Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2020.json

Options
#Summary$$$Disclosure date
1125294cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-31
1073063Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine-2020-12-30
1101509Security: UAF in RawClipboardHostImpl$30,0002020-12-30
1116280Self-XSS / Crash via window.open and delayed navigation$5,0002020-12-30
1129705Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext-2020-12-30
1129840CrOS: Vulnerability reported in x11-libs/libX11-2020-12-30
1130111Heap-use-after-free in views::View::GetPreferredSize-2020-12-30
1130489CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc-2020-12-30
1125871Crash in v8::internal::Simulator::LoadStoreHelper-2020-12-29
1128318Chrome: UAF in SessionStorageImpl-2020-12-29
1130127Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-12-29
1113565Security: Extensions can use chrome.debugger API to access contents of local files$5,0002020-12-28
1128994Unknown exception in CrashForExceptionInNonABICompliantCodeRange-2020-12-27
1129422h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk-2020-12-26
1129598Heap-use-after-free in blink::NGInlineCursor::MoveTo-2020-12-26
1129706v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc-2020-12-26
1127520.well-known/change-password NavigationThrottle should only be instantiated for main frame navigations-2020-12-25
1129359webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi-2020-12-25
1129568Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-12-25
1129842CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel-2020-12-25
1125199heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse-2020-12-24
1127112Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar-2020-12-24
1127610CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj-2020-12-24
1128343CrOS: Vulnerability reported in net-libs/gnutls-2020-12-24
1128756Bad-cast to const char *() in ui::CursorPathFromLibXcursor-2020-12-24
1129515Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1129285Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal-2020-12-24
1092130v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-12-23
1111149video.captureStream() may allow cross-origin resource theft-2020-12-23
1124723CHECK failure: parse_success in experimental.cc-2020-12-23
1127496Security: Screen share clickjacking secondary issue-2020-12-23
1128267Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread-2020-12-23
1128342CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel-2020-12-23
1127405CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1127407Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem-2020-12-22
1128301CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2020-12-22
1128341CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel-2020-12-22
1126249Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger-2020-12-21
1127310CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel-2020-12-21
1127319Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()).$5,0002020-12-21
1102153Security: Information disclosure through screenshare with clickjacking$2,0002020-12-19
1123883Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2020-12-19
1125210heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory-2020-12-19
1126522Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-19
1127158Heap-use-after-free in views::MenuController::ExitMenu-2020-12-19
1106612heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z-2020-12-18
1124782DCHECK failure in top() >= original_top_ in new-spaces.h-2020-12-18
1126769CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-12-18
1100136heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process)$15,0002020-12-17
1121414Security: Missing IsContextDestroyed in MediaKeys-2020-12-17
1122848DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc-2020-12-17
1121836Security: HeapOverflow in SerialHandle$10,0002020-12-16
1124776transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString-2020-12-16
1125187Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone-2020-12-16
1125354Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture-2020-12-16
1125951DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc-2020-12-16
1124646DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag-2020-12-15
1124677CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu-2020-12-15
1124696Crash in Builtins_InterpreterEntryTrampoline-2020-12-15
1125386Security: chrome dev tools frontend cloud container is leaking-2020-12-15
1126106Security: ignore this-2020-12-15
1125887Crash in Builtins_RegExpMatchFast-2020-12-15
1126108Security: ignore this-2020-12-15
1124997Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered-2020-12-14
1125144Crash in marl::Scheduler::Worker::runUntilIdle-2020-12-14
1125504Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox-2020-12-14
1106890Security: Possible for apps to access http/https sites outside of a webview context via blob URLs$15,0002020-12-12
1111685Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap-2020-12-12
1114114CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel-2020-12-12
1119532mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair-2020-12-12
1123023Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay.$3,0002020-12-12
1124477DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h-2020-12-12
1124617Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty$3,0002020-12-12
1124754Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset-2020-12-12
1111737Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal()$7,5002020-12-08
1112155DCHECK failure in address % 4 == 0 in simulator-arm.cc-2020-12-08
1113558Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API$5,0002020-12-08
1123522Security: Use-After-Poison in XRFrameProvider$7,5002020-12-08
1099390Security: ChromeOS chronos privilege escalation to root$30,0002020-12-07
1122917Security: UAF in DirectSocketsServiceImpl$20,0002020-12-07
1123379DCHECK failure in effect_edges > 0 in verifier.cc-2020-12-07
1088224Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images$5,0002020-12-06
1123258cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-06
1114636Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget$15,0002020-12-05
1116123cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion-2020-12-05
1115662Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport)$30,0002020-12-04
1116505cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2020-12-04
1116903container-overflow in blink::MediaStreamSource$2,0002020-12-04
1117258Segv on unknown address in v8::internal::JSPromise::Fulfill-2020-12-04
1120729CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc-2020-12-04
1114458ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data-2020-12-03
1115945CrOS: Vulnerability reported in x11-libs/libX11-2020-12-03
1116304Security: UAF in VideoCapture$20,0002020-12-03
1119331mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure-2020-12-03
1119400Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-12-03
1119419v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline-2020-12-03
1121156Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext-2020-12-03
1122560CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel-2020-12-03
1115963Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos-2020-12-02
1115977Security: BackupArcBugReport file write vulnerability-2020-12-02
1121898webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection-2020-12-02
1121982CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel-2020-12-02
1119865Security: UAF in StopProfiler$7,5002020-12-01
1120924webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone-2020-12-01
1121642CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel-2020-12-01
1120956Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout-2020-11-30
1117367Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358?$5002020-11-28
1120825webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput-2020-11-28
1116019v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32-2020-11-27
1114556Security: UaF in views::View::UpdateTooltip$5,0002020-11-25
1116706Security: Use After Free in PresentationConnectionCallbacks::OnSuccess$7,5002020-11-25
1081874Double free on NodeChannel-2020-11-24
1099670CrOS: Vulnerability reported in dev-libs/libpcre-2020-11-24
1092518Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly$5002020-11-21
1108511heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged-2020-11-21
1108892dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-11-21
1109120Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page-2020-11-21
1113209dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-11-21
1113554dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-21
1114066Potential UAF when closing chrome://cellular-setup-2020-11-21
1114398crash in Builtins_StaCurrentContextSlotHandler$5,0002020-11-21
1114500gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER-2020-11-21
1115345Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect-2020-11-21
1115354DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h-2020-11-21
1115693Heap-use-after-free in blink::Element::AttributeChanged-2020-11-21
1115902Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged-2020-11-21
1112206Security: pdfium Debug check failed-2020-11-18
1092453Restrictions on navigation to the content scheme can be bypassed on Android$3,0002020-11-17
1114803wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int>-2020-11-17
1104628Security: Private file upload (data exfiltration)$1,0002020-11-16
1114326Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner-2020-11-15
1038208canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed-2020-11-14
1113710Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-14
1102361Security: Arbitrary command execution vulnerability in patchpanel-2020-11-13
1113226Security: Heap overflow in libavif-2020-11-13
1114005CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc-2020-11-13
1114006DCHECK failure in 0 <= length in factory-base.cc-2020-11-13
937179Security: Malicious link opens multiple tabs via URI handler$5002020-11-12
1034224CrOS: Vulnerability reported in dev-libs/libxslt-2020-11-12
1039058CrOS: Vulnerability reported in dev-libs/libxml2-2020-11-12
1108116heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions-2020-11-12
1110207Security: Use after free in Payments$20,0002020-11-12
1112440gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param-2020-11-12
1112442gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group-2020-11-12
1112474gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1112477gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc-2020-11-12
1108181Security: bypas of the protection of input field cache$5,0002020-11-11
1108518Security: UAF in ScriptPromiseProperty due to iterator invalidation$7,5002020-11-11
1100280Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation$5002020-11-10
1103827Security: heap-buffer-overflow in TextDetection detect-2020-11-10
1106590Step "blink_web_tests" failing on builder "WebKit Linux MSAN"-2020-11-10
1112642Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint-2020-11-10
841622Security: Speech permission request UI spoof$5002020-11-09
1104046Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner().$7,5002020-11-09
1100286Chromium: Vulnerability reported in third_party/requests-2020-11-08
1108535Security: UAF in ImageDecoderExternal due to iterator invalidation$7,5002020-11-07
1110432mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles-2020-11-07
1111831Crash in v8::internal::Heap::CreateFillerObjectAt-2020-11-07
1111972Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers-2020-11-07
1112025DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top-2020-11-07
1112039Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint-2020-11-07
1107433Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability$10,0002020-11-06
1111015v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2020-11-06
1111307Security: UAF in OfflinePageTabHelper::LoadData-2020-11-06
1012955Security: Reader mode needs improved sanitization-2020-11-05
1107104dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-11-05
1110749net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1110991zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence-2020-11-05
1110992net_spdy_session_fuzzer: Heap-use-after-free in base::operator<<-2020-11-05
1145680Ports 5060 and 5061 should be blocked-2020-11-04
1092385Security: heap-use-after-free / double-free in blink::CanvasResourceProvider$5,0002020-11-04
1106342Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent-2020-11-04
1106507Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper-2020-11-04
1107824Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self'-2020-11-04
1108091Race condition in NativeFileSystemWriter close logic-2020-11-04
1109467Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask-2020-11-04
1110564v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc-2020-11-04
1090352Security: no user interaction: URL spoofing using blob + @ (iOS)$1,0002020-11-03
1106299CrOS: Vulnerability reported in net-fs/samba-2020-11-03
1108351Security: Use of conditionally uninitialised stack variable may leak stack state-2020-11-03
1108472Security: UAF in RTCQuicTransport due to iterator invalidation$7,5002020-11-03
1110214DCHECK failure in !result.IsRetry() in new-spaces.cc-2020-11-03
1102196Security: Keystone for macOS should use auditToken to validate incoming XPC message$10,0002020-11-02
1108299UaF in NFCHost::GetNFC-2020-11-02
1108497Security: UAF in RemotePlayback due to iterator invalidation (Android only)$7,5002020-11-02
931013Extension has an ability to execute script in New Tab Page$5002020-10-31
1109108pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect()$7,5002020-10-31
1109461CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel-2020-10-31
1099276Security: Cursor hijacking mitigation bypass-2020-10-30
1105426Security: Use-after-free in MediaElementEventListener::UpdateSources-2020-10-30
1106091Security: Sending uninitialized bytes between processes-2020-10-30
1106234Security: heap-user-after-free in HidService-2020-10-30
1106682Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList-2020-10-30
1107815Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers-2020-10-30
1108639openh264 is vulnerable to a known vulnerability-2020-10-30
1105720Security: heap-buffer-overflow in SkReader32::readInt-2020-10-28
1139963Security: Heap buffer overflow due to integer truncation in FreeType-2020-10-28
1039882Leaking size of cross-origin resource by caching it twice$2,0002020-10-27
1103839DCHECK failure in pc_ <= end_ in decoder.h-2020-10-27
1104061UAF in sctp_transport$7,5002020-10-27
1106773Security: Use-after-free in USB::OnServiceConnectionError-2020-10-27
1102151Security: heap-use-after-free in AllowFrom$5,0002020-10-26
1104053v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc-2020-10-26
1105283Heap-use-after-free in blink::NGPhysicalFragment::PostLayout-2020-10-26
1076923vtest_fuzzer: Crash in try_setup_line-2020-10-25
1105198Heap-use-after-free in blink::LayoutObject::OutlineRects-2020-10-25
1100669Security: missing WDS fix-2020-10-24
1104322dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-24
1105635Security: use-after-poison when using CSS var() with revert as fallback-2020-10-24
1105723Security: heap-buffer-overflow in Skia-2020-10-24
1106285v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-10-24
1077761Security: TOCTOU race in cupsd.conf init script-2020-10-23
1015310Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs-2020-10-22
1086896CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1087362CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1101152pdfium_embeddertests triggers a use-after-poison in V8-2020-10-22
1101756CrOS: Vulnerability reported in dev-db/sqlite-2020-10-22
1104103Security: Insufficient data validation in deserialize TransformStream$7,5002020-10-22
1105815DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h-2020-10-22
1106357Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size-2020-10-22
958521gstoraster: Use-of-uninitialized-value in register_x86_crypto-2020-10-21
1104608Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access$5,0002020-10-20
1067854Chromium: Vulnerability reported in third_party/binutils-2020-10-19
1103195Security: HeapOverflow in BackgroundFetch$15,0002020-10-19
1104528Heap-use-after-free in ui::LayerAnimator::OnScheduled-2020-10-19
1104533Security DCHECK failure: i < length() in string_view.h$6,0002020-10-19
1099568Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable-2020-10-16
1102860cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2020-10-16
1082717CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel-2020-10-15
1101304DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h-2020-10-15
1102408Heap-use-after-free in blink::LayoutBox::FindAutoscrollable-2020-10-15
1103557Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-15
1094699CrOS: Vulnerability reported in sys-libs/glibc-2020-10-14
1097308cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create-2020-10-14
1100247Security: Potential UAF in AndroidCdmFactory-2020-10-14
1101818Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved$6,0002020-10-14
1102083Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc$6,0002020-10-14
1102127dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-10-14
1102137Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h-2020-10-14
1102161CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-10-14
1102609Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed-2020-10-14
1105202Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123)$1,0002020-10-13
1101883Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc-2020-10-12
1102054Disable (or fix) YUV image decoding before M86 due to use after free-2020-10-10
1096677WebView: Cross-domain content can be fetched from resources loaded by the content scheme-2020-10-09
1101629v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h-2020-10-09
1076786Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer-2020-10-08
1091790dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2020-10-08
1096170dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-10-08
1029907Security: URL bar spoofing with prompt dialog on iOS$5002020-10-07
1030927Site Isolation Bypass: ClientHints doesn't properly check origin from renderer-2020-10-07
1094453Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal()-2020-10-07
1095560Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted$5,0002020-10-07
1097484Use-of-uninitialized-value in base::internal::WeakReference::IsValid-2020-10-07
1099621dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer-2020-10-07
1099945Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture-2020-10-07
1099990Security: pdfium heap-buffer-overflow with experimental skia back end-2020-10-07
1100900Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine-2020-10-07
1101079Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr-2020-10-07
1100079Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout-2020-10-05
1094235uaf in extensions$5,0002020-10-03
1094655Heap-buffer-overflow in vk::Image::copy-2020-10-03
1098179Use-of-uninitialized-value in send_delete_event-2020-10-03
1099974Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2020-10-03
1094644gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so-2020-10-02
1098606WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent.-2020-10-02
1099446Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function$2,0002020-10-02
1010756Crash in sw::Renderer::executeTask-2020-10-01
1090543heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed-2020-09-30
1097483Heap-buffer-overflow in sw::Blitter::fastClear-2020-09-30
1092449Cross-domain content can be fetched from resources loaded by the content scheme$20,0002020-09-29
1096002Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers-2020-09-29
1097442v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h-2020-09-29
1097467v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate-2020-09-29
1097595Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc-2020-09-29
1098243CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel-2020-09-29
1084699[WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue-2020-09-28
1097416Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult>-2020-09-27
1017558pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder-2020-09-26
1037980pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray-2020-09-26
1058716pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2020-09-26
967204Security: dangling markup protection bypass with <portal> element$5002020-09-25
997412Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA)-2020-09-25
1082755Heap UaF in TabStrip::CloseTab$5,0002020-09-25
1086009Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8$5002020-09-25
1086845Security: Blob ignores charset specified in type attribute$1,0002020-09-25
1087282XSS in interstitial_common.js leading to UXSS-2020-09-25
1088187Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason-2020-09-25
1090835Security: Full screen notification overlap on Windows and Linux (take two)$5002020-09-25
1093719Container-overflow in content::responsiveness::Watcher::DidRunTask-2020-09-25
1094363Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset-2020-09-25
1094442Background tab can launch PWA or play store page when interacting with any page.-2020-09-25
1095709Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void-2020-09-25
1095760Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void-2020-09-25
1095927Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio-2020-09-25
1096079Heap-use-after-free in blink::ImageResourceContent::NotifyObservers-2020-09-25
1097028CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel-2020-09-25
1092451Multiple-file download restrictions can be bypassed using Android intents$5002020-09-23
1076703Security: WebRTC: usrsctp is called with pointer as network address-2020-09-22
1095102Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc-2020-09-22
1095589CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel-2020-09-22
1072841heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer-2020-09-21
1092059v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm.-2020-09-21
995732Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit)-2020-09-18
1090519Security: Missing microcode for some Intel platforms-2020-09-18
1092308uaf in extensions$20,0002020-09-18
1093902paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte-2020-09-18
1086796Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg$7,5002020-09-17
1087921gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER-2020-09-17
1083128Security: Out-of-bounds write browser crash$5,0002020-09-16
1092274Security: global-buffer-overflow in bytesPerVertex$1,0002020-09-16
1084820DCHECK failure in value.IsHeapObject() in objects-debug.cc$5,0002020-09-15
1091461DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc-2020-09-15
1092553Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8:-2020-09-15
967202Security: bypass file download restrictions using <portal> element-2020-09-14
1083213CrOS: Vulnerability reported in net-vpn/openvpn-2020-09-14
1090173Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf-2020-09-14
1091670Security: heap-buffer-overflow in sk_careful_memcpy-2020-09-14
1091404Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092$2,0002020-09-12
1065264No validation of origin in initializing CDM-2020-09-11
1082716CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1087158Crash in FidoDiscoveryFactory::ResetRequestState()-2020-09-11
1091180heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions-2020-09-11
1091214CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel-2020-09-11
1039062CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1083819Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target$15,0002020-09-10
1091213CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel-2020-09-10
1080953CrOS: Vulnerability reported in net-nds/openldap-2020-09-09
980116Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray$3,0002020-09-08
980172Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView$2,0002020-09-08
1080622CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1082186CrOS: Vulnerability reported in net-fs/samba-2020-09-08
1087968heap-use-after-free in adhd in asan builds-2020-09-08
1085507v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc-2020-09-06
1086890Security: Missing array size check in NewFixedArray-2020-09-06
1081350Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*)$15,0002020-09-05
1085718Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame-2020-09-05
1087629Upgrade SQLite to 3.32.1-2020-09-05
921015Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator-2020-09-04
1033897Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function-2020-09-04
1067382Security: Sandbox escape via chrome.input.ime$5,0002020-09-04
1072116Security: Possible for extensions to escape sandbox via devtools watch expressions$10,0002020-09-04
1080481Security: Skia: Integer Overflow in GrTextBlob::Make-2020-09-04
1081040gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8-2020-09-04
1085989pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator-2020-09-04
1086124Security: UAF in ChromeOS Login$5,0002020-09-04
1086798V8 Potential Use after free in the function ToPropertyDescriptorFastPath-2020-09-04
944944Infra: Outdated set of root certificates-2020-09-02
1072467Security: arc-setup to be more cautious when moving android data directories-2020-09-02
1075457Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default-2020-09-02
1084839Heap-use-after-free in blink::PaintLayer::~PaintLayer-2020-09-02
1086470CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin-2020-09-02
1052093Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist-2020-09-01
1080444v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h-2020-09-01
1085704gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES-2020-09-01
1085846gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES-2020-09-01
1085990Security: Browser_crash - heap-use-after-free in Payments API-2020-09-01
1056754Security: Browsable Activities expose insecure behaviors on Android-2020-08-28
1074317Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script>$5,0002020-08-28
1084151v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc-2020-08-28
1085315URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C)-2020-08-28
1085738CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel-2020-08-28
1082105uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest$20,0002020-08-26
1083793Crash in v8::Isolate::GetCurrentContext-2020-08-26
932892Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field$1,0002020-08-25
999310Security: OOB Access in V8$10,0002020-08-24
1016261Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN-2020-08-24
1083157Crash in blink::ReadExifDirectory-2020-08-24
1078375Heap-use-after-free in gl::State::reset-2020-08-23
795595Security: chrome.devtools.inspectedWindow.eval executes within privileged pages$2,0002020-08-22
1082990CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc-2020-08-22
1083525CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp-2020-08-22
1065122heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor-2020-08-21
1067869Chromium: Vulnerability reported in third_party/guava-2020-08-21
1077200CrOS: Vulnerability reported in dev-vcs/git-2020-08-21
1080616CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080618CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1080951CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1081086Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren-2020-08-21
1081722Security: memcpy-param-overlap in AudioBuffer::copyFromChannel-2020-08-21
1082597pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus$7,5002020-08-21
1082727Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct-2020-08-21
1083210CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083211CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083212CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel-2020-08-21
1083250CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc-2020-08-21
999311Security: Use after free in MojoCdmService$30,0002020-08-20
1052492Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer-2020-08-18
1074340Security: javascript URI sandbox flags aren't propagated in a blank string case$1,0002020-08-17
1079449v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2020-08-17
1081081Security: URL spoofing using slow page loading on iOS$5002020-08-17
1073015Security: UAF in DistillerJavaScriptService (Android)$20,0002020-08-15
1077491Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues$3,0002020-08-15
1079398gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler-2020-08-15
1080936Container-overflow in base::internal::Invoker<base::internal::BindState<void-2020-08-15
1080950CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel-2020-08-15
1066731Security: Wrong account password captured-2020-08-14
1072165libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace-2020-08-14
1075496Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout-2020-08-14
1077203Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX-2020-08-14
1077301Security: SELinux/netlink missing access check-2020-08-14
1077477mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-08-14
1077531Security: ChromeOS shill breakout and privilege escalation to root$30,0002020-08-14
1077754Security: cmd injection into pppd config-2020-08-14
1077780Security: run_oci will execute hooks from config.json on writable file systems-2020-08-14
1078236Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation$6,0002020-08-14
1078336CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1078671Security: UAF in CaptionHostImpl$20,0002020-08-14
1078865trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1078867cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts-2020-08-14
1078913DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc-2020-08-14
1079066DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc-2020-08-14
1080447trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256-2020-08-14
1080617CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080620CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel-2020-08-14
1080621CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel-2020-08-14
946156Security: Chrome (Mac OS X) - Arbitrary File Permission Modification$5002020-08-12
1077501Segv on unknown address in blink::StyleCascade::ApplyInterpolation-2020-08-12
1078399v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2020-08-12
1050003CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel-2020-08-11
1071311Security: OOB Write In SkBitSet::set-2020-08-11
1071729Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com)-2020-08-11
1076708OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor$7,5002020-08-11
1072474Security: cros_disks sshfs allows injection of symlinks-2020-08-10
1001870gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group-2020-08-07
1036706gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new-2020-08-07
1076030hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-08-07
1065731audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header-2020-08-06
1070066Security: Displaying a page action popup from the omnibox prevents an infobar from displaying$5002020-08-06
1075719v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable-2020-08-06
1076442DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h-2020-08-06
1029569sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0$3,0002020-08-05
1072233Security: ChromeOS root privilege escalation and persistence$45,0002020-08-05
1072276login_manager command execution via policy-injected flags-2020-08-05
1073602SCTP stack buffer overflow from malicious AUTH chunks-2020-08-05
1074586DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2020-08-05
1074706uaf in TabSharingInfoBarDelegate$15,0002020-08-05
1074655Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity-2020-08-05
1075953DCHECK failure in *available != 0 in assembler-arm.cc-2020-08-05
1007343vtest_fuzzer: Crash in try_setup_line-2020-08-04
1069246iOS: Omnibox doesn't display blob: origin for long URL$1,5002020-08-04
1069964Security: Check failed: receiver.IsJSFunction().-2020-08-04
1070094ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1070480Security: use-of-uninitialized-value in sse2::lowp::gather-2020-08-04
1072253Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos$30,0002020-08-04
1072470Security: cups shouldn't be running with gid=0-2020-08-04
1074532minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process-2020-08-04
1075777ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev-2020-08-04
1075952ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std-2020-08-04
1073553Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1>-2020-08-03
1074621DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h-2020-08-03
843095Chrome Url Spoofing via Interstitial content overwrite$2,0002020-08-01
978779Chromium uses expired certificate for Baltimore CyberTrust-2020-08-01
1074190net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata-2020-08-01
961644Heap-buffer-overflow in courgette::Read32LittleEndian-2020-07-31
1073981DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-07-31
1073409XSS on chrome://histograms/ with a compromised renderer-2020-07-30
985551Crash in sw::Thread::Thread-2020-07-29
1057441sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode-2020-07-29
1072171Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax$7,5002020-07-29
1072885Security: arcvm-server-proxy command injection-2020-07-29
1072983use-after-free in BlobRegistryImpl(browser process)$20,0002020-07-29
1073263DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc-2020-07-29
1064676full CSP bypass while evaluating a javascript-URL in iframe.$3,0002020-07-29
634183Malformed CSP is not reported in the console and protection is disabled.-2020-07-28
1071059Security: Blink - Type Confusion with Custom Element$7,5002020-07-28
873178Security: Chrome allows setting arbitrary HTTP headers-2020-07-28
633348CSP can be abused to disclose line/column numbers across origins-2020-07-27
992698Security: Bypass the CSP when popup with "javascript:"-URL$5002020-07-27
1072115v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode-2020-07-27
1016278Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand-2020-07-25
1042986iframe in victim page can detect Scroll To Text Fragment activation-2020-07-25
1071711v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h-2020-07-25
986051Security: Use-after-free of CommandLineAPIScope object$3,0002020-07-24
1070609Security: UAF in the blink.mojom.SmsReceiverPtr interface$10,0002020-07-24
1071454Security DCHECK failure: IsA<Derived>(from) in casting.h$6,0002020-07-24
1025302Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes-2020-07-23
1040490CrOS: Vulnerability reported in net-dns/dnsmasq-2020-07-23
1049040dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init-2020-07-23
1062861heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry-2020-07-23
1063690Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing$5002020-07-23
1064891use after free in mojom::ClipboardHost$10,0002020-07-23
1068084Security: Use after free in WebRTC$7,5002020-07-23
1068531Security: Character “⠀” (U+2800) should be converted into code.$5002020-07-23
1068609dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2020-07-23
1069079dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-23
1069757CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel-2020-07-23
1070012Chromium: Vulnerability reported in third_party/sqlite-2020-07-23
1070199[wasm] Disable native module cache to fix stability issue on M-81-2020-07-23
967925Security: BLE Hijacking with Smart Unlock/Magic Tether-2020-07-21
1069700Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot$5,0002020-07-21
1069789Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown$7,5002020-07-21
1070054Security: input audio html5 tag makes chrome ios crashes-2020-07-21
1065298UAF in base::SupportsUserData::SetUserData$20,0002020-07-18
1068542CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel-2020-07-18
1055933heap-use-after-free : ProfileIOData::FromResourceContext-2020-07-16
1064519Security: DevTools doesn't fully validate channel messages it receives$3,0002020-07-16
1068395Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost-2020-07-16
1067851Security: UAF in Speech Recognizer$25,0002020-07-15
1068466dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus-2020-07-15
840361Security: mount-encrypted may leak stateful encryption key across dev mode transition-2020-07-14
1016543Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo-2020-07-14
1053939V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt-2020-07-14
1057461dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback-2020-07-14
1068509CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc-2020-07-14
1055583dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2020-07-13
1061687dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl-2020-07-13
1067980Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-13
1010770Crash in hsw::lowp::gather_NUMBER-2020-07-12
1055746Security: CVE-2020-2732: Nested VMX vulnerability-2020-07-12
1059577Security: Possible to escape sandbox via devtools_page$3,0002020-07-11
1060023Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239-2020-07-10
1065186UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture$5,0002020-07-10
1065761Security: Copy & paste XSS via noscript$5,0002020-07-10
981114Security: BT Classic Pairing Hijack-2020-07-08
1059955dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2020-07-08
1061933aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion-2020-07-08
1061235Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor-2020-07-07
1064429Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar-2020-07-07
1065704Security: UAF in WebSocket Network Service$20,0002020-07-07
1065772ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator()-2020-07-07
1058895Security: Slow Read HTTP Attack$5002020-07-06
1040755Security: Another "universal" XSS via copy&paste$2,0002020-07-03
1062868heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount-2020-07-03
1064898Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput-2020-07-03
978632heap-use-after-free : sctp_release_pr_sctp_chunk-2020-07-02
990581Security: Security: CSP does not propagate to blob: URIs$5002020-07-02
1060559[Web NFC] Block YubiKeys-2020-07-02
1061682Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-07-02
1019161UAF In ProcessManager$7,5002020-07-01
1064112Segv on unknown address in blink::Internals::getAgentId-2020-07-01
1067270Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044)$5,0002020-07-01
1063177Declarative Net Request: Potential use after free while reindexing rulesets.-2020-06-30
1054229media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec-2020-06-28
1059764Security: container-overflow in MediaStream mojo-2020-06-26
1060549Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA)$7,5002020-06-26
1062247Incomplete fix of 1055788 and 1057627-2020-06-26
1032531CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1034223CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1035370CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1037730Security: Full screen notification overlap on Windows and Linux$5002020-06-25
1038580CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1038884CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040055CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1040488CrOS: Vulnerability reported in dev-db/sqlite-2020-06-25
1052647Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate)-2020-06-24
1061878dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy-2020-06-24
1059533use-after-free in web_graphics_context_3d_provider_wrapper$2,0002020-06-23
933171Trusted Types bypass with blob and meta refresh-2020-06-20
933172Trusted Type bypass with SVG-2020-06-20
1004106Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs$7,5002020-06-20
1020026Security: 'Press Esc to exit fullscreen' covered up by a popup page$1,0002020-06-20
1030901Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer-2020-06-20
1042210Security: fullscreen notification spoof (repro issue 882812)$5002020-06-20
1045787Security: ChromeDriver is vulnerable to CSRF attack-2020-06-20
1055303Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange-2020-06-20
1059669Out-of-bounds read in WebSQL$3,0002020-06-20
1059686UaF in DeferredTaskHandler::BreakConnections(2)-2020-06-20
1060548CrOS: Vulnerability reported in app-arch/libarchive-2020-06-20
1060647Security: WebRTC certificate parsing-2020-06-20
1061018UaF in DeferredTaskHandler::ProcessAutomaticPullNodes-2020-06-20
1061154gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo-2020-06-20
1061231net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime-2020-06-20
1061389gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl-2020-06-20
1058515Chrome fetches DevTools stuff using insecure http protocol-2020-06-16
1059349Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init-2020-06-16
1059472v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2020-06-16
1030909Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer-2020-06-15
1046021CrOS: Vulnerability reported in media-libs/opencv-2020-06-15
1055524Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated-2020-06-15
1056222MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF-2020-06-15
785159Wrong origin shown for permission prompts after navigations that lead to interstitials$5002020-06-13
1054966Policy page opens a file dialogue even if the Allow​File​Selection​Dialogs policy is set to false$5002020-06-13
1059187Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable-2020-06-13
1057418skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y-2020-06-12
1058653Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA)$5,0002020-06-12
1054732Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole-2020-06-10
1055869Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText$5,0002020-06-10
1057593UaF in DeferredTaskHandler::BreakConnections-2020-06-10
1057627UaP in AudioScheduledSourceHandler::NotifyEnded-2020-06-10
1038527cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free-2020-06-09
1054260heap-use-after-free : content::FileChooserImpl::~FileChooserImpl-2020-06-09
1057309use-after-move in BinaryUploadService::UploadForDeepScanning-2020-06-09
1057369Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision-2020-06-09
1055131Crash in Builtins_ArgumentsAdaptorTrampoline-2020-06-07
1056273Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject-2020-06-06
1056154Chromium: Vulnerability reported in third_party/sqlite-2020-06-05
1056440Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider-2020-06-05
986108Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState$1,0002020-06-04
1035315iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions$1,0002020-06-04
1055788UaP in IIRFilterHandler::Process-2020-06-04
1056152CrOS: Vulnerability reported in app-arch/libarchive-2020-06-04
1056153CrOS: Vulnerability reported in dev-libs/libpcre2-2020-06-04
965611Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open$1,0002020-06-03
976767Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget-2020-06-03
1034519Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost-2020-06-03
1041406UAF in chrome!content::FrameTreeNode::~FrameTreeNode$20,0002020-06-03
1054466v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h-2020-06-03
1055124Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055142Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-03
1055223Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing-2020-06-03
1055338Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue-2020-06-03
1055692v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push-2020-06-03
1056044ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads-2020-06-03
949913Use-after-free in CXFA_FFComboBox::OnProcessEvent$3,0002020-06-02
1054765Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute-2020-06-02
1055128Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian-2020-06-02
1055221Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-06-02
1055393UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode$20,0002020-06-02
1055713Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily-2020-06-02
1054139gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect-2020-05-30
982193Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent$5,0002020-05-29
1026991pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget$5,0002020-05-29
1045803rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo-2020-05-29
1047838Missing browser-process permission checks for WebNFC-2020-05-29
1050046ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))-2020-05-29
1054733Use-after-poison in blink::LayoutObject::ViewRect-2020-05-29
1054785Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument-2020-05-29
990897Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus$7,5002020-05-28
1031152cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le-2020-05-28
1031153cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create-2020-05-28
1040329heap use-after-free in CFDE_TextEditEngine::Insert$7,5002020-05-28
1051748Use-after-poison in WebGLRenderingContextBase$8,5002020-05-28
1052651Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar$7,5002020-05-28
1052786Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData$7,5002020-05-28
1053617Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA)$7,5002020-05-28
1054429Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA)-2020-05-28
453937Cross origin access with exception object + full exploit$25,6332020-05-27
583431Universal XSS in DocumentLoader::createWriterFor + full-chain exploit$25,6332020-05-27
1041749Security: tel: protocal spoofing 2$5002020-05-27
1050996Security: MediaElementAudioSourceNode bypasses CORS checks$1,0002020-05-27
1051017Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi-2020-05-27
1042566Security: Use After Free in Deserializer::DeserializeDeferredObjects-2020-05-26
1051368navigator.sendBeacon doesn't make CORS preflight request-2020-05-26
1051439Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS-2020-05-26
1034023Check Raw Clipboard permission and feature flag browser-side-2020-05-24
1041330Security: use-of-uninitialized-value in containsNoEmptyCheck-2020-05-24
1040046Security: Investigate "Zero length" BIOS write protect range UMA reports-2020-05-24
1045931Security: General check for streams not checking states correctly-2020-05-24
1048555Use after free in CodeSerializer::Deserialize$5002020-05-24
1050011Security: URL Spoof in Android PageInfo-2020-05-24
1051075libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String-2020-05-24
1051564libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::-2020-05-24
1051912DCHECK failure in 1 == map_.count(key) in wasm-engine.cc-2020-05-24
1052442Windows: Potential UaF In Job Object Notification.-2020-05-24
1052576CHECK failure: locale__value.IsString() in class-verifiers-tq.cc-2020-05-24
995566Heap-use-after-free in ChromePasswordManagerClient::OnPaste-2020-05-21
1048038Use after free in Logger::MapEvent$5002020-05-21
1003501PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent$6,0002020-05-20
1044277Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame$5002020-05-20
1049510Unexpected reveal of service worker interception by using nextHopProtocol$2,0002020-05-20
1050419Security: Use-after-poison in AudioWorkletNode$7,5002020-05-20
1051462CrOS: Vulnerability reported in app-text/poppler-2020-05-20
1049581Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0)-2020-05-19
1050756Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access$5002020-05-19
1033972Segv on unknown address in views::FocusSearch::FindNextFocusableView-2020-05-16
1050090Fix security vulnerability in PaintController on subsequence under-invalidation-2020-05-16
925834Security: seneschal allows bind-mounting arbitrary paths into 9p subtree-2020-05-15
1043603use-after-poison in mojo::MessageDispatcher$5,0002020-05-15
1048473Use-after-destroy in WebAudio$7,5002020-05-15
1049129rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul>-2020-05-15
998514Security: buffer overflow in modprobe-2020-05-14
1036373CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1036376CrOS: Vulnerability reported in dev-libs/openssl-2020-05-14
1044570Security: SEGV_MAPERR with Intl.ListFormat and long strings$5,0002020-05-14
1047942CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel-2020-05-14
1031670☂ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts")-2020-05-13
1045386CrOS: Vulnerability reported in sys-fs/e2fsprogs-2020-05-13
1047911rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo-2020-05-13
1047914pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems$1,0002020-05-13
1047932rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-13
1048005rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject-2020-05-13
1048013rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-13
1048024rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate-2020-05-13
1032158Security of some component extensions relies on untrustworthy MessageSender.id-2020-05-12
1040700heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew-2020-05-12
1047285Security of media-router built-in extension relies on untrustworthy MessageSender.id-2020-05-12
1048241v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-12
966507Possible Sec-Fetch-Site bypass via PaymentRequest-2020-05-11
1046019CrOS: Vulnerability reported in app-arch/libarchive-2020-05-11
639322Automation API leaks tab URLs$5002020-05-09
1010844CXFA_FFPageView Use After Free$5,0002020-05-09
1041190CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1042915pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect$1,0002020-05-09
1043965Security: Possible to navigate to extension resources not listed in web_accessible_resources$1,0002020-05-09
1045225v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg-2020-05-09
1045487rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs-2020-05-09
1045738sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64-2020-05-09
1046995rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader-2020-05-09
1047024rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047054heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner-2020-05-09
1047095rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate-2020-05-09
1047097PDFium: Apply fix for CVE-2020-8112-2020-05-09
1047156CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel-2020-05-09
1047165rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9-2020-05-09
1047264rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor-2020-05-09
1047355Crash in v8::internal::StringHasher::HashSequentialString<char>-2020-05-09
1047368DCHECK failure in name->IsFlat() in factory.cc-2020-05-09
851302UI/URL Spoofing by opening popups and putting the background page into fullscreen$3,0002020-05-07
852645requestFullscreen should consume user activation to prevent UI/URL spoofing$1,0002020-05-07
977872pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert-2020-05-07
1047074DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_-2020-05-07
1006012Security: URL bar spoofing on iOS$5002020-05-06
1034225CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1034228CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1043443CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-05-06
1044331Use-after-poison in blink::SecurityContextInit::SecurityContextInit-2020-05-06
1045812Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets-2020-05-06
1045797Use-of-uninitialized-value in v8::internal::JSFunction::ToString-2020-05-06
1045874Security: OOB access in ReadableStream::Close-2020-05-06
1046026vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch-2020-05-06
1046098Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership-2020-05-06
1046321CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel-2020-05-06
1045703transfer_cache_fuzzer: Crash in GrConvertPixels-2020-05-03
1045719gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16>-2020-05-03
1045721gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16-2020-05-03
1045722gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-05-03
1045723transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy-2020-05-03
1045757gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer<-2020-05-03
1043070CrOS: Vulnerability reported in dev-db/sqlite-2020-05-02
1043095dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor-2020-05-02
868145Security: Loading mixed content without insecure warning$5002020-05-01
1033824Security: Unquoted Path in user Chrome Updater registry key-2020-05-01
1035271Security: 3D CSS transform and drop-shadow can draw over address bar$3,0002020-05-01
1045388CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel-2020-05-01
1035399Security: Site Isolation bypass in BlobURLStoreImpl::Register-2020-04-30
1041828Potential UaF in NavigationPredicator-2020-04-30
1042091Warn Chrome on downloads of for all .HTA files-2020-04-30
1042145Null-dereference READ in sqlite3VdbeExec-2020-04-30
1042578Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results)-2020-04-30
1042700Security: SQLite CVE-2019-19926$5002020-04-30
1042879Security: Data race in AudioArray::Allocate can lead to OOB access-2020-04-30
1042956pdfium (XFA): UAF in CXFA_Node::HasFlag$5,0002020-04-30
1043508pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList$5,0002020-04-30
1043510pdfium (XFA): wild-addr-read in GetWordBreakProperty$7,5002020-04-30
1044379Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup-2020-04-30
1031479Security: Debug check failed: has_feedback_vector()$2,0002020-04-28
1041222Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-28
1042535Security: webrtc: out-of-bounds write in FEC extension processing-2020-04-28
1042933Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension-2020-04-28
1039241Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically-2020-04-27
1043530Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea-2020-04-27
1025521Security: <portal>s with an autofocus element get focus$5002020-04-24
1029437pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap$5,0002020-04-24
1041411heap-buffer-overflow in HRTFKernel$5002020-04-24
1041546Security: linux shell has all inheritable capabilities set by default-2020-04-24
1042254Security: More UaFs in WebAudio-2020-04-24
1029829gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit-2020-04-23
1030167Crash in v8::internal::Simulator::LoadStorePairHelper-2020-04-23
1038828Heap-use-after-free in net::URLRequestContext::CreateRequest-2020-04-23
1039470Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants-2020-04-23
1039869Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards$5,0002020-04-23
1040883Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed-2020-04-23
1041174Heap-use-after-free in views::NativeWidgetAura::Close-2020-04-23
1031909SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline)$2,0002020-04-21
1033771Security: Debug check failed: is_valid(value).-2020-04-21
1034695third_party/sqlite version 3.30.1 is vulnerable-2020-04-21
1037889From secure page it is navigating to insecure page.$1,0002020-04-21
1038036Security: Cross-Origin (Partial) Status Code Leakage$1,0002020-04-21
1040325CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc$2,0002020-04-21
1040489CrOS: Vulnerability reported in app-editors/vim-2020-04-21
1041210CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc-2020-04-21
1041240DCHECK failure in 0 <= length in factory.cc-2020-04-21
1041303pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget$5002020-04-21
1041616DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac-2020-04-21
1062091Security: UAF in InstalledAppProviderImpl (Desktop)$25,0002020-04-20
894477Security: Extensions can continue to temporarily execute code and access file after being uninstalled$5002020-04-18
997515Security: Use-after-free in CXFA_FFDocView::SetFocus$5,0002020-04-18
1018677Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort$5,0002020-04-18
1020745Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118$5002020-04-18
1031679Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin-2020-04-18
1030415DCHECK failure in !HasOptimizedCode() in js-objects.cc-2020-04-18
1032677Crash in v8::internal::Isolate::GetCodeTracer-2020-04-18
1033461sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator-2020-04-18
1037703Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame-2020-04-18
1036667Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2020-04-18
1037872Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo-2020-04-18
1038243Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr-2020-04-18
1038489pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object-2020-04-18
1038863Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925-2020-04-18
1039059CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel-2020-04-18
1039159mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-18
1040080Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution$5002020-04-18
1040403DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040444DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO-2020-04-18
1040493CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel-2020-04-18
633352Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically.$1,0002020-04-15
803365Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site$2,0002020-04-15
959194Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse-2020-04-15
995081Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus$5,0002020-04-15
1029865heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder-2020-04-15
1038019Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost-2020-04-15
1038178Security: Missing deoptimization information for OptimizedFrame::Summarize-2020-04-15
1039629Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged$7,5002020-04-15
710190Security: Reloading the content of a changed file-2020-04-14
809350Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache-2020-04-14
991217Security: Memory access violations when setting a breakpoint at a specific location-2020-04-14
991899Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus$7,5002020-04-14
1014371Security: iframe sandbox can be worked around via javascript: links and window.opener$3,0002020-04-14
1035464Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run-2020-04-14
1021871cras_rclient_message_fuzzer: Null-dereference READ in pthread_create-2020-04-13
1031697AutofillAssistantFacade.callerIsOnWhitelist() is not secure-2020-04-13
609527Make sure active mixed content and broken-https subresources do something reasonable on weird origins-2020-04-11
1034299media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-04-11
1034480CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid-2020-04-11
1030411JavaScript injection via malicious WebExtension in CWS$5,0002020-04-10
1030892Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer-2020-04-10
1033795UAF in blink::PaintLayer::CommonAncestor$5,0002020-04-10
1035058Security: Autocomplete preview text leak #4: using ::first-line pseudo-element$5,0002020-04-10
1036697CrOS: Vulnerability reported in dev-db/sqlite-2020-04-09
1031142Security: ☂ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-04-08
999114CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel-2020-04-07
999115CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel-2020-04-07
1034563Heap-use-after-free in views::BoundsAnimator::AnimationProgressed-2020-04-07
1036604CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel-2020-03-30
714617Security: chrome.tabs.executeScript can reveal Chrome's profile path$5002020-03-28
1035779Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal-2020-03-28
639173ignored TLS errors propagate from webview to main browser$5002020-03-27
959571Security: Mixed content state reset when navigating back$5002020-03-27
1033407Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent$2,0002020-03-27
1035371Chromium: Two Vulnerabilities reported in sqlite 3.30.1-2020-03-27
571546Security: Prompt boxes steal focus in popups-2020-03-26
1025700CrOS: Vulnerability reported in media-libs/tiff-2020-03-26
1028722sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint$3,0002020-03-26
1029002sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty-2020-03-26
1029027sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint-2020-03-26
1029210sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2020-03-26
1029506sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop-2020-03-26
1031112CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1032170Use browser-side URL to verify if extension messaging connection is allowed-2020-03-26
1033395Security:Wrong assumption lead to Use After Free in deserializer.cc$5002020-03-26
1034745Security: QuicStreamFactory incorrectly installs NullDecrypter-2020-03-26
1035331DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h-2020-03-26
1035373CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel-2020-03-26
1035723Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay-2020-03-26
1032090pdfium: use-of-uninitialized-value in CRYPT_AESSetKey$2,0002020-03-24
1033841Security: Debug check failed: IsNumber().-2020-03-23
1034394A null pointer dereference has been discovered in V8 compiler which affects the latest version.$5,0002020-03-23
1015693net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody-2020-03-21
1032422Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent$5,0002020-03-21
1033974DCHECK failure in 0 <= at_least_space_for in objects.cc-2020-03-21
1034167DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc-2020-03-21
1023810use-after-poison in webaudio$10,0002020-03-20
1029462use-after-free in AudioWorklet$7,5002020-03-20
1029530CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen-2020-03-20
1032548Security: heap-buffer-overflow in AudioDelayDSPKernel::Process-2020-03-20
1033260Heap-use-after-free in net::VerifyWithGivenFlags-2020-03-20
1026546Security: Steal any local picture when open a local html file$1,0002020-03-19
1029375Security: extensions with downloads.open permission can execute code on the device using .fileloc files$5002020-03-19
1031895Security: ReadableStream::pipeTo do not check IsLockedStream-2020-03-19
1032054Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment)-2020-03-19
1032906Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence-2020-03-19
1033092mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-19
1013906Security: expose stored (in cache) cross-site response's size$5002020-03-18
1029612audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals-2020-03-18
1030381Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-18
1031653Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed-2020-03-18
1019732Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process-2020-03-17
1032534CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel-2020-03-17
922882Security: Possible load of unitialized memory in WebRtcAec_Create-2020-03-16
1022044cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString-2020-03-14
1029054cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc-2020-03-14
1030660CrOS: Vulnerability reported in net-analyzer/tcpdump-2020-03-14
1031102CrOS: Vulnerability reported in app-arch/libarchive-2020-03-14
1031523pdfium (XFA): oob read in HTMLSTR2Code$2,5002020-03-14
875503Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction$5002020-03-13
968303heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle-2020-03-13
1027408Security: tel: URL scheme reference origin spoof on Windows and Linux$2,0002020-03-12
1029414Security: The sharing dialog can appear over the wrong tab (spoof)$2,0002020-03-12
1030583Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword$5002020-03-12
1030912v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long>-2020-03-12
1029565pdfium (XFA): oob read in EncodeXML$2,0002020-03-11
1029576Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount().-2020-03-11
1029617gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-11
1018629Use-of-uninitialized-value in SkPngEncoder::onEncodeRows-2020-03-10
1025470Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read)-2020-03-10
1025471Security: Negative size passed to memcpy() in fts3IncrmergePush-2020-03-10
1025472Security: Memory leak in fts4, matchinfo()-2020-03-10
1027426Security: UaF in BrowserTabStripController::AddNewTabInGroup()-2020-03-10
1028152Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex$3,0002020-03-10
1028208DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc-2020-03-10
1029338DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-10
1025463Security: TFC2019 - Multiple issues in sqlite (Tracking Bug)-2020-03-09
1028863v8: Wrong JIT code that triggers SIGTRAP at runtime$5,0002020-03-09
1029129Crash in cc::LayerTreeImpl::TotalScrollOffset-2020-03-09
1026911gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-03-07
1027065gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-03-07
1027470gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-03-07
1023807Update WHL microcode to enable kernel TAA mitigations-2020-03-06
1025489use-after-poison in base::internal::WeakReferenceOwner::Invalidate()$5,0002020-03-06
1028862Trap in Builtins_InterpreterEntryTrampoline$5,0002020-03-06
1017871Security: Injecting styles via copy-and-paste$10,0002020-03-05
1021431Heap-use-after-free in content::GpuBenchmarking::Freeze-2020-03-05
1022278render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText-2020-03-05
1023843CVE-2019-2201: libjpeg-turbo: code execution-2020-03-05
1024182Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155)-2020-03-05
1028172agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio-2020-03-05
1029174DCHECK failure in *result == *match_info in js-regexp.cc-2020-03-05
1029200Crash in v8::internal::OrderedHashSet::ConvertToKeysArray-2020-03-05
708595Security: Print Preview allows spoofing on other tab$5002020-03-04
1026994Security: EC host commands leaking stack to AP userspace-2020-03-04
1027025DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed-2020-03-04
1027176Check feature policy for payment in the browser.-2020-03-04
1028809audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16-2020-03-04
1028614audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write-2020-03-04
990428Tighten IDN policy for Kana + Latin domains-2020-03-03
1016506heap-buffer-overflow : WebRtcSpl_DownsampleFastC-2020-03-03
1023095zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan-2020-03-03
1023183zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-03-03
1025255hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-03-03
1025464Security: SQLite defense-in-depth bypass-2020-03-03
1025465Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext-2020-03-03
1025466Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad-2020-03-03
1026729DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h-2020-03-03
1026909DCHECK failure in name.IsUniqueName() in stub-cache.cc-2020-03-03
1027109DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc-2020-03-03
1027498CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc-2020-03-03
1027926Security: v8 Debug check failed: ResumeJumpTargetsAreValid().-2020-03-03
1028092agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain-2020-03-03
1028181DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc-2020-03-03
1028191CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2020-03-03
1028207Security: Debug check failed: !Heap::InYoungGeneration(name)-2020-03-03
1028396CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o-2020-03-03
1028475DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc-2020-03-03
968809Security: Clear rollback info from FPMCU stack when accessed-2020-02-29
1026918pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData$2,0002020-02-29
1027410DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h-2020-02-29
1027650net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode-2020-02-29
1027707transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy-2020-02-29
1021677Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2020-02-28
1024741transfer_cache_fuzzer: Crash in SkRectMemcpy-2020-02-28
1025209net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode-2020-02-28
10254672 Vulnerabilities in websql & sqlite (Tracking Bug)$2,0002020-02-28
1025911transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels-2020-02-28
1026354gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-28
1027152Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted-2020-02-28
1027292Security: import maps are executed as classic scripts when the import map's flag is disabled-2020-02-28
884693Security: IDN URL Spoofing with using "ы"$5002020-02-27
896453Domain spoof using unicode characters that look like numbers-2020-02-27
1025442Security: IDN spoof with Latin Middle Dot (U+00B7)-2020-02-27
1025468DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr-2020-02-27
1026500Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt-2020-02-27
1027045Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf-2020-02-27
930683Security: Broadcom Bluetooth firmware vulnerability-2020-02-26
954207Heap-buffer-overflow in s_RLE_process-2020-02-26
1015518spvtools_as_fuzzer: Bad-free in spvBinaryDestroy-2020-02-26
1015697spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp-2020-02-26
1024256Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input-2020-02-26
1025067UaF in BluetoothAdapter::OnDiscoveryChangeComplete$20,0002020-02-26
1025109Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2020-02-26
1026479CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c-2020-02-26
1053604Security: Incorrect side effect modelling for JSCreate-2020-02-26
1024758Security: OOB Write in ReduceRegExpPrototypeTest$7,5002020-02-25
1025502gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8>-2020-02-25
1018493ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-02-24
1022695Crash in Builtins_InterpreterEntryTrampoline-2020-02-24
1023144ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-24
1024736transfer_cache_fuzzer: Crash in GrConvertPixels-2020-02-22
1024762gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>-2020-02-22
881675Chrome v69 URL Spoof via FILE_SCHEME$5002020-02-21
1022466render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65-2020-02-21
1023853use after poison in rtc_rtp_sender_impl.cc$5,0002020-02-21
1024099CHECK failure: bytes <= NUMBER in runtime-typedarray.cc-2020-02-21
1024116Out-of-bounds access in WebBluetoothServiceImpl$20,0002020-02-21
1025089Security: Fix number of arguments being passed when setting the thread name on Windows.-2020-02-21
999956Security: U2F misses reloading hardware binding secrets after deep sleep-2020-02-20
1013669Security: USBGuard accepts D-Bus messages from any-2020-02-20
1019616wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate-2020-02-20
1022554render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText-2020-02-20
1022598render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1022855Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read.$3,0002020-02-20
1022893render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged-2020-02-20
1023442ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator-2020-02-20
1023941heap-use-after-free : views::View::SetBackground-2020-02-20
1024121Heap-use-after-free in WebBluetoothServiceImpl$20,0002020-02-20
1016106hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage-2020-02-19
1017793vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock-2020-02-19
1021855Download Protection bypass-2020-02-19
1023351Use-after-poison in blink::EventListenerMap::Find-2020-02-19
1023972DCHECK failure in 4 == kSystemPointerSize in code-generator.cc-2020-02-19
1016703DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array--2020-02-18
1007414Security: Tracking Chrome OS running e2fsck on an untrusted file system?-2020-02-17
1020031CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2020-02-17
699342Security: //components/search_engine appears to be parsing arbitrary XML in the browser process-2020-02-15
754304UI Spoofing in External Protocol confirmation$1,0002020-02-15
947876pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum$2,5002020-02-15
968505Security: Domain name spoofing on Unicode top-level domains-2020-02-15
984513The Permission for an important activity is set to null, as the result it can launched by any app.$1,0002020-02-15
997724trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace-2020-02-15
1005596Security: tel: URL scheme reference origin spoof$2,0002020-02-15
1013882Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font$5,0002020-02-15
1015872libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse-2020-02-15
1015858libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array-2020-02-15
1015881zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-02-15
1016092hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area-2020-02-15
1016099arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch-2020-02-15
1016103runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc-2020-02-15
1016168libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature-2020-02-15
1016813cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree-2020-02-15
1017020heap-use-after-free : libusb_get_next_timeout-2020-02-15
1017494Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA)$7,5002020-02-15
1017256cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString-2020-02-15
1017707Security: Phishing with Unicode Domains$5002020-02-15
1017797cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2020-02-15
1017961Heap-use-after-free in blink::AudioNodeOutput::Pull-2020-02-15
1018512ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1019648v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val-2020-02-15
1020533DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc-2020-02-15
1020906ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame-2020-02-15
1021457Security: Out of bounds index in array in function parameters$3,0002020-02-15
1021919Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult-2020-02-15
1022558Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted-2020-02-15
856927Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled.-2020-02-06
925035CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|.-2020-02-06
1017695spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run-2020-02-06
1018528Flickering WebGL with {alpha:false} on mali-400$5002020-02-06
1018871DCHECK failure in !has_pending_exception() in isolate.cc-2020-02-06
1000887Crash in v8::internal::Simulator::LoadStorePairHelper-2020-02-05
1014607Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState-2020-02-05
1017441Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document$5,0002020-02-05
1019226Security - UAF in OfflineAudioContext$13,3702020-02-05
1019544gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT-2020-02-05
1019553gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>-2020-02-05
1019565gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate-2020-02-05
1008312heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy-2020-02-04
1010526Security: URL bar spoofing with using a file:/// URL$5002020-02-04
1017918Heap-buffer-overflow in hsw::store_NUMBER-2020-02-04
1008470Security: AV in blink::ReadableStreamNative::Trace-2020-02-03
1018565Use-of-uninitialized-value in v8::internal::compiler::Hints::Add-2020-02-03
1011600PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context$5002020-01-31
1016167powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of-2020-01-31
1016169vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString-2020-01-31
1017564Security: URL bar spoofing on iOS with a very long URL$2,0002020-01-31
1016061Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-30
1016100ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum-2020-01-30
1016109ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message-2020-01-30
1016111ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame-2020-01-30
1016393v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-30
1016436Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext-2020-01-30
1017061v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc-2020-01-30
1015864trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t-2020-01-29
1016166dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice-2020-01-29
1016450DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2020-01-29
993706Security: Possible to obtain results of queryObjects using custom devtools formatters-2020-01-28
1016038Security: IndexedDB transactions should be inactive during structured serialization-2020-01-28
1016165Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process-2020-01-28
1016515Unknown signal in Builtins_InterpreterEntryTrampoline-2020-01-28
1010581Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-27
1015945CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio-2020-01-27
1013868Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList$7,5002020-01-25
1015070net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange-2020-01-25
1015129net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage-2020-01-25
1015567Null-dereference READ in v8::internal::VariableProxy::var-2020-01-25
971917Site Isolation: Multiple restriction bypasses in register​Protocol​Handler$3,0002020-01-24
1011950Security: "universal" XSS via copy&paste$2,0002020-01-24
1013418Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton-2020-01-24
1015042chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal-2020-01-24
1015256rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli-2020-01-24
1015791Use-of-uninitialized-value in v8::internal::Scope::Scope-2020-01-24
696208Security: Chrome extension is disabled by crafted chrome-extension:// URL$5002020-01-23
853670SameSite cookies leakage via child browsing context$1,0002020-01-23
1013823zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan-2020-01-23
1013871zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned-2020-01-23
1014834v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp-2020-01-23
1010518Security: AbsentPlaster bug on Chrome OS-2020-01-22
1013490Heap-use-after-free in blink::LayoutObject::IsDescendantOf-2020-01-22
944619Security: CORB not enforced for WebSocket requests$10,0002020-01-21
1013920Security: Debug check failed: is_wasm_memory_.-2020-01-21
1010569Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl-2020-01-20
467329Popups can be moved below the taskbar in windows$5002020-01-18
990867Cross-origin-read attack by using an audio tag to download a cross-origin resource$5002020-01-18
1012055Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo:-2020-01-18
1012579CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t-2020-01-18
1012663Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-18
1012727Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker-2020-01-18
1013048Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes-2020-01-18
1013485Heap-use-after-free in performance_manager::GraphImpl::AddNewNode-2020-01-18
981100Security: ChromeVox exposes browser text from locked screen-2020-01-17
999932Security: Possible to spoof URL through use of document.open$5002020-01-17
1001503Security: UaF in Aura$20,0002020-01-17
1004212Security: Insecure Chrome download allows malicious software to change downloaded file integrity-2020-01-17
1004458Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste-2020-01-17
1005218Security: Multiple file download protection bypass 2$1,0002020-01-17
1007334Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)$2,0002020-01-17
1010765Security: URL in Omnibox doesn't always match page content on iOS-2020-01-17
1013013CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2020-01-17
1013042Security: Debug check failed: Smi::IsValid(value)$5,0002020-01-17
1013058DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2020-01-17
1013135DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.-2020-01-17
954219Heap-use-after-free in pdf14_decrement_smask_color-2020-01-15
984327gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark-2020-01-15
993415Use-after-poison in blink::Node::EnsureEventTargetData$3,0002020-01-15
1003316CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel-2020-01-15
1008947Heap-use-after-free in AvatarMenu::~AvatarMenu-2020-01-15
1011596javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h-2020-01-15
1011677heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter-2020-01-15
1011980DCHECK failure in effect_edges > 0 in verifier.cc-2020-01-15
1012580Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect-2020-01-15
1001854CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003325CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1003326CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel-2020-01-14
1010379Security DCHECK failure: !object || (object->IsBox()) in layout_box.h-2020-01-12
1010477Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h-2020-01-12
1010759Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-12
1011267Heap-use-after-free in blink::PaintLayer::CompositingContainer-2020-01-12
1011603Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation-2020-01-12
1010690Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged-2020-01-11
1010703dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl-2020-01-11
1010706Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers-2020-01-11
1011294net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver-2020-01-11
1007194Security: Use after free in MojoCdmProxyService$5,0002020-01-09
1009458Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue>-2020-01-09
918674Security: CVE-2018-19664 in libjpeg-turbo-2020-01-08
948445Security: multiple issues in SafeSetID LSM-2020-01-08
957314ClientNativePixmap implelementations don't validate handles-2020-01-08
974375ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size-2020-01-08
1005251Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription$7,5002020-01-08
1005635transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER-2020-01-08
1010026Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe-2020-01-08
981649Use-of-uninitialized-value in send_delete_event-2020-01-07
1004341Security: Upgrade expat to 2.2.8$5002020-01-07
1005615transfer_cache_fuzzer: Heap-buffer-overflow in load2-2020-01-07
1005630transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16-2020-01-07
1005948Security: Headers are processed for aborted requests when passed through service worker$5002020-01-07
1008419Crash in blink::MarkingVisitorBase::Visit-2020-01-07
1008632Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)-2020-01-07
1009207Crash in blink::HeapObjectHeader::CheckHeader-2020-01-07
1009260pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free-2020-01-07
1009278Crash in blink::DOMWrapperWorld::Current-2020-01-07
1009382Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks-2020-01-07
1008414CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc-2020-01-06
1008714Crash in blink::IsCallbackFunctionRunnableInternal-2020-01-06
1007423Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork-2020-01-05
974648Use-of-uninitialized-value in uint64divmod-2020-01-04
1000543Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer-2020-01-03
1007866Security DCHECK failure: IsA<Derived>(from) in casting.h-2020-01-03
1008216Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal-2020-01-03
1008316Crash in blink::EventListenerMap::Contains-2020-01-03
1008506Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008610Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible-2020-01-03
1008631DCHECK failure in index < length_ in vector.h-2020-01-03
1008709Use-of-uninitialized-value in hsw::blit_row_s32a_opaque-2020-01-03
985499third_party/liblouis version 3.2.0 is vulnerable-2020-01-02
990234sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash-2020-01-02
991888SOP & Site Isolation bypass with Reader mode$5,0002020-01-02
1005753Security: UAF in indexed_db_cursor.cc$20,5002020-01-02
1006544Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX$4,0002020-01-02
1006545Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition-2020-01-02
1006763Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code-2020-01-02
824715Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing$3,0002020-01-01
1006435spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand-2020-01-01