Avatar of this page

Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public.

Bugs can also be followed on Twitter: @BugsChromium or Mastodon.

Bugs disclosed in 2019

Options
# Summary $$$ Disclosure date
961540 Heap-buffer-overflow in courgette::DisassemblerElf32ARM::ParseRelocationSection - 2019-12-31
981628 Security: URL in Omnibox doesn't always match page content (repro 897641) $1000 2019-12-31
1001283 CSP bypass with about:srcdoc $3000 2019-12-31
1006670 v8_regexp_parser_fuzzer: Crash in v8::base::SmallVector<int, 64u>::Grow - 2019-12-31
1006630 CHECK failure: filter.IsValid(slot.address()) in mark-compact.cc - 2019-12-30
442579 It's possible to load chrome-extension:// URLs $500 2019-12-28
922433 CrOS: Vulnerability reported in app-text/poppler - 2019-12-28
922434 CrOS: Vulnerability reported in app-text/poppler - 2019-12-28
953298 Extension permission bypass by poisoning bookmarks with javascript url(Bookmarklet) - 2019-12-27
990779 CrOS: Vulnerability reported in x11-libs/pango - 2019-12-27
998431 Security: Accessing set::end in GamepadService $15000 2019-12-27
1004730 Security: UaF in MojoAudioDecoder (Android) $15000 2019-12-27
929621 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-12-26
1005599 Crash in Builtins_InterpreterEntryTrampoline - 2019-12-26
966914 Security: Possible to spoof the contents of the omnibox to display any http/https URL, some extension URLs and some internal URLs $3000 2019-12-25
977043 Heap-buffer-overflow in ash::ShelfView::LayoutOverflowButton - 2019-12-25
998284 Security: Possible to temporarily spoof URL by navigating back then forward $1000 2019-12-25
1003241 DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in - 2019-12-25
1003336 CVE-2019-15926 CrOS: Vulnerability reported in Linux kernel - 2019-12-25
1003337 CVE-2019-15927 CrOS: Vulnerability reported in Linux kernel - 2019-12-25
1004912 CHECK failure: Type cast failed in CAST(CallBuiltin(Builtins::kToName, p->context(), p->name()) - 2019-12-25
1003730 CHECK failure: Object is not known to the heap broker in js-heap-broker.cc - 2019-12-23
985451 Security: Secuirty crash in TabAnimation::operator - 2019-12-21
1001818 Bad-cast to blink::LayoutBox from invalid vptr in blink::NGBlockNode::CopyChildFragmentPosition - 2019-12-21
979441 Security: Navigating to "chrome://" URLs on Android $500 2019-12-20
1003327 CVE-2019-15917 CrOS: Vulnerability reported in Linux kernel - 2019-12-20
1003331 CVE-2019-15921 CrOS: Vulnerability reported in Linux kernel - 2019-12-20
955191 Disk cache refcount overflows? - 2019-12-19
1000922 Crash in pthread_create - 2019-12-19
1002388 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio - 2019-12-19
1002687 Security: Idn-spoof with using CJK character skeletons - 2019-12-19
1003140 Bad-cast to blink::ScriptWrappable from blink::NavigatorGeolocation in blink::FinalizerTrait<blink::ScriptWrappable>::Finalize - 2019-12-19
1003341 CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar - 2019-12-19
990849 Leaking size of cross-origin resource by using Range Requests and Service Workers $2000 2019-12-18
991568 Security: forced redirection from cross-origin iframe $3000 2019-12-18
996786 Check cookie domain on setting cookies - 2019-12-18
1001159 pdfium: oob read in PDF_DecodeText $2000 2019-12-18
803187 Security: Interstitials WebUI should have a stricter CSP - 2019-12-17
840180 Address Bar Spoofing when spoofing target is NOT a top domain but a related domain is in the top list (e.g. adidas.de vs adidas.com ) - 2019-12-17
961651 CrOS: Vulnerability reported in net-libs/gnutls - 2019-12-17
995964 Security: UAF in InProcessVideoCaptureDeviceLauncher $20000 2019-12-17
997401 CHECK failure: U_SUCCESS(status) in intl-objects.cc - 2019-12-17
999793 CrOS: Vulnerability reported in media-libs/tiff - 2019-12-17
1000002 Security: OfflinePageAutoFetcher UAF 2 $20000 2019-12-17
1000882 Security: Regression : 'Press Esc to exit fullscreen' warning doesn't display $3000 2019-12-17
1000934 Security: Heap-use-after-free in SharingDialogView::WindowClosing() $15000 2019-12-17
1001804 CHECK failure: AllowJavascriptExecution::IsAllowed(isolate) in execution.cc - 2019-12-17
999118 CVE-2019-15213 CrOS: Vulnerability reported in Linux kernel - 2019-12-14
982326 ChromeVox extension injects attacker-controlled scripts and requests attacker-controlled URLs $5000 2019-12-13
1000635 Security: Use After Free in the function JavaScriptFrame::Summarize $7500 2019-12-13
931894 Security: http authentication spoof on chrome iOS $1000 2019-12-12
988590 Overflow of the transform scale CSS property freezes/crashes the renderer allowing cross-origin content spoofing $500 2019-12-12
994044 Security: URL bar spoofing with using a file:/// URL $500 2019-12-12
996741 Security: Site Isolation bypass and local file disclosure via Payment Handler API - 2019-12-12
1000563 Heap-use-after-free in ash::OverviewHighlightController::OnViewDestroyingOrDisabling - 2019-12-12
696454 Security: Filesystem dialog box to cover the self-window and no origin for spoof $1000 2019-12-11
760855 Security: Address bar RTL spoofing using hebrew $500 2019-12-11
859349 Security: Confused deputy attack against Chrome Android application might lead to internal storage file disclosure $1000 2019-12-11
991321 Security: use-after-poison in blink::VideoTrackRecorder::InitializeEncoder $5000 2019-12-11
997403 Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed - 2019-12-11
998395 Heap-use-after-free in blink::NGOffsetMappingUnit::AssertValid - 2019-12-11
998548 Security: UaF in ImageCapture $20000 2019-12-11
999469 Crash in blink::NonSharedCharacterBreakIterator::Next - 2019-12-11
999760 Security: Tab sharing UI crash $500 2019-12-11
1000050 ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::StartPacketRecovery - 2019-12-11
1000167 Crash in blink::NonSharedCharacterBreakIterator::IsCRBeforeLF - 2019-12-11
1000217 Security: Potential UAF in Isolate::ReportPendingMessagesImpl - 2019-12-11
996751 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-12-09
997449 Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject - 2019-12-09
999463 Stack-use-after-scope in viz::LocalSurfaceId::parent_sequence_number - 2019-12-08
998196 Global-buffer-overflow in content::WebWidgetLockTarget::OnLockMouseACK - 2019-12-07
999497 Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged - 2019-12-07
937131 Feature Policy 'allow' attribute can override top-level policy in frames - 2019-12-06
979443 Security: URL bar spoofing via download redirect $2000 2019-12-06
997925 Security: Possible to retrieve cross-origin data in certain cases using devtools custom formatters $500 2019-12-06
998679 Security: Crash in content::`anonymous namespace'::OnInstallPaymentApp $10000 2019-12-06
999470 Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged - 2019-12-06
972463 Security: Multiple vulnerabilities in chromeos-disk-firmware.sh $1000 2019-12-05
996391 v8_regexp_parser_fuzzer: DCHECK failure in index < length_ in vector.h - 2019-12-05
998127 Crash in blink::ScriptState::From - 2019-12-05
998204 Crash in v8::internal::LoopChoiceNode::Accept - 2019-12-05
999005 Heap-buffer-overflow in blink::NGInlineNodeDataEditor::Run - 2019-12-05
982812 CSS injection in any website using Color Enhancer extension $2000 2019-12-04
986751 UAP in blink::PersistentBase - 2019-12-04
997982 Crash in v8::internal::GlobalHandles::CreateTraced - 2019-12-04
998215 Crash in v8::internal::MarkCompactCollector::IsUnmarkedHeapObject - 2019-12-04
998322 Crash in v8::HandleScope::CreateHandle - 2019-12-04
997440 Crash in v8::internal::Simulator::WriteW - 2019-12-03
998093 Bad-cast to blink::Nodeblink::Node::GetRegisteredMutationObserversOfType in blink::MutationObserverInterestGroup::CreateIfNeeded - 2019-12-03
1005713 Security: Parser bug can introduce mXSS and HTML sanitizers bypass - 2019-12-02
997411 CHECK failure: (map().has_fast_smi_or_object_elements() || map().has_frozen_or_sealed_elements( - 2019-12-01
997421 DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr - 2019-12-01
987205 Unknown signal in Builtins_JSEntryTrampoline - 2019-11-30
995712 Security: PDFium (XFA) Use-after-free in CFWL_PushButton::OnKeyDown $7500 2019-11-30
996515 Use-of-uninitialized-value in OmniboxViewViews::HandleKeyEvent - 2019-11-30
996526 Heap-use-after-free in AutocompleteMatch::IsTabSwitchSuggestion - 2019-11-30
996571 Heap-buffer-overflow in AutocompleteMatch::IsTabSwitchSuggestion - 2019-11-30
997190 Security: UaF in MediaSession, Android only $20000 2019-11-30
901789 Security: Same origin policy bypass via 401 page - 2019-11-29
915538 Security: Origin header-based CSRF protection bypass $500 2019-11-29
990223 CHECK failure: status == CompilationJob::SUCCEEDED in function-compiler.cc - 2019-11-29
993553 Security: PDFium (XFA) Use-after-free in CJX_HostPseudoModel::openList $9500 2019-11-29
997057 Heap-use-after-free in v8::internal::compiler::ConstantFoldingReducer::Reduce - 2019-11-29
595841 Require browser process interaction to open files from chrome://downloads - 2019-11-28
756825 Chrome automatically downloads certain files even though the "Ask before downloading" option is enabled $500 2019-11-28
769662 Security: openvpn - CVE-2017-12166: out of bounds write in key-method 1 - 2019-11-28
839239 Security: Fullscreen notification can be obscured by external protocol prompt - 2019-11-28
875178 Security: spoof google via onbeforeunload of ssl error page - 2019-11-28
988024 config_validator_fuzzer: Heap-buffer-overflow in parse_file - 2019-11-28
988025 config_validator_fuzzer: Use-of-uninitialized-value in krb5int_aes_enc_key - 2019-11-28
989078 Reading local files and cross-origin resources through an extension that only has the "downloads" permission $2000 2019-11-28
992838 Security: URL bar spoofing on Android with a very long URL $3000 2019-11-28
995709 Heap-use-after-free in blink::AutoplayPolicy::IsDocumentAllowedToPlay - 2019-11-28
996211 gpu_raster_passthrough_fuzzer: Use-of-uninitialized-value in SkDescriptor::isValid - 2019-11-28
992914 Security: v8 Map migration doesn't respect element kinds changes, leading to type confusion - 2019-11-27
995591 IndexedDB: GetDatabaseInfo() should check AllowIndexedDB() before issuing a request to the browser - 2019-11-27
996099 DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr - 2019-11-27
992808 Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::DoDelete - 2019-11-26
995010 Heap-use-after-free in chromeos::device_sync::CryptAuthGCMManagerImpl::~CryptAuthGCMManagerImpl - 2019-11-26
967780 Security: Code run by redirecting same-origin download to a javascript: URL gains user activation and bypasses CSP $1000 2019-11-25
993288 Security: Possible to read cross-origin data using debug console utility function - 2019-11-25
994203 spvtools_opt_performance_fuzzer: Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand - 2019-11-25
994248 spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::opt::StructuredCFGAnalysis::AddBlocksInFunction - 2019-11-25
995071 spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator - 2019-11-25
995114 Use-of-uninitialized-value in blink::NGBlockLayoutAlgorithm::ComputeChildData - 2019-11-25
995275 DCHECK failure in nexus.IsMegamorphic() || nexus.GetFeedback().IsCleared() in js-heap-broker.cc - 2019-11-25
925791 Security: PDFium Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight $1000 2019-11-23
977527 sequence_manager_fuzzer: Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr - 2019-11-23
980183 Unknown signal in Builtins_ArrayPrototypeFindIndex - 2019-11-23
990635 CVE-2018-20856 CrOS: Vulnerability reported in Linux kernel - 2019-11-23
991125 Security: Privilege Elevation via Google Chrome Elevation Service $5000 2019-11-23
993771 Security: pdfium XFA m_pFocusWidget Use After Free $5000 2019-11-23
994086 Crash in sw::Renderer::executeTask - 2019-11-23
994089 Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste - 2019-11-23
984386 Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc - 2019-11-22
882812 Security: fullscreen notification spoof (registerProtocolHandler) $1000 2019-11-21
990582 DCHECK failure in maybe_table.IsSourcePositionTableWithFrameCache() in code.cc - 2019-11-21
993223 Security: Heap-use-after-free in payments::PaymentRequestSheetController::UpdateHeaderView $5000 2019-11-21
977871 vtest_fuzzer: Crash in try_setup_line - 2019-11-20
986043 Security: Malicious Extension can ignore SOP, with only `downloads` permission. $3000 2019-11-20
992389 Crash in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char> - 2019-11-20
993266 blink_png_decoder_fuzzer: Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable - 2019-11-20
993474 CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar - 2019-11-20
993601 Security: PurpleWolf HTTP/2 denial of service attacks - 2019-11-20
978793 UAP in UpdatePlaceholderImage $5500 2019-11-19
986211 Heap-buffer-overflow in net::SpdyReadQueue::Dequeue - 2019-11-19
992844 Crash in sw::Renderer::executeTask - 2019-11-19
992679 Crash in blink::HeapHashTableBacking<WTF::HashTable<WTF::LinkedHashSetNode<blink::WeakMem - 2019-11-18
992688 Use-of-uninitialized-value in Cr_z_crc32_z - 2019-11-18
992703 Use-of-uninitialized-value in Cr_z_crc32_sse42_simd_ - 2019-11-18
991328 Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork - 2019-11-17
981492 UAP in SetDispatchContext $3000 2019-11-16
984811 Use-after-free inside CFX_SkiaDeviceDriver::Flush() when SkiaPaths is enabled - 2019-11-16
992285 Security: use-after-free in payment app $500 2019-11-16
991085 Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage - 2019-11-15
991901 Crash in void v8::internal::MarkCompactCollector::ProcessMarkingWorklistInternal< - 2019-11-15
960305 Security: storage estimate allows obtaining size of cached cross-origin resource $500 2019-11-14
986393 Security: Possible to leak global window object via console $500 2019-11-14
987502 Security: Possible to leak exceptions across contexts via devtools - 2019-11-14
991446 Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPaintFragment::PopulateDescendants - 2019-11-14
973928 Heap-use-after-free in password_manager::PasswordReuseDetectionManager::OnPaste - 2019-11-13
981597 Pointer lock propagates user activation to sandboxed frame - 2019-11-13
989305 Bad-cast to blink::LayoutBoxModelObject from invalid vptr in blink::LayoutBlockFlow::AddOverhangingFloats - 2019-11-13
990222 content_security_policy_fuzzer: Crash in qos_class_main - 2019-11-13
929763 Security: BT classic MITM 1-byte key length negotiation - 2019-11-12
989497 Security: URL bar spoofing on iOS (with SlimNav ON) $3000 2019-11-12
989742 Crash in blink::NGExclusionSpaceInternal::DerivedGeometry::FindLayoutOpportunity - 2019-11-12
990590 Heap-use-after-free in content::IndexedDBContextImpl::DatabaseDeleted - 2019-11-12
956420 CrOS: Vulnerability reported in media-libs/tiff - 2019-11-11
986063 Security: Calling console utility functions causes data to be shared between contexts $500 2019-11-11
989909 Accessors created from FunctionTemplate have the wrong native context - 2019-11-11
921561 CrOS: Vulnerability reported in net-wireless/hostapd - 2019-11-08
946633 Security: Download dialog spoofing $500 2019-11-08
984344 V8 Invalid Read in v8::internal::HeapObject::IsHeapNumber $2000 2019-11-08
985758 Bad-cast to blink::WebView from invalid vptr in test_runner::TestRunner::FinishTestIfReady - 2019-11-08
986007 gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize - 2019-11-08
986029 transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize - 2019-11-08
986792 UAF in blink::ImageBitmapFactories::ImageBitmapLoader::DecodeImageOnDecoderThread $7500 2019-11-08
989827 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2019-11-08
863661 Security:IDN url spoofing using U+4e00 $500 2019-11-06
977989 Security: pdfium heap-use-after-free in CXFA_ItemLayoutProcessor::InsertFlowedItem $500 2019-11-06
981618 CrOS: Vulnerability reported in dev-libs/glib - 2019-11-06
988241 Security DCHECK failure: !object || (object->IsBox()) in layout_box.h - 2019-11-06
988541 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2019-11-06
989471 CVE-2007-6762 CrOS: Vulnerability reported in Linux kernel - 2019-11-06
989472 CVE-2010-5331 CrOS: Vulnerability reported in Linux kernel - 2019-11-06
989473 CVE-2010-5332 CrOS: Vulnerability reported in Linux kernel - 2019-11-06
989474 CVE-2018-20784 CrOS: Vulnerability reported in Linux kernel - 2019-11-06
994957 Security: buffer OOB *read* in libc++ random - 2019-11-05
866162 Security: IDN URL Spoofing with Greek Letter - 2019-11-05
927150 Security: 'Press Esc to exit fullscreen' covered up by <select> - 2019-11-05
982397 PDFium (XFA) Use-after-free in CPDFSDK_XFAWidgetHandler::OnXFAChangedFocus $5500 2019-11-05
987956 CVE-2019-13272 CrOS: Vulnerability reported in Linux kernel - 2019-11-05
988304 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-11-05
988858 [IndexedDB] Prevent using uninitialized memory in IndexedDBBackingStore - 2019-11-05
988919 DCHECK failure in loop_node_->EatsAtLeast(true) >= continue_node_->EatsAtLeast(true) in regexp-com - 2019-11-05
972030 CrOS: Vulnerability reported in dev-libs/glib - 2019-11-04
868846 Security: URL spoof using CJK combining character (U+3099 U+309A) $1000 2019-11-02
987270 audio_decoder_fuzzer: Use-of-uninitialized-value in wav_parse_bext_string - 2019-11-02
973360 Use-after-free in WasmMemoryObject::Grow $5000 2019-11-01
980161 Security: PDFium (XFA) Use-after-free in CPDFSDK_AnnotHandlerMgr::GetNextAnnot $5500 2019-11-01
983147 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-11-01
987507 rtcp_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned int, 4u, false>::Get - 2019-11-01
964938 Use-of-uninitialized-value in ui::SolveLeastSquares - 2019-10-31
987381 Use-of-uninitialized-value in media_session::MediaPosition::operator== - 2019-10-31
939108 Isolate chrome.google.com from *.google.com $500 2019-10-30
973228 Heap-use-after-free in dawn_wire::server::Server::DoBufferUpdateMappedData - 2019-10-30
986754 UAP in IsEmptyValue - 2019-10-30
987106 Use-of-uninitialized-value in net::HostResolverManager::RecordTotalTime - 2019-10-30
968451 Security: http authentication spoof (repro issue 928974) - 2019-10-29
984536 sqlite3_lpm_fuzzer: Heap-buffer-overflow in sqlite3VdbeExec - 2019-10-29
984650 sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip - 2019-10-29
985546 sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3CompareAffinity - 2019-10-29
985646 Heap-use-after-free in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints - 2019-10-29
985781 pdfium_xfa_fuzzer: Heap-buffer-overflow in fxcrt::RetainPtr<fxcrt::StringDataTemplate<wchar_t> >::RetainPtr $5000 2019-10-29
986008 Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints - 2019-10-29
986064 Security: pdfium XFA CJX_Object::SetContent Use After Free $5000 2019-10-29
986262 CVE-2019-13233 CrOS: Vulnerability reported in Linux kernel - 2019-10-29
548273 Type confusion in ObjectBackedNativeHandler::Router $5000 2019-10-28
981873 Security: UAF in ~LevelDBIteratorImpl - 2019-10-27
984475 sqlite3_lpm_fuzzer: Crash in estimateIndexWidth - 2019-10-27
925269 Use-of-uninitialized-value in TIFFYCbCrtoRGB - 2019-10-26
981608 spvtools_opt_performance_fuzzer: Heap-use-after-free in spvtools::opt::InlinePass::IsInlinableFunctionCall - 2019-10-26
981609 spvtools_opt_performance_fuzzer: Bad-cast to spvtools::opt::Instruction from invalid vptr in spvtools::opt::BasicBlock::id - 2019-10-26
983938 Heap-use-after-free in gpu::gles2::Texture::ClearRenderableLevels - 2019-10-26
984868 Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage - 2019-10-26
984890 Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::TraceRoot<blink::ImageDownloaderBase> - 2019-10-26
985302 Bad-cast to blink::ImageDownloaderBase from blink::ResponseBodyLoader in blink::MultiResolutionImageResourceFetcher::OnURLFetchComplete - 2019-10-26
847035 Security: Chrome for iOS (CVE-2017-5385) HTML documents sent with multipart/x-mixed-replace ignores Referrer-Policy response header - 2019-10-25
981569 spvtools_opt_legalization_fuzzer: Heap-use-after-free in spvtools::opt::BasicBlock::id - 2019-10-25
983867 Security: Use-after-free in CPDFSDK_ActionHandler::ExecuteFieldAction $5000 2019-10-25
984809 dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::IsArrayLayerValidForTextureViewDimension - 2019-10-25
985337 CVE-2019-10639 CrOS: Vulnerability reported in Linux kernel - 2019-10-25
896533 Security: IDN URL Spoofing with Georgian Letter Jil "ძ" $500 2019-10-24
984521 Security: UAF due to double call to IndexedDBConnection::Close - 2019-10-24
984917 CVE-2019-10638 CrOS: Vulnerability reported in Linux kernel - 2019-10-24
882363 Security: fullscreen notification overlap $1000 2019-10-23
950027 Incorrect-function-pointer-type in google::protobuf::internal::AddDescriptorsImpl - 2019-10-23
971408 Have secure context checks in browser side code of Native File System API - 2019-10-23
974354 GpuMemoryBufferImplIOSurface doesn't validate handle - 2019-10-23
977462 Security: UAF in OfflinePageAutoFetcher::CancelSchedule $10000 2019-10-23
981291 net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ParsePriorityFrame - 2019-10-23
981785 UAF in PDFium due to incorrect ref count $3000 2019-10-23
982648 net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType - 2019-10-23
983775 Security: heap-use-after-free in blink::LayoutBlockFlow::AddChild - 2019-10-23
983785 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsAnonymousBlock - 2019-10-23
983850 Crash in v8::internal::Simulator::LoadStorePairHelper - 2019-10-23
983856 Heap-use-after-free in blink::LayoutBox::SplitAnonymousBoxesAroundChild - 2019-10-23
983865 Heap-use-after-free in blink::LayoutBlockFlow::AddChild - 2019-10-23
983970 Heap-use-after-free in blink::LayoutBoxModelObject::MoveChildTo - 2019-10-23
821194 Use SHA256 for instance IDs - 2019-10-22
921984 CrOS: Vulnerability reported in app-text/qpdf - 2019-10-22
949032 Security: Use-after-free in CXFA_FFWidget::OnKillFocus $3000 2019-10-22
968914 this.print() should required a user gesture - 2019-10-22
980226 Crash in Builtins_GetPropertyWithReceiver - 2019-10-22
961513 Heap-buffer-overflow in Json::Reader::readArray - 2019-10-20
983344 flexfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::XorPayloads - 2019-10-20
983351 forward_error_correction_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<rtc::RefCountedObject<rtc::BufferT<unsigned char, false> > >: - 2019-10-20
983356 ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned short, 2u, false>::ReadBigEndian - 2019-10-20
983385 forward_error_correction_fuzzer: Bad-cast to rtc::RefCountedObject<rtc::BufferT<unsigned char, false> >rtc::CopyOnWriteBuffer::CloneDataIfReferenced in unsigned char* rtc::CopyOnWriteBuffer::data<unsigned char, - 2019-10-20
983400 flexfec_receiver_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<webrtc::ForwardErrorCorrection::Packet>::~scoped_refptr - 2019-10-20
983767 Use-of-uninitialized-value in media::MediaMetricsProvider::GetUMANameForAVStream - 2019-10-20
983768 Use-of-uninitialized-value in = - 2019-10-20
983773 mediasource_WEBM_VP8_pipeline_integration_fuzzer: Use-of-uninitialized-value in media::operator== - 2019-10-20
977107 UAP in offline audio context $3000 2019-10-19
980475 Security: WebAssembly Table.Copy lead to OOB Write $7500 2019-10-18
980672 ipp_message_parser_fuzzer: Heap-buffer-overflow in libcups.so.2 - 2019-10-18
981234 Heap-use-after-free in libswiftshader_libGLESv2.dylib - 2019-10-18
981381 ipp_message_parser_fuzzer: Heap-buffer-overflow in ipp_converter::ConvertIppToMojo - 2019-10-18
981385 Crash in _platform_memmove$VARIANT$Nehalem - 2019-10-18
981573 Use-of-uninitialized-value in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints - 2019-10-18
981585 heap-use-after-free : blink::CanvasResourceProviderSharedImage::WillDraw - 2019-10-18
981590 Crash in _platform_memmove$VARIANT$Nehalem - 2019-10-18
982153 Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints - 2019-10-18
982530 Incorrect optimization causes memory corruption - 2019-10-18
982805 Crash in _platform_memmove$VARIANT$Nehalem - 2019-10-18
983137 Security: PDFium Bad cast in ToNode in cxfa_object.cpp $5000 2019-10-18
983293 Use-of-uninitialized-value in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed - 2019-10-18
837936 Security: Probing JS bytecode cache allows timing attack - 2019-10-17
969285 CrOS: Vulnerability reported in net-misc/curl - 2019-10-17
979187 CrOS: Vulnerability reported in dev-libs/expat - 2019-10-17
979373 Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in layout_bl - 2019-10-17
980292 Crash in Builtins_GetPropertyWithReceiver - 2019-10-17
982768 pdfium_fuzzer: Use-of-uninitialized-value in float const& pdfium::clamp<float> - 2019-10-17
982828 Security: heap-use-after-free in ~CPDFSDK_XFAWidget() (ProbeForLowSeverityLifetimeIssue) - 2019-10-17
977341 heap-use-after-free : GrTextBlobCache::purgeStaleBlobs - 2019-10-16
979902 pdf_codec_tiff_fuzzer: Negative-size-param in _TIFFmemcpy - 2019-10-16
980168 DCHECK failure in !new_map->has_frozen_or_sealed_elements() in js-objects.cc - 2019-10-16
981232 Crash in blink::PointerLockController::DidLosePointerLock - 2019-10-16
981459 Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutNGBlockFlow in blink::ToLayoutEmbeddedContent - 2019-10-16
951487 Security: Two autocomplete flaws STILL allow stealing credit card numbers $3337 2019-10-15
980891 Security: CSA_ASSERT failed: IsRegularHeapObjectSize(size_in_bytes) - 2019-10-15
981202 Security: Memory corruption in BrowserList::NotifyBrowserNoLongerActive(Browser*) () $500 2019-10-15
981528 Security: PDFium (XFA) Use-after-free in CPDFSDK_Widget::HasXFAAAction $5000 2019-10-15
981602 Heap-use-after-free in blink::InlineFlowBox::DeleteLine - 2019-10-15
971550 Crash in qos_class_main - 2019-10-12
979923 Use-of-uninitialized-value in blink::NGOffsetMapping::GetLastPosition - 2019-10-12
979972 Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex - 2019-10-12
980448 Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex - 2019-10-12
980450 Crash in blink::FindBuffer::FindMatchInRange - 2019-10-12
980816 OOB in SwiftShader textureSize $2000 2019-10-12
980843 Sig11 in wasm $500 2019-10-12
981412 Container-overflow in CPDF_DeviceCS::GetRGB - 2019-10-12
977926 Heap-use-after-free in blink::LargeTextFirst $3500 2019-10-10
979023 DCHECK failure in number_of_own_descriptors > 0 in map-inl.h - 2019-10-10
980422 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-10-10
980811 devtools_protocol_encoding_cbor_fuzzer: Heap-buffer-overflow in inspector_protocol_encoding::json::JSONEncoder<std::__Cr::basic_string<char, std - 2019-10-10
937587 Heap-buffer-overflow in libcups.so.2 - 2019-10-09
937662 Use-of-uninitialized-value in ipp_converter::ConvertIppToMojo - 2019-10-09
937664 Use-of-uninitialized-value in ippReadIO - 2019-10-09
976753 Security: heap-buffer-overflow in CFDE_TextEditEngine::AdjustGap - 2019-10-09
978180 Use-After-Free in FT_Stream_ReleaseFrame - 2019-10-09
978575 Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnSetFocus $3000 2019-10-09
978382 Incorrect heap object handling in v8 $500 2019-10-09
980065 Crash in v8::internal::SourcePositionTableIterator::Advance - 2019-10-08
979942 Heap-use-after-free in blink::LayoutObject::UpdateFirstLineImageObservers - 2019-10-07
979951 Heap-use-after-free in base::subtle::RefCountedBase::AddRefImpl - 2019-10-07
979505 Bad-cast to net::URLRequestFtpJob from invalid vptr in net::URLRequestFtpJob::OnStartCompleted $3500 2019-10-06
976713 Security: Possible to leak internal objects like arrayBufferConstructor_DoNotInitialize and InternalPackedArray via console utility functions - 2019-10-05
977778 NGOffsetMappingBuilder::CollapseTrailingSpace() crashes with white-space:pre-wrap - 2019-10-05
953516 Potential map end() access in MojoMjpegDecodeAcceleratorService - 2019-10-04
973352 Heap-use-after-free in dawn_native::null::Buffer::CopyFromStaging - 2019-10-04
976573 Bad-cast to dawn_native::null::Buffer from invalid vptr in dawn_native::null::BufferMapReadOperation::Execute - 2019-10-04
978082 heap-use-after-free : cc::LayerTreeHostImpl::ImageDecodeFinished - 2019-10-04
979069 Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex - 2019-10-04
979228 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-10-04
971544 Use-of-uninitialized-value in GrBackendTexture::operator= - 2019-10-03
946260 AppCache can be registered to arbitrary site with renderer compromise $1000 2019-10-02
970378 Security: Sites can bypass restrictions on multiple downloads by redirecting page to about:srcdoc $500 2019-10-02
976627 v8 crash on regexp length check $3000 2019-10-02
977012 DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h - 2019-10-02
977458 Use-of-uninitialized-value in blink::LayoutTreeBuilderForText::CreateLayoutObject - 2019-10-02
977832 Heap-buffer-overflow in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset - 2019-10-02
978277 DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h - 2019-10-02
978335 Use-of-uninitialized-value in PageInfoUI::GetSecurityDescription - 2019-10-02
888322 CVE-2018-14610 CrOS: Vulnerability reported in Linux kernel - 2019-10-01
949425 pdfium (XFA): invalid vptr / uaf in CXFA_FFDocView::RunBindItems $3000 2019-10-01
976652 CVE-2018-20669 CrOS: Vulnerability reported in Linux kernel - 2019-10-01
976939 DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() & - 2019-10-01
978050 Use-of-uninitialized-value in v8::internal::GCTracer::CurrentEmbedderAllocationThroughputInBytesPerMillisecond - 2019-10-01
949999 Bad-cast to MetricsLibraryInterface from MetricsLibrary in p2p::server::HttpServerExternalProcess::OnMessageReceived - 2019-09-30
960106 ChromeOS Kernel integer overflow - 2019-09-30
966309 Use-of-uninitialized-value in v8::internal::Simulator::FPCompare - 2019-09-29
977855 CVE-2019-3896 CrOS: Vulnerability reported in Linux kernel - 2019-09-29
969256 Int-overflow in CPDF_PSEngine::DoOperator - 2019-09-28
976136 heap-use-after-free in ContextProvider $3000 2019-09-28
977089 DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() & - 2019-09-28
977467 Crash in blink::MojoHandle::writeMessage - 2019-09-28
768526 Cast should not use a web iframe inside a WebUI page - 2019-09-27
950328 v8 crash on map-check $3000 2019-09-27
961674 DCHECK failure in __isolate__->has_scheduled_exception() in isolate.cc - 2019-09-27
971293 heap-use-after-free in Cancel::wasm-engine.cc $1000 2019-09-27
971702 UAF in chrome!content::Portal::Activate $8000 2019-09-27
972354 CVE-2019-3846 CrOS: Vulnerability reported in Linux kernel - 2019-09-27
973137 Crash in quic::QuicDataReader::PeekVarInt62Length - 2019-09-27
973893 Potential bad cast with non-string values - 2019-09-27
976859 Security: heap-use-after-free in blink::NGPaintFragment::AssociateWithLayoutObject $3000 2019-09-27
976922 DCHECK failure in fixed_array.IsNumberDictionary() in js-objects-inl.h - 2019-09-27
976923 DCHECK failure in 0 == memcmp(reinterpret_cast<void*>(fresh->address()), reinterpret_cast<void*>(n - 2019-09-27
976932 DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr - 2019-09-27
976935 Heap-use-after-free in CFX_Font::LoadSubst - 2019-09-27
976940 Crash in ReadUnalignedValue<double> - 2019-09-27
976944 Crash in v8::internal::Object::Number - 2019-09-27
964639 CVE-2019-11833 CrOS: Vulnerability reported in Linux kernel - 2019-09-26
967993 Crash in base::ObserverListThreadSafe<base::PowerObserver>::RemoveObserver - 2019-09-26
972921 Security: v8 dcheck failure and fatal error $3000 2019-09-26
974760 Security: heap-use-after-free in blink::NGBlockNode::SaveStaticOffsetForLegacy $3000 2019-09-26
976231 Heap-use-after-free in CFX_Font::LoadSubst - 2019-09-26
976429 Security: Use-of-uninitialized-value in CFWL_WidgetMgr::NextTab if Ctrl-Tab is pressed while editing an XFA form. - 2019-09-26
976924 Crash in v8::internal::DictionaryElementsAccessor::CollectElementIndicesImpl - 2019-09-26
962572 Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli - 2019-09-25
971740 Security: URL bar spoofing on iOS with history.back() $3000 2019-09-25
972031 CrOS: Vulnerability reported in app-editors/vim - 2019-09-25
974627 DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h - 2019-09-25
958002 cros-machine-id-regen should quote file path when computing timestamp path $1000 2019-09-24
969368 CHECK failure: (location_) != nullptr in maybe-handles.h - 2019-09-24
974091 Security: PDFium Font Parsing Heap Use After Free Vulnerability $3000 2019-09-24
968081 Use-of-uninitialized-value in v8::internal::Factory::NewNumber - 2019-09-23
964872 Security: signed-integer-overflow in FX_RECT::Height - 2019-09-22
965067 URL is updated incorrectly after navigating to an invalid URL - 2019-09-22
973103 Security: site isolation bypass: request headers overwrite via URLLoader::FollowRedirect - 2019-09-22
973628 Don't rewrite about:srcdoc into chrome://srcdoc (just as we make an exception for about:blank) - 2019-09-21
961237 Security: jit difference on comparison in d8 - 2019-09-20
971904 Heap-use-after-free in content::GpuChildThread::QuitMainMessageLoop - 2019-09-20
972239 Heap-use-after-free in base::internal::WeakReference::IsValid - 2019-09-20
972413 Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject - 2019-09-20
972657 Potential UAF in TRACE_EVENT call in FontLoader::openStream - 2019-09-20
973363 Integer overflow in FastGetOwnValuesOrEntries - 2019-09-20
971761 Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::begin_function_scope - 2019-09-19
972623 Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options::~shaderc_spvc_compile_options - 2019-09-19
972627 Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options_release - 2019-09-19
973121 Crash in v8::Value::ToString - 2019-09-19
973132 Crash in v8::internal::ConcurrentMarkingVisitor::MarkObject - 2019-09-19
973136 Crash in _platform_memmove$VARIANT$Nehalem - 2019-09-19
973138 Crash in v8::internal::LookupIterator::State v8::internal::LookupIterator::LookupInRegula - 2019-09-19
973146 Crash in v8::internal::String::GetFlatContent - 2019-09-19
973151 Bad-cast to v8::String::ExternalStringResource from invalid vptr in v8::internal::ExternalTwoByteString::GetChars - 2019-09-19
972390 Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length - 2019-09-18
972394 Crash in AtomicallySetQuarantineFlagIfAllocated - 2019-09-18
973056 URL is updated incorrectly when navigating to external app urls $500 2019-09-18
973122 Use-of-uninitialized-value in v8::internal::FixStaleLeftTrimmedHandlesVisitor::VisitRootPointers - 2019-09-18
964245 Site Isolation breaking bug in filesystem $5000 2019-09-17
968988 CVE-2019-12381 CrOS: Vulnerability reported in Linux kernel - 2019-09-17
968994 CrOS: Vulnerability reported in dev-db/sqlite - 2019-09-17
968870 Crash in blink::RemoteFrame::SetCcLayer - 2019-09-16
971752 Heap-use-after-free in blink::LayoutBlockFlow::AddOverhangingFloats - 2019-09-16
972295 Bad-cast to v8::internal::wasm::(anonymous namespace)::WasmGCForegroundTask from invalid vptr in v8::internal::wasm::WasmEngine::RemoveIsolateFromCurrentGC - 2019-09-16
968006 Heap-buffer-overflow in mojo::SyncHandleRegistry::Wait - 2019-09-15
968007 Heap-use-after-free in quic::QuicDataReader::ReadBytes - 2019-09-15
969321 Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType - 2019-09-15
970644 Bad-free in shaderc_spvc_compile_options_release - 2019-09-15
970909 Crash in AtomicallySetQuarantineFlagIfAllocated - 2019-09-15
971551 Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction> - 2019-09-15
971746 Crash in AddressIsPoisoned - 2019-09-15
971757 Crash in shaderc_spvc_compile_options::~shaderc_spvc_compile_options - 2019-09-15
929578 Any extension can be disbled by simply adding a trailing slash $500 2019-09-14
968985 CVE-2019-12378 CrOS: Vulnerability reported in Linux kernel - 2019-09-14
968987 CVE-2019-12380 CrOS: Vulnerability reported in Linux kernel - 2019-09-14
969333 Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture - 2019-09-14
969525 Crash in v8::internal::Heap::GcSafeFindCodeForInnerPointer - 2019-09-14
971606 Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::PackStringsToBucket - 2019-09-14
969083 Heap-use-after-free in content::IndexedDBOriginState::AbortAllTransactions - 2019-09-13
969363 Use-of-uninitialized-value in blink::GraphicsLayerUpdater::UpdateContext::CompositingContainer - 2019-09-13
971538 Use-of-uninitialized-value in GrBackendTexture::operator= - 2019-09-13
971545 Use-of-uninitialized-value in GrBackendTexture::operator= - 2019-09-13
901306 CrOS: Vulnerability reported in media-libs/tiff - 2019-09-12
923647 CrOS: Vulnerability reported in media-libs/tiff - 2019-09-12
959640 Multiple file download protection bypass $500 2019-09-12
960785 Security: Heap-use-after-free in blink::PresentationAvailabilityState::UpdateAvailability - 2019-09-12
962947 Use-of-uninitialized-value in vfnprintf - 2019-09-12
969055 URL doesn't update correctly when tapped on Stop icon to stop page loading - 2019-09-12
969261 Heap-buffer-overflow in CFF::CFF2FDSelect::sanitize - 2019-09-12
971537 Use-of-uninitialized-value in GrBackendTexture::operator= - 2019-09-12
951974 Crash in shaderc_spvc_compile_options::shaderc_spvc_compile_options - 2019-09-11
952081 Crash in AtomicallySetQuarantineFlagIfAllocated - 2019-09-11
953985 Crash in AddressIsPoisoned - 2019-09-11
954955 Crash in shaderc_spvc_compile_options_release - 2019-09-11
955949 Security: Chronos user can delete files as root at boot (cleanup-shutdown-logs.conf) - 2019-09-11
961413 Use-after-poison in blink::xpath::Expression::AddSubExpression - 2019-09-11
967592 Crash in shaderc_spvc_compile_options_clone - 2019-09-11
969520 Crash in spirv_cross::Variant::empty - 2019-09-11
969521 Heap-buffer-overflow in spirv_cross::Variant::Variant - 2019-09-11
957516 Security: Heap-use-after-free in ProjectionFromFieldOfView - 2019-09-10
958318 CVE-2019-11487 CrOS: Vulnerability reported in Linux kernel - 2019-09-10
959508 Crash in blink::PersistentBase<blink::DummyGCBase, - 2019-09-10
962916 CVE-2019-11884 CrOS: Vulnerability reported in Linux kernel - 2019-09-10
966263 Security: signed integer overflow in CPDF_RenderStatus::ProcessType3Text - 2019-09-10
968984 CVE-2019-11190 CrOS: Vulnerability reported in Linux kernel - 2019-09-10
969444 Crash in blink::Deprecation::GenerateReport - 2019-09-10
969286 Chromium: Vulnerability reported in sqlite - 2019-09-08
831725 SameSite cookie bypass via prerender $2000 2019-09-07
907344 Heap-buffer-overflow in spirv_cross::Compiler::parse - 2019-09-07
907718 Crash in spirv_cross::Variant::get_type - 2019-09-07
943494 Security: UAF on WebUSB (Windows, windows_usb.c) - 2019-09-07
950256 Use-of-uninitialized-value in spirv_cross::SPIRConstant::SPIRConstant - 2019-09-07
951525 Security: IntersectionObserver V2 fails for CSS property scale transform $500 2019-09-07
951902 Crash in spirv_cross::Variant::empty - 2019-09-07
952050 Crash in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction> - 2019-09-07
952156 Heap-buffer-overflow in spirv_cross::Variant::Variant - 2019-09-07
952505 Crash in spirv_cross::VectorView<unsigned int>::begin - 2019-09-07
953094 Heap-buffer-overflow in shaderc_spvc_compile_into_glsl - 2019-09-07
953935 Heap-buffer-overflow in spirv_cross::Meta::Decoration::Decoration - 2019-09-07
954785 Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction> - 2019-09-07
954969 Heap-buffer-overflow in ??$allocate@AEBIAEBI_N@?$ObjectPool@USPIRConstant@spirv_cross@@@spirv_cross@@QEA - 2019-09-07
962956 Crash in spirv_cross::ParsedIR::remove_typed_id - 2019-09-07
964768 heap-use-after-free : strlen - 2019-09-07
965918 Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType> - 2019-09-07
967152 Crash in spirv_cross::SPIRFunction const& spirv_cross::Variant::get<spirv_cross::SPIRFunc - 2019-09-07
967926 Security: [Non-Exploitable] Crosh sandbox escape via command injection - 2019-09-07
967933 Security: [Not Exploitable] seconds_compare method in network_diag does not quote parameters - 2019-09-07
967943 Security: Command Injection in periodic_scheduler - 2019-09-07
968075 Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType> - 2019-09-07
964667 Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli - 2019-09-06
966460 DCHECK failure in object->HasSmiOrObjectElements() || object->HasDoubleElements() || object->HasFa - 2019-09-06
967978 Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length - 2019-09-06
967996 Use-of-uninitialized-value in blink::PerformanceResourceTiming::secureConnectionStart - 2019-09-06
968080 Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType - 2019-09-06
929300 BrowserPlugin architecture causes PDFs to be fetched into a cross-origin web renderer - 2019-09-05
966557 Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::Perform - 2019-09-05
966960 Heap-use-after-free in blink::TaskBase::TaskCompleted - 2019-09-05
967196 Heap-use-after-free in ash::OverviewWindowDragController::StartNormalDragMode - 2019-09-05
967361 Heap-use-after-free in blink::NGPaintFragment::RecalcContentsInkOverflow - 2019-09-05
964002 Security: Latin KRA homograph - 2019-09-04
966784 UAF in content::IndexedDBOriginState::AbortAllTransactions $5000 2019-09-04
967167 Use-of-uninitialized-value in int blink::LazyLineBreakIterator::NextBreakablePosition<unsigned short, - 2019-09-04
967938 Security: Command Injection in cr50-verify-ro.sh - 2019-09-04
665766 Change on the credentials mode on redirect specified by the CORS algorithm should be propagated to net/ $1000 2019-09-03
953294 Omnibox spoofing with data urls - 2019-09-03
962500 Security: Security: Same Origin Policy bypass and local file disclosure via <portal> element $10000 2019-09-03
966762 UAF in content::IndexedDBDatabase::ProcessRequestQueueAndMaybeRelease $15500 2019-09-03
967151 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsExternalOneByteString()) in string - 2019-09-03
967118 Heap-buffer-overflow in dawn_native::DeviceBase::CreateBufferMapped - 2019-09-01
958717 DCHECK failure in IrOpcode::kPhi == callee->opcode() in js-inlining-heuristic.cc - 2019-08-31
966454 Container-overflow in content::IndexedDBFactoryImpl::ContextDestroyed - 2019-08-31
966572 Container-overflow in base::TaskAnnotator::RunTask - 2019-08-31
966812 Crash in blink::WorkletPendingTasks::Abort - 2019-08-31
936900 Security: CORS issue with Chrome Extensions $500 2019-08-30
950000 Incorrect-function-pointer-type in base::internal::CallbackBase< - 2019-08-30
964607 Security: WebAssembly duplicate indirect_function_table lead to OOB Write $3000 2019-08-30
965633 Heap-use-after-free in dawn_native::SamplerBase::EqualityFunc::operator - 2019-08-30
966224 Use-of-uninitialized-value in v8::internal::wasm::CompilationStateImpl::GetNextCompilationUnit - 2019-08-30
966555 Use-of-uninitialized-value in extensions::MimeHandlerViewContainerManager::DestroyFrameContainer - 2019-08-30
961597 Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::RootScrollerController::ApplyRootScrollerProperties - 2019-08-29
964818 Integer-overflow in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken - 2019-08-29
964928 Security: JS execution inside ScriptForbiddenScope leading to UAF - 2019-08-29
964924 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow* blink::DynamicTo<blink::LayoutBlockFlow, blink::LayoutOb - 2019-08-28
965630 Use-of-uninitialized-value in v8::internal::Factory::NewStringFromTwoByte - 2019-08-28
957324 CrOS: Vulnerability reported in app-text/ghostscript-gpl - 2019-08-27
963346 CHECK failure: (map()->has_fast_smi_or_object_elements() || map()->has_frozen_or_sealed_element - 2019-08-27
964762 Heap-use-after-free in AppListClientImpl::OpenSearchResult - 2019-08-27
964813 Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutBox::ResolvedDirection - 2019-08-27
965299 DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim - 2019-08-27
958532 Use-of-uninitialized-value in p2p::server::HttpServerExternalProcess::OnMessageReceived - 2019-08-26
960111 ChromeOS privilege escalation - 2019-08-26
964619 Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutText::FirstLineBoxTopLeft - 2019-08-26
963341 Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2019-08-25
964171 Use-of-uninitialized-value in blink::ListItemOrdinal::NextListItem - 2019-08-25
964675 Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr - 2019-08-25
962083 Use-of-uninitialized-value in sqlite3IntFloatCompare - 2019-08-24
963831 Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline - 2019-08-24
963579 Use-of-uninitialized-value in blink::LayoutTreeBuilderTraversal::NextSiblingLayoutObject - 2019-08-24
960109 ChromeOS persistence bug - 2019-08-24
961998 Crash in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken - 2019-08-24
963409 Use-of-uninitialized-value in base::UTF16ToUTF8 - 2019-08-24
964218 Heap-buffer-overflow in void inspector_protocol_encoding::cbor::EncodeBinaryTmpl<std::__Cr::vector<unsig - 2019-08-24
964178 DCHECK failure in TypeOf(node->InputAt(0)).IsNone() in simplified-lowering.cc - 2019-08-23
952073 Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr - 2019-08-23
958689 UaF in SharedWorkerClient::OnScriptLoadFailed - 2019-08-23
958963 Security: Sign in to Chrome OS using Smart Lock without entering PIN on Android device $6337 2019-08-23
959193 Heap-buffer-overflow in u_strlen_64 - 2019-08-23
962368 Security: Wrong url in omnibox on iOS (URL spoof) - 2019-08-23
963060 Bad-cast to blink::DisplayItemClient from invalid vptr in blink::DisplayItemRasterInvalidator::Generate - 2019-08-23
963076 Use-of-uninitialized-value in handle_vdm_request - 2019-08-23
963463 Crash in v8::internal::FullMaybeObjectSlot::Relaxed_Store - 2019-08-23
963464 Crash in ptr - 2019-08-23
963466 Crash in v8::internal::FeedbackVector::SetOptimizationMarker - 2019-08-23
963681 Crash in chrome - 2019-08-23
963687 Crash in v8::internal::Simulator::LoadStoreHelper - 2019-08-23
963890 Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPhysicalFragment::HasLayer - 2019-08-23
964109 Use-of-uninitialized-value in pd_update_pdo_flags - 2019-08-23
951880 URL spoofing with post urls - 2019-08-22
960209 Chrome CORS Causes Unauthorized File Download and Arbitrary File Execution on macOS $500 2019-08-22
963278 Heap-use-after-free in SlowLastChild - 2019-08-22
963461 DCHECK failure in has_feedback_vector() in js-objects-inl.h - 2019-08-22
963568 DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h - 2019-08-22
622974 Another case where incorrect origin is sent with message event - 2019-08-21
952709 Heap-use-after-free in SerialChooserController::OnGetDevices - 2019-08-21
958718 DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line - 2019-08-21
960331 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short - 2019-08-21
961972 Use-of-uninitialized-value in blink::LayoutInline::ContinuationBefore - 2019-08-21
961973 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::WillBeDestroyed - 2019-08-21
961977 Use-of-uninitialized-value in blink::FloatRoundedRect::IncludeLogicalEdges - 2019-08-21
961989 Crash in blink::LayoutBlockFlow::WillBeDestroyed - 2019-08-21
961990 Use-of-uninitialized-value in blink::BoxPainterBase::FillLayerInfo::FillLayerInfo - 2019-08-21
962008 Heap-use-after-free in blink::NGPaintFragment::TryMarkLastLineBoxDirtyFor - 2019-08-21
962027 Bad-cast to blink::LayoutObject from invalid vptr in blink::HTMLFrameOwnerElement::GetLayoutEmbeddedContent - 2019-08-21
962086 [LayoutNG] Bad-cast to blink::LayoutObject from invalid vptr in blink::Node::DetachLayoutTree - 2019-08-21
962088 Bad-cast to blink::LayoutObject from invalid vptr in blink::EndsOfNodeAreVisuallyDistinctPositions - 2019-08-21
962141 Heap-use-after-free in GetDocument - 2019-08-21
962273 Heap-use-after-free in IsInline - 2019-08-21
962338 Use-of-uninitialized-value in blink::NGBoxFragmentPainter::PaintObject - 2019-08-21
962841 Heap-use-after-free in blink::LayoutObject::PreviousInPreOrder - 2019-08-21
961979 Crash in blink::Document::View - 2019-08-20
961985 Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::InlineElementContinuation - 2019-08-20
962065 Heap-use-after-free in blink::LayoutBlockFlow::InlineElementContinuation - 2019-08-20
962172 Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline - 2019-08-20
962197 Heap-use-after-free in blink::LayoutBlockFlow::NodeForHitTest - 2019-08-20
962275 Security DCHECK failure: !object || (object->IsText()) in layout_text.h $3500 2019-08-20
962468 Use-of-uninitialized-value in v8::internal::compiler::Schedule::block - 2019-08-20
962474 DCHECK failure in effect_edges > 0 in verifier.cc - 2019-08-20
957160 Use-after-poison in blink::UpdatePlaceholderImage - 2019-08-19
958510 Use-of-uninitialized-value in pd_partner_port_reset - 2019-08-19
961943 Use-of-uninitialized-value in blink::NGInlineLayoutStateStack::UpdateAfterReorder - 2019-08-19
961773 DCHECK failure in !ExpectedTransitionKey().is_null() in transitions-inl.h - 2019-08-18
950230 Heap-buffer-overflow in materialize - 2019-08-17
959390 Security: Access-Control-Expose-Headers is not honored for redirects $500 2019-08-17
949413 pdfium (XFA): wrong object type / uaf in SyncContainer $3000 2019-08-16
957521 Security: Heap-use-after-free in XRView::UpdateProjectionMatrixFromAspect - 2019-08-16
958072 Heap-buffer-overflow in libGLESv2_swiftshader - 2019-08-16
959747 Unknown signal in Builtins_StoreFastElementIC_GrowNoTransitionHandleCOW - 2019-08-16
954818 Security: Crosh privilege escalation / sandbox escape via command injection in set_arpgw $5500 2019-08-15
957405 DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim - 2019-08-15
957522 Security: Heap-use-after-free in ShapeDetector::DetectShapesOnImageData - 2019-08-15
959727 DCHECK failure in !IsElement() in lookup.h - 2019-08-15
960520 Use-of-uninitialized-value in BN_bin2bn - 2019-08-15
960680 Bad-cast to v8::String::ExternalOneByteStringResource from v8::internal::SimpleStringResource<unsigned short, v8::String::ExternalStringResource> in v8::internal::ExternalOneByteString::GetChars - 2019-08-15
960735 Heap-use-after-free in blink::SnapCoordinator::UpdateSnapContainerData - 2019-08-15
960753 CVE-2019-11811 CrOS: Vulnerability reported in Linux kernel - 2019-08-15
960775 Use-after-poison in blink::PersistentBase<blink::Document, - 2019-08-15
949418 Heap-buffer-overflow in courgette::DisassemblerElf32::ExtractAbs32Locations - 2019-08-14
959066 Use-of-uninitialized-value in courgette::DisassemblerElf32ARM::RelToRVA - 2019-08-14
959264 Use-of-uninitialized-value in setvar_ - 2019-08-14
959534 CVE-2019-11599 CrOS: Vulnerability reported in Linux kernel - 2019-08-14
959538 CVE-2019-7222 CrOS: Vulnerability reported in Linux kernel - 2019-08-14
959563 Heap-use-after-free in headless::HeadlessShell::Shutdown - 2019-08-14
959745 Crash in blink::FrameLoader::StartNavigation - 2019-08-14
951795 Security: Use-after-free in WasmMemoryObject::Grow - 2019-08-13
957092 Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture - 2019-08-13
957285 Bad-cast to base::sequence_manager::TaskQueue from invalid vptr in base::sequence_manager::ThreadManager::PostDelayedTask - 2019-08-13
958528 Use-of-uninitialized-value in BN_div - 2019-08-13
958525 Use-of-uninitialized-value in bn_mul_comba8 - 2019-08-13
958755 Bad-cast to headless::HeadlessWebContents from invalid vptr in headless::HeadlessShell::Shutdown - 2019-08-13
959192 Heap-use-after-free in content::FileSystemManagerImpl::Open - 2019-08-13
959518 Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockContext::kChildren) in l - 2019-08-13
959645 DCHECK failure in value->IsSmi() in objects-debug.cc - 2019-08-13
959835 Security DCHECK failure: !object || (object->IsLayoutEmbeddedContent()) in layout_embedded_content.h - 2019-08-13
956851 Heap-use-after-free in fts3DisconnectMethod - 2019-08-11
958787 Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutImage in blink::HTMLFrameOwnerElement::SetEmbeddedContentView - 2019-08-11
959387 Bad-cast to v8::internal::compiler::GapResolver::Assembler from invalid vptr in v8::internal::compiler::GapResolver::Resolve - 2019-08-11
959381 Crash in v8::internal::OwnedVector<unsigned char>::New - 2019-08-11
959541 Heap-buffer-overflow in v8::internal::Assembler::jmp - 2019-08-11
952682 DCHECK failure in value->IsSmi() in objects-debug.cc - 2019-08-10
956391 CrOS: Vulnerability reported in dev-db/sqlite - 2019-08-10
958307 Heap-use-after-free in net::MDnsClientImpl::Core::DoCleanup - 2019-08-10
958531 Use-of-uninitialized-value in setvar - 2019-08-10
958759 CHECK failure: (location_) != nullptr in maybe-handles.h - 2019-08-10
958872 Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber - 2019-08-10
959024 Incorrect-function-pointer-type in blink::InputType::Create - 2019-08-10
959014 Crash in v8::internal::wasm::NativeModule::AddCodeWithCodeSpace - 2019-08-10
959031 Crash in v8::internal::wasm::NativeModule::runtime_stub_entry - 2019-08-10
959064 Crash in apply - 2019-08-10
959107 Crash in v8::internal::OwnedVector<unsigned char>::New - 2019-08-10
959190 Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer - 2019-08-10
959197 Heap-buffer-overflow in WriteUnalignedValue<unsigned - 2019-08-10
959199 Bad-cast to v8::internal::compiler::CodeGeneratorv8::internal::compiler::CodeGenerator::AssembleCode in void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::AssembleC - 2019-08-10
959263 Heap-buffer-overflow in emit - 2019-08-10
959275 Bad-cast to v8::internal::AssemblerBufferv8::internal::Assembler::GrowBuffer in v8::internal::Assembler::emit_mov - 2019-08-10
959271 Crash in ReadUnalignedValue<unsigned - 2019-08-10
959386 Crash in apply - 2019-08-10
959472 Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer - 2019-08-10
959484 Crash in v8::internal::compiler::InstructionSequence::InstructionBlockAt - 2019-08-10
954891 Security: OOB Read in ReflexHash::checkTriangle - 2019-08-09
957323 CVE-2019-8980 CrOS: Vulnerability reported in Linux kernel - 2019-08-09
947858 Crash in Builtins_InterpreterEntryTrampoline - 2019-08-08
956531 CrOS: Vulnerability reported in app-arch/tar - 2019-08-08
957335 Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal - 2019-08-08
957436 Security: heap-use-after-free in content::RenderFrameImpl::CommitFailedNavigationInternal $3000 2019-08-08
957830 Use-of-uninitialized-value in inspector_protocol_encoding::json::JsonParser<unsigned char>::Parse - 2019-08-08
958151 Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber - 2019-08-08
958457 Use after free in PresentationAvailabilityState - 2019-08-08
875546 Use-of-uninitialized-value in gfx::Tween::IntValueBetween - 2019-08-07
893087 Security: pageCapture permission allows access to arbitrary local files and chrome:// pages $500 2019-08-07
951322 Crash in v8::internal::Simulator::LoadStorePairHelper - 2019-08-07
954762 Heap-buffer-overflow in webrtc::MouseCursorMonitorX11::CaptureCursor - 2019-08-07
956414 CVE-2019-10125 CrOS: Vulnerability reported in Linux kernel - 2019-08-07
956597 Security: UAF in ServiceWorkerPaymentInstrument $5000 2019-08-07
956947 Heap-use-after-free in CPDF_ShadingPattern::Load() $6000 2019-08-07
957321 CVE-2013-7470 CrOS: Vulnerability reported in Linux kernel - 2019-08-07
956389 CrOS: Vulnerability reported in net-misc/curl - 2019-08-06
957814 Heap-use-after-free in CPDF_RenderStatus::RenderObjectList - 2019-08-06
956416 CVE-2019-7221 CrOS: Vulnerability reported in Linux kernel - 2019-08-05
956426 DCHECK failure in old_descriptors_->GetDetails(modified_descriptor_) .representation() .Equals(new - 2019-08-05
949887 Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints - 2019-08-04
956418 CVE-2019-9213 CrOS: Vulnerability reported in Linux kernel - 2019-08-04
928551 HTTPS proxies can redirect CONNECT - 2019-08-03
956415 CVE-2019-6974 CrOS: Vulnerability reported in Linux kernel - 2019-08-03
956428 Crash in v8::Isolate::GetCurrentContext - 2019-08-03
946395 Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal - 2019-08-02
955047 Use-of-uninitialized-value in blink::AddressCache::Lookup - 2019-08-02
956427 Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::HTMLFrameOwnerElement::OnViewportIntersectionChanged - 2019-08-02
893258 WebAuthN dialog elides long RP ID (hostnames) on the right - 2019-08-01
948564 Parameter passing error and Integer overflow in media_stream.mojom which could be used through ipc - 2019-08-01
956393 CVE-2019-10124 CrOS: Vulnerability reported in Linux kernel - 2019-08-01
951712 Security: pdfium SEGV on unknown address in CXFA_Graphics::FillPathWithShading $1000 2019-07-31
952301 pdfium (XFA): oob array read in CXFA_Graphics::FillPathWithShading $1000 2019-07-31
952581 Use-of-uninitialized-value in quic::QuicFramer::DecryptPayload - 2019-07-31
952849 Security: Use-after-free in AudioWorkletGlobalScope::Process - 2019-07-31
953659 v8 engine element kind type logic panic - 2019-07-31
952406 Security: Possible OOB related to chrome_sqlite3_malloc $500 2019-07-30
954703 Heap-buffer-overflow in DirectiveHeaderValueParser::DirectiveHeaderValueParser - 2019-07-30
954760 Heap-buffer-overflow in domain_reliability::DomainReliabilityHeader::Parse - 2019-07-30
951262 Crash in rr::optimize - 2019-07-28
952041 Heap-buffer-overflow in shaderc_spvc_compile_options_clone - 2019-07-28
951218 Heap-use-after-free in blink::NGOffsetMappingUnit::AssociatedNode - 2019-07-27
932610 Roll libxslt to downstream a security fix - 2019-07-25
940285 Heap-use-after-free in content::UtilityServiceFactory::RunNetworkServiceOnIOThread - 2019-07-25
951988 DCHECK failure in 0u == length in builtins-array.cc - 2019-07-25
952749 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSGlobalProxy()) in js-objects-inl - 2019-07-25
953157 DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc - 2019-07-25
953179 DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc - 2019-07-25
919300 Use-of-uninitialized-value in avx::store_bgra $1500 2019-07-24
926219 Use-of-uninitialized-value in sse41::blit_row_s32a_opaque - 2019-07-24
934161 Use-of-uninitialized-value in avx::store_NUMBER $1500 2019-07-24
950531 Security: LoadComBaseFunction susceptible to dll preloading - 2019-07-24
952340 Use-of-uninitialized-value in blink::UserMediaRequest::Create - 2019-07-24
952658 VP9 deadlock with change in tile count - 2019-07-24
952722 DCHECK failure in is_resolved() in ast.h - 2019-07-24
953233 Use-of-uninitialized-value in v8::internal::interpreter::ConstantArrayBuilder::ToFixedArray - 2019-07-24
947029 Security: heap-use-after-free in SMILTimeContainer::UpdateAnimations() $3000 2019-07-23
949417 Use-of-uninitialized-value in disk_cache::BackendImpl::NewEntry - 2019-07-23
952594 Security: SEGV with canvas strokeText - 2019-07-23
952389 Bad-cast to blink::LayoutBlockFlow from blink::LayoutInline in blink::CompositeEditCommand::AddBlockPlaceholderIfNeeded - 2019-07-22
952384 Bad-cast to blink::LayoutBlockFlow from blink::LayoutTable in blink::LayoutBlockFlow& blink::To<blink::LayoutBlockFlow, blink::LayoutObject> - 2019-07-22
952564 Crash in avx::lowp::scale_u8 - 2019-07-22
952565 Crash in ssse3::blit_mask_d32_a8 - 2019-07-22
952566 Crash in _ZN3avx4lowpL7lerp_u8EmPPvmmDv8_tS3_S3_S3_S3_S3_S3_S3_$dc6b7024eef44a823ed47e292 - 2019-07-22
952568 Crash in Sk4px::Load4Alphas - 2019-07-22
952574 Crash in void mergeT<unsigned char> - 2019-07-22
952575 Crash in blend_row_A8 - 2019-07-22
952582 Crash in load<unsigned char __attribute__ - 2019-07-22
952590 Crash in SkARGB32_Opaque_Blitter::blitMask - 2019-07-22
952595 Crash in load<unsigned char __attribute__ - 2019-07-22
952598 Crash in _platform_memmove$VARIANT$Nehalem - 2019-07-22
952603 Crash in SkBlitter::blitMask - 2019-07-22
952615 Crash in bits_to_runs - 2019-07-22
952626 Crash in MapDstAlpha< - 2019-07-22
952629 Crash in void Sk4px::MapDstAlpha<ssse3::blit_mask_d32_a8_black - 2019-07-22
952666 Crash in sse2::lerp_u8 - 2019-07-22
952649 Crash in void Sk4px::MapDstSrcAlpha<Sk4px - 2019-07-22
948499 Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper - 2019-07-21
951438 DCHECK failure in GetReadOnlyRoots().fixed_cow_array_map() != map() in fixed-array-inl.h $3500 2019-07-21
924227 Heap-buffer-overflow in spirv_cross::SPIRConstant& spirv_cross::variant_set<spirv_cross::SPIRConstant, u - 2019-07-20
924735 Security: Marvell Avastar WiFi vulnerability - 2019-07-20
951164 DCHECK failure in IsFastElementsKind(array->GetElementsKind()) in elements.cc - 2019-07-20
951780 DCHECK failure in IsDoubleElementsKind(Subclass::kind()) in elements.cc - 2019-07-20
925244 CHECK failure: node->opcode() == IrOpcode::kParameter || node->opcode() == IrOpcode::kProjectio - 2019-07-19
948575 Security: Potential UAF in FidoBleDiscovery - 2019-07-19
948944 CHECK failure: !address.is_initialized() || sizeof(*data_) == address.BlockSize() in storage_bl - 2019-07-19
950318 Heap-use-after-free in disk_cache::MappedFile::Load - 2019-07-19
951374 DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsF - 2019-07-19
925788 Security: PDFium Heap Buffer Overflow in CXFA_TextLayout::DoLayout $1000 2019-07-18
932900 pdfium XFA CXFA_FFDocView::RunSubformIndexChange Use After Free $3000 2019-07-18
947342 Security: heap-buffer-overflow TextureD3D_2DArray::getImage $1000 2019-07-18
950848 Use-of-uninitialized-value in webrtc::AudioDecoderMultiChannelOpusConfig::IsOk - 2019-07-18
950747 DCHECK: !initializing_store && property_details_.constness() == PropertyConstness::kConst implies IsConstFieldValueEqualTo(*value) - 2019-07-18
951216 Use-after-poison in blink::ThreadableLoader::Cancel - 2019-07-18
925787 Security: PDFium Heap Buffer Overflow in CXFA_LayoutPageMgr::FinishPaginatedPageSets $1000 2019-07-17
933163 pdfium XFA CXFA_FFDocView::RunValidate Use After Free $3000 2019-07-17
950005 Security: PDF plugin is allowed to use Pepper TCPServerSocketPrivate API - 2019-07-17
950592 Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock - 2019-07-17
944424 UAF in TaskQueueImpl::CreateTaskRunner $3000 2019-07-16
949996 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName()) in name-inl.h - 2019-07-16
950275 Use-of-uninitialized-value in blink::TransformationMatrix::ToSkMatrix44 - 2019-07-15
950254 Use-of-uninitialized-value in SkMatrix44::recomputeTypeMask - 2019-07-15
935735 Use-of-uninitialized-value in blink::AddressCache::Lookup - 2019-07-14
901665 Index-out-of-bounds in vrend_set_single_abo - 2019-07-13
936741 Heap-buffer-overflow in courgette::DetectDisassembler - 2019-07-13
925614 protocol property of URL including specific character doesn't return correct value $500 2019-07-12
934112 Heap-buffer-overflow in courgette::DisassemblerWin32::ParseHeader - 2019-07-12
943709 libANGLE heap-buffer-overflow triggered by WebGL2 on Windows 10 $1000 2019-07-12
944865 DCHECK failure in object->FitsRepresentation(representation) in objects.cc - 2019-07-12
948172 Security: PDF plugin is allowed to use Pepper Socket API - 2019-07-12
948990 Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::ToLayoutBox - 2019-07-12
949015 Bad-cast to blink::LayoutObject from invalid vptr in blink::SVGResources::LayoutIfNeeded - 2019-07-12
947410 Bad-cast to Ice::OperandOptimizer::getUses in rr::optimize - 2019-07-11
947493 Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent - 2019-07-11
947784 Use-of-uninitialized-value in cc::PaintImageBuilder::TakePaintImage - 2019-07-11
881267 Chrome v69 URL spoofing vulnerability on IOS $1000 2019-07-10
943424 use-after-free in libANGLE triggered by WebGL2 on Windows 10 $3000 2019-07-10
943538 libANGLE use-after-free (gl::State::syncTextures) triggered through WebGL2 in the GPU process $3000 2019-07-10
944800 Use-after-poison in blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<`lambda - 2019-07-10
945246 DCHECK failure in map_.is_stable() in compilation-dependencies.cc - 2019-07-10
946550 Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback - 2019-07-10
947865 Use-of-uninitialized-value in dawn_native::TextureBase::Destroy - 2019-07-10
948228 DCHECK failure in *isolate->external_caught_exception_address() in wasm-engine.cc - 2019-07-10
948248 Security: Debug check failed: name->is_one_byte() src/parsing/parser.cc, line 350 - 2019-07-10
943087 Integer overflow in libANGLE that results in memory corruption in GPU process $3000 2019-07-09
948307 DCHECK failure in ObjectInYoungGeneration(HeapObjectSlot(slot).ToHeapObject()) in heap.cc - 2019-07-09
944930 Regenerate chromeos-base/chromeos-ca-certificates with the latest set of pki.goog/roots.pem - 2019-07-08
946889 v8 debug version crash when CreateGraph phase - 2019-07-08
947240 use-after-free happening in unittest LayerTreeHostImplTest.ScrollSnapOnY $3000 2019-07-08
947949 CHECK failure: this->first()->length() > 0 in objects-debug.cc - 2019-07-08
946539 Heap-buffer-overflow in disk_cache::EntryImpl::UserBuffer::Write - 2019-07-07
947378 Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize - 2019-07-07
947499 Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize - 2019-07-07
892875 Security: crosvm: integer overflow in read_struct_slice - 2019-07-06
897641 Security: URL in Omnibox doesn't always match page content $1000 2019-07-06
901603 Index-out-of-bounds in BZ2_decompress - 2019-07-06
916838 Security: Two autocomplete flaws together allow sites to invisibly read credit card numbers after a single keypress $3337 2019-07-06
939644 Integer overflows in disk caches - 2019-07-06
943387 Security: Regression : URL bar spoofing with "file:///" URL on iOS - 2019-07-06
946862 Heap-use-after-free in net::PrioritizedDispatcher::MaybeDispatchJob - 2019-07-06
947323 Use-of-uninitialized-value in dawn_native::TextureBase::Destroy - 2019-07-06
945644 Security: Failed Debug Check in src/compiler/verifier.cc, line 121 $3000 2019-07-05
945855 Heap-use-after-free in BEInt<unsigned int, 4>::operator unsigned int - 2019-07-05
946006 Heap-use-after-free in blink::LocalFrameUkmAggregator::RecordSample - 2019-07-05
946434 Heap-use-after-free in base::LinkNode<disk_cache::MemEntryImpl>::RemoveFromList - 2019-07-05
946543 Heap-buffer-overflow in BEInt<short, 2>::operator short - 2019-07-05
946806 Crash in BEInt<unsigned int, 4>::operator unsigned int - 2019-07-05
947150 Use-of-uninitialized-value in dawn_native::ValidateTextureViewDescriptor - 2019-07-05
918293 Security: Cross origin resource size infoleak $1000 2019-07-04
927764 Download Protection: Malicious extensions Mac OS (Safe Browsing) - 2019-07-04
944346 Crash in BEInt<unsigned int, 4>::operator unsigned int - 2019-07-04
944945 CHECK failure: !result.failed() in wasm-engine.cc - 2019-07-04
945370 UAF in IndexedDB $8000 2019-07-04
946175 Crash in v8::internal::Map::instance_type - 2019-07-04
946301 Heap-use-after-free in ash::CaptionContainerView::SetBackdropVisibility - 2019-07-04
933221 Wild read within ASAN instrumentation in __sanitizer_cov_trace_pc_guard - 2019-07-03
937773 CVE-2019-8912: Security: Linux Kernel: Potential priv esc via UAF in sockfs_settattr - 2019-07-03
944391 Stack-buffer-overflow in sh::TInfoSinkBase::operator<< - 2019-07-03
944971 Security: OOB memory access in v8 regexp - 2019-07-03
945084 Crash in vpx_subtract_block_sse2 - 2019-07-03
945341 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsFixedArrayBase()) in fixed-array-i - 2019-07-03
946310 CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc - 2019-07-03
946350 Crash in v8::internal::Object::Number - 2019-07-03
944435 CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint - 2019-07-02
945124 Heap-use-after-free in disk_cache::SimpleEntryImpl::CreationOperationComplete - 2019-07-02
945152 Heap-use-after-free in blink::PaintController::FinishCycle - 2019-07-01
941340 CSP bypass with import maps $1000 2019-06-30
940205 Heap-use-after-free in renameTokenCheckAll - 2019-06-29
943913 Stack-buffer-overflow in quic::QuicDataReader::ReadConnectionId - 2019-06-29
944013 Stack-buffer-overflow in quic::QuicDataReader::ReadBytes - 2019-06-29
944062 Security: v8: turbofan: JSCallReducer::ReduceArrayIndexOfIncludes fails to insert Map checks - 2019-06-28
937663 Use-of-uninitialized-value in mov_read_dfla - 2019-06-27
942699 Security: Google V8 Array.prototype Memory Corruption Vulnerability (TALOS-2019-0791) $2000 2019-06-27
942898 UAF in indexeddb IndexedDBDatabase::RequestComplete $10000 2019-06-27
942671 URL spoofing using invalid urls (invalid prototype) - 2019-06-26
939316 V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct - 2019-06-25
941952 DCHECK failure in 0 <= index && index < node->op()->ValueInputCount() in node-properties.cc $1500 2019-06-25
941743 Security: OOB write in v8::internal::(anonymous namespace)::ElementsAccessorBase - 2019-06-24
941746 Security: UAF in content::IndexedDBDatabase - 2019-06-22
940283 Use-of-uninitialized-value in content::PowerMonitorTestImpl::~PowerMonitorTestImpl - 2019-06-21
941360 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2019-06-21
941542 Use-of-uninitialized-value in Deserializer::readDescriptor - 2019-06-21
941991 Chromium: Vulnerability reported in libxml - 2019-06-21
936531 heap-use-after-free : base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront - 2019-06-20
939689 Security: Android : http authentication spoof $1000 2019-06-20
939746 CHECK failure: TypeError: node #171:StringCharCodeAt(input @1 = PoisonIndex:PoisonIndex) type ( - 2019-06-20
940284 Stack-buffer-overflow in auto_descriptor_from_desc - 2019-06-20
941008 Security: UAF in FileChooserImpl - 2019-06-20
940296 Crash in unsigned long v8::base::AsAtomicImpl<long>::Relaxed_Load<unsigned long> - 2019-06-19
940843 Stack-buffer-overflow in SkDescriptor::findEntry - 2019-06-19
885215 Security: SiteInstanceImpl::GetSiteForURL ignores hash in Data URL $500 2019-06-18
937199 pdfium (XFA): heap-use-after-free in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset $1000 2019-06-18
938724 pdfium (XFA): oob read in CFGAS_FormatString::FormatStrNum $1000 2019-06-18
940000 heap-use-after-free : base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase - 2019-06-18
940245 Security: Security: Chrome renderer process persistence bug on android $1000 2019-06-18
932908 Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement - 2019-06-17
939239 Arbitrary Read in swiftshader $1000 2019-06-15
938867 Bad-cast to blink::HTMLInputElement in IsMenulistInput - 2019-06-14
930550 Heap-buffer-overflow in bn_cmp_part_words - 2019-06-13
937799 Security: Invalid read. SEGV on CXFA_Radial::Draw. $3000 2019-06-13
938311 heap-use-after-free in AsyncCompileJob $3000 2019-06-13
938626 pdfium (XFA): oob read in CFGAS_FormatString::GetNumericFormat - 2019-06-13
937412 Crash in update_tricolor_matrix - 2019-06-12
937628 Crash in dawn_native::TextureFormatPixelSize - 2019-06-12
938251 Security: Integer overflow in NewFixedDoubleArray - 2019-06-12
913320 Heap-use-after-free in CPDF_ShadingPattern::Load() $3000 2019-06-11
917688 use-after-poison on blink::CanvasResourceDispatcher::OnBeginFrame - 2019-06-11
925598 Security: URL bar spoofing on iOS (repro issue 844881) $2000 2019-06-11
926160 CVE-2019-3819 CrOS: Vulnerability reported in Linux kernel - 2019-06-11
937487 chrome.dashboardPrivate API is exposed to whole origin of https://chrome.google.com $500 2019-06-11
937649 Unknown signal in Builtins_JSEntryTrampoline - 2019-06-11
928014 Crash in base::FilePath::FilePath - 2019-06-10
935209 Use-after-free in GenerateNetworkErrorLoggingReport - 2019-06-10
915423 Use-of-uninitialized-value in v8::internal::Factory::NewNumberFromUint - 2019-06-08
935374 Bad-cast to blink::LayoutImage from invalid vptr in blink::LayoutImage::ImageNotifyFinished - 2019-06-08
937155 Bad-free in _pthread_tsd_cleanup - 2019-06-08
937206 Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent - 2019-06-08
929198 Crash in _cupsStrFree - 2019-06-07
933743 Heap-buffer-overflow in media::mp4::ConvertAVCToAnnexBInPlaceForLengthSize4 - 2019-06-07
934166 Security: other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() (0x563015eb2cf8 vs. 0x563015eb2cf8). - 2019-06-07
935076 Heap-use-after-free in blink::LayoutImage::ImageNotifyFinished - 2019-06-07
936346 Crash in Ice::XNUMBER::InstImpl<struct Ice::XNUMBER::TargetX8664Traits>::InstX86Movd::emi - 2019-06-07
936448 Heap-use-after-free WRITE 4 · v8::internal::ElementsAccessorBase - 2019-06-07
913964 UAP in blink::UpdatePlaceHolderImage $3000 2019-06-06
919046 use-after-poison in blink::CanvasResourceDispatcher::OnBeginFrame - 2019-06-06
929757 Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept - 2019-06-06
930035 Security: Stack out-of-bounds writes in WebmMuxer::AddAudioTrack $500 2019-06-06
930057 Security: CORS policy not applied for bitmap canvases loaded without CORS support $1000 2019-06-06
932922 Heap-use-after-free in aura::EventObserverAdapter::~EventObserverAdapter $1500 2019-06-06
934201 Security: Internal object leak in ReadableStream - 2019-06-06
935175 Security: Address bar spoofing with mishandling canceled requests. $1000 2019-06-06
934128 Heap-buffer-overflow in gpr_murmur_hash3 - 2019-06-05
936302 CHECK failure: fixed_size_above_fp + in deoptimizer.cc - 2019-06-05
933004 Security: command line injection in Windows (--user-data-dir) $500 2019-06-04
933664 OOB read and write in BigUint64Array - 2019-06-04
935078 Crash in dawn_native::InputStateBuilder::SetAttribute - 2019-06-04
935026 Global-buffer-overflow in dawn_native::VertexFormatComponentSize - 2019-06-04
935138 Use-of-uninitialized-value in v8::internal::compiler::TurbofanWasmCompilationUnit::BuildGraphForWasmFunction - 2019-06-04
931949 Security: Type confusion in JSPromise::TriggerPromiseReactions - 2019-06-03
935101 CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc - 2019-06-03
894933 Heap-buffer-overflow in xmlParseAttValueInternal - 2019-06-02
927982 Heap-use-after-free in egl::Surface::deleteResources - 2019-06-02
929088 Heap-use-after-free in egl::Display::terminate - 2019-06-02
929962 Code review: ReadBits may return uninitialized value due to unchecked return status. $500 2019-06-01
930663 Security: READ heap-buffer-overflow in libxslt (type confusion?) $1000 2019-06-01
933418 ptrace syscall on Android can bypass seccomp on Linux <4.8 - 2019-06-01
934869 Crash in Ice::CfgNode::appendInst - 2019-06-01
924209 Use-of-uninitialized-value in sw::Shader::analyzeIndirectAddressing - 2019-05-31
933851 Bad-cast to (anonymous namespace)::WebrtcTaskQueue from invalid vptr in base::internal::Invoker<base::internal::BindState<void - 2019-05-31
933977 Heap-buffer-overflow in sw::PixelProgram::CALL - 2019-05-31
934085 Crash in llvm::ilist_base<true>::insertBeforeImpl - 2019-05-31
352465 Security: terminalPrivate API should use an unforgeable process reference - 2019-05-30
490720 Security: ping utility includes process id in echo requests - 2019-05-30
920169 CrOS: Vulnerability reported in dev-libs/elfutils - 2019-05-30
921983 CrOS: Vulnerability reported in dev-libs/libtasn1 - 2019-05-30
929652 DOMParser APIs send DNS request via preconnect link tag - 2019-05-30
932034 Size calculation overflow can lead to heap buffer overflow $5000 2019-05-30
932867 Stack-buffer-overflow in sw::Shader::analyzeCallSites - 2019-05-30
932953 CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda - 2019-05-30
933179 DCHECK failure in old_map_->is_stable() in map-updater.cc - 2019-05-30
933212 Heap-use-after-free in CFX_ReadOnlyMemoryStream::~CFX_ReadOnlyMemoryStream - 2019-05-30
933341 Heap-use-after-free in dawn_native::CommandEncoderBase::HandleBuilderError - 2019-05-30
933760 Use-of-uninitialized-value in = - 2019-05-30
927432 Use-after-poison in base::internal::Invoker<base::internal::BindState<void - 2019-05-29
930154 Security: Possible to override browser-initiated navigation using WindowClient.navigate $500 2019-05-29
932895 Crash in HandleDynamicTypeCacheMiss - 2019-05-29
933135 Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::WriteNextFil - 2019-05-29
933211 mXSS: Potential XSS via noembed tags parsed by DOMParser APIs $500 2019-05-29
933521 DCHECK failure in length_ < capacity() in string-builder.cc - 2019-05-29
928051 Crash in base::Thread::ThreadMain - 2019-05-28
929521 Crash in metrics::CallStackProfile_Location* google::protobuf::Arena::CreateMaybeMessage< - 2019-05-27
928863 Crash in sw::Thread::Thread - 2019-05-26
908669 Bad-free in base::internal::BindState<void - 2019-05-24
923654 Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive - 2019-05-24
924972 Security: site isolation bypass: websockets leak cross-origin cookies - 2019-05-24
926651 Security: [v8] Type Confusion in Builtins_CallUndefinedReceiver1Handler $6000 2019-05-24
927646 Security: heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidationWithoutGeometryChange $3000 2019-05-24
928974 Security: http authentication spoof (repro issue 884179) $1000 2019-05-24
930948 CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint - 2019-05-24
931175 Security: Invalid read. SEGV on CXFA_Graphics::FillPathWithShading $500 2019-05-24
920580 CrOS: Vulnerability reported in dev-libs/libzip - 2019-05-23
928138 Crash in base::CreateThread - 2019-05-23
928223 Crash in base::RunLoop::Run - 2019-05-23
878805 Weird crash in V8 javascript engine - 2019-05-22
921581 Security: UAF in MidiManagerWin - 2019-05-22
906342 CVE-2018-14625 CrOS: Vulnerability reported in Linux kernel - 2019-05-21
913561 Security: pdfium heap BOF in RelocateTableRowCells $1000 2019-05-21
926853 CrOS: Vulnerability reported in dev-libs/openssl - 2019-05-21
927438 Heap-use-after-free in blink::LayoutBlockFlow::DetermineStartPosition - 2019-05-21
928044 Crash in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run - 2019-05-21
929624 CVE-2018-16880 CrOS: Vulnerability reported in Linux kernel - 2019-05-21
930474 Bad-cast to blink::LayoutText from invalid vptr in blink::ToLayoutText - 2019-05-21
930580 DCHECK failure in !var->has_forced_context_allocation() || var->is_used() in scopes.cc - 2019-05-20
930045 CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda - 2019-05-19
927307 Github Wiki Pages for GoogleChrome are publicly editable. $500 2019-05-18
927471 AppCache may be used to bypass CORB (URLs covered by manifest) - 2019-05-18
927849 is_corb_enabled=false for requests from shared workers - 2019-05-18
929711 Security: Idn-spoof with using U+00F0 (ð) $500 2019-05-18
930026 Heap-buffer-overflow in base::WideToUTF8 - 2019-05-18
914983 pdfium: signed-integer-overflow in AdjustGlyphSpace / CFX_DIBBase::GetOverlapRect $500 2019-05-17
919635 pdfium: signed-integer-overflow in CFX_RenderDevice::DrawNormalText - 2019-05-17
919640 pdfium: signed-integer-overflow in CFX_AggDeviceDriver::StretchDIBits - 2019-05-17
922446 crash_sender: invalid crash report names can trigger arbitrary file deletion as root $500 2019-05-17
928720 Security: Type confusion in V8TrustedTypePolicyOptions::ToImpl - 2019-05-17
929217 Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex $1500 2019-05-17
929623 CVE-2018-16862 CrOS: Vulnerability reported in Linux kernel - 2019-05-17
929625 CVE-2018-18397 CrOS: Vulnerability reported in Linux kernel - 2019-05-17
929626 CVE-2018-19854 CrOS: Vulnerability reported in Linux kernel - 2019-05-17
919643 pdfium: signed-integer-overflow in FX_RECT::Width - 2019-05-16
921351 Crash in _cupsStrFree - 2019-05-16
926854 CrOS: Vulnerability reported in app-admin/rsyslog - 2019-05-16
928640 Use-of-uninitialized-value in bool base::internal::CheckedAddOp<long, long, void>::Do<long> - 2019-05-16
928755 Heap-use-after-free in v8::internal::wasm::CompilationStateImpl::OnFinishedUnit - 2019-05-16
929020 Crash in base::WaitableEvent::TimedWaitUntil - 2019-05-16
926105 Framebusting protection bypass because a download redirected cross-origin gets processed as a main frame navigation $500 2019-05-15
927396 Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept - 2019-05-15
928061 Heap-use-after-free in v8::internal::wasm::BackgroundCompileTask::RunInternal - 2019-05-15
927555 Security DCHECK failure: RotateTransformOperation::IsMatchingOperationType(transform.GetType()) in rotate $1500 2019-05-14
927644 PDFium Use After Free on CXFA_FFNotify::OpenDropDownList (XFA enable) $3500 2019-05-14
925232 CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint - 2019-05-13
928062 Crash in base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity - 2019-05-13
928239 CVE-2018-16884 CrOS: Vulnerability reported in Linux kernel - 2019-05-13
826030 webRequest extensions can see other extensions' requests. - 2019-05-11
925050 CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc - 2019-05-11
915455 Crash in spirv_cross::Compiler::traverse_all_reachable_opcodes - 2019-05-10
919176 Heap-buffer-overflow in spirv_cross::CompilerGLSL::emit_instruction - 2019-05-10
925641 Crash in gldRenderFillPolygonPtr - 2019-05-10
925790 Security: PDFium Use After Free in CXFA_ItemLayoutProcessor::ExtractLayoutItem $3000 2019-05-10
926640 pdfium: use-after-dtor in CPDF_GeneralState::StateData::~StateData() $1000 2019-05-10
913564 Security: pdfium heap use after free in cxfa_layoutitem $3000 2019-05-09
919813 CrOS: Vulnerability reported in media-libs/lcms - 2019-05-09
924450 Security: heap-use-after-free in blink::CSSToLengthConversionData::FontSizes::FontSizes $3000 2019-05-09
926852 CVE-2018-16882 CrOS: Vulnerability reported in Linux kernel - 2019-05-09
926964 Security DCHECK failure: node.IsElementNode() in element.h - 2019-05-09
867509 Security: Chrome OS: almost-exploitable AVFS behavior: argument injection; subdir/bind bypass - 2019-05-08
906601 Use-of-uninitialized-value in sse41::blit_row_s32a_opaque - 2019-05-08
915197 OOB write in sw::VertexProgram::Program $3000 2019-05-08
915206 OOB write in sw::VertexProgram::WHILE $3000 2019-05-08
915218 OOB operation in SwiftShader JIT code. $1000 2019-05-08
923695 Security: URL bar spoofing on iOS - 2019-05-08
923951 Security: heap-use-after-free in blink::ImageResourceContent::UpdateImageAnimationPolicy $3000 2019-05-08
924843 DCHECK failure in IsAligned(DistanceTo(target), kInstrSize) in instructions-arm64.cc - 2019-05-08
925864 Security: UAF in FileSystemOperationRunner - 2019-05-08
926027 Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement - 2019-05-08
926036 DCHECK failure in (decl.pattern) != nullptr in parser.cc - 2019-05-08
921390 Security: Hostname not elided securely (URL spoofing on iOS) $500 2019-05-07
925671 DCHECK failure in 0 < outstanding_tiering_units_ in module-compiler.cc - 2019-05-07
919356 Security: RCE via "copy as curl" on mac - 2019-05-05
924133 Security: V8: Fatal error in ../../src/runtime/runtime-array.cc, line 167 - 2019-05-05
913314 Security: Permission request UI spoof $500 2019-05-04
922864 pdfium (XFA): wrong object type in CFXJSE_FormCalcContext::ParseResolveResult $3000 2019-05-04
924388 Use-of-uninitialized-value in views::View::GetWidget - 2019-05-04
924457 Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers - 2019-05-04
925146 CHECK failure: 2 == total_number_of_control_uses in verifier.cc - 2019-05-04
903233 Heap-buffer-overflow in quipper::PerfSerializer::SerializeMMap2Event - 2019-05-03
903237 Heap-buffer-overflow in quipper::PerfReader::ReadPipedData - 2019-05-03
904382 Heap-buffer-overflow in quipper::PerfReader::ReadBuildIDMetadataWithoutHeader - 2019-05-03
915975 V8 HeapObject pointing to JIT memory $3000 2019-05-03
923205 Bad-cast to cc::ContentLayerClient from invalid vptr in cc::PictureLayer::Update - 2019-05-03
924375 Heap-buffer-overflow in sh::OutputVariable::~OutputVariable - 2019-05-03
924411 Bad parameters to --sanitizer-annotate-contiguous-container in sh::TCompiler::~TCompiler - 2019-05-03
924382 Crash in sh::ShaderVariable::~ShaderVariable - 2019-05-03
924537 Crash in sh::Attribute::~Attribute - 2019-05-03
924905 DCHECK failure in lsb == base::bits::CountTrailingZeros32(value) in instruction-selector-arm.cc - 2019-05-03
924928 pdfium (XFA): double-free in CJX_Node::saveXML $3000 2019-05-03
924950 Heap-use-after-free in views::View::~View - 2019-05-03
923913 Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition - 2019-05-02
924418 Heap-use-after-free in ui::PropertyHandler::SetPropertyInternal - 2019-05-02
915541 Security: ChromeOS Persistent root Command Execution $75000 2019-05-01
922627 Chromium - Exposed GPU profiler allows to dump all URLs and headers from requested pages $4000 2019-05-01
922844 Use-of-uninitialized-value in sqlite3BtreeMovetoUnpacked - 2019-05-01
923630 Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser - 2019-05-01
923646 CrOS: Vulnerability reported in net-misc/curl - 2019-05-01
923675 DCHECK failure in candidate->location.IsValid() in modules.cc - 2019-05-01
920120 CHECK failure: #14 ADDRESS (/mnt/scratch0/clusterfuzz/bot/builds/v8-asan_linux-debug_ddc8d9b4e - 2019-04-30
920276 Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage - 2019-04-30
920421 Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback - 2019-04-30
923264 CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString() - 2019-04-30
922933 DCHECK failure in *available != 0 in assembler-arm.cc - 2019-04-29
912602 Crash in sw::Thread::Thread - 2019-04-28
914925 Crash in libX11.so.6 - 2019-04-28
921393 Crash in cc::SaveOp::Serialize - 2019-04-28
922303 Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition - 2019-04-28
910305 Security: Make JIT payment Service Worker registrations same-origin only - 2019-04-27
918022 Heap-buffer-overflow in scan_bos_continue - 2019-04-27
918232 Security: chromedriver LCE - 2019-04-27
918311 Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand - 2019-04-27
919181 Container-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator - 2019-04-27
920995 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-27
921380 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-27
922077 Bad-cast to content::(anonymous namespace)::WebServiceWorkerNetworkProviderImplForFrame from content::WebServiceWorkerNetworkProviderImplForWorker in content::ServiceWorkerNetworkProvider::FromWebServiceWorkerNetworkProvider - 2019-04-27
922668 Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char - 2019-04-27
888311 CrOS: Vulnerability reported in app-crypt/mit-krb5 - 2019-04-26
916523 Security: Double-destruction race in StoragePartitionService - 2019-04-26
916152 Security: symlinks in /var/log can be abused to create messy arbitrary file write primitives - 2019-04-25
916870 CrossCallParamsEx::GetParameterStr causes Heap-buffer-overflow - 2019-04-25
919486 Clean up extended attributes inadvertently being set on user data files - 2019-04-25
920115 Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::PriorityFromObserver - 2019-04-25
921074 Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char - 2019-04-25
922432 Heap-buffer-overflow in unsigned int v8::internal::wasm::Decoder::read_leb_tail<unsigned int, - 2019-04-25
922677 Security: UAF in FileWriterImpl - 2019-04-25
910906 Upgrade SQLite to 3.26.0 - 2019-04-24
912074 heap-use-after-free on RTCPeerConnectionHandler $3000 2019-04-24
912983 Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short - 2019-04-24
916874 Heap-buffer-overflow in bool base::UTFConversion<base::BasicStringPiece<std::__1::basic_string<wchar_t, - 2019-04-24
917702 Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int - 2019-04-24
917936 Heap-buffer-overflow in AAT::KerxSubTableFormat4<struct AAT::KerxSubTableHeader>::driver_context_t::tran - 2019-04-24
918340 Use-of-uninitialized-value in AAT::ankr::get_anchor - 2019-04-24
920579 CrOS: Vulnerability reported in net-dns/avahi - 2019-04-24
920990 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
920991 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
920992 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
920993 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
920994 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
921376 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
921377 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
921378 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
921379 CrOS: Vulnerability reported in media-gfx/imagemagick - 2019-04-24
921382 Security: Debug check failed: nary->op() == Token::COMMA in V8 parsing - 2019-04-24
921563 CrOS: Vulnerability reported in dev-libs/nettle - 2019-04-24
921935 Crash in webrtc::video_coding::DecodedFramesHistory::InsertDecoded - 2019-04-24
921838 Heap-buffer-overflow in blink::PropertyTreeManager::CreateCompositorScrollNode - 2019-04-24
921951 Use-of-uninitialized-value in webrtc::video_coding::DecodedFramesHistory::WasDecoded - 2019-04-24
921952 Heap-use-after-free in base::MessageLoopCurrent::GetWorkId - 2019-04-24
914507 Use-of-uninitialized-value in sqlite3BtreeDelete - 2019-04-23
916140 Security: /run/ipsec and /run/l2tpipsec_vpn should ideally not be group-writable - 2019-04-23
920733 getDisplayMedia() prompts from background tab, not obvious who's asking. $500 2019-04-23
920859 Use-of-uninitialized-value in blink::AddressCache::Lookup - 2019-04-22
921299 Use-of-uninitialized-value in SkPerlinNoiseShaderImpl::PaintingData::stitch - 2019-04-22
921341 Security DCHECK failure: it != clients_.end() in css_image_generator_value.cc - 2019-04-22
902650 Heap-use-after-free in vp8dx_bool_decoder_fill - 2019-04-21
921076 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsPreparseData()) in shared-function - 2019-04-21
911253 SQLite3 exprCodeBetween heap-buffer overflow - 2019-04-20
911255 sqlite3ExprCompare Assertion Failure: (combinedFlags & EP_Reduced)==0 - 2019-04-20
917588 DCHECK failure in is_fp() in liftoff-register.h - 2019-04-20
918284 DCHECK failure in *available != 0 in assembler-arm.cc - 2019-04-20
918861 Security: Data race in ExtensionsGuestViewMessageFilter - 2019-04-20
919717 CVE-2017-0553 libnl - 2019-04-20
919754 DCHECK failure in !std::isnan(value) in js-operator.h - 2019-04-20
920164 CHECK failure: value->IsSmi() || value->IsTheHole(isolate) in objects-debug.cc - 2019-04-20
920491 CHECK failure: Type cast failed in CAST(elements) at ../../src/ic/accessor-assembler.cc:1830 in - 2019-04-20
920769 DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc - 2019-04-20
780039 kmod: kill support for /run/modprobe.d - 2019-04-19
905509 Audit (and remove as appropriate) use of size_t in command buffer code - 2019-04-19
914736 Security: Heap buffer overflow in the V8 language parser $7500 2019-04-19
918470 Security: Extensions can add host permissions for chrome:// pages $500 2019-04-19
919533 DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc - 2019-04-19
919649 pdfium (XFA): oob array read in CFX_TxtBreak::GetBreakPos - 2019-04-19
920048 Security: http authentication spoof on chrome iOS (repro issue 884179) $500 2019-04-19
920566 Heap-use-after-free in PriorityFromObserver - 2019-04-19
884122 Security: Use-after-free in CPDFSDK_Widget::GetMixXFAWidget $3000 2019-04-18
892574 Security: Use-after-free in CPDFXFA_Page::GetDisplayMatrix $3000 2019-04-18
915819 sqlite3 allows arbitrary binary extension loading - 2019-04-18
918771 Heap-use-after-free in http2::HpackDecoderStringBuffer::BufferStringIfUnbuffered - 2019-04-18
919800 Heap-use-after-free in SelectFileDialogExtension::ExtensionDialogClosing $2500 2019-04-18
916080 Security: UAF in RenderProcessHostImpl binding for P2PSocketDispatcherHost - 2019-04-17
916960 CrOS: Vulnerability reported in net-vpn/strongswan - 2019-04-17
918273 Security DCHECK failure: !object || (object->IsBox()) in layout_box.h - 2019-04-17
918917 DCHECK failure in HasRegisterMove(dst, src, type) in liftoff-assembler.cc - 2019-04-17
919200 Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::DoMultiDrawEndCHROMIUM - 2019-04-17
919340 CHECK failure: TypeError: node #169:DeadValue[kRepTagged](input @0 = CheckString:CheckString) t - 2019-04-17
911822 Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage - 2019-04-16
913836 Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback - 2019-04-16
915857 vpn-manager must sanitize ipsec certificate fields - 2019-04-16
919572 DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc - 2019-04-16
918149 DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc - 2019-04-14
919014 Heap-use-after-free in quic::QuicStreamSequencerBuffer::FirstMissingByte - 2019-04-14
919073 Heap-use-after-free in net::IntervalSet<unsigned long long>::Empty - 2019-04-14
888323 CVE-2018-14611 CrOS: Vulnerability reported in Linux kernel - 2019-04-13
888324 CVE-2018-14612 CrOS: Vulnerability reported in Linux kernel - 2019-04-13
888325 CVE-2018-14613 CrOS: Vulnerability reported in Linux kernel - 2019-04-13
918260 Heap-buffer-overflow in dawn_wire::QueueSubmitDeserialize - 2019-04-13
918094 Heap-buffer-overflow in dawn_wire::dawnShaderModuleDescriptorDeserialize - 2019-04-13
918323 Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int - 2019-04-13
918348 Heap-buffer-overflow in dawn_wire::dawnRenderPassColorAttachmentDescriptorDeserialize - 2019-04-13
918849 Heap-use-after-free in base::small_map<class std::unordered_map<unsigned int,class std::unique_ptr<clas - 2019-04-13
906252 Security: LUCI - Best practice in html escaping content before rendering not followed - 2019-04-12
910222 Use-of-uninitialized-value in avx::store_bgra - 2019-04-12
914731 Security: The serialized data is corrupted because the return value is always true. $1000 2019-04-12
917151 CHECK failure: U_SUCCESS(status) in intl-objects.cc - 2019-04-12
917412 DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc - 2019-04-12
917450 DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h - 2019-04-12
917785 Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator - 2019-04-12
917589 Heap-use-after-free in gfx::ToEnclosingRect - 2019-04-12
917980 Security: Heap-use-after-free in TypedArray.join $5000 2019-04-12
917988 DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc - 2019-04-12
918222 Heap-buffer-overflow in BEInt<unsigned char, 1>::operator unsigned char - 2019-04-12
918450 Heap-use-after-free in cc::Layer::SetOffsetToTransformParent - 2019-04-12
905975 Security: use-after-poison in mojo::SimpleWatcher::OnHandleReady $3000 2019-04-11
914756 Bad-cast to spvtools::utils::SmallVector<unsigned int, 2> from invalid vptr in spvtools::opt::Instruction::GetSingleWordOperand - 2019-04-11
918454 Security: World Editable GitHub Repository Wikis for chromium $500 2019-04-11
856973 Security: Type confusion bypasses Spectre mitigation - 2019-04-10
917021 Crash in AddressIsPoisoned - 2019-04-10
917025 Heap-buffer-overflow in (std::is_function<std::__1::remove_pointer<unsigned - 2019-04-10
915636 CVE-2018-20169: Security: Linux kernel: BOF in drivers/usb/core/hub.c allowing read, maybe write - 2019-04-09
917032 Heap-use-after-free in cc::Layer::SetOffsetToTransformParent - 2019-04-08
916558 Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId - 2019-04-07
905815 DCHECK failure in pc <= end_ in decoder.h - 2019-04-06
916861 Crash in media::Vp9Parser::ParseSuperframe - 2019-04-06
917036 Crash in media::IvfParser::ParseNextFrame - 2019-04-06
917608 Crash in AddressIsPoisoned - 2019-04-06
917645 DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc - 2019-04-06
918027 Heap-use-after-free in blink::LayoutTableCell::CompareInDOMOrder - 2019-04-06
931640 Security: Type confusion in JSPromise::TriggerPromiseReactions - 2019-04-05
749852 Page still eats the page until the next `'` $500 2019-04-05
910824 DCHECK failure in *available != 0 in assembler-arm.cc - 2019-04-05
914511 IsolatedOrigins should ignore port numbers - 2019-04-05
916871 Heap-buffer-overflow in dawn_wire::dawnBindGroupLayoutBindingDeserialize - 2019-04-05
916916 Heap-buffer-overflow in dawn_wire::ComputePassEncoderSetPushConstantsDeserialize - 2019-04-05
881024 Use-of-uninitialized-value in gtk_widget_destroy - 2019-04-04
917668 Security: Cross Domain Bug of Indexeddb Database - 2019-04-04
913270 Heap-use-after-free in midi::MidiManager::~MidiManager - 2019-04-03
900145 Crash in _platform_memmove$VARIANT$Nehalem - 2019-03-31
908191 Crash in SkBinaryWriteBuffer::writePad32 - 2019-03-31
916873 Heap-buffer-overflow in hunspell::BDict::Verify - 2019-03-31
912508 Heap-buffer-overflow in sh::SetUnionArrayFromMatrix - 2019-03-30
912592 DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc - 2019-03-30
913805 Crash in es2::Shader::compile - 2019-03-30
916897 Crash in blink::FindBuffer::PositionAtStartOfCharacterAtIndex - 2019-03-30
917147 Crash in FromHeapObject - 2019-03-30
917545 abort in pdfium_test (copied from PDFium tracker) - 2019-03-30
733943 Do not store URLs in xattr - 2019-03-29
901768 Need a reliable mechanism to make the login profile inaccessible after login completes - 2019-03-29
912211 Security: a use-after-free in RenderFrameImple can lead to an RCE $3000 2019-03-29
910916 Heap-use-after-free in baseline::run_program - 2019-03-28
916428 Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith - 2019-03-28
916525 DCHECK failure in HasSimpleParameters() || is_block_scope() || is_being_lazily_parsed_ in scopes.c - 2019-03-28
916869 Ill in v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule - 2019-03-28
901677 Heap-use-after-free in baseline::exec_ops - 2019-03-27
906437 Use-of-uninitialized-value in av_tolower - 2019-03-27
914240 Crash in dawn_native::null::Buffer::SetSubDataImpl - 2019-03-27
915205 Crash in dawn_native::BufferBase::SetSubData - 2019-03-27
915446 Security: Background fetch leaks cross-origin response size $1000 2019-03-27
915469 Security: Type Confusion in LayoutBlockFlow::CreateLineBoxes $3000 2019-03-27
915492 Crash in dawn_wire::server::Server::OnMapReadAsyncCallback - 2019-03-27
915550 Heap-use-after-free in content::BackgroundFetchContext::StartFetch - 2019-03-27
915587 Use-of-uninitialized-value in blink::MarkingVisitor::ConservativelyMarkAddress - 2019-03-27
915783 Security: Heap-use-after-free in TypedArray.toLocaleString $5000 2019-03-27
916288 DCHECK failure in IsAssignmentContext() in pattern-rewriter.cc - 2019-03-27
899689 Security: Incorrect convexity assumptions in Skia leading to buffer overflows - 2019-03-26
906333 Use-of-uninitialized-value in mz_zip_entry_read_header - 2019-03-26
912947 Security: UAFs in PaymentRequest service - 2019-03-26
912997 Heap-use-after-free in media::AudioThreadHangMonitor::StartTimer - 2019-03-26
913246 WebRTC: Potential Use-after-free in VP8 Block Decoding (MFQE feature) $1000 2019-03-26
914615 Bad-cast to dawn_wire::server::Serverdawn_wire::server::ForwardBufferMapReadAsync in dawn_native::BufferBase::~BufferBase - 2019-03-24
914562 Heap-use-after-free in gcm::GCMDriver::Shutdown - 2019-03-24
914620 Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace - 2019-03-24
915299 Crash in net_http_server_fuzzer - 2019-03-24
905940 OOB Write in ValueDeserializer::ReadDenseJSArray (Tian Fu Cup exploit) - 2019-03-23
908358 Heap-buffer-overflow in mov_read_trun - 2019-03-23
913970 UAP in blink::FileReaderLoader::OnStartLoading $3000 2019-03-23
912520 Security: UAF in RenderFrameHostImpl::CreateMediaStreamDispatcherHost - 2019-03-23
914020 Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith - 2019-03-23
914262 Use-of-uninitialized-value in content::RenderFrameImpl::CommitNavigation - 2019-03-23
915293 Heap-use-after-free in content::RenderFrameImpl::CommitNavigation - 2019-03-23
896838 Heap-buffer-overflow in libX11.so.6 - 2019-03-22
904105 quipper_perf_reader_read_fuzzer Crash in _fini - 2019-03-22
906379 Use-of-uninitialized-value in WebRtcIsacfix_PitchFilterCore - 2019-03-22
910014 Heap-use-after-free in aura::Env::last_mouse_location - 2019-03-22
913807 Heap-use-after-free in BadgeServiceImpl::ClearBadge - 2019-03-22
913975 Chrome tab crashes when a pattern containing a Hebrew character followed by 2 horizontal tabs and then another character is clicked. $1000 2019-03-22
914216 Incorrect-function-pointer-type in base::OnceCallback<void - 2019-03-22
914251 Bad-cast to std::__1::__function::__base<void ()> from std::__1::__function::__func<void (*)(), std::__1::allocator<void (*)()>, void ()> in v8::base::CallOnceImpl - 2019-03-22
914325 Bad-cast to gl::Object from es2::Context in egl::Display::createContext - 2019-03-22
914497 QUIC proxying breaks end-to-end encryption $7500 2019-03-22
914697 Heap-buffer-overflow in av_reallocp - 2019-03-22
914699 Heap-buffer-overflow in av_realloc_f - 2019-03-22
914701 Heap-buffer-overflow in ff_hNUMBER_packet_split - 2019-03-22
914812 Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void - 2019-03-22
914820 Use-of-uninitialized-value in v8::internal::compiler::Node::AppendUse - 2019-03-22
901206 Memcpy-param-overlap in av1_convolve_2d_copy_sr_sse2 - 2019-03-21
902427 Permissions request clickjacking flaw report: $2000 2019-03-21
913232 DCHECK failure in HasIncomingBackEdges(block) implies block_effects.For(block->PredecessorAt(0), b - 2019-03-21
912504 CHECK failure: fixed_size_above_fp + in deoptimizer.cc - 2019-03-21
913822 DCHECK failure in !failed_ in asm-parser.cc - 2019-03-21
914388 CHECK failure: fixed_size_above_fp + in deoptimizer.cc - 2019-03-21
888310 CrOS: Vulnerability reported in dev-libs/libxml2 - 2019-03-20
893395 ASSERT: failed: expected exception __c_0, got RangeError: Array buffer allocation - 2019-03-20
910098 Heap-use-after-free in blink::AudioNodeOutput::RemoveInput - 2019-03-20
912887 CVE-2018-17972 CrOS: Vulnerability reported in Linux kernel - 2019-03-20
912922 Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void - 2019-03-20
913212 DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h - 2019-03-20
883596 Security: Skia missing reset fLastMoveToIndex in SkPath::transform() lead to out-of-bound - 2019-03-19
896538 Security: Skia fLastMoveToIndex wrong state - 2019-03-19
902516 Security: Lock Screen allows pasting of contents from locked session - 2019-03-19
913296 Security: V8: Incorrect type information on SpeculativeSafeIntegerSubtract $5000 2019-03-19
767635 CSP inheritance to cross-origin navigated data URL allows cross-origin info leak $500 2019-03-18
907937 DCHECK failure in (pending_foreground_task_) == nullptr in module-compiler.cc - 2019-03-18
912980 Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException - 2019-03-17
911416 Security: SEGV_ACCERR in Symbol.prototype.description hash calc - 2019-03-16
912600 Heap-use-after-free in dawn_native::DeviceBase::Release - 2019-03-16
912596 Use-of-uninitialized-value in v8::internal::Simulator::FPCompare - 2019-03-16
912601 Heap-use-after-free in dawn_native::DeviceBase::Release - 2019-03-16
912693 Global-buffer-overflow in CreateECCBlock - 2019-03-16
912646 Use-of-uninitialized-value in dawn_native::DeviceBase::Release - 2019-03-16
883265 CrOS: Vulnerability reported in net-misc/curl - 2019-03-15
904182 Downloaded .desktop file execution in Linux - 2019-03-15
907211 Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId - 2019-03-15
909865 Security: iframe.contentWindow.location.href can bypass CSP for javascript URLs $1000 2019-03-15
910663 Crash in Builtins_PromiseRejectReactionJob - 2019-03-15
911907 DCHECK failure in !is_running_microtasks_ in isolate.cc - 2019-03-15
89453 UXSS with empty SecurityOrigin $1000 2019-03-15
456518 HTML parser may leave frame element in an incorrect state $7500 2019-03-15
906383 Use-of-uninitialized-value in quic::QuicFramer::ProcessIetfFrameData - 2019-03-14
906652 Use-of-uninitialized-value in gpu::gles2::ContextState::InitState - 2019-03-14
908829 Crash in dawn_native::BufferBase::SetSubData - 2019-03-14
910210 In presence of NetworkService, AppCache may be used to bypass CORB - 2019-03-14
911827 Bad-cast to dawn_native::DeviceBase from invalid vptr in dawn_native::ValidatingDeviceRelease - 2019-03-14
912125 Heap-buffer-overflow in fxcrt::WideString::SetAt - 2019-03-14
884511 Security: ChromeOS root Command Execution $11337 2019-03-13
900386 Use-of-uninitialized-value in SuperBlitter::blitH - 2019-03-13
905542 Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void - 2019-03-13
906427 Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator - 2019-03-13
906837 User can open browser in sign-in profile from captive profile dialog - 2019-03-13
907278 Heap-use-after-free in dawn_native::DeviceBase::Release - 2019-03-13
907345 Use-of-uninitialized-value in dawn_native::DeviceBase::Release - 2019-03-13
907386 Heap-use-after-free in dawn_native::DeviceBase::Release - 2019-03-13
910223 DCHECK failure in left != right in macro-assembler-arm.cc - 2019-03-13
910903 DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc - 2019-03-13
910852 Heap-use-after-free in spvtools::opt::VectorDCE::HasScalarResult - 2019-03-13
911155 Heap-use-after-free in dawn_native::DeviceBase::Release - 2019-03-13
911686 Heap-buffer-overflow in SuperBlitter::blitH - 2019-03-13
831112 CrOS: Vulnerability reported in net-misc/curl - 2019-03-12
836148 CSP should always inherit same-origin opener's CSP $500 2019-03-12
894228 CSP bypass with blob URL $1000 2019-03-12
901605 CrOS: Vulnerability reported in media-libs/tiff - 2019-03-12
905301 Security: CSP does not propagate to blob: URIs $1000 2019-03-12
908207 Security: CSP(Content-security-policy) vulnerabilities are not completely repaired in Chrome 70.0.3538.110 and can still be bypassed - 2019-03-12
909990 unknow memory write in v8 - 2019-03-12
905571 Use-of-uninitialized-value in extensions::ChromeExtensionsBrowserClient::GetOriginalContext - 2019-03-10
910480 Heap-buffer-overflow in safe_browsing::PeImageReader::EnumCertificates - 2019-03-10
910850 CHECK failure: size <= elements()->length() || elements() == ReadOnlyRoots(isolate).empty_fixed - 2019-03-10
867807 Security: Symlinks on user-supplied file systems allow are risky - 2019-03-09
898306 Raw cookies are disclosed to cross-site renderer (in presence of DevTools and NetworkService) - 2019-03-09
910593 Crash in VisitPointersImpl<v8::internal::ObjectSlot> - 2019-03-09
910632 Crash in FromHeapObject - 2019-03-09
910634 Crash in MemCopy - 2019-03-09
910662 Crash in void v8::internal::EvacuateVisitorBase::RawMigrateObject< - 2019-03-09
904265 OOB operation in swiftshader's JIT $1000 2019-03-08
908834 Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul> - 2019-03-08
909678 CrOS: Vulnerability reported in net-vpn/strongswan - 2019-03-08
909796 Bad-cast to blink::StringResource8 from blink::ParkableStringResource8 in blink::V8Element::GetElementsByClassNameMethodCallback - 2019-03-08
909976 Heap-use-after-free in v8::internal::Scope::Snapshot::RestoreEvalFlag - 2019-03-08
910247 Global-buffer-overflow in blink::Element