1125294
|
cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion
|
-
|
2020-12-31
|
1073063
|
Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine
|
-
|
2020-12-30
|
1101509
|
Security: UAF in RawClipboardHostImpl
|
$30000
|
2020-12-30
|
1116280
|
Self-XSS / Crash via window.open and delayed navigation
|
$5000
|
2020-12-30
|
1129705
|
Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext
|
-
|
2020-12-30
|
1129840
|
CrOS: Vulnerability reported in x11-libs/libX11
|
-
|
2020-12-30
|
1130111
|
Heap-use-after-free in views::View::GetPreferredSize
|
-
|
2020-12-30
|
1130489
|
CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc
|
-
|
2020-12-30
|
1125871
|
Crash in v8::internal::Simulator::LoadStoreHelper
|
-
|
2020-12-29
|
1128318
|
Chrome: UAF in SessionStorageImpl
|
-
|
2020-12-29
|
1130127
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-12-29
|
1113565
|
Security: Extensions can use chrome.debugger API to access contents of local files
|
$5000
|
2020-12-28
|
1128994
|
Unknown exception in CrashForExceptionInNonABICompliantCodeRange
|
-
|
2020-12-27
|
1129422
|
h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk
|
-
|
2020-12-26
|
1129598
|
Heap-use-after-free in blink::NGInlineCursor::MoveTo
|
-
|
2020-12-26
|
1129706
|
v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc
|
-
|
2020-12-26
|
1127520
|
.well-known/change-password NavigationThrottle should only be instantiated for main frame navigations
|
-
|
2020-12-25
|
1129359
|
webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi
|
-
|
2020-12-25
|
1129568
|
Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock
|
-
|
2020-12-25
|
1129842
|
CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-25
|
1125199
|
heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse
|
-
|
2020-12-24
|
1127112
|
Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar
|
-
|
2020-12-24
|
1127610
|
CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj
|
-
|
2020-12-24
|
1128343
|
CrOS: Vulnerability reported in net-libs/gnutls
|
-
|
2020-12-24
|
1128756
|
Bad-cast to const char *() in ui::CursorPathFromLibXcursor
|
-
|
2020-12-24
|
1129515
|
Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal
|
-
|
2020-12-24
|
1129285
|
Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal
|
-
|
2020-12-24
|
1092130
|
v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc
|
-
|
2020-12-23
|
1111149
|
video.captureStream() may allow cross-origin resource theft
|
-
|
2020-12-23
|
1124723
|
CHECK failure: parse_success in experimental.cc
|
-
|
2020-12-23
|
1127496
|
Security: Screen share clickjacking secondary issue
|
-
|
2020-12-23
|
1128267
|
Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread
|
-
|
2020-12-23
|
1128342
|
CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-23
|
1127405
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h
|
-
|
2020-12-22
|
1127407
|
Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem
|
-
|
2020-12-22
|
1128301
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h
|
-
|
2020-12-22
|
1128341
|
CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-22
|
1126249
|
Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger
|
-
|
2020-12-21
|
1127310
|
CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-21
|
1127319
|
Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()).
|
$5000
|
2020-12-21
|
1102153
|
Security: Information disclosure through screenshare with clickjacking
|
$2000
|
2020-12-19
|
1123883
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2020-12-19
|
1125210
|
heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory
|
-
|
2020-12-19
|
1126522
|
Crash in marl::Scheduler::Worker::runUntilIdle
|
-
|
2020-12-19
|
1127158
|
Heap-use-after-free in views::MenuController::ExitMenu
|
-
|
2020-12-19
|
1106612
|
heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z
|
-
|
2020-12-18
|
1124782
|
DCHECK failure in top() >= original_top_ in new-spaces.h
|
-
|
2020-12-18
|
1126769
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h
|
-
|
2020-12-18
|
1100136
|
heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process)
|
$15000
|
2020-12-17
|
1121414
|
Security: Missing IsContextDestroyed in MediaKeys
|
-
|
2020-12-17
|
1122848
|
DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc
|
-
|
2020-12-17
|
1121836
|
Security: HeapOverflow in SerialHandle
|
$10000
|
2020-12-16
|
1124776
|
transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString
|
-
|
2020-12-16
|
1125187
|
Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone
|
-
|
2020-12-16
|
1125354
|
Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture
|
-
|
2020-12-16
|
1125951
|
DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc
|
-
|
2020-12-16
|
1124646
|
DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag
|
-
|
2020-12-15
|
1124677
|
CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu
|
-
|
2020-12-15
|
1124696
|
Crash in Builtins_InterpreterEntryTrampoline
|
-
|
2020-12-15
|
1125386
|
Security: chrome dev tools frontend cloud container is leaking
|
-
|
2020-12-15
|
1126106
|
Security: ignore this
|
-
|
2020-12-15
|
1125887
|
Crash in Builtins_RegExpMatchFast
|
-
|
2020-12-15
|
1126108
|
Security: ignore this
|
-
|
2020-12-15
|
1124997
|
Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered
|
-
|
2020-12-14
|
1125144
|
Crash in marl::Scheduler::Worker::runUntilIdle
|
-
|
2020-12-14
|
1125504
|
Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox
|
-
|
2020-12-14
|
1106890
|
Security: Possible for apps to access http/https sites outside of a webview context via blob URLs
|
$15000
|
2020-12-12
|
1111685
|
Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap
|
-
|
2020-12-12
|
1114114
|
CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-12
|
1119532
|
mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair
|
-
|
2020-12-12
|
1123023
|
Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay.
|
$3000
|
2020-12-12
|
1124477
|
DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h
|
-
|
2020-12-12
|
1124617
|
Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty
|
$3000
|
2020-12-12
|
1124754
|
Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset
|
-
|
2020-12-12
|
1111737
|
Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal()
|
$7500
|
2020-12-08
|
1112155
|
DCHECK failure in address % 4 == 0 in simulator-arm.cc
|
-
|
2020-12-08
|
1113558
|
Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API
|
$5000
|
2020-12-08
|
1123522
|
Security: Use-After-Poison in XRFrameProvider
|
$7500
|
2020-12-08
|
1099390
|
Security: ChromeOS chronos privilege escalation to root
|
$30000
|
2020-12-07
|
1122917
|
Security: UAF in DirectSocketsServiceImpl
|
$20000
|
2020-12-07
|
1123379
|
DCHECK failure in effect_edges > 0 in verifier.cc
|
-
|
2020-12-07
|
1088224
|
Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images
|
$5000
|
2020-12-06
|
1123258
|
cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion
|
-
|
2020-12-06
|
1114636
|
Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget
|
$15000
|
2020-12-05
|
1116123
|
cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion
|
-
|
2020-12-05
|
1115662
|
Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport)
|
$30000
|
2020-12-04
|
1116505
|
cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item
|
-
|
2020-12-04
|
1116903
|
container-overflow in blink::MediaStreamSource
|
$2000
|
2020-12-04
|
1117258
|
Segv on unknown address in v8::internal::JSPromise::Fulfill
|
-
|
2020-12-04
|
1120729
|
CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc
|
-
|
2020-12-04
|
1114458
|
ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data
|
-
|
2020-12-03
|
1115945
|
CrOS: Vulnerability reported in x11-libs/libX11
|
-
|
2020-12-03
|
1116304
|
Security: UAF in VideoCapture
|
$20000
|
2020-12-03
|
1119331
|
mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure
|
-
|
2020-12-03
|
1119400
|
Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer
|
-
|
2020-12-03
|
1119419
|
v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline
|
-
|
2020-12-03
|
1121156
|
Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext
|
-
|
2020-12-03
|
1122560
|
CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-03
|
1115963
|
Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos
|
-
|
2020-12-02
|
1115977
|
Security: BackupArcBugReport file write vulnerability
|
-
|
2020-12-02
|
1121898
|
webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection
|
-
|
2020-12-02
|
1121982
|
CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-02
|
1119865
|
Security: UAF in StopProfiler
|
$7500
|
2020-12-01
|
1120924
|
webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone
|
-
|
2020-12-01
|
1121642
|
CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-12-01
|
1120956
|
Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout
|
-
|
2020-11-30
|
1117367
|
Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358?
|
$500
|
2020-11-28
|
1120825
|
webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput
|
-
|
2020-11-28
|
1116019
|
v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32
|
-
|
2020-11-27
|
1114556
|
Security: UaF in views::View::UpdateTooltip
|
$5000
|
2020-11-25
|
1116706
|
Security: Use After Free in PresentationConnectionCallbacks::OnSuccess
|
$7500
|
2020-11-25
|
1081874
|
Double free on NodeChannel
|
-
|
2020-11-24
|
1099670
|
CrOS: Vulnerability reported in dev-libs/libpcre
|
-
|
2020-11-24
|
1092518
|
Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly
|
$500
|
2020-11-21
|
1108511
|
heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged
|
-
|
2020-11-21
|
1108892
|
dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout
|
-
|
2020-11-21
|
1109120
|
Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page
|
-
|
2020-11-21
|
1113209
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace
|
-
|
2020-11-21
|
1113554
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get
|
-
|
2020-11-21
|
1114066
|
Potential UAF when closing chrome://cellular-setup
|
-
|
2020-11-21
|
1114398
|
crash in Builtins_StaCurrentContextSlotHandler
|
$5000
|
2020-11-21
|
1114500
|
gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER
|
-
|
2020-11-21
|
1115345
|
Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect
|
-
|
2020-11-21
|
1115354
|
DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h
|
-
|
2020-11-21
|
1115693
|
Heap-use-after-free in blink::Element::AttributeChanged
|
-
|
2020-11-21
|
1115902
|
Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged
|
-
|
2020-11-21
|
1112206
|
Security: pdfium Debug check failed
|
-
|
2020-11-18
|
1092453
|
Restrictions on navigation to the content scheme can be bypassed on Android
|
$3000
|
2020-11-17
|
1114803
|
wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int>
|
-
|
2020-11-17
|
1104628
|
Security: Private file upload (data exfiltration)
|
$1000
|
2020-11-16
|
1114326
|
Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner
|
-
|
2020-11-15
|
1038208
|
canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed
|
-
|
2020-11-14
|
1113710
|
Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint
|
-
|
2020-11-14
|
1102361
|
Security: Arbitrary command execution vulnerability in patchpanel
|
-
|
2020-11-13
|
1113226
|
Security: Heap overflow in libavif
|
-
|
2020-11-13
|
1114005
|
CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc
|
-
|
2020-11-13
|
1114006
|
DCHECK failure in 0 <= length in factory-base.cc
|
-
|
2020-11-13
|
937179
|
Security: Malicious link opens multiple tabs via URI handler
|
$500
|
2020-11-12
|
1034224
|
CrOS: Vulnerability reported in dev-libs/libxslt
|
-
|
2020-11-12
|
1039058
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2020-11-12
|
1108116
|
heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions
|
-
|
2020-11-12
|
1110207
|
Security: Use after free in Payments
|
$20000
|
2020-11-12
|
1112440
|
gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param
|
-
|
2020-11-12
|
1112442
|
gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group
|
-
|
2020-11-12
|
1112474
|
gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc
|
-
|
2020-11-12
|
1112477
|
gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc
|
-
|
2020-11-12
|
1108181
|
Security: bypas of the protection of input field cache
|
$5000
|
2020-11-11
|
1108518
|
Security: UAF in ScriptPromiseProperty due to iterator invalidation
|
$7500
|
2020-11-11
|
1100280
|
Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation
|
$500
|
2020-11-10
|
1103827
|
Security: heap-buffer-overflow in TextDetection detect
|
-
|
2020-11-10
|
1106590
|
Step "blink_web_tests" failing on builder "WebKit Linux MSAN"
|
-
|
2020-11-10
|
1112642
|
Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint
|
-
|
2020-11-10
|
841622
|
Security: Speech permission request UI spoof
|
$500
|
2020-11-09
|
1104046
|
Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner().
|
$7500
|
2020-11-09
|
1100286
|
Chromium: Vulnerability reported in third_party/requests
|
-
|
2020-11-08
|
1108535
|
Security: UAF in ImageDecoderExternal due to iterator invalidation
|
$7500
|
2020-11-07
|
1110432
|
mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles
|
-
|
2020-11-07
|
1111831
|
Crash in v8::internal::Heap::CreateFillerObjectAt
|
-
|
2020-11-07
|
1111972
|
Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers
|
-
|
2020-11-07
|
1112025
|
DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top
|
-
|
2020-11-07
|
1112039
|
Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint
|
-
|
2020-11-07
|
1107433
|
Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability
|
$10000
|
2020-11-06
|
1111015
|
v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i
|
-
|
2020-11-06
|
1111307
|
Security: UAF in OfflinePageTabHelper::LoadData
|
-
|
2020-11-06
|
1012955
|
Security: Reader mode needs improved sanitization
|
-
|
2020-11-05
|
1107104
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get
|
-
|
2020-11-05
|
1110749
|
net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<<
|
-
|
2020-11-05
|
1110991
|
zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence
|
-
|
2020-11-05
|
1110992
|
net_spdy_session_fuzzer: Heap-use-after-free in base::operator<<
|
-
|
2020-11-05
|
1145680
|
Ports 5060 and 5061 should be blocked
|
-
|
2020-11-04
|
1092385
|
Security: heap-use-after-free / double-free in blink::CanvasResourceProvider
|
$5000
|
2020-11-04
|
1106342
|
Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent
|
-
|
2020-11-04
|
1106507
|
Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper
|
-
|
2020-11-04
|
1107824
|
Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self'
|
-
|
2020-11-04
|
1108091
|
Race condition in NativeFileSystemWriter close logic
|
-
|
2020-11-04
|
1109467
|
Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask
|
-
|
2020-11-04
|
1110564
|
v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc
|
-
|
2020-11-04
|
1090352
|
Security: no user interaction: URL spoofing using blob + @ (iOS)
|
$1000
|
2020-11-03
|
1106299
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2020-11-03
|
1108351
|
Security: Use of conditionally uninitialised stack variable may leak stack state
|
-
|
2020-11-03
|
1108472
|
Security: UAF in RTCQuicTransport due to iterator invalidation
|
$7500
|
2020-11-03
|
1110214
|
DCHECK failure in !result.IsRetry() in new-spaces.cc
|
-
|
2020-11-03
|
1102196
|
Security: Keystone for macOS should use auditToken to validate incoming XPC message
|
$10000
|
2020-11-02
|
1108299
|
UaF in NFCHost::GetNFC
|
-
|
2020-11-02
|
1108497
|
Security: UAF in RemotePlayback due to iterator invalidation (Android only)
|
$7500
|
2020-11-02
|
931013
|
Extension has an ability to execute script in New Tab Page
|
$500
|
2020-10-31
|
1109108
|
pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect()
|
$7500
|
2020-10-31
|
1109461
|
CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-10-31
|
1099276
|
Security: Cursor hijacking mitigation bypass
|
-
|
2020-10-30
|
1105426
|
Security: Use-after-free in MediaElementEventListener::UpdateSources
|
-
|
2020-10-30
|
1106091
|
Security: Sending uninitialized bytes between processes
|
-
|
2020-10-30
|
1106234
|
Security: heap-user-after-free in HidService
|
-
|
2020-10-30
|
1106682
|
Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList
|
-
|
2020-10-30
|
1107815
|
Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers
|
-
|
2020-10-30
|
1108639
|
openh264 is vulnerable to a known vulnerability
|
-
|
2020-10-30
|
1105720
|
Security: heap-buffer-overflow in SkReader32::readInt
|
-
|
2020-10-28
|
1139963
|
Security: Heap buffer overflow due to integer truncation in FreeType
|
-
|
2020-10-28
|
1039882
|
Leaking size of cross-origin resource by caching it twice
|
$2000
|
2020-10-27
|
1103839
|
DCHECK failure in pc_ <= end_ in decoder.h
|
-
|
2020-10-27
|
1104061
|
UAF in sctp_transport
|
$7500
|
2020-10-27
|
1106773
|
Security: Use-after-free in USB::OnServiceConnectionError
|
-
|
2020-10-27
|
1102151
|
Security: heap-use-after-free in AllowFrom
|
$5000
|
2020-10-26
|
1104053
|
v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc
|
-
|
2020-10-26
|
1105283
|
Heap-use-after-free in blink::NGPhysicalFragment::PostLayout
|
-
|
2020-10-26
|
1076923
|
vtest_fuzzer: Crash in try_setup_line
|
-
|
2020-10-25
|
1105198
|
Heap-use-after-free in blink::LayoutObject::OutlineRects
|
-
|
2020-10-25
|
1100669
|
Security: missing WDS fix
|
-
|
2020-10-24
|
1104322
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get
|
-
|
2020-10-24
|
1105635
|
Security: use-after-poison when using CSS var() with revert as fallback
|
-
|
2020-10-24
|
1105723
|
Security: heap-buffer-overflow in Skia
|
-
|
2020-10-24
|
1106285
|
v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h
|
-
|
2020-10-24
|
1077761
|
Security: TOCTOU race in cupsd.conf init script
|
-
|
2020-10-23
|
1015310
|
Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs
|
-
|
2020-10-22
|
1086896
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-10-22
|
1087362
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-10-22
|
1101152
|
pdfium_embeddertests triggers a use-after-poison in V8
|
-
|
2020-10-22
|
1101756
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-10-22
|
1104103
|
Security: Insufficient data validation in deserialize TransformStream
|
$7500
|
2020-10-22
|
1105815
|
DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h
|
-
|
2020-10-22
|
1106357
|
Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size
|
-
|
2020-10-22
|
958521
|
gstoraster: Use-of-uninitialized-value in register_x86_crypto
|
-
|
2020-10-21
|
1104608
|
Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access
|
$5000
|
2020-10-20
|
1067854
|
Chromium: Vulnerability reported in third_party/binutils
|
-
|
2020-10-19
|
1103195
|
Security: HeapOverflow in BackgroundFetch
|
$15000
|
2020-10-19
|
1104528
|
Heap-use-after-free in ui::LayerAnimator::OnScheduled
|
-
|
2020-10-19
|
1104533
|
Security DCHECK failure: i < length() in string_view.h
|
$6000
|
2020-10-19
|
1099568
|
Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable
|
-
|
2020-10-16
|
1102860
|
cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client
|
-
|
2020-10-16
|
1082717
|
CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-10-15
|
1101304
|
DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h
|
-
|
2020-10-15
|
1102408
|
Heap-use-after-free in blink::LayoutBox::FindAutoscrollable
|
-
|
2020-10-15
|
1103557
|
Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed
|
-
|
2020-10-15
|
1094699
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2020-10-14
|
1097308
|
cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create
|
-
|
2020-10-14
|
1100247
|
Security: Potential UAF in AndroidCdmFactory
|
-
|
2020-10-14
|
1101818
|
Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved
|
$6000
|
2020-10-14
|
1102083
|
Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc
|
$6000
|
2020-10-14
|
1102127
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get
|
-
|
2020-10-14
|
1102137
|
Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h
|
-
|
2020-10-14
|
1102161
|
CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc
|
-
|
2020-10-14
|
1102609
|
Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed
|
-
|
2020-10-14
|
1105202
|
Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123)
|
$1000
|
2020-10-13
|
1101883
|
Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc
|
-
|
2020-10-12
|
1102054
|
Disable (or fix) YUV image decoding before M86 due to use after free
|
-
|
2020-10-10
|
1096677
|
WebView: Cross-domain content can be fetched from resources loaded by the content scheme
|
-
|
2020-10-09
|
1101629
|
v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h
|
-
|
2020-10-09
|
1076786
|
Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer
|
-
|
2020-10-08
|
1091790
|
dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout
|
-
|
2020-10-08
|
1096170
|
dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback
|
-
|
2020-10-08
|
1029907
|
Security: URL bar spoofing with prompt dialog on iOS
|
$500
|
2020-10-07
|
1030927
|
Site Isolation Bypass: ClientHints doesn't properly check origin from renderer
|
-
|
2020-10-07
|
1094453
|
Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal()
|
-
|
2020-10-07
|
1095560
|
Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted
|
$5000
|
2020-10-07
|
1097484
|
Use-of-uninitialized-value in base::internal::WeakReference::IsValid
|
-
|
2020-10-07
|
1099621
|
dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer
|
-
|
2020-10-07
|
1099945
|
Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture
|
-
|
2020-10-07
|
1099990
|
Security: pdfium heap-buffer-overflow with experimental skia back end
|
-
|
2020-10-07
|
1100900
|
Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine
|
-
|
2020-10-07
|
1101079
|
Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr
|
-
|
2020-10-07
|
1100079
|
Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout
|
-
|
2020-10-05
|
1094235
|
uaf in extensions
|
$5000
|
2020-10-03
|
1094655
|
Heap-buffer-overflow in vk::Image::copy
|
-
|
2020-10-03
|
1098179
|
Use-of-uninitialized-value in send_delete_event
|
-
|
2020-10-03
|
1099974
|
Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock
|
-
|
2020-10-03
|
1094644
|
gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so
|
-
|
2020-10-02
|
1098606
|
WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent.
|
-
|
2020-10-02
|
1099446
|
Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function
|
$2000
|
2020-10-02
|
1010756
|
Crash in sw::Renderer::executeTask
|
-
|
2020-10-01
|
1090543
|
heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed
|
-
|
2020-09-30
|
1097483
|
Heap-buffer-overflow in sw::Blitter::fastClear
|
-
|
2020-09-30
|
1092449
|
Cross-domain content can be fetched from resources loaded by the content scheme
|
$20000
|
2020-09-29
|
1096002
|
Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers
|
-
|
2020-09-29
|
1097442
|
v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h
|
-
|
2020-09-29
|
1097467
|
v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate
|
-
|
2020-09-29
|
1097595
|
Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc
|
-
|
2020-09-29
|
1098243
|
CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-29
|
1084699
|
[WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue
|
-
|
2020-09-28
|
1097416
|
Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult>
|
-
|
2020-09-27
|
1017558
|
pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder
|
-
|
2020-09-26
|
1037980
|
pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray
|
-
|
2020-09-26
|
1058716
|
pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc
|
-
|
2020-09-26
|
967204
|
Security: dangling markup protection bypass with <portal> element
|
$500
|
2020-09-25
|
997412
|
Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA)
|
-
|
2020-09-25
|
1082755
|
Heap UaF in TabStrip::CloseTab
|
$5000
|
2020-09-25
|
1086009
|
Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8
|
$500
|
2020-09-25
|
1086845
|
Security: Blob ignores charset specified in type attribute
|
$1000
|
2020-09-25
|
1087282
|
XSS in interstitial_common.js leading to UXSS
|
-
|
2020-09-25
|
1088187
|
Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason
|
-
|
2020-09-25
|
1090835
|
Security: Full screen notification overlap on Windows and Linux (take two)
|
$500
|
2020-09-25
|
1093719
|
Container-overflow in content::responsiveness::Watcher::DidRunTask
|
-
|
2020-09-25
|
1094363
|
Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset
|
-
|
2020-09-25
|
1094442
|
Background tab can launch PWA or play store page when interacting with any page.
|
-
|
2020-09-25
|
1095709
|
Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void
|
-
|
2020-09-25
|
1095760
|
Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void
|
-
|
2020-09-25
|
1095927
|
Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio
|
-
|
2020-09-25
|
1096079
|
Heap-use-after-free in blink::ImageResourceContent::NotifyObservers
|
-
|
2020-09-25
|
1097028
|
CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-25
|
1092451
|
Multiple-file download restrictions can be bypassed using Android intents
|
$500
|
2020-09-23
|
1076703
|
Security: WebRTC: usrsctp is called with pointer as network address
|
-
|
2020-09-22
|
1095102
|
Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc
|
-
|
2020-09-22
|
1095589
|
CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-22
|
1072841
|
heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer
|
-
|
2020-09-21
|
1092059
|
v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm.
|
-
|
2020-09-21
|
995732
|
Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit)
|
-
|
2020-09-18
|
1090519
|
Security: Missing microcode for some Intel platforms
|
-
|
2020-09-18
|
1092308
|
uaf in extensions
|
$20000
|
2020-09-18
|
1093902
|
paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte
|
-
|
2020-09-18
|
1086796
|
Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg
|
$7500
|
2020-09-17
|
1087921
|
gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER
|
-
|
2020-09-17
|
1083128
|
Security: Out-of-bounds write browser crash
|
$5000
|
2020-09-16
|
1092274
|
Security: global-buffer-overflow in bytesPerVertex
|
$1000
|
2020-09-16
|
1084820
|
DCHECK failure in value.IsHeapObject() in objects-debug.cc
|
$5000
|
2020-09-15
|
1091461
|
DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc
|
-
|
2020-09-15
|
1092553
|
Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8:
|
-
|
2020-09-15
|
967202
|
Security: bypass file download restrictions using <portal> element
|
-
|
2020-09-14
|
1083213
|
CrOS: Vulnerability reported in net-vpn/openvpn
|
-
|
2020-09-14
|
1090173
|
Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf
|
-
|
2020-09-14
|
1091670
|
Security: heap-buffer-overflow in sk_careful_memcpy
|
-
|
2020-09-14
|
1091404
|
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092
|
$2000
|
2020-09-12
|
1065264
|
No validation of origin in initializing CDM
|
-
|
2020-09-11
|
1082716
|
CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-11
|
1087158
|
Crash in FidoDiscoveryFactory::ResetRequestState()
|
-
|
2020-09-11
|
1091180
|
heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions
|
-
|
2020-09-11
|
1091214
|
CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-11
|
1039062
|
CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-10
|
1083819
|
Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target
|
$15000
|
2020-09-10
|
1091213
|
CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-09-10
|
1080953
|
CrOS: Vulnerability reported in net-nds/openldap
|
-
|
2020-09-09
|
980116
|
Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray
|
$3000
|
2020-09-08
|
980172
|
Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView
|
$2000
|
2020-09-08
|
1080622
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2020-09-08
|
1082186
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2020-09-08
|
1087968
|
heap-use-after-free in adhd in asan builds
|
-
|
2020-09-08
|
1085507
|
v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc
|
-
|
2020-09-06
|
1086890
|
Security: Missing array size check in NewFixedArray
|
-
|
2020-09-06
|
1081350
|
Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*)
|
$15000
|
2020-09-05
|
1085718
|
Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame
|
-
|
2020-09-05
|
1087629
|
Upgrade SQLite to 3.32.1
|
-
|
2020-09-05
|
921015
|
Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator
|
-
|
2020-09-04
|
1033897
|
Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function
|
-
|
2020-09-04
|
1067382
|
Security: Sandbox escape via chrome.input.ime
|
$5000
|
2020-09-04
|
1072116
|
Security: Possible for extensions to escape sandbox via devtools watch expressions
|
$10000
|
2020-09-04
|
1080481
|
Security: Skia: Integer Overflow in GrTextBlob::Make
|
-
|
2020-09-04
|
1081040
|
gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8
|
-
|
2020-09-04
|
1085989
|
pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator
|
-
|
2020-09-04
|
1086124
|
Security: UAF in ChromeOS Login
|
$5000
|
2020-09-04
|
1086798
|
V8 Potential Use after free in the function ToPropertyDescriptorFastPath
|
-
|
2020-09-04
|
944944
|
Infra: Outdated set of root certificates
|
-
|
2020-09-02
|
1072467
|
Security: arc-setup to be more cautious when moving android data directories
|
-
|
2020-09-02
|
1075457
|
Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default
|
-
|
2020-09-02
|
1084839
|
Heap-use-after-free in blink::PaintLayer::~PaintLayer
|
-
|
2020-09-02
|
1086470
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin
|
-
|
2020-09-02
|
1052093
|
Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist
|
-
|
2020-09-01
|
1080444
|
v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h
|
-
|
2020-09-01
|
1085704
|
gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES
|
-
|
2020-09-01
|
1085846
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES
|
-
|
2020-09-01
|
1085990
|
Security: Browser_crash - heap-use-after-free in Payments API
|
-
|
2020-09-01
|
1056754
|
Security: Browsable Activities expose insecure behaviors on Android
|
-
|
2020-08-28
|
1074317
|
Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script>
|
$5000
|
2020-08-28
|
1084151
|
v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc
|
-
|
2020-08-28
|
1085315
|
URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C)
|
-
|
2020-08-28
|
1085738
|
CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-28
|
1082105
|
uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest
|
$20000
|
2020-08-26
|
1083793
|
Crash in v8::Isolate::GetCurrentContext
|
-
|
2020-08-26
|
932892
|
Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field
|
$1000
|
2020-08-25
|
999310
|
Security: OOB Access in V8
|
$10000
|
2020-08-24
|
1016261
|
Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN
|
-
|
2020-08-24
|
1083157
|
Crash in blink::ReadExifDirectory
|
-
|
2020-08-24
|
1078375
|
Heap-use-after-free in gl::State::reset
|
-
|
2020-08-23
|
795595
|
Security: chrome.devtools.inspectedWindow.eval executes within privileged pages
|
$2000
|
2020-08-22
|
1082990
|
CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc
|
-
|
2020-08-22
|
1083525
|
CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp
|
-
|
2020-08-22
|
1065122
|
heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor
|
-
|
2020-08-21
|
1067869
|
Chromium: Vulnerability reported in third_party/guava
|
-
|
2020-08-21
|
1077200
|
CrOS: Vulnerability reported in dev-vcs/git
|
-
|
2020-08-21
|
1080616
|
CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1080618
|
CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1080951
|
CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1081086
|
Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren
|
-
|
2020-08-21
|
1081722
|
Security: memcpy-param-overlap in AudioBuffer::copyFromChannel
|
-
|
2020-08-21
|
1082597
|
pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus
|
$7500
|
2020-08-21
|
1082727
|
Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct
|
-
|
2020-08-21
|
1083210
|
CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1083211
|
CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1083212
|
CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-21
|
1083250
|
CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc
|
-
|
2020-08-21
|
999311
|
Security: Use after free in MojoCdmService
|
$30000
|
2020-08-20
|
1052492
|
Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer
|
-
|
2020-08-18
|
1074340
|
Security: javascript URI sandbox flags aren't propagated in a blank string case
|
$1000
|
2020-08-17
|
1079449
|
v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h
|
-
|
2020-08-17
|
1081081
|
Security: URL spoofing using slow page loading on iOS
|
$500
|
2020-08-17
|
1073015
|
Security: UAF in DistillerJavaScriptService (Android)
|
$20000
|
2020-08-15
|
1077491
|
Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues
|
$3000
|
2020-08-15
|
1079398
|
gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler
|
-
|
2020-08-15
|
1080936
|
Container-overflow in base::internal::Invoker<base::internal::BindState<void
|
-
|
2020-08-15
|
1080950
|
CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-15
|
1066731
|
Security: Wrong account password captured
|
-
|
2020-08-14
|
1072165
|
libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace
|
-
|
2020-08-14
|
1075496
|
Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout
|
-
|
2020-08-14
|
1077203
|
Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX
|
-
|
2020-08-14
|
1077301
|
Security: SELinux/netlink missing access check
|
-
|
2020-08-14
|
1077477
|
mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace
|
-
|
2020-08-14
|
1077531
|
Security: ChromeOS shill breakout and privilege escalation to root
|
$30000
|
2020-08-14
|
1077754
|
Security: cmd injection into pppd config
|
-
|
2020-08-14
|
1077780
|
Security: run_oci will execute hooks from config.json on writable file systems
|
-
|
2020-08-14
|
1078236
|
Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation
|
$6000
|
2020-08-14
|
1078336
|
CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-14
|
1078671
|
Security: UAF in CaptionHostImpl
|
$20000
|
2020-08-14
|
1078865
|
trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256
|
-
|
2020-08-14
|
1078867
|
cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts
|
-
|
2020-08-14
|
1078913
|
DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc
|
-
|
2020-08-14
|
1079066
|
DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc
|
-
|
2020-08-14
|
1080447
|
trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256
|
-
|
2020-08-14
|
1080617
|
CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-14
|
1080620
|
CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-14
|
1080621
|
CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-14
|
946156
|
Security: Chrome (Mac OS X) - Arbitrary File Permission Modification
|
$500
|
2020-08-12
|
1077501
|
Segv on unknown address in blink::StyleCascade::ApplyInterpolation
|
-
|
2020-08-12
|
1078399
|
v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h
|
-
|
2020-08-12
|
1050003
|
CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-08-11
|
1071311
|
Security: OOB Write In SkBitSet::set
|
-
|
2020-08-11
|
1071729
|
Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com)
|
-
|
2020-08-11
|
1076708
|
OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor
|
$7500
|
2020-08-11
|
1072474
|
Security: cros_disks sshfs allows injection of symlinks
|
-
|
2020-08-10
|
1001870
|
gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group
|
-
|
2020-08-07
|
1036706
|
gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new
|
-
|
2020-08-07
|
1076030
|
hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area
|
-
|
2020-08-07
|
1065731
|
audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header
|
-
|
2020-08-06
|
1070066
|
Security: Displaying a page action popup from the omnibox prevents an infobar from displaying
|
$500
|
2020-08-06
|
1075719
|
v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable
|
-
|
2020-08-06
|
1076442
|
DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h
|
-
|
2020-08-06
|
1029569
|
sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0
|
$3000
|
2020-08-05
|
1072233
|
Security: ChromeOS root privilege escalation and persistence
|
$45000
|
2020-08-05
|
1072276
|
login_manager command execution via policy-injected flags
|
-
|
2020-08-05
|
1073602
|
SCTP stack buffer overflow from malicious AUTH chunks
|
-
|
2020-08-05
|
1074586
|
DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h
|
-
|
2020-08-05
|
1074706
|
uaf in TabSharingInfoBarDelegate
|
$15000
|
2020-08-05
|
1074655
|
Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity
|
-
|
2020-08-05
|
1075953
|
DCHECK failure in *available != 0 in assembler-arm.cc
|
-
|
2020-08-05
|
1007343
|
vtest_fuzzer: Crash in try_setup_line
|
-
|
2020-08-04
|
1069246
|
iOS: Omnibox doesn't display blob: origin for long URL
|
$1500
|
2020-08-04
|
1069964
|
Security: Check failed: receiver.IsJSFunction().
|
-
|
2020-08-04
|
1070094
|
ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev
|
-
|
2020-08-04
|
1070480
|
Security: use-of-uninitialized-value in sse2::lowp::gather
|
-
|
2020-08-04
|
1072253
|
Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos
|
$30000
|
2020-08-04
|
1072470
|
Security: cups shouldn't be running with gid=0
|
-
|
2020-08-04
|
1074532
|
minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process
|
-
|
2020-08-04
|
1075777
|
ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev
|
-
|
2020-08-04
|
1075952
|
ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std
|
-
|
2020-08-04
|
1073553
|
Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1>
|
-
|
2020-08-03
|
1074621
|
DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h
|
-
|
2020-08-03
|
843095
|
Chrome Url Spoofing via Interstitial content overwrite
|
$2000
|
2020-08-01
|
978779
|
Chromium uses expired certificate for Baltimore CyberTrust
|
-
|
2020-08-01
|
1074190
|
net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata
|
-
|
2020-08-01
|
961644
|
Heap-buffer-overflow in courgette::Read32LittleEndian
|
-
|
2020-07-31
|
1073981
|
DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.
|
-
|
2020-07-31
|
1073409
|
XSS on chrome://histograms/ with a compromised renderer
|
-
|
2020-07-30
|
985551
|
Crash in sw::Thread::Thread
|
-
|
2020-07-29
|
1057441
|
sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode
|
-
|
2020-07-29
|
1072171
|
Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax
|
$7500
|
2020-07-29
|
1072885
|
Security: arcvm-server-proxy command injection
|
-
|
2020-07-29
|
1072983
|
use-after-free in BlobRegistryImpl(browser process)
|
$20000
|
2020-07-29
|
1073263
|
DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc
|
-
|
2020-07-29
|
1064676
|
full CSP bypass while evaluating a javascript-URL in iframe.
|
$3000
|
2020-07-29
|
634183
|
Malformed CSP is not reported in the console and protection is disabled.
|
-
|
2020-07-28
|
1071059
|
Security: Blink - Type Confusion with Custom Element
|
$7500
|
2020-07-28
|
873178
|
Security: Chrome allows setting arbitrary HTTP headers
|
-
|
2020-07-28
|
633348
|
CSP can be abused to disclose line/column numbers across origins
|
-
|
2020-07-27
|
992698
|
Security: Bypass the CSP when popup with "javascript:"-URL
|
$500
|
2020-07-27
|
1072115
|
v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode
|
-
|
2020-07-27
|
1016278
|
Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand
|
-
|
2020-07-25
|
1042986
|
iframe in victim page can detect Scroll To Text Fragment activation
|
-
|
2020-07-25
|
1071711
|
v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h
|
-
|
2020-07-25
|
986051
|
Security: Use-after-free of CommandLineAPIScope object
|
$3000
|
2020-07-24
|
1070609
|
Security: UAF in the blink.mojom.SmsReceiverPtr interface
|
$10000
|
2020-07-24
|
1071454
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
$6000
|
2020-07-24
|
1025302
|
Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes
|
-
|
2020-07-23
|
1040490
|
CrOS: Vulnerability reported in net-dns/dnsmasq
|
-
|
2020-07-23
|
1049040
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init
|
-
|
2020-07-23
|
1062861
|
heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry
|
-
|
2020-07-23
|
1063690
|
Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing
|
$500
|
2020-07-23
|
1064891
|
use after free in mojom::ClipboardHost
|
$10000
|
2020-07-23
|
1068084
|
Security: Use after free in WebRTC
|
$7500
|
2020-07-23
|
1068531
|
Security: Character ĂąÂÂù Âù (U+2800) should be converted into code.
|
$500
|
2020-07-23
|
1068609
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace
|
-
|
2020-07-23
|
1069079
|
dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl
|
-
|
2020-07-23
|
1069757
|
CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-07-23
|
1070012
|
Chromium: Vulnerability reported in third_party/sqlite
|
-
|
2020-07-23
|
1070199
|
[wasm] Disable native module cache to fix stability issue on M-81
|
-
|
2020-07-23
|
967925
|
Security: BLE Hijacking with Smart Unlock/Magic Tether
|
-
|
2020-07-21
|
1069700
|
Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot
|
$5000
|
2020-07-21
|
1069789
|
Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown
|
$7500
|
2020-07-21
|
1070054
|
Security: input audio html5 tag makes chrome ios crashes
|
-
|
2020-07-21
|
1065298
|
UAF in base::SupportsUserData::SetUserData
|
$20000
|
2020-07-18
|
1068542
|
CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-07-18
|
1055933
|
heap-use-after-free : ProfileIOData::FromResourceContext
|
-
|
2020-07-16
|
1064519
|
Security: DevTools doesn't fully validate channel messages it receives
|
$3000
|
2020-07-16
|
1068395
|
Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost
|
-
|
2020-07-16
|
1067851
|
Security: UAF in Speech Recognizer
|
$25000
|
2020-07-15
|
1068466
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus
|
-
|
2020-07-15
|
840361
|
Security: mount-encrypted may leak stateful encryption key across dev mode transition
|
-
|
2020-07-14
|
1016543
|
Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo
|
-
|
2020-07-14
|
1053939
|
V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt
|
-
|
2020-07-14
|
1057461
|
dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback
|
-
|
2020-07-14
|
1068509
|
CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc
|
-
|
2020-07-14
|
1055583
|
dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get
|
-
|
2020-07-13
|
1061687
|
dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl
|
-
|
2020-07-13
|
1067980
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-07-13
|
1010770
|
Crash in hsw::lowp::gather_NUMBER
|
-
|
2020-07-12
|
1055746
|
Security: CVE-2020-2732: Nested VMX vulnerability
|
-
|
2020-07-12
|
1059577
|
Security: Possible to escape sandbox via devtools_page
|
$3000
|
2020-07-11
|
1060023
|
Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239
|
-
|
2020-07-10
|
1065186
|
UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture
|
$5000
|
2020-07-10
|
1065761
|
Security: Copy & paste XSS via noscript
|
$5000
|
2020-07-10
|
981114
|
Security: BT Classic Pairing Hijack
|
-
|
2020-07-08
|
1059955
|
dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit
|
-
|
2020-07-08
|
1061933
|
aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion
|
-
|
2020-07-08
|
1061235
|
Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor
|
-
|
2020-07-07
|
1064429
|
Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar
|
-
|
2020-07-07
|
1065704
|
Security: UAF in WebSocket Network Service
|
$20000
|
2020-07-07
|
1065772
|
ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator()
|
-
|
2020-07-07
|
1058895
|
Security: Slow Read HTTP Attack
|
$500
|
2020-07-06
|
1040755
|
Security: Another "universal" XSS via copy&paste
|
$2000
|
2020-07-03
|
1062868
|
heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount
|
-
|
2020-07-03
|
1064898
|
Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput
|
-
|
2020-07-03
|
978632
|
heap-use-after-free : sctp_release_pr_sctp_chunk
|
-
|
2020-07-02
|
990581
|
Security: Security: CSP does not propagate to blob: URIs
|
$500
|
2020-07-02
|
1060559
|
[Web NFC] Block YubiKeys
|
-
|
2020-07-02
|
1061682
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-07-02
|
1019161
|
UAF In ProcessManager
|
$7500
|
2020-07-01
|
1064112
|
Segv on unknown address in blink::Internals::getAgentId
|
-
|
2020-07-01
|
1067270
|
Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044)
|
$5000
|
2020-07-01
|
1063177
|
Declarative Net Request: Potential use after free while reindexing rulesets.
|
-
|
2020-06-30
|
1054229
|
media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec
|
-
|
2020-06-28
|
1059764
|
Security: container-overflow in MediaStream mojo
|
-
|
2020-06-26
|
1060549
|
Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA)
|
$7500
|
2020-06-26
|
1062247
|
Incomplete fix of 1055788 and 1057627
|
-
|
2020-06-26
|
1032531
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1034223
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1035370
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1037730
|
Security: Full screen notification overlap on Windows and Linux
|
$500
|
2020-06-25
|
1038580
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1038884
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1040055
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1040488
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-06-25
|
1052647
|
Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate)
|
-
|
2020-06-24
|
1061878
|
dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy
|
-
|
2020-06-24
|
1059533
|
use-after-free in web_graphics_context_3d_provider_wrapper
|
$2000
|
2020-06-23
|
933171
|
Trusted Types bypass with blob and meta refresh
|
-
|
2020-06-20
|
933172
|
Trusted Type bypass with SVG
|
-
|
2020-06-20
|
1004106
|
Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs
|
$7500
|
2020-06-20
|
1020026
|
Security: 'Press Esc to exit fullscreen' covered up by a popup page
|
$1000
|
2020-06-20
|
1030901
|
Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer
|
-
|
2020-06-20
|
1042210
|
Security: fullscreen notification spoof (repro issue 882812)
|
$500
|
2020-06-20
|
1045787
|
Security: ChromeDriver is vulnerable to CSRF attack
|
-
|
2020-06-20
|
1055303
|
Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange
|
-
|
2020-06-20
|
1059669
|
Out-of-bounds read in WebSQL
|
$3000
|
2020-06-20
|
1059686
|
UaF in DeferredTaskHandler::BreakConnections(2)
|
-
|
2020-06-20
|
1060548
|
CrOS: Vulnerability reported in app-arch/libarchive
|
-
|
2020-06-20
|
1060647
|
Security: WebRTC certificate parsing
|
-
|
2020-06-20
|
1061018
|
UaF in DeferredTaskHandler::ProcessAutomaticPullNodes
|
-
|
2020-06-20
|
1061154
|
gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo
|
-
|
2020-06-20
|
1061231
|
net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime
|
-
|
2020-06-20
|
1061389
|
gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl
|
-
|
2020-06-20
|
1058515
|
Chrome fetches DevTools stuff using insecure http protocol
|
-
|
2020-06-16
|
1059349
|
Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init
|
-
|
2020-06-16
|
1059472
|
v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h
|
-
|
2020-06-16
|
1030909
|
Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer
|
-
|
2020-06-15
|
1046021
|
CrOS: Vulnerability reported in media-libs/opencv
|
-
|
2020-06-15
|
1055524
|
Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated
|
-
|
2020-06-15
|
1056222
|
MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF
|
-
|
2020-06-15
|
785159
|
Wrong origin shown for permission prompts after navigations that lead to interstitials
|
$500
|
2020-06-13
|
1054966
|
Policy page opens a file dialogue even if the AllowĂąÂÂFileĂąÂÂSelectionĂąÂÂDialogs policy is set to false
|
$500
|
2020-06-13
|
1059187
|
Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable
|
-
|
2020-06-13
|
1057418
|
skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y
|
-
|
2020-06-12
|
1058653
|
Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA)
|
$5000
|
2020-06-12
|
1054732
|
Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole
|
-
|
2020-06-10
|
1055869
|
Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText
|
$5000
|
2020-06-10
|
1057593
|
UaF in DeferredTaskHandler::BreakConnections
|
-
|
2020-06-10
|
1057627
|
UaP in AudioScheduledSourceHandler::NotifyEnded
|
-
|
2020-06-10
|
1038527
|
cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free
|
-
|
2020-06-09
|
1054260
|
heap-use-after-free : content::FileChooserImpl::~FileChooserImpl
|
-
|
2020-06-09
|
1057309
|
use-after-move in BinaryUploadService::UploadForDeepScanning
|
-
|
2020-06-09
|
1057369
|
Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision
|
-
|
2020-06-09
|
1055131
|
Crash in Builtins_ArgumentsAdaptorTrampoline
|
-
|
2020-06-07
|
1056273
|
Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject
|
-
|
2020-06-06
|
1056154
|
Chromium: Vulnerability reported in third_party/sqlite
|
-
|
2020-06-05
|
1056440
|
Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider
|
-
|
2020-06-05
|
986108
|
Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState
|
$1000
|
2020-06-04
|
1035315
|
iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions
|
$1000
|
2020-06-04
|
1055788
|
UaP in IIRFilterHandler::Process
|
-
|
2020-06-04
|
1056152
|
CrOS: Vulnerability reported in app-arch/libarchive
|
-
|
2020-06-04
|
1056153
|
CrOS: Vulnerability reported in dev-libs/libpcre2
|
-
|
2020-06-04
|
965611
|
Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open
|
$1000
|
2020-06-03
|
976767
|
Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget
|
-
|
2020-06-03
|
1034519
|
Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost
|
-
|
2020-06-03
|
1041406
|
UAF in chrome!content::FrameTreeNode::~FrameTreeNode
|
$20000
|
2020-06-03
|
1054466
|
v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h
|
-
|
2020-06-03
|
1055124
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-06-03
|
1055142
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-06-03
|
1055223
|
Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing
|
-
|
2020-06-03
|
1055338
|
Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue
|
-
|
2020-06-03
|
1055692
|
v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push
|
-
|
2020-06-03
|
1056044
|
ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads
|
-
|
2020-06-03
|
949913
|
Use-after-free in CXFA_FFComboBox::OnProcessEvent
|
$3000
|
2020-06-02
|
1054765
|
Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute
|
-
|
2020-06-02
|
1055128
|
Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian
|
-
|
2020-06-02
|
1055221
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-06-02
|
1055393
|
UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode
|
$20000
|
2020-06-02
|
1055713
|
Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily
|
-
|
2020-06-02
|
1054139
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect
|
-
|
2020-05-30
|
982193
|
Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent
|
$5000
|
2020-05-29
|
1026991
|
pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget
|
$5000
|
2020-05-29
|
1045803
|
rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo
|
-
|
2020-05-29
|
1047838
|
Missing browser-process permission checks for WebNFC
|
-
|
2020-05-29
|
1050046
|
ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array))
|
-
|
2020-05-29
|
1054733
|
Use-after-poison in blink::LayoutObject::ViewRect
|
-
|
2020-05-29
|
1054785
|
Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument
|
-
|
2020-05-29
|
990897
|
Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus
|
$7500
|
2020-05-28
|
1031152
|
cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le
|
-
|
2020-05-28
|
1031153
|
cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create
|
-
|
2020-05-28
|
1040329
|
heap use-after-free in CFDE_TextEditEngine::Insert
|
$7500
|
2020-05-28
|
1051748
|
Use-after-poison in WebGLRenderingContextBase
|
$8500
|
2020-05-28
|
1052651
|
Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar
|
$7500
|
2020-05-28
|
1052786
|
Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData
|
$7500
|
2020-05-28
|
1053617
|
Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA)
|
$7500
|
2020-05-28
|
1054429
|
Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA)
|
-
|
2020-05-28
|
453937
|
Cross origin access with exception object + full exploit
|
$25633
|
2020-05-27
|
583431
|
Universal XSS in DocumentLoader::createWriterFor + full-chain exploit
|
$25633
|
2020-05-27
|
1041749
|
Security: tel: protocal spoofing 2
|
$500
|
2020-05-27
|
1050996
|
Security: MediaElementAudioSourceNode bypasses CORS checks
|
$1000
|
2020-05-27
|
1051017
|
Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi
|
-
|
2020-05-27
|
1042566
|
Security: Use After Free in Deserializer::DeserializeDeferredObjects
|
-
|
2020-05-26
|
1051368
|
navigator.sendBeacon doesn't make CORS preflight request
|
-
|
2020-05-26
|
1051439
|
Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS
|
-
|
2020-05-26
|
1034023
|
Check Raw Clipboard permission and feature flag browser-side
|
-
|
2020-05-24
|
1041330
|
Security: use-of-uninitialized-value in containsNoEmptyCheck
|
-
|
2020-05-24
|
1040046
|
Security: Investigate "Zero length" BIOS write protect range UMA reports
|
-
|
2020-05-24
|
1045931
|
Security: General check for streams not checking states correctly
|
-
|
2020-05-24
|
1048555
|
Use after free in CodeSerializer::Deserialize
|
$500
|
2020-05-24
|
1050011
|
Security: URL Spoof in Android PageInfo
|
-
|
2020-05-24
|
1051075
|
libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String
|
-
|
2020-05-24
|
1051564
|
libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::
|
-
|
2020-05-24
|
1051912
|
DCHECK failure in 1 == map_.count(key) in wasm-engine.cc
|
-
|
2020-05-24
|
1052442
|
Windows: Potential UaF In Job Object Notification.
|
-
|
2020-05-24
|
1052576
|
CHECK failure: locale__value.IsString() in class-verifiers-tq.cc
|
-
|
2020-05-24
|
995566
|
Heap-use-after-free in ChromePasswordManagerClient::OnPaste
|
-
|
2020-05-21
|
1048038
|
Use after free in Logger::MapEvent
|
$500
|
2020-05-21
|
1003501
|
PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent
|
$6000
|
2020-05-20
|
1044277
|
Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame
|
$500
|
2020-05-20
|
1049510
|
Unexpected reveal of service worker interception by using nextHopProtocol
|
$2000
|
2020-05-20
|
1050419
|
Security: Use-after-poison in AudioWorkletNode
|
$7500
|
2020-05-20
|
1051462
|
CrOS: Vulnerability reported in app-text/poppler
|
-
|
2020-05-20
|
1049581
|
Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0)
|
-
|
2020-05-19
|
1050756
|
Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access
|
$500
|
2020-05-19
|
1033972
|
Segv on unknown address in views::FocusSearch::FindNextFocusableView
|
-
|
2020-05-16
|
1050090
|
Fix security vulnerability in PaintController on subsequence under-invalidation
|
-
|
2020-05-16
|
925834
|
Security: seneschal allows bind-mounting arbitrary paths into 9p subtree
|
-
|
2020-05-15
|
1043603
|
use-after-poison in mojo::MessageDispatcher
|
$5000
|
2020-05-15
|
1048473
|
Use-after-destroy in WebAudio
|
$7500
|
2020-05-15
|
1049129
|
rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul>
|
-
|
2020-05-15
|
998514
|
Security: buffer overflow in modprobe
|
-
|
2020-05-14
|
1036373
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2020-05-14
|
1036376
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2020-05-14
|
1044570
|
Security: SEGV_MAPERR with Intl.ListFormat and long strings
|
$5000
|
2020-05-14
|
1047942
|
CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-14
|
1031670
|
ù Site Isolation Bypass via component extensions (e.g. via "Google Hangouts")
|
-
|
2020-05-13
|
1045386
|
CrOS: Vulnerability reported in sys-fs/e2fsprogs
|
-
|
2020-05-13
|
1047911
|
rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo
|
-
|
2020-05-13
|
1047914
|
pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems
|
$1000
|
2020-05-13
|
1047932
|
rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor
|
-
|
2020-05-13
|
1048005
|
rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject
|
-
|
2020-05-13
|
1048013
|
rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader
|
-
|
2020-05-13
|
1048024
|
rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate
|
-
|
2020-05-13
|
1032158
|
Security of some component extensions relies on untrustworthy MessageSender.id
|
-
|
2020-05-12
|
1040700
|
heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew
|
-
|
2020-05-12
|
1047285
|
Security of media-router built-in extension relies on untrustworthy MessageSender.id
|
-
|
2020-05-12
|
1048241
|
v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg
|
-
|
2020-05-12
|
966507
|
Possible Sec-Fetch-Site bypass via PaymentRequest
|
-
|
2020-05-11
|
1046019
|
CrOS: Vulnerability reported in app-arch/libarchive
|
-
|
2020-05-11
|
639322
|
Automation API leaks tab URLs
|
$500
|
2020-05-09
|
1010844
|
CXFA_FFPageView Use After Free
|
$5000
|
2020-05-09
|
1041190
|
CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-09
|
1042915
|
pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect
|
$1000
|
2020-05-09
|
1043965
|
Security: Possible to navigate to extension resources not listed in web_accessible_resources
|
$1000
|
2020-05-09
|
1045225
|
v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg
|
-
|
2020-05-09
|
1045487
|
rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs
|
-
|
2020-05-09
|
1045738
|
sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64
|
-
|
2020-05-09
|
1046995
|
rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader
|
-
|
2020-05-09
|
1047024
|
rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9
|
-
|
2020-05-09
|
1047054
|
heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner
|
-
|
2020-05-09
|
1047095
|
rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate
|
-
|
2020-05-09
|
1047097
|
PDFium: Apply fix for CVE-2020-8112
|
-
|
2020-05-09
|
1047156
|
CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-09
|
1047165
|
rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9
|
-
|
2020-05-09
|
1047264
|
rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor
|
-
|
2020-05-09
|
1047355
|
Crash in v8::internal::StringHasher::HashSequentialString<char>
|
-
|
2020-05-09
|
1047368
|
DCHECK failure in name->IsFlat() in factory.cc
|
-
|
2020-05-09
|
851302
|
UI/URL Spoofing by opening popups and putting the background page into fullscreen
|
$3000
|
2020-05-07
|
852645
|
requestFullscreen should consume user activation to prevent UI/URL spoofing
|
$1000
|
2020-05-07
|
977872
|
pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert
|
-
|
2020-05-07
|
1047074
|
DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_
|
-
|
2020-05-07
|
1006012
|
Security: URL bar spoofing on iOS
|
$500
|
2020-05-06
|
1034225
|
CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-06
|
1034228
|
CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-06
|
1043443
|
CrOS: Vulnerability reported in net-analyzer/tcpdump
|
-
|
2020-05-06
|
1044331
|
Use-after-poison in blink::SecurityContextInit::SecurityContextInit
|
-
|
2020-05-06
|
1045812
|
Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets
|
-
|
2020-05-06
|
1045797
|
Use-of-uninitialized-value in v8::internal::JSFunction::ToString
|
-
|
2020-05-06
|
1045874
|
Security: OOB access in ReadableStream::Close
|
-
|
2020-05-06
|
1046026
|
vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch
|
-
|
2020-05-06
|
1046098
|
Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership
|
-
|
2020-05-06
|
1046321
|
CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-06
|
1045703
|
transfer_cache_fuzzer: Crash in GrConvertPixels
|
-
|
2020-05-03
|
1045719
|
gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16>
|
-
|
2020-05-03
|
1045721
|
gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16
|
-
|
2020-05-03
|
1045722
|
gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy
|
-
|
2020-05-03
|
1045723
|
transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy
|
-
|
2020-05-03
|
1045757
|
gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer<
|
-
|
2020-05-03
|
1043070
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-05-02
|
1043095
|
dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor
|
-
|
2020-05-02
|
868145
|
Security: Loading mixed content without insecure warning
|
$500
|
2020-05-01
|
1033824
|
Security: Unquoted Path in user Chrome Updater registry key
|
-
|
2020-05-01
|
1035271
|
Security: 3D CSS transform and drop-shadow can draw over address bar
|
$3000
|
2020-05-01
|
1045388
|
CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-05-01
|
1035399
|
Security: Site Isolation bypass in BlobURLStoreImpl::Register
|
-
|
2020-04-30
|
1041828
|
Potential UaF in NavigationPredicator
|
-
|
2020-04-30
|
1042091
|
Warn Chrome on downloads of for all .HTA files
|
-
|
2020-04-30
|
1042145
|
Null-dereference READ in sqlite3VdbeExec
|
-
|
2020-04-30
|
1042578
|
Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results)
|
-
|
2020-04-30
|
1042700
|
Security: SQLite CVE-2019-19926
|
$500
|
2020-04-30
|
1042879
|
Security: Data race in AudioArray::Allocate can lead to OOB access
|
-
|
2020-04-30
|
1042956
|
pdfium (XFA): UAF in CXFA_Node::HasFlag
|
$5000
|
2020-04-30
|
1043508
|
pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList
|
$5000
|
2020-04-30
|
1043510
|
pdfium (XFA): wild-addr-read in GetWordBreakProperty
|
$7500
|
2020-04-30
|
1044379
|
Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup
|
-
|
2020-04-30
|
1031479
|
Security: Debug check failed: has_feedback_vector()
|
$2000
|
2020-04-28
|
1041222
|
Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin
|
-
|
2020-04-28
|
1042535
|
Security: webrtc: out-of-bounds write in FEC extension processing
|
-
|
2020-04-28
|
1042933
|
Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension
|
-
|
2020-04-28
|
1039241
|
Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically
|
-
|
2020-04-27
|
1043530
|
Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea
|
-
|
2020-04-27
|
1025521
|
Security: <portal>s with an autofocus element get focus
|
$500
|
2020-04-24
|
1029437
|
pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap
|
$5000
|
2020-04-24
|
1041411
|
heap-buffer-overflow in HRTFKernel
|
$500
|
2020-04-24
|
1041546
|
Security: linux shell has all inheritable capabilities set by default
|
-
|
2020-04-24
|
1042254
|
Security: More UaFs in WebAudio
|
-
|
2020-04-24
|
1029829
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit
|
-
|
2020-04-23
|
1030167
|
Crash in v8::internal::Simulator::LoadStorePairHelper
|
-
|
2020-04-23
|
1038828
|
Heap-use-after-free in net::URLRequestContext::CreateRequest
|
-
|
2020-04-23
|
1039470
|
Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants
|
-
|
2020-04-23
|
1039869
|
Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards
|
$5000
|
2020-04-23
|
1040883
|
Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed
|
-
|
2020-04-23
|
1041174
|
Heap-use-after-free in views::NativeWidgetAura::Close
|
-
|
2020-04-23
|
1031909
|
SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline)
|
$2000
|
2020-04-21
|
1033771
|
Security: Debug check failed: is_valid(value).
|
-
|
2020-04-21
|
1034695
|
third_party/sqlite version 3.30.1 is vulnerable
|
-
|
2020-04-21
|
1037889
|
From secure page it is navigating to insecure page.
|
$1000
|
2020-04-21
|
1038036
|
Security: Cross-Origin (Partial) Status Code Leakage
|
$1000
|
2020-04-21
|
1040325
|
CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc
|
$2000
|
2020-04-21
|
1040489
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2020-04-21
|
1041210
|
CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc
|
-
|
2020-04-21
|
1041240
|
DCHECK failure in 0 <= length in factory.cc
|
-
|
2020-04-21
|
1041303
|
pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget
|
$500
|
2020-04-21
|
1041616
|
DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac
|
-
|
2020-04-21
|
1062091
|
Security: UAF in InstalledAppProviderImpl (Desktop)
|
$25000
|
2020-04-20
|
894477
|
Security: Extensions can continue to temporarily execute code and access file after being uninstalled
|
$500
|
2020-04-18
|
997515
|
Security: Use-after-free in CXFA_FFDocView::SetFocus
|
$5000
|
2020-04-18
|
1018677
|
Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort
|
$5000
|
2020-04-18
|
1020745
|
Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118
|
$500
|
2020-04-18
|
1031679
|
Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin
|
-
|
2020-04-18
|
1030415
|
DCHECK failure in !HasOptimizedCode() in js-objects.cc
|
-
|
2020-04-18
|
1032677
|
Crash in v8::internal::Isolate::GetCodeTracer
|
-
|
2020-04-18
|
1033461
|
sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator
|
-
|
2020-04-18
|
1037703
|
Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame
|
-
|
2020-04-18
|
1036667
|
Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant
|
-
|
2020-04-18
|
1037872
|
Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo
|
-
|
2020-04-18
|
1038243
|
Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr
|
-
|
2020-04-18
|
1038489
|
pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object
|
-
|
2020-04-18
|
1038863
|
Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925
|
-
|
2020-04-18
|
1039059
|
CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-04-18
|
1039159
|
mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals
|
-
|
2020-04-18
|
1040080
|
Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution
|
$500
|
2020-04-18
|
1040403
|
DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO
|
-
|
2020-04-18
|
1040444
|
DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO
|
-
|
2020-04-18
|
1040493
|
CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-04-18
|
633352
|
Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically.
|
$1000
|
2020-04-15
|
803365
|
Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site
|
$2000
|
2020-04-15
|
959194
|
Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse
|
-
|
2020-04-15
|
995081
|
Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus
|
$5000
|
2020-04-15
|
1029865
|
heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder
|
-
|
2020-04-15
|
1038019
|
Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost
|
-
|
2020-04-15
|
1038178
|
Security: Missing deoptimization information for OptimizedFrame::Summarize
|
-
|
2020-04-15
|
1039629
|
Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged
|
$7500
|
2020-04-15
|
710190
|
Security: Reloading the content of a changed file
|
-
|
2020-04-14
|
809350
|
Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache
|
-
|
2020-04-14
|
991217
|
Security: Memory access violations when setting a breakpoint at a specific location
|
-
|
2020-04-14
|
991899
|
Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus
|
$7500
|
2020-04-14
|
1014371
|
Security: iframe sandbox can be worked around via javascript: links and window.opener
|
$3000
|
2020-04-14
|
1035464
|
Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run
|
-
|
2020-04-14
|
1021871
|
cras_rclient_message_fuzzer: Null-dereference READ in pthread_create
|
-
|
2020-04-13
|
1031697
|
AutofillAssistantFacade.callerIsOnWhitelist() is not secure
|
-
|
2020-04-13
|
609527
|
Make sure active mixed content and broken-https subresources do something reasonable on weird origins
|
-
|
2020-04-11
|
1034299
|
media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals
|
-
|
2020-04-11
|
1034480
|
CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
|
-
|
2020-04-11
|
1030411
|
JavaScript injection via malicious WebExtension in CWS
|
$5000
|
2020-04-10
|
1030892
|
Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer
|
-
|
2020-04-10
|
1033795
|
UAF in blink::PaintLayer::CommonAncestor
|
$5000
|
2020-04-10
|
1035058
|
Security: Autocomplete preview text leak #4: using ::first-line pseudo-element
|
$5000
|
2020-04-10
|
1036697
|
CrOS: Vulnerability reported in dev-db/sqlite
|
-
|
2020-04-09
|
1031142
|
Security: ù Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed
|
-
|
2020-04-08
|
999114
|
CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-04-07
|
999115
|
CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-04-07
|
1034563
|
Heap-use-after-free in views::BoundsAnimator::AnimationProgressed
|
-
|
2020-04-07
|
1036604
|
CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-03-30
|
714617
|
Security: chrome.tabs.executeScript can reveal Chrome's profile path
|
$500
|
2020-03-28
|
1035779
|
Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal
|
-
|
2020-03-28
|
639173
|
ignored TLS errors propagate from webview to main browser
|
$500
|
2020-03-27
|
959571
|
Security: Mixed content state reset when navigating back
|
$500
|
2020-03-27
|
1033407
|
Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent
|
$2000
|
2020-03-27
|
1035371
|
Chromium: Two Vulnerabilities reported in sqlite 3.30.1
|
-
|
2020-03-27
|
571546
|
Security: Prompt boxes steal focus in popups
|
-
|
2020-03-26
|
1025700
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2020-03-26
|
1028722
|
sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint
|
$3000
|
2020-03-26
|
1029002
|
sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty
|
-
|
2020-03-26
|
1029027
|
sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint
|
-
|
2020-03-26
|
1029210
|
sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge
|
-
|
2020-03-26
|
1029506
|
sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop
|
-
|
2020-03-26
|
1031112
|
CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-03-26
|
1032170
|
Use browser-side URL to verify if extension messaging connection is allowed
|
-
|
2020-03-26
|
1033395
|
Security:Wrong assumption lead to Use After Free in deserializer.cc
|
$500
|
2020-03-26
|
1034745
|
Security: QuicStreamFactory incorrectly installs NullDecrypter
|
-
|
2020-03-26
|
1035331
|
DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h
|
-
|
2020-03-26
|
1035373
|
CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-03-26
|
1035723
|
Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay
|
-
|
2020-03-26
|
1032090
|
pdfium: use-of-uninitialized-value in CRYPT_AESSetKey
|
$2000
|
2020-03-24
|
1033841
|
Security: Debug check failed: IsNumber().
|
-
|
2020-03-23
|
1034394
|
A null pointer dereference has been discovered in V8 compiler which affects the latest version.
|
$5000
|
2020-03-23
|
1015693
|
net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody
|
-
|
2020-03-21
|
1032422
|
Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent
|
$5000
|
2020-03-21
|
1033974
|
DCHECK failure in 0 <= at_least_space_for in objects.cc
|
-
|
2020-03-21
|
1034167
|
DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc
|
-
|
2020-03-21
|
1023810
|
use-after-poison in webaudio
|
$10000
|
2020-03-20
|
1029462
|
use-after-free in AudioWorklet
|
$7500
|
2020-03-20
|
1029530
|
CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen
|
-
|
2020-03-20
|
1032548
|
Security: heap-buffer-overflow in AudioDelayDSPKernel::Process
|
-
|
2020-03-20
|
1033260
|
Heap-use-after-free in net::VerifyWithGivenFlags
|
-
|
2020-03-20
|
1026546
|
Security: Steal any local picture when open a local html file
|
$1000
|
2020-03-19
|
1029375
|
Security: extensions with downloads.open permission can execute code on the device using .fileloc files
|
$500
|
2020-03-19
|
1031895
|
Security: ReadableStream::pipeTo do not check IsLockedStream
|
-
|
2020-03-19
|
1032054
|
Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment)
|
-
|
2020-03-19
|
1032906
|
Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence
|
-
|
2020-03-19
|
1033092
|
mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals
|
-
|
2020-03-19
|
1013906
|
Security: expose stored (in cache) cross-site response's size
|
$500
|
2020-03-18
|
1029612
|
audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals
|
-
|
2020-03-18
|
1030381
|
Crash in cc::LayerTreeImpl::TotalScrollOffset
|
-
|
2020-03-18
|
1031653
|
Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed
|
-
|
2020-03-18
|
1019732
|
Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process
|
-
|
2020-03-17
|
1032534
|
CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-03-17
|
922882
|
Security: Possible load of unitialized memory in WebRtcAec_Create
|
-
|
2020-03-16
|
1022044
|
cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString
|
-
|
2020-03-14
|
1029054
|
cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc
|
-
|
2020-03-14
|
1030660
|
CrOS: Vulnerability reported in net-analyzer/tcpdump
|
-
|
2020-03-14
|
1031102
|
CrOS: Vulnerability reported in app-arch/libarchive
|
-
|
2020-03-14
|
1031523
|
pdfium (XFA): oob read in HTMLSTR2Code
|
$2500
|
2020-03-14
|
875503
|
Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction
|
$500
|
2020-03-13
|
968303
|
heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle
|
-
|
2020-03-13
|
1027408
|
Security: tel: URL scheme reference origin spoof on Windows and Linux
|
$2000
|
2020-03-12
|
1029414
|
Security: The sharing dialog can appear over the wrong tab (spoof)
|
$2000
|
2020-03-12
|
1030583
|
Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword
|
$500
|
2020-03-12
|
1030912
|
v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long>
|
-
|
2020-03-12
|
1029565
|
pdfium (XFA): oob read in EncodeXML
|
$2000
|
2020-03-11
|
1029576
|
Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount().
|
-
|
2020-03-11
|
1029617
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT
|
-
|
2020-03-11
|
1018629
|
Use-of-uninitialized-value in SkPngEncoder::onEncodeRows
|
-
|
2020-03-10
|
1025470
|
Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read)
|
-
|
2020-03-10
|
1025471
|
Security: Negative size passed to memcpy() in fts3IncrmergePush
|
-
|
2020-03-10
|
1025472
|
Security: Memory leak in fts4, matchinfo()
|
-
|
2020-03-10
|
1027426
|
Security: UaF in BrowserTabStripController::AddNewTabInGroup()
|
-
|
2020-03-10
|
1028152
|
Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex
|
$3000
|
2020-03-10
|
1028208
|
DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc
|
-
|
2020-03-10
|
1029338
|
DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h
|
-
|
2020-03-10
|
1025463
|
Security: TFC2019 - Multiple issues in sqlite (Tracking Bug)
|
-
|
2020-03-09
|
1028863
|
v8: Wrong JIT code that triggers SIGTRAP at runtime
|
$5000
|
2020-03-09
|
1029129
|
Crash in cc::LayerTreeImpl::TotalScrollOffset
|
-
|
2020-03-09
|
1026911
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>
|
-
|
2020-03-07
|
1027065
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT
|
-
|
2020-03-07
|
1027470
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate
|
-
|
2020-03-07
|
1023807
|
Update WHL microcode to enable kernel TAA mitigations
|
-
|
2020-03-06
|
1025489
|
use-after-poison in base::internal::WeakReferenceOwner::Invalidate()
|
$5000
|
2020-03-06
|
1028862
|
Trap in Builtins_InterpreterEntryTrampoline
|
$5000
|
2020-03-06
|
1017871
|
Security: Injecting styles via copy-and-paste
|
$10000
|
2020-03-05
|
1021431
|
Heap-use-after-free in content::GpuBenchmarking::Freeze
|
-
|
2020-03-05
|
1022278
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText
|
-
|
2020-03-05
|
1023843
|
CVE-2019-2201: libjpeg-turbo: code execution
|
-
|
2020-03-05
|
1024182
|
Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155)
|
-
|
2020-03-05
|
1028172
|
agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio
|
-
|
2020-03-05
|
1029174
|
DCHECK failure in *result == *match_info in js-regexp.cc
|
-
|
2020-03-05
|
1029200
|
Crash in v8::internal::OrderedHashSet::ConvertToKeysArray
|
-
|
2020-03-05
|
708595
|
Security: Print Preview allows spoofing on other tab
|
$500
|
2020-03-04
|
1026994
|
Security: EC host commands leaking stack to AP userspace
|
-
|
2020-03-04
|
1027025
|
DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed
|
-
|
2020-03-04
|
1027176
|
Check feature policy for payment in the browser.
|
-
|
2020-03-04
|
1028809
|
audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16
|
-
|
2020-03-04
|
1028614
|
audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write
|
-
|
2020-03-04
|
990428
|
Tighten IDN policy for Kana + Latin domains
|
-
|
2020-03-03
|
1016506
|
heap-buffer-overflow : WebRtcSpl_DownsampleFastC
|
-
|
2020-03-03
|
1023095
|
zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan
|
-
|
2020-03-03
|
1023183
|
zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned
|
-
|
2020-03-03
|
1025255
|
hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage
|
-
|
2020-03-03
|
1025464
|
Security: SQLite defense-in-depth bypass
|
-
|
2020-03-03
|
1025465
|
Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext
|
-
|
2020-03-03
|
1025466
|
Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad
|
-
|
2020-03-03
|
1026729
|
DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h
|
-
|
2020-03-03
|
1026909
|
DCHECK failure in name.IsUniqueName() in stub-cache.cc
|
-
|
2020-03-03
|
1027109
|
DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc
|
-
|
2020-03-03
|
1027498
|
CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc
|
-
|
2020-03-03
|
1027926
|
Security: v8 Debug check failed: ResumeJumpTargetsAreValid().
|
-
|
2020-03-03
|
1028092
|
agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain
|
-
|
2020-03-03
|
1028181
|
DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc
|
-
|
2020-03-03
|
1028191
|
CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc
|
-
|
2020-03-03
|
1028207
|
Security: Debug check failed: !Heap::InYoungGeneration(name)
|
-
|
2020-03-03
|
1028396
|
CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o
|
-
|
2020-03-03
|
1028475
|
DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc
|
-
|
2020-03-03
|
968809
|
Security: Clear rollback info from FPMCU stack when accessed
|
-
|
2020-02-29
|
1026918
|
pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData
|
$2000
|
2020-02-29
|
1027410
|
DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h
|
-
|
2020-02-29
|
1027650
|
net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode
|
-
|
2020-02-29
|
1027707
|
transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy
|
-
|
2020-02-29
|
1021677
|
Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc
|
-
|
2020-02-28
|
1024741
|
transfer_cache_fuzzer: Crash in SkRectMemcpy
|
-
|
2020-02-28
|
1025209
|
net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode
|
-
|
2020-02-28
|
1025467
|
2 Vulnerabilities in websql & sqlite (Tracking Bug)
|
$2000
|
2020-02-28
|
1025911
|
transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels
|
-
|
2020-02-28
|
1026354
|
gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>
|
-
|
2020-02-28
|
1027152
|
Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted
|
-
|
2020-02-28
|
1027292
|
Security: import maps are executed as classic scripts when the import map's flag is disabled
|
-
|
2020-02-28
|
884693
|
Security: IDN URL Spoofing with using "ĂÂ"
|
$500
|
2020-02-27
|
896453
|
Domain spoof using unicode characters that look like numbers
|
-
|
2020-02-27
|
1025442
|
Security: IDN spoof with Latin Middle Dot (U+00B7)
|
-
|
2020-02-27
|
1025468
|
DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr
|
-
|
2020-02-27
|
1026500
|
Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt
|
-
|
2020-02-27
|
1027045
|
Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf
|
-
|
2020-02-27
|
930683
|
Security: Broadcom Bluetooth firmware vulnerability
|
-
|
2020-02-26
|
954207
|
Heap-buffer-overflow in s_RLE_process
|
-
|
2020-02-26
|
1015518
|
spvtools_as_fuzzer: Bad-free in spvBinaryDestroy
|
-
|
2020-02-26
|
1015697
|
spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp
|
-
|
2020-02-26
|
1024256
|
Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input
|
-
|
2020-02-26
|
1025067
|
UaF in BluetoothAdapter::OnDiscoveryChangeComplete
|
$20000
|
2020-02-26
|
1025109
|
Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer
|
-
|
2020-02-26
|
1026479
|
CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c
|
-
|
2020-02-26
|
1053604
|
Security: Incorrect side effect modelling for JSCreate
|
-
|
2020-02-26
|
1024758
|
Security: OOB Write in ReduceRegExpPrototypeTest
|
$7500
|
2020-02-25
|
1025502
|
gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8>
|
-
|
2020-02-25
|
1018493
|
ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum
|
-
|
2020-02-24
|
1022695
|
Crash in Builtins_InterpreterEntryTrampoline
|
-
|
2020-02-24
|
1023144
|
ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame
|
-
|
2020-02-24
|
1024736
|
transfer_cache_fuzzer: Crash in GrConvertPixels
|
-
|
2020-02-22
|
1024762
|
gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8>
|
-
|
2020-02-22
|
881675
|
Chrome v69 URL Spoof via FILE_SCHEME
|
$500
|
2020-02-21
|
1022466
|
render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65
|
-
|
2020-02-21
|
1023853
|
use after poison in rtc_rtp_sender_impl.cc
|
$5000
|
2020-02-21
|
1024099
|
CHECK failure: bytes <= NUMBER in runtime-typedarray.cc
|
-
|
2020-02-21
|
1024116
|
Out-of-bounds access in WebBluetoothServiceImpl
|
$20000
|
2020-02-21
|
1025089
|
Security: Fix number of arguments being passed when setting the thread name on Windows.
|
-
|
2020-02-21
|
999956
|
Security: U2F misses reloading hardware binding secrets after deep sleep
|
-
|
2020-02-20
|
1013669
|
Security: USBGuard accepts D-Bus messages from any
|
-
|
2020-02-20
|
1019616
|
wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate
|
-
|
2020-02-20
|
1022554
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText
|
-
|
2020-02-20
|
1022598
|
render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged
|
-
|
2020-02-20
|
1022855
|
Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read.
|
$3000
|
2020-02-20
|
1022893
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged
|
-
|
2020-02-20
|
1023442
|
ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator
|
-
|
2020-02-20
|
1023941
|
heap-use-after-free : views::View::SetBackground
|
-
|
2020-02-20
|
1024121
|
Heap-use-after-free in WebBluetoothServiceImpl
|
$20000
|
2020-02-20
|
1016106
|
hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage
|
-
|
2020-02-19
|
1017793
|
vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock
|
-
|
2020-02-19
|
1021855
|
Download Protection bypass
|
-
|
2020-02-19
|
1023351
|
Use-after-poison in blink::EventListenerMap::Find
|
-
|
2020-02-19
|
1023972
|
DCHECK failure in 4 == kSystemPointerSize in code-generator.cc
|
-
|
2020-02-19
|
1016703
|
DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array-
|
-
|
2020-02-18
|
1007414
|
Security: Tracking Chrome OS running e2fsck on an untrusted file system?
|
-
|
2020-02-17
|
1020031
|
CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar
|
-
|
2020-02-17
|
699342
|
Security: //components/search_engine appears to be parsing arbitrary XML in the browser process
|
-
|
2020-02-15
|
754304
|
UI Spoofing in External Protocol confirmation
|
$1000
|
2020-02-15
|
947876
|
pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum
|
$2500
|
2020-02-15
|
968505
|
Security: Domain name spoofing on Unicode top-level domains
|
-
|
2020-02-15
|
984513
|
The Permission for an important activity is set to null, as the result it can launched by any app.
|
$1000
|
2020-02-15
|
997724
|
trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace
|
-
|
2020-02-15
|
1005596
|
Security: tel: URL scheme reference origin spoof
|
$2000
|
2020-02-15
|
1013882
|
Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font
|
$5000
|
2020-02-15
|
1015872
|
libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse
|
-
|
2020-02-15
|
1015858
|
libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array
|
-
|
2020-02-15
|
1015881
|
zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned
|
-
|
2020-02-15
|
1016092
|
hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area
|
-
|
2020-02-15
|
1016099
|
arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch
|
-
|
2020-02-15
|
1016103
|
runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc
|
-
|
2020-02-15
|
1016168
|
libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature
|
-
|
2020-02-15
|
1016813
|
cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree
|
-
|
2020-02-15
|
1017020
|
heap-use-after-free : libusb_get_next_timeout
|
-
|
2020-02-15
|
1017494
|
Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA)
|
$7500
|
2020-02-15
|
1017256
|
cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString
|
-
|
2020-02-15
|
1017707
|
Security: Phishing with Unicode Domains
|
$500
|
2020-02-15
|
1017797
|
cgpt_fuzzer: Use-of-uninitialized-value in Crc32
|
-
|
2020-02-15
|
1017961
|
Heap-use-after-free in blink::AudioNodeOutput::Pull
|
-
|
2020-02-15
|
1018512
|
ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame
|
-
|
2020-02-15
|
1019648
|
v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val
|
-
|
2020-02-15
|
1020533
|
DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc
|
-
|
2020-02-15
|
1020906
|
ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame
|
-
|
2020-02-15
|
1021457
|
Security: Out of bounds index in array in function parameters
|
$3000
|
2020-02-15
|
1021919
|
Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult
|
-
|
2020-02-15
|
1022558
|
Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted
|
-
|
2020-02-15
|
856927
|
Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled.
|
-
|
2020-02-06
|
925035
|
CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|.
|
-
|
2020-02-06
|
1017695
|
spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run
|
-
|
2020-02-06
|
1018528
|
Flickering WebGL with {alpha:false} on mali-400
|
$500
|
2020-02-06
|
1018871
|
DCHECK failure in !has_pending_exception() in isolate.cc
|
-
|
2020-02-06
|
1000887
|
Crash in v8::internal::Simulator::LoadStorePairHelper
|
-
|
2020-02-05
|
1014607
|
Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState
|
-
|
2020-02-05
|
1017441
|
Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document
|
$5000
|
2020-02-05
|
1019226
|
Security - UAF in OfflineAudioContext
|
$13370
|
2020-02-05
|
1019544
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT
|
-
|
2020-02-05
|
1019553
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false>
|
-
|
2020-02-05
|
1019565
|
gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate
|
-
|
2020-02-05
|
1008312
|
heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy
|
-
|
2020-02-04
|
1010526
|
Security: URL bar spoofing with using a file:/// URL
|
$500
|
2020-02-04
|
1017918
|
Heap-buffer-overflow in hsw::store_NUMBER
|
-
|
2020-02-04
|
1008470
|
Security: AV in blink::ReadableStreamNative::Trace
|
-
|
2020-02-03
|
1018565
|
Use-of-uninitialized-value in v8::internal::compiler::Hints::Add
|
-
|
2020-02-03
|
1011600
|
PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context
|
$500
|
2020-01-31
|
1016167
|
powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of
|
-
|
2020-01-31
|
1016169
|
vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString
|
-
|
2020-01-31
|
1017564
|
Security: URL bar spoofing on iOS with a very long URL
|
$2000
|
2020-01-31
|
1016061
|
Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker
|
-
|
2020-01-30
|
1016100
|
ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum
|
-
|
2020-01-30
|
1016109
|
ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message
|
-
|
2020-01-30
|
1016111
|
ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame
|
-
|
2020-01-30
|
1016393
|
v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp
|
-
|
2020-01-30
|
1016436
|
Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext
|
-
|
2020-01-30
|
1017061
|
v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc
|
-
|
2020-01-30
|
1015864
|
trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t
|
-
|
2020-01-29
|
1016166
|
dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice
|
-
|
2020-01-29
|
1016450
|
DCHECK failure in HAS_SMI_TAG(ptr) in smi.h
|
-
|
2020-01-29
|
993706
|
Security: Possible to obtain results of queryObjects using custom devtools formatters
|
-
|
2020-01-28
|
1016038
|
Security: IndexedDB transactions should be inactive during structured serialization
|
-
|
2020-01-28
|
1016165
|
Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process
|
-
|
2020-01-28
|
1016515
|
Unknown signal in Builtins_InterpreterEntryTrampoline
|
-
|
2020-01-28
|
1010581
|
Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork
|
-
|
2020-01-27
|
1015945
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio
|
-
|
2020-01-27
|
1013868
|
Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList
|
$7500
|
2020-01-25
|
1015070
|
net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange
|
-
|
2020-01-25
|
1015129
|
net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage
|
-
|
2020-01-25
|
1015567
|
Null-dereference READ in v8::internal::VariableProxy::var
|
-
|
2020-01-25
|
971917
|
Site Isolation: Multiple restriction bypasses in registerĂąÂÂProtocolĂąÂÂHandler
|
$3000
|
2020-01-24
|
1011950
|
Security: "universal" XSS via copy&paste
|
$2000
|
2020-01-24
|
1013418
|
Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton
|
-
|
2020-01-24
|
1015042
|
chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal
|
-
|
2020-01-24
|
1015256
|
rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli
|
-
|
2020-01-24
|
1015791
|
Use-of-uninitialized-value in v8::internal::Scope::Scope
|
-
|
2020-01-24
|
696208
|
Security: Chrome extension is disabled by crafted chrome-extension:// URL
|
$500
|
2020-01-23
|
853670
|
SameSite cookies leakage via child browsing context
|
$1000
|
2020-01-23
|
1013823
|
zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan
|
-
|
2020-01-23
|
1013871
|
zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned
|
-
|
2020-01-23
|
1014834
|
v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp
|
-
|
2020-01-23
|
1010518
|
Security: AbsentPlaster bug on Chrome OS
|
-
|
2020-01-22
|
1013490
|
Heap-use-after-free in blink::LayoutObject::IsDescendantOf
|
-
|
2020-01-22
|
944619
|
Security: CORB not enforced for WebSocket requests
|
$10000
|
2020-01-21
|
1013920
|
Security: Debug check failed: is_wasm_memory_.
|
-
|
2020-01-21
|
1010569
|
Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl
|
-
|
2020-01-20
|
467329
|
Popups can be moved below the taskbar in windows
|
$500
|
2020-01-18
|
990867
|
Cross-origin-read attack by using an audio tag to download a cross-origin resource
|
$500
|
2020-01-18
|
1012055
|
Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo:
|
-
|
2020-01-18
|
1012579
|
CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t
|
-
|
2020-01-18
|
1012663
|
Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe
|
-
|
2020-01-18
|
1012727
|
Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker
|
-
|
2020-01-18
|
1013048
|
Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes
|
-
|
2020-01-18
|
1013485
|
Heap-use-after-free in performance_manager::GraphImpl::AddNewNode
|
-
|
2020-01-18
|
981100
|
Security: ChromeVox exposes browser text from locked screen
|
-
|
2020-01-17
|
999932
|
Security: Possible to spoof URL through use of document.open
|
$500
|
2020-01-17
|
1001503
|
Security: UaF in Aura
|
$20000
|
2020-01-17
|
1004212
|
Security: Insecure Chrome download allows malicious software to change downloaded file integrity
|
-
|
2020-01-17
|
1004458
|
Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste
|
-
|
2020-01-17
|
1005218
|
Security: Multiple file download protection bypass 2
|
$1000
|
2020-01-17
|
1007334
|
Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)
|
$2000
|
2020-01-17
|
1010765
|
Security: URL in Omnibox doesn't always match page content on iOS
|
-
|
2020-01-17
|
1013013
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h
|
-
|
2020-01-17
|
1013042
|
Security: Debug check failed: Smi::IsValid(value)
|
$5000
|
2020-01-17
|
1013058
|
DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in
|
-
|
2020-01-17
|
1013135
|
DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl.
|
-
|
2020-01-17
|
954219
|
Heap-use-after-free in pdf14_decrement_smask_color
|
-
|
2020-01-15
|
984327
|
gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark
|
-
|
2020-01-15
|
993415
|
Use-after-poison in blink::Node::EnsureEventTargetData
|
$3000
|
2020-01-15
|
1003316
|
CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-01-15
|
1008947
|
Heap-use-after-free in AvatarMenu::~AvatarMenu
|
-
|
2020-01-15
|
1011596
|
javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h
|
-
|
2020-01-15
|
1011677
|
heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter
|
-
|
2020-01-15
|
1011980
|
DCHECK failure in effect_edges > 0 in verifier.cc
|
-
|
2020-01-15
|
1012580
|
Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect
|
-
|
2020-01-15
|
1001854
|
CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-01-14
|
1003325
|
CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-01-14
|
1003326
|
CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel
|
-
|
2020-01-14
|
1010379
|
Security DCHECK failure: !object || (object->IsBox()) in layout_box.h
|
-
|
2020-01-12
|
1010477
|
Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h
|
-
|
2020-01-12
|
1010759
|
Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2020-01-12
|
1011267
|
Heap-use-after-free in blink::PaintLayer::CompositingContainer
|
-
|
2020-01-12
|
1011603
|
Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation
|
-
|
2020-01-12
|
1010690
|
Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged
|
-
|
2020-01-11
|
1010703
|
dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl
|
-
|
2020-01-11
|
1010706
|
Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers
|
-
|
2020-01-11
|
1011294
|
net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver
|
-
|
2020-01-11
|
1007194
|
Security: Use after free in MojoCdmProxyService
|
$5000
|
2020-01-09
|
1009458
|
Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue>
|
-
|
2020-01-09
|
918674
|
Security: CVE-2018-19664 in libjpeg-turbo
|
-
|
2020-01-08
|
948445
|
Security: multiple issues in SafeSetID LSM
|
-
|
2020-01-08
|
957314
|
ClientNativePixmap implelementations don't validate handles
|
-
|
2020-01-08
|
974375
|
ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size
|
-
|
2020-01-08
|
1005251
|
Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription
|
$7500
|
2020-01-08
|
1005635
|
transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER
|
-
|
2020-01-08
|
1010026
|
Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe
|
-
|
2020-01-08
|
981649
|
Use-of-uninitialized-value in send_delete_event
|
-
|
2020-01-07
|
1004341
|
Security: Upgrade expat to 2.2.8
|
$500
|
2020-01-07
|
1005615
|
transfer_cache_fuzzer: Heap-buffer-overflow in load2
|
-
|
2020-01-07
|
1005630
|
transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16
|
-
|
2020-01-07
|
1005948
|
Security: Headers are processed for aborted requests when passed through service worker
|
$500
|
2020-01-07
|
1008419
|
Crash in blink::MarkingVisitorBase::Visit
|
-
|
2020-01-07
|
1008632
|
Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0)
|
-
|
2020-01-07
|
1009207
|
Crash in blink::HeapObjectHeader::CheckHeader
|
-
|
2020-01-07
|
1009260
|
pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free
|
-
|
2020-01-07
|
1009278
|
Crash in blink::DOMWrapperWorld::Current
|
-
|
2020-01-07
|
1009382
|
Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks
|
-
|
2020-01-07
|
1008414
|
CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc
|
-
|
2020-01-06
|
1008714
|
Crash in blink::IsCallbackFunctionRunnableInternal
|
-
|
2020-01-06
|
1007423
|
Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork
|
-
|
2020-01-05
|
974648
|
Use-of-uninitialized-value in uint64divmod
|
-
|
2020-01-04
|
1000543
|
Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer
|
-
|
2020-01-03
|
1007866
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2020-01-03
|
1008216
|
Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal
|
-
|
2020-01-03
|
1008316
|
Crash in blink::EventListenerMap::Contains
|
-
|
2020-01-03
|
1008506
|
Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible
|
-
|
2020-01-03
|
1008610
|
Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible
|
-
|
2020-01-03
|
1008631
|
DCHECK failure in index < length_ in vector.h
|
-
|
2020-01-03
|
1008709
|
Use-of-uninitialized-value in hsw::blit_row_s32a_opaque
|
-
|
2020-01-03
|
985499
|
third_party/liblouis version 3.2.0 is vulnerable
|
-
|
2020-01-02
|
990234
|
sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash
|
-
|
2020-01-02
|
991888
|
SOP & Site Isolation bypass with Reader mode
|
$5000
|
2020-01-02
|
1005753
|
Security: UAF in indexed_db_cursor.cc
|
$20500
|
2020-01-02
|
1006544
|
Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX
|
$4000
|
2020-01-02
|
1006545
|
Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition
|
-
|
2020-01-02
|
1006763
|
Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code
|
-
|
2020-01-02
|
824715
|
Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing
|
$3000
|
2020-01-01
|
1006435
|
spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand
|
-
|
2020-01-01
|