Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2019.json

Options
#Summary$$$Disclosure date
961540Heap-buffer-overflow in courgette::DisassemblerElf32ARM::ParseRelocationSection-2019-12-31
981628Security: URL in Omnibox doesn't always match page content (repro 897641)$1,0002019-12-31
1001283CSP bypass with about:srcdoc$3,0002019-12-31
1006670v8_regexp_parser_fuzzer: Crash in v8::base::SmallVector<int, 64u>::Grow-2019-12-31
1006630CHECK failure: filter.IsValid(slot.address()) in mark-compact.cc-2019-12-30
442579It's possible to load chrome-extension:// URLs$5002019-12-28
922433CrOS: Vulnerability reported in app-text/poppler-2019-12-28
922434CrOS: Vulnerability reported in app-text/poppler-2019-12-28
953298Extension permission bypass by poisoning bookmarks with javascript url(Bookmarklet)-2019-12-27
990779CrOS: Vulnerability reported in x11-libs/pango-2019-12-27
998431Security: Accessing set::end in GamepadService$15,0002019-12-27
1004730Security: UaF in MojoAudioDecoder (Android)$15,0002019-12-27
929621CrOS: Vulnerability reported in media-gfx/imagemagick-2019-12-26
1005599Crash in Builtins_InterpreterEntryTrampoline-2019-12-26
966914Security: Possible to spoof the contents of the omnibox to display any http/https URL, some extension URLs and some internal URLs$3,0002019-12-25
977043Heap-buffer-overflow in ash::ShelfView::LayoutOverflowButton-2019-12-25
998284Security: Possible to temporarily spoof URL by navigating back then forward$1,0002019-12-25
1003241DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2019-12-25
1003336CVE-2019-15926 CrOS: Vulnerability reported in Linux kernel-2019-12-25
1003337CVE-2019-15927 CrOS: Vulnerability reported in Linux kernel-2019-12-25
1004912CHECK failure: Type cast failed in CAST(CallBuiltin(Builtins::kToName, p->context(), p->name())-2019-12-25
1003730CHECK failure: Object is not known to the heap broker in js-heap-broker.cc-2019-12-23
985451Security: Secuirty crash in TabAnimation::operator-2019-12-21
1001818Bad-cast to blink::LayoutBox from invalid vptr in blink::NGBlockNode::CopyChildFragmentPosition-2019-12-21
979441Security: Navigating to "chrome://" URLs on Android$5002019-12-20
1003327CVE-2019-15917 CrOS: Vulnerability reported in Linux kernel-2019-12-20
1003331CVE-2019-15921 CrOS: Vulnerability reported in Linux kernel-2019-12-20
955191Disk cache refcount overflows?-2019-12-19
1000922Crash in pthread_create-2019-12-19
1002388CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2019-12-19
1002687Security: Idn-spoof with using CJK character skeletons-2019-12-19
1003140Bad-cast to blink::ScriptWrappable from blink::NavigatorGeolocation in blink::FinalizerTrait<blink::ScriptWrappable>::Finalize-2019-12-19
1003341CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2019-12-19
990849Leaking size of cross-origin resource by using Range Requests and Service Workers$2,0002019-12-18
991568Security: forced redirection from cross-origin iframe$3,0002019-12-18
996786Check cookie domain on setting cookies-2019-12-18
1001159pdfium: oob read in PDF_DecodeText$2,0002019-12-18
803187Security: Interstitials WebUI should have a stricter CSP-2019-12-17
840180Address Bar Spoofing when spoofing target is NOT a top domain but a related domain is in the top list (e.g. adidas.de vs adidas.com )-2019-12-17
961651CrOS: Vulnerability reported in net-libs/gnutls-2019-12-17
995964Security: UAF in InProcessVideoCaptureDeviceLauncher$20,0002019-12-17
997401CHECK failure: U_SUCCESS(status) in intl-objects.cc-2019-12-17
999793CrOS: Vulnerability reported in media-libs/tiff-2019-12-17
1000002Security: OfflinePageAutoFetcher UAF 2$20,0002019-12-17
1000882Security: Regression : 'Press Esc to exit fullscreen' warning doesn't display$3,0002019-12-17
1000934Security: Heap-use-after-free in SharingDialogView::WindowClosing()$15,0002019-12-17
1001804CHECK failure: AllowJavascriptExecution::IsAllowed(isolate) in execution.cc-2019-12-17
999118CVE-2019-15213 CrOS: Vulnerability reported in Linux kernel-2019-12-14
982326ChromeVox extension injects attacker-controlled scripts and requests attacker-controlled URLs$5,0002019-12-13
1000635Security: Use After Free in the function JavaScriptFrame::Summarize$7,5002019-12-13
931894Security: http authentication spoof on chrome iOS$1,0002019-12-12
988590Overflow of the transform scale CSS property freezes/crashes the renderer allowing cross-origin content spoofing$5002019-12-12
994044Security: URL bar spoofing with using a file:/// URL$5002019-12-12
996741Security: Site Isolation bypass and local file disclosure via Payment Handler API-2019-12-12
1000563Heap-use-after-free in ash::OverviewHighlightController::OnViewDestroyingOrDisabling-2019-12-12
696454Security: Filesystem dialog box to cover the self-window and no origin for spoof$1,0002019-12-11
760855Security: Address bar RTL spoofing using hebrew$5002019-12-11
859349Security: Confused deputy attack against Chrome Android application might lead to internal storage file disclosure$1,0002019-12-11
991321Security: use-after-poison in blink::VideoTrackRecorder::InitializeEncoder$5,0002019-12-11
997403Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2019-12-11
998395Heap-use-after-free in blink::NGOffsetMappingUnit::AssertValid-2019-12-11
998548Security: UaF in ImageCapture$20,0002019-12-11
999469Crash in blink::NonSharedCharacterBreakIterator::Next-2019-12-11
999760Security: Tab sharing UI crash$5002019-12-11
1000050ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::StartPacketRecovery-2019-12-11
1000167Crash in blink::NonSharedCharacterBreakIterator::IsCRBeforeLF-2019-12-11
1000217Security: Potential UAF in Isolate::ReportPendingMessagesImpl-2019-12-11
996751DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-12-09
997449Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject-2019-12-09
999463Stack-use-after-scope in viz::LocalSurfaceId::parent_sequence_number-2019-12-08
998196Global-buffer-overflow in content::WebWidgetLockTarget::OnLockMouseACK-2019-12-07
999497Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged-2019-12-07
937131Feature Policy 'allow' attribute can override top-level policy in frames-2019-12-06
979443Security: URL bar spoofing via download redirect$2,0002019-12-06
997925Security: Possible to retrieve cross-origin data in certain cases using devtools custom formatters$5002019-12-06
998679Security: Crash in content::`anonymous namespace'::OnInstallPaymentApp$10,0002019-12-06
999470Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged-2019-12-06
972463Security: Multiple vulnerabilities in chromeos-disk-firmware.sh$1,0002019-12-05
996391v8_regexp_parser_fuzzer: DCHECK failure in index < length_ in vector.h-2019-12-05
998127Crash in blink::ScriptState::From-2019-12-05
998204Crash in v8::internal::LoopChoiceNode::Accept-2019-12-05
999005Heap-buffer-overflow in blink::NGInlineNodeDataEditor::Run-2019-12-05
982812CSS injection in any website using Color Enhancer extension$2,0002019-12-04
986751UAP in blink::PersistentBase-2019-12-04
997982Crash in v8::internal::GlobalHandles::CreateTraced-2019-12-04
998215Crash in v8::internal::MarkCompactCollector::IsUnmarkedHeapObject-2019-12-04
998322Crash in v8::HandleScope::CreateHandle-2019-12-04
997440Crash in v8::internal::Simulator::WriteW-2019-12-03
998093Bad-cast to blink::Nodeblink::Node::GetRegisteredMutationObserversOfType in blink::MutationObserverInterestGroup::CreateIfNeeded-2019-12-03
1005713Security: Parser bug can introduce mXSS and HTML sanitizers bypass-2019-12-02
997411CHECK failure: (map().has_fast_smi_or_object_elements() || map().has_frozen_or_sealed_elements(-2019-12-01
997421DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2019-12-01
987205Unknown signal in Builtins_JSEntryTrampoline-2019-11-30
995712Security: PDFium (XFA) Use-after-free in CFWL_PushButton::OnKeyDown$7,5002019-11-30
996515Use-of-uninitialized-value in OmniboxViewViews::HandleKeyEvent-2019-11-30
996526Heap-use-after-free in AutocompleteMatch::IsTabSwitchSuggestion-2019-11-30
996571Heap-buffer-overflow in AutocompleteMatch::IsTabSwitchSuggestion-2019-11-30
997190Security: UaF in MediaSession, Android only$20,0002019-11-30
901789Security: Same origin policy bypass via 401 page-2019-11-29
915538Security: Origin header-based CSRF protection bypass$5002019-11-29
990223CHECK failure: status == CompilationJob::SUCCEEDED in function-compiler.cc-2019-11-29
993553Security: PDFium (XFA) Use-after-free in CJX_HostPseudoModel::openList$9,5002019-11-29
997057Heap-use-after-free in v8::internal::compiler::ConstantFoldingReducer::Reduce-2019-11-29
595841Require browser process interaction to open files from chrome://downloads-2019-11-28
756825Chrome automatically downloads certain files even though the "Ask before downloading" option is enabled$5002019-11-28
769662Security: openvpn - CVE-2017-12166: out of bounds write in key-method 1-2019-11-28
839239Security: Fullscreen notification can be obscured by external protocol prompt-2019-11-28
875178Security: spoof google via onbeforeunload of ssl error page-2019-11-28
988024config_validator_fuzzer: Heap-buffer-overflow in parse_file-2019-11-28
988025config_validator_fuzzer: Use-of-uninitialized-value in krb5int_aes_enc_key-2019-11-28
989078Reading local files and cross-origin resources through an extension that only has the "downloads" permission$2,0002019-11-28
992838Security: URL bar spoofing on Android with a very long URL$3,0002019-11-28
995709Heap-use-after-free in blink::AutoplayPolicy::IsDocumentAllowedToPlay-2019-11-28
996211gpu_raster_passthrough_fuzzer: Use-of-uninitialized-value in SkDescriptor::isValid-2019-11-28
992914Security: v8 Map migration doesn't respect element kinds changes, leading to type confusion-2019-11-27
995591IndexedDB: GetDatabaseInfo() should check AllowIndexedDB() before issuing a request to the browser-2019-11-27
996099DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2019-11-27
992808Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::DoDelete-2019-11-26
995010Heap-use-after-free in chromeos::device_sync::CryptAuthGCMManagerImpl::~CryptAuthGCMManagerImpl-2019-11-26
967780Security: Code run by redirecting same-origin download to a javascript: URL gains user activation and bypasses CSP$1,0002019-11-25
993288Security: Possible to read cross-origin data using debug console utility function-2019-11-25
994203spvtools_opt_performance_fuzzer: Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-11-25
994248spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::opt::StructuredCFGAnalysis::AddBlocksInFunction-2019-11-25
995071spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator-2019-11-25
995114Use-of-uninitialized-value in blink::NGBlockLayoutAlgorithm::ComputeChildData-2019-11-25
995275DCHECK failure in nexus.IsMegamorphic() || nexus.GetFeedback().IsCleared() in js-heap-broker.cc-2019-11-25
925791Security: PDFium Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight$1,0002019-11-23
977527sequence_manager_fuzzer: Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-11-23
980183Unknown signal in Builtins_ArrayPrototypeFindIndex-2019-11-23
990635CVE-2018-20856 CrOS: Vulnerability reported in Linux kernel-2019-11-23
991125Security: Privilege Elevation via Google Chrome Elevation Service$5,0002019-11-23
993771Security: pdfium XFA m_pFocusWidget Use After Free$5,0002019-11-23
994086Crash in sw::Renderer::executeTask-2019-11-23
994089Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2019-11-23
984386Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc-2019-11-22
882812Security: fullscreen notification spoof (registerProtocolHandler)$1,0002019-11-21
990582DCHECK failure in maybe_table.IsSourcePositionTableWithFrameCache() in code.cc-2019-11-21
993223Security: Heap-use-after-free in payments::PaymentRequestSheetController::UpdateHeaderView$5,0002019-11-21
977871vtest_fuzzer: Crash in try_setup_line-2019-11-20
986043Security: Malicious Extension can ignore SOP, with only `downloads` permission.$3,0002019-11-20
992389Crash in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>-2019-11-20
993266blink_png_decoder_fuzzer: Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable-2019-11-20
993474CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2019-11-20
993601Security: PurpleWolf HTTP/2 denial of service attacks-2019-11-20
978793UAP in UpdatePlaceholderImage$5,5002019-11-19
986211Heap-buffer-overflow in net::SpdyReadQueue::Dequeue-2019-11-19
992844Crash in sw::Renderer::executeTask-2019-11-19
992679Crash in blink::HeapHashTableBacking<WTF::HashTable<WTF::LinkedHashSetNode<blink::WeakMem-2019-11-18
992688Use-of-uninitialized-value in Cr_z_crc32_z-2019-11-18
992703Use-of-uninitialized-value in Cr_z_crc32_sse42_simd_-2019-11-18
991328Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2019-11-17
981492UAP in SetDispatchContext$3,0002019-11-16
984811Use-after-free inside CFX_SkiaDeviceDriver::Flush() when SkiaPaths is enabled-2019-11-16
992285Security: use-after-free in payment app$5002019-11-16
991085Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage-2019-11-15
991901Crash in void v8::internal::MarkCompactCollector::ProcessMarkingWorklistInternal<-2019-11-15
960305Security: storage estimate allows obtaining size of cached cross-origin resource$5002019-11-14
986393Security: Possible to leak global window object via console$5002019-11-14
987502Security: Possible to leak exceptions across contexts via devtools-2019-11-14
991446Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPaintFragment::PopulateDescendants-2019-11-14
973928Heap-use-after-free in password_manager::PasswordReuseDetectionManager::OnPaste-2019-11-13
981597Pointer lock propagates user activation to sandboxed frame-2019-11-13
989305Bad-cast to blink::LayoutBoxModelObject from invalid vptr in blink::LayoutBlockFlow::AddOverhangingFloats-2019-11-13
990222content_security_policy_fuzzer: Crash in qos_class_main-2019-11-13
929763Security: BT classic MITM 1-byte key length negotiation-2019-11-12
989497Security: URL bar spoofing on iOS (with SlimNav ON)$3,0002019-11-12
989742Crash in blink::NGExclusionSpaceInternal::DerivedGeometry::FindLayoutOpportunity-2019-11-12
990590Heap-use-after-free in content::IndexedDBContextImpl::DatabaseDeleted-2019-11-12
956420CrOS: Vulnerability reported in media-libs/tiff-2019-11-11
986063Security: Calling console utility functions causes data to be shared between contexts$5002019-11-11
989909Accessors created from FunctionTemplate have the wrong native context-2019-11-11
921561CrOS: Vulnerability reported in net-wireless/hostapd-2019-11-08
946633Security: Download dialog spoofing$5002019-11-08
984344V8 Invalid Read in v8::internal::HeapObject::IsHeapNumber$2,0002019-11-08
985758Bad-cast to blink::WebView from invalid vptr in test_runner::TestRunner::FinishTestIfReady-2019-11-08
986007gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-11-08
986029transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-11-08
986792UAF in blink::ImageBitmapFactories::ImageBitmapLoader::DecodeImageOnDecoderThread$7,5002019-11-08
989827Security DCHECK failure: IsA<Derived>(from) in casting.h-2019-11-08
863661Security:IDN url spoofing using U+4e00$5002019-11-06
977989Security: pdfium heap-use-after-free in CXFA_ItemLayoutProcessor::InsertFlowedItem$5002019-11-06
981618CrOS: Vulnerability reported in dev-libs/glib-2019-11-06
988241Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2019-11-06
988541Security DCHECK failure: IsA<Derived>(from) in casting.h-2019-11-06
989471CVE-2007-6762 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989472CVE-2010-5331 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989473CVE-2010-5332 CrOS: Vulnerability reported in Linux kernel-2019-11-06
989474CVE-2018-20784 CrOS: Vulnerability reported in Linux kernel-2019-11-06
994957Security: buffer OOB *read* in libc++ random-2019-11-05
866162Security: IDN URL Spoofing with Greek Letter-2019-11-05
927150Security: 'Press Esc to exit fullscreen' covered up by <select>-2019-11-05
982397PDFium (XFA) Use-after-free in CPDFSDK_XFAWidgetHandler::OnXFAChangedFocus$5,5002019-11-05
987956CVE-2019-13272 CrOS: Vulnerability reported in Linux kernel-2019-11-05
988304DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-11-05
988858[IndexedDB] Prevent using uninitialized memory in IndexedDBBackingStore-2019-11-05
988919DCHECK failure in loop_node_->EatsAtLeast(true) >= continue_node_->EatsAtLeast(true) in regexp-com-2019-11-05
972030CrOS: Vulnerability reported in dev-libs/glib-2019-11-04
868846Security: URL spoof using CJK combining character (U+3099 U+309A)$1,0002019-11-02
987270audio_decoder_fuzzer: Use-of-uninitialized-value in wav_parse_bext_string-2019-11-02
973360Use-after-free in WasmMemoryObject::Grow$5,0002019-11-01
980161Security: PDFium (XFA) Use-after-free in CPDFSDK_AnnotHandlerMgr::GetNextAnnot$5,5002019-11-01
983147DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-11-01
987507rtcp_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned int, 4u, false>::Get-2019-11-01
964938Use-of-uninitialized-value in ui::SolveLeastSquares-2019-10-31
987381Use-of-uninitialized-value in media_session::MediaPosition::operator==-2019-10-31
939108Isolate chrome.google.com from *.google.com$5002019-10-30
973228Heap-use-after-free in dawn_wire::server::Server::DoBufferUpdateMappedData-2019-10-30
986754UAP in IsEmptyValue-2019-10-30
987106Use-of-uninitialized-value in net::HostResolverManager::RecordTotalTime-2019-10-30
968451Security: http authentication spoof (repro issue 928974)-2019-10-29
984536sqlite3_lpm_fuzzer: Heap-buffer-overflow in sqlite3VdbeExec-2019-10-29
984650sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip-2019-10-29
985546sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3CompareAffinity-2019-10-29
985646Heap-use-after-free in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-29
985781pdfium_xfa_fuzzer: Heap-buffer-overflow in fxcrt::RetainPtr<fxcrt::StringDataTemplate<wchar_t> >::RetainPtr$5,0002019-10-29
986008Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-29
986064Security: pdfium XFA CJX_Object::SetContent Use After Free$5,0002019-10-29
986262CVE-2019-13233 CrOS: Vulnerability reported in Linux kernel-2019-10-29
548273Type confusion in ObjectBackedNativeHandler::Router$5,0002019-10-28
981873Security: UAF in ~LevelDBIteratorImpl-2019-10-27
984475sqlite3_lpm_fuzzer: Crash in estimateIndexWidth-2019-10-27
925269Use-of-uninitialized-value in TIFFYCbCrtoRGB-2019-10-26
981608spvtools_opt_performance_fuzzer: Heap-use-after-free in spvtools::opt::InlinePass::IsInlinableFunctionCall-2019-10-26
981609spvtools_opt_performance_fuzzer: Bad-cast to spvtools::opt::Instruction from invalid vptr in spvtools::opt::BasicBlock::id-2019-10-26
983938Heap-use-after-free in gpu::gles2::Texture::ClearRenderableLevels-2019-10-26
984868Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage-2019-10-26
984890Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::TraceRoot<blink::ImageDownloaderBase>-2019-10-26
985302Bad-cast to blink::ImageDownloaderBase from blink::ResponseBodyLoader in blink::MultiResolutionImageResourceFetcher::OnURLFetchComplete-2019-10-26
847035Security: Chrome for iOS (CVE-2017-5385) HTML documents sent with multipart/x-mixed-replace ignores Referrer-Policy response header-2019-10-25
981569spvtools_opt_legalization_fuzzer: Heap-use-after-free in spvtools::opt::BasicBlock::id-2019-10-25
983867Security: Use-after-free in CPDFSDK_ActionHandler::ExecuteFieldAction$5,0002019-10-25
984809dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::IsArrayLayerValidForTextureViewDimension-2019-10-25
985337CVE-2019-10639 CrOS: Vulnerability reported in Linux kernel-2019-10-25
896533Security: IDN URL Spoofing with Georgian Letter Jil "ძ"$5002019-10-24
984521Security: UAF due to double call to IndexedDBConnection::Close-2019-10-24
984917CVE-2019-10638 CrOS: Vulnerability reported in Linux kernel-2019-10-24
882363Security: fullscreen notification overlap$1,0002019-10-23
950027Incorrect-function-pointer-type in google::protobuf::internal::AddDescriptorsImpl-2019-10-23
971408Have secure context checks in browser side code of Native File System API-2019-10-23
974354GpuMemoryBufferImplIOSurface doesn't validate handle-2019-10-23
977462Security: UAF in OfflinePageAutoFetcher::CancelSchedule$10,0002019-10-23
981291net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ParsePriorityFrame-2019-10-23
981785UAF in PDFium due to incorrect ref count$3,0002019-10-23
982648net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-10-23
983775Security: heap-use-after-free in blink::LayoutBlockFlow::AddChild-2019-10-23
983785Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsAnonymousBlock-2019-10-23
983850Crash in v8::internal::Simulator::LoadStorePairHelper-2019-10-23
983856Heap-use-after-free in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2019-10-23
983865Heap-use-after-free in blink::LayoutBlockFlow::AddChild-2019-10-23
983970Heap-use-after-free in blink::LayoutBoxModelObject::MoveChildTo-2019-10-23
821194Use SHA256 for instance IDs-2019-10-22
921984CrOS: Vulnerability reported in app-text/qpdf-2019-10-22
949032Security: Use-after-free in CXFA_FFWidget::OnKillFocus$3,0002019-10-22
968914this.print() should required a user gesture-2019-10-22
980226Crash in Builtins_GetPropertyWithReceiver-2019-10-22
961513Heap-buffer-overflow in Json::Reader::readArray-2019-10-20
983344flexfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::XorPayloads-2019-10-20
983351forward_error_correction_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<rtc::RefCountedObject<rtc::BufferT<unsigned char, false> > >:-2019-10-20
983356ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned short, 2u, false>::ReadBigEndian-2019-10-20
983385forward_error_correction_fuzzer: Bad-cast to rtc::RefCountedObject<rtc::BufferT<unsigned char, false> >rtc::CopyOnWriteBuffer::CloneDataIfReferenced in unsigned char* rtc::CopyOnWriteBuffer::data<unsigned char,-2019-10-20
983400flexfec_receiver_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<webrtc::ForwardErrorCorrection::Packet>::~scoped_refptr-2019-10-20
983767Use-of-uninitialized-value in media::MediaMetricsProvider::GetUMANameForAVStream-2019-10-20
983768Use-of-uninitialized-value in =-2019-10-20
983773mediasource_WEBM_VP8_pipeline_integration_fuzzer: Use-of-uninitialized-value in media::operator==-2019-10-20
977107UAP in offline audio context$3,0002019-10-19
980475Security: WebAssembly Table.Copy lead to OOB Write$7,5002019-10-18
980672ipp_message_parser_fuzzer: Heap-buffer-overflow in libcups.so.2-2019-10-18
981234Heap-use-after-free in libswiftshader_libGLESv2.dylib-2019-10-18
981381ipp_message_parser_fuzzer: Heap-buffer-overflow in ipp_converter::ConvertIppToMojo-2019-10-18
981385Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
981573Use-of-uninitialized-value in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-18
981585heap-use-after-free : blink::CanvasResourceProviderSharedImage::WillDraw-2019-10-18
981590Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
982153Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-10-18
982530Incorrect optimization causes memory corruption-2019-10-18
982805Crash in _platform_memmove$VARIANT$Nehalem-2019-10-18
983137Security: PDFium Bad cast in ToNode in cxfa_object.cpp$5,0002019-10-18
983293Use-of-uninitialized-value in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed-2019-10-18
837936Security: Probing JS bytecode cache allows timing attack-2019-10-17
969285CrOS: Vulnerability reported in net-misc/curl-2019-10-17
979187CrOS: Vulnerability reported in dev-libs/expat-2019-10-17
979373Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in layout_bl-2019-10-17
980292Crash in Builtins_GetPropertyWithReceiver-2019-10-17
982768pdfium_fuzzer: Use-of-uninitialized-value in float const& pdfium::clamp<float>-2019-10-17
982828Security: heap-use-after-free in ~CPDFSDK_XFAWidget() (ProbeForLowSeverityLifetimeIssue)-2019-10-17
977341heap-use-after-free : GrTextBlobCache::purgeStaleBlobs-2019-10-16
979902pdf_codec_tiff_fuzzer: Negative-size-param in _TIFFmemcpy-2019-10-16
980168DCHECK failure in !new_map->has_frozen_or_sealed_elements() in js-objects.cc-2019-10-16
981232Crash in blink::PointerLockController::DidLosePointerLock-2019-10-16
981459Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutNGBlockFlow in blink::ToLayoutEmbeddedContent-2019-10-16
951487Security: Two autocomplete flaws STILL allow stealing credit card numbers$3,3372019-10-15
980891Security: CSA_ASSERT failed: IsRegularHeapObjectSize(size_in_bytes)-2019-10-15
981202Security: Memory corruption in BrowserList::NotifyBrowserNoLongerActive(Browser*) ()$5002019-10-15
981528Security: PDFium (XFA) Use-after-free in CPDFSDK_Widget::HasXFAAAction$5,0002019-10-15
981602Heap-use-after-free in blink::InlineFlowBox::DeleteLine-2019-10-15
971550Crash in qos_class_main-2019-10-12
979923Use-of-uninitialized-value in blink::NGOffsetMapping::GetLastPosition-2019-10-12
979972Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-12
980448Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-12
980450Crash in blink::FindBuffer::FindMatchInRange-2019-10-12
980816OOB in SwiftShader textureSize$2,0002019-10-12
980843Sig11 in wasm$5002019-10-12
981412Container-overflow in CPDF_DeviceCS::GetRGB-2019-10-12
977926Heap-use-after-free in blink::LargeTextFirst$3,5002019-10-10
979023DCHECK failure in number_of_own_descriptors > 0 in map-inl.h-2019-10-10
980422DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-10-10
980811devtools_protocol_encoding_cbor_fuzzer: Heap-buffer-overflow in inspector_protocol_encoding::json::JSONEncoder<std::__Cr::basic_string<char, std-2019-10-10
937587Heap-buffer-overflow in libcups.so.2-2019-10-09
937662Use-of-uninitialized-value in ipp_converter::ConvertIppToMojo-2019-10-09
937664Use-of-uninitialized-value in ippReadIO-2019-10-09
976753Security: heap-buffer-overflow in CFDE_TextEditEngine::AdjustGap-2019-10-09
978180Use-After-Free in FT_Stream_ReleaseFrame-2019-10-09
978575Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnSetFocus$3,0002019-10-09
978382Incorrect heap object handling in v8$5002019-10-09
980065Crash in v8::internal::SourcePositionTableIterator::Advance-2019-10-08
979942Heap-use-after-free in blink::LayoutObject::UpdateFirstLineImageObservers-2019-10-07
979951Heap-use-after-free in base::subtle::RefCountedBase::AddRefImpl-2019-10-07
979505Bad-cast to net::URLRequestFtpJob from invalid vptr in net::URLRequestFtpJob::OnStartCompleted$3,5002019-10-06
976713Security: Possible to leak internal objects like arrayBufferConstructor_DoNotInitialize and InternalPackedArray via console utility functions-2019-10-05
977778NGOffsetMappingBuilder::CollapseTrailingSpace() crashes with white-space:pre-wrap-2019-10-05
953516Potential map end() access in MojoMjpegDecodeAcceleratorService-2019-10-04
973352Heap-use-after-free in dawn_native::null::Buffer::CopyFromStaging-2019-10-04
976573Bad-cast to dawn_native::null::Buffer from invalid vptr in dawn_native::null::BufferMapReadOperation::Execute-2019-10-04
978082heap-use-after-free : cc::LayerTreeHostImpl::ImageDecodeFinished-2019-10-04
979069Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex-2019-10-04
979228DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-10-04
971544Use-of-uninitialized-value in GrBackendTexture::operator=-2019-10-03
946260AppCache can be registered to arbitrary site with renderer compromise$1,0002019-10-02
970378Security: Sites can bypass restrictions on multiple downloads by redirecting page to about:srcdoc$5002019-10-02
976627v8 crash on regexp length check$3,0002019-10-02
977012DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-10-02
977458Use-of-uninitialized-value in blink::LayoutTreeBuilderForText::CreateLayoutObject-2019-10-02
977832Heap-buffer-overflow in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset-2019-10-02
978277DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-10-02
978335Use-of-uninitialized-value in PageInfoUI::GetSecurityDescription-2019-10-02
888322CVE-2018-14610 CrOS: Vulnerability reported in Linux kernel-2019-10-01
949425pdfium (XFA): invalid vptr / uaf in CXFA_FFDocView::RunBindItems$3,0002019-10-01
976652CVE-2018-20669 CrOS: Vulnerability reported in Linux kernel-2019-10-01
976939DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &-2019-10-01
978050Use-of-uninitialized-value in v8::internal::GCTracer::CurrentEmbedderAllocationThroughputInBytesPerMillisecond-2019-10-01
949999Bad-cast to MetricsLibraryInterface from MetricsLibrary in p2p::server::HttpServerExternalProcess::OnMessageReceived-2019-09-30
960106ChromeOS Kernel integer overflow-2019-09-30
966309Use-of-uninitialized-value in v8::internal::Simulator::FPCompare-2019-09-29
977855CVE-2019-3896 CrOS: Vulnerability reported in Linux kernel-2019-09-29
969256Int-overflow in CPDF_PSEngine::DoOperator-2019-09-28
976136heap-use-after-free in ContextProvider$3,0002019-09-28
977089DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &-2019-09-28
977467Crash in blink::MojoHandle::writeMessage-2019-09-28
768526Cast should not use a web iframe inside a WebUI page-2019-09-27
950328v8 crash on map-check$3,0002019-09-27
961674DCHECK failure in __isolate__->has_scheduled_exception() in isolate.cc-2019-09-27
971293heap-use-after-free in Cancel::wasm-engine.cc$1,0002019-09-27
971702UAF in chrome!content::Portal::Activate$8,0002019-09-27
972354CVE-2019-3846 CrOS: Vulnerability reported in Linux kernel-2019-09-27
973137Crash in quic::QuicDataReader::PeekVarInt62Length-2019-09-27
973893Potential bad cast with non-string values-2019-09-27
976859Security: heap-use-after-free in blink::NGPaintFragment::AssociateWithLayoutObject$3,0002019-09-27
976922DCHECK failure in fixed_array.IsNumberDictionary() in js-objects-inl.h-2019-09-27
976923DCHECK failure in 0 == memcmp(reinterpret_cast<void*>(fresh->address()), reinterpret_cast<void*>(n-2019-09-27
976932DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr-2019-09-27
976935Heap-use-after-free in CFX_Font::LoadSubst-2019-09-27
976940Crash in ReadUnalignedValue<double>-2019-09-27
976944Crash in v8::internal::Object::Number-2019-09-27
964639CVE-2019-11833 CrOS: Vulnerability reported in Linux kernel-2019-09-26
967993Crash in base::ObserverListThreadSafe<base::PowerObserver>::RemoveObserver-2019-09-26
972921Security: v8 dcheck failure and fatal error$3,0002019-09-26
974760Security: heap-use-after-free in blink::NGBlockNode::SaveStaticOffsetForLegacy$3,0002019-09-26
976231Heap-use-after-free in CFX_Font::LoadSubst-2019-09-26
976429Security: Use-of-uninitialized-value in CFWL_WidgetMgr::NextTab if Ctrl-Tab is pressed while editing an XFA form.-2019-09-26
976924Crash in v8::internal::DictionaryElementsAccessor::CollectElementIndicesImpl-2019-09-26
962572Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli-2019-09-25
971740Security: URL bar spoofing on iOS with history.back()$3,0002019-09-25
972031CrOS: Vulnerability reported in app-editors/vim-2019-09-25
974627DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h-2019-09-25
958002cros-machine-id-regen should quote file path when computing timestamp path$1,0002019-09-24
969368CHECK failure: (location_) != nullptr in maybe-handles.h-2019-09-24
974091Security: PDFium Font Parsing Heap Use After Free Vulnerability$3,0002019-09-24
968081Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2019-09-23
964872Security: signed-integer-overflow in FX_RECT::Height-2019-09-22
965067URL is updated incorrectly after navigating to an invalid URL-2019-09-22
973103Security: site isolation bypass: request headers overwrite via URLLoader::FollowRedirect-2019-09-22
973628Don't rewrite about:srcdoc into chrome://srcdoc (just as we make an exception for about:blank)-2019-09-21
961237Security: jit difference on comparison in d8-2019-09-20
971904Heap-use-after-free in content::GpuChildThread::QuitMainMessageLoop-2019-09-20
972239Heap-use-after-free in base::internal::WeakReference::IsValid-2019-09-20
972413Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject-2019-09-20
972657Potential UAF in TRACE_EVENT call in FontLoader::openStream-2019-09-20
973363Integer overflow in FastGetOwnValuesOrEntries-2019-09-20
971761Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::begin_function_scope-2019-09-19
972623Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options::~shaderc_spvc_compile_options-2019-09-19
972627Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options_release-2019-09-19
973121Crash in v8::Value::ToString-2019-09-19
973132Crash in v8::internal::ConcurrentMarkingVisitor::MarkObject-2019-09-19
973136Crash in _platform_memmove$VARIANT$Nehalem-2019-09-19
973138Crash in v8::internal::LookupIterator::State v8::internal::LookupIterator::LookupInRegula-2019-09-19
973146Crash in v8::internal::String::GetFlatContent-2019-09-19
973151Bad-cast to v8::String::ExternalStringResource from invalid vptr in v8::internal::ExternalTwoByteString::GetChars-2019-09-19
972390Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length-2019-09-18
972394Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-18
973056URL is updated incorrectly when navigating to external app urls$5002019-09-18
973122Use-of-uninitialized-value in v8::internal::FixStaleLeftTrimmedHandlesVisitor::VisitRootPointers-2019-09-18
964245Site Isolation breaking bug in filesystem$5,0002019-09-17
968988CVE-2019-12381 CrOS: Vulnerability reported in Linux kernel-2019-09-17
968994CrOS: Vulnerability reported in dev-db/sqlite-2019-09-17
968870Crash in blink::RemoteFrame::SetCcLayer-2019-09-16
971752Heap-use-after-free in blink::LayoutBlockFlow::AddOverhangingFloats-2019-09-16
972295Bad-cast to v8::internal::wasm::(anonymous namespace)::WasmGCForegroundTask from invalid vptr in v8::internal::wasm::WasmEngine::RemoveIsolateFromCurrentGC-2019-09-16
968006Heap-buffer-overflow in mojo::SyncHandleRegistry::Wait-2019-09-15
968007Heap-use-after-free in quic::QuicDataReader::ReadBytes-2019-09-15
969321Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-09-15
970644Bad-free in shaderc_spvc_compile_options_release-2019-09-15
970909Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-15
971551Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-15
971746Crash in AddressIsPoisoned-2019-09-15
971757Crash in shaderc_spvc_compile_options::~shaderc_spvc_compile_options-2019-09-15
929578Any extension can be disbled by simply adding a trailing slash$5002019-09-14
968985CVE-2019-12378 CrOS: Vulnerability reported in Linux kernel-2019-09-14
968987CVE-2019-12380 CrOS: Vulnerability reported in Linux kernel-2019-09-14
969333Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture-2019-09-14
969525Crash in v8::internal::Heap::GcSafeFindCodeForInnerPointer-2019-09-14
971606Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::PackStringsToBucket-2019-09-14
969083Heap-use-after-free in content::IndexedDBOriginState::AbortAllTransactions-2019-09-13
969363Use-of-uninitialized-value in blink::GraphicsLayerUpdater::UpdateContext::CompositingContainer-2019-09-13
971538Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-13
971545Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-13
901306CrOS: Vulnerability reported in media-libs/tiff-2019-09-12
923647CrOS: Vulnerability reported in media-libs/tiff-2019-09-12
959640Multiple file download protection bypass$5002019-09-12
960785Security: Heap-use-after-free in blink::PresentationAvailabilityState::UpdateAvailability-2019-09-12
962947Use-of-uninitialized-value in vfnprintf-2019-09-12
969055URL doesn't update correctly when tapped on Stop icon to stop page loading-2019-09-12
969261Heap-buffer-overflow in CFF::CFF2FDSelect::sanitize-2019-09-12
971537Use-of-uninitialized-value in GrBackendTexture::operator=-2019-09-12
951974Crash in shaderc_spvc_compile_options::shaderc_spvc_compile_options-2019-09-11
952081Crash in AtomicallySetQuarantineFlagIfAllocated-2019-09-11
953985Crash in AddressIsPoisoned-2019-09-11
954955Crash in shaderc_spvc_compile_options_release-2019-09-11
955949Security: Chronos user can delete files as root at boot (cleanup-shutdown-logs.conf)-2019-09-11
961413Use-after-poison in blink::xpath::Expression::AddSubExpression-2019-09-11
967592Crash in shaderc_spvc_compile_options_clone-2019-09-11
969520Crash in spirv_cross::Variant::empty-2019-09-11
969521Heap-buffer-overflow in spirv_cross::Variant::Variant-2019-09-11
957516Security: Heap-use-after-free in ProjectionFromFieldOfView-2019-09-10
958318CVE-2019-11487 CrOS: Vulnerability reported in Linux kernel-2019-09-10
959508Crash in blink::PersistentBase<blink::DummyGCBase,-2019-09-10
962916CVE-2019-11884 CrOS: Vulnerability reported in Linux kernel-2019-09-10
966263Security: signed integer overflow in CPDF_RenderStatus::ProcessType3Text-2019-09-10
968984CVE-2019-11190 CrOS: Vulnerability reported in Linux kernel-2019-09-10
969444Crash in blink::Deprecation::GenerateReport-2019-09-10
969286Chromium: Vulnerability reported in sqlite-2019-09-08
831725SameSite cookie bypass via prerender$2,0002019-09-07
907344Heap-buffer-overflow in spirv_cross::Compiler::parse-2019-09-07
907718Crash in spirv_cross::Variant::get_type-2019-09-07
943494Security: UAF on WebUSB (Windows, windows_usb.c)-2019-09-07
950256Use-of-uninitialized-value in spirv_cross::SPIRConstant::SPIRConstant-2019-09-07
951525Security: IntersectionObserver V2 fails for CSS property scale transform$5002019-09-07
951902Crash in spirv_cross::Variant::empty-2019-09-07
952050Crash in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-07
952156Heap-buffer-overflow in spirv_cross::Variant::Variant-2019-09-07
952505Crash in spirv_cross::VectorView<unsigned int>::begin-2019-09-07
953094Heap-buffer-overflow in shaderc_spvc_compile_into_glsl-2019-09-07
953935Heap-buffer-overflow in spirv_cross::Meta::Decoration::Decoration-2019-09-07
954785Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>-2019-09-07
954969Heap-buffer-overflow in ??$allocate@AEBIAEBI_N@?$ObjectPool@USPIRConstant@spirv_cross@@@spirv_cross@@QEA-2019-09-07
962956Crash in spirv_cross::ParsedIR::remove_typed_id-2019-09-07
964768heap-use-after-free : strlen-2019-09-07
965918Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>-2019-09-07
967152Crash in spirv_cross::SPIRFunction const& spirv_cross::Variant::get<spirv_cross::SPIRFunc-2019-09-07
967926Security: [Non-Exploitable] Crosh sandbox escape via command injection-2019-09-07
967933Security: [Not Exploitable] seconds_compare method in network_diag does not quote parameters-2019-09-07
967943Security: Command Injection in periodic_scheduler-2019-09-07
968075Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>-2019-09-07
964667Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli-2019-09-06
966460DCHECK failure in object->HasSmiOrObjectElements() || object->HasDoubleElements() || object->HasFa-2019-09-06
967978Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length-2019-09-06
967996Use-of-uninitialized-value in blink::PerformanceResourceTiming::secureConnectionStart-2019-09-06
968080Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType-2019-09-06
929300BrowserPlugin architecture causes PDFs to be fetched into a cross-origin web renderer-2019-09-05
966557Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::Perform-2019-09-05
966960Heap-use-after-free in blink::TaskBase::TaskCompleted-2019-09-05
967196Heap-use-after-free in ash::OverviewWindowDragController::StartNormalDragMode-2019-09-05
967361Heap-use-after-free in blink::NGPaintFragment::RecalcContentsInkOverflow-2019-09-05
964002Security: Latin KRA homograph-2019-09-04
966784UAF in content::IndexedDBOriginState::AbortAllTransactions$5,0002019-09-04
967167Use-of-uninitialized-value in int blink::LazyLineBreakIterator::NextBreakablePosition<unsigned short,-2019-09-04
967938Security: Command Injection in cr50-verify-ro.sh-2019-09-04
665766Change on the credentials mode on redirect specified by the CORS algorithm should be propagated to net/$1,0002019-09-03
953294Omnibox spoofing with data urls-2019-09-03
962500Security: Security: Same Origin Policy bypass and local file disclosure via <portal> element$10,0002019-09-03
966762UAF in content::IndexedDBDatabase::ProcessRequestQueueAndMaybeRelease$15,5002019-09-03
967151CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsExternalOneByteString()) in string-2019-09-03
967118Heap-buffer-overflow in dawn_native::DeviceBase::CreateBufferMapped-2019-09-01
958717DCHECK failure in IrOpcode::kPhi == callee->opcode() in js-inlining-heuristic.cc-2019-08-31
966454Container-overflow in content::IndexedDBFactoryImpl::ContextDestroyed-2019-08-31
966572Container-overflow in base::TaskAnnotator::RunTask-2019-08-31
966812Crash in blink::WorkletPendingTasks::Abort-2019-08-31
936900Security: CORS issue with Chrome Extensions$5002019-08-30
950000Incorrect-function-pointer-type in base::internal::CallbackBase<-2019-08-30
964607Security: WebAssembly duplicate indirect_function_table lead to OOB Write$3,0002019-08-30
965633Heap-use-after-free in dawn_native::SamplerBase::EqualityFunc::operator-2019-08-30
966224Use-of-uninitialized-value in v8::internal::wasm::CompilationStateImpl::GetNextCompilationUnit-2019-08-30
966555Use-of-uninitialized-value in extensions::MimeHandlerViewContainerManager::DestroyFrameContainer-2019-08-30
961597Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::RootScrollerController::ApplyRootScrollerProperties-2019-08-29
964818Integer-overflow in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken-2019-08-29
964928Security: JS execution inside ScriptForbiddenScope leading to UAF-2019-08-29
964924Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow* blink::DynamicTo<blink::LayoutBlockFlow, blink::LayoutOb-2019-08-28
965630Use-of-uninitialized-value in v8::internal::Factory::NewStringFromTwoByte-2019-08-28
957324CrOS: Vulnerability reported in app-text/ghostscript-gpl-2019-08-27
963346CHECK failure: (map()->has_fast_smi_or_object_elements() || map()->has_frozen_or_sealed_element-2019-08-27
964762Heap-use-after-free in AppListClientImpl::OpenSearchResult-2019-08-27
964813Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutBox::ResolvedDirection-2019-08-27
965299DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim-2019-08-27
958532Use-of-uninitialized-value in p2p::server::HttpServerExternalProcess::OnMessageReceived-2019-08-26
960111ChromeOS privilege escalation-2019-08-26
964619Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutText::FirstLineBoxTopLeft-2019-08-26
963341Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2019-08-25
964171Use-of-uninitialized-value in blink::ListItemOrdinal::NextListItem-2019-08-25
964675Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-08-25
962083Use-of-uninitialized-value in sqlite3IntFloatCompare-2019-08-24
963831Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline-2019-08-24
963579Use-of-uninitialized-value in blink::LayoutTreeBuilderTraversal::NextSiblingLayoutObject-2019-08-24
960109ChromeOS persistence bug-2019-08-24
961998Crash in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken-2019-08-24
963409Use-of-uninitialized-value in base::UTF16ToUTF8-2019-08-24
964218Heap-buffer-overflow in void inspector_protocol_encoding::cbor::EncodeBinaryTmpl<std::__Cr::vector<unsig-2019-08-24
964178DCHECK failure in TypeOf(node->InputAt(0)).IsNone() in simplified-lowering.cc-2019-08-23
952073Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-08-23
958689UaF in SharedWorkerClient::OnScriptLoadFailed-2019-08-23
958963Security: Sign in to Chrome OS using Smart Lock without entering PIN on Android device$6,3372019-08-23
959193Heap-buffer-overflow in u_strlen_64-2019-08-23
962368Security: Wrong url in omnibox on iOS (URL spoof)-2019-08-23
963060Bad-cast to blink::DisplayItemClient from invalid vptr in blink::DisplayItemRasterInvalidator::Generate-2019-08-23
963076Use-of-uninitialized-value in handle_vdm_request-2019-08-23
963463Crash in v8::internal::FullMaybeObjectSlot::Relaxed_Store-2019-08-23
963464Crash in ptr-2019-08-23
963466Crash in v8::internal::FeedbackVector::SetOptimizationMarker-2019-08-23
963681Crash in chrome-2019-08-23
963687Crash in v8::internal::Simulator::LoadStoreHelper-2019-08-23
963890Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPhysicalFragment::HasLayer-2019-08-23
964109Use-of-uninitialized-value in pd_update_pdo_flags-2019-08-23
951880URL spoofing with post urls-2019-08-22
960209Chrome CORS Causes Unauthorized File Download and Arbitrary File Execution on macOS$5002019-08-22
963278Heap-use-after-free in SlowLastChild-2019-08-22
963461DCHECK failure in has_feedback_vector() in js-objects-inl.h-2019-08-22
963568DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h-2019-08-22
622974Another case where incorrect origin is sent with message event-2019-08-21
952709Heap-use-after-free in SerialChooserController::OnGetDevices-2019-08-21
958718DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line-2019-08-21
960331Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short-2019-08-21
961972Use-of-uninitialized-value in blink::LayoutInline::ContinuationBefore-2019-08-21
961973Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::WillBeDestroyed-2019-08-21
961977Use-of-uninitialized-value in blink::FloatRoundedRect::IncludeLogicalEdges-2019-08-21
961989Crash in blink::LayoutBlockFlow::WillBeDestroyed-2019-08-21
961990Use-of-uninitialized-value in blink::BoxPainterBase::FillLayerInfo::FillLayerInfo-2019-08-21
962008Heap-use-after-free in blink::NGPaintFragment::TryMarkLastLineBoxDirtyFor-2019-08-21
962027Bad-cast to blink::LayoutObject from invalid vptr in blink::HTMLFrameOwnerElement::GetLayoutEmbeddedContent-2019-08-21
962086[LayoutNG] Bad-cast to blink::LayoutObject from invalid vptr in blink::Node::DetachLayoutTree-2019-08-21
962088Bad-cast to blink::LayoutObject from invalid vptr in blink::EndsOfNodeAreVisuallyDistinctPositions-2019-08-21
962141Heap-use-after-free in GetDocument-2019-08-21
962273Heap-use-after-free in IsInline-2019-08-21
962338Use-of-uninitialized-value in blink::NGBoxFragmentPainter::PaintObject-2019-08-21
962841Heap-use-after-free in blink::LayoutObject::PreviousInPreOrder-2019-08-21
961979Crash in blink::Document::View-2019-08-20
961985Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::InlineElementContinuation-2019-08-20
962065Heap-use-after-free in blink::LayoutBlockFlow::InlineElementContinuation-2019-08-20
962172Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline-2019-08-20
962197Heap-use-after-free in blink::LayoutBlockFlow::NodeForHitTest-2019-08-20
962275Security DCHECK failure: !object || (object->IsText()) in layout_text.h$3,5002019-08-20
962468Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2019-08-20
962474DCHECK failure in effect_edges > 0 in verifier.cc-2019-08-20
957160Use-after-poison in blink::UpdatePlaceholderImage-2019-08-19
958510Use-of-uninitialized-value in pd_partner_port_reset-2019-08-19
961943Use-of-uninitialized-value in blink::NGInlineLayoutStateStack::UpdateAfterReorder-2019-08-19
961773DCHECK failure in !ExpectedTransitionKey().is_null() in transitions-inl.h-2019-08-18
950230Heap-buffer-overflow in materialize-2019-08-17
959390Security: Access-Control-Expose-Headers is not honored for redirects$5002019-08-17
949413pdfium (XFA): wrong object type / uaf in SyncContainer$3,0002019-08-16
957521Security: Heap-use-after-free in XRView::UpdateProjectionMatrixFromAspect-2019-08-16
958072Heap-buffer-overflow in libGLESv2_swiftshader-2019-08-16
959747Unknown signal in Builtins_StoreFastElementIC_GrowNoTransitionHandleCOW-2019-08-16
954818Security: Crosh privilege escalation / sandbox escape via command injection in set_arpgw$5,5002019-08-15
957405DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim-2019-08-15
957522Security: Heap-use-after-free in ShapeDetector::DetectShapesOnImageData-2019-08-15
959727DCHECK failure in !IsElement() in lookup.h-2019-08-15
960520Use-of-uninitialized-value in BN_bin2bn-2019-08-15
960680Bad-cast to v8::String::ExternalOneByteStringResource from v8::internal::SimpleStringResource<unsigned short, v8::String::ExternalStringResource> in v8::internal::ExternalOneByteString::GetChars-2019-08-15
960735Heap-use-after-free in blink::SnapCoordinator::UpdateSnapContainerData-2019-08-15
960753CVE-2019-11811 CrOS: Vulnerability reported in Linux kernel-2019-08-15
960775Use-after-poison in blink::PersistentBase<blink::Document,-2019-08-15
949418Heap-buffer-overflow in courgette::DisassemblerElf32::ExtractAbs32Locations-2019-08-14
959066Use-of-uninitialized-value in courgette::DisassemblerElf32ARM::RelToRVA-2019-08-14
959264Use-of-uninitialized-value in setvar_-2019-08-14
959534CVE-2019-11599 CrOS: Vulnerability reported in Linux kernel-2019-08-14
959538CVE-2019-7222 CrOS: Vulnerability reported in Linux kernel-2019-08-14
959563Heap-use-after-free in headless::HeadlessShell::Shutdown-2019-08-14
959745Crash in blink::FrameLoader::StartNavigation-2019-08-14
951795Security: Use-after-free in WasmMemoryObject::Grow-2019-08-13
957092Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture-2019-08-13
957285Bad-cast to base::sequence_manager::TaskQueue from invalid vptr in base::sequence_manager::ThreadManager::PostDelayedTask-2019-08-13
958528Use-of-uninitialized-value in BN_div-2019-08-13
958525Use-of-uninitialized-value in bn_mul_comba8-2019-08-13
958755Bad-cast to headless::HeadlessWebContents from invalid vptr in headless::HeadlessShell::Shutdown-2019-08-13
959192Heap-use-after-free in content::FileSystemManagerImpl::Open-2019-08-13
959518Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockContext::kChildren) in l-2019-08-13
959645DCHECK failure in value->IsSmi() in objects-debug.cc-2019-08-13
959835Security DCHECK failure: !object || (object->IsLayoutEmbeddedContent()) in layout_embedded_content.h-2019-08-13
956851Heap-use-after-free in fts3DisconnectMethod-2019-08-11
958787Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutImage in blink::HTMLFrameOwnerElement::SetEmbeddedContentView-2019-08-11
959387Bad-cast to v8::internal::compiler::GapResolver::Assembler from invalid vptr in v8::internal::compiler::GapResolver::Resolve-2019-08-11
959381Crash in v8::internal::OwnedVector<unsigned char>::New-2019-08-11
959541Heap-buffer-overflow in v8::internal::Assembler::jmp-2019-08-11
952682DCHECK failure in value->IsSmi() in objects-debug.cc-2019-08-10
956391CrOS: Vulnerability reported in dev-db/sqlite-2019-08-10
958307Heap-use-after-free in net::MDnsClientImpl::Core::DoCleanup-2019-08-10
958531Use-of-uninitialized-value in setvar-2019-08-10
958759CHECK failure: (location_) != nullptr in maybe-handles.h-2019-08-10
958872Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber-2019-08-10
959024Incorrect-function-pointer-type in blink::InputType::Create-2019-08-10
959014Crash in v8::internal::wasm::NativeModule::AddCodeWithCodeSpace-2019-08-10
959031Crash in v8::internal::wasm::NativeModule::runtime_stub_entry-2019-08-10
959064Crash in apply-2019-08-10
959107Crash in v8::internal::OwnedVector<unsigned char>::New-2019-08-10
959190Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer-2019-08-10
959197Heap-buffer-overflow in WriteUnalignedValue<unsigned-2019-08-10
959199Bad-cast to v8::internal::compiler::CodeGeneratorv8::internal::compiler::CodeGenerator::AssembleCode in void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::AssembleC-2019-08-10
959263Heap-buffer-overflow in emit-2019-08-10
959275Bad-cast to v8::internal::AssemblerBufferv8::internal::Assembler::GrowBuffer in v8::internal::Assembler::emit_mov-2019-08-10
959271Crash in ReadUnalignedValue<unsigned-2019-08-10
959386Crash in apply-2019-08-10
959472Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer-2019-08-10
959484Crash in v8::internal::compiler::InstructionSequence::InstructionBlockAt-2019-08-10
954891Security: OOB Read in ReflexHash::checkTriangle-2019-08-09
957323CVE-2019-8980 CrOS: Vulnerability reported in Linux kernel-2019-08-09
947858Crash in Builtins_InterpreterEntryTrampoline-2019-08-08
956531CrOS: Vulnerability reported in app-arch/tar-2019-08-08
957335Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal-2019-08-08
957436Security: heap-use-after-free in content::RenderFrameImpl::CommitFailedNavigationInternal$3,0002019-08-08
957830Use-of-uninitialized-value in inspector_protocol_encoding::json::JsonParser<unsigned char>::Parse-2019-08-08
958151Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber-2019-08-08
958457Use after free in PresentationAvailabilityState-2019-08-08
875546Use-of-uninitialized-value in gfx::Tween::IntValueBetween-2019-08-07
893087Security: pageCapture permission allows access to arbitrary local files and chrome:// pages$5002019-08-07
951322Crash in v8::internal::Simulator::LoadStorePairHelper-2019-08-07
954762Heap-buffer-overflow in webrtc::MouseCursorMonitorX11::CaptureCursor-2019-08-07
956414CVE-2019-10125 CrOS: Vulnerability reported in Linux kernel-2019-08-07
956597Security: UAF in ServiceWorkerPaymentInstrument$5,0002019-08-07
956947Heap-use-after-free in CPDF_ShadingPattern::Load()$6,0002019-08-07
957321CVE-2013-7470 CrOS: Vulnerability reported in Linux kernel-2019-08-07
956389CrOS: Vulnerability reported in net-misc/curl-2019-08-06
957814Heap-use-after-free in CPDF_RenderStatus::RenderObjectList-2019-08-06
956416CVE-2019-7221 CrOS: Vulnerability reported in Linux kernel-2019-08-05
956426DCHECK failure in old_descriptors_->GetDetails(modified_descriptor_) .representation() .Equals(new-2019-08-05
949887Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints-2019-08-04
956418CVE-2019-9213 CrOS: Vulnerability reported in Linux kernel-2019-08-04
928551HTTPS proxies can redirect CONNECT-2019-08-03
956415CVE-2019-6974 CrOS: Vulnerability reported in Linux kernel-2019-08-03
956428Crash in v8::Isolate::GetCurrentContext-2019-08-03
946395Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal-2019-08-02
955047Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-08-02
956427Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::HTMLFrameOwnerElement::OnViewportIntersectionChanged-2019-08-02
893258WebAuthN dialog elides long RP ID (hostnames) on the right-2019-08-01
948564Parameter passing error and Integer overflow in media_stream.mojom which could be used through ipc-2019-08-01
956393CVE-2019-10124 CrOS: Vulnerability reported in Linux kernel-2019-08-01
951712Security: pdfium SEGV on unknown address in CXFA_Graphics::FillPathWithShading$1,0002019-07-31
952301pdfium (XFA): oob array read in CXFA_Graphics::FillPathWithShading$1,0002019-07-31
952581Use-of-uninitialized-value in quic::QuicFramer::DecryptPayload-2019-07-31
952849Security: Use-after-free in AudioWorkletGlobalScope::Process-2019-07-31
953659v8 engine element kind type logic panic-2019-07-31
952406Security: Possible OOB related to chrome_sqlite3_malloc$5002019-07-30
954703Heap-buffer-overflow in DirectiveHeaderValueParser::DirectiveHeaderValueParser-2019-07-30
954760Heap-buffer-overflow in domain_reliability::DomainReliabilityHeader::Parse-2019-07-30
951262Crash in rr::optimize-2019-07-28
952041Heap-buffer-overflow in shaderc_spvc_compile_options_clone-2019-07-28
951218Heap-use-after-free in blink::NGOffsetMappingUnit::AssociatedNode-2019-07-27
932610Roll libxslt to downstream a security fix-2019-07-25
940285Heap-use-after-free in content::UtilityServiceFactory::RunNetworkServiceOnIOThread-2019-07-25
951988DCHECK failure in 0u == length in builtins-array.cc-2019-07-25
952749CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSGlobalProxy()) in js-objects-inl-2019-07-25
953157DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc-2019-07-25
953179DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc-2019-07-25
919300Use-of-uninitialized-value in avx::store_bgra$1,5002019-07-24
926219Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2019-07-24
934161Use-of-uninitialized-value in avx::store_NUMBER$1,5002019-07-24
950531Security: LoadComBaseFunction susceptible to dll preloading-2019-07-24
952340Use-of-uninitialized-value in blink::UserMediaRequest::Create-2019-07-24
952658VP9 deadlock with change in tile count-2019-07-24
952722DCHECK failure in is_resolved() in ast.h-2019-07-24
953233Use-of-uninitialized-value in v8::internal::interpreter::ConstantArrayBuilder::ToFixedArray-2019-07-24
947029Security: heap-use-after-free in SMILTimeContainer::UpdateAnimations()$3,0002019-07-23
949417Use-of-uninitialized-value in disk_cache::BackendImpl::NewEntry-2019-07-23
952594Security: SEGV with canvas strokeText-2019-07-23
952389Bad-cast to blink::LayoutBlockFlow from blink::LayoutInline in blink::CompositeEditCommand::AddBlockPlaceholderIfNeeded-2019-07-22
952384Bad-cast to blink::LayoutBlockFlow from blink::LayoutTable in blink::LayoutBlockFlow& blink::To<blink::LayoutBlockFlow, blink::LayoutObject>-2019-07-22
952564Crash in avx::lowp::scale_u8-2019-07-22
952565Crash in ssse3::blit_mask_d32_a8-2019-07-22
952566Crash in _ZN3avx4lowpL7lerp_u8EmPPvmmDv8_tS3_S3_S3_S3_S3_S3_S3_$dc6b7024eef44a823ed47e292-2019-07-22
952568Crash in Sk4px::Load4Alphas-2019-07-22
952574Crash in void mergeT<unsigned char>-2019-07-22
952575Crash in blend_row_A8-2019-07-22
952582Crash in load<unsigned char __attribute__-2019-07-22
952590Crash in SkARGB32_Opaque_Blitter::blitMask-2019-07-22
952595Crash in load<unsigned char __attribute__-2019-07-22
952598Crash in _platform_memmove$VARIANT$Nehalem-2019-07-22
952603Crash in SkBlitter::blitMask-2019-07-22
952615Crash in bits_to_runs-2019-07-22
952626Crash in MapDstAlpha<-2019-07-22
952629Crash in void Sk4px::MapDstAlpha<ssse3::blit_mask_d32_a8_black-2019-07-22
952666Crash in sse2::lerp_u8-2019-07-22
952649Crash in void Sk4px::MapDstSrcAlpha<Sk4px-2019-07-22
948499Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2019-07-21
951438DCHECK failure in GetReadOnlyRoots().fixed_cow_array_map() != map() in fixed-array-inl.h$3,5002019-07-21
924227Heap-buffer-overflow in spirv_cross::SPIRConstant& spirv_cross::variant_set<spirv_cross::SPIRConstant, u-2019-07-20
924735Security: Marvell Avastar WiFi vulnerability-2019-07-20
951164DCHECK failure in IsFastElementsKind(array->GetElementsKind()) in elements.cc-2019-07-20
951780DCHECK failure in IsDoubleElementsKind(Subclass::kind()) in elements.cc-2019-07-20
925244CHECK failure: node->opcode() == IrOpcode::kParameter || node->opcode() == IrOpcode::kProjectio-2019-07-19
948575Security: Potential UAF in FidoBleDiscovery-2019-07-19
948944CHECK failure: !address.is_initialized() || sizeof(*data_) == address.BlockSize() in storage_bl-2019-07-19
950318Heap-use-after-free in disk_cache::MappedFile::Load-2019-07-19
951374DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsF-2019-07-19
925788Security: PDFium Heap Buffer Overflow in CXFA_TextLayout::DoLayout$1,0002019-07-18
932900pdfium XFA CXFA_FFDocView::RunSubformIndexChange Use After Free$3,0002019-07-18
947342Security: heap-buffer-overflow TextureD3D_2DArray::getImage$1,0002019-07-18
950848Use-of-uninitialized-value in webrtc::AudioDecoderMultiChannelOpusConfig::IsOk-2019-07-18
950747DCHECK: !initializing_store && property_details_.constness() == PropertyConstness::kConst implies IsConstFieldValueEqualTo(*value)-2019-07-18
951216Use-after-poison in blink::ThreadableLoader::Cancel-2019-07-18
925787Security: PDFium Heap Buffer Overflow in CXFA_LayoutPageMgr::FinishPaginatedPageSets$1,0002019-07-17
933163pdfium XFA CXFA_FFDocView::RunValidate Use After Free$3,0002019-07-17
950005Security: PDF plugin is allowed to use Pepper TCPServerSocketPrivate API-2019-07-17
950592Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-07-17
944424UAF in TaskQueueImpl::CreateTaskRunner$3,0002019-07-16
949996CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName()) in name-inl.h-2019-07-16
950275Use-of-uninitialized-value in blink::TransformationMatrix::ToSkMatrix44-2019-07-15
950254Use-of-uninitialized-value in SkMatrix44::recomputeTypeMask-2019-07-15
935735Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-07-14
901665Index-out-of-bounds in vrend_set_single_abo-2019-07-13
936741Heap-buffer-overflow in courgette::DetectDisassembler-2019-07-13
925614protocol property of URL including specific character doesn't return correct value$5002019-07-12
934112Heap-buffer-overflow in courgette::DisassemblerWin32::ParseHeader-2019-07-12
943709libANGLE heap-buffer-overflow triggered by WebGL2 on Windows 10$1,0002019-07-12
944865DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2019-07-12
948172Security: PDF plugin is allowed to use Pepper Socket API-2019-07-12
948990Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::ToLayoutBox-2019-07-12
949015Bad-cast to blink::LayoutObject from invalid vptr in blink::SVGResources::LayoutIfNeeded-2019-07-12
947410Bad-cast to Ice::OperandOptimizer::getUses in rr::optimize-2019-07-11
947493Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent-2019-07-11
947784Use-of-uninitialized-value in cc::PaintImageBuilder::TakePaintImage-2019-07-11
881267Chrome v69 URL spoofing vulnerability on IOS$1,0002019-07-10
943424use-after-free in libANGLE triggered by WebGL2 on Windows 10$3,0002019-07-10
943538libANGLE use-after-free (gl::State::syncTextures) triggered through WebGL2 in the GPU process$3,0002019-07-10
944800Use-after-poison in blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<`lambda-2019-07-10
945246DCHECK failure in map_.is_stable() in compilation-dependencies.cc-2019-07-10
946550Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-07-10
947865Use-of-uninitialized-value in dawn_native::TextureBase::Destroy-2019-07-10
948228DCHECK failure in *isolate->external_caught_exception_address() in wasm-engine.cc-2019-07-10
948248Security: Debug check failed: name->is_one_byte() src/parsing/parser.cc, line 350-2019-07-10
943087Integer overflow in libANGLE that results in memory corruption in GPU process$3,0002019-07-09
948307DCHECK failure in ObjectInYoungGeneration(HeapObjectSlot(slot).ToHeapObject()) in heap.cc-2019-07-09
944930Regenerate chromeos-base/chromeos-ca-certificates with the latest set of pki.goog/roots.pem-2019-07-08
946889v8 debug version crash when CreateGraph phase-2019-07-08
947240use-after-free happening in unittest LayerTreeHostImplTest.ScrollSnapOnY$3,0002019-07-08
947949CHECK failure: this->first()->length() > 0 in objects-debug.cc-2019-07-08
946539Heap-buffer-overflow in disk_cache::EntryImpl::UserBuffer::Write-2019-07-07
947378Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-07-07
947499Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2019-07-07
892875Security: crosvm: integer overflow in read_struct_slice-2019-07-06
897641Security: URL in Omnibox doesn't always match page content$1,0002019-07-06
901603Index-out-of-bounds in BZ2_decompress-2019-07-06
916838Security: Two autocomplete flaws together allow sites to invisibly read credit card numbers after a single keypress$3,3372019-07-06
939644Integer overflows in disk caches-2019-07-06
943387Security: Regression : URL bar spoofing with "file:///" URL on iOS-2019-07-06
946862Heap-use-after-free in net::PrioritizedDispatcher::MaybeDispatchJob-2019-07-06
947323Use-of-uninitialized-value in dawn_native::TextureBase::Destroy-2019-07-06
945644Security: Failed Debug Check in src/compiler/verifier.cc, line 121$3,0002019-07-05
945855Heap-use-after-free in BEInt<unsigned int, 4>::operator unsigned int-2019-07-05
946006Heap-use-after-free in blink::LocalFrameUkmAggregator::RecordSample-2019-07-05
946434Heap-use-after-free in base::LinkNode<disk_cache::MemEntryImpl>::RemoveFromList-2019-07-05
946543Heap-buffer-overflow in BEInt<short, 2>::operator short-2019-07-05
946806Crash in BEInt<unsigned int, 4>::operator unsigned int-2019-07-05
947150Use-of-uninitialized-value in dawn_native::ValidateTextureViewDescriptor-2019-07-05
918293Security: Cross origin resource size infoleak$1,0002019-07-04
927764Download Protection: Malicious extensions Mac OS (Safe Browsing)-2019-07-04
944346Crash in BEInt<unsigned int, 4>::operator unsigned int-2019-07-04
944945CHECK failure: !result.failed() in wasm-engine.cc-2019-07-04
945370UAF in IndexedDB$8,0002019-07-04
946175Crash in v8::internal::Map::instance_type-2019-07-04
946301Heap-use-after-free in ash::CaptionContainerView::SetBackdropVisibility-2019-07-04
933221Wild read within ASAN instrumentation in __sanitizer_cov_trace_pc_guard-2019-07-03
937773CVE-2019-8912: Security: Linux Kernel: Potential priv esc via UAF in sockfs_settattr-2019-07-03
944391Stack-buffer-overflow in sh::TInfoSinkBase::operator<<-2019-07-03
944971Security: OOB memory access in v8 regexp-2019-07-03
945084Crash in vpx_subtract_block_sse2-2019-07-03
945341CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsFixedArrayBase()) in fixed-array-i-2019-07-03
946310CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc-2019-07-03
946350Crash in v8::internal::Object::Number-2019-07-03
944435CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-07-02
945124Heap-use-after-free in disk_cache::SimpleEntryImpl::CreationOperationComplete-2019-07-02
945152Heap-use-after-free in blink::PaintController::FinishCycle-2019-07-01
941340CSP bypass with import maps$1,0002019-06-30
940205Heap-use-after-free in renameTokenCheckAll-2019-06-29
943913Stack-buffer-overflow in quic::QuicDataReader::ReadConnectionId-2019-06-29
944013Stack-buffer-overflow in quic::QuicDataReader::ReadBytes-2019-06-29
944062Security: v8: turbofan: JSCallReducer::ReduceArrayIndexOfIncludes fails to insert Map checks-2019-06-28
937663Use-of-uninitialized-value in mov_read_dfla-2019-06-27
942699Security: Google V8 Array.prototype Memory Corruption Vulnerability (TALOS-2019-0791)$2,0002019-06-27
942898UAF in indexeddb IndexedDBDatabase::RequestComplete$10,0002019-06-27
942671URL spoofing using invalid urls (invalid prototype)-2019-06-26
939316V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct-2019-06-25
941952DCHECK failure in 0 <= index && index < node->op()->ValueInputCount() in node-properties.cc$1,5002019-06-25
941743Security: OOB write in v8::internal::(anonymous namespace)::ElementsAccessorBase-2019-06-24
941746Security: UAF in content::IndexedDBDatabase-2019-06-22
940283Use-of-uninitialized-value in content::PowerMonitorTestImpl::~PowerMonitorTestImpl-2019-06-21
941360Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-06-21
941542Use-of-uninitialized-value in Deserializer::readDescriptor-2019-06-21
941991Chromium: Vulnerability reported in libxml-2019-06-21
936531heap-use-after-free : base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront-2019-06-20
939689Security: Android : http authentication spoof$1,0002019-06-20
939746CHECK failure: TypeError: node #171:StringCharCodeAt(input @1 = PoisonIndex:PoisonIndex) type (-2019-06-20
940284Stack-buffer-overflow in auto_descriptor_from_desc-2019-06-20
941008Security: UAF in FileChooserImpl-2019-06-20
940296Crash in unsigned long v8::base::AsAtomicImpl<long>::Relaxed_Load<unsigned long>-2019-06-19
940843Stack-buffer-overflow in SkDescriptor::findEntry-2019-06-19
885215Security: SiteInstanceImpl::GetSiteForURL ignores hash in Data URL$5002019-06-18
937199pdfium (XFA): heap-use-after-free in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset$1,0002019-06-18
938724pdfium (XFA): oob read in CFGAS_FormatString::FormatStrNum$1,0002019-06-18
940000heap-use-after-free : base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase-2019-06-18
940245Security: Security: Chrome renderer process persistence bug on android$1,0002019-06-18
932908Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement-2019-06-17
939239Arbitrary Read in swiftshader$1,0002019-06-15
938867Bad-cast to blink::HTMLInputElement in IsMenulistInput-2019-06-14
930550Heap-buffer-overflow in bn_cmp_part_words-2019-06-13
937799Security: Invalid read. SEGV on CXFA_Radial::Draw.$3,0002019-06-13
938311heap-use-after-free in AsyncCompileJob$3,0002019-06-13
938626pdfium (XFA): oob read in CFGAS_FormatString::GetNumericFormat-2019-06-13
937412Crash in update_tricolor_matrix-2019-06-12
937628Crash in dawn_native::TextureFormatPixelSize-2019-06-12
938251Security: Integer overflow in NewFixedDoubleArray-2019-06-12
913320Heap-use-after-free in CPDF_ShadingPattern::Load()$3,0002019-06-11
917688use-after-poison on blink::CanvasResourceDispatcher::OnBeginFrame-2019-06-11
925598Security: URL bar spoofing on iOS (repro issue 844881)$2,0002019-06-11
926160CVE-2019-3819 CrOS: Vulnerability reported in Linux kernel-2019-06-11
937487chrome.dashboardPrivate API is exposed to whole origin of https://chrome.google.com$5002019-06-11
937649Unknown signal in Builtins_JSEntryTrampoline-2019-06-11
928014Crash in base::FilePath::FilePath-2019-06-10
935209Use-after-free in GenerateNetworkErrorLoggingReport-2019-06-10
915423Use-of-uninitialized-value in v8::internal::Factory::NewNumberFromUint-2019-06-08
935374Bad-cast to blink::LayoutImage from invalid vptr in blink::LayoutImage::ImageNotifyFinished-2019-06-08
937155Bad-free in _pthread_tsd_cleanup-2019-06-08
937206Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent-2019-06-08
929198Crash in _cupsStrFree-2019-06-07
933743Heap-buffer-overflow in media::mp4::ConvertAVCToAnnexBInPlaceForLengthSize4-2019-06-07
934166Security: other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() (0x563015eb2cf8 vs. 0x563015eb2cf8).-2019-06-07
935076Heap-use-after-free in blink::LayoutImage::ImageNotifyFinished-2019-06-07
936346Crash in Ice::XNUMBER::InstImpl<struct Ice::XNUMBER::TargetX8664Traits>::InstX86Movd::emi-2019-06-07
936448Heap-use-after-free WRITE 4 · v8::internal::ElementsAccessorBase-2019-06-07
913964UAP in blink::UpdatePlaceHolderImage$3,0002019-06-06
919046use-after-poison in blink::CanvasResourceDispatcher::OnBeginFrame-2019-06-06
929757Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept-2019-06-06
930035Security: Stack out-of-bounds writes in WebmMuxer::AddAudioTrack$5002019-06-06
930057Security: CORS policy not applied for bitmap canvases loaded without CORS support$1,0002019-06-06
932922Heap-use-after-free in aura::EventObserverAdapter::~EventObserverAdapter$1,5002019-06-06
934201Security: Internal object leak in ReadableStream-2019-06-06
935175Security: Address bar spoofing with mishandling canceled requests.$1,0002019-06-06
934128Heap-buffer-overflow in gpr_murmur_hash3-2019-06-05
936302CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-06-05
933004Security: command line injection in Windows (--user-data-dir)$5002019-06-04
933664OOB read and write in BigUint64Array-2019-06-04
935078Crash in dawn_native::InputStateBuilder::SetAttribute-2019-06-04
935026Global-buffer-overflow in dawn_native::VertexFormatComponentSize-2019-06-04
935138Use-of-uninitialized-value in v8::internal::compiler::TurbofanWasmCompilationUnit::BuildGraphForWasmFunction-2019-06-04
931949Security: Type confusion in JSPromise::TriggerPromiseReactions-2019-06-03
935101CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc-2019-06-03
894933Heap-buffer-overflow in xmlParseAttValueInternal-2019-06-02
927982Heap-use-after-free in egl::Surface::deleteResources-2019-06-02
929088Heap-use-after-free in egl::Display::terminate-2019-06-02
929962Code review: ReadBits may return uninitialized value due to unchecked return status.$5002019-06-01
930663Security: READ heap-buffer-overflow in libxslt (type confusion?)$1,0002019-06-01
933418ptrace syscall on Android can bypass seccomp on Linux <4.8-2019-06-01
934869Crash in Ice::CfgNode::appendInst-2019-06-01
924209Use-of-uninitialized-value in sw::Shader::analyzeIndirectAddressing-2019-05-31
933851Bad-cast to (anonymous namespace)::WebrtcTaskQueue from invalid vptr in base::internal::Invoker<base::internal::BindState<void-2019-05-31
933977Heap-buffer-overflow in sw::PixelProgram::CALL-2019-05-31
934085Crash in llvm::ilist_base<true>::insertBeforeImpl-2019-05-31
352465Security: terminalPrivate API should use an unforgeable process reference-2019-05-30
490720Security: ping utility includes process id in echo requests-2019-05-30
920169CrOS: Vulnerability reported in dev-libs/elfutils-2019-05-30
921983CrOS: Vulnerability reported in dev-libs/libtasn1-2019-05-30
929652DOMParser APIs send DNS request via preconnect link tag-2019-05-30
932034Size calculation overflow can lead to heap buffer overflow$5,0002019-05-30
932867Stack-buffer-overflow in sw::Shader::analyzeCallSites-2019-05-30
932953CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda-2019-05-30
933179DCHECK failure in old_map_->is_stable() in map-updater.cc-2019-05-30
933212Heap-use-after-free in CFX_ReadOnlyMemoryStream::~CFX_ReadOnlyMemoryStream-2019-05-30
933341Heap-use-after-free in dawn_native::CommandEncoderBase::HandleBuilderError-2019-05-30
933760Use-of-uninitialized-value in =-2019-05-30
927432Use-after-poison in base::internal::Invoker<base::internal::BindState<void-2019-05-29
930154Security: Possible to override browser-initiated navigation using WindowClient.navigate$5002019-05-29
932895Crash in HandleDynamicTypeCacheMiss-2019-05-29
933135Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::WriteNextFil-2019-05-29
933211mXSS: Potential XSS via noembed tags parsed by DOMParser APIs$5002019-05-29
933521DCHECK failure in length_ < capacity() in string-builder.cc-2019-05-29
928051Crash in base::Thread::ThreadMain-2019-05-28
929521Crash in metrics::CallStackProfile_Location* google::protobuf::Arena::CreateMaybeMessage<-2019-05-27
928863Crash in sw::Thread::Thread-2019-05-26
908669Bad-free in base::internal::BindState<void-2019-05-24
923654Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive-2019-05-24
924972Security: site isolation bypass: websockets leak cross-origin cookies-2019-05-24
926651Security: [v8] Type Confusion in Builtins_CallUndefinedReceiver1Handler$6,0002019-05-24
927646Security: heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidationWithoutGeometryChange$3,0002019-05-24
928974Security: http authentication spoof (repro issue 884179)$1,0002019-05-24
930948CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-05-24
931175Security: Invalid read. SEGV on CXFA_Graphics::FillPathWithShading$5002019-05-24
920580CrOS: Vulnerability reported in dev-libs/libzip-2019-05-23
928138Crash in base::CreateThread-2019-05-23
928223Crash in base::RunLoop::Run-2019-05-23
878805Weird crash in V8 javascript engine-2019-05-22
921581Security: UAF in MidiManagerWin-2019-05-22
906342CVE-2018-14625 CrOS: Vulnerability reported in Linux kernel-2019-05-21
913561Security: pdfium heap BOF in RelocateTableRowCells$1,0002019-05-21
926853CrOS: Vulnerability reported in dev-libs/openssl-2019-05-21
927438Heap-use-after-free in blink::LayoutBlockFlow::DetermineStartPosition-2019-05-21
928044Crash in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run-2019-05-21
929624CVE-2018-16880 CrOS: Vulnerability reported in Linux kernel-2019-05-21
930474Bad-cast to blink::LayoutText from invalid vptr in blink::ToLayoutText-2019-05-21
930580DCHECK failure in !var->has_forced_context_allocation() || var->is_used() in scopes.cc-2019-05-20
930045CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda-2019-05-19
927307Github Wiki Pages for GoogleChrome are publicly editable.$5002019-05-18
927471AppCache may be used to bypass CORB (URLs covered by manifest)-2019-05-18
927849is_corb_enabled=false for requests from shared workers-2019-05-18
929711Security: Idn-spoof with using U+00F0 (ð)$5002019-05-18
930026Heap-buffer-overflow in base::WideToUTF8-2019-05-18
914983pdfium: signed-integer-overflow in AdjustGlyphSpace / CFX_DIBBase::GetOverlapRect$5002019-05-17
919635pdfium: signed-integer-overflow in CFX_RenderDevice::DrawNormalText-2019-05-17
919640pdfium: signed-integer-overflow in CFX_AggDeviceDriver::StretchDIBits-2019-05-17
922446crash_sender: invalid crash report names can trigger arbitrary file deletion as root$5002019-05-17
928720Security: Type confusion in V8TrustedTypePolicyOptions::ToImpl-2019-05-17
929217Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$1,5002019-05-17
929623CVE-2018-16862 CrOS: Vulnerability reported in Linux kernel-2019-05-17
929625CVE-2018-18397 CrOS: Vulnerability reported in Linux kernel-2019-05-17
929626CVE-2018-19854 CrOS: Vulnerability reported in Linux kernel-2019-05-17
919643pdfium: signed-integer-overflow in FX_RECT::Width-2019-05-16
921351Crash in _cupsStrFree-2019-05-16
926854CrOS: Vulnerability reported in app-admin/rsyslog-2019-05-16
928640Use-of-uninitialized-value in bool base::internal::CheckedAddOp<long, long, void>::Do<long>-2019-05-16
928755Heap-use-after-free in v8::internal::wasm::CompilationStateImpl::OnFinishedUnit-2019-05-16
929020Crash in base::WaitableEvent::TimedWaitUntil-2019-05-16
926105Framebusting protection bypass because a download redirected cross-origin gets processed as a main frame navigation$5002019-05-15
927396Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept-2019-05-15
928061Heap-use-after-free in v8::internal::wasm::BackgroundCompileTask::RunInternal-2019-05-15
927555Security DCHECK failure: RotateTransformOperation::IsMatchingOperationType(transform.GetType()) in rotate$1,5002019-05-14
927644PDFium Use After Free on CXFA_FFNotify::OpenDropDownList (XFA enable)$3,5002019-05-14
925232CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint-2019-05-13
928062Crash in base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity-2019-05-13
928239CVE-2018-16884 CrOS: Vulnerability reported in Linux kernel-2019-05-13
826030webRequest extensions can see other extensions' requests.-2019-05-11
925050CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc-2019-05-11
915455Crash in spirv_cross::Compiler::traverse_all_reachable_opcodes-2019-05-10
919176Heap-buffer-overflow in spirv_cross::CompilerGLSL::emit_instruction-2019-05-10
925641Crash in gldRenderFillPolygonPtr-2019-05-10
925790Security: PDFium Use After Free in CXFA_ItemLayoutProcessor::ExtractLayoutItem$3,0002019-05-10
926640pdfium: use-after-dtor in CPDF_GeneralState::StateData::~StateData()$1,0002019-05-10
913564Security: pdfium heap use after free in cxfa_layoutitem$3,0002019-05-09
919813CrOS: Vulnerability reported in media-libs/lcms-2019-05-09
924450Security: heap-use-after-free in blink::CSSToLengthConversionData::FontSizes::FontSizes$3,0002019-05-09
926852CVE-2018-16882 CrOS: Vulnerability reported in Linux kernel-2019-05-09
926964Security DCHECK failure: node.IsElementNode() in element.h-2019-05-09
867509Security: Chrome OS: almost-exploitable AVFS behavior: argument injection; subdir/bind bypass-2019-05-08
906601Use-of-uninitialized-value in sse41::blit_row_s32a_opaque-2019-05-08
915197OOB write in sw::VertexProgram::Program$3,0002019-05-08
915206OOB write in sw::VertexProgram::WHILE$3,0002019-05-08
915218OOB operation in SwiftShader JIT code.$1,0002019-05-08
923695Security: URL bar spoofing on iOS-2019-05-08
923951Security: heap-use-after-free in blink::ImageResourceContent::UpdateImageAnimationPolicy$3,0002019-05-08
924843DCHECK failure in IsAligned(DistanceTo(target), kInstrSize) in instructions-arm64.cc-2019-05-08
925864Security: UAF in FileSystemOperationRunner-2019-05-08
926027Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement-2019-05-08
926036DCHECK failure in (decl.pattern) != nullptr in parser.cc-2019-05-08
921390Security: Hostname not elided securely (URL spoofing on iOS)$5002019-05-07
925671DCHECK failure in 0 < outstanding_tiering_units_ in module-compiler.cc-2019-05-07
919356Security: RCE via "copy as curl" on mac-2019-05-05
924133Security: V8: Fatal error in ../../src/runtime/runtime-array.cc, line 167-2019-05-05
913314Security: Permission request UI spoof$5002019-05-04
922864pdfium (XFA): wrong object type in CFXJSE_FormCalcContext::ParseResolveResult$3,0002019-05-04
924388Use-of-uninitialized-value in views::View::GetWidget-2019-05-04
924457Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers-2019-05-04
925146CHECK failure: 2 == total_number_of_control_uses in verifier.cc-2019-05-04
903233Heap-buffer-overflow in quipper::PerfSerializer::SerializeMMap2Event-2019-05-03
903237Heap-buffer-overflow in quipper::PerfReader::ReadPipedData-2019-05-03
904382Heap-buffer-overflow in quipper::PerfReader::ReadBuildIDMetadataWithoutHeader-2019-05-03
915975V8 HeapObject pointing to JIT memory$3,0002019-05-03
923205Bad-cast to cc::ContentLayerClient from invalid vptr in cc::PictureLayer::Update-2019-05-03
924375Heap-buffer-overflow in sh::OutputVariable::~OutputVariable-2019-05-03
924411Bad parameters to --sanitizer-annotate-contiguous-container in sh::TCompiler::~TCompiler-2019-05-03
924382Crash in sh::ShaderVariable::~ShaderVariable-2019-05-03
924537Crash in sh::Attribute::~Attribute-2019-05-03
924905DCHECK failure in lsb == base::bits::CountTrailingZeros32(value) in instruction-selector-arm.cc-2019-05-03
924928pdfium (XFA): double-free in CJX_Node::saveXML$3,0002019-05-03
924950Heap-use-after-free in views::View::~View-2019-05-03
923913Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition-2019-05-02
924418Heap-use-after-free in ui::PropertyHandler::SetPropertyInternal-2019-05-02
915541Security: ChromeOS Persistent root Command Execution$75,0002019-05-01
922627Chromium - Exposed GPU profiler allows to dump all URLs and headers from requested pages$4,0002019-05-01
922844Use-of-uninitialized-value in sqlite3BtreeMovetoUnpacked-2019-05-01
923630Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser-2019-05-01
923646CrOS: Vulnerability reported in net-misc/curl-2019-05-01
923675DCHECK failure in candidate->location.IsValid() in modules.cc-2019-05-01
920120CHECK failure: #14 ADDRESS (/mnt/scratch0/clusterfuzz/bot/builds/v8-asan_linux-debug_ddc8d9b4e-2019-04-30
920276Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage-2019-04-30
920421Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-04-30
923264CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString()-2019-04-30
922933DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-29
912602Crash in sw::Thread::Thread-2019-04-28
914925Crash in libX11.so.6-2019-04-28
921393Crash in cc::SaveOp::Serialize-2019-04-28
922303Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition-2019-04-28
910305Security: Make JIT payment Service Worker registrations same-origin only-2019-04-27
918022Heap-buffer-overflow in scan_bos_continue-2019-04-27
918232Security: chromedriver LCE-2019-04-27
918311Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-04-27
919181Container-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-04-27
920995CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-27
921380CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-27
922077Bad-cast to content::(anonymous namespace)::WebServiceWorkerNetworkProviderImplForFrame from content::WebServiceWorkerNetworkProviderImplForWorker in content::ServiceWorkerNetworkProvider::FromWebServiceWorkerNetworkProvider-2019-04-27
922668Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char-2019-04-27
888311CrOS: Vulnerability reported in app-crypt/mit-krb5-2019-04-26
916523Security: Double-destruction race in StoragePartitionService-2019-04-26
916152Security: symlinks in /var/log can be abused to create messy arbitrary file write primitives-2019-04-25
916870CrossCallParamsEx::GetParameterStr causes Heap-buffer-overflow-2019-04-25
919486Clean up extended attributes inadvertently being set on user data files-2019-04-25
920115Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::PriorityFromObserver-2019-04-25
921074Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char-2019-04-25
922432Heap-buffer-overflow in unsigned int v8::internal::wasm::Decoder::read_leb_tail<unsigned int,-2019-04-25
922677Security: UAF in FileWriterImpl-2019-04-25
910906Upgrade SQLite to 3.26.0-2019-04-24
912074heap-use-after-free on RTCPeerConnectionHandler$3,0002019-04-24
912983Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short-2019-04-24
916874Heap-buffer-overflow in bool base::UTFConversion<base::BasicStringPiece<std::__1::basic_string<wchar_t,-2019-04-24
917702Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-04-24
917936Heap-buffer-overflow in AAT::KerxSubTableFormat4<struct AAT::KerxSubTableHeader>::driver_context_t::tran-2019-04-24
918340Use-of-uninitialized-value in AAT::ankr::get_anchor-2019-04-24
920579CrOS: Vulnerability reported in net-dns/avahi-2019-04-24
920990CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920991CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920992CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920993CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
920994CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921376CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921377CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921378CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921379CrOS: Vulnerability reported in media-gfx/imagemagick-2019-04-24
921382Security: Debug check failed: nary->op() == Token::COMMA in V8 parsing-2019-04-24
921563CrOS: Vulnerability reported in dev-libs/nettle-2019-04-24
921935Crash in webrtc::video_coding::DecodedFramesHistory::InsertDecoded-2019-04-24
921838Heap-buffer-overflow in blink::PropertyTreeManager::CreateCompositorScrollNode-2019-04-24
921951Use-of-uninitialized-value in webrtc::video_coding::DecodedFramesHistory::WasDecoded-2019-04-24
921952Heap-use-after-free in base::MessageLoopCurrent::GetWorkId-2019-04-24
914507Use-of-uninitialized-value in sqlite3BtreeDelete-2019-04-23
916140Security: /run/ipsec and /run/l2tpipsec_vpn should ideally not be group-writable-2019-04-23
920733getDisplayMedia() prompts from background tab, not obvious who's asking.$5002019-04-23
920859Use-of-uninitialized-value in blink::AddressCache::Lookup-2019-04-22
921299Use-of-uninitialized-value in SkPerlinNoiseShaderImpl::PaintingData::stitch-2019-04-22
921341Security DCHECK failure: it != clients_.end() in css_image_generator_value.cc-2019-04-22
902650Heap-use-after-free in vp8dx_bool_decoder_fill-2019-04-21
921076CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsPreparseData()) in shared-function-2019-04-21
911253SQLite3 exprCodeBetween heap-buffer overflow-2019-04-20
911255sqlite3ExprCompare Assertion Failure: (combinedFlags & EP_Reduced)==0-2019-04-20
917588DCHECK failure in is_fp() in liftoff-register.h-2019-04-20
918284DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-20
918861Security: Data race in ExtensionsGuestViewMessageFilter-2019-04-20
919717CVE-2017-0553 libnl-2019-04-20
919754DCHECK failure in !std::isnan(value) in js-operator.h-2019-04-20
920164CHECK failure: value->IsSmi() || value->IsTheHole(isolate) in objects-debug.cc-2019-04-20
920491CHECK failure: Type cast failed in CAST(elements) at ../../src/ic/accessor-assembler.cc:1830 in-2019-04-20
920769DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-20
780039kmod: kill support for /run/modprobe.d-2019-04-19
905509Audit (and remove as appropriate) use of size_t in command buffer code-2019-04-19
914736Security: Heap buffer overflow in the V8 language parser$7,5002019-04-19
918470Security: Extensions can add host permissions for chrome:// pages$5002019-04-19
919533DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-19
919649pdfium (XFA): oob array read in CFX_TxtBreak::GetBreakPos-2019-04-19
920048Security: http authentication spoof on chrome iOS (repro issue 884179)$5002019-04-19
920566Heap-use-after-free in PriorityFromObserver-2019-04-19
884122Security: Use-after-free in CPDFSDK_Widget::GetMixXFAWidget$3,0002019-04-18
892574Security: Use-after-free in CPDFXFA_Page::GetDisplayMatrix$3,0002019-04-18
915819sqlite3 allows arbitrary binary extension loading-2019-04-18
918771Heap-use-after-free in http2::HpackDecoderStringBuffer::BufferStringIfUnbuffered-2019-04-18
919800Heap-use-after-free in SelectFileDialogExtension::ExtensionDialogClosing$2,5002019-04-18
916080Security: UAF in RenderProcessHostImpl binding for P2PSocketDispatcherHost-2019-04-17
916960CrOS: Vulnerability reported in net-vpn/strongswan-2019-04-17
918273Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2019-04-17
918917DCHECK failure in HasRegisterMove(dst, src, type) in liftoff-assembler.cc-2019-04-17
919200Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::DoMultiDrawEndCHROMIUM-2019-04-17
919340CHECK failure: TypeError: node #169:DeadValue[kRepTagged](input @0 = CheckString:CheckString) t-2019-04-17
911822Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage-2019-04-16
913836Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback-2019-04-16
915857vpn-manager must sanitize ipsec certificate fields-2019-04-16
919572DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc-2019-04-16
918149DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc-2019-04-14
919014Heap-use-after-free in quic::QuicStreamSequencerBuffer::FirstMissingByte-2019-04-14
919073Heap-use-after-free in net::IntervalSet<unsigned long long>::Empty-2019-04-14
888323CVE-2018-14611 CrOS: Vulnerability reported in Linux kernel-2019-04-13
888324CVE-2018-14612 CrOS: Vulnerability reported in Linux kernel-2019-04-13
888325CVE-2018-14613 CrOS: Vulnerability reported in Linux kernel-2019-04-13
918260Heap-buffer-overflow in dawn_wire::QueueSubmitDeserialize-2019-04-13
918094Heap-buffer-overflow in dawn_wire::dawnShaderModuleDescriptorDeserialize-2019-04-13
918323Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-04-13
918348Heap-buffer-overflow in dawn_wire::dawnRenderPassColorAttachmentDescriptorDeserialize-2019-04-13
918849Heap-use-after-free in base::small_map<class std::unordered_map<unsigned int,class std::unique_ptr<clas-2019-04-13
906252Security: LUCI - Best practice in html escaping content before rendering not followed-2019-04-12
910222Use-of-uninitialized-value in avx::store_bgra-2019-04-12
914731Security: The serialized data is corrupted because the return value is always true.$1,0002019-04-12
917151CHECK failure: U_SUCCESS(status) in intl-objects.cc-2019-04-12
917412DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc-2019-04-12
917450DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h-2019-04-12
917785Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator-2019-04-12
917589Heap-use-after-free in gfx::ToEnclosingRect-2019-04-12
917980Security: Heap-use-after-free in TypedArray.join$5,0002019-04-12
917988DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc-2019-04-12
918222Heap-buffer-overflow in BEInt<unsigned char, 1>::operator unsigned char-2019-04-12
918450Heap-use-after-free in cc::Layer::SetOffsetToTransformParent-2019-04-12
905975Security: use-after-poison in mojo::SimpleWatcher::OnHandleReady$3,0002019-04-11
914756Bad-cast to spvtools::utils::SmallVector<unsigned int, 2> from invalid vptr in spvtools::opt::Instruction::GetSingleWordOperand-2019-04-11
918454Security: World Editable GitHub Repository Wikis for chromium$5002019-04-11
856973Security: Type confusion bypasses Spectre mitigation-2019-04-10
917021Crash in AddressIsPoisoned-2019-04-10
917025Heap-buffer-overflow in (std::is_function<std::__1::remove_pointer<unsigned-2019-04-10
915636CVE-2018-20169: Security: Linux kernel: BOF in drivers/usb/core/hub.c allowing read, maybe write-2019-04-09
917032Heap-use-after-free in cc::Layer::SetOffsetToTransformParent-2019-04-08
916558Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId-2019-04-07
905815DCHECK failure in pc <= end_ in decoder.h-2019-04-06
916861Crash in media::Vp9Parser::ParseSuperframe-2019-04-06
917036Crash in media::IvfParser::ParseNextFrame-2019-04-06
917608Crash in AddressIsPoisoned-2019-04-06
917645DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-04-06
918027Heap-use-after-free in blink::LayoutTableCell::CompareInDOMOrder-2019-04-06
931640Security: Type confusion in JSPromise::TriggerPromiseReactions-2019-04-05
749852Page still eats the page until the next `'`$5002019-04-05
910824DCHECK failure in *available != 0 in assembler-arm.cc-2019-04-05
914511IsolatedOrigins should ignore port numbers-2019-04-05
916871Heap-buffer-overflow in dawn_wire::dawnBindGroupLayoutBindingDeserialize-2019-04-05
916916Heap-buffer-overflow in dawn_wire::ComputePassEncoderSetPushConstantsDeserialize-2019-04-05
881024Use-of-uninitialized-value in gtk_widget_destroy-2019-04-04
917668Security: Cross Domain Bug of Indexeddb Database-2019-04-04
913270Heap-use-after-free in midi::MidiManager::~MidiManager-2019-04-03
900145Crash in _platform_memmove$VARIANT$Nehalem-2019-03-31
908191Crash in SkBinaryWriteBuffer::writePad32-2019-03-31
916873Heap-buffer-overflow in hunspell::BDict::Verify-2019-03-31
912508Heap-buffer-overflow in sh::SetUnionArrayFromMatrix-2019-03-30
912592DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-03-30
913805Crash in es2::Shader::compile-2019-03-30
916897Crash in blink::FindBuffer::PositionAtStartOfCharacterAtIndex-2019-03-30
917147Crash in FromHeapObject-2019-03-30
917545abort in pdfium_test (copied from PDFium tracker)-2019-03-30
733943Do not store URLs in xattr-2019-03-29
901768Need a reliable mechanism to make the login profile inaccessible after login completes-2019-03-29
912211Security: a use-after-free in RenderFrameImple can lead to an RCE$3,0002019-03-29
910916Heap-use-after-free in baseline::run_program-2019-03-28
916428Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith-2019-03-28
916525DCHECK failure in HasSimpleParameters() || is_block_scope() || is_being_lazily_parsed_ in scopes.c-2019-03-28
916869Ill in v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule-2019-03-28
901677Heap-use-after-free in baseline::exec_ops-2019-03-27
906437Use-of-uninitialized-value in av_tolower-2019-03-27
914240Crash in dawn_native::null::Buffer::SetSubDataImpl-2019-03-27
915205Crash in dawn_native::BufferBase::SetSubData-2019-03-27
915446Security: Background fetch leaks cross-origin response size$1,0002019-03-27
915469Security: Type Confusion in LayoutBlockFlow::CreateLineBoxes$3,0002019-03-27
915492Crash in dawn_wire::server::Server::OnMapReadAsyncCallback-2019-03-27
915550Heap-use-after-free in content::BackgroundFetchContext::StartFetch-2019-03-27
915587Use-of-uninitialized-value in blink::MarkingVisitor::ConservativelyMarkAddress-2019-03-27
915783Security: Heap-use-after-free in TypedArray.toLocaleString$5,0002019-03-27
916288DCHECK failure in IsAssignmentContext() in pattern-rewriter.cc-2019-03-27
899689Security: Incorrect convexity assumptions in Skia leading to buffer overflows-2019-03-26
906333Use-of-uninitialized-value in mz_zip_entry_read_header-2019-03-26
912947Security: UAFs in PaymentRequest service-2019-03-26
912997Heap-use-after-free in media::AudioThreadHangMonitor::StartTimer-2019-03-26
913246WebRTC: Potential Use-after-free in VP8 Block Decoding (MFQE feature)$1,0002019-03-26
914615Bad-cast to dawn_wire::server::Serverdawn_wire::server::ForwardBufferMapReadAsync in dawn_native::BufferBase::~BufferBase-2019-03-24
914562Heap-use-after-free in gcm::GCMDriver::Shutdown-2019-03-24
914620Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2019-03-24
915299Crash in net_http_server_fuzzer-2019-03-24
905940OOB Write in ValueDeserializer::ReadDenseJSArray (Tian Fu Cup exploit)-2019-03-23
908358Heap-buffer-overflow in mov_read_trun-2019-03-23
913970UAP in blink::FileReaderLoader::OnStartLoading$3,0002019-03-23
912520Security: UAF in RenderFrameHostImpl::CreateMediaStreamDispatcherHost-2019-03-23
914020Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith-2019-03-23
914262Use-of-uninitialized-value in content::RenderFrameImpl::CommitNavigation-2019-03-23
915293Heap-use-after-free in content::RenderFrameImpl::CommitNavigation-2019-03-23
896838Heap-buffer-overflow in libX11.so.6-2019-03-22
904105quipper_perf_reader_read_fuzzer Crash in _fini-2019-03-22
906379Use-of-uninitialized-value in WebRtcIsacfix_PitchFilterCore-2019-03-22
910014Heap-use-after-free in aura::Env::last_mouse_location-2019-03-22
913807Heap-use-after-free in BadgeServiceImpl::ClearBadge-2019-03-22
913975Chrome tab crashes when a pattern containing a Hebrew character followed by 2 horizontal tabs and then another character is clicked.$1,0002019-03-22
914216Incorrect-function-pointer-type in base::OnceCallback<void-2019-03-22
914251Bad-cast to std::__1::__function::__base<void ()> from std::__1::__function::__func<void (*)(), std::__1::allocator<void (*)()>, void ()> in v8::base::CallOnceImpl-2019-03-22
914325Bad-cast to gl::Object from es2::Context in egl::Display::createContext-2019-03-22
914497QUIC proxying breaks end-to-end encryption$7,5002019-03-22
914697Heap-buffer-overflow in av_reallocp-2019-03-22
914699Heap-buffer-overflow in av_realloc_f-2019-03-22
914701Heap-buffer-overflow in ff_hNUMBER_packet_split-2019-03-22
914812Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void-2019-03-22
914820Use-of-uninitialized-value in v8::internal::compiler::Node::AppendUse-2019-03-22
901206Memcpy-param-overlap in av1_convolve_2d_copy_sr_sse2-2019-03-21
902427Permissions request clickjacking flaw report:$2,0002019-03-21
913232DCHECK failure in HasIncomingBackEdges(block) implies block_effects.For(block->PredecessorAt(0), b-2019-03-21
912504CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-03-21
913822DCHECK failure in !failed_ in asm-parser.cc-2019-03-21
914388CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2019-03-21
888310CrOS: Vulnerability reported in dev-libs/libxml2-2019-03-20
893395ASSERT: failed: expected exception __c_0, got RangeError: Array buffer allocation-2019-03-20
910098Heap-use-after-free in blink::AudioNodeOutput::RemoveInput-2019-03-20
912887CVE-2018-17972 CrOS: Vulnerability reported in Linux kernel-2019-03-20
912922Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void-2019-03-20
913212DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h-2019-03-20
883596Security: Skia missing reset fLastMoveToIndex in SkPath::transform() lead to out-of-bound-2019-03-19
896538Security: Skia fLastMoveToIndex wrong state-2019-03-19
902516Security: Lock Screen allows pasting of contents from locked session-2019-03-19
913296Security: V8: Incorrect type information on SpeculativeSafeIntegerSubtract$5,0002019-03-19
767635CSP inheritance to cross-origin navigated data URL allows cross-origin info leak$5002019-03-18
907937DCHECK failure in (pending_foreground_task_) == nullptr in module-compiler.cc-2019-03-18
912980Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException-2019-03-17
911416Security: SEGV_ACCERR in Symbol.prototype.description hash calc-2019-03-16
912600Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-16
912596Use-of-uninitialized-value in v8::internal::Simulator::FPCompare-2019-03-16
912601Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-16
912693Global-buffer-overflow in CreateECCBlock-2019-03-16
912646Use-of-uninitialized-value in dawn_native::DeviceBase::Release-2019-03-16
883265CrOS: Vulnerability reported in net-misc/curl-2019-03-15
904182Downloaded .desktop file execution in Linux-2019-03-15
907211Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId-2019-03-15
909865Security: iframe.contentWindow.location.href can bypass CSP for javascript URLs$1,0002019-03-15
910663Crash in Builtins_PromiseRejectReactionJob-2019-03-15
911907DCHECK failure in !is_running_microtasks_ in isolate.cc-2019-03-15
89453UXSS with empty SecurityOrigin$1,0002019-03-15
456518HTML parser may leave frame element in an incorrect state$7,5002019-03-15
906383Use-of-uninitialized-value in quic::QuicFramer::ProcessIetfFrameData-2019-03-14
906652Use-of-uninitialized-value in gpu::gles2::ContextState::InitState-2019-03-14
908829Crash in dawn_native::BufferBase::SetSubData-2019-03-14
910210In presence of NetworkService, AppCache may be used to bypass CORB-2019-03-14
911827Bad-cast to dawn_native::DeviceBase from invalid vptr in dawn_native::ValidatingDeviceRelease-2019-03-14
912125Heap-buffer-overflow in fxcrt::WideString::SetAt-2019-03-14
884511Security: ChromeOS root Command Execution$11,3372019-03-13
900386Use-of-uninitialized-value in SuperBlitter::blitH-2019-03-13
905542Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2019-03-13
906427Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-03-13
906837User can open browser in sign-in profile from captive profile dialog-2019-03-13
907278Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
907345Use-of-uninitialized-value in dawn_native::DeviceBase::Release-2019-03-13
907386Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
910223DCHECK failure in left != right in macro-assembler-arm.cc-2019-03-13
910903DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc-2019-03-13
910852Heap-use-after-free in spvtools::opt::VectorDCE::HasScalarResult-2019-03-13
911155Heap-use-after-free in dawn_native::DeviceBase::Release-2019-03-13
911686Heap-buffer-overflow in SuperBlitter::blitH-2019-03-13
831112CrOS: Vulnerability reported in net-misc/curl-2019-03-12
836148CSP should always inherit same-origin opener's CSP$5002019-03-12
894228CSP bypass with blob URL$1,0002019-03-12
901605CrOS: Vulnerability reported in media-libs/tiff-2019-03-12
905301Security: CSP does not propagate to blob: URIs$1,0002019-03-12
908207Security: CSP(Content-security-policy) vulnerabilities are not completely repaired in Chrome 70.0.3538.110 and can still be bypassed-2019-03-12
909990unknow memory write in v8-2019-03-12
905571Use-of-uninitialized-value in extensions::ChromeExtensionsBrowserClient::GetOriginalContext-2019-03-10
910480Heap-buffer-overflow in safe_browsing::PeImageReader::EnumCertificates-2019-03-10
910850CHECK failure: size <= elements()->length() || elements() == ReadOnlyRoots(isolate).empty_fixed-2019-03-10
867807Security: Symlinks on user-supplied file systems allow are risky-2019-03-09
898306Raw cookies are disclosed to cross-site renderer (in presence of DevTools and NetworkService)-2019-03-09
910593Crash in VisitPointersImpl<v8::internal::ObjectSlot>-2019-03-09
910632Crash in FromHeapObject-2019-03-09
910634Crash in MemCopy-2019-03-09
910662Crash in void v8::internal::EvacuateVisitorBase::RawMigrateObject<-2019-03-09
904265OOB operation in swiftshader's JIT$1,0002019-03-08
908834Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-03-08
909678CrOS: Vulnerability reported in net-vpn/strongswan-2019-03-08
909796Bad-cast to blink::StringResource8 from blink::ParkableStringResource8 in blink::V8Element::GetElementsByClassNameMethodCallback-2019-03-08
909976Heap-use-after-free in v8::internal::Scope::Snapshot::RestoreEvalFlag-2019-03-08
910247Global-buffer-overflow in blink::Element::HasPart-2019-03-08
884917shill privilege escalation-2019-03-07
895117Heap-use-after-free in hb_buffer_t::replace_glyphs-2019-03-07
903500Potential Use-After-Free in ui/accessibility/ax_tree.cc-2019-03-07
906436Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr-2019-03-07
906465Global-buffer-overflow in CBC_PDF417HighLevelEncoder::EncodeText-2019-03-07
907324Heap-buffer-overflow in v8::internal::wasm::WasmDecoder<1>::OpcodeLength-2019-03-07
907524Heap-use-after-free in content::ResolveProxyMsgHelper::OnProxyLookupComplete-2019-03-07
908749Security: WebGL heap-buffer-overflow in clearBufferuiv()$1,0002019-03-07
909609Use-after-poison in blink::V8Element::PartAttributeGetterCallbackForMainWorld-2019-03-07
908975DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc-2019-03-07
909613Use-after-poison in blink::Element::HasPart-2019-03-07
909643Use-after-poison in blink::PartNames::PartNames-2019-03-07
909656Crash in Builtins_TestEqualHandler-2019-03-07
909648Use-after-poison in blink::V8Element::PartAttributeGetterCallbackForMainWorld-2019-03-07
909691Crash in v8::internal::FunctionCallbackArguments::Call-2019-03-07
910042Use-after-poison in blink::AddToSet-2019-03-07
900910Multiple vulnerabilities in sqlite; Cast is 1 attack vector/target$10,3372019-03-06
904057Crash in Builtins_PromiseRejectReactionJob-2019-03-06
904368Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2019-03-06
904772Use-of-uninitialized-value in v8::internal::Factory::NewNumber-2019-03-06
907427Security: pdfium heap-use-after-free-2019-03-06
907430Security: pdfium SEGV on unknown address / wild jump$3,0002019-03-06
907479Use-of-uninitialized-value in v8::internal::CopyDoubleToObjectElements-2019-03-06
907714Debug check failed JSFunction::GetDerivedMap$1,0002019-03-06
908877DCHECK failure in obj->IsHashTable() || obj->IsPropertyArray() || obj->IsFixedArray() || obj->IsJS-2019-03-06
909588Crash in v8::internal::JSNumberFormat::set_locale-2019-03-06
805557Security: DevTools protocol clients (e.g. extensions) can read arbitrary local files via DOM.setFileInputFiles$2,0002019-03-05
873453CrOS: Vulnerability reported in dev-libs/openssl-2019-03-05
904167DCHECK failure in !IsSmi() == Internals::HasHeapObjectTag(ptr()) in objects.h-2019-03-05
906043Security: Tianfu CUP RCE-2019-03-05
907847Heap-buffer-overflow in shill::Nl80211Frame::Nl80211Frame-2019-03-05
908183Global-buffer-overflow in v8::internal::KeywordOrIdentifierToken-2019-03-05
908199Global-buffer-overflow in v8::internal::Scanner::ScanIdentifierOrKeywordInnerSlow-2019-03-05
908202Global-buffer-overflow in v8::internal::PerfectKeywordHash::Hash-2019-03-05
908231DCHECK failure in parse_lazily() implies allow_lazy_ in parser.cc-2019-03-05
908282Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int-2019-03-05
908292Security: heap-use-after-free in __tree_next_iter$5002019-03-05
908304Security: chrome.wallpaper and chrome.wallpaperPrivate issues$1,0002019-03-05
908495DCHECK failure in !AllowHeapAllocation::IsAllowed() in string-inl.h-2019-03-05
904026DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc-2019-03-04
904219Security: Sites can open extension pages using WindowClient.navigate$5002019-03-04
906305UAF in Network Service in CorsURLLoaderFactory-2019-03-04
907047Security: Possible to retrieve cross-origin image data from canvas$4,0002019-03-04
908234Global-buffer-overflow in CBC_ErrorCorrection::createECCBlock-2019-03-04
908309Unknown signal in Builtins_InterpreterEntryTrampoline-2019-03-04
908196DCHECK failure in !has_error() implies FunctionKind::kArrowFunction == next_arrow_function_kind_ i-2019-03-02
917897Security: beaconing users via Google Chrome's pdf viewer-2019-03-01
901801Security: Linux: mremap() TLB flush too late with concurrent ftruncate()-2019-03-01
903690Heap-use-after-free in mz_zip_path_compare-2019-03-01
904606DCHECK failure in 0 != kLiftoffAssemblerFpCacheRegs & reg.bit() in liftoff-register.h-2019-03-01
907575DCHECK failure in binop->op() == Token::COMMA in parser.cc-2019-03-01
907669DCHECK failure in !has_error() implies !next_arrow_formals_parenthesized_ in parser-base.h-2019-03-01
907813Bad-cast to media::DecoderFactory from GoogleURLLoaderThrottle in media::DefaultRendererFactory::CreateAudioDecoders-2019-03-01
907814Heap-use-after-free in media::DefaultRendererFactory::CreateAudioDecoders-2019-03-01
907815Bad-cast to media::DefaultRendererFactory from invalid vptr in base::internal::Invoker<base::internal::BindState<std::__1::vector<std::__1::unique_ptr<media::AudioDecoder, std::__1::default_delete<media::AudioDecoder> >, std::__1::allocator<std::__1::unique_ptr<media::AudioDecoder, std::__1::default_delete<media::AudioDecoder> > > >-2019-03-01
906457Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-02-28
906313redefine unconfiguable length attribute of array object$3,0002019-02-27
906349Incorrect-function-pointer-type in dawn_wire::server::Server::Server-2019-02-27
906391Crash in dawn_native::SwapChainBuilder::SetImplementation-2019-02-27
906893ASSERT: CSA_ASSERT failed: IsFastRegExpWithOriginalExec(context, regexp)-2019-02-26
906975Global-buffer-overflow in CBC_ErrorCorrection::createECCBlock-2019-02-26
906220DCHECK failure in index >= 0 in escape-analysis.cc-2019-02-25
906334Stack-use-after-scope in blink::ExpandEndToSentenceBoundary-2019-02-24
896114Use-of-uninitialized-value in blink::WorkletAnimation::UpdateCompositingState-2019-02-23
904093Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator-2019-02-23
905614CVE-2018-16658 CrOS: Vulnerability reported in Linux kernel-2019-02-23
906280Stack-use-after-scope in blink::ExpandEndToSentenceBoundary-2019-02-23
891521Uninitialized-read when constructing DnsResponse from DnsQuery-2019-02-22
894020CrOS: Vulnerability reported in media-libs/tiff-2019-02-22
899209CrOS: Vulnerability reported in media-libs/tiff-2019-02-22
903566DCHECK failure in array->HasFastPackedElements() in js-list-format.cc-2019-02-22
904241Security: Type confusion in blink::GetTypeExtension$5,0002019-02-22
904545Use-after-poison in v8::internal::BufferedCharacterStream<v8::internal::ExternalStringStream>::ReadB-2019-02-22
904655Crash in mz_stream_mem_read-2019-02-22
904736Bad-cast to std::__1::locale::__imp from std::__1::locale::__imp in ld-linux-x86-64.so.2-2019-02-22
904714heap-use-after-free on sw::Renderer::finishRendering$3,0002019-02-22
905587DCHECK failure in token.invalid_template_escape_message == MessageTemplate::kNone in scanner.cc-2019-02-22
905907DCHECK failure in (function_) == nullptr in scopes.cc-2019-02-22
904027Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2019-02-21
619166Universal XSS with global proxies, interceptors, and synchronous page loads$7,5002019-02-21
354123UXSS with Object.setPrototypeOf$5,0002019-02-21
590275Internal object leak in ModuleSystem::RequireForJsInner => Universal XSS$7,5002019-02-21
546677Universal XSS with SendRequestNatives::GetGlobal$7,5002019-02-21
601073Security: Universal XSS in extension bindings$7,5002019-02-21
504011Security: Cross-origin scripting possible via module system leak$7,5002019-02-20
901307CVE-2018-10902 CrOS: Vulnerability reported in Linux kernel-2019-02-20
903440Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::GetScrollableArea-2019-02-20
904138Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId-2019-02-20
904272Debug check failed in DefineClass-2019-02-20
904688Crash in blink::LocalDOMWindow::document-2019-02-20
904806Bad-cast to blink::DOMTimer from blink::TimerBase in blink::TraceTrait<blink::DOMTimer>::Trace-2019-02-20
902672CSA_ASSERT in Array.p.join-2019-02-19
902691Use-of-uninitialized-value in vp8_signed_char_clamp-2019-02-19
902621Use-of-uninitialized-value in blink::AXObjectCacheImpl::GetOrCreate-2019-02-18
903697CHECK failure: heap_->Contains(object) in heap.cc-2019-02-18
904036Use-of-uninitialized-value in blink::AXObjectCacheImpl::GetOrCreate-2019-02-18
903701Use-of-uninitialized-value in SkColorTypeToGrColorType-2019-02-17
881252Crash in v8::internal::Simulator::LoadStorePairHelper-2019-02-16
896326Crash in MemoryWrite<unsigned-2019-02-16
903245DCHECK failure in index >= 0 && index < this->capacity() in fixed-array-inl.h-2019-02-16
903586Use-after-poison in blink::SetWeakCallbackForGCObservation-2019-02-16
903790Bad-cast to blink::SVGPropertyBase from invalid vptr in blink::MarkingVisitor::Visit-2019-02-16
645211Security: Universal XSS using blink::HTMLMarqueeElement$7,5002019-02-16
516377UAF/DOM tree corruption in blink::ContainerNode::parserRemoveChild$7,5002019-02-16
464552Heap-use-after-free in blink::ContainerNode::attach$7,5002019-02-16
616225Security: Universal XSS in V8Console::memoryGetterCallback$7,5002019-02-16
896736Security: use-after-poison in blink::AsyncMethodRunner<class blink::MediaRecorder>::RunAsync$3,0002019-02-15
902608Crash in GetValueByObjectIndex-2019-02-15
902610Crash in Builtins_MovExtraWideHandler-2019-02-15
903070ASSERT: CSA_ASSERT failed: IsStrong(object)-2019-02-15
903231Use-of-uninitialized-value in send_delete_event-2019-02-15
543292Security: Integer type and overflow problems in crazy linker-2019-02-14
899126Security: malicious WPAD server can proxy localhost (leading to XSS in http://localhost:*/*)-2019-02-14
902395Security: bytecode-graph-builder values_[index] != builder()->jsgraph()->OptimizedOutConstant()-2019-02-14
902552DCHECK failure in AllowCodeDependencyChange::IsAllowed() in objects.cc-2019-02-14
902693Heap-use-after-free in mz_zip_entry_is_dir-2019-02-14
830177Presentation API doesn't show initiator info for opaque origin-2019-02-13
895336Security: Release the Kraken: New KRACKs in the 802.11 Standard-2019-02-13
895942CHECK failure: bcp47_length == parsed_length in intl-objects.cc-2019-02-13
901651Use-of-uninitialized-value in content::BlinkTestController::CompositeAllFramesThen-2019-02-13
901782Crash in mz_stream_mem_read-2019-02-13
902208Heap-use-after-free in views::InkDropHostView::OnMouseEvent-2019-02-13
897263Security: potential integer overflow in SkStreamBuffer.cpp-2019-02-12
900552Heap-use-after-free in CPDF_OCContext::CheckOCGVisible$3,0002019-02-12
901633ASSERT: CSA_ASSERT failed: Torque assert 'srcPos <= GetReceiverLengthProperty(sortState)-2019-02-12
901598Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2019-02-12
901944ASSERT: CSA_ASSERT failed: IntPtrOrSmiLessThanOrEqual( capacity, IntPtrOrSmiConstant(JSA-2019-02-12
901040Unknown signal in libv8.so-2019-02-11
883666Security: Skia integer-overflow in SkPathRef::resetToSize()-2019-02-09
884473Security: Skia heap-buffer-overflow in SkMaskBlurFilter::blur()-2019-02-09
901030Heap-buffer-overflow in bool WTF::TextCodecUTF8::HandlePartialSequence<unsigned short>$3,0002019-02-09
520275Chromium Prerender page is able to play voice synthesis audio before going to page-2019-02-08
890576heap buffer overflow in skia::SkTDPQueue::insert$3,0002019-02-08
898785ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2019-02-08
526404Security: events can be tracked inside PDF viewer for cross origin PDFs-2019-02-07
849421Security: IDN URL spoofing - "ଠ" can be used to spoof "o2.co.uk"-2019-02-07
891559Use-of-uninitialized-value in blink::AXObjectCacheImpl::ChildrenChanged-2019-02-07
891697Security: macOS: the option to "Allow JavaScript From Apple Events" can easily be activated by malicious apps.$5002019-02-07
896717Security: IDN URL Spoofing with U+02ec$5002019-02-07
896987Security: Skia heap-buffer-overflow in SkGenerateDistanceFieldFromA8Image-2019-02-07
899537Crash in v8::internal::interpreter::BytecodeGenerator::BuildVariableAssignment-2019-02-07
900087Bad-cast to content::RenderFrameHost from invalid vptr in content::BlinkTestController::CompositeNodeQueueThen-2019-02-07
900474Unknown signal in libv8.so-2019-02-07
900451Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2019-02-07
900560DCHECK failure in ok == (result != nullptr) in parser.cc-2019-02-07
892646Security: Gujarati digits could lead to idn spoof-2019-02-06
900133Security: assert 'value == Float64SilenceNaN(value)' failed at ../../src/builtins/array-reverse.tq:53:-2019-02-06
898147Security: Imageloader allows mounting of components over almost arbitrary file system paths-2019-02-05
899495DCHECK failure in (expression) != nullptr in parser.h-2019-02-05
900103Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-02-05
900104Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2019-02-05
896776Security: Skia: Out-of-bounds Read in src/codec/SkSwizzler$1,0002019-02-04
899464ASSERT: CSA_ASSERT failed: Word32Or(Word32Equal(var_unicode.value(), zero), Word32Equal(-2019-02-04
895081Security: Markup injection is possible in the Preview feature in the Developer Tools due to mishandling of URI encoded strings$5002019-02-02
895084CrOS: Vulnerability reported in dev-libs/libxml2-2019-02-02
899212CrOS: Vulnerability reported in dev-libs/libxml2-2019-02-02
899133DCHECK failure in success in pattern-rewriter.cc-2019-02-02
899294Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser-2019-02-02
893176Heap-buffer-overflow in translate-2019-02-01
897491ASSERT: mutex->__data.__owner == 0-2019-02-01
897510Heap-use-after-free in GrCCPathCache::find-2019-02-01
898343Security: Idn spoof checker not checking some domains properly-2019-02-01
898531Security: Use-after-free in CPWL_Wnd::Destroy$5,0002019-02-01
898936DCHECK failure in is_async implies classifier()->is_valid_async_arrow_formal_parameters() in parse-2019-02-01
896725Security: IDN URL Spoofing with U+0a24-2019-01-31
897413Heap-use-after-free in GrCCPathCache::purgeAsNeeded-2019-01-31
897512Security: assert 'srcPos <= GetReceiverLengthProperty(sortState) - length' at array-sort.tq:613:$1,0002019-01-31
898452Crash in SkTHashTable<GrCCPathCache::HashNode, GrCCPathCache::HashKey, GrCCPathCache::Has-2019-01-31
833847SameSite Lax bypass with multiple-nested scenarios$1,0002019-01-30
864286Stealing cross-origin video pixel with HLS$4,0002019-01-30
896722Security: IDN URL Spoofing with U+0a67-2019-01-30
897366DCHECK failure in *p != to_check_ in heap.cc-2019-01-30
897409Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2019-01-30
897404ASSERT: CSA_ASSERT failed: IntPtrOrSmiGreaterThan(capacity, IntPtrOrSmiConstant(0, mode)-2019-01-30
897436ASSERT: CSA_ASSERT failed: TaggedDoesntHaveInstanceType(value, JS_PROMISE_TYPE)-2019-01-30
897455Heap-buffer-overflow in SimplifyDebug-2019-01-30
897514ASSERT: CSA_ASSERT failed: Word32Equal(DecodeWord32<PropertyDetails::KindField>(details)-2019-01-30
897766DCHECK failure in next().location.beg_pos == static_cast<int>(position) in scanner.cc-2019-01-30
897815CHECK failure: start_position == start_position_from_data in preparsed-scope-data.cc-2019-01-30
897999Heap-use-after-free in Browser::~Browser-2019-01-30
898031Use-of-uninitialized-value in libgtkui::SelectFileDialogImplGTK::~SelectFileDialogImplGTK-2019-01-30
898455DCHECK failure in IrOpcode::kSpeculativeNumberEqual != node->opcode() in simplified-lowering.cc-2019-01-30
881247Fatal error related to field tracking-2019-01-29
892904Security: crosvm: integer overflow in PluginVcpu::handle_request$5,0002019-01-29
894399Security: window.location update methods don't always restrict access to local resources$2,0002019-01-29
897395Use-of-uninitialized-value in SkImageGenerator::queryYUVA8-2019-01-29
897110CSA_ASSERT failed: IsFastElementsKind(LoadElementsKind(array))$5002019-01-28
897439Crash in SkTHashTable<GrCCPathCache::HashNode, GrCCPathCache::HashKey, GrCCPathCache::Has-2019-01-28
882876Crash in _platform_memmove$VARIANT$Nehalem-2019-01-26
896986DCHECK failure in Token::ARROW == peek() in parser-base.h-2019-01-26
891187Security: heap-use-after-free in blink::AudioNodeOutput::Pull$3,0002019-01-25
896619Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>-2019-01-25
695474Broken prefetch links can exfiltrate adjacent page text$5002019-01-24
856135heap-use-after-free in ProfileCompare::operator()$5002019-01-24
863663Security:IDN url spoofing using U+0517(ԗ)-2019-01-24
895799DCHECK failure in isolate->context() == nullptr || isolate->context()->IsContext() in runtime-inte-2019-01-24
895885\u0909, \u0993 may lead to IDN URL Spoof-2019-01-24
895970Update expat to latest stable-2019-01-24
896117Bad-cast to pdfium::base::PartitionRootGeneric from invalid vptr in FPDF_InitLibraryWithConfig-2019-01-24
896206Heap-use-after-free in drivefs::DriveFsHost::MountState::OnMountEvent-2019-01-24
894812Security: Extensions can temporarily persist file access, even after it's been revoked-2019-01-23
895152Security: Heap-use-after-free in CJS_Document::get_info$5,0002019-01-23
895207Security: IDN URL Spoofing with U+10de-2019-01-23
721833Security: %2e in Set-Cookie domain attribute treated as equivalent to "."-2019-01-22
888318CVE-2018-10880 CrOS: Vulnerability reported in Linux kernel-2019-01-22
894673Heap-buffer-overflow in blink::ImageDecoderWrapper::Decode-2019-01-22
895009Negative-size-param in CFX_CodecMemory::Consume-2019-01-22
894934Stack-buffer-overflow in v8::internal::GenerateSourceString-2019-01-22
895048CHECK failure: marking_state_->IsBlackOrGrey(object) in mark-compact.cc-2019-01-22
895441DCHECK failure in kFullTransitionArray == encoding() in transitions.cc-2019-01-22
895199DCHECK failure in restriction_type.Is(info->restriction_type()) in simplified-lowering.cc-2019-01-21
895083Use-of-uninitialized-value in storage::DatabaseTracker::UpdateOpenDatabaseInfoAndNotify-2019-01-21
879544CVE-2018-13053 CrOS: Vulnerability reported in Linux kernel-2019-01-19
895026Heap-use-after-free in fxcrt::UnownedPtr<unsigned char const>::ProbeForLowSeverityLifetimeIssue-2019-01-19
851821Security: Chrome PDF reader has no restrictions/user confirmation on URI action-2019-01-18
866426Security: debugger extension API is too powerful-2019-01-18
894374[liftoff] [ia32] Debug check failed: !unpinned.is_empty()-2019-01-18
849942ServiceWorker circumvents same-origin restrictions for Audio$1,0002019-01-17
879512Heap-use-after-free in fxcrt::UnownedPtr<unsigned char>::ProbeForLowSeverityLifetimeIssue-2019-01-17
892598CVE-2018-10883 CrOS: Vulnerability reported in Linux kernel-2019-01-17
892643Stack-use-after-return in gpu::raster::ClientFontManager::Serialize-2019-01-17
888268Security: Open restriction url by google optimize-2019-01-16
799747CSP bypass with blob URL$1,0002019-01-15
839250Heap-use-after-free in content::ClipboardHostImpl::ReadText-2019-01-15
889459Security: remote code execution attack chain$1,0002019-01-15
890558Data URLs can be loaded on the top frame using iOS Mobile Chrome$5002019-01-15
893096[wasm] Code space management broken on windows-2019-01-14
892858Global-buffer-overflow in MemoryRead<unsigned-2019-01-14
850824Self-XSS via modal, window.open, and delayed navigation$2,0002019-01-12
870119Heap-buffer-overflow in translate-2019-01-12
843151use-after-poison in operator-> (from HTMLImportsController::Dispose)$5002019-01-11
878130Security: Samba CVEs were missed by Vomit, and an uprev is needed-2019-01-11
878353CVE-2018-13406 CrOS: Vulnerability reported in Linux kernel-2019-01-11
884932Extensions can intercept sensitive browser initiated requests-2019-01-11
889724Upstart variable import filtering doesn't work correctly-2019-01-11
891210Security: Use-after-free in CFFL_FormFiller::KillFocusForAnnot$3,0002019-01-11
892026Crash in AtomicallySetQuarantineFlagIfAllocated-2019-01-11
892472DCHECK failure in code->kind() == Code::OPTIMIZED_FUNCTION in frames.cc-2019-01-11
874397Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2019-01-10
877791CHECK failure: it->second == vreg in register-allocator-verifier.h-2019-01-10
881659Security: URL Spoofing via Bidirectional Domain Names$2,0002019-01-10
888321CVE-2018-14609 CrOS: Vulnerability reported in Linux kernel-2019-01-10
891627CHECK failure: NumberModulus of kRepWord32 ((MinusZero | Range(-1, 0))) cannot be changed to kR-2019-01-10
891668CVE-2018-10901 CrOS: Vulnerability reported in Linux kernel-2019-01-10
848521Security: Heap overflow write in SkEdgeBuilder::buildPoly-2019-01-09
886976Security: Site Isolation bypass using Blob URL$8,0002019-01-08
888001Security: Site Isolation bypass using FileSystem URL$5002019-01-08
888319CVE-2018-10881 CrOS: Vulnerability reported in Linux kernel-2019-01-08
888315CVE-2018-10877 CrOS: Vulnerability reported in Linux kernel-2019-01-08
888329CVE-2018-14617 CrOS: Vulnerability reported in Linux kernel-2019-01-08
889448Security: Integer overflow in Linux's create_elf_tables()-2019-01-08
890553DCHECK failure in (function_) == nullptr in scopes.cc-2019-01-08
882270Security: url spoofing using 304 status code$5002019-01-08
864283Stealing cross-origin video pixel with HLS$4,0002019-01-08
890609CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (object->IsTransitionArray()) in tran-2019-01-07
888312CVE-2017-2618 CrOS: Vulnerability reported in Linux kernel-2019-01-05
888366heap-use-after-free on incontent::RenderFrameHostImpl::AudioContextPlaybackStarted(int)$5,5002019-01-05
889450Security: potential local priviledge escalation bug in vmacache code-2019-01-05
877843Heap-buffer-overflow in rtc::BitBuffer::PeekBits-2019-01-04
880665Heap-use-after-free in base::debug::TaskAnnotator::RunTask-2019-01-04
888320CVE-2018-10882 CrOS: Vulnerability reported in Linux kernel-2019-01-04
888678Heap-use-after-free in content::KeyboardLockServiceImpl::GetKeyboardLayoutMap-2019-01-04
888926Security: UaF in Appcache-2019-01-04
606104Chrome for Android - Modal dialog being executed after window.open is called allows for URL Spoofing$2,0002019-01-03
884778dc: add a --sandbox flag-2019-01-03
888923Security: Chrome RCE-2019-01-03
889441Use-of-uninitialized-value in blink::LocalFrameUkmAggregator::RecordPrimarySample-2019-01-03
817851CUPS: eliminate use of symlink in /var/spool/cups-2019-01-02
887273Security:Chrome URL Spoofing in Omnibox$3,0002019-01-02
886753Security: use-after-poison in MarkSheetListDirty$3,0002019-01-02
888299CHECK failure: !maybe_skeleton.FromJust().empty() in js-date-time-format.cc-2019-01-02
888825DCHECK failure in byte_data_->size() % ByteData::kSkippableFunctionDataSize == ByteData::kPlacehol-2019-01-02
882423Security: Skia heap use-after-freed in SkPath::addPath$1,0002019-01-01