788208
|
Use-of-uninitialized-value in SkFontRequestCache::Request::Create
|
-
|
2018-03-10
|
791003
|
Security: Sandbox escape via exposed "filesystem::mojom::Directory" mojo interface in "catalog" service
|
-
|
2018-03-10
|
791105
|
Heap-use-after-free in blink::LayoutObject::NextInPreOrder
|
-
|
2018-03-10
|
765371
|
Security: bluetooth LE advertisement storm can remotely hang/crash chromebooks, android devices, and some iOS devices with little or no user action needed
|
-
|
2018-03-09
|
789109
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-03-09
|
789492
|
CVE-2017-16647 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-03-09
|
789494
|
CVE-2017-16649 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-03-09
|
789496
|
CrOS: Vulnerability reported in net-misc/rsync
|
-
|
2018-03-09
|
789682
|
ServiceWorkerScriptURLLoader does not check for certificate errors properly
|
-
|
2018-03-09
|
789812
|
Use-of-uninitialized-value in sse41::blit_row_s32a_opaque
|
-
|
2018-03-09
|
789952
|
Security: NCSC Vulnerability Report - Google Chrome - V8 JavaScript Engine
|
$2000
|
2018-03-09
|
790684
|
Crash in FromAddress
|
-
|
2018-03-09
|
790687
|
Crash in v8::internal::Heap::InNewSpace
|
-
|
2018-03-09
|
790696
|
DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc
|
-
|
2018-03-09
|
790721
|
Crash in v8::internal::HeapObject::map_word
|
-
|
2018-03-09
|
790729
|
Crash in InNewSpace
|
-
|
2018-03-09
|
790753
|
Crash in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ConcurrentM
|
-
|
2018-03-09
|
790758
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsString()) in string-inl.h
|
-
|
2018-03-09
|
790885
|
DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in mark-compact.cc
|
-
|
2018-03-09
|
740556
|
Security: HTML sandbox restrictions are removed after a redirect through docs.google.com
|
-
|
2018-03-08
|
777350
|
Relative report-uri for CSP combined against wrong base
|
$500
|
2018-03-08
|
778658
|
Security: content security policy bypass
|
$1000
|
2018-03-08
|
787103
|
Cross-origin Shared Worker
|
$2000
|
2018-03-08
|
789497
|
Security: Information Leak in mincore()
|
-
|
2018-03-08
|
734931
|
Security: c-ares NAPTR parser out of bounds access
|
-
|
2018-03-07
|
787712
|
Use After Free (write) in SkPerlinNoiseShaderImpl
|
-
|
2018-03-07
|
788441
|
DCHECK failure in non_compiled_functions.size() == idx in module-compiler.cc
|
-
|
2018-03-07
|
788508
|
Heap-use-after-free in media::PipelineImpl::RendererWrapper::Stop
|
-
|
2018-03-07
|
789113
|
Global-buffer-overflow in CXFA_Node::NameToElement
|
-
|
2018-03-07
|
789372
|
DCHECK failure in isolate == nullptr implies icache_flush_mode == SKIP_ICACHE_FLUSH in assembler-a
|
-
|
2018-03-07
|
788230
|
Crash in mov_read_sidx
|
-
|
2018-03-06
|
788469
|
Crash in v8::internal::CallInternal
|
-
|
2018-03-06
|
788539
|
CHECK failure: frame_state->opcode() == IrOpcode::kFrameState || (node->opcode() == IrOpcode::k
|
-
|
2018-03-06
|
785809
|
Security: Chrome does not percent-escape the URL passed to external handler
|
$500
|
2018-03-05
|
786020
|
CHECK failure: !descriptors->GetKey(i)->IsInterestingSymbol() in objects-debug.cc
|
-
|
2018-03-05
|
779629
|
Security: Google's Chrome Cleanup Tool DLL Preloading Vulnerability
|
-
|
2018-03-01
|
783132
|
CHECK failure: is_transitionable_fast_elements_kind implies !Map::IsInplaceGeneralizableField(d
|
-
|
2018-03-01
|
784808
|
CVE-2017-15951 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-03-01
|
784080
|
Crash in v8::internal::Simulator::DecodeType3
|
$1500
|
2018-03-01
|
787910
|
Use-after-poison in parameter_count
|
-
|
2018-03-01
|
781529
|
Crash in CPDF_HintTables::ReadPageHintTable
|
-
|
2018-02-28
|
783729
|
CVE-2017-15649 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-28
|
786700
|
CrOS: Vulnerability reported in net-misc/wget
|
-
|
2018-02-28
|
786754
|
Bad-cast to const blink::BeginTransformDisplayItem from blink::DisplayItem in blink::BeginTransformDisplayItem::Equals
|
-
|
2018-02-28
|
787606
|
Bad-cast to const blink::ClipDisplayItem from blink::DisplayItem in blink::ClipDisplayItem::Equals
|
-
|
2018-02-28
|
787661
|
Heap-buffer-underflow in cc::DisplayItemList::EndPaintOfPairedEnd
|
-
|
2018-02-28
|
771973
|
DCHECK failure in (location_) != nullptr in handles.cc
|
-
|
2018-02-27
|
786524
|
Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord
|
-
|
2018-02-27
|
786573
|
Security: V8: Integer overflow in Runtime_RegExpReplace
|
-
|
2018-02-27
|
786934
|
Use-after-poison in std::__1::vector<v8::internal::MachineRepresentation, v8::internal::ZoneAllocato
|
-
|
2018-02-27
|
770734
|
Heap-buffer-overflow in bool url::DoExtractQueryKeyValue<char>
|
-
|
2018-02-26
|
785804
|
DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(this) in objects.h
|
-
|
2018-02-26
|
774842
|
Security: Visually-perfect domain spoofing using dotless-i plus combining mark
|
$500
|
2018-02-25
|
615608
|
Security: Chrome browser not respecting no-referrer meta tag
|
-
|
2018-02-24
|
740314
|
CHECK failure: actual_unused_property_fields > map()->unused_property_fields() in objects-debug
|
-
|
2018-02-24
|
774438
|
Security: Permission request UI spoof (improper URL truncation)
|
$500
|
2018-02-24
|
775527
|
Security: Privileged XSS in DevTools
|
$1000
|
2018-02-24
|
776256
|
CHECK failure: input->op()->ValueOutputCount() > index in verifier.cc
|
-
|
2018-02-24
|
780699
|
Crash in __printf_chk
|
-
|
2018-02-24
|
782119
|
Security DCHECK failure: value.IsPrimitiveValue() in CSSPrimitiveValue.h
|
-
|
2018-02-24
|
785760
|
Heap-use-after-free in media::FrameBufferPool::OnVideoFrameDestroyed
|
-
|
2018-02-24
|
786278
|
Crash in v8::internal::FreeList::Allocate
|
-
|
2018-02-24
|
786587
|
DCHECK failure in raw_properties_or_hash()->IsSmi() || (raw_properties_or_hash()->IsDictionary() =
|
-
|
2018-02-24
|
786649
|
Crash in v8::internal::Heap::AllocateCode
|
-
|
2018-02-24
|
617963
|
Security: Service Workers Response Size Info Leak
|
-
|
2018-02-22
|
699028
|
Security: Canvas composite operations and CSS blend modes leak cross-origin data via timing attacks.
|
$2000
|
2018-02-22
|
772262
|
DCHECK failure in cursor - bytes.get() + buffer->length() <= total_size_ in streaming-decoder.cc
|
-
|
2018-02-22
|
778668
|
Crash in v8::internal::Invoke
|
-
|
2018-02-22
|
781766
|
Crash in media::SourceBufferRangeByPts::GetBufferIndexAt
|
-
|
2018-02-22
|
784863
|
CHECK failure: nof_elements <= array_length in objects-debug.cc
|
-
|
2018-02-22
|
784869
|
pobfuzz: SkTextBlob::Deserialize -> SkPaint::unflatten heap-buffer-overflow
|
-
|
2018-02-22
|
784990
|
DCHECK failure in nod == removed_holes_index in objects.cc
|
-
|
2018-02-22
|
785095
|
DCHECK failure in !done() || handler_ == nullptr in frames.cc
|
-
|
2018-02-22
|
785270
|
Heap-buffer-overflow in SkReadBuffer::readRect
|
-
|
2018-02-22
|
785520
|
DCHECK failure in !heap->HasRecordedSlot( *object, HeapObject::RawField(*object, index.offset()))
|
-
|
2018-02-22
|
777041
|
Crash in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2018-02-21
|
779457
|
DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc
|
-
|
2018-02-21
|
780402
|
Pwn2own: V8 - isolate control via function deoptimization
|
-
|
2018-02-21
|
781518
|
Chromium: Vulnerability reported in expat
|
-
|
2018-02-21
|
783914
|
Heap-buffer-overflow in safe_browsing::dmg::HFSBTreeIterator::Next
|
-
|
2018-02-21
|
784862
|
CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc
|
-
|
2018-02-21
|
784867
|
DCHECK failure in node->id() < count_ in simplified-lowering.cc
|
-
|
2018-02-21
|
699461
|
Security: HSTS Bypass via flooding of the HSTS policy file
|
-
|
2018-02-20
|
780484
|
Security: unsafe navigation in chromecast plugin possibly causing UXSS and popup block bypass
|
$500
|
2018-02-20
|
780780
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2018-02-20
|
783119
|
CHECK failure: nof_elements <= array_length in objects-debug.cc
|
-
|
2018-02-20
|
783815
|
Heap-buffer-overflow in SkReader32::readInt
|
-
|
2018-02-20
|
783926
|
DCHECK failure in kSmi == type() in ast.cc
|
-
|
2018-02-20
|
784146
|
DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc
|
-
|
2018-02-20
|
784242
|
Heap-buffer-overflow in SkTextBlob::RunRecord::RunRecord
|
-
|
2018-02-20
|
784533
|
DCHECK failure in IsTyped(node) in node-properties.h
|
-
|
2018-02-20
|
758169
|
Website thumbnail screenshot access even after all private data is deleted
|
-
|
2018-02-19
|
783902
|
CHECK failure: method->map()->instance_descriptors()->GetKey(kHomeObjectPropertyIndex) == isola
|
-
|
2018-02-19
|
783828
|
Heap-buffer-overflow in SkReadBuffer::readRect
|
-
|
2018-02-19
|
784054
|
Heap-buffer-overflow in SkString::Rec::Make
|
-
|
2018-02-19
|
784336
|
Heap-buffer-overflow in SkReadBuffer::peekByte
|
-
|
2018-02-19
|
778101
|
SPAKE password-scalar not multiplied by 8
|
$500
|
2018-02-17
|
781520
|
CVE-2017-12192 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-17
|
781592
|
Received signal 11 SEGV_MAPERR running mutant1110_regress-arguments-slice.js
|
-
|
2018-02-17
|
783243
|
CVE-2017-16528: CrOS: ALSA: seq: Use after free at unbind device
|
-
|
2018-02-17
|
783822
|
DCHECK failure in key->IsSmi() in runtime-classes.cc
|
-
|
2018-02-17
|
797484
|
CrOS: Vulnerability reported in net-misc/rsync
|
-
|
2018-02-16
|
776309
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSReceiver()) in objects-i
|
-
|
2018-02-16
|
782754
|
DCHECK failure in this->IsInhabited() in types.cc
|
-
|
2018-02-16
|
783019
|
CHECK failure: #863:JSCallRuntime should be followed by IfSuccess/IfException, but is only foll
|
-
|
2018-02-16
|
783035
|
CHECK failure: Representation inference: unsupported opcode 61 (Dead), node #NUMBER in simplifi
|
-
|
2018-02-16
|
676773
|
Security: Adobe Flash MovieClip.createTextField Use After Free
|
$3000
|
2018-02-15
|
676778
|
Security: Adobe Flash Camera Object Use After Free
|
$3000
|
2018-02-15
|
676789
|
Security: Adobe Flash TextField.variable property setter Use After Free
|
$3000
|
2018-02-15
|
708957
|
Origin missing from AMP content delivered by AGSA
|
-
|
2018-02-15
|
726142
|
Security: RenderFrameHostImpl::UpdatePermissionsForNavigation is called too often
|
-
|
2018-02-15
|
767359
|
Security: Blink Bindings - Use After Free in blink::ScriptState::From
|
-
|
2018-02-15
|
779242
|
Bad-cast to std::__1::__shared_weak_count from invalid vptr;v8::internal::wasm::AsyncCompile;v8::WebAssemblyCompile
|
-
|
2018-02-15
|
780782
|
CVE-2017-1000111 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-15
|
780783
|
CVE-2017-1000112 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-15
|
782267
|
DCHECK failure in !isolate_->has_pending_exception() in module-compiler.cc
|
-
|
2018-02-15
|
782596
|
Heap-buffer-overflow in CPDF_TextPage::IsHyphen
|
-
|
2018-02-15
|
347200
|
Security: Drag-Drop is possible in fullscreen and not canceled on fullscreen exit
|
-
|
2018-02-14
|
591804
|
Should an <iframe> access chrome://resources?
|
-
|
2018-02-14
|
782145
|
Security:V8:Type Confusion Leads To OOB Read Write
|
$3000
|
2018-02-14
|
782413
|
DCHECK failure in slot == stack_state.end() in liftoff-assembler.cc
|
-
|
2018-02-14
|
775868
|
Heap-use-after-free in SkPathRef::countVerbs
|
-
|
2018-02-13
|
779407
|
DCHECK failure in !done() || handler_ == nullptr in frames.cc
|
-
|
2018-02-13
|
780784
|
CVE-2017-15537 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-13
|
782075
|
Use-of-uninitialized-value in gray_set_cell
|
-
|
2018-02-13
|
771972
|
Heap-buffer-overflow in v8::internal::wasm::ModuleDecoderImpl::DecodeFunctionBody
|
-
|
2018-02-10
|
780558
|
Heap-use-after-free in blink::LayoutObject::NextInPreOrder
|
-
|
2018-02-10
|
780708
|
Security: "googlechrome" scheme allows opening downloaded files in content scheme
|
-
|
2018-02-10
|
777215
|
Security: ChromeOS printer zeroconf remote code execution
|
$2000
|
2018-02-09
|
778251
|
InputScalesValid has a potential buffer overflow
|
-
|
2018-02-09
|
758478
|
Incorrect-function-pointer-type in _hb_blob_destroy_user_data
|
-
|
2018-02-09
|
761245
|
Incorrect-function-pointer-type in _hb_blob_destroy_user_data
|
-
|
2018-02-09
|
778505
|
Security: OOB Write in QuicStreamSequencerBuffer::OnStreamData
|
$10500
|
2018-02-09
|
781116
|
DCHECK failure in false == cell_reports_intact in isolate.cc
|
-
|
2018-02-09
|
768203
|
Heap-use-after-free in blink::AXLayoutObject::GetDocument
|
-
|
2018-02-08
|
774846
|
Heap-buffer-overflow in base::BigEndianWriter::WriteBytes
|
-
|
2018-02-08
|
774854
|
Use-of-uninitialized-value in void base::internal::VectorBuffer<std::__1::basic_string<char, std::__1::char_tr
|
-
|
2018-02-08
|
777728
|
Security: Stack Buffer Overflow in QuicClientPromisedInfo::OnPromiseHeaders
|
$10500
|
2018-02-08
|
778189
|
CVE-2017-15265 CrOS: Vulnerability reported in Linux kernel
|
-
|
2018-02-08
|
779314
|
Security: OOB Read in BlobStorageContext::BlobFlattener::BlobFlattener
|
$2500
|
2018-02-08
|
779919
|
Heap-use-after-free in net::HttpNetworkTransaction::~HttpNetworkTransaction
|
-
|
2018-02-08
|
779949
|
Heap-buffer-overflow in SkPixmap::getColor
|
-
|
2018-02-08
|
666824
|
Security: bypass user gesture requirement for dangerous download types: Chrome extension â local user privilege escalation
|
-
|
2018-02-07
|
753645
|
Security: Autocomplete data can be stolen by malicious webpage
|
$1000
|
2018-02-06
|
772897
|
DCHECK failure in !has_pending_exception() in isolate.cc
|
-
|
2018-02-06
|
778940
|
Crash in LoadImageRow<DataType::RGB565>
|
-
|
2018-02-06
|
778951
|
Crash in LoadImageRow<DataType::Bytes_2>
|
-
|
2018-02-06
|
779327
|
Use-of-uninitialized-value in sw::RegisterArray<16, false>::RegisterArray
|
-
|
2018-02-06
|
779826
|