961540
|
Heap-buffer-overflow in courgette::DisassemblerElf32ARM::ParseRelocationSection
|
-
|
2019-12-31
|
981628
|
Security: URL in Omnibox doesn't always match page content (repro 897641)
|
$1000
|
2019-12-31
|
1001283
|
CSP bypass with about:srcdoc
|
$3000
|
2019-12-31
|
1006670
|
v8_regexp_parser_fuzzer: Crash in v8::base::SmallVector<int, 64u>::Grow
|
-
|
2019-12-31
|
1006630
|
CHECK failure: filter.IsValid(slot.address()) in mark-compact.cc
|
-
|
2019-12-30
|
442579
|
It's possible to load chrome-extension:// URLs
|
$500
|
2019-12-28
|
922433
|
CrOS: Vulnerability reported in app-text/poppler
|
-
|
2019-12-28
|
922434
|
CrOS: Vulnerability reported in app-text/poppler
|
-
|
2019-12-28
|
953298
|
Extension permission bypass by poisoning bookmarks with javascript url(Bookmarklet)
|
-
|
2019-12-27
|
990779
|
CrOS: Vulnerability reported in x11-libs/pango
|
-
|
2019-12-27
|
998431
|
Security: Accessing set::end in GamepadService
|
$15000
|
2019-12-27
|
1004730
|
Security: UaF in MojoAudioDecoder (Android)
|
$15000
|
2019-12-27
|
929621
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-12-26
|
1005599
|
Crash in Builtins_InterpreterEntryTrampoline
|
-
|
2019-12-26
|
966914
|
Security: Possible to spoof the contents of the omnibox to display any http/https URL, some extension URLs and some internal URLs
|
$3000
|
2019-12-25
|
977043
|
Heap-buffer-overflow in ash::ShelfView::LayoutOverflowButton
|
-
|
2019-12-25
|
998284
|
Security: Possible to temporarily spoof URL by navigating back then forward
|
$1000
|
2019-12-25
|
1003241
|
DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in
|
-
|
2019-12-25
|
1003336
|
CVE-2019-15926 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-12-25
|
1003337
|
CVE-2019-15927 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-12-25
|
1004912
|
CHECK failure: Type cast failed in CAST(CallBuiltin(Builtins::kToName, p->context(), p->name())
|
-
|
2019-12-25
|
1003730
|
CHECK failure: Object is not known to the heap broker in js-heap-broker.cc
|
-
|
2019-12-23
|
985451
|
Security: Secuirty crash in TabAnimation::operator
|
-
|
2019-12-21
|
1001818
|
Bad-cast to blink::LayoutBox from invalid vptr in blink::NGBlockNode::CopyChildFragmentPosition
|
-
|
2019-12-21
|
979441
|
Security: Navigating to "chrome://" URLs on Android
|
$500
|
2019-12-20
|
1003327
|
CVE-2019-15917 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-12-20
|
1003331
|
CVE-2019-15921 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-12-20
|
955191
|
Disk cache refcount overflows?
|
-
|
2019-12-19
|
1000922
|
Crash in pthread_create
|
-
|
2019-12-19
|
1002388
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio
|
-
|
2019-12-19
|
1002687
|
Security: Idn-spoof with using CJK character skeletons
|
-
|
2019-12-19
|
1003140
|
Bad-cast to blink::ScriptWrappable from blink::NavigatorGeolocation in blink::FinalizerTrait<blink::ScriptWrappable>::Finalize
|
-
|
2019-12-19
|
1003341
|
CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar
|
-
|
2019-12-19
|
990849
|
Leaking size of cross-origin resource by using Range Requests and Service Workers
|
$2000
|
2019-12-18
|
991568
|
Security: forced redirection from cross-origin iframe
|
$3000
|
2019-12-18
|
996786
|
Check cookie domain on setting cookies
|
-
|
2019-12-18
|
1001159
|
pdfium: oob read in PDF_DecodeText
|
$2000
|
2019-12-18
|
803187
|
Security: Interstitials WebUI should have a stricter CSP
|
-
|
2019-12-17
|
840180
|
Address Bar Spoofing when spoofing target is NOT a top domain but a related domain is in the top list (e.g. adidas.de vs adidas.com )
|
-
|
2019-12-17
|
961651
|
CrOS: Vulnerability reported in net-libs/gnutls
|
-
|
2019-12-17
|
995964
|
Security: UAF in InProcessVideoCaptureDeviceLauncher
|
$20000
|
2019-12-17
|
997401
|
CHECK failure: U_SUCCESS(status) in intl-objects.cc
|
-
|
2019-12-17
|
999793
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2019-12-17
|
1000002
|
Security: OfflinePageAutoFetcher UAF 2
|
$20000
|
2019-12-17
|
1000882
|
Security: Regression : 'Press Esc to exit fullscreen' warning doesn't display
|
$3000
|
2019-12-17
|
1000934
|
Security: Heap-use-after-free in SharingDialogView::WindowClosing()
|
$15000
|
2019-12-17
|
1001804
|
CHECK failure: AllowJavascriptExecution::IsAllowed(isolate) in execution.cc
|
-
|
2019-12-17
|
999118
|
CVE-2019-15213 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-12-14
|
982326
|
ChromeVox extension injects attacker-controlled scripts and requests attacker-controlled URLs
|
$5000
|
2019-12-13
|
1000635
|
Security: Use After Free in the function JavaScriptFrame::Summarize
|
$7500
|
2019-12-13
|
931894
|
Security: http authentication spoof on chrome iOS
|
$1000
|
2019-12-12
|
988590
|
Overflow of the transform scale CSS property freezes/crashes the renderer allowing cross-origin content spoofing
|
$500
|
2019-12-12
|
994044
|
Security: URL bar spoofing with using a file:/// URL
|
$500
|
2019-12-12
|
996741
|
Security: Site Isolation bypass and local file disclosure via Payment Handler API
|
-
|
2019-12-12
|
1000563
|
Heap-use-after-free in ash::OverviewHighlightController::OnViewDestroyingOrDisabling
|
-
|
2019-12-12
|
696454
|
Security: Filesystem dialog box to cover the self-window and no origin for spoof
|
$1000
|
2019-12-11
|
760855
|
Security: Address bar RTL spoofing using hebrew
|
$500
|
2019-12-11
|
859349
|
Security: Confused deputy attack against Chrome Android application might lead to internal storage file disclosure
|
$1000
|
2019-12-11
|
991321
|
Security: use-after-poison in blink::VideoTrackRecorder::InitializeEncoder
|
$5000
|
2019-12-11
|
997403
|
Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed
|
-
|
2019-12-11
|
998395
|
Heap-use-after-free in blink::NGOffsetMappingUnit::AssertValid
|
-
|
2019-12-11
|
998548
|
Security: UaF in ImageCapture
|
$20000
|
2019-12-11
|
999469
|
Crash in blink::NonSharedCharacterBreakIterator::Next
|
-
|
2019-12-11
|
999760
|
Security: Tab sharing UI crash
|
$500
|
2019-12-11
|
1000050
|
ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::StartPacketRecovery
|
-
|
2019-12-11
|
1000167
|
Crash in blink::NonSharedCharacterBreakIterator::IsCRBeforeLF
|
-
|
2019-12-11
|
1000217
|
Security: Potential UAF in Isolate::ReportPendingMessagesImpl
|
-
|
2019-12-11
|
996751
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-12-09
|
997449
|
Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject
|
-
|
2019-12-09
|
999463
|
Stack-use-after-scope in viz::LocalSurfaceId::parent_sequence_number
|
-
|
2019-12-08
|
998196
|
Global-buffer-overflow in content::WebWidgetLockTarget::OnLockMouseACK
|
-
|
2019-12-07
|
999497
|
Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged
|
-
|
2019-12-07
|
937131
|
Feature Policy 'allow' attribute can override top-level policy in frames
|
-
|
2019-12-06
|
979443
|
Security: URL bar spoofing via download redirect
|
$2000
|
2019-12-06
|
997925
|
Security: Possible to retrieve cross-origin data in certain cases using devtools custom formatters
|
$500
|
2019-12-06
|
998679
|
Security: Crash in content::`anonymous namespace'::OnInstallPaymentApp
|
$10000
|
2019-12-06
|
999470
|
Use-of-uninitialized-value in ui::X11Window::OnXWindowStateChanged
|
-
|
2019-12-06
|
972463
|
Security: Multiple vulnerabilities in chromeos-disk-firmware.sh
|
$1000
|
2019-12-05
|
996391
|
v8_regexp_parser_fuzzer: DCHECK failure in index < length_ in vector.h
|
-
|
2019-12-05
|
998127
|
Crash in blink::ScriptState::From
|
-
|
2019-12-05
|
998204
|
Crash in v8::internal::LoopChoiceNode::Accept
|
-
|
2019-12-05
|
999005
|
Heap-buffer-overflow in blink::NGInlineNodeDataEditor::Run
|
-
|
2019-12-05
|
982812
|
CSS injection in any website using Color Enhancer extension
|
$2000
|
2019-12-04
|
986751
|
UAP in blink::PersistentBase
|
-
|
2019-12-04
|
997982
|
Crash in v8::internal::GlobalHandles::CreateTraced
|
-
|
2019-12-04
|
998215
|
Crash in v8::internal::MarkCompactCollector::IsUnmarkedHeapObject
|
-
|
2019-12-04
|
998322
|
Crash in v8::HandleScope::CreateHandle
|
-
|
2019-12-04
|
997440
|
Crash in v8::internal::Simulator::WriteW
|
-
|
2019-12-03
|
998093
|
Bad-cast to blink::Nodeblink::Node::GetRegisteredMutationObserversOfType in blink::MutationObserverInterestGroup::CreateIfNeeded
|
-
|
2019-12-03
|
1005713
|
Security: Parser bug can introduce mXSS and HTML sanitizers bypass
|
-
|
2019-12-02
|
997411
|
CHECK failure: (map().has_fast_smi_or_object_elements() || map().has_frozen_or_sealed_elements(
|
-
|
2019-12-01
|
997421
|
DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr
|
-
|
2019-12-01
|
987205
|
Unknown signal in Builtins_JSEntryTrampoline
|
-
|
2019-11-30
|
995712
|
Security: PDFium (XFA) Use-after-free in CFWL_PushButton::OnKeyDown
|
$7500
|
2019-11-30
|
996515
|
Use-of-uninitialized-value in OmniboxViewViews::HandleKeyEvent
|
-
|
2019-11-30
|
996526
|
Heap-use-after-free in AutocompleteMatch::IsTabSwitchSuggestion
|
-
|
2019-11-30
|
996571
|
Heap-buffer-overflow in AutocompleteMatch::IsTabSwitchSuggestion
|
-
|
2019-11-30
|
997190
|
Security: UaF in MediaSession, Android only
|
$20000
|
2019-11-30
|
901789
|
Security: Same origin policy bypass via 401 page
|
-
|
2019-11-29
|
915538
|
Security: Origin header-based CSRF protection bypass
|
$500
|
2019-11-29
|
990223
|
CHECK failure: status == CompilationJob::SUCCEEDED in function-compiler.cc
|
-
|
2019-11-29
|
993553
|
Security: PDFium (XFA) Use-after-free in CJX_HostPseudoModel::openList
|
$9500
|
2019-11-29
|
997057
|
Heap-use-after-free in v8::internal::compiler::ConstantFoldingReducer::Reduce
|
-
|
2019-11-29
|
595841
|
Require browser process interaction to open files from chrome://downloads
|
-
|
2019-11-28
|
756825
|
Chrome automatically downloads certain files even though the "Ask before downloading" option is enabled
|
$500
|
2019-11-28
|
769662
|
Security: openvpn - CVE-2017-12166: out of bounds write in key-method 1
|
-
|
2019-11-28
|
839239
|
Security: Fullscreen notification can be obscured by external protocol prompt
|
-
|
2019-11-28
|
875178
|
Security: spoof google via onbeforeunload of ssl error page
|
-
|
2019-11-28
|
988024
|
config_validator_fuzzer: Heap-buffer-overflow in parse_file
|
-
|
2019-11-28
|
988025
|
config_validator_fuzzer: Use-of-uninitialized-value in krb5int_aes_enc_key
|
-
|
2019-11-28
|
989078
|
Reading local files and cross-origin resources through an extension that only has the "downloads" permission
|
$2000
|
2019-11-28
|
992838
|
Security: URL bar spoofing on Android with a very long URL
|
$3000
|
2019-11-28
|
995709
|
Heap-use-after-free in blink::AutoplayPolicy::IsDocumentAllowedToPlay
|
-
|
2019-11-28
|
996211
|
gpu_raster_passthrough_fuzzer: Use-of-uninitialized-value in SkDescriptor::isValid
|
-
|
2019-11-28
|
992914
|
Security: v8 Map migration doesn't respect element kinds changes, leading to type confusion
|
-
|
2019-11-27
|
995591
|
IndexedDB: GetDatabaseInfo() should check AllowIndexedDB() before issuing a request to the browser
|
-
|
2019-11-27
|
996099
|
DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr
|
-
|
2019-11-27
|
992808
|
Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::DoDelete
|
-
|
2019-11-26
|
995010
|
Heap-use-after-free in chromeos::device_sync::CryptAuthGCMManagerImpl::~CryptAuthGCMManagerImpl
|
-
|
2019-11-26
|
967780
|
Security: Code run by redirecting same-origin download to a javascript: URL gains user activation and bypasses CSP
|
$1000
|
2019-11-25
|
993288
|
Security: Possible to read cross-origin data using debug console utility function
|
-
|
2019-11-25
|
994203
|
spvtools_opt_performance_fuzzer: Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand
|
-
|
2019-11-25
|
994248
|
spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::opt::StructuredCFGAnalysis::AddBlocksInFunction
|
-
|
2019-11-25
|
995071
|
spvtools_opt_legalization_fuzzer: Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator
|
-
|
2019-11-25
|
995114
|
Use-of-uninitialized-value in blink::NGBlockLayoutAlgorithm::ComputeChildData
|
-
|
2019-11-25
|
995275
|
DCHECK failure in nexus.IsMegamorphic() || nexus.GetFeedback().IsCleared() in js-heap-broker.cc
|
-
|
2019-11-25
|
925791
|
Security: PDFium Uninitialized Memory Read in CXFA_LayoutPageMgr::GetAvailHeight
|
$1000
|
2019-11-23
|
977527
|
sequence_manager_fuzzer: Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr
|
-
|
2019-11-23
|
980183
|
Unknown signal in Builtins_ArrayPrototypeFindIndex
|
-
|
2019-11-23
|
990635
|
CVE-2018-20856 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-23
|
991125
|
Security: Privilege Elevation via Google Chrome Elevation Service
|
$5000
|
2019-11-23
|
993771
|
Security: pdfium XFA m_pFocusWidget Use After Free
|
$5000
|
2019-11-23
|
994086
|
Crash in sw::Renderer::executeTask
|
-
|
2019-11-23
|
994089
|
Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste
|
-
|
2019-11-23
|
984386
|
Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc
|
-
|
2019-11-22
|
882812
|
Security: fullscreen notification spoof (registerProtocolHandler)
|
$1000
|
2019-11-21
|
990582
|
DCHECK failure in maybe_table.IsSourcePositionTableWithFrameCache() in code.cc
|
-
|
2019-11-21
|
993223
|
Security: Heap-use-after-free in payments::PaymentRequestSheetController::UpdateHeaderView
|
$5000
|
2019-11-21
|
977871
|
vtest_fuzzer: Crash in try_setup_line
|
-
|
2019-11-20
|
986043
|
Security: Malicious Extension can ignore SOP, with only `downloads` permission.
|
$3000
|
2019-11-20
|
992389
|
Crash in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>
|
-
|
2019-11-20
|
993266
|
blink_png_decoder_fuzzer: Heap-buffer-overflow in blink::PNGImageDecoder::RowAvailable
|
-
|
2019-11-20
|
993474
|
CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar
|
-
|
2019-11-20
|
993601
|
Security: PurpleWolf HTTP/2 denial of service attacks
|
-
|
2019-11-20
|
978793
|
UAP in UpdatePlaceholderImage
|
$5500
|
2019-11-19
|
986211
|
Heap-buffer-overflow in net::SpdyReadQueue::Dequeue
|
-
|
2019-11-19
|
992844
|
Crash in sw::Renderer::executeTask
|
-
|
2019-11-19
|
992679
|
Crash in blink::HeapHashTableBacking<WTF::HashTable<WTF::LinkedHashSetNode<blink::WeakMem
|
-
|
2019-11-18
|
992688
|
Use-of-uninitialized-value in Cr_z_crc32_z
|
-
|
2019-11-18
|
992703
|
Use-of-uninitialized-value in Cr_z_crc32_sse42_simd_
|
-
|
2019-11-18
|
991328
|
Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork
|
-
|
2019-11-17
|
981492
|
UAP in SetDispatchContext
|
$3000
|
2019-11-16
|
984811
|
Use-after-free inside CFX_SkiaDeviceDriver::Flush() when SkiaPaths is enabled
|
-
|
2019-11-16
|
992285
|
Security: use-after-free in payment app
|
$500
|
2019-11-16
|
991085
|
Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage
|
-
|
2019-11-15
|
991901
|
Crash in void v8::internal::MarkCompactCollector::ProcessMarkingWorklistInternal<
|
-
|
2019-11-15
|
960305
|
Security: storage estimate allows obtaining size of cached cross-origin resource
|
$500
|
2019-11-14
|
986393
|
Security: Possible to leak global window object via console
|
$500
|
2019-11-14
|
987502
|
Security: Possible to leak exceptions across contexts via devtools
|
-
|
2019-11-14
|
991446
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPaintFragment::PopulateDescendants
|
-
|
2019-11-14
|
973928
|
Heap-use-after-free in password_manager::PasswordReuseDetectionManager::OnPaste
|
-
|
2019-11-13
|
981597
|
Pointer lock propagates user activation to sandboxed frame
|
-
|
2019-11-13
|
989305
|
Bad-cast to blink::LayoutBoxModelObject from invalid vptr in blink::LayoutBlockFlow::AddOverhangingFloats
|
-
|
2019-11-13
|
990222
|
content_security_policy_fuzzer: Crash in qos_class_main
|
-
|
2019-11-13
|
929763
|
Security: BT classic MITM 1-byte key length negotiation
|
-
|
2019-11-12
|
989497
|
Security: URL bar spoofing on iOS (with SlimNav ON)
|
$3000
|
2019-11-12
|
989742
|
Crash in blink::NGExclusionSpaceInternal::DerivedGeometry::FindLayoutOpportunity
|
-
|
2019-11-12
|
990590
|
Heap-use-after-free in content::IndexedDBContextImpl::DatabaseDeleted
|
-
|
2019-11-12
|
956420
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2019-11-11
|
986063
|
Security: Calling console utility functions causes data to be shared between contexts
|
$500
|
2019-11-11
|
989909
|
Accessors created from FunctionTemplate have the wrong native context
|
-
|
2019-11-11
|
921561
|
CrOS: Vulnerability reported in net-wireless/hostapd
|
-
|
2019-11-08
|
946633
|
Security: Download dialog spoofing
|
$500
|
2019-11-08
|
984344
|
V8 Invalid Read in v8::internal::HeapObject::IsHeapNumber
|
$2000
|
2019-11-08
|
985758
|
Bad-cast to blink::WebView from invalid vptr in test_runner::TestRunner::FinishTestIfReady
|
-
|
2019-11-08
|
986007
|
gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2019-11-08
|
986029
|
transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2019-11-08
|
986792
|
UAF in blink::ImageBitmapFactories::ImageBitmapLoader::DecodeImageOnDecoderThread
|
$7500
|
2019-11-08
|
989827
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2019-11-08
|
863661
|
Security:IDN url spoofing using U+4e00
|
$500
|
2019-11-06
|
977989
|
Security: pdfium heap-use-after-free in CXFA_ItemLayoutProcessor::InsertFlowedItem
|
$500
|
2019-11-06
|
981618
|
CrOS: Vulnerability reported in dev-libs/glib
|
-
|
2019-11-06
|
988241
|
Security DCHECK failure: !object || (object->IsBox()) in layout_box.h
|
-
|
2019-11-06
|
988541
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2019-11-06
|
989471
|
CVE-2007-6762 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-06
|
989472
|
CVE-2010-5331 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-06
|
989473
|
CVE-2010-5332 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-06
|
989474
|
CVE-2018-20784 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-06
|
994957
|
Security: buffer OOB *read* in libc++ random
|
-
|
2019-11-05
|
866162
|
Security: IDN URL Spoofing with Greek Letter
|
-
|
2019-11-05
|
927150
|
Security: 'Press Esc to exit fullscreen' covered up by <select>
|
-
|
2019-11-05
|
982397
|
PDFium (XFA) Use-after-free in CPDFSDK_XFAWidgetHandler::OnXFAChangedFocus
|
$5500
|
2019-11-05
|
987956
|
CVE-2019-13272 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-11-05
|
988304
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-11-05
|
988858
|
[IndexedDB] Prevent using uninitialized memory in IndexedDBBackingStore
|
-
|
2019-11-05
|
988919
|
DCHECK failure in loop_node_->EatsAtLeast(true) >= continue_node_->EatsAtLeast(true) in regexp-com
|
-
|
2019-11-05
|
972030
|
CrOS: Vulnerability reported in dev-libs/glib
|
-
|
2019-11-04
|
868846
|
Security: URL spoof using CJK combining character (U+3099 U+309A)
|
$1000
|
2019-11-02
|
987270
|
audio_decoder_fuzzer: Use-of-uninitialized-value in wav_parse_bext_string
|
-
|
2019-11-02
|
973360
|
Use-after-free in WasmMemoryObject::Grow
|
$5000
|
2019-11-01
|
980161
|
Security: PDFium (XFA) Use-after-free in CPDFSDK_AnnotHandlerMgr::GetNextAnnot
|
$5500
|
2019-11-01
|
983147
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-11-01
|
987507
|
rtcp_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned int, 4u, false>::Get
|
-
|
2019-11-01
|
964938
|
Use-of-uninitialized-value in ui::SolveLeastSquares
|
-
|
2019-10-31
|
987381
|
Use-of-uninitialized-value in media_session::MediaPosition::operator==
|
-
|
2019-10-31
|
939108
|
Isolate chrome.google.com from *.google.com
|
$500
|
2019-10-30
|
973228
|
Heap-use-after-free in dawn_wire::server::Server::DoBufferUpdateMappedData
|
-
|
2019-10-30
|
986754
|
UAP in IsEmptyValue
|
-
|
2019-10-30
|
987106
|
Use-of-uninitialized-value in net::HostResolverManager::RecordTotalTime
|
-
|
2019-10-30
|
968451
|
Security: http authentication spoof (repro issue 928974)
|
-
|
2019-10-29
|
984536
|
sqlite3_lpm_fuzzer: Heap-buffer-overflow in sqlite3VdbeExec
|
-
|
2019-10-29
|
984650
|
sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip
|
-
|
2019-10-29
|
985546
|
sqlite3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3CompareAffinity
|
-
|
2019-10-29
|
985646
|
Heap-use-after-free in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints
|
-
|
2019-10-29
|
985781
|
pdfium_xfa_fuzzer: Heap-buffer-overflow in fxcrt::RetainPtr<fxcrt::StringDataTemplate<wchar_t> >::RetainPtr
|
$5000
|
2019-10-29
|
986008
|
Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints
|
-
|
2019-10-29
|
986064
|
Security: pdfium XFA CJX_Object::SetContent Use After Free
|
$5000
|
2019-10-29
|
986262
|
CVE-2019-13233 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-10-29
|
548273
|
Type confusion in ObjectBackedNativeHandler::Router
|
$5000
|
2019-10-28
|
981873
|
Security: UAF in ~LevelDBIteratorImpl
|
-
|
2019-10-27
|
984475
|
sqlite3_lpm_fuzzer: Crash in estimateIndexWidth
|
-
|
2019-10-27
|
925269
|
Use-of-uninitialized-value in TIFFYCbCrtoRGB
|
-
|
2019-10-26
|
981608
|
spvtools_opt_performance_fuzzer: Heap-use-after-free in spvtools::opt::InlinePass::IsInlinableFunctionCall
|
-
|
2019-10-26
|
981609
|
spvtools_opt_performance_fuzzer: Bad-cast to spvtools::opt::Instruction from invalid vptr in spvtools::opt::BasicBlock::id
|
-
|
2019-10-26
|
983938
|
Heap-use-after-free in gpu::gles2::Texture::ClearRenderableLevels
|
-
|
2019-10-26
|
984868
|
Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage
|
-
|
2019-10-26
|
984890
|
Bad-cast to blink::GarbageCollectedMixin from invalid vptr in void blink::Visitor::TraceRoot<blink::ImageDownloaderBase>
|
-
|
2019-10-26
|
985302
|
Bad-cast to blink::ImageDownloaderBase from blink::ResponseBodyLoader in blink::MultiResolutionImageResourceFetcher::OnURLFetchComplete
|
-
|
2019-10-26
|
847035
|
Security: Chrome for iOS (CVE-2017-5385) HTML documents sent with multipart/x-mixed-replace ignores Referrer-Policy response header
|
-
|
2019-10-25
|
981569
|
spvtools_opt_legalization_fuzzer: Heap-use-after-free in spvtools::opt::BasicBlock::id
|
-
|
2019-10-25
|
983867
|
Security: Use-after-free in CPDFSDK_ActionHandler::ExecuteFieldAction
|
$5000
|
2019-10-25
|
984809
|
dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::IsArrayLayerValidForTextureViewDimension
|
-
|
2019-10-25
|
985337
|
CVE-2019-10639 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-10-25
|
896533
|
Security: IDN URL Spoofing with Georgian Letter Jil "å«"
|
$500
|
2019-10-24
|
984521
|
Security: UAF due to double call to IndexedDBConnection::Close
|
-
|
2019-10-24
|
984917
|
CVE-2019-10638 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-10-24
|
882363
|
Security: fullscreen notification overlap
|
$1000
|
2019-10-23
|
950027
|
Incorrect-function-pointer-type in google::protobuf::internal::AddDescriptorsImpl
|
-
|
2019-10-23
|
971408
|
Have secure context checks in browser side code of Native File System API
|
-
|
2019-10-23
|
974354
|
GpuMemoryBufferImplIOSurface doesn't validate handle
|
-
|
2019-10-23
|
977462
|
Security: UAF in OfflinePageAutoFetcher::CancelSchedule
|
$10000
|
2019-10-23
|
981291
|
net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ParsePriorityFrame
|
-
|
2019-10-23
|
981785
|
UAF in PDFium due to incorrect ref count
|
$3000
|
2019-10-23
|
982648
|
net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType
|
-
|
2019-10-23
|
983775
|
Security: heap-use-after-free in blink::LayoutBlockFlow::AddChild
|
-
|
2019-10-23
|
983785
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutObject::IsAnonymousBlock
|
-
|
2019-10-23
|
983850
|
Crash in v8::internal::Simulator::LoadStorePairHelper
|
-
|
2019-10-23
|
983856
|
Heap-use-after-free in blink::LayoutBox::SplitAnonymousBoxesAroundChild
|
-
|
2019-10-23
|
983865
|
Heap-use-after-free in blink::LayoutBlockFlow::AddChild
|
-
|
2019-10-23
|
983970
|
Heap-use-after-free in blink::LayoutBoxModelObject::MoveChildTo
|
-
|
2019-10-23
|
821194
|
Use SHA256 for instance IDs
|
-
|
2019-10-22
|
921984
|
CrOS: Vulnerability reported in app-text/qpdf
|
-
|
2019-10-22
|
949032
|
Security: Use-after-free in CXFA_FFWidget::OnKillFocus
|
$3000
|
2019-10-22
|
968914
|
this.print() should required a user gesture
|
-
|
2019-10-22
|
980226
|
Crash in Builtins_GetPropertyWithReceiver
|
-
|
2019-10-22
|
961513
|
Heap-buffer-overflow in Json::Reader::readArray
|
-
|
2019-10-20
|
983344
|
flexfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::XorPayloads
|
-
|
2019-10-20
|
983351
|
forward_error_correction_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<rtc::RefCountedObject<rtc::BufferT<unsigned char, false> > >:
|
-
|
2019-10-20
|
983356
|
ulpfec_receiver_fuzzer: Heap-buffer-overflow in webrtc::ByteReader<unsigned short, 2u, false>::ReadBigEndian
|
-
|
2019-10-20
|
983385
|
forward_error_correction_fuzzer: Bad-cast to rtc::RefCountedObject<rtc::BufferT<unsigned char, false> >rtc::CopyOnWriteBuffer::CloneDataIfReferenced in unsigned char* rtc::CopyOnWriteBuffer::data<unsigned char,
|
-
|
2019-10-20
|
983400
|
flexfec_receiver_fuzzer: Use-of-uninitialized-value in rtc::scoped_refptr<webrtc::ForwardErrorCorrection::Packet>::~scoped_refptr
|
-
|
2019-10-20
|
983767
|
Use-of-uninitialized-value in media::MediaMetricsProvider::GetUMANameForAVStream
|
-
|
2019-10-20
|
983768
|
Use-of-uninitialized-value in =
|
-
|
2019-10-20
|
983773
|
mediasource_WEBM_VP8_pipeline_integration_fuzzer: Use-of-uninitialized-value in media::operator==
|
-
|
2019-10-20
|
977107
|
UAP in offline audio context
|
$3000
|
2019-10-19
|
980475
|
Security: WebAssembly Table.Copy lead to OOB Write
|
$7500
|
2019-10-18
|
980672
|
ipp_message_parser_fuzzer: Heap-buffer-overflow in libcups.so.2
|
-
|
2019-10-18
|
981234
|
Heap-use-after-free in libswiftshader_libGLESv2.dylib
|
-
|
2019-10-18
|
981381
|
ipp_message_parser_fuzzer: Heap-buffer-overflow in ipp_converter::ConvertIppToMojo
|
-
|
2019-10-18
|
981385
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-10-18
|
981573
|
Use-of-uninitialized-value in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints
|
-
|
2019-10-18
|
981585
|
heap-use-after-free : blink::CanvasResourceProviderSharedImage::WillDraw
|
-
|
2019-10-18
|
981590
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-10-18
|
982153
|
Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints
|
-
|
2019-10-18
|
982530
|
Incorrect optimization causes memory corruption
|
-
|
2019-10-18
|
982805
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-10-18
|
983137
|
Security: PDFium Bad cast in ToNode in cxfa_object.cpp
|
$5000
|
2019-10-18
|
983293
|
Use-of-uninitialized-value in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed
|
-
|
2019-10-18
|
837936
|
Security: Probing JS bytecode cache allows timing attack
|
-
|
2019-10-17
|
969285
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2019-10-17
|
979187
|
CrOS: Vulnerability reported in dev-libs/expat
|
-
|
2019-10-17
|
979373
|
Security DCHECK failure: line_layout_item.IsLayoutInline() || line_layout_item.IsEqual(this) in layout_bl
|
-
|
2019-10-17
|
980292
|
Crash in Builtins_GetPropertyWithReceiver
|
-
|
2019-10-17
|
982768
|
pdfium_fuzzer: Use-of-uninitialized-value in float const& pdfium::clamp<float>
|
-
|
2019-10-17
|
982828
|
Security: heap-use-after-free in ~CPDFSDK_XFAWidget() (ProbeForLowSeverityLifetimeIssue)
|
-
|
2019-10-17
|
977341
|
heap-use-after-free : GrTextBlobCache::purgeStaleBlobs
|
-
|
2019-10-16
|
979902
|
pdf_codec_tiff_fuzzer: Negative-size-param in _TIFFmemcpy
|
-
|
2019-10-16
|
980168
|
DCHECK failure in !new_map->has_frozen_or_sealed_elements() in js-objects.cc
|
-
|
2019-10-16
|
981232
|
Crash in blink::PointerLockController::DidLosePointerLock
|
-
|
2019-10-16
|
981459
|
Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutNGBlockFlow in blink::ToLayoutEmbeddedContent
|
-
|
2019-10-16
|
951487
|
Security: Two autocomplete flaws STILL allow stealing credit card numbers
|
$3337
|
2019-10-15
|
980891
|
Security: CSA_ASSERT failed: IsRegularHeapObjectSize(size_in_bytes)
|
-
|
2019-10-15
|
981202
|
Security: Memory corruption in BrowserList::NotifyBrowserNoLongerActive(Browser*) ()
|
$500
|
2019-10-15
|
981528
|
Security: PDFium (XFA) Use-after-free in CPDFSDK_Widget::HasXFAAAction
|
$5000
|
2019-10-15
|
981602
|
Heap-use-after-free in blink::InlineFlowBox::DeleteLine
|
-
|
2019-10-15
|
971550
|
Crash in qos_class_main
|
-
|
2019-10-12
|
979923
|
Use-of-uninitialized-value in blink::NGOffsetMapping::GetLastPosition
|
-
|
2019-10-12
|
979972
|
Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex
|
-
|
2019-10-12
|
980448
|
Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex
|
-
|
2019-10-12
|
980450
|
Crash in blink::FindBuffer::FindMatchInRange
|
-
|
2019-10-12
|
980816
|
OOB in SwiftShader textureSize
|
$2000
|
2019-10-12
|
980843
|
Sig11 in wasm
|
$500
|
2019-10-12
|
981412
|
Container-overflow in CPDF_DeviceCS::GetRGB
|
-
|
2019-10-12
|
977926
|
Heap-use-after-free in blink::LargeTextFirst
|
$3500
|
2019-10-10
|
979023
|
DCHECK failure in number_of_own_descriptors > 0 in map-inl.h
|
-
|
2019-10-10
|
980422
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-10-10
|
980811
|
devtools_protocol_encoding_cbor_fuzzer: Heap-buffer-overflow in inspector_protocol_encoding::json::JSONEncoder<std::__Cr::basic_string<char, std
|
-
|
2019-10-10
|
937587
|
Heap-buffer-overflow in libcups.so.2
|
-
|
2019-10-09
|
937662
|
Use-of-uninitialized-value in ipp_converter::ConvertIppToMojo
|
-
|
2019-10-09
|
937664
|
Use-of-uninitialized-value in ippReadIO
|
-
|
2019-10-09
|
976753
|
Security: heap-buffer-overflow in CFDE_TextEditEngine::AdjustGap
|
-
|
2019-10-09
|
978180
|
Use-After-Free in FT_Stream_ReleaseFrame
|
-
|
2019-10-09
|
978575
|
Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnSetFocus
|
$3000
|
2019-10-09
|
978382
|
Incorrect heap object handling in v8
|
$500
|
2019-10-09
|
980065
|
Crash in v8::internal::SourcePositionTableIterator::Advance
|
-
|
2019-10-08
|
979942
|
Heap-use-after-free in blink::LayoutObject::UpdateFirstLineImageObservers
|
-
|
2019-10-07
|
979951
|
Heap-use-after-free in base::subtle::RefCountedBase::AddRefImpl
|
-
|
2019-10-07
|
979505
|
Bad-cast to net::URLRequestFtpJob from invalid vptr in net::URLRequestFtpJob::OnStartCompleted
|
$3500
|
2019-10-06
|
976713
|
Security: Possible to leak internal objects like arrayBufferConstructor_DoNotInitialize and InternalPackedArray via console utility functions
|
-
|
2019-10-05
|
977778
|
NGOffsetMappingBuilder::CollapseTrailingSpace() crashes with white-space:pre-wrap
|
-
|
2019-10-05
|
953516
|
Potential map end() access in MojoMjpegDecodeAcceleratorService
|
-
|
2019-10-04
|
973352
|
Heap-use-after-free in dawn_native::null::Buffer::CopyFromStaging
|
-
|
2019-10-04
|
976573
|
Bad-cast to dawn_native::null::Buffer from invalid vptr in dawn_native::null::BufferMapReadOperation::Execute
|
-
|
2019-10-04
|
978082
|
heap-use-after-free : cc::LayerTreeHostImpl::ImageDecodeFinished
|
-
|
2019-10-04
|
979069
|
Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex
|
-
|
2019-10-04
|
979228
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-10-04
|
971544
|
Use-of-uninitialized-value in GrBackendTexture::operator=
|
-
|
2019-10-03
|
946260
|
AppCache can be registered to arbitrary site with renderer compromise
|
$1000
|
2019-10-02
|
970378
|
Security: Sites can bypass restrictions on multiple downloads by redirecting page to about:srcdoc
|
$500
|
2019-10-02
|
976627
|
v8 crash on regexp length check
|
$3000
|
2019-10-02
|
977012
|
DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h
|
-
|
2019-10-02
|
977458
|
Use-of-uninitialized-value in blink::LayoutTreeBuilderForText::CreateLayoutObject
|
-
|
2019-10-02
|
977832
|
Heap-buffer-overflow in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset
|
-
|
2019-10-02
|
978277
|
DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h
|
-
|
2019-10-02
|
978335
|
Use-of-uninitialized-value in PageInfoUI::GetSecurityDescription
|
-
|
2019-10-02
|
888322
|
CVE-2018-14610 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-10-01
|
949425
|
pdfium (XFA): invalid vptr / uaf in CXFA_FFDocView::RunBindItems
|
$3000
|
2019-10-01
|
976652
|
CVE-2018-20669 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-10-01
|
976939
|
DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &
|
-
|
2019-10-01
|
978050
|
Use-of-uninitialized-value in v8::internal::GCTracer::CurrentEmbedderAllocationThroughputInBytesPerMillisecond
|
-
|
2019-10-01
|
949999
|
Bad-cast to MetricsLibraryInterface from MetricsLibrary in p2p::server::HttpServerExternalProcess::OnMessageReceived
|
-
|
2019-09-30
|
960106
|
ChromeOS Kernel integer overflow
|
-
|
2019-09-30
|
966309
|
Use-of-uninitialized-value in v8::internal::Simulator::FPCompare
|
-
|
2019-09-29
|
977855
|
CVE-2019-3896 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-29
|
969256
|
Int-overflow in CPDF_PSEngine::DoOperator
|
-
|
2019-09-28
|
976136
|
heap-use-after-free in ContextProvider
|
$3000
|
2019-09-28
|
977089
|
DCHECK failure in fresh->bit_field3() & ~IsInRetainedMapListBit::kMask == new_map->bit_field3() &
|
-
|
2019-09-28
|
977467
|
Crash in blink::MojoHandle::writeMessage
|
-
|
2019-09-28
|
768526
|
Cast should not use a web iframe inside a WebUI page
|
-
|
2019-09-27
|
950328
|
v8 crash on map-check
|
$3000
|
2019-09-27
|
961674
|
DCHECK failure in __isolate__->has_scheduled_exception() in isolate.cc
|
-
|
2019-09-27
|
971293
|
heap-use-after-free in Cancel::wasm-engine.cc
|
$1000
|
2019-09-27
|
971702
|
UAF in chrome!content::Portal::Activate
|
$8000
|
2019-09-27
|
972354
|
CVE-2019-3846 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-27
|
973137
|
Crash in quic::QuicDataReader::PeekVarInt62Length
|
-
|
2019-09-27
|
973893
|
Potential bad cast with non-string values
|
-
|
2019-09-27
|
976859
|
Security: heap-use-after-free in blink::NGPaintFragment::AssociateWithLayoutObject
|
$3000
|
2019-09-27
|
976922
|
DCHECK failure in fixed_array.IsNumberDictionary() in js-objects-inl.h
|
-
|
2019-09-27
|
976923
|
DCHECK failure in 0 == memcmp(reinterpret_cast<void*>(fresh->address()), reinterpret_cast<void*>(n
|
-
|
2019-09-27
|
976932
|
DCHECK failure in bytecode->IsBytecodeEqual( *outer_function_job->compilation_info()->bytecode_arr
|
-
|
2019-09-27
|
976935
|
Heap-use-after-free in CFX_Font::LoadSubst
|
-
|
2019-09-27
|
976940
|
Crash in ReadUnalignedValue<double>
|
-
|
2019-09-27
|
976944
|
Crash in v8::internal::Object::Number
|
-
|
2019-09-27
|
964639
|
CVE-2019-11833 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-26
|
967993
|
Crash in base::ObserverListThreadSafe<base::PowerObserver>::RemoveObserver
|
-
|
2019-09-26
|
972921
|
Security: v8 dcheck failure and fatal error
|
$3000
|
2019-09-26
|
974760
|
Security: heap-use-after-free in blink::NGBlockNode::SaveStaticOffsetForLegacy
|
$3000
|
2019-09-26
|
976231
|
Heap-use-after-free in CFX_Font::LoadSubst
|
-
|
2019-09-26
|
976429
|
Security: Use-of-uninitialized-value in CFWL_WidgetMgr::NextTab if Ctrl-Tab is pressed while editing an XFA form.
|
-
|
2019-09-26
|
976924
|
Crash in v8::internal::DictionaryElementsAccessor::CollectElementIndicesImpl
|
-
|
2019-09-26
|
962572
|
Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli
|
-
|
2019-09-25
|
971740
|
Security: URL bar spoofing on iOS with history.back()
|
$3000
|
2019-09-25
|
972031
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2019-09-25
|
974627
|
DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h
|
-
|
2019-09-25
|
958002
|
cros-machine-id-regen should quote file path when computing timestamp path
|
$1000
|
2019-09-24
|
969368
|
CHECK failure: (location_) != nullptr in maybe-handles.h
|
-
|
2019-09-24
|
974091
|
Security: PDFium Font Parsing Heap Use After Free Vulnerability
|
$3000
|
2019-09-24
|
968081
|
Use-of-uninitialized-value in v8::internal::Factory::NewNumber
|
-
|
2019-09-23
|
964872
|
Security: signed-integer-overflow in FX_RECT::Height
|
-
|
2019-09-22
|
965067
|
URL is updated incorrectly after navigating to an invalid URL
|
-
|
2019-09-22
|
973103
|
Security: site isolation bypass: request headers overwrite via URLLoader::FollowRedirect
|
-
|
2019-09-22
|
973628
|
Don't rewrite about:srcdoc into chrome://srcdoc (just as we make an exception for about:blank)
|
-
|
2019-09-21
|
961237
|
Security: jit difference on comparison in d8
|
-
|
2019-09-20
|
971904
|
Heap-use-after-free in content::GpuChildThread::QuitMainMessageLoop
|
-
|
2019-09-20
|
972239
|
Heap-use-after-free in base::internal::WeakReference::IsValid
|
-
|
2019-09-20
|
972413
|
Use-of-uninitialized-value in blink::NGPaintFragment::ClearAssociationWithLayoutObject
|
-
|
2019-09-20
|
972657
|
Potential UAF in TRACE_EVENT call in FontLoader::openStream
|
-
|
2019-09-20
|
973363
|
Integer overflow in FastGetOwnValuesOrEntries
|
-
|
2019-09-20
|
971761
|
Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::begin_function_scope
|
-
|
2019-09-19
|
972623
|
Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options::~shaderc_spvc_compile_options
|
-
|
2019-09-19
|
972627
|
Bad parameters to --sanitizer-annotate-contiguous-container in shaderc_spvc_compile_options_release
|
-
|
2019-09-19
|
973121
|
Crash in v8::Value::ToString
|
-
|
2019-09-19
|
973132
|
Crash in v8::internal::ConcurrentMarkingVisitor::MarkObject
|
-
|
2019-09-19
|
973136
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-09-19
|
973138
|
Crash in v8::internal::LookupIterator::State v8::internal::LookupIterator::LookupInRegula
|
-
|
2019-09-19
|
973146
|
Crash in v8::internal::String::GetFlatContent
|
-
|
2019-09-19
|
973151
|
Bad-cast to v8::String::ExternalStringResource from invalid vptr in v8::internal::ExternalTwoByteString::GetChars
|
-
|
2019-09-19
|
972390
|
Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length
|
-
|
2019-09-18
|
972394
|
Crash in AtomicallySetQuarantineFlagIfAllocated
|
-
|
2019-09-18
|
973056
|
URL is updated incorrectly when navigating to external app urls
|
$500
|
2019-09-18
|
973122
|
Use-of-uninitialized-value in v8::internal::FixStaleLeftTrimmedHandlesVisitor::VisitRootPointers
|
-
|
2019-09-18
|
964245
|
Site Isolation breaking bug in filesystem
|
$5000
|
2019-09-17
|
968988
|
CVE-2019-12381 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-17
|
968994
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2019-09-17
|
968870
|
Crash in blink::RemoteFrame::SetCcLayer
|
-
|
2019-09-16
|
971752
|
Heap-use-after-free in blink::LayoutBlockFlow::AddOverhangingFloats
|
-
|
2019-09-16
|
972295
|
Bad-cast to v8::internal::wasm::(anonymous namespace)::WasmGCForegroundTask from invalid vptr in v8::internal::wasm::WasmEngine::RemoveIsolateFromCurrentGC
|
-
|
2019-09-16
|
968006
|
Heap-buffer-overflow in mojo::SyncHandleRegistry::Wait
|
-
|
2019-09-15
|
968007
|
Heap-use-after-free in quic::QuicDataReader::ReadBytes
|
-
|
2019-09-15
|
969321
|
Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType
|
-
|
2019-09-15
|
970644
|
Bad-free in shaderc_spvc_compile_options_release
|
-
|
2019-09-15
|
970909
|
Crash in AtomicallySetQuarantineFlagIfAllocated
|
-
|
2019-09-15
|
971551
|
Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>
|
-
|
2019-09-15
|
971746
|
Crash in AddressIsPoisoned
|
-
|
2019-09-15
|
971757
|
Crash in shaderc_spvc_compile_options::~shaderc_spvc_compile_options
|
-
|
2019-09-15
|
929578
|
Any extension can be disbled by simply adding a trailing slash
|
$500
|
2019-09-14
|
968985
|
CVE-2019-12378 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-14
|
968987
|
CVE-2019-12380 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-14
|
969333
|
Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture
|
-
|
2019-09-14
|
969525
|
Crash in v8::internal::Heap::GcSafeFindCodeForInnerPointer
|
-
|
2019-09-14
|
971606
|
Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::PackStringsToBucket
|
-
|
2019-09-14
|
969083
|
Heap-use-after-free in content::IndexedDBOriginState::AbortAllTransactions
|
-
|
2019-09-13
|
969363
|
Use-of-uninitialized-value in blink::GraphicsLayerUpdater::UpdateContext::CompositingContainer
|
-
|
2019-09-13
|
971538
|
Use-of-uninitialized-value in GrBackendTexture::operator=
|
-
|
2019-09-13
|
971545
|
Use-of-uninitialized-value in GrBackendTexture::operator=
|
-
|
2019-09-13
|
901306
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2019-09-12
|
923647
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2019-09-12
|
959640
|
Multiple file download protection bypass
|
$500
|
2019-09-12
|
960785
|
Security: Heap-use-after-free in blink::PresentationAvailabilityState::UpdateAvailability
|
-
|
2019-09-12
|
962947
|
Use-of-uninitialized-value in vfnprintf
|
-
|
2019-09-12
|
969055
|
URL doesn't update correctly when tapped on Stop icon to stop page loading
|
-
|
2019-09-12
|
969261
|
Heap-buffer-overflow in CFF::CFF2FDSelect::sanitize
|
-
|
2019-09-12
|
971537
|
Use-of-uninitialized-value in GrBackendTexture::operator=
|
-
|
2019-09-12
|
951974
|
Crash in shaderc_spvc_compile_options::shaderc_spvc_compile_options
|
-
|
2019-09-11
|
952081
|
Crash in AtomicallySetQuarantineFlagIfAllocated
|
-
|
2019-09-11
|
953985
|
Crash in AddressIsPoisoned
|
-
|
2019-09-11
|
954955
|
Crash in shaderc_spvc_compile_options_release
|
-
|
2019-09-11
|
955949
|
Security: Chronos user can delete files as root at boot (cleanup-shutdown-logs.conf)
|
-
|
2019-09-11
|
961413
|
Use-after-poison in blink::xpath::Expression::AddSubExpression
|
-
|
2019-09-11
|
967592
|
Crash in shaderc_spvc_compile_options_clone
|
-
|
2019-09-11
|
969520
|
Crash in spirv_cross::Variant::empty
|
-
|
2019-09-11
|
969521
|
Heap-buffer-overflow in spirv_cross::Variant::Variant
|
-
|
2019-09-11
|
957516
|
Security: Heap-use-after-free in ProjectionFromFieldOfView
|
-
|
2019-09-10
|
958318
|
CVE-2019-11487 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-10
|
959508
|
Crash in blink::PersistentBase<blink::DummyGCBase,
|
-
|
2019-09-10
|
962916
|
CVE-2019-11884 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-10
|
966263
|
Security: signed integer overflow in CPDF_RenderStatus::ProcessType3Text
|
-
|
2019-09-10
|
968984
|
CVE-2019-11190 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-09-10
|
969444
|
Crash in blink::Deprecation::GenerateReport
|
-
|
2019-09-10
|
969286
|
Chromium: Vulnerability reported in sqlite
|
-
|
2019-09-08
|
831725
|
SameSite cookie bypass via prerender
|
$2000
|
2019-09-07
|
907344
|
Heap-buffer-overflow in spirv_cross::Compiler::parse
|
-
|
2019-09-07
|
907718
|
Crash in spirv_cross::Variant::get_type
|
-
|
2019-09-07
|
943494
|
Security: UAF on WebUSB (Windows, windows_usb.c)
|
-
|
2019-09-07
|
950256
|
Use-of-uninitialized-value in spirv_cross::SPIRConstant::SPIRConstant
|
-
|
2019-09-07
|
951525
|
Security: IntersectionObserver V2 fails for CSS property scale transform
|
$500
|
2019-09-07
|
951902
|
Crash in spirv_cross::Variant::empty
|
-
|
2019-09-07
|
952050
|
Crash in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>
|
-
|
2019-09-07
|
952156
|
Heap-buffer-overflow in spirv_cross::Variant::Variant
|
-
|
2019-09-07
|
952505
|
Crash in spirv_cross::VectorView<unsigned int>::begin
|
-
|
2019-09-07
|
953094
|
Heap-buffer-overflow in shaderc_spvc_compile_into_glsl
|
-
|
2019-09-07
|
953935
|
Heap-buffer-overflow in spirv_cross::Meta::Decoration::Decoration
|
-
|
2019-09-07
|
954785
|
Use-of-uninitialized-value in spirv_cross::SPIRFunction& spirv_cross::Variant::get<spirv_cross::SPIRFunction>
|
-
|
2019-09-07
|
954969
|
Heap-buffer-overflow in ??$allocate@AEBIAEBI_N@?$ObjectPool@USPIRConstant@spirv_cross@@@spirv_cross@@QEA
|
-
|
2019-09-07
|
962956
|
Crash in spirv_cross::ParsedIR::remove_typed_id
|
-
|
2019-09-07
|
964768
|
heap-use-after-free : strlen
|
-
|
2019-09-07
|
965918
|
Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>
|
-
|
2019-09-07
|
967152
|
Crash in spirv_cross::SPIRFunction const& spirv_cross::Variant::get<spirv_cross::SPIRFunc
|
-
|
2019-09-07
|
967926
|
Security: [Non-Exploitable] Crosh sandbox escape via command injection
|
-
|
2019-09-07
|
967933
|
Security: [Not Exploitable] seconds_compare method in network_diag does not quote parameters
|
-
|
2019-09-07
|
967943
|
Security: Command Injection in periodic_scheduler
|
-
|
2019-09-07
|
968075
|
Crash in spirv_cross::SPIRType& spirv_cross::Variant::get<spirv_cross::SPIRType>
|
-
|
2019-09-07
|
964667
|
Use-after-poison in mojo::BindingSetBase<blink::mojom::blink::NavigationInitiator, mojo::Binding<bli
|
-
|
2019-09-06
|
966460
|
DCHECK failure in object->HasSmiOrObjectElements() || object->HasDoubleElements() || object->HasFa
|
-
|
2019-09-06
|
967978
|
Heap-use-after-free in quic::QuicDataReader::PeekVarInt62Length
|
-
|
2019-09-06
|
967996
|
Use-of-uninitialized-value in blink::PerformanceResourceTiming::secureConnectionStart
|
-
|
2019-09-06
|
968080
|
Use-of-uninitialized-value in quic::HttpDecoder::ReadFrameType
|
-
|
2019-09-06
|
929300
|
BrowserPlugin architecture causes PDFs to be fetched into a cross-origin web renderer
|
-
|
2019-09-05
|
966557
|
Heap-use-after-free in content::IndexedDBDatabase::DeleteRequest::Perform
|
-
|
2019-09-05
|
966960
|
Heap-use-after-free in blink::TaskBase::TaskCompleted
|
-
|
2019-09-05
|
967196
|
Heap-use-after-free in ash::OverviewWindowDragController::StartNormalDragMode
|
-
|
2019-09-05
|
967361
|
Heap-use-after-free in blink::NGPaintFragment::RecalcContentsInkOverflow
|
-
|
2019-09-05
|
964002
|
Security: Latin KRA homograph
|
-
|
2019-09-04
|
966784
|
UAF in content::IndexedDBOriginState::AbortAllTransactions
|
$5000
|
2019-09-04
|
967167
|
Use-of-uninitialized-value in int blink::LazyLineBreakIterator::NextBreakablePosition<unsigned short,
|
-
|
2019-09-04
|
967938
|
Security: Command Injection in cr50-verify-ro.sh
|
-
|
2019-09-04
|
665766
|
Change on the credentials mode on redirect specified by the CORS algorithm should be propagated to net/
|
$1000
|
2019-09-03
|
953294
|
Omnibox spoofing with data urls
|
-
|
2019-09-03
|
962500
|
Security: Security: Same Origin Policy bypass and local file disclosure via <portal> element
|
$10000
|
2019-09-03
|
966762
|
UAF in content::IndexedDBDatabase::ProcessRequestQueueAndMaybeRelease
|
$15500
|
2019-09-03
|
967151
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsExternalOneByteString()) in string
|
-
|
2019-09-03
|
967118
|
Heap-buffer-overflow in dawn_native::DeviceBase::CreateBufferMapped
|
-
|
2019-09-01
|
958717
|
DCHECK failure in IrOpcode::kPhi == callee->opcode() in js-inlining-heuristic.cc
|
-
|
2019-08-31
|
966454
|
Container-overflow in content::IndexedDBFactoryImpl::ContextDestroyed
|
-
|
2019-08-31
|
966572
|
Container-overflow in base::TaskAnnotator::RunTask
|
-
|
2019-08-31
|
966812
|
Crash in blink::WorkletPendingTasks::Abort
|
-
|
2019-08-31
|
936900
|
Security: CORS issue with Chrome Extensions
|
$500
|
2019-08-30
|
950000
|
Incorrect-function-pointer-type in base::internal::CallbackBase<
|
-
|
2019-08-30
|
964607
|
Security: WebAssembly duplicate indirect_function_table lead to OOB Write
|
$3000
|
2019-08-30
|
965633
|
Heap-use-after-free in dawn_native::SamplerBase::EqualityFunc::operator
|
-
|
2019-08-30
|
966224
|
Use-of-uninitialized-value in v8::internal::wasm::CompilationStateImpl::GetNextCompilationUnit
|
-
|
2019-08-30
|
966555
|
Use-of-uninitialized-value in extensions::MimeHandlerViewContainerManager::DestroyFrameContainer
|
-
|
2019-08-30
|
961597
|
Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::RootScrollerController::ApplyRootScrollerProperties
|
-
|
2019-08-29
|
964818
|
Integer-overflow in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken
|
-
|
2019-08-29
|
964928
|
Security: JS execution inside ScriptForbiddenScope leading to UAF
|
-
|
2019-08-29
|
964924
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow* blink::DynamicTo<blink::LayoutBlockFlow, blink::LayoutOb
|
-
|
2019-08-28
|
965630
|
Use-of-uninitialized-value in v8::internal::Factory::NewStringFromTwoByte
|
-
|
2019-08-28
|
957324
|
CrOS: Vulnerability reported in app-text/ghostscript-gpl
|
-
|
2019-08-27
|
963346
|
CHECK failure: (map()->has_fast_smi_or_object_elements() || map()->has_frozen_or_sealed_element
|
-
|
2019-08-27
|
964762
|
Heap-use-after-free in AppListClientImpl::OpenSearchResult
|
-
|
2019-08-27
|
964813
|
Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutBox::ResolvedDirection
|
-
|
2019-08-27
|
965299
|
DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim
|
-
|
2019-08-27
|
958532
|
Use-of-uninitialized-value in p2p::server::HttpServerExternalProcess::OnMessageReceived
|
-
|
2019-08-26
|
960111
|
ChromeOS privilege escalation
|
-
|
2019-08-26
|
964619
|
Bad-cast to blink::NGPaintFragment from invalid vptr in blink::LayoutText::FirstLineBoxTopLeft
|
-
|
2019-08-26
|
963341
|
Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2019-08-25
|
964171
|
Use-of-uninitialized-value in blink::ListItemOrdinal::NextListItem
|
-
|
2019-08-25
|
964675
|
Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr
|
-
|
2019-08-25
|
962083
|
Use-of-uninitialized-value in sqlite3IntFloatCompare
|
-
|
2019-08-24
|
963831
|
Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline
|
-
|
2019-08-24
|
963579
|
Use-of-uninitialized-value in blink::LayoutTreeBuilderTraversal::NextSiblingLayoutObject
|
-
|
2019-08-24
|
960109
|
ChromeOS persistence bug
|
-
|
2019-08-24
|
961998
|
Crash in inspector_protocol_encoding::cbor::CBORTokenizer::ReadNextToken
|
-
|
2019-08-24
|
963409
|
Use-of-uninitialized-value in base::UTF16ToUTF8
|
-
|
2019-08-24
|
964218
|
Heap-buffer-overflow in void inspector_protocol_encoding::cbor::EncodeBinaryTmpl<std::__Cr::vector<unsig
|
-
|
2019-08-24
|
964178
|
DCHECK failure in TypeOf(node->InputAt(0)).IsNone() in simplified-lowering.cc
|
-
|
2019-08-23
|
952073
|
Heap-use-after-free in scoped_refptr<base::SingleThreadTaskRunner>::scoped_refptr
|
-
|
2019-08-23
|
958689
|
UaF in SharedWorkerClient::OnScriptLoadFailed
|
-
|
2019-08-23
|
958963
|
Security: Sign in to Chrome OS using Smart Lock without entering PIN on Android device
|
$6337
|
2019-08-23
|
959193
|
Heap-buffer-overflow in u_strlen_64
|
-
|
2019-08-23
|
962368
|
Security: Wrong url in omnibox on iOS (URL spoof)
|
-
|
2019-08-23
|
963060
|
Bad-cast to blink::DisplayItemClient from invalid vptr in blink::DisplayItemRasterInvalidator::Generate
|
-
|
2019-08-23
|
963076
|
Use-of-uninitialized-value in handle_vdm_request
|
-
|
2019-08-23
|
963463
|
Crash in v8::internal::FullMaybeObjectSlot::Relaxed_Store
|
-
|
2019-08-23
|
963464
|
Crash in ptr
|
-
|
2019-08-23
|
963466
|
Crash in v8::internal::FeedbackVector::SetOptimizationMarker
|
-
|
2019-08-23
|
963681
|
Crash in chrome
|
-
|
2019-08-23
|
963687
|
Crash in v8::internal::Simulator::LoadStoreHelper
|
-
|
2019-08-23
|
963890
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::NGPhysicalFragment::HasLayer
|
-
|
2019-08-23
|
964109
|
Use-of-uninitialized-value in pd_update_pdo_flags
|
-
|
2019-08-23
|
951880
|
URL spoofing with post urls
|
-
|
2019-08-22
|
960209
|
Chrome CORS Causes Unauthorized File Download and Arbitrary File Execution on macOS
|
$500
|
2019-08-22
|
963278
|
Heap-use-after-free in SlowLastChild
|
-
|
2019-08-22
|
963461
|
DCHECK failure in has_feedback_vector() in js-objects-inl.h
|
-
|
2019-08-22
|
963568
|
DCHECK failure in descriptor_number < number_of_descriptors() in descriptor-array-inl.h
|
-
|
2019-08-22
|
622974
|
Another case where incorrect origin is sent with message event
|
-
|
2019-08-21
|
952709
|
Heap-use-after-free in SerialChooserController::OnGetDevices
|
-
|
2019-08-21
|
958718
|
DCHECK failure in RegionObservability::kObservable == region_observability_ in effect-control-line
|
-
|
2019-08-21
|
960331
|
Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
|
-
|
2019-08-21
|
961972
|
Use-of-uninitialized-value in blink::LayoutInline::ContinuationBefore
|
-
|
2019-08-21
|
961973
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::WillBeDestroyed
|
-
|
2019-08-21
|
961977
|
Use-of-uninitialized-value in blink::FloatRoundedRect::IncludeLogicalEdges
|
-
|
2019-08-21
|
961989
|
Crash in blink::LayoutBlockFlow::WillBeDestroyed
|
-
|
2019-08-21
|
961990
|
Use-of-uninitialized-value in blink::BoxPainterBase::FillLayerInfo::FillLayerInfo
|
-
|
2019-08-21
|
962008
|
Heap-use-after-free in blink::NGPaintFragment::TryMarkLastLineBoxDirtyFor
|
-
|
2019-08-21
|
962027
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::HTMLFrameOwnerElement::GetLayoutEmbeddedContent
|
-
|
2019-08-21
|
962086
|
[LayoutNG] Bad-cast to blink::LayoutObject from invalid vptr in blink::Node::DetachLayoutTree
|
-
|
2019-08-21
|
962088
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::EndsOfNodeAreVisuallyDistinctPositions
|
-
|
2019-08-21
|
962141
|
Heap-use-after-free in GetDocument
|
-
|
2019-08-21
|
962273
|
Heap-use-after-free in IsInline
|
-
|
2019-08-21
|
962338
|
Use-of-uninitialized-value in blink::NGBoxFragmentPainter::PaintObject
|
-
|
2019-08-21
|
962841
|
Heap-use-after-free in blink::LayoutObject::PreviousInPreOrder
|
-
|
2019-08-21
|
961979
|
Crash in blink::Document::View
|
-
|
2019-08-20
|
961985
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutBlockFlow::InlineElementContinuation
|
-
|
2019-08-20
|
962065
|
Heap-use-after-free in blink::LayoutBlockFlow::InlineElementContinuation
|
-
|
2019-08-20
|
962172
|
Bad-cast to blink::LayoutInline from invalid vptr in blink::ToLayoutInline
|
-
|
2019-08-20
|
962197
|
Heap-use-after-free in blink::LayoutBlockFlow::NodeForHitTest
|
-
|
2019-08-20
|
962275
|
Security DCHECK failure: !object || (object->IsText()) in layout_text.h
|
$3500
|
2019-08-20
|
962468
|
Use-of-uninitialized-value in v8::internal::compiler::Schedule::block
|
-
|
2019-08-20
|
962474
|
DCHECK failure in effect_edges > 0 in verifier.cc
|
-
|
2019-08-20
|
957160
|
Use-after-poison in blink::UpdatePlaceholderImage
|
-
|
2019-08-19
|
958510
|
Use-of-uninitialized-value in pd_partner_port_reset
|
-
|
2019-08-19
|
961943
|
Use-of-uninitialized-value in blink::NGInlineLayoutStateStack::UpdateAfterReorder
|
-
|
2019-08-19
|
961773
|
DCHECK failure in !ExpectedTransitionKey().is_null() in transitions-inl.h
|
-
|
2019-08-18
|
950230
|
Heap-buffer-overflow in materialize
|
-
|
2019-08-17
|
959390
|
Security: Access-Control-Expose-Headers is not honored for redirects
|
$500
|
2019-08-17
|
949413
|
pdfium (XFA): wrong object type / uaf in SyncContainer
|
$3000
|
2019-08-16
|
957521
|
Security: Heap-use-after-free in XRView::UpdateProjectionMatrixFromAspect
|
-
|
2019-08-16
|
958072
|
Heap-buffer-overflow in libGLESv2_swiftshader
|
-
|
2019-08-16
|
959747
|
Unknown signal in Builtins_StoreFastElementIC_GrowNoTransitionHandleCOW
|
-
|
2019-08-16
|
954818
|
Security: Crosh privilege escalation / sandbox escape via command injection in set_arpgw
|
$5500
|
2019-08-15
|
957405
|
DCHECK failure in trap_handler::IsTrapHandlerEnabled() == trap_handler::IsThreadInWasm() in runtim
|
-
|
2019-08-15
|
957522
|
Security: Heap-use-after-free in ShapeDetector::DetectShapesOnImageData
|
-
|
2019-08-15
|
959727
|
DCHECK failure in !IsElement() in lookup.h
|
-
|
2019-08-15
|
960520
|
Use-of-uninitialized-value in BN_bin2bn
|
-
|
2019-08-15
|
960680
|
Bad-cast to v8::String::ExternalOneByteStringResource from v8::internal::SimpleStringResource<unsigned short, v8::String::ExternalStringResource> in v8::internal::ExternalOneByteString::GetChars
|
-
|
2019-08-15
|
960735
|
Heap-use-after-free in blink::SnapCoordinator::UpdateSnapContainerData
|
-
|
2019-08-15
|
960753
|
CVE-2019-11811 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-15
|
960775
|
Use-after-poison in blink::PersistentBase<blink::Document,
|
-
|
2019-08-15
|
949418
|
Heap-buffer-overflow in courgette::DisassemblerElf32::ExtractAbs32Locations
|
-
|
2019-08-14
|
959066
|
Use-of-uninitialized-value in courgette::DisassemblerElf32ARM::RelToRVA
|
-
|
2019-08-14
|
959264
|
Use-of-uninitialized-value in setvar_
|
-
|
2019-08-14
|
959534
|
CVE-2019-11599 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-14
|
959538
|
CVE-2019-7222 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-14
|
959563
|
Heap-use-after-free in headless::HeadlessShell::Shutdown
|
-
|
2019-08-14
|
959745
|
Crash in blink::FrameLoader::StartNavigation
|
-
|
2019-08-14
|
951795
|
Security: Use-after-free in WasmMemoryObject::Grow
|
-
|
2019-08-13
|
957092
|
Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BindTexture
|
-
|
2019-08-13
|
957285
|
Bad-cast to base::sequence_manager::TaskQueue from invalid vptr in base::sequence_manager::ThreadManager::PostDelayedTask
|
-
|
2019-08-13
|
958528
|
Use-of-uninitialized-value in BN_div
|
-
|
2019-08-13
|
958525
|
Use-of-uninitialized-value in bn_mul_comba8
|
-
|
2019-08-13
|
958755
|
Bad-cast to headless::HeadlessWebContents from invalid vptr in headless::HeadlessShell::Shutdown
|
-
|
2019-08-13
|
959192
|
Heap-use-after-free in content::FileSystemManagerImpl::Open
|
-
|
2019-08-13
|
959518
|
Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockContext::kChildren) in l
|
-
|
2019-08-13
|
959645
|
DCHECK failure in value->IsSmi() in objects-debug.cc
|
-
|
2019-08-13
|
959835
|
Security DCHECK failure: !object || (object->IsLayoutEmbeddedContent()) in layout_embedded_content.h
|
-
|
2019-08-13
|
956851
|
Heap-use-after-free in fts3DisconnectMethod
|
-
|
2019-08-11
|
958787
|
Bad-cast to blink::LayoutEmbeddedContent from blink::LayoutImage in blink::HTMLFrameOwnerElement::SetEmbeddedContentView
|
-
|
2019-08-11
|
959387
|
Bad-cast to v8::internal::compiler::GapResolver::Assembler from invalid vptr in v8::internal::compiler::GapResolver::Resolve
|
-
|
2019-08-11
|
959381
|
Crash in v8::internal::OwnedVector<unsigned char>::New
|
-
|
2019-08-11
|
959541
|
Heap-buffer-overflow in v8::internal::Assembler::jmp
|
-
|
2019-08-11
|
952682
|
DCHECK failure in value->IsSmi() in objects-debug.cc
|
-
|
2019-08-10
|
956391
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2019-08-10
|
958307
|
Heap-use-after-free in net::MDnsClientImpl::Core::DoCleanup
|
-
|
2019-08-10
|
958531
|
Use-of-uninitialized-value in setvar
|
-
|
2019-08-10
|
958759
|
CHECK failure: (location_) != nullptr in maybe-handles.h
|
-
|
2019-08-10
|
958872
|
Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber
|
-
|
2019-08-10
|
959024
|
Incorrect-function-pointer-type in blink::InputType::Create
|
-
|
2019-08-10
|
959014
|
Crash in v8::internal::wasm::NativeModule::AddCodeWithCodeSpace
|
-
|
2019-08-10
|
959031
|
Crash in v8::internal::wasm::NativeModule::runtime_stub_entry
|
-
|
2019-08-10
|
959064
|
Crash in apply
|
-
|
2019-08-10
|
959107
|
Crash in v8::internal::OwnedVector<unsigned char>::New
|
-
|
2019-08-10
|
959190
|
Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer
|
-
|
2019-08-10
|
959197
|
Heap-buffer-overflow in WriteUnalignedValue<unsigned
|
-
|
2019-08-10
|
959199
|
Bad-cast to v8::internal::compiler::CodeGeneratorv8::internal::compiler::CodeGenerator::AssembleCode in void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::AssembleC
|
-
|
2019-08-10
|
959263
|
Heap-buffer-overflow in emit
|
-
|
2019-08-10
|
959275
|
Bad-cast to v8::internal::AssemblerBufferv8::internal::Assembler::GrowBuffer in v8::internal::Assembler::emit_mov
|
-
|
2019-08-10
|
959271
|
Crash in ReadUnalignedValue<unsigned
|
-
|
2019-08-10
|
959386
|
Crash in apply
|
-
|
2019-08-10
|
959472
|
Bad-cast to v8::internal::AssemblerBuffer from invalid vptr in v8::internal::Assembler::GrowBuffer
|
-
|
2019-08-10
|
959484
|
Crash in v8::internal::compiler::InstructionSequence::InstructionBlockAt
|
-
|
2019-08-10
|
954891
|
Security: OOB Read in ReflexHash::checkTriangle
|
-
|
2019-08-09
|
957323
|
CVE-2019-8980 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-09
|
947858
|
Crash in Builtins_InterpreterEntryTrampoline
|
-
|
2019-08-08
|
956531
|
CrOS: Vulnerability reported in app-arch/tar
|
-
|
2019-08-08
|
957335
|
Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal
|
-
|
2019-08-08
|
957436
|
Security: heap-use-after-free in content::RenderFrameImpl::CommitFailedNavigationInternal
|
$3000
|
2019-08-08
|
957830
|
Use-of-uninitialized-value in inspector_protocol_encoding::json::JsonParser<unsigned char>::Parse
|
-
|
2019-08-08
|
958151
|
Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::ParseJsonNumber
|
-
|
2019-08-08
|
958457
|
Use after free in PresentationAvailabilityState
|
-
|
2019-08-08
|
875546
|
Use-of-uninitialized-value in gfx::Tween::IntValueBetween
|
-
|
2019-08-07
|
893087
|
Security: pageCapture permission allows access to arbitrary local files and chrome:// pages
|
$500
|
2019-08-07
|
951322
|
Crash in v8::internal::Simulator::LoadStorePairHelper
|
-
|
2019-08-07
|
954762
|
Heap-buffer-overflow in webrtc::MouseCursorMonitorX11::CaptureCursor
|
-
|
2019-08-07
|
956414
|
CVE-2019-10125 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-07
|
956597
|
Security: UAF in ServiceWorkerPaymentInstrument
|
$5000
|
2019-08-07
|
956947
|
Heap-use-after-free in CPDF_ShadingPattern::Load()
|
$6000
|
2019-08-07
|
957321
|
CVE-2013-7470 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-07
|
956389
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2019-08-06
|
957814
|
Heap-use-after-free in CPDF_RenderStatus::RenderObjectList
|
-
|
2019-08-06
|
956416
|
CVE-2019-7221 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-05
|
956426
|
DCHECK failure in old_descriptors_->GetDetails(modified_descriptor_) .representation() .Equals(new
|
-
|
2019-08-05
|
949887
|
Bad-cast to blink::PaintLayer from invalid vptr in blink::PaintLayerScrollableArea::InvalidateAllStickyConstraints
|
-
|
2019-08-04
|
956418
|
CVE-2019-9213 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-04
|
928551
|
HTTPS proxies can redirect CONNECT
|
-
|
2019-08-03
|
956415
|
CVE-2019-6974 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-03
|
956428
|
Crash in v8::Isolate::GetCurrentContext
|
-
|
2019-08-03
|
946395
|
Bad-cast to content::RenderFrameImpl from invalid vptr in content::RenderFrameImpl::CommitFailedNavigationInternal
|
-
|
2019-08-02
|
955047
|
Use-of-uninitialized-value in blink::AddressCache::Lookup
|
-
|
2019-08-02
|
956427
|
Bad-cast to blink::LocalFrameView from blink::WebPluginContainerImpl in blink::HTMLFrameOwnerElement::OnViewportIntersectionChanged
|
-
|
2019-08-02
|
893258
|
WebAuthN dialog elides long RP ID (hostnames) on the right
|
-
|
2019-08-01
|
948564
|
Parameter passing error and Integer overflow in media_stream.mojom which could be used through ipc
|
-
|
2019-08-01
|
956393
|
CVE-2019-10124 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-08-01
|
951712
|
Security: pdfium SEGV on unknown address in CXFA_Graphics::FillPathWithShading
|
$1000
|
2019-07-31
|
952301
|
pdfium (XFA): oob array read in CXFA_Graphics::FillPathWithShading
|
$1000
|
2019-07-31
|
952581
|
Use-of-uninitialized-value in quic::QuicFramer::DecryptPayload
|
-
|
2019-07-31
|
952849
|
Security: Use-after-free in AudioWorkletGlobalScope::Process
|
-
|
2019-07-31
|
953659
|
v8 engine element kind type logic panic
|
-
|
2019-07-31
|
952406
|
Security: Possible OOB related to chrome_sqlite3_malloc
|
$500
|
2019-07-30
|
954703
|
Heap-buffer-overflow in DirectiveHeaderValueParser::DirectiveHeaderValueParser
|
-
|
2019-07-30
|
954760
|
Heap-buffer-overflow in domain_reliability::DomainReliabilityHeader::Parse
|
-
|
2019-07-30
|
951262
|
Crash in rr::optimize
|
-
|
2019-07-28
|
952041
|
Heap-buffer-overflow in shaderc_spvc_compile_options_clone
|
-
|
2019-07-28
|
951218
|
Heap-use-after-free in blink::NGOffsetMappingUnit::AssociatedNode
|
-
|
2019-07-27
|
932610
|
Roll libxslt to downstream a security fix
|
-
|
2019-07-25
|
940285
|
Heap-use-after-free in content::UtilityServiceFactory::RunNetworkServiceOnIOThread
|
-
|
2019-07-25
|
951988
|
DCHECK failure in 0u == length in builtins-array.cc
|
-
|
2019-07-25
|
952749
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSGlobalProxy()) in js-objects-inl
|
-
|
2019-07-25
|
953157
|
DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc
|
-
|
2019-07-25
|
953179
|
DCHECK failure in (current_scope) != nullptr in wasm-code-manager.cc
|
-
|
2019-07-25
|
919300
|
Use-of-uninitialized-value in avx::store_bgra
|
$1500
|
2019-07-24
|
926219
|
Use-of-uninitialized-value in sse41::blit_row_s32a_opaque
|
-
|
2019-07-24
|
934161
|
Use-of-uninitialized-value in avx::store_NUMBER
|
$1500
|
2019-07-24
|
950531
|
Security: LoadComBaseFunction susceptible to dll preloading
|
-
|
2019-07-24
|
952340
|
Use-of-uninitialized-value in blink::UserMediaRequest::Create
|
-
|
2019-07-24
|
952658
|
VP9 deadlock with change in tile count
|
-
|
2019-07-24
|
952722
|
DCHECK failure in is_resolved() in ast.h
|
-
|
2019-07-24
|
953233
|
Use-of-uninitialized-value in v8::internal::interpreter::ConstantArrayBuilder::ToFixedArray
|
-
|
2019-07-24
|
947029
|
Security: heap-use-after-free in SMILTimeContainer::UpdateAnimations()
|
$3000
|
2019-07-23
|
949417
|
Use-of-uninitialized-value in disk_cache::BackendImpl::NewEntry
|
-
|
2019-07-23
|
952594
|
Security: SEGV with canvas strokeText
|
-
|
2019-07-23
|
952389
|
Bad-cast to blink::LayoutBlockFlow from blink::LayoutInline in blink::CompositeEditCommand::AddBlockPlaceholderIfNeeded
|
-
|
2019-07-22
|
952384
|
Bad-cast to blink::LayoutBlockFlow from blink::LayoutTable in blink::LayoutBlockFlow& blink::To<blink::LayoutBlockFlow, blink::LayoutObject>
|
-
|
2019-07-22
|
952564
|
Crash in avx::lowp::scale_u8
|
-
|
2019-07-22
|
952565
|
Crash in ssse3::blit_mask_d32_a8
|
-
|
2019-07-22
|
952566
|
Crash in _ZN3avx4lowpL7lerp_u8EmPPvmmDv8_tS3_S3_S3_S3_S3_S3_S3_$dc6b7024eef44a823ed47e292
|
-
|
2019-07-22
|
952568
|
Crash in Sk4px::Load4Alphas
|
-
|
2019-07-22
|
952574
|
Crash in void mergeT<unsigned char>
|
-
|
2019-07-22
|
952575
|
Crash in blend_row_A8
|
-
|
2019-07-22
|
952582
|
Crash in load<unsigned char __attribute__
|
-
|
2019-07-22
|
952590
|
Crash in SkARGB32_Opaque_Blitter::blitMask
|
-
|
2019-07-22
|
952595
|
Crash in load<unsigned char __attribute__
|
-
|
2019-07-22
|
952598
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-07-22
|
952603
|
Crash in SkBlitter::blitMask
|
-
|
2019-07-22
|
952615
|
Crash in bits_to_runs
|
-
|
2019-07-22
|
952626
|
Crash in MapDstAlpha<
|
-
|
2019-07-22
|
952629
|
Crash in void Sk4px::MapDstAlpha<ssse3::blit_mask_d32_a8_black
|
-
|
2019-07-22
|
952666
|
Crash in sse2::lerp_u8
|
-
|
2019-07-22
|
952649
|
Crash in void Sk4px::MapDstSrcAlpha<Sk4px
|
-
|
2019-07-22
|
948499
|
Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper
|
-
|
2019-07-21
|
951438
|
DCHECK failure in GetReadOnlyRoots().fixed_cow_array_map() != map() in fixed-array-inl.h
|
$3500
|
2019-07-21
|
924227
|
Heap-buffer-overflow in spirv_cross::SPIRConstant& spirv_cross::variant_set<spirv_cross::SPIRConstant, u
|
-
|
2019-07-20
|
924735
|
Security: Marvell Avastar WiFi vulnerability
|
-
|
2019-07-20
|
951164
|
DCHECK failure in IsFastElementsKind(array->GetElementsKind()) in elements.cc
|
-
|
2019-07-20
|
951780
|
DCHECK failure in IsDoubleElementsKind(Subclass::kind()) in elements.cc
|
-
|
2019-07-20
|
925244
|
CHECK failure: node->opcode() == IrOpcode::kParameter || node->opcode() == IrOpcode::kProjectio
|
-
|
2019-07-19
|
948575
|
Security: Potential UAF in FidoBleDiscovery
|
-
|
2019-07-19
|
948944
|
CHECK failure: !address.is_initialized() || sizeof(*data_) == address.BlockSize() in storage_bl
|
-
|
2019-07-19
|
950318
|
Heap-use-after-free in disk_cache::MappedFile::Load
|
-
|
2019-07-19
|
951374
|
DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsF
|
-
|
2019-07-19
|
925788
|
Security: PDFium Heap Buffer Overflow in CXFA_TextLayout::DoLayout
|
$1000
|
2019-07-18
|
932900
|
pdfium XFA CXFA_FFDocView::RunSubformIndexChange Use After Free
|
$3000
|
2019-07-18
|
947342
|
Security: heap-buffer-overflow TextureD3D_2DArray::getImage
|
$1000
|
2019-07-18
|
950848
|
Use-of-uninitialized-value in webrtc::AudioDecoderMultiChannelOpusConfig::IsOk
|
-
|
2019-07-18
|
950747
|
DCHECK: !initializing_store && property_details_.constness() == PropertyConstness::kConst implies IsConstFieldValueEqualTo(*value)
|
-
|
2019-07-18
|
951216
|
Use-after-poison in blink::ThreadableLoader::Cancel
|
-
|
2019-07-18
|
925787
|
Security: PDFium Heap Buffer Overflow in CXFA_LayoutPageMgr::FinishPaginatedPageSets
|
$1000
|
2019-07-17
|
933163
|
pdfium XFA CXFA_FFDocView::RunValidate Use After Free
|
$3000
|
2019-07-17
|
950005
|
Security: PDF plugin is allowed to use Pepper TCPServerSocketPrivate API
|
-
|
2019-07-17
|
950592
|
Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock
|
-
|
2019-07-17
|
944424
|
UAF in TaskQueueImpl::CreateTaskRunner
|
$3000
|
2019-07-16
|
949996
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName()) in name-inl.h
|
-
|
2019-07-16
|
950275
|
Use-of-uninitialized-value in blink::TransformationMatrix::ToSkMatrix44
|
-
|
2019-07-15
|
950254
|
Use-of-uninitialized-value in SkMatrix44::recomputeTypeMask
|
-
|
2019-07-15
|
935735
|
Use-of-uninitialized-value in blink::AddressCache::Lookup
|
-
|
2019-07-14
|
901665
|
Index-out-of-bounds in vrend_set_single_abo
|
-
|
2019-07-13
|
936741
|
Heap-buffer-overflow in courgette::DetectDisassembler
|
-
|
2019-07-13
|
925614
|
protocol property of URL including specific character doesn't return correct value
|
$500
|
2019-07-12
|
934112
|
Heap-buffer-overflow in courgette::DisassemblerWin32::ParseHeader
|
-
|
2019-07-12
|
943709
|
libANGLE heap-buffer-overflow triggered by WebGL2 on Windows 10
|
$1000
|
2019-07-12
|
944865
|
DCHECK failure in object->FitsRepresentation(representation) in objects.cc
|
-
|
2019-07-12
|
948172
|
Security: PDF plugin is allowed to use Pepper Socket API
|
-
|
2019-07-12
|
948990
|
Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::ToLayoutBox
|
-
|
2019-07-12
|
949015
|
Bad-cast to blink::LayoutObject from invalid vptr in blink::SVGResources::LayoutIfNeeded
|
-
|
2019-07-12
|
947410
|
Bad-cast to Ice::OperandOptimizer::getUses in rr::optimize
|
-
|
2019-07-11
|
947493
|
Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent
|
-
|
2019-07-11
|
947784
|
Use-of-uninitialized-value in cc::PaintImageBuilder::TakePaintImage
|
-
|
2019-07-11
|
881267
|
Chrome v69 URL spoofing vulnerability on IOS
|
$1000
|
2019-07-10
|
943424
|
use-after-free in libANGLE triggered by WebGL2 on Windows 10
|
$3000
|
2019-07-10
|
943538
|
libANGLE use-after-free (gl::State::syncTextures) triggered through WebGL2 in the GPU process
|
$3000
|
2019-07-10
|
944800
|
Use-after-poison in blink::LocalFrameView::ForAllNonThrottledLocalFrameViews<`lambda
|
-
|
2019-07-10
|
945246
|
DCHECK failure in map_.is_stable() in compilation-dependencies.cc
|
-
|
2019-07-10
|
946550
|
Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback
|
-
|
2019-07-10
|
947865
|
Use-of-uninitialized-value in dawn_native::TextureBase::Destroy
|
-
|
2019-07-10
|
948228
|
DCHECK failure in *isolate->external_caught_exception_address() in wasm-engine.cc
|
-
|
2019-07-10
|
948248
|
Security: Debug check failed: name->is_one_byte() src/parsing/parser.cc, line 350
|
-
|
2019-07-10
|
943087
|
Integer overflow in libANGLE that results in memory corruption in GPU process
|
$3000
|
2019-07-09
|
948307
|
DCHECK failure in ObjectInYoungGeneration(HeapObjectSlot(slot).ToHeapObject()) in heap.cc
|
-
|
2019-07-09
|
944930
|
Regenerate chromeos-base/chromeos-ca-certificates with the latest set of pki.goog/roots.pem
|
-
|
2019-07-08
|
946889
|
v8 debug version crash when CreateGraph phase
|
-
|
2019-07-08
|
947240
|
use-after-free happening in unittest LayerTreeHostImplTest.ScrollSnapOnY
|
$3000
|
2019-07-08
|
947949
|
CHECK failure: this->first()->length() > 0 in objects-debug.cc
|
-
|
2019-07-08
|
946539
|
Heap-buffer-overflow in disk_cache::EntryImpl::UserBuffer::Write
|
-
|
2019-07-07
|
947378
|
Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2019-07-07
|
947499
|
Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2019-07-07
|
892875
|
Security: crosvm: integer overflow in read_struct_slice
|
-
|
2019-07-06
|
897641
|
Security: URL in Omnibox doesn't always match page content
|
$1000
|
2019-07-06
|
901603
|
Index-out-of-bounds in BZ2_decompress
|
-
|
2019-07-06
|
916838
|
Security: Two autocomplete flaws together allow sites to invisibly read credit card numbers after a single keypress
|
$3337
|
2019-07-06
|
939644
|
Integer overflows in disk caches
|
-
|
2019-07-06
|
943387
|
Security: Regression : URL bar spoofing with "file:///" URL on iOS
|
-
|
2019-07-06
|
946862
|
Heap-use-after-free in net::PrioritizedDispatcher::MaybeDispatchJob
|
-
|
2019-07-06
|
947323
|
Use-of-uninitialized-value in dawn_native::TextureBase::Destroy
|
-
|
2019-07-06
|
945644
|
Security: Failed Debug Check in src/compiler/verifier.cc, line 121
|
$3000
|
2019-07-05
|
945855
|
Heap-use-after-free in BEInt<unsigned int, 4>::operator unsigned int
|
-
|
2019-07-05
|
946006
|
Heap-use-after-free in blink::LocalFrameUkmAggregator::RecordSample
|
-
|
2019-07-05
|
946434
|
Heap-use-after-free in base::LinkNode<disk_cache::MemEntryImpl>::RemoveFromList
|
-
|
2019-07-05
|
946543
|
Heap-buffer-overflow in BEInt<short, 2>::operator short
|
-
|
2019-07-05
|
946806
|
Crash in BEInt<unsigned int, 4>::operator unsigned int
|
-
|
2019-07-05
|
947150
|
Use-of-uninitialized-value in dawn_native::ValidateTextureViewDescriptor
|
-
|
2019-07-05
|
918293
|
Security: Cross origin resource size infoleak
|
$1000
|
2019-07-04
|
927764
|
Download Protection: Malicious extensions Mac OS (Safe Browsing)
|
-
|
2019-07-04
|
944346
|
Crash in BEInt<unsigned int, 4>::operator unsigned int
|
-
|
2019-07-04
|
944945
|
CHECK failure: !result.failed() in wasm-engine.cc
|
-
|
2019-07-04
|
945370
|
UAF in IndexedDB
|
$8000
|
2019-07-04
|
946175
|
Crash in v8::internal::Map::instance_type
|
-
|
2019-07-04
|
946301
|
Heap-use-after-free in ash::CaptionContainerView::SetBackdropVisibility
|
-
|
2019-07-04
|
933221
|
Wild read within ASAN instrumentation in __sanitizer_cov_trace_pc_guard
|
-
|
2019-07-03
|
937773
|
CVE-2019-8912: Security: Linux Kernel: Potential priv esc via UAF in sockfs_settattr
|
-
|
2019-07-03
|
944391
|
Stack-buffer-overflow in sh::TInfoSinkBase::operator<<
|
-
|
2019-07-03
|
944971
|
Security: OOB memory access in v8 regexp
|
-
|
2019-07-03
|
945084
|
Crash in vpx_subtract_block_sse2
|
-
|
2019-07-03
|
945341
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsFixedArrayBase()) in fixed-array-i
|
-
|
2019-07-03
|
946310
|
CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc
|
-
|
2019-07-03
|
946350
|
Crash in v8::internal::Object::Number
|
-
|
2019-07-03
|
944435
|
CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint
|
-
|
2019-07-02
|
945124
|
Heap-use-after-free in disk_cache::SimpleEntryImpl::CreationOperationComplete
|
-
|
2019-07-02
|
945152
|
Heap-use-after-free in blink::PaintController::FinishCycle
|
-
|
2019-07-01
|
941340
|
CSP bypass with import maps
|
$1000
|
2019-06-30
|
940205
|
Heap-use-after-free in renameTokenCheckAll
|
-
|
2019-06-29
|
943913
|
Stack-buffer-overflow in quic::QuicDataReader::ReadConnectionId
|
-
|
2019-06-29
|
944013
|
Stack-buffer-overflow in quic::QuicDataReader::ReadBytes
|
-
|
2019-06-29
|
944062
|
Security: v8: turbofan: JSCallReducer::ReduceArrayIndexOfIncludes fails to insert Map checks
|
-
|
2019-06-28
|
937663
|
Use-of-uninitialized-value in mov_read_dfla
|
-
|
2019-06-27
|
942699
|
Security: Google V8 Array.prototype Memory Corruption Vulnerability (TALOS-2019-0791)
|
$2000
|
2019-06-27
|
942898
|
UAF in indexeddb IndexedDBDatabase::RequestComplete
|
$10000
|
2019-06-27
|
942671
|
URL spoofing using invalid urls (invalid prototype)
|
-
|
2019-06-26
|
939316
|
V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct
|
-
|
2019-06-25
|
941952
|
DCHECK failure in 0 <= index && index < node->op()->ValueInputCount() in node-properties.cc
|
$1500
|
2019-06-25
|
941743
|
Security: OOB write in v8::internal::(anonymous namespace)::ElementsAccessorBase
|
-
|
2019-06-24
|
941746
|
Security: UAF in content::IndexedDBDatabase
|
-
|
2019-06-22
|
940283
|
Use-of-uninitialized-value in content::PowerMonitorTestImpl::~PowerMonitorTestImpl
|
-
|
2019-06-21
|
941360
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2019-06-21
|
941542
|
Use-of-uninitialized-value in Deserializer::readDescriptor
|
-
|
2019-06-21
|
941991
|
Chromium: Vulnerability reported in libxml
|
-
|
2019-06-21
|
936531
|
heap-use-after-free : base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront
|
-
|
2019-06-20
|
939689
|
Security: Android : http authentication spoof
|
$1000
|
2019-06-20
|
939746
|
CHECK failure: TypeError: node #171:StringCharCodeAt(input @1 = PoisonIndex:PoisonIndex) type (
|
-
|
2019-06-20
|
940284
|
Stack-buffer-overflow in auto_descriptor_from_desc
|
-
|
2019-06-20
|
941008
|
Security: UAF in FileChooserImpl
|
-
|
2019-06-20
|
940296
|
Crash in unsigned long v8::base::AsAtomicImpl<long>::Relaxed_Load<unsigned long>
|
-
|
2019-06-19
|
940843
|
Stack-buffer-overflow in SkDescriptor::findEntry
|
-
|
2019-06-19
|
885215
|
Security: SiteInstanceImpl::GetSiteForURL ignores hash in Data URL
|
$500
|
2019-06-18
|
937199
|
pdfium (XFA): heap-use-after-free in CFX_ReadOnlyMemoryStream::ReadBlockAtOffset
|
$1000
|
2019-06-18
|
938724
|
pdfium (XFA): oob read in CFGAS_FormatString::FormatStrNum
|
$1000
|
2019-06-18
|
940000
|
heap-use-after-free : base::internal::WeakPtrFactoryBase::~WeakPtrFactoryBase
|
-
|
2019-06-18
|
940245
|
Security: Security: Chrome renderer process persistence bug on android
|
$1000
|
2019-06-18
|
932908
|
Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement
|
-
|
2019-06-17
|
939239
|
Arbitrary Read in swiftshader
|
$1000
|
2019-06-15
|
938867
|
Bad-cast to blink::HTMLInputElement in IsMenulistInput
|
-
|
2019-06-14
|
930550
|
Heap-buffer-overflow in bn_cmp_part_words
|
-
|
2019-06-13
|
937799
|
Security: Invalid read. SEGV on CXFA_Radial::Draw.
|
$3000
|
2019-06-13
|
938311
|
heap-use-after-free in AsyncCompileJob
|
$3000
|
2019-06-13
|
938626
|
pdfium (XFA): oob read in CFGAS_FormatString::GetNumericFormat
|
-
|
2019-06-13
|
937412
|
Crash in update_tricolor_matrix
|
-
|
2019-06-12
|
937628
|
Crash in dawn_native::TextureFormatPixelSize
|
-
|
2019-06-12
|
938251
|
Security: Integer overflow in NewFixedDoubleArray
|
-
|
2019-06-12
|
913320
|
Heap-use-after-free in CPDF_ShadingPattern::Load()
|
$3000
|
2019-06-11
|
917688
|
use-after-poison on blink::CanvasResourceDispatcher::OnBeginFrame
|
-
|
2019-06-11
|
925598
|
Security: URL bar spoofing on iOS (repro issue 844881)
|
$2000
|
2019-06-11
|
926160
|
CVE-2019-3819 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-06-11
|
937487
|
chrome.dashboardPrivate API is exposed to whole origin of https://chrome.google.com
|
$500
|
2019-06-11
|
937649
|
Unknown signal in Builtins_JSEntryTrampoline
|
-
|
2019-06-11
|
928014
|
Crash in base::FilePath::FilePath
|
-
|
2019-06-10
|
935209
|
Use-after-free in GenerateNetworkErrorLoggingReport
|
-
|
2019-06-10
|
915423
|
Use-of-uninitialized-value in v8::internal::Factory::NewNumberFromUint
|
-
|
2019-06-08
|
935374
|
Bad-cast to blink::LayoutImage from invalid vptr in blink::LayoutImage::ImageNotifyFinished
|
-
|
2019-06-08
|
937155
|
Bad-free in _pthread_tsd_cleanup
|
-
|
2019-06-08
|
937206
|
Heap-use-after-free in views::MenuController::OnWillDispatchKeyEvent
|
-
|
2019-06-08
|
929198
|
Crash in _cupsStrFree
|
-
|
2019-06-07
|
933743
|
Heap-buffer-overflow in media::mp4::ConvertAVCToAnnexBInPlaceForLengthSize4
|
-
|
2019-06-07
|
934166
|
Security: other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() (0x563015eb2cf8 vs. 0x563015eb2cf8).
|
-
|
2019-06-07
|
935076
|
Heap-use-after-free in blink::LayoutImage::ImageNotifyFinished
|
-
|
2019-06-07
|
936346
|
Crash in Ice::XNUMBER::InstImpl<struct Ice::XNUMBER::TargetX8664Traits>::InstX86Movd::emi
|
-
|
2019-06-07
|
936448
|
Heap-use-after-free WRITE 4 Ă· v8::internal::ElementsAccessorBase
|
-
|
2019-06-07
|
913964
|
UAP in blink::UpdatePlaceHolderImage
|
$3000
|
2019-06-06
|
919046
|
use-after-poison in blink::CanvasResourceDispatcher::OnBeginFrame
|
-
|
2019-06-06
|
929757
|
Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept
|
-
|
2019-06-06
|
930035
|
Security: Stack out-of-bounds writes in WebmMuxer::AddAudioTrack
|
$500
|
2019-06-06
|
930057
|
Security: CORS policy not applied for bitmap canvases loaded without CORS support
|
$1000
|
2019-06-06
|
932922
|
Heap-use-after-free in aura::EventObserverAdapter::~EventObserverAdapter
|
$1500
|
2019-06-06
|
934201
|
Security: Internal object leak in ReadableStream
|
-
|
2019-06-06
|
935175
|
Security: Address bar spoofing with mishandling canceled requests.
|
$1000
|
2019-06-06
|
934128
|
Heap-buffer-overflow in gpr_murmur_hash3
|
-
|
2019-06-05
|
936302
|
CHECK failure: fixed_size_above_fp + in deoptimizer.cc
|
-
|
2019-06-05
|
933004
|
Security: command line injection in Windows (--user-data-dir)
|
$500
|
2019-06-04
|
933664
|
OOB read and write in BigUint64Array
|
-
|
2019-06-04
|
935078
|
Crash in dawn_native::InputStateBuilder::SetAttribute
|
-
|
2019-06-04
|
935026
|
Global-buffer-overflow in dawn_native::VertexFormatComponentSize
|
-
|
2019-06-04
|
935138
|
Use-of-uninitialized-value in v8::internal::compiler::TurbofanWasmCompilationUnit::BuildGraphForWasmFunction
|
-
|
2019-06-04
|
931949
|
Security: Type confusion in JSPromise::TriggerPromiseReactions
|
-
|
2019-06-03
|
935101
|
CHECK failure: isolate->heap()->Contains(ho) in objects-debug.cc
|
-
|
2019-06-03
|
894933
|
Heap-buffer-overflow in xmlParseAttValueInternal
|
-
|
2019-06-02
|
927982
|
Heap-use-after-free in egl::Surface::deleteResources
|
-
|
2019-06-02
|
929088
|
Heap-use-after-free in egl::Display::terminate
|
-
|
2019-06-02
|
929962
|
Code review: ReadBits may return uninitialized value due to unchecked return status.
|
$500
|
2019-06-01
|
930663
|
Security: READ heap-buffer-overflow in libxslt (type confusion?)
|
$1000
|
2019-06-01
|
933418
|
ptrace syscall on Android can bypass seccomp on Linux <4.8
|
-
|
2019-06-01
|
934869
|
Crash in Ice::CfgNode::appendInst
|
-
|
2019-06-01
|
924209
|
Use-of-uninitialized-value in sw::Shader::analyzeIndirectAddressing
|
-
|
2019-05-31
|
933851
|
Bad-cast to (anonymous namespace)::WebrtcTaskQueue from invalid vptr in base::internal::Invoker<base::internal::BindState<void
|
-
|
2019-05-31
|
933977
|
Heap-buffer-overflow in sw::PixelProgram::CALL
|
-
|
2019-05-31
|
934085
|
Crash in llvm::ilist_base<true>::insertBeforeImpl
|
-
|
2019-05-31
|
352465
|
Security: terminalPrivate API should use an unforgeable process reference
|
-
|
2019-05-30
|
490720
|
Security: ping utility includes process id in echo requests
|
-
|
2019-05-30
|
920169
|
CrOS: Vulnerability reported in dev-libs/elfutils
|
-
|
2019-05-30
|
921983
|
CrOS: Vulnerability reported in dev-libs/libtasn1
|
-
|
2019-05-30
|
929652
|
DOMParser APIs send DNS request via preconnect link tag
|
-
|
2019-05-30
|
932034
|
Size calculation overflow can lead to heap buffer overflow
|
$5000
|
2019-05-30
|
932867
|
Stack-buffer-overflow in sw::Shader::analyzeCallSites
|
-
|
2019-05-30
|
932953
|
CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda
|
-
|
2019-05-30
|
933179
|
DCHECK failure in old_map_->is_stable() in map-updater.cc
|
-
|
2019-05-30
|
933212
|
Heap-use-after-free in CFX_ReadOnlyMemoryStream::~CFX_ReadOnlyMemoryStream
|
-
|
2019-05-30
|
933341
|
Heap-use-after-free in dawn_native::CommandEncoderBase::HandleBuilderError
|
-
|
2019-05-30
|
933760
|
Use-of-uninitialized-value in =
|
-
|
2019-05-30
|
927432
|
Use-after-poison in base::internal::Invoker<base::internal::BindState<void
|
-
|
2019-05-29
|
930154
|
Security: Possible to override browser-initiated navigation using WindowClient.navigate
|
$500
|
2019-05-29
|
932895
|
Crash in HandleDynamicTypeCacheMiss
|
-
|
2019-05-29
|
933135
|
Heap-use-after-free in content::IndexedDBBackingStore::Transaction::ChainedBlobWriterImpl::WriteNextFil
|
-
|
2019-05-29
|
933211
|
mXSS: Potential XSS via noembed tags parsed by DOMParser APIs
|
$500
|
2019-05-29
|
933521
|
DCHECK failure in length_ < capacity() in string-builder.cc
|
-
|
2019-05-29
|
928051
|
Crash in base::Thread::ThreadMain
|
-
|
2019-05-28
|
929521
|
Crash in metrics::CallStackProfile_Location* google::protobuf::Arena::CreateMaybeMessage<
|
-
|
2019-05-27
|
928863
|
Crash in sw::Thread::Thread
|
-
|
2019-05-26
|
908669
|
Bad-free in base::internal::BindState<void
|
-
|
2019-05-24
|
923654
|
Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive
|
-
|
2019-05-24
|
924972
|
Security: site isolation bypass: websockets leak cross-origin cookies
|
-
|
2019-05-24
|
926651
|
Security: [v8] Type Confusion in Builtins_CallUndefinedReceiver1Handler
|
$6000
|
2019-05-24
|
927646
|
Security: heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidationWithoutGeometryChange
|
$3000
|
2019-05-24
|
928974
|
Security: http authentication spoof (repro issue 884179)
|
$1000
|
2019-05-24
|
930948
|
CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint
|
-
|
2019-05-24
|
931175
|
Security: Invalid read. SEGV on CXFA_Graphics::FillPathWithShading
|
$500
|
2019-05-24
|
920580
|
CrOS: Vulnerability reported in dev-libs/libzip
|
-
|
2019-05-23
|
928138
|
Crash in base::CreateThread
|
-
|
2019-05-23
|
928223
|
Crash in base::RunLoop::Run
|
-
|
2019-05-23
|
878805
|
Weird crash in V8 javascript engine
|
-
|
2019-05-22
|
921581
|
Security: UAF in MidiManagerWin
|
-
|
2019-05-22
|
906342
|
CVE-2018-14625 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-21
|
913561
|
Security: pdfium heap BOF in RelocateTableRowCells
|
$1000
|
2019-05-21
|
926853
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2019-05-21
|
927438
|
Heap-use-after-free in blink::LayoutBlockFlow::DetermineStartPosition
|
-
|
2019-05-21
|
928044
|
Crash in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run
|
-
|
2019-05-21
|
929624
|
CVE-2018-16880 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-21
|
930474
|
Bad-cast to blink::LayoutText from invalid vptr in blink::ToLayoutText
|
-
|
2019-05-21
|
930580
|
DCHECK failure in !var->has_forced_context_allocation() || var->is_used() in scopes.cc
|
-
|
2019-05-20
|
930045
|
CHECK failure: transitions.SearchSpecial(roots.nonextensible_symbol()) == *old_map_ in map-upda
|
-
|
2019-05-19
|
927307
|
Github Wiki Pages for GoogleChrome are publicly editable.
|
$500
|
2019-05-18
|
927471
|
AppCache may be used to bypass CORB (URLs covered by manifest)
|
-
|
2019-05-18
|
927849
|
is_corb_enabled=false for requests from shared workers
|
-
|
2019-05-18
|
929711
|
Security: Idn-spoof with using U+00F0 (ð)
|
$500
|
2019-05-18
|
930026
|
Heap-buffer-overflow in base::WideToUTF8
|
-
|
2019-05-18
|
914983
|
pdfium: signed-integer-overflow in AdjustGlyphSpace / CFX_DIBBase::GetOverlapRect
|
$500
|
2019-05-17
|
919635
|
pdfium: signed-integer-overflow in CFX_RenderDevice::DrawNormalText
|
-
|
2019-05-17
|
919640
|
pdfium: signed-integer-overflow in CFX_AggDeviceDriver::StretchDIBits
|
-
|
2019-05-17
|
922446
|
crash_sender: invalid crash report names can trigger arbitrary file deletion as root
|
$500
|
2019-05-17
|
928720
|
Security: Type confusion in V8TrustedTypePolicyOptions::ToImpl
|
-
|
2019-05-17
|
929217
|
Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex
|
$1500
|
2019-05-17
|
929623
|
CVE-2018-16862 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-17
|
929625
|
CVE-2018-18397 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-17
|
929626
|
CVE-2018-19854 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-17
|
919643
|
pdfium: signed-integer-overflow in FX_RECT::Width
|
-
|
2019-05-16
|
921351
|
Crash in _cupsStrFree
|
-
|
2019-05-16
|
926854
|
CrOS: Vulnerability reported in app-admin/rsyslog
|
-
|
2019-05-16
|
928640
|
Use-of-uninitialized-value in bool base::internal::CheckedAddOp<long, long, void>::Do<long>
|
-
|
2019-05-16
|
928755
|
Heap-use-after-free in v8::internal::wasm::CompilationStateImpl::OnFinishedUnit
|
-
|
2019-05-16
|
929020
|
Crash in base::WaitableEvent::TimedWaitUntil
|
-
|
2019-05-16
|
926105
|
Framebusting protection bypass because a download redirected cross-origin gets processed as a main frame navigation
|
$500
|
2019-05-15
|
927396
|
Use-after-poison in viz::mojom::blink::CompositorFrameSinkClientStubDispatch::Accept
|
-
|
2019-05-15
|
928061
|
Heap-use-after-free in v8::internal::wasm::BackgroundCompileTask::RunInternal
|
-
|
2019-05-15
|
927555
|
Security DCHECK failure: RotateTransformOperation::IsMatchingOperationType(transform.GetType()) in rotate
|
$1500
|
2019-05-14
|
927644
|
PDFium Use After Free on CXFA_FFNotify::OpenDropDownList (XFA enable)
|
$3500
|
2019-05-14
|
925232
|
CHECK failure: (value & uint64_t{ADDRESS}) != unexpected || (value & uint64_t{ADDRESS}) == uint
|
-
|
2019-05-13
|
928062
|
Crash in base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity
|
-
|
2019-05-13
|
928239
|
CVE-2018-16884 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-13
|
826030
|
webRequest extensions can see other extensions' requests.
|
-
|
2019-05-11
|
925050
|
CHECK failure: size <= kMaxRegularHeapObjectSize in runtime-internal.cc
|
-
|
2019-05-11
|
915455
|
Crash in spirv_cross::Compiler::traverse_all_reachable_opcodes
|
-
|
2019-05-10
|
919176
|
Heap-buffer-overflow in spirv_cross::CompilerGLSL::emit_instruction
|
-
|
2019-05-10
|
925641
|
Crash in gldRenderFillPolygonPtr
|
-
|
2019-05-10
|
925790
|
Security: PDFium Use After Free in CXFA_ItemLayoutProcessor::ExtractLayoutItem
|
$3000
|
2019-05-10
|
926640
|
pdfium: use-after-dtor in CPDF_GeneralState::StateData::~StateData()
|
$1000
|
2019-05-10
|
913564
|
Security: pdfium heap use after free in cxfa_layoutitem
|
$3000
|
2019-05-09
|
919813
|
CrOS: Vulnerability reported in media-libs/lcms
|
-
|
2019-05-09
|
924450
|
Security: heap-use-after-free in blink::CSSToLengthConversionData::FontSizes::FontSizes
|
$3000
|
2019-05-09
|
926852
|
CVE-2018-16882 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-05-09
|
926964
|
Security DCHECK failure: node.IsElementNode() in element.h
|
-
|
2019-05-09
|
867509
|
Security: Chrome OS: almost-exploitable AVFS behavior: argument injection; subdir/bind bypass
|
-
|
2019-05-08
|
906601
|
Use-of-uninitialized-value in sse41::blit_row_s32a_opaque
|
-
|
2019-05-08
|
915197
|
OOB write in sw::VertexProgram::Program
|
$3000
|
2019-05-08
|
915206
|
OOB write in sw::VertexProgram::WHILE
|
$3000
|
2019-05-08
|
915218
|
OOB operation in SwiftShader JIT code.
|
$1000
|
2019-05-08
|
923695
|
Security: URL bar spoofing on iOS
|
-
|
2019-05-08
|
923951
|
Security: heap-use-after-free in blink::ImageResourceContent::UpdateImageAnimationPolicy
|
$3000
|
2019-05-08
|
924843
|
DCHECK failure in IsAligned(DistanceTo(target), kInstrSize) in instructions-arm64.cc
|
-
|
2019-05-08
|
925864
|
Security: UAF in FileSystemOperationRunner
|
-
|
2019-05-08
|
926027
|
Bad-cast to blink::Element from blink::Text in blink::LayoutTreeRebuildRoot::RootElement
|
-
|
2019-05-08
|
926036
|
DCHECK failure in (decl.pattern) != nullptr in parser.cc
|
-
|
2019-05-08
|
921390
|
Security: Hostname not elided securely (URL spoofing on iOS)
|
$500
|
2019-05-07
|
925671
|
DCHECK failure in 0 < outstanding_tiering_units_ in module-compiler.cc
|
-
|
2019-05-07
|
919356
|
Security: RCE via "copy as curl" on mac
|
-
|
2019-05-05
|
924133
|
Security: V8: Fatal error in ../../src/runtime/runtime-array.cc, line 167
|
-
|
2019-05-05
|
913314
|
Security: Permission request UI spoof
|
$500
|
2019-05-04
|
922864
|
pdfium (XFA): wrong object type in CFXJSE_FormCalcContext::ParseResolveResult
|
$3000
|
2019-05-04
|
924388
|
Use-of-uninitialized-value in views::View::GetWidget
|
-
|
2019-05-04
|
924457
|
Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers
|
-
|
2019-05-04
|
925146
|
CHECK failure: 2 == total_number_of_control_uses in verifier.cc
|
-
|
2019-05-04
|
903233
|
Heap-buffer-overflow in quipper::PerfSerializer::SerializeMMap2Event
|
-
|
2019-05-03
|
903237
|
Heap-buffer-overflow in quipper::PerfReader::ReadPipedData
|
-
|
2019-05-03
|
904382
|
Heap-buffer-overflow in quipper::PerfReader::ReadBuildIDMetadataWithoutHeader
|
-
|
2019-05-03
|
915975
|
V8 HeapObject pointing to JIT memory
|
$3000
|
2019-05-03
|
923205
|
Bad-cast to cc::ContentLayerClient from invalid vptr in cc::PictureLayer::Update
|
-
|
2019-05-03
|
924375
|
Heap-buffer-overflow in sh::OutputVariable::~OutputVariable
|
-
|
2019-05-03
|
924411
|
Bad parameters to --sanitizer-annotate-contiguous-container in sh::TCompiler::~TCompiler
|
-
|
2019-05-03
|
924382
|
Crash in sh::ShaderVariable::~ShaderVariable
|
-
|
2019-05-03
|
924537
|
Crash in sh::Attribute::~Attribute
|
-
|
2019-05-03
|
924905
|
DCHECK failure in lsb == base::bits::CountTrailingZeros32(value) in instruction-selector-arm.cc
|
-
|
2019-05-03
|
924928
|
pdfium (XFA): double-free in CJX_Node::saveXML
|
$3000
|
2019-05-03
|
924950
|
Heap-use-after-free in views::View::~View
|
-
|
2019-05-03
|
923913
|
Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition
|
-
|
2019-05-02
|
924418
|
Heap-use-after-free in ui::PropertyHandler::SetPropertyInternal
|
-
|
2019-05-02
|
915541
|
Security: ChromeOS Persistent root Command Execution
|
$75000
|
2019-05-01
|
922627
|
Chromium - Exposed GPU profiler allows to dump all URLs and headers from requested pages
|
$4000
|
2019-05-01
|
922844
|
Use-of-uninitialized-value in sqlite3BtreeMovetoUnpacked
|
-
|
2019-05-01
|
923630
|
Heap-use-after-free in ScopedObserver<ash::TabletModeController, ash::TabletModeObserver>::~ScopedObser
|
-
|
2019-05-01
|
923646
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2019-05-01
|
923675
|
DCHECK failure in candidate->location.IsValid() in modules.cc
|
-
|
2019-05-01
|
920120
|
CHECK failure: #14 ADDRESS (/mnt/scratch0/clusterfuzz/bot/builds/v8-asan_linux-debug_ddc8d9b4e
|
-
|
2019-04-30
|
920276
|
Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage
|
-
|
2019-04-30
|
920421
|
Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback
|
-
|
2019-04-30
|
923264
|
CHECK failure: object->IsAbstractCode() || object->IsSeqString() || object->IsExternalString()
|
-
|
2019-04-30
|
922933
|
DCHECK failure in *available != 0 in assembler-arm.cc
|
-
|
2019-04-29
|
912602
|
Crash in sw::Thread::Thread
|
-
|
2019-04-28
|
914925
|
Crash in libX11.so.6
|
-
|
2019-04-28
|
921393
|
Crash in cc::SaveOp::Serialize
|
-
|
2019-04-28
|
922303
|
Heap-buffer-overflow in AAT::KerxSubTableFormat4<AAT::KerxSubTableHeader>::driver_context_t::transition
|
-
|
2019-04-28
|
910305
|
Security: Make JIT payment Service Worker registrations same-origin only
|
-
|
2019-04-27
|
918022
|
Heap-buffer-overflow in scan_bos_continue
|
-
|
2019-04-27
|
918232
|
Security: chromedriver LCE
|
-
|
2019-04-27
|
918311
|
Heap-buffer-overflow in spvtools::opt::Instruction::GetSingleWordOperand
|
-
|
2019-04-27
|
919181
|
Container-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator
|
-
|
2019-04-27
|
920995
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-27
|
921380
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-27
|
922077
|
Bad-cast to content::(anonymous namespace)::WebServiceWorkerNetworkProviderImplForFrame from content::WebServiceWorkerNetworkProviderImplForWorker in content::ServiceWorkerNetworkProvider::FromWebServiceWorkerNetworkProvider
|
-
|
2019-04-27
|
922668
|
Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char
|
-
|
2019-04-27
|
888311
|
CrOS: Vulnerability reported in app-crypt/mit-krb5
|
-
|
2019-04-26
|
916523
|
Security: Double-destruction race in StoragePartitionService
|
-
|
2019-04-26
|
916152
|
Security: symlinks in /var/log can be abused to create messy arbitrary file write primitives
|
-
|
2019-04-25
|
916870
|
CrossCallParamsEx::GetParameterStr causes Heap-buffer-overflow
|
-
|
2019-04-25
|
919486
|
Clean up extended attributes inadvertently being set on user data files
|
-
|
2019-04-25
|
920115
|
Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::PriorityFromObserver
|
-
|
2019-04-25
|
921074
|
Heap-use-after-free in base::BasicStringPiece<std::__Cr::basic_string<char, std::__Cr::char_traits<char
|
-
|
2019-04-25
|
922432
|
Heap-buffer-overflow in unsigned int v8::internal::wasm::Decoder::read_leb_tail<unsigned int,
|
-
|
2019-04-25
|
922677
|
Security: UAF in FileWriterImpl
|
-
|
2019-04-25
|
910906
|
Upgrade SQLite to 3.26.0
|
-
|
2019-04-24
|
912074
|
heap-use-after-free on RTCPeerConnectionHandler
|
$3000
|
2019-04-24
|
912983
|
Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short
|
-
|
2019-04-24
|
916874
|
Heap-buffer-overflow in bool base::UTFConversion<base::BasicStringPiece<std::__1::basic_string<wchar_t,
|
-
|
2019-04-24
|
917702
|
Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int
|
-
|
2019-04-24
|
917936
|
Heap-buffer-overflow in AAT::KerxSubTableFormat4<struct AAT::KerxSubTableHeader>::driver_context_t::tran
|
-
|
2019-04-24
|
918340
|
Use-of-uninitialized-value in AAT::ankr::get_anchor
|
-
|
2019-04-24
|
920579
|
CrOS: Vulnerability reported in net-dns/avahi
|
-
|
2019-04-24
|
920990
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
920991
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
920992
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
920993
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
920994
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
921376
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
921377
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
921378
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
921379
|
CrOS: Vulnerability reported in media-gfx/imagemagick
|
-
|
2019-04-24
|
921382
|
Security: Debug check failed: nary->op() == Token::COMMA in V8 parsing
|
-
|
2019-04-24
|
921563
|
CrOS: Vulnerability reported in dev-libs/nettle
|
-
|
2019-04-24
|
921935
|
Crash in webrtc::video_coding::DecodedFramesHistory::InsertDecoded
|
-
|
2019-04-24
|
921838
|
Heap-buffer-overflow in blink::PropertyTreeManager::CreateCompositorScrollNode
|
-
|
2019-04-24
|
921951
|
Use-of-uninitialized-value in webrtc::video_coding::DecodedFramesHistory::WasDecoded
|
-
|
2019-04-24
|
921952
|
Heap-use-after-free in base::MessageLoopCurrent::GetWorkId
|
-
|
2019-04-24
|
914507
|
Use-of-uninitialized-value in sqlite3BtreeDelete
|
-
|
2019-04-23
|
916140
|
Security: ĂŻÂżÂŒĂŻÂżÂŒĂŻÂżÂŒ/run/ipsec and /run/l2tpipsec_vpn should ideally not be group-writable
|
-
|
2019-04-23
|
920733
|
getDisplayMedia() prompts from background tab, not obvious who's asking.
|
$500
|
2019-04-23
|
920859
|
Use-of-uninitialized-value in blink::AddressCache::Lookup
|
-
|
2019-04-22
|
921299
|
Use-of-uninitialized-value in SkPerlinNoiseShaderImpl::PaintingData::stitch
|
-
|
2019-04-22
|
921341
|
Security DCHECK failure: it != clients_.end() in css_image_generator_value.cc
|
-
|
2019-04-22
|
902650
|
Heap-use-after-free in vp8dx_bool_decoder_fill
|
-
|
2019-04-21
|
921076
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsPreparseData()) in shared-function
|
-
|
2019-04-21
|
911253
|
SQLite3 exprCodeBetween heap-buffer overflow
|
-
|
2019-04-20
|
911255
|
sqlite3ExprCompare Assertion Failure: (combinedFlags & EP_Reduced)==0
|
-
|
2019-04-20
|
917588
|
DCHECK failure in is_fp() in liftoff-register.h
|
-
|
2019-04-20
|
918284
|
DCHECK failure in *available != 0 in assembler-arm.cc
|
-
|
2019-04-20
|
918861
|
Security: Data race in ExtensionsGuestViewMessageFilter
|
-
|
2019-04-20
|
919717
|
CVE-2017-0553 libnl
|
-
|
2019-04-20
|
919754
|
DCHECK failure in !std::isnan(value) in js-operator.h
|
-
|
2019-04-20
|
920164
|
CHECK failure: value->IsSmi() || value->IsTheHole(isolate) in objects-debug.cc
|
-
|
2019-04-20
|
920491
|
CHECK failure: Type cast failed in CAST(elements) at ../../src/ic/accessor-assembler.cc:1830 in
|
-
|
2019-04-20
|
920769
|
DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc
|
-
|
2019-04-20
|
780039
|
kmod: kill support for /run/modprobe.d
|
-
|
2019-04-19
|
905509
|
Audit (and remove as appropriate) use of size_t in command buffer code
|
-
|
2019-04-19
|
914736
|
Security: Heap buffer overflow in the V8 language parser
|
$7500
|
2019-04-19
|
918470
|
Security: Extensions can add host permissions for chrome:// pages
|
$500
|
2019-04-19
|
919533
|
DCHECK failure in !load_dst_regs_.has(dst) in liftoff-assembler.cc
|
-
|
2019-04-19
|
919649
|
pdfium (XFA): oob array read in CFX_TxtBreak::GetBreakPos
|
-
|
2019-04-19
|
920048
|
Security: http authentication spoof on chrome iOS (repro issue 884179)
|
$500
|
2019-04-19
|
920566
|
Heap-use-after-free in PriorityFromObserver
|
-
|
2019-04-19
|
884122
|
Security: Use-after-free in CPDFSDK_Widget::GetMixXFAWidget
|
$3000
|
2019-04-18
|
892574
|
Security: Use-after-free in CPDFXFA_Page::GetDisplayMatrix
|
$3000
|
2019-04-18
|
915819
|
sqlite3 allows arbitrary binary extension loading
|
-
|
2019-04-18
|
918771
|
Heap-use-after-free in http2::HpackDecoderStringBuffer::BufferStringIfUnbuffered
|
-
|
2019-04-18
|
919800
|
Heap-use-after-free in SelectFileDialogExtension::ExtensionDialogClosing
|
$2500
|
2019-04-18
|
916080
|
Security: UAF in RenderProcessHostImpl binding for P2PSocketDispatcherHost
|
-
|
2019-04-17
|
916960
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2019-04-17
|
918273
|
Security DCHECK failure: !object || (object->IsBox()) in layout_box.h
|
-
|
2019-04-17
|
918917
|
DCHECK failure in HasRegisterMove(dst, src, type) in liftoff-assembler.cc
|
-
|
2019-04-17
|
919200
|
Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::DoMultiDrawEndCHROMIUM
|
-
|
2019-04-17
|
919340
|
CHECK failure: TypeError: node #169:DeadValue[kRepTagged](input @0 = CheckString:CheckString) t
|
-
|
2019-04-17
|
911822
|
Heap-use-after-free in gpu::gles2::GLES2DecoderPassthroughImpl::OnDebugMessage
|
-
|
2019-04-16
|
913836
|
Use-of-uninitialized-value in gpu::gles2::PassthroughGLDebugMessageCallback
|
-
|
2019-04-16
|
915857
|
vpn-manager must sanitize ipsec certificate fields
|
-
|
2019-04-16
|
919572
|
DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc
|
-
|
2019-04-16
|
918149
|
DCHECK failure in src.is_reg_only() implies src.reg().is_byte_register() in assembler-ia32.cc
|
-
|
2019-04-14
|
919014
|
Heap-use-after-free in quic::QuicStreamSequencerBuffer::FirstMissingByte
|
-
|
2019-04-14
|
919073
|
Heap-use-after-free in net::IntervalSet<unsigned long long>::Empty
|
-
|
2019-04-14
|
888323
|
CVE-2018-14611 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-04-13
|
888324
|
CVE-2018-14612 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-04-13
|
888325
|
CVE-2018-14613 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-04-13
|
918260
|
Heap-buffer-overflow in dawn_wire::QueueSubmitDeserialize
|
-
|
2019-04-13
|
918094
|
Heap-buffer-overflow in dawn_wire::dawnShaderModuleDescriptorDeserialize
|
-
|
2019-04-13
|
918323
|
Heap-buffer-overflow in BEInt<unsigned int, 4>::operator unsigned int
|
-
|
2019-04-13
|
918348
|
Heap-buffer-overflow in dawn_wire::dawnRenderPassColorAttachmentDescriptorDeserialize
|
-
|
2019-04-13
|
918849
|
Heap-use-after-free in base::small_map<class std::unordered_map<unsigned int,class std::unique_ptr<clas
|
-
|
2019-04-13
|
906252
|
Security: LUCI - Best practice in html escaping content before rendering not followed
|
-
|
2019-04-12
|
910222
|
Use-of-uninitialized-value in avx::store_bgra
|
-
|
2019-04-12
|
914731
|
Security: The serialized data is corrupted because the return value is always true.
|
$1000
|
2019-04-12
|
917151
|
CHECK failure: U_SUCCESS(status) in intl-objects.cc
|
-
|
2019-04-12
|
917412
|
DCHECK failure in !move_dst_regs_.has(dst) in liftoff-assembler.cc
|
-
|
2019-04-12
|
917450
|
DCHECK failure in 0 != kLiftoffAssemblerGpCacheRegs & reg.bit() in liftoff-register.h
|
-
|
2019-04-12
|
917785
|
Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2u>::operator
|
-
|
2019-04-12
|
917589
|
Heap-use-after-free in gfx::ToEnclosingRect
|
-
|
2019-04-12
|
917980
|
Security: Heap-use-after-free in TypedArray.join
|
$5000
|
2019-04-12
|
917988
|
DCHECK failure in outer_scope_ == scope->outer_scope() in bytecode-generator.cc
|
-
|
2019-04-12
|
918222
|
Heap-buffer-overflow in BEInt<unsigned char, 1>::operator unsigned char
|
-
|
2019-04-12
|
918450
|
Heap-use-after-free in cc::Layer::SetOffsetToTransformParent
|
-
|
2019-04-12
|
905975
|
Security: use-after-poison in mojo::SimpleWatcher::OnHandleReady
|
$3000
|
2019-04-11
|
914756
|
Bad-cast to spvtools::utils::SmallVector<unsigned int, 2> from invalid vptr in spvtools::opt::Instruction::GetSingleWordOperand
|
-
|
2019-04-11
|
918454
|
Security: World Editable GitHub Repository Wikis for chromium
|
$500
|
2019-04-11
|
856973
|
Security: Type confusion bypasses Spectre mitigation
|
-
|
2019-04-10
|
917021
|
Crash in AddressIsPoisoned
|
-
|
2019-04-10
|
917025
|
Heap-buffer-overflow in (std::is_function<std::__1::remove_pointer<unsigned
|
-
|
2019-04-10
|
915636
|
CVE-2018-20169: Security: Linux kernel: BOF in drivers/usb/core/hub.c allowing read, maybe write
|
-
|
2019-04-09
|
917032
|
Heap-use-after-free in cc::Layer::SetOffsetToTransformParent
|
-
|
2019-04-08
|
916558
|
Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
|
-
|
2019-04-07
|
905815
|
DCHECK failure in pc <= end_ in decoder.h
|
-
|
2019-04-06
|
916861
|
Crash in media::Vp9Parser::ParseSuperframe
|
-
|
2019-04-06
|
917036
|
Crash in media::IvfParser::ParseNextFrame
|
-
|
2019-04-06
|
917608
|
Crash in AddressIsPoisoned
|
-
|
2019-04-06
|
917645
|
DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc
|
-
|
2019-04-06
|
918027
|
Heap-use-after-free in blink::LayoutTableCell::CompareInDOMOrder
|
-
|
2019-04-06
|
931640
|
Security: Type confusion in JSPromise::TriggerPromiseReactions
|
-
|
2019-04-05
|
749852
|
Page still eats the page until the next `'`
|
$500
|
2019-04-05
|
910824
|
DCHECK failure in *available != 0 in assembler-arm.cc
|
-
|
2019-04-05
|
914511
|
IsolatedOrigins should ignore port numbers
|
-
|
2019-04-05
|
916871
|
Heap-buffer-overflow in dawn_wire::dawnBindGroupLayoutBindingDeserialize
|
-
|
2019-04-05
|
916916
|
Heap-buffer-overflow in dawn_wire::ComputePassEncoderSetPushConstantsDeserialize
|
-
|
2019-04-05
|
881024
|
Use-of-uninitialized-value in gtk_widget_destroy
|
-
|
2019-04-04
|
917668
|
Security: Cross Domain Bug of Indexeddb Database
|
-
|
2019-04-04
|
913270
|
Heap-use-after-free in midi::MidiManager::~MidiManager
|
-
|
2019-04-03
|
900145
|
Crash in _platform_memmove$VARIANT$Nehalem
|
-
|
2019-03-31
|
908191
|
Crash in SkBinaryWriteBuffer::writePad32
|
-
|
2019-03-31
|
916873
|
Heap-buffer-overflow in hunspell::BDict::Verify
|
-
|
2019-03-31
|
912508
|
Heap-buffer-overflow in sh::SetUnionArrayFromMatrix
|
-
|
2019-03-30
|
912592
|
DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc
|
-
|
2019-03-30
|
913805
|
Crash in es2::Shader::compile
|
-
|
2019-03-30
|
916897
|
Crash in blink::FindBuffer::PositionAtStartOfCharacterAtIndex
|
-
|
2019-03-30
|
917147
|
Crash in FromHeapObject
|
-
|
2019-03-30
|
917545
|
abort in pdfium_test (copied from PDFium tracker)
|
-
|
2019-03-30
|
733943
|
Do not store URLs in xattr
|
-
|
2019-03-29
|
901768
|
Need a reliable mechanism to make the login profile inaccessible after login completes
|
-
|
2019-03-29
|
912211
|
Security: a use-after-free in RenderFrameImple can lead to an RCE
|
$3000
|
2019-03-29
|
910916
|
Heap-use-after-free in baseline::run_program
|
-
|
2019-03-28
|
916428
|
Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith
|
-
|
2019-03-28
|
916525
|
DCHECK failure in HasSimpleParameters() || is_block_scope() || is_being_lazily_parsed_ in scopes.c
|
-
|
2019-03-28
|
916869
|
Ill in v8::internal::wasm::fuzzer::WasmExecutionFuzzer::FuzzWasmModule
|
-
|
2019-03-28
|
901677
|
Heap-use-after-free in baseline::exec_ops
|
-
|
2019-03-27
|
906437
|
Use-of-uninitialized-value in av_tolower
|
-
|
2019-03-27
|
914240
|
Crash in dawn_native::null::Buffer::SetSubDataImpl
|
-
|
2019-03-27
|
915205
|
Crash in dawn_native::BufferBase::SetSubData
|
-
|
2019-03-27
|
915446
|
Security: Background fetch leaks cross-origin response size
|
$1000
|
2019-03-27
|
915469
|
Security: Type Confusion in LayoutBlockFlow::CreateLineBoxes
|
$3000
|
2019-03-27
|
915492
|
Crash in dawn_wire::server::Server::OnMapReadAsyncCallback
|
-
|
2019-03-27
|
915550
|
Heap-use-after-free in content::BackgroundFetchContext::StartFetch
|
-
|
2019-03-27
|
915587
|
Use-of-uninitialized-value in blink::MarkingVisitor::ConservativelyMarkAddress
|
-
|
2019-03-27
|
915783
|
Security: Heap-use-after-free in TypedArray.toLocaleString
|
$5000
|
2019-03-27
|
916288
|
DCHECK failure in IsAssignmentContext() in pattern-rewriter.cc
|
-
|
2019-03-27
|
899689
|
Security: Incorrect convexity assumptions in Skia leading to buffer overflows
|
-
|
2019-03-26
|
906333
|
Use-of-uninitialized-value in mz_zip_entry_read_header
|
-
|
2019-03-26
|
912947
|
Security: UAFs in PaymentRequest service
|
-
|
2019-03-26
|
912997
|
Heap-use-after-free in media::AudioThreadHangMonitor::StartTimer
|
-
|
2019-03-26
|
913246
|
WebRTC: Potential Use-after-free in VP8 Block Decoding (MFQE feature)
|
$1000
|
2019-03-26
|
914615
|
Bad-cast to dawn_wire::server::Serverdawn_wire::server::ForwardBufferMapReadAsync in dawn_native::BufferBase::~BufferBase
|
-
|
2019-03-24
|
914562
|
Heap-use-after-free in gcm::GCMDriver::Shutdown
|
-
|
2019-03-24
|
914620
|
Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace
|
-
|
2019-03-24
|
915299
|
Crash in net_http_server_fuzzer
|
-
|
2019-03-24
|
905940
|
OOB Write in ValueDeserializer::ReadDenseJSArray (Tian Fu Cup exploit)
|
-
|
2019-03-23
|
908358
|
Heap-buffer-overflow in mov_read_trun
|
-
|
2019-03-23
|
913970
|
UAP in blink::FileReaderLoader::OnStartLoading
|
$3000
|
2019-03-23
|
912520
|
Security: UAF in RenderFrameHostImpl::CreateMediaStreamDispatcherHost
|
-
|
2019-03-23
|
914020
|
Heap-buffer-overflow in spvtools::opt::IRContext::ReplaceAllUsesWith
|
-
|
2019-03-23
|
914262
|
Use-of-uninitialized-value in content::RenderFrameImpl::CommitNavigation
|
-
|
2019-03-23
|
915293
|
Heap-use-after-free in content::RenderFrameImpl::CommitNavigation
|
-
|
2019-03-23
|
896838
|
Heap-buffer-overflow in libX11.so.6
|
-
|
2019-03-22
|
904105
|
quipper_perf_reader_read_fuzzer Crash in _fini
|
-
|
2019-03-22
|
906379
|
Use-of-uninitialized-value in WebRtcIsacfix_PitchFilterCore
|
-
|
2019-03-22
|
910014
|
Heap-use-after-free in aura::Env::last_mouse_location
|
-
|
2019-03-22
|
913807
|
Heap-use-after-free in BadgeServiceImpl::ClearBadge
|
-
|
2019-03-22
|
913975
|
Chrome tab crashes when a pattern containing a Hebrew character followed by 2 horizontal tabs and then another character is clicked.
|
$1000
|
2019-03-22
|
914216
|
Incorrect-function-pointer-type in base::OnceCallback<void
|
-
|
2019-03-22
|
914251
|
Bad-cast to std::__1::__function::__base<void ()> from std::__1::__function::__func<void (*)(), std::__1::allocator<void (*)()>, void ()> in v8::base::CallOnceImpl
|
-
|
2019-03-22
|
914325
|
Bad-cast to gl::Object from es2::Context in egl::Display::createContext
|
-
|
2019-03-22
|
914497
|
QUIC proxying breaks end-to-end encryption
|
$7500
|
2019-03-22
|
914697
|
Heap-buffer-overflow in av_reallocp
|
-
|
2019-03-22
|
914699
|
Heap-buffer-overflow in av_realloc_f
|
-
|
2019-03-22
|
914701
|
Heap-buffer-overflow in ff_hNUMBER_packet_split
|
-
|
2019-03-22
|
914812
|
Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void
|
-
|
2019-03-22
|
914820
|
Use-of-uninitialized-value in v8::internal::compiler::Node::AppendUse
|
-
|
2019-03-22
|
901206
|
Memcpy-param-overlap in av1_convolve_2d_copy_sr_sse2
|
-
|
2019-03-21
|
902427
|
Permissions request clickjacking flaw report:
|
$2000
|
2019-03-21
|
913232
|
DCHECK failure in HasIncomingBackEdges(block) implies block_effects.For(block->PredecessorAt(0), b
|
-
|
2019-03-21
|
912504
|
CHECK failure: fixed_size_above_fp + in deoptimizer.cc
|
-
|
2019-03-21
|
913822
|
DCHECK failure in !failed_ in asm-parser.cc
|
-
|
2019-03-21
|
914388
|
CHECK failure: fixed_size_above_fp + in deoptimizer.cc
|
-
|
2019-03-21
|
888310
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2019-03-20
|
893395
|
ASSERT: failed: expected exception __c_0, got RangeError: Array buffer allocation
|
-
|
2019-03-20
|
910098
|
Heap-use-after-free in blink::AudioNodeOutput::RemoveInput
|
-
|
2019-03-20
|
912887
|
CVE-2018-17972 CrOS: Vulnerability reported in Linux kernel
|
-
|
2019-03-20
|
912922
|
Heap-use-after-free in base::internal::ObserverListThreadSafeBase::Dispatcher<base::PowerObserver, void
|
-
|
2019-03-20
|
913212
|
DCHECK failure in index >= 0 && index < this->length() in fixed-array-inl.h
|
-
|
2019-03-20
|
883596
|
Security: Skia missing reset fLastMoveToIndex in SkPath::transform() lead to out-of-bound
|
-
|
2019-03-19
|
896538
|
Security: Skia fLastMoveToIndex wrong state
|
-
|
2019-03-19
|
902516
|
Security: Lock Screen allows pasting of contents from locked session
|
-
|
2019-03-19
|
913296
|
Security: V8: Incorrect type information on SpeculativeSafeIntegerSubtract
|
$5000
|
2019-03-19
|
767635
|
CSP inheritance to cross-origin navigated data URL allows cross-origin info leak
|
$500
|
2019-03-18
|
907937
|
DCHECK failure in (pending_foreground_task_) == nullptr in module-compiler.cc
|
-
|
2019-03-18
|
912980
|
Use-of-uninitialized-value in v8::internal::Decoder<v8::internal::Simulator>::DecodeBranchSystemException
|
-
|
2019-03-17
|
911416
|
Security: SEGV_ACCERR in Symbol.prototype.description hash calc
|
-
|
2019-03-16
|
912600
|
Heap-use-after-free in dawn_native::DeviceBase::Release
|
-
|
2019-03-16
|
912596
|
Use-of-uninitialized-value in v8::internal::Simulator::FPCompare
|
-
|
2019-03-16
|
912601
|
Heap-use-after-free in dawn_native::DeviceBase::Release
|
-
|
2019-03-16
|
912693
|
Global-buffer-overflow in CreateECCBlock
|
-
|
2019-03-16
|
912646
|
Use-of-uninitialized-value in dawn_native::DeviceBase::Release
|
-
|
2019-03-16
|
883265
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2019-03-15
|
904182
|
Downloaded .desktop file execution in Linux
|
-
|
2019-03-15
|
907211
|
Heap-use-after-free in viz::HostFrameSinkManager::InvalidateFrameSinkId
|
-
|
2019-03-15
|
909865
|
Security: iframe.contentWindow.location.href can bypass CSP for javascript URLs
|
$1000
|
2019-03-15
|
910663
|
Crash in Builtins_PromiseRejectReactionJob
|
-
|
2019-03-15
|
911907
|
DCHECK failure in !is_running_microtasks_ in isolate.cc
|
-
|
2019-03-15
|
89453
|
UXSS with empty SecurityOrigin
|
$1000
|
2019-03-15
|
456518
|
HTML parser may leave frame element in an incorrect state
|
$7500
|
2019-03-15
|
906383
|
Use-of-uninitialized-value in quic::QuicFramer::ProcessIetfFrameData
|
-
|
2019-03-14
|
906652
|
Use-of-uninitialized-value in gpu::gles2::ContextState::InitState
|
-
|
2019-03-14
|
908829
|
Crash in dawn_native::BufferBase::SetSubData
|
-
|
2019-03-14
|
910210
|
In presence of NetworkService, AppCache may be used to bypass CORB
|
-
|
2019-03-14
|
911827
|
Bad-cast to dawn_native::DeviceBase from invalid vptr in dawn_native::ValidatingDeviceRelease
|
-
|
2019-03-14
|
912125
|
Heap-buffer-overflow in fxcrt::WideString::SetAt
|
-
|
2019-03-14
|
884511
|
Security: ChromeOS root Command Execution
|
$11337
|
2019-03-13
|
900386
|
Use-of-uninitialized-value in SuperBlitter::blitH
|
-
|
2019-03-13
|
905542
|
Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void
|
-
|
2019-03-13
|
906427
|
Heap-buffer-overflow in spvtools::utils::SmallVector<unsigned int, 2ul>::operator
|
-
|
2019-03-13
|
906837
|
User can open browser in sign-in profile from captive profile dialog
|
-
|
2019-03-13
|
907278
|
Heap-use-after-free in dawn_native::DeviceBase::Release
|
-
|
2019-03-13
|
907345
|
Use-of-uninitialized-value in dawn_native::DeviceBase::Release
|
-
|
2019-03-13
|
907386
|
Heap-use-after-free in dawn_native::DeviceBase::Release
|
-
|
2019-03-13
|
910223
|
DCHECK failure in left != right in macro-assembler-arm.cc
|
-
|
2019-03-13
|
910903
|
DCHECK failure in !AreAliased(dst_high, src_low) in macro-assembler-arm.cc
|
-
|
2019-03-13
|
910852
|
Heap-use-after-free in spvtools::opt::VectorDCE::HasScalarResult
|
-
|
2019-03-13
|
911155
|
Heap-use-after-free in dawn_native::DeviceBase::Release
|
-
|
2019-03-13
|
911686
|
Heap-buffer-overflow in SuperBlitter::blitH
|
-
|
2019-03-13
|
831112
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2019-03-12
|
836148
|
CSP should always inherit same-origin opener's CSP
|
$500
|
2019-03-12
|
894228
|
CSP bypass with blob URL
|
$1000
|
2019-03-12
|
901605
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2019-03-12
|
905301
|
Security: CSP does not propagate to blob: URIs
|
$1000
|
2019-03-12
|
908207
|
Security: CSP(Content-security-policy) vulnerabilities are not completely repaired in Chrome 70.0.3538.110 and can still be bypassed
|
-
|
2019-03-12
|
909990
|
unknow memory write in v8
|
-
|
2019-03-12
|
905571
|
Use-of-uninitialized-value in extensions::ChromeExtensionsBrowserClient::GetOriginalContext
|
-
|
2019-03-10
|
910480
|
Heap-buffer-overflow in safe_browsing::PeImageReader::EnumCertificates
|
-
|
2019-03-10
|
910850
|
CHECK failure: size <= elements()->length() || elements() == ReadOnlyRoots(isolate).empty_fixed
|
-
|
2019-03-10
|
867807
|
Security: Symlinks on user-supplied file systems allow are risky
|
-
|
2019-03-09
|
898306
|
Raw cookies are disclosed to cross-site renderer (in presence of DevTools and NetworkService)
|
-
|
2019-03-09
|
910593
|
Crash in VisitPointersImpl<v8::internal::ObjectSlot>
|
-
|
2019-03-09
|
910632
|
Crash in FromHeapObject
|
-
|
2019-03-09
|
910634
|
Crash in MemCopy
|
-
|
2019-03-09
|
910662
|
Crash in void v8::internal::EvacuateVisitorBase::RawMigrateObject<
|
-
|
2019-03-09
|
904265
|
OOB operation in swiftshader's JIT
|
$1000
|
2019-03-08
|
908834
|
Use-of-uninitialized-value in void base::Pickle::WriteBytesStatic<4ul>
|
-
|
2019-03-08
|
909678
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2019-03-08
|
909796
|
Bad-cast to blink::StringResource8 from blink::ParkableStringResource8 in blink::V8Element::GetElementsByClassNameMethodCallback
|
-
|
2019-03-08
|
909976
|
Heap-use-after-free in v8::internal::Scope::Snapshot::RestoreEvalFlag
|
-
|
2019-03-08
|
910247
|
Global-buffer-overflow in blink::Element |