Avatar of this page

Chromium Disclosed Security Bugs

Chromium security bugs are publicly disclosed by Google 14 weeks after fixing. They have a great learning value but it's difficult to keep track of when exactly they're derestricted. This page is a hub of security bugs that have recently gone public.

Bugs can also be followed on Twitter: @BugsChromium or Mastodon.

Bugs disclosed in 2020

Options
# Summary $$$ Disclosure date
1125294 cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion - 2020-12-31
1073063 Security: CUPS cmd exec vulnerability via FoomaticRIPCommandLine - 2020-12-30
1101509 Security: UAF in RawClipboardHostImpl $30000 2020-12-30
1116280 Self-XSS / Crash via window.open and delayed navigation $5000 2020-12-30
1129705 Heap-use-after-free in guest_view::GuestViewManager::FromBrowserContext - 2020-12-30
1129840 CrOS: Vulnerability reported in x11-libs/libX11 - 2020-12-30
1130111 Heap-use-after-free in views::View::GetPreferredSize - 2020-12-30
1130489 CHECK failure: icu_collator__value.IsForeign() in class-verifiers-tq.cc - 2020-12-30
1125871 Crash in v8::internal::Simulator::LoadStoreHelper - 2020-12-29
1128318 Chrome: UAF in SessionStorageImpl - 2020-12-29
1130127 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-12-29
1113565 Security: Extensions can use chrome.debugger API to access contents of local files $5000 2020-12-28
1128994 Unknown exception in CrashForExceptionInNonABICompliantCodeRange - 2020-12-27
1129422 h264_annex_b_converter_fuzzer: Heap-use-after-free in media::H264AnnexBToAvcBitstreamConverter::ConvertChunk - 2020-12-26
1129598 Heap-use-after-free in blink::NGInlineCursor::MoveTo - 2020-12-26
1129706 v8_wasm_compile_fuzzer: DCHECK failure in AreSameFormat(vd, vn) in assembler-arm64.cc - 2020-12-26
1127520 .well-known/change-password NavigationThrottle should only be instantiated for main frame navigations - 2020-12-25
1129359 webcodecs_video_encoder_fuzzer: Crash in vp9_enc_setup_mi - 2020-12-25
1129568 Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock - 2020-12-25
1129842 CVE-2020-25285 CrOS: Vulnerability reported in Linux kernel - 2020-12-25
1125199 heap-use-after-free : content::WebContentsImpl::SetNotWaitingForResponse - 2020-12-24
1127112 Security DCHECK failure: !object || (object->IsLayoutNGOutsideListMarker()) in layout_ng_outside_list_mar - 2020-12-24
1127610 CHECK failure: maybe_object->IsWeak() || maybe_object->IsCleared() || (maybe_object->GetHeapObj - 2020-12-24
1128343 CrOS: Vulnerability reported in net-libs/gnutls - 2020-12-24
1128756 Bad-cast to const char *() in ui::CursorPathFromLibXcursor - 2020-12-24
1129515 Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal - 2020-12-24
1129285 Use-of-uninitialized-value in v8::internal::ValueDeserializer::ReadObjectInternal - 2020-12-24
1092130 v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc - 2020-12-23
1111149 video.captureStream() may allow cross-origin resource theft - 2020-12-23
1124723 CHECK failure: parse_success in experimental.cc - 2020-12-23
1127496 Security: Screen share clickjacking secondary issue - 2020-12-23
1128267 Bad-cast to const blink::NGBlockBreakToken from blink::NGInlineBreakToken in blink::NGBlockNode::PlaceChildrenInFlowThread - 2020-12-23
1128342 CVE-2020-25220 CrOS: Vulnerability reported in Linux kernel - 2020-12-23
1127405 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h - 2020-12-22
1127407 Bad-cast to blink::LayoutListItem from blink::LayoutNGListItem in blink::LayoutListMarker::ListItem - 2020-12-22
1128301 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h - 2020-12-22
1128341 CVE-2020-25212 CrOS: Vulnerability reported in Linux kernel - 2020-12-22
1126249 Security: DCHECK failed: 0 <= length && length <= kMaxSafeInteger - 2020-12-21
1127310 CVE-2020-10720 CrOS: Vulnerability reported in Linux kernel - 2020-12-21
1127319 Security: Debug check failed: IrOpcode::IsInlineeOpcode(node->opcode()). $5000 2020-12-21
1102153 Security: Information disclosure through screenshare with clickjacking $2000 2020-12-19
1123883 Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree - 2020-12-19
1125210 heap-use-after-free : gpu::ExternalVkImageFactory::~ExternalVkImageFactory - 2020-12-19
1126522 Crash in marl::Scheduler::Worker::runUntilIdle - 2020-12-19
1127158 Heap-use-after-free in views::MenuController::ExitMenu - 2020-12-19
1106612 heap-use-after-free : ?StartAutoScrollAnimation@ScrollbarController@cc@@QEAAXMPEBVScrollbarLayerImplBase@2@W4ScrollbarPart@2@@Z - 2020-12-18
1124782 DCHECK failure in top() >= original_top_ in new-spaces.h - 2020-12-18
1126769 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h - 2020-12-18
1100136 heap-buffer-overflow in storage::ObfuscatedFileUtilMemoryDelegate(browser process) $15000 2020-12-17
1121414 Security: Missing IsContextDestroyed in MediaKeys - 2020-12-17
1122848 DCHECK failure in !OldSpace::IsAtPageStart(top) in new-spaces.cc - 2020-12-17
1121836 Security: HeapOverflow in SerialHandle $10000 2020-12-16
1124776 transfer_cache_fuzzer: Heap-buffer-overflow in skjson::FastString::initLongString - 2020-12-16
1125187 Heap-use-after-free in ui::InputMethodAuraLinux::ProcessKeyEventDone - 2020-12-16
1125354 Bad-cast to gl::Texture from gl::Renderbuffer in gl::FramebufferAttachment::getTexture - 2020-12-16
1125951 DCHECK failure in digits >= 0 && digits <= kBitsPerByte in safepoint-table.cc - 2020-12-16
1124646 DCHECK failure in committed_code_space_.load() <= FLAG_wasm_max_code_space * MB in wasm-code-manag - 2020-12-15
1124677 CHECK failure: arr.get(JSRegExp::kIrregexpCaptureCountIndex) == Smi::FromInt(0) in objects-debu - 2020-12-15
1124696 Crash in Builtins_InterpreterEntryTrampoline - 2020-12-15
1125386 Security: chrome dev tools frontend cloud container is leaking - 2020-12-15
1126106 Security: ignore this - 2020-12-15
1125887 Crash in Builtins_RegExpMatchFast - 2020-12-15
1126108 Security: ignore this - 2020-12-15
1124997 Heap-use-after-free in blink::DepthOrderedLayoutObjectList::Ordered - 2020-12-14
1125144 Crash in marl::Scheduler::Worker::runUntilIdle - 2020-12-14
1125504 Bad-cast to blink::LayoutBox from invalid vptr in blink::ToLayoutBox - 2020-12-14
1106890 Security: Possible for apps to access http/https sites outside of a webview context via blob URLs $15000 2020-12-12
1111685 Use-of-uninitialized-value in qrcode_generator::QRCodeGeneratorServiceImpl::RenderBitmap - 2020-12-12
1114114 CVE-2020-16166 CrOS: Vulnerability reported in Linux kernel - 2020-12-12
1119532 mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in assign_pair - 2020-12-12
1123023 Web Audio DelayNode of an OfflineAudioContext adds one sample to the delay. $3000 2020-12-12
1124477 DCHECK failure in AllowHeapAllocation::IsAllowed() in heap-inl.h - 2020-12-12
1124617 Global-buffer-overflow in blink::MathMLOperatorElement::ComputeOperatorProperty $3000 2020-12-12
1124754 Use-of-uninitialized-value in blink::NGInlineNode::SetTextWithOffset - 2020-12-12
1111737 Security: OffscreenCanvas - Use After Free in OffscreenCanvasRenderingContext2D::DrawTextInternal() $7500 2020-12-08
1112155 DCHECK failure in address % 4 == 0 in simulator-arm.cc - 2020-12-08
1113558 Security: Possible to navigate frames not attached to the debugger using the chrome.debugger API $5000 2020-12-08
1123522 Security: Use-After-Poison in XRFrameProvider $7500 2020-12-08
1099390 Security: ChromeOS chronos privilege escalation to root $30000 2020-12-07
1122917 Security: UAF in DirectSocketsServiceImpl $20000 2020-12-07
1123379 DCHECK failure in effect_edges > 0 in verifier.cc - 2020-12-07
1088224 Security: drawImage timing depends on alpha-channel value, allowing to read cross-origin images $5000 2020-12-06
1123258 cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion - 2020-12-06
1114636 Security: Possible for extension to escape sandbox via Target.setAutoAttach and Target.sendMessageToTarget $15000 2020-12-05
1116123 cups_ippreadio_fuzzer: Use-of-uninitialized-value in ippReadIOLimitedRecursion - 2020-12-05
1115662 Security: ChromeOS chronos privilege escalation to root (cros-disks drivefs, BackupArcBugReport) $30000 2020-12-04
1116505 cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item - 2020-12-04
1116903 container-overflow in blink::MediaStreamSource $2000 2020-12-04
1117258 Segv on unknown address in v8::internal::JSPromise::Fulfill - 2020-12-04
1120729 CHECK failure: type.Equals(NodeProperties::GetType(node->InputAt(1))) in verifier.cc - 2020-12-04
1114458 ec_host_command_fuzzer: Global-buffer-overflow in cbi_set_data - 2020-12-03
1115945 CrOS: Vulnerability reported in x11-libs/libX11 - 2020-12-03
1116304 Security: UAF in VideoCapture $20000 2020-12-03
1119331 mediasource_MP4_AACLC_AVC_pipeline_integration_fuzzer: Stack-use-after-return in output_configure - 2020-12-03
1119400 Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer - 2020-12-03
1119419 v8_wasm_compile_fuzzer: Segv on unknown address in Builtins_ArgumentsAdaptorTrampoline - 2020-12-03
1121156 Heap-use-after-free in icu_67::RuleBasedBreakIterator::handleNext - 2020-12-03
1122560 CVE-2020-24394 CrOS: Vulnerability reported in Linux kernel - 2020-12-03
1115963 Security: cros-disks drivefs_helper will chown arbitrary file system objects controlled by chronos - 2020-12-02
1115977 Security: BackupArcBugReport file write vulnerability - 2020-12-02
1121898 webcodecs_video_decoder_fuzzer.exe: Heap-use-after-free in media::DecoderSelector<media::DemuxerStream::VIDEO>::FinalizeDecoderSelection - 2020-12-02
1121982 CVE-2020-14356 CrOS: Vulnerability reported in Linux kernel - 2020-12-02
1119865 Security: UAF in StopProfiler $7500 2020-12-01
1120924 webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::VideoDecoderBroker::OnDecodeDone - 2020-12-01
1121642 CVE-2019-9857 CrOS: Vulnerability reported in Linux kernel - 2020-12-01
1120956 Heap-use-after-free in blink::PrepareOrthogonalWritingModeRootForLayout - 2020-11-30
1117367 Security: Upgrade sqlite to 3.33.0 due to CVE-2020-13871 and CVE-2020-15358? $500 2020-11-28
1120825 webcodecs_video_decoder_fuzzer: Heap-use-after-free in blink::MediaVideoTaskWrapper::OnDecodeOutput - 2020-11-28
1116019 v8_wasm_compile_fuzzer: Crash in Builtins_WasmTaggedNonSmiToInt32 - 2020-11-27
1114556 Security: UaF in views::View::UpdateTooltip $5000 2020-11-25
1116706 Security: Use After Free in PresentationConnectionCallbacks::OnSuccess $7500 2020-11-25
1081874 Double free on NodeChannel - 2020-11-24
1099670 CrOS: Vulnerability reported in dev-libs/libpcre - 2020-11-24
1092518 Security: OpenFileViaShell may open executables in the same directory with similar filenames unexpectedly $500 2020-11-21
1108511 heap-use-after-free : AdsPageLoadMetricsObserver::FrameDisplayStateChanged - 2020-11-21
1108892 dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout - 2020-11-21
1109120 Security: (UXSS) Long-Press Open Runs Javascript Links from Child in Parent Origin / Page - 2020-11-21
1113209 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace - 2020-11-21
1113554 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get - 2020-11-21
1114066 Potential UAF when closing chrome://cellular-setup - 2020-11-21
1114398 crash in Builtins_StaCurrentContextSlotHandler $5000 2020-11-21
1114500 gpu_raster_passthrough_fuzzer: Crash in sse2::store_rgNUMBER - 2020-11-21
1115345 Security: Heap-Buffer-Overflow in libGLESv2 Library - es2::Device::stretchRect - 2020-11-21
1115354 DCHECK failure in allow_empty_handle || that != nullptr in api-inl.h - 2020-11-21
1115693 Heap-use-after-free in blink::Element::AttributeChanged - 2020-11-21
1115902 Heap-use-after-free in blink::HTMLFormControlElement::AttributeChanged - 2020-11-21
1112206 Security: pdfium Debug check failed - 2020-11-18
1092453 Restrictions on navigation to the content scheme can be bypassed on Android $3000 2020-11-17
1114803 wav_audio_handler_fuzzer: Crash in void base::ReadBigEndian<unsigned int> - 2020-11-17
1104628 Security: Private file upload (data exfiltration) $1000 2020-11-16
1114326 Crash in base::internal::WeakReferenceOwner::~WeakReferenceOwner - 2020-11-15
1038208 canvas_fuzzer: Heap-use-after-free in blink::scheduler::AgentInterferenceRecorder::OnFrameSchedulerDestroyed - 2020-11-14
1113710 Use-of-uninitialized-value in blink::LayoutShiftTracker::NotifyTextPrePaint - 2020-11-14
1102361 Security: Arbitrary command execution vulnerability in patchpanel - 2020-11-13
1113226 Security: Heap overflow in libavif - 2020-11-13
1114005 CHECK failure: kMaxInt >= new_capacity in wasm-objects.cc - 2020-11-13
1114006 DCHECK failure in 0 <= length in factory-base.cc - 2020-11-13
937179 Security: Malicious link opens multiple tabs via URI handler $500 2020-11-12
1034224 CrOS: Vulnerability reported in dev-libs/libxslt - 2020-11-12
1039058 CrOS: Vulnerability reported in dev-libs/libxml2 - 2020-11-12
1108116 heap-use-after-free : autofill::FormStructure::GetFieldTypePredictions - 2020-11-12
1110207 Security: Use after free in Payments $20000 2020-11-12
1112440 gstoraster_fuzzer: Heap-use-after-free in gx_default_get_param - 2020-11-12
1112442 gstoraster_fuzzer: Heap-use-after-free in pdf14_pop_transparency_group - 2020-11-12
1112474 gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc - 2020-11-12
1112477 gstoraster_fuzzer: Heap-use-after-free in gsicc_adjust_profile_rc - 2020-11-12
1108181 Security: bypas of the protection of input field cache $5000 2020-11-11
1108518 Security: UAF in ScriptPromiseProperty due to iterator invalidation $7500 2020-11-11
1100280 Security: Chrome Update - Arbitrary Folder Delete // Privilege Escalation $500 2020-11-10
1103827 Security: heap-buffer-overflow in TextDetection detect - 2020-11-10
1106590 Step "blink_web_tests" failing on builder "WebKit Linux MSAN" - 2020-11-10
1112642 Heap-use-after-free in blink::LayoutShiftTracker::NotifyTextPrePaint - 2020-11-10
841622 Security: Speech permission request UI spoof $500 2020-11-09
1104046 Security: Task Scheduling - Use After Free in TaskQueueImpl::CreateTaskRunner(). $7500 2020-11-09
1100286 Chromium: Vulnerability reported in third_party/requests - 2020-11-08
1108535 Security: UAF in ImageDecoderExternal due to iterator invalidation $7500 2020-11-07
1110432 mojo_core_channel_fuzzer: Heap-buffer-overflow in mojo::core::Channel::Message::num_handles - 2020-11-07
1111831 Crash in v8::internal::Heap::CreateFillerObjectAt - 2020-11-07
1111972 Heap-use-after-free in v8::internal::AllocationCounter::InvokeAllocationObservers - 2020-11-07
1112025 DCHECK failure in space->heap()->inline_allocation_disabled() implies space->limit() == space->top - 2020-11-07
1112039 Heap-use-after-free in blink::PaintInvalidator::InvalidatePaint - 2020-11-07
1107433 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability $10000 2020-11-06
1111015 v8_wasm_compile_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i - 2020-11-06
1111307 Security: UAF in OfflinePageTabHelper::LoadData - 2020-11-06
1012955 Security: Reader mode needs improved sanitization - 2020-11-05
1107104 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get - 2020-11-05
1110749 net_hpack_decoder_fuzzer: Heap-use-after-free in base::operator<< - 2020-11-05
1110991 zxcvbn_scoring_fuzzer: Use-of-uninitialized-value in zxcvbn::most_guessable_match_sequence - 2020-11-05
1110992 net_spdy_session_fuzzer: Heap-use-after-free in base::operator<< - 2020-11-05
1145680 Ports 5060 and 5061 should be blocked - 2020-11-04
1092385 Security: heap-use-after-free / double-free in blink::CanvasResourceProvider $5000 2020-11-04
1106342 Security: Use-after-free in PrintCompositeClient::OnDidPrintFrameContent - 2020-11-04
1106507 Use-of-uninitialized-value in gpu::gles2::GLES2Implementation::BufferDataHelper - 2020-11-04
1107824 Security: 'unsafe-eval' in CSP is not properly enforced for default-src 'self' - 2020-11-04
1108091 Race condition in NativeFileSystemWriter close logic - 2020-11-04
1109467 Heap-use-after-free in blink::AdTracker::DidFinishAsyncTask - 2020-11-04
1110564 v8_wasm_compile_fuzzer: DCHECK failure in stack_height >= stack_effect.first in wasm-interpreter.cc - 2020-11-04
1090352 Security: no user interaction: URL spoofing using blob + @ (iOS) $1000 2020-11-03
1106299 CrOS: Vulnerability reported in net-fs/samba - 2020-11-03
1108351 Security: Use of conditionally uninitialised stack variable may leak stack state - 2020-11-03
1108472 Security: UAF in RTCQuicTransport due to iterator invalidation $7500 2020-11-03
1110214 DCHECK failure in !result.IsRetry() in new-spaces.cc - 2020-11-03
1102196 Security: Keystone for macOS should use auditToken to validate incoming XPC message $10000 2020-11-02
1108299 UaF in NFCHost::GetNFC - 2020-11-02
1108497 Security: UAF in RemotePlayback due to iterator invalidation (Android only) $7500 2020-11-02
931013 Extension has an ability to execute script in New Tab Page $500 2020-10-31
1109108 pdfium(XFA) heap-use-after-free in CXFA_FFWidget::GetWidgetRect() $7500 2020-10-31
1109461 CVE-2020-15780 CrOS: Vulnerability reported in Linux kernel - 2020-10-31
1099276 Security: Cursor hijacking mitigation bypass - 2020-10-30
1105426 Security: Use-after-free in MediaElementEventListener::UpdateSources - 2020-10-30
1106091 Security: Sending uninitialized bytes between processes - 2020-10-30
1106234 Security: heap-user-after-free in HidService - 2020-10-30
1106682 Security: Use-after-free in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList - 2020-10-30
1107815 Security: Use-after-free in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers - 2020-10-30
1108639 openh264 is vulnerable to a known vulnerability - 2020-10-30
1105720 Security: heap-buffer-overflow in SkReader32::readInt - 2020-10-28
1139963 Security: Heap buffer overflow due to integer truncation in FreeType - 2020-10-28
1039882 Leaking size of cross-origin resource by caching it twice $2000 2020-10-27
1103839 DCHECK failure in pc_ <= end_ in decoder.h - 2020-10-27
1104061 UAF in sctp_transport $7500 2020-10-27
1106773 Security: Use-after-free in USB::OnServiceConnectionError - 2020-10-27
1102151 Security: heap-use-after-free in AllowFrom $5000 2020-10-26
1104053 v8_wasm_fuzzer: DCHECK failure in stack.size() == 1 in module-decoder.cc - 2020-10-26
1105283 Heap-use-after-free in blink::NGPhysicalFragment::PostLayout - 2020-10-26
1076923 vtest_fuzzer: Crash in try_setup_line - 2020-10-25
1105198 Heap-use-after-free in blink::LayoutObject::OutlineRects - 2020-10-25
1100669 Security: missing WDS fix - 2020-10-24
1104322 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get - 2020-10-24
1105635 Security: use-after-poison when using CSS var() with revert as fallback - 2020-10-24
1105723 Security: heap-buffer-overflow in Skia - 2020-10-24
1106285 v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h - 2020-10-24
1077761 Security: TOCTOU race in cupsd.conf init script - 2020-10-23
1015310 Security: Improper isolation of EC_RST_ODL on some NPCX79nx designs - 2020-10-22
1086896 CrOS: Vulnerability reported in dev-db/sqlite - 2020-10-22
1087362 CrOS: Vulnerability reported in dev-db/sqlite - 2020-10-22
1101152 pdfium_embeddertests triggers a use-after-poison in V8 - 2020-10-22
1101756 CrOS: Vulnerability reported in dev-db/sqlite - 2020-10-22
1104103 Security: Insufficient data validation in deserialize TransformStream $7500 2020-10-22
1105815 DCHECK failure in ((static_cast<i::Tagged_t>(ptr) & ::i::kSmiTagMask) == ::i::kSmiTag) in smi.h - 2020-10-22
1106357 Crash in v8::internal::compiler::BytecodeArrayData::source_positions_size - 2020-10-22
958521 gstoraster: Use-of-uninitialized-value in register_x86_crypto - 2020-10-21
1104608 Security: LdaNamedProperty is generated for typed_array["4294967295"], which causes wrong inline cache and OOB access $5000 2020-10-20
1067854 Chromium: Vulnerability reported in third_party/binutils - 2020-10-19
1103195 Security: HeapOverflow in BackgroundFetch $15000 2020-10-19
1104528 Heap-use-after-free in ui::LayerAnimator::OnScheduled - 2020-10-19
1104533 Security DCHECK failure: i < length() in string_view.h $6000 2020-10-19
1099568 Symlink at /home/user/<hash>/GCache/v2 can trick cryptohome to make arbitrary path world writable - 2020-10-16
1102860 cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client - 2020-10-16
1082717 CVE-2020-12771 CrOS: Vulnerability reported in Linux kernel - 2020-10-15
1101304 DCHECK failure in dst.low_gp() != rhs.high_gp() in liftoff-assembler-arm.h - 2020-10-15
1102408 Heap-use-after-free in blink::LayoutBox::FindAutoscrollable - 2020-10-15
1103557 Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed - 2020-10-15
1094699 CrOS: Vulnerability reported in sys-libs/glibc - 2020-10-14
1097308 cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_channel_remix_conv_create - 2020-10-14
1100247 Security: Potential UAF in AndroidCdmFactory - 2020-10-14
1101818 Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeMoved $6000 2020-10-14
1102083 Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc $6000 2020-10-14
1102127 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get - 2020-10-14
1102137 Security DCHECK failure: !object || (object->IsLayoutMultiColumnSet()) in layout_multi_column_set.h - 2020-10-14
1102161 CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc - 2020-10-14
1102609 Heap-buffer-overflow in blink::NGFragmentItems::LayoutObjectWillBeDestroyed - 2020-10-14
1105202 Security: Google Chrome DrawElementsInstanced Information Leak Vulnerability (TALOS-2020-1123) $1000 2020-10-13
1101883 Security DCHECK failure: !masker->NeedsLayout() in svg_mask_painter.cc - 2020-10-12
1102054 Disable (or fix) YUV image decoding before M86 due to use after free - 2020-10-10
1096677 WebView: Cross-domain content can be fetched from resources loaded by the content scheme - 2020-10-09
1101629 v8_wasm_code_fuzzer: DCHECK failure in heap_type != HeapType::kBottom && HeapType(heap_type).is_valid() in value-type.h - 2020-10-09
1076786 Script Gadgets in chrome://oobe and chrome://assistant-optin through Polymer - 2020-10-08
1091790 dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout - 2020-10-08
1096170 dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback - 2020-10-08
1029907 Security: URL bar spoofing with prompt dialog on iOS $500 2020-10-07
1030927 Site Isolation Bypass: ClientHints doesn't properly check origin from renderer - 2020-10-07
1094453 Security: Memory stomper in InfoBarManager::RemoveInfoBarInternal() - 2020-10-07
1095560 Security: heap-buffer-overflow on media_history::MediaHistoryKeyedService::OnURLsDeleted $5000 2020-10-07
1097484 Use-of-uninitialized-value in base::internal::WeakReference::IsValid - 2020-10-07
1099621 dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::DoWriteBuffer - 2020-10-07
1099945 Security: Print compositor does not copy out of shared memory before attempting to deserialize SkPicture - 2020-10-07
1099990 Security: pdfium heap-buffer-overflow with experimental skia back end - 2020-10-07
1100900 Heap-use-after-free in blink::LayoutBlockFlow::SetShouldDoFullPaintInvalidationForFirstLine - 2020-10-07
1101079 Security DCHECK failure: GetLayoutObject() && GetLayoutObject()->IsBoxModelObject() in ng_physical_box_fr - 2020-10-07
1100079 Use-of-uninitialized-value in blink::NGMathRadicalLayoutAlgorithm::Layout - 2020-10-05
1094235 uaf in extensions $5000 2020-10-03
1094655 Heap-buffer-overflow in vk::Image::copy - 2020-10-03
1098179 Use-of-uninitialized-value in send_delete_event - 2020-10-03
1099974 Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock - 2020-10-03
1094644 gpu_swangle_passthrough_fuzzer: Heap-buffer-overflow in libvk_swiftshader.so - 2020-10-02
1098606 WebFrameImpl::CallJavaScriptFunction allows child frames to inject scripts into parent. - 2020-10-02
1099446 Security: heap-buffer-overflow in "SkData::PrivateNewWithCopy" function $2000 2020-10-02
1010756 Crash in sw::Renderer::executeTask - 2020-10-01
1090543 heap-use-after-free : content::NavigationRequest::OnWillProcessResponseProcessed - 2020-09-30
1097483 Heap-buffer-overflow in sw::Blitter::fastClear - 2020-09-30
1092449 Cross-domain content can be fetched from resources loaded by the content scheme $20000 2020-09-29
1096002 Heap-use-after-free in blink::ImageResourceContent::PriorityFromObservers - 2020-09-29
1097442 v8_wasm_compile_fuzzer: DCHECK failure in from <= to in vector.h - 2020-09-29
1097467 v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::fuzzer::WasmGenerator::Generate - 2020-09-29
1097595 Security DCHECK failure: new_box->IsInlineFlowBox() in layout_block_flow_line.cc - 2020-09-29
1098243 CVE-2020-14416 CrOS: Vulnerability reported in Linux kernel - 2020-09-29
1084699 [WebRTC] Remote ICE Candidate Hostname Lookup Privacy Issue - 2020-09-28
1097416 Use-of-uninitialized-value in void blink::ShapeResultView::CreateViewsForResult<blink::ShapeResult> - 2020-09-27
1017558 pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in CompositeRow_Argb2Argb_RgbByteOrder - 2020-09-26
1037980 pdf_scanlinecompositor_fuzzer: Heap-buffer-overflow in GetGray - 2020-09-26
1058716 pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc - 2020-09-26
967204 Security: dangling markup protection bypass with <portal> element $500 2020-09-25
997412 Security: PDFium Heap-use-after-free in ProbeForLowSeverityLifetimeIssue (XFA) - 2020-09-25
1082755 Heap UaF in TabStrip::CloseTab $5000 2020-09-25
1086009 Security: Linux Kernel V5.2.0-rc1 #2 use-after-free in unmap_vmas read of size 8 $500 2020-09-25
1086845 Security: Blob ignores charset specified in type attribute $1000 2020-09-25
1087282 XSS in interstitial_common.js leading to UXSS - 2020-09-25
1088187 Bad-cast to extensions::MimeHandlerViewContainerManager from invalid vptr in extensions::MimeHandlerViewContainerManager::RemoveFrameContainerForReason - 2020-09-25
1090835 Security: Full screen notification overlap on Windows and Linux (take two) $500 2020-09-25
1093719 Container-overflow in content::responsiveness::Watcher::DidRunTask - 2020-09-25
1094363 Heap-buffer-overflow in ash::ScrollableShelfView::UpdateScrollOffset - 2020-09-25
1094442 Background tab can launch PWA or play store page when interacting with any page. - 2020-09-25
1095709 Heap-use-after-free in base::internal::Invoker<base::internal::BindState<void - 2020-09-25
1095760 Bad-cast to blink::WebRtcAudioRenderer from invalid vptr in void base::internal::FunctorTraits<void - 2020-09-25
1095927 Use-of-uninitialized-value in blink::WebRtcAudioRenderer::TranscribeAudio - 2020-09-25
1096079 Heap-use-after-free in blink::ImageResourceContent::NotifyObservers - 2020-09-25
1097028 CVE-2020-10757 CrOS: Vulnerability reported in Linux kernel - 2020-09-25
1092451 Multiple-file download restrictions can be bypassed using Android intents $500 2020-09-23
1076703 Security: WebRTC: usrsctp is called with pointer as network address - 2020-09-22
1095102 Security: heap-buffer-overflow in x_server_pixel_buffer.cc from screen_capturer_x11.cc - 2020-09-22
1095589 CVE-2020-13974 CrOS: Vulnerability reported in Linux kernel - 2020-09-22
1072841 heap-use-after-free : local_discovery::ServiceWatcherImplMac::NetServiceBrowserContainer::~NetServiceBrowserContainer - 2020-09-21
1092059 v8_wasm_compile_fuzzer: DCHECK failure in SIZE == kSimd128Size ? num_q_registers : num_d_registers > reg in simulator-arm. - 2020-09-21
995732 Potential out of bounds write vulnerability in webusb (usb_device_handle_usbfs.cc) (Linux 32bit) - 2020-09-18
1090519 Security: Missing microcode for some Intel platforms - 2020-09-18
1092308 uaf in extensions $20000 2020-09-18
1093902 paint_op_buffer_fuzzer: Use-of-uninitialized-value in SkReadBuffer::peekByte - 2020-09-18
1086796 Security: Out of bounds read in PDFium due to mis-merged patch of libopenjpeg $7500 2020-09-17
1087921 gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_NUMBER - 2020-09-17
1083128 Security: Out-of-bounds write browser crash $5000 2020-09-16
1092274 Security: global-buffer-overflow in bytesPerVertex $1000 2020-09-16
1084820 DCHECK failure in value.IsHeapObject() in objects-debug.cc $5000 2020-09-15
1091461 DCHECK failure in 2 == subnode->op()->ControlOutputCount() in js-inlining.cc - 2020-09-15
1092553 Bad-cast to v8::internal::compiler::Operator1<v8::internal::BinaryOperationHint, v8::internal::compiler::OpEqualTo<v8::internal::BinaryOperationHint>, v8::internal::compiler::OpHash<v8::internal::BinaryOperationHint>> from v8::internal::compiler::Operator1<v8::internal::compiler::FeedbackParameter, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FeedbackParameter>, v8::internal::compiler::OpHash<v8::internal::compiler::FeedbackParameter> > in v8::internal::BinaryOperationHint const& v8::internal::compiler::OpParameter<v8: - 2020-09-15
967202 Security: bypass file download restrictions using <portal> element - 2020-09-14
1083213 CrOS: Vulnerability reported in net-vpn/openvpn - 2020-09-14
1090173 Security: Uninitialized memory read in snappy::SnappyScatteredWriter<snappy::SnappySinkAllocator>::AppendFromSelf - 2020-09-14
1091670 Security: heap-buffer-overflow in sk_careful_memcpy - 2020-09-14
1091404 Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability - TALOS-2020-1092 $2000 2020-09-12
1065264 No validation of origin in initializing CDM - 2020-09-11
1082716 CVE-2020-12770 CrOS: Vulnerability reported in Linux kernel - 2020-09-11
1087158 Crash in FidoDiscoveryFactory::ResetRequestState() - 2020-09-11
1091180 heap-use-after-free : media::GetSupportedD3D11VideoDecoderResolutions - 2020-09-11
1091214 CVE-2019-20812 CrOS: Vulnerability reported in Linux kernel - 2020-09-11
1039062 CVE-2019-19769 CrOS: Vulnerability reported in Linux kernel - 2020-09-10
1083819 Security: Android WebView: iframe on different origin can execute arbitrary JavaScript in top document via window.open() or links with _blank target $15000 2020-09-10
1091213 CVE-2019-20811 CrOS: Vulnerability reported in Linux kernel - 2020-09-10
1080953 CrOS: Vulnerability reported in net-nds/openldap - 2020-09-09
980116 Security: PDFium (XFA) Use-after-free in CXFA_FFTabOrderPageWidgetIterator::CreateTabOrderWidgetArray $3000 2020-09-08
980172 Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::GetPageView $2000 2020-09-08
1080622 CrOS: Vulnerability reported in net-fs/samba - 2020-09-08
1082186 CrOS: Vulnerability reported in net-fs/samba - 2020-09-08
1087968 heap-use-after-free in adhd in asan builds - 2020-09-08
1085507 v8_wasm_compile_fuzzer: DCHECK failure in ref.stack_height >= target_stack_height in wasm-interpreter.cc - 2020-09-06
1086890 Security: Missing array size check in NewFixedArray - 2020-09-06
1081350 Security: Browser_crash - heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext(content::BrowserContext*) $15000 2020-09-05
1085718 Heap-use-after-free in performance_manager::WorkerNodeImpl::RemoveClientFrame - 2020-09-05
1087629 Upgrade SQLite to 3.32.1 - 2020-09-05
921015 Heap-buffer-overflow in rr::Array<rr::Float4, 1>::operator - 2020-09-04
1033897 Security: Linux kernel 4.19.83 - use-after-free in the debugfs_remove function - 2020-09-04
1067382 Security: Sandbox escape via chrome.input.ime $5000 2020-09-04
1072116 Security: Possible for extensions to escape sandbox via devtools watch expressions $10000 2020-09-04
1080481 Security: Skia: Integer Overflow in GrTextBlob::Make - 2020-09-04
1081040 gpu_raster_swangle_passthrough_fuzzer: Crash in sse2::lowp::load_a8 - 2020-09-04
1085989 pdf_psengine_fuzzer: Int-overflow in CPDF_PSEngine::DoOperator - 2020-09-04
1086124 Security: UAF in ChromeOS Login $5000 2020-09-04
1086798 V8 Potential Use after free in the function ToPropertyDescriptorFastPath - 2020-09-04
944944 Infra: Outdated set of root certificates - 2020-09-02
1072467 Security: arc-setup to be more cautious when moving android data directories - 2020-09-02
1075457 Chrome fails to start if a file exists at /home/chronos/user or /home/chronos/Default - 2020-09-02
1084839 Heap-use-after-free in blink::PaintLayer::~PaintLayer - 2020-09-02
1086470 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsFixedArray()) in class-defin - 2020-09-02
1052093 Security: Custom Scheme escaping bypassed if a scheme is in the URLWhitelist - 2020-09-01
1080444 v8_wasm_code_fuzzer: DCHECK failure in is_valid(value) in bit-field.h - 2020-09-01
1085704 gpu_angle_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderImpl::HandleBlendFunciOES - 2020-09-01
1085846 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoBlendFunciOES - 2020-09-01
1085990 Security: Browser_crash - heap-use-after-free in Payments API - 2020-09-01
1056754 Security: Browsable Activities expose insecure behaviors on Android - 2020-08-28
1074317 Security: The CSP reports and stacktraces of errors leaks post-redirect URL for <script> $5000 2020-08-28
1084151 v8_wasm_code_fuzzer: DCHECK failure in register_move(dst)->src == src in liftoff-assembler.cc - 2020-08-28
1085315 URL spoofing using 'GURMUKHI LETTER RRA' (U+0A5C) - 2020-08-28
1085738 CVE-2020-13143 CrOS: Vulnerability reported in Linux kernel - 2020-08-28
1082105 uaf in device::FidoRequestHandlerBase::InitializeAuthenticatorAndDispatchRequest $20000 2020-08-26
1083793 Crash in v8::Isolate::GetCurrentContext - 2020-08-26
932892 Security: CSP violation reports leak the destination origin of a blocked redirect in the blocked-uri / blockedURI field $1000 2020-08-25
999310 Security: OOB Access in V8 $10000 2020-08-24
1016261 Security: ashmem readonly bypasses via remap_file_pages() and ASHMEM_UNPIN - 2020-08-24
1083157 Crash in blink::ReadExifDirectory - 2020-08-24
1078375 Heap-use-after-free in gl::State::reset - 2020-08-23
795595 Security: chrome.devtools.inspectedWindow.eval executes within privileged pages $2000 2020-08-22
1082990 CHECK failure: FLAG_wasm_async_compilation in module-compiler.cc - 2020-08-22
1083525 CHECK failure: !FLAG_wasm_async_compilation implies isolate->wasm_streaming_callback() == nullp - 2020-08-22
1065122 heap-use-after-free : ui::AXTreeSerializer<blink::WebAXObject,content::AXContentNodeData,content::AXContentTreeData>::LeastCommonAncestor - 2020-08-21
1067869 Chromium: Vulnerability reported in third_party/guava - 2020-08-21
1077200 CrOS: Vulnerability reported in dev-vcs/git - 2020-08-21
1080616 CVE-2020-12464 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1080618 CVE-2020-12654 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1080951 CVE-2020-12653 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1081086 Heap-use-after-free in blink::NGBlockNode::CopyFragmentDataToLayoutBoxForInlineChildren - 2020-08-21
1081722 Security: memcpy-param-overlap in AudioBuffer::copyFromChannel - 2020-08-21
1082597 pdfium(XFA) heap-use-after-free in CXFA_FFField::OnSetFocus $7500 2020-08-21
1082727 Use-of-uninitialized-value in safe_browsing::PhishingClassifierDelegate::OnDestruct - 2020-08-21
1083210 CVE-2019-14898 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1083211 CVE-2020-10690 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1083212 CVE-2020-12826 CrOS: Vulnerability reported in Linux kernel - 2020-08-21
1083250 CHECK failure: block->PredecessorCount() == 0 in graph-assembler.cc - 2020-08-21
999311 Security: Use after free in MojoCdmService $30000 2020-08-20
1052492 Use-of-uninitialized-value in blink::ImageDataBuffer::ImageDataBuffer - 2020-08-18
1074340 Security: javascript URI sandbox flags aren't propagated in a blank string case $1000 2020-08-17
1079449 v8_wasm_compile_fuzzer: DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h - 2020-08-17
1081081 Security: URL spoofing using slow page loading on iOS $500 2020-08-17
1073015 Security: UAF in DistillerJavaScriptService (Android) $20000 2020-08-15
1077491 Crash in blink::WaveShaperDSPKernel::WaveShaperCurveValues $3000 2020-08-15
1079398 gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in rx::SamplerCache::getSampler - 2020-08-15
1080936 Container-overflow in base::internal::Invoker<base::internal::BindState<void - 2020-08-15
1080950 CVE-2020-12652 CrOS: Vulnerability reported in Linux kernel - 2020-08-15
1066731 Security: Wrong account password captured - 2020-08-14
1072165 libjingle_xmpp_xmlparser_fuzzer: Incorrect-function-pointer-type with empty stacktrace - 2020-08-14
1075496 Chrome_Mac: Crash Report - device::FidoCableDevice::OnTimeout - 2020-08-14
1077203 Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX - 2020-08-14
1077301 Security: SELinux/netlink missing access check - 2020-08-14
1077477 mount-obb_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace - 2020-08-14
1077531 Security: ChromeOS shill breakout and privilege escalation to root $30000 2020-08-14
1077754 Security: cmd injection into pppd config - 2020-08-14
1077780 Security: run_oci will execute hooks from config.json on writable file systems - 2020-08-14
1078236 Heap-use-after-free in blink::LayoutListItem::UpdateMarkerLocation $6000 2020-08-14
1078336 CVE-2017-18551 CrOS: Vulnerability reported in Linux kernel - 2020-08-14
1078671 Security: UAF in CaptionHostImpl $20000 2020-08-14
1078865 trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256 - 2020-08-14
1078867 cryptohome_cryptolib_rsa_oaep_decrypt_fuzzer: Use-of-uninitialized-value in mem_puts - 2020-08-14
1078913 DCHECK failure in shared_info->function_data().IsBytecodeArray() in compiler.cc - 2020-08-14
1079066 DCHECK failure in has_pending_error() in pending-compilation-error-handler.cc - 2020-08-14
1080447 trunks_hmac_authorization_delegate_fuzzer: Use-of-uninitialized-value in trunks::HmacAuthorizationDelegate::HmacSha256 - 2020-08-14
1080617 CVE-2020-12465 CrOS: Vulnerability reported in Linux kernel - 2020-08-14
1080620 CVE-2020-12657 CrOS: Vulnerability reported in Linux kernel - 2020-08-14
1080621 CVE-2020-12659 CrOS: Vulnerability reported in Linux kernel - 2020-08-14
946156 Security: Chrome (Mac OS X) - Arbitrary File Permission Modification $500 2020-08-12
1077501 Segv on unknown address in blink::StyleCascade::ApplyInterpolation - 2020-08-12
1078399 v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h - 2020-08-12
1050003 CVE-2020-8648 CrOS: Vulnerability reported in Linux kernel - 2020-08-11
1071311 Security: OOB Write In SkBitSet::set - 2020-08-11
1071729 Non secure (i) icon fails to get displayed for non secure websites (e.g., http://dump-truck.appspot.com) - 2020-08-11
1076708 OOB read/write in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyDoubleElementsAccessor $7500 2020-08-11
1072474 Security: cros_disks sshfs allows injection of symlinks - 2020-08-10
1001870 gstoraster_fuzzer: Heap-buffer-overflow in template_compose_group - 2020-08-07
1036706 gstoraster_fuzzer: Heap-buffer-overflow in jbig2_sd_new - 2020-08-07
1076030 hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area - 2020-08-07
1065731 audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header - 2020-08-06
1070066 Security: Displaying a page action popup from the omnibox prevents an infobar from displaying $500 2020-08-06
1075719 v8_wasm_code_fuzzer: Use-after-poison in v8::internal::wasm::SideTable::SideTable - 2020-08-06
1076442 DCHECK failure in index >= 0 && index < length() && value <= kMaxOneByteCharCode in string-inl.h - 2020-08-06
1029569 sqlite3_shadow_table_fuzzer: ASSERT: nDoclist>0 $3000 2020-08-05
1072233 Security: ChromeOS root privilege escalation and persistence $45000 2020-08-05
1072276 login_manager command execution via policy-injected flags - 2020-08-05
1073602 SCTP stack buffer overflow from malicious AUTH chunks - 2020-08-05
1074586 DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h - 2020-08-05
1074706 uaf in TabSharingInfoBarDelegate $15000 2020-08-05
1074655 Heap-use-after-free in blink::WebAXObject::UpdateLayoutAndCheckValidity - 2020-08-05
1075953 DCHECK failure in *available != 0 in assembler-arm.cc - 2020-08-05
1007343 vtest_fuzzer: Crash in try_setup_line - 2020-08-04
1069246 iOS: Omnibox doesn't display blob: origin for long URL $1500 2020-08-04
1069964 Security: Check failed: receiver.IsJSFunction(). - 2020-08-04
1070094 ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev - 2020-08-04
1070480 Security: use-of-uninitialized-value in sse2::lowp::gather - 2020-08-04
1072253 Security: RenameCryptohome and arcvm-server-proxy root file write to root command execution from chronos $30000 2020-08-04
1072470 Security: cups shouldn't be running with gid=0 - 2020-08-04
1074532 minidump_fuzzer: Heap-buffer-overflow in google_breakpad::MinidumpProcessor::Process - 2020-08-04
1075777 ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_get_rev - 2020-08-04
1075952 ndproxy_fuzzer: Use-of-uninitialized-value in std::__1::enable_if<__is_cpp17_forward_iterator<std::__1::pair<unsigned int, std - 2020-08-04
1073553 Heap-buffer-overflow in v8::internal::wasm::Decoder::read_prefixed_opcode<1> - 2020-08-03
1074621 DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h - 2020-08-03
843095 Chrome Url Spoofing via Interstitial content overwrite $2000 2020-08-01
978779 Chromium uses expired certificate for Baltimore CyberTrust - 2020-08-01
1074190 net_dns_record_fuzzer: Use-of-uninitialized-value in net::IntegrityRecordRdata::IntegrityRecordRdata - 2020-08-01
961644 Heap-buffer-overflow in courgette::Read32LittleEndian - 2020-07-31
1073981 DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl. - 2020-07-31
1073409 XSS on chrome://histograms/ with a compromised renderer - 2020-07-30
985551 Crash in sw::Thread::Thread - 2020-07-29
1057441 sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3ScanInteriorNode - 2020-07-29
1072171 Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax $7500 2020-07-29
1072885 Security: arcvm-server-proxy command injection - 2020-07-29
1072983 use-after-free in BlobRegistryImpl(browser process) $20000 2020-07-29
1073263 DCHECK failure in CheckKeptObjectsClearedAfterMicrotaskCheckpoint(microtask_queue) in api.cc - 2020-07-29
1064676 full CSP bypass while evaluating a javascript-URL in iframe. $3000 2020-07-29
634183 Malformed CSP is not reported in the console and protection is disabled. - 2020-07-28
1071059 Security: Blink - Type Confusion with Custom Element $7500 2020-07-28
873178 Security: Chrome allows setting arbitrary HTTP headers - 2020-07-28
633348 CSP can be abused to disclose line/column numbers across origins - 2020-07-27
992698 Security: Bypass the CSP when popup with "javascript:"-URL $500 2020-07-27
1072115 v8_wasm_async_fuzzer: Trap in v8::internal::wasm::WasmOpcodes::IsPrefixOpcode - 2020-07-27
1016278 Security: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS when exec chrome.debugger.sendCommand - 2020-07-25
1042986 iframe in victim page can detect Scroll To Text Fragment activation - 2020-07-25
1071711 v8_wasm_fuzzer: DCHECK failure in index <= 0xff in decoder.h - 2020-07-25
986051 Security: Use-after-free of CommandLineAPIScope object $3000 2020-07-24
1070609 Security: UAF in the blink.mojom.SmsReceiverPtr interface $10000 2020-07-24
1071454 Security DCHECK failure: IsA<Derived>(from) in casting.h $6000 2020-07-24
1025302 Security: usrsctplib has not been updated since 2018 and is missing fuzzers and security fixes - 2020-07-23
1040490 CrOS: Vulnerability reported in net-dns/dnsmasq - 2020-07-23
1049040 dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in _init - 2020-07-23
1062861 heap-buffer-overflow : autofill::AutofillCountry::AutofillCountry - 2020-07-23
1063690 Untrustworthy navigation causes HTTP Basic Auth dialog origin confusion/spoofing $500 2020-07-23
1064891 use after free in mojom::ClipboardHost $10000 2020-07-23
1068084 Security: Use after free in WebRTC $7500 2020-07-23
1068531 Security: Character ñ€œñ €ñ€ (U+2800) should be converted into code. $500 2020-07-23
1068609 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace - 2020-07-23
1069079 dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl - 2020-07-23
1069757 CVE-2019-20636 CrOS: Vulnerability reported in Linux kernel - 2020-07-23
1070012 Chromium: Vulnerability reported in third_party/sqlite - 2020-07-23
1070199 [wasm] Disable native module cache to fix stability issue on M-81 - 2020-07-23
967925 Security: BLE Hijacking with Smart Unlock/Magic Tether - 2020-07-21
1069700 Security: PDFium (XFA) Use-after-free in function CPDFXFA_Page::GetFirstOrLastXFAAnnot $5000 2020-07-21
1069789 Security: PDFium (XFA) Use-after-free in function CXFA_FFWidgetHandler::OnRButtonDown $7500 2020-07-21
1070054 Security: input audio html5 tag makes chrome ios crashes - 2020-07-21
1065298 UAF in base::SupportsUserData::SetUserData $20000 2020-07-18
1068542 CVE-2020-8835 CrOS: Vulnerability reported in Linux kernel - 2020-07-18
1055933 heap-use-after-free : ProfileIOData::FromResourceContext - 2020-07-16
1064519 Security: DevTools doesn't fully validate channel messages it receives $3000 2020-07-16
1068395 Security: SmsProviderGmsUserConsent may hold a dangling pointer to RenderFrameHost - 2020-07-16
1067851 Security: UAF in Speech Recognizer $25000 2020-07-15
1068466 dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::InlineMemoryTransferService::WriteHandleImpl::DeserializeFlus - 2020-07-15
840361 Security: mount-encrypted may leak stateful encryption key across dev mode transition - 2020-07-14
1016543 Old, unsecure (and unused?) version of ChromeVox is present in Chromium repo - 2020-07-14
1053939 V8 correctness failure in configs: x64,ignition:x64,ignition_turbo_opt - 2020-07-14
1057461 dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::OnBufferMapWriteAsyncCallback - 2020-07-14
1068509 CHECK failure: marking_state_->IsBlackOrGrey(heap_object) in mark-compact.cc - 2020-07-14
1055583 dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get - 2020-07-13
1061687 dawn_wire_server_and_frontend_fuzzer: Heap-buffer-overflow in dawn_native::null::Buffer::SetSubDataImpl - 2020-07-13
1067980 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-07-13
1010770 Crash in hsw::lowp::gather_NUMBER - 2020-07-12
1055746 Security: CVE-2020-2732: Nested VMX vulnerability - 2020-07-12
1059577 Security: Possible to escape sandbox via devtools_page $3000 2020-07-11
1060023 Security: V8 Debug check failed: !var->has_forced_context_allocation() || var->is_used(). Fatal error in ../../src/ast/scopes.cc, line 2239 - 2020-07-10
1065186 UAF in libglesv2!gl::Texture::onUnbindAsSamplerTexture $5000 2020-07-10
1065761 Security: Copy & paste XSS via noscript $5000 2020-07-10
981114 Security: BT Classic Pairing Hijack - 2020-07-08
1059955 dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit - 2020-07-08
1061933 aec3_fuzzer: Container-overflow in webrtc::FilterAnalyzer::AnalyzeRegion - 2020-07-08
1061235 Security: libcameraservice: heap-based-buffer-overflow-in-DepthPhotoProcessor - 2020-07-07
1064429 Heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar - 2020-07-07
1065704 Security: UAF in WebSocket Network Service $20000 2020-07-07
1065772 ProbeForLowSeverityLifetimeIssue in ~CXFA_FFPageWidgetIterator() - 2020-07-07
1058895 Security: Slow Read HTTP Attack $500 2020-07-06
1040755 Security: Another "universal" XSS via copy&paste $2000 2020-07-03
1062868 heap-use-after-free : v8::internal::wasm::WasmCode::DecrementRefCount - 2020-07-03
1064898 Heap-use-after-free in metrics::PerfOutputCall::OnGetPerfOutput - 2020-07-03
978632 heap-use-after-free : sctp_release_pr_sctp_chunk - 2020-07-02
990581 Security: Security: CSP does not propagate to blob: URIs $500 2020-07-02
1060559 [Web NFC] Block YubiKeys - 2020-07-02
1061682 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-07-02
1019161 UAF In ProcessManager $7500 2020-07-01
1064112 Segv on unknown address in blink::Internals::getAgentId - 2020-07-01
1067270 Talos Security Advisory for Google Chrome PDFium (TALOS-2020-1044) $5000 2020-07-01
1063177 Declarative Net Request: Potential use after free while reindexing rulesets. - 2020-06-30
1054229 media_pipeline_integration_fuzzer: Use-of-uninitialized-value in ogg_find_codec - 2020-06-28
1059764 Security: container-overflow in MediaStream mojo - 2020-06-26
1060549 Security: PDFium heap-use-after-free in CPDFXFA_Page::GetNextXFAAnnot (XFA) $7500 2020-06-26
1062247 Incomplete fix of 1055788 and 1057627 - 2020-06-26
1032531 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1034223 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1035370 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1037730 Security: Full screen notification overlap on Windows and Linux $500 2020-06-25
1038580 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1038884 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1040055 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1040488 CrOS: Vulnerability reported in dev-db/sqlite - 2020-06-25
1052647 Security: Debug check failed: !context.get(context_entry).IsTheHole(isolate) - 2020-06-24
1061878 dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandPool::destroy - 2020-06-24
1059533 use-after-free in web_graphics_context_3d_provider_wrapper $2000 2020-06-23
933171 Trusted Types bypass with blob and meta refresh - 2020-06-20
933172 Trusted Type bypass with SVG - 2020-06-20
1004106 Security: heap-buffer-overflow in CFXJSE_FormCalcContext::unfoldArgs $7500 2020-06-20
1020026 Security: 'Press Esc to exit fullscreen' covered up by a popup page $1000 2020-06-20
1030901 Site Isolation Bypass: QuotaDispatcherHost doesn't properly check origin from renderer - 2020-06-20
1042210 Security: fullscreen notification spoof (repro issue 882812) $500 2020-06-20
1045787 Security: ChromeDriver is vulnerable to CSRF attack - 2020-06-20
1055303 Security: PDFium (XFA) Use uninitialized value in function CPDFSDK_FormFillEnvironment::SendOnFocusChange - 2020-06-20
1059669 Out-of-bounds read in WebSQL $3000 2020-06-20
1059686 UaF in DeferredTaskHandler::BreakConnections(2) - 2020-06-20
1060548 CrOS: Vulnerability reported in app-arch/libarchive - 2020-06-20
1060647 Security: WebRTC certificate parsing - 2020-06-20
1061018 UaF in DeferredTaskHandler::ProcessAutomaticPullNodes - 2020-06-20
1061154 gpu_fuzzer: Crash in gpu::gles2::Texture::SetLevelInfo - 2020-06-20
1061231 net_quic_stream_factory_fuzzer: Use-of-uninitialized-value in quic::QuicSentPacketManager::GetRetransmissionTime - 2020-06-20
1061389 gpu_fuzzer.exe: Crash in base::subtle::RefCountedBase::ReleaseImpl - 2020-06-20
1058515 Chrome fetches DevTools stuff using insecure http protocol - 2020-06-16
1059349 Security: usersctp: out-of-bounds reads in sctp_load_addresses_from_init - 2020-06-16
1059472 v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h - 2020-06-16
1030909 Site Isolation Bypass: DedicatedWorkerHostFactory doesn't properly check origin from renderer - 2020-06-15
1046021 CrOS: Vulnerability reported in media-libs/opencv - 2020-06-15
1055524 Not only "devools://" but also "chrome-devtools://" should be registered as display-isolated - 2020-06-15
1056222 MojoVideoEncodeAcceleratorService allows renderer to misuse its API leading to UAF - 2020-06-15
785159 Wrong origin shown for permission prompts after navigations that lead to interstitials $500 2020-06-13
1054966 Policy page opens a file dialogue even if the Allowñ€‹Fileñ€‹Selectionñ€‹Dialogs policy is set to false $500 2020-06-13
1059187 Bad-cast to blink::LayoutBlock from blink::LayoutTableSection in blink::AXLayoutObject::IsDataTable - 2020-06-13
1057418 skia_image_filter_proto_fuzzer: Use-of-uninitialized-value in sse2::repeat_y - 2020-06-12
1058653 Security: PDFium heap-use-after-free in CFDE_TextEditEngine::ReplaceSelectedText (XFA) $5000 2020-06-12
1054732 Heap-use-after-free in test_runner::WebFrameTestClient::DidAddMessageToConsole - 2020-06-10
1055869 Security: PDFium (XFA) Use-after-free in function CFDE_TextEditEngine::ReplaceSelectedText $5000 2020-06-10
1057593 UaF in DeferredTaskHandler::BreakConnections - 2020-06-10
1057627 UaP in AudioScheduledSourceHandler::NotifyEnded - 2020-06-10
1038527 cras_rclient_message_fuzzer: Heap-use-after-free in cras_dsp_ini_free - 2020-06-09
1054260 heap-use-after-free : content::FileChooserImpl::~FileChooserImpl - 2020-06-09
1057309 use-after-move in BinaryUploadService::UploadForDeepScanning - 2020-06-09
1057369 Use-of-uninitialized-value in double_conversion::DoubleToStringConverter::ToPrecision - 2020-06-09
1055131 Crash in Builtins_ArgumentsAdaptorTrampoline - 2020-06-07
1056273 Heap-use-after-free in test_runner::WebFrameTestClient::DidClearWindowObject - 2020-06-06
1056154 Chromium: Vulnerability reported in third_party/sqlite - 2020-06-05
1056440 Use-of-uninitialized-value in blink::WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider - 2020-06-05
986108 Security: PDFium heap-buffer-overflow in CFX_SkiaDeviceDriver::RestoreState $1000 2020-06-04
1035315 iframe sandbox allow_top_navigation_by_user_activation can be bypassed with certain extensions $1000 2020-06-04
1055788 UaP in IIRFilterHandler::Process - 2020-06-04
1056152 CrOS: Vulnerability reported in app-arch/libarchive - 2020-06-04
1056153 CrOS: Vulnerability reported in dev-libs/libpcre2 - 2020-06-04
965611 Security: Possible to open chrome-native:// pages on Android and the new tab page on desktop using window.open $1000 2020-06-03
976767 Security: heap-use-after-free in CPDFSDK_PageView::ExitWidget - 2020-06-03
1034519 Security: WebContentsViewAura::EndDrag may dereference a pointer to deleted RenderWidgetHost - 2020-06-03
1041406 UAF in chrome!content::FrameTreeNode::~FrameTreeNode $20000 2020-06-03
1054466 v8_wasm_compile_fuzzer: DCHECK failure in is_fp_pair() == other.is_fp_pair() in liftoff-register.h - 2020-06-03
1055124 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-06-03
1055142 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-06-03
1055223 Container-overflow in content::VizProcessTransportFactory::DisableGpuCompositing - 2020-06-03
1055338 Crash in blink::CSSPropertyValueSet::PropertyReference::PropertyValue - 2020-06-03
1055692 v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::ThreadImpl::Push - 2020-06-03
1056044 ulpfec_generator_fuzzer: Heap-buffer-overflow in webrtc::ForwardErrorCorrection::GenerateFecPayloads - 2020-06-03
949913 Use-after-free in CXFA_FFComboBox::OnProcessEvent $3000 2020-06-02
1054765 Heap-use-after-free in blink::MathMLSpaceElement::CollectStyleForPresentationAttribute - 2020-06-02
1055128 Crash in blink::StyleBuilderConverter::ConvertFontVariantEastAsian - 2020-06-02
1055221 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-06-02
1055393 UAF in chrome chrome!content::BrowserAccessibilityManager::GetFromAXNode $20000 2020-06-02
1055713 Segv on unknown address in blink::StyleBuilderConverterBase::ConvertFontFamily - 2020-06-02
1054139 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDrawArraysIndirect - 2020-05-30
982193 Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::OnProcessEvent $5000 2020-05-29
1026991 pdfium (XFA): invalid-vptr / uaf in CPDFSDK_PageView::ExitWidget $5000 2020-05-29
1045803 rtnl_handler_fuzzer: Crash in std::__1::enable_if<__is_cpp17_forward_iterator<unsigned char const*>::value, vo - 2020-05-29
1047838 Missing browser-process permission checks for WebNFC - 2020-05-29
1050046 ASSERT: CSA_ASSERT failed: SmiBelow(effective_index, LoadFixedArrayBaseLength(array)) - 2020-05-29
1054733 Use-after-poison in blink::LayoutObject::ViewRect - 2020-05-29
1054785 Bad-cast to blink::Node from invalid vptr in blink::LayoutObject::GetDocument - 2020-05-29
990897 Security: PDFium (XFA) Use-after-free in CXFA_FFDocView::SetFocus $7500 2020-05-28
1031152 cras_rclient_message_fuzzer: Heap-buffer-overflow in dsp_util_deinterleave_s24le - 2020-05-28
1031153 cras_rclient_message_fuzzer: Heap-buffer-overflow in cras_fmt_conv_create - 2020-05-28
1040329 heap use-after-free in CFDE_TextEditEngine::Insert $7500 2020-05-28
1051748 Use-after-poison in WebGLRenderingContextBase $8500 2020-05-28
1052651 Security: PDFium (XFA) Use-after-free in CFWL_Edit::OnChar $7500 2020-05-28
1052786 Security: PDFium (XFA) Use-after-free in CXFA_FFTextEdit::UpdateFWLData $7500 2020-05-28
1053617 Security: PDFium heap-use-after-free in CFWL_DateTimePicker::SetEditText (XFA) $7500 2020-05-28
1054429 Security: PDFium heap-use-after-free in CFWL_Edit::OnKeyDown (XFA) - 2020-05-28
453937 Cross origin access with exception object + full exploit $25633 2020-05-27
583431 Universal XSS in DocumentLoader::createWriterFor + full-chain exploit $25633 2020-05-27
1041749 Security: tel: protocal spoofing 2 $500 2020-05-27
1050996 Security: MediaElementAudioSourceNode bypasses CORS checks $1000 2020-05-27
1051017 Security: Type inference issue in Typer::Visitor::TypeInductionVariablePhi - 2020-05-27
1042566 Security: Use After Free in Deserializer::DeserializeDeferredObjects - 2020-05-26
1051368 navigator.sendBeacon doesn't make CORS preflight request - 2020-05-26
1051439 Security: sendBeacon allows sending arbitrary POST requests with application/octet-stream content type without CORS - 2020-05-26
1034023 Check Raw Clipboard permission and feature flag browser-side - 2020-05-24
1041330 Security: use-of-uninitialized-value in containsNoEmptyCheck - 2020-05-24
1040046 Security: Investigate "Zero length" BIOS write protect range UMA reports - 2020-05-24
1045931 Security: General check for streams not checking states correctly - 2020-05-24
1048555 Use after free in CodeSerializer::Deserialize $500 2020-05-24
1050011 Security: URL Spoof in Android PageInfo - 2020-05-24
1051075 libipp_fuzzer: Segv on unknown address in std::__1::__vector_base<ipp::StringWithLanguage, std::__1::allocator<ipp::String - 2020-05-24
1051564 libipp_fuzzer: Segv on unknown address in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std:: - 2020-05-24
1051912 DCHECK failure in 1 == map_.count(key) in wasm-engine.cc - 2020-05-24
1052442 Windows: Potential UaF In Job Object Notification. - 2020-05-24
1052576 CHECK failure: locale__value.IsString() in class-verifiers-tq.cc - 2020-05-24
995566 Heap-use-after-free in ChromePasswordManagerClient::OnPaste - 2020-05-21
1048038 Use after free in Logger::MapEvent $500 2020-05-21
1003501 PDFium (XFA) Use-after-free in CXFA_FFCheckButton::OnProcessEvent $6000 2020-05-20
1044277 Security: Possible to bypass restrictions on multiple downloads by initiating download from data: frame $500 2020-05-20
1049510 Unexpected reveal of service worker interception by using nextHopProtocol $2000 2020-05-20
1050419 Security: Use-after-poison in AudioWorkletNode $7500 2020-05-20
1051462 CrOS: Vulnerability reported in app-text/poppler - 2020-05-20
1049581 Security: Debug check failed: bytecode_offset >= 0 (-1 vs. 0) - 2020-05-19
1050756 Security: 'Copy As Curl' in the network panel of the devtools uses '--data' instead of '--data-raw', leading to arbitrary local file access $500 2020-05-19
1033972 Segv on unknown address in views::FocusSearch::FindNextFocusableView - 2020-05-16
1050090 Fix security vulnerability in PaintController on subsequence under-invalidation - 2020-05-16
925834 Security: seneschal allows bind-mounting arbitrary paths into 9p subtree - 2020-05-15
1043603 use-after-poison in mojo::MessageDispatcher $5000 2020-05-15
1048473 Use-after-destroy in WebAudio $7500 2020-05-15
1049129 rtp_frame_reference_finder_fuzzer: Use-of-uninitialized-value in unsigned long webrtc::Subtract<32768ul> - 2020-05-15
998514 Security: buffer overflow in modprobe - 2020-05-14
1036373 CrOS: Vulnerability reported in dev-libs/openssl - 2020-05-14
1036376 CrOS: Vulnerability reported in dev-libs/openssl - 2020-05-14
1044570 Security: SEGV_MAPERR with Intl.ListFormat and long strings $5000 2020-05-14
1047942 CVE-2020-8428 CrOS: Vulnerability reported in Linux kernel - 2020-05-14
1031670 ñ˜‚ Site Isolation Bypass via component extensions (e.g. via "Google Hangouts") - 2020-05-13
1045386 CrOS: Vulnerability reported in sys-fs/e2fsprogs - 2020-05-13
1047911 rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::GenericDescriptorInfo::~GenericDescriptorInfo - 2020-05-13
1047914 pdfium (XFA): oob read / use-of-uninitialized-value in CXFA_Node::SetSelectedItems $1000 2020-05-13
1047932 rtp_frame_reference_finder_fuzzer: Crash in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor - 2020-05-13
1048005 rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::video_coding::RtpFrameObject::~RtpFrameObject - 2020-05-13
1048013 rtp_frame_reference_finder_fuzzer: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader - 2020-05-13
1048024 rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long> >::deallocate - 2020-05-13
1032158 Security of some component extensions relies on untrustworthy MessageSender.id - 2020-05-12
1040700 heap-use-after-free : v8::internal::ArrayBufferTracker::RegisterNew - 2020-05-12
1047285 Security of media-router built-in extension relies on untrustworthy MessageSender.id - 2020-05-12
1048241 v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg - 2020-05-12
966507 Possible Sec-Fetch-Site bypass via PaymentRequest - 2020-05-11
1046019 CrOS: Vulnerability reported in app-arch/libarchive - 2020-05-11
639322 Automation API leaks tab URLs $500 2020-05-09
1010844 CXFA_FFPageView Use After Free $5000 2020-05-09
1041190 CVE-2019-19927 CrOS: Vulnerability reported in Linux kernel - 2020-05-09
1042915 pdfium (XFA): wrong object type in CXFA_FFPageView::GetPageViewRect $1000 2020-05-09
1043965 Security: Possible to navigate to extension resources not listed in web_accessible_resources $1000 2020-05-09
1045225 v8_wasm_compile_fuzzer: Stack-buffer-overflow in v8::internal::wasm::LiftoffAssembler::VarState::is_reg - 2020-05-09
1045487 rtnl_handler_fuzzer: Heap-buffer-overflow in shill::ParseAttrs - 2020-05-09
1045738 sqlite3_ossfuzz_fuzzer: Use-of-uninitialized-value in sqlite3Atoi64 - 2020-05-09
1046995 rtp_frame_reference_finder_fuzzer.exe: Invalid-free in webrtc::RTPVideoHeader::~RTPVideoHeader - 2020-05-09
1047024 rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9 - 2020-05-09
1047054 heap-buffer-underflow : content::DWriteFontLookupTableBuilder::CallbackOnTaskRunner::CallbackOnTaskRunner - 2020-05-09
1047095 rtp_frame_reference_finder_fuzzer: Crash in absl::allocator_traits<std::__Cr::allocator<long long> >::deallocate - 2020-05-09
1047097 PDFium: Apply fix for CVE-2020-8112 - 2020-05-09
1047156 CVE-2019-18282 CrOS: Vulnerability reported in Linux kernel - 2020-05-09
1047165 rtp_frame_reference_finder_fuzzer: Heap-buffer-overflow in webrtc::video_coding::RtpFrameReferenceFinder::ManageFrameVp9 - 2020-05-09
1047264 rtp_frame_reference_finder_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in webrtc::RtpGenericFrameDescriptor::~RtpGenericFrameDescriptor - 2020-05-09
1047355 Crash in v8::internal::StringHasher::HashSequentialString<char> - 2020-05-09
1047368 DCHECK failure in name->IsFlat() in factory.cc - 2020-05-09
851302 UI/URL Spoofing by opening popups and putting the background page into fullscreen $3000 2020-05-07
852645 requestFullscreen should consume user activation to prevent UI/URL spoofing $1000 2020-05-07
977872 pdf_codec_tiff_fuzzer: Heap-buffer-overflow in null_convert - 2020-05-07
1047074 DCHECK failure in Heap::IsLargeObject(obj) || Page::FromHeapObject(obj)->IsFlagSet(Page::SWEEP_TO_ - 2020-05-07
1006012 Security: URL bar spoofing on iOS $500 2020-05-06
1034225 CVE-2019-19524 CrOS: Vulnerability reported in Linux kernel - 2020-05-06
1034228 CVE-2019-19527 CrOS: Vulnerability reported in Linux kernel - 2020-05-06
1043443 CrOS: Vulnerability reported in net-analyzer/tcpdump - 2020-05-06
1044331 Use-after-poison in blink::SecurityContextInit::SecurityContextInit - 2020-05-06
1045812 Heap-buffer-overflow in cc::ScrollTimeline::UpdateScrollerIdAndScrollOffsets - 2020-05-06
1045797 Use-of-uninitialized-value in v8::internal::JSFunction::ToString - 2020-05-06
1045874 Security: OOB access in ReadableStream::Close - 2020-05-06
1046026 vtest_fuzzer: Heap-use-after-free in vrend_finish_context_switch - 2020-05-06
1046098 Use-of-uninitialized-value in v8::internal::wasm::NativeModuleCache::GetStreamingCompilationOwnership - 2020-05-06
1046321 CVE-2019-19332 CrOS: Vulnerability reported in Linux kernel - 2020-05-06
1045703 transfer_cache_fuzzer: Crash in GrConvertPixels - 2020-05-03
1045719 gpu_raster_swiftshader_fuzzer: Heap-buffer-overflow in void downsample_3_2<ColorTypeFilter_RGBA_F16> - 2020-05-03
1045721 gpu_raster_angle_fuzzer: Heap-buffer-overflow in sse2::load_af16 - 2020-05-03
1045722 gpu_raster_passthrough_fuzzer: Heap-buffer-overflow in SkRectMemcpy - 2020-05-03
1045723 transfer_cache_fuzzer: Heap-buffer-overflow in SkData::PrivateNewWithCopy - 2020-05-03
1045757 gpu_raster_swiftshader_fuzzer: Crash in void egl::Transfer< - 2020-05-03
1043070 CrOS: Vulnerability reported in dev-db/sqlite - 2020-05-02
1043095 dawn_wire_server_and_vulkan_backend_fuzzer: Null-dereference READ in dawn_native::DeviceBase::BaseDestructor - 2020-05-02
868145 Security: Loading mixed content without insecure warning $500 2020-05-01
1033824 Security: Unquoted Path in user Chrome Updater registry key - 2020-05-01
1035271 Security: 3D CSS transform and drop-shadow can draw over address bar $3000 2020-05-01
1045388 CVE-2020-7053 CrOS: Vulnerability reported in Linux kernel - 2020-05-01
1035399 Security: Site Isolation bypass in BlobURLStoreImpl::Register - 2020-04-30
1041828 Potential UaF in NavigationPredicator - 2020-04-30
1042091 Warn Chrome on downloads of for all .HTA files - 2020-04-30
1042145 Null-dereference READ in sqlite3VdbeExec - 2020-04-30
1042578 Security: SQLite 3.30.1 CVE-2019-19923 - NULL pointer dereference (or incorrect results) - 2020-04-30
1042700 Security: SQLite CVE-2019-19926 $500 2020-04-30
1042879 Security: Data race in AudioArray::Allocate can lead to OOB access - 2020-04-30
1042956 pdfium (XFA): UAF in CXFA_Node::HasFlag $5000 2020-04-30
1043508 pdfium (XFA): wrong object type in CXFA_FFNotify::OpenDropDownList $5000 2020-04-30
1043510 pdfium (XFA): wild-addr-read in GetWordBreakProperty $7500 2020-04-30
1044379 Bad-cast to blink::WebMouseEvent from blink::WebGestureEvent in test_runner::EventSender::HandleInputEventOnViewOrPopup - 2020-04-30
1031479 Security: Debug check failed: has_feedback_vector() $2000 2020-04-28
1041222 Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin - 2020-04-28
1042535 Security: webrtc: out-of-bounds write in FEC extension processing - 2020-04-28
1042933 Security: WebRTC: out-of-bounds write when updating layer info with frame marking extension - 2020-04-28
1039241 Use-of-uninitialized-value in blink::ObjectPainter::PaintAllPhasesAtomically - 2020-04-27
1043530 Use-of-uninitialized-value in v8::internal::GlobalHandles::NodeSpace<v8::internal::GlobalHandles::Node>::Relea - 2020-04-27
1025521 Security: <portal>s with an autofocus element get focus $500 2020-04-24
1029437 pdfium (XFA): oob read+write in CFDE_TextEditEngine::AdjustGap $5000 2020-04-24
1041411 heap-buffer-overflow in HRTFKernel $500 2020-04-24
1041546 Security: linux shell has all inheritable capabilities set by default - 2020-04-24
1042254 Security: More UaFs in WebAudio - 2020-04-24
1029829 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::EmulatedDefaultFramebuffer::Blit - 2020-04-23
1030167 Crash in v8::internal::Simulator::LoadStorePairHelper - 2020-04-23
1038828 Heap-use-after-free in net::URLRequestContext::CreateRequest - 2020-04-23
1039470 Heap-use-after-free in blink::NGPaintFragment::PopulateDescendants - 2020-04-23
1039869 Leaking the URL of any cross-origin redirect through AppCache's network section and wildcards $5000 2020-04-23
1040883 Heap-use-after-free in blink::NGPaintFragment::LayoutObjectWillBeDestroyed - 2020-04-23
1041174 Heap-use-after-free in views::NativeWidgetAura::Close - 2020-04-23
1031909 SIGTRAP hit in JIT code (Builtins_InterpreterEntryTrampoline) $2000 2020-04-21
1033771 Security: Debug check failed: is_valid(value). - 2020-04-21
1034695 third_party/sqlite version 3.30.1 is vulnerable - 2020-04-21
1037889 From secure page it is navigating to insecure page. $1000 2020-04-21
1038036 Security: Cross-Origin (Partial) Status Code Leakage $1000 2020-04-21
1040325 CHECK failure: *old_buffer != memory_object->array_buffer() in wasm-objects.cc $2000 2020-04-21
1040489 CrOS: Vulnerability reported in app-editors/vim - 2020-04-21
1041210 CHECK failure: Bytecode mismatch at offset 10 in interpreter.cc - 2020-04-21
1041240 DCHECK failure in 0 <= length in factory.cc - 2020-04-21
1041303 pdfium (XFA): use-of-uninitialized-value in CFWL_DateTimePicker::DrawWidget $500 2020-04-21
1041616 DCHECK failure in cache != this implies cache->outer_scope()->deserialized_scope_uses_external_cac - 2020-04-21
1062091 Security: UAF in InstalledAppProviderImpl (Desktop) $25000 2020-04-20
894477 Security: Extensions can continue to temporarily execute code and access file after being uninstalled $500 2020-04-18
997515 Security: Use-after-free in CXFA_FFDocView::SetFocus $5000 2020-04-18
1018677 Security: heap-use-after-free in content::SpeechRecognizerImpl::Abort $5000 2020-04-18
1020745 Security: Roll expat to patch CVE-2019-18197, CVE-2019-13117, CVE-2019-13118 $500 2020-04-18
1031679 Container-overflow in PermissionRequestManager::GetDisplayNameOrOrigin - 2020-04-18
1030415 DCHECK failure in !HasOptimizedCode() in js-objects.cc - 2020-04-18
1032677 Crash in v8::internal::Isolate::GetCodeTracer - 2020-04-18
1033461 sqlite3_select_expr_lpm_fuzzer: Heap-use-after-free in resetAccumulator - 2020-04-18
1037703 Heap-use-after-free in webrtc::VideoRtpReceiver::OnGenerateKeyFrame - 2020-04-18
1036667 Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant - 2020-04-18
1037872 Security:Potential Use after free in the function PerfJitLogger::LogWriteDebugInfo - 2020-04-18
1038243 Security DCHECK failure: !NeedsLayout() || LayoutBlockedByDisplayLock(DisplayLockLifecycleTarget::kChildr - 2020-04-18
1038489 pdfium_xfa_fuzzer: Heap-use-after-free in CJX_Object::~CJX_Object - 2020-04-18
1038863 Security: SQLite 3.30.1 vulnerabilities reported: CVE-2019-19880 and CVE-2019-19925 - 2020-04-18
1039059 CVE-2019-19447 CrOS: Vulnerability reported in Linux kernel - 2020-04-18
1039159 mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals - 2020-04-18
1040080 Security: 'Copy As Curl' in the network panel of the devtools does not escape the HTTP method properly, leading to local code execution $500 2020-04-18
1040403 DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO - 2020-04-18
1040444 DCHECK failure in mode == JSHeapBroker::BrokerMode::kSerialized implies kind == kUnserializedReadO - 2020-04-18
1040493 CVE-2019-20095 CrOS: Vulnerability reported in Linux kernel - 2020-04-18
633352 Security: If two windows are in fullscreen at the same time they can navigate to different origins without fullscreen being exited automatically. $1000 2020-04-15
803365 Cookies with SameSite=Strict; are sent for link rel="prerender" when requested from 3rd party site $2000 2020-04-15
959194 Heap-use-after-free in net::HttpCache::Transaction::DoCacheWriteResponse - 2020-04-15
995081 Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnKillFocus $5000 2020-04-15
1029865 heap-use-after-free : content::MediaInterfaceFactory::CreateVideoDecoder - 2020-04-15
1038019 Heap-use-after-free in content::RenderProcessHostImpl::CreateCodeCacheHost - 2020-04-15
1038178 Security: Missing deoptimization information for OptimizedFrame::Summarize - 2020-04-15
1039629 Security: PDFium (XFA) Use-after-free in CXFA_FFComboBox::OnSelectChanged $7500 2020-04-15
710190 Security: Reloading the content of a changed file - 2020-04-14
809350 Security: CORS bypassing by reusing CORS-successful Resources across SecurityOrigins on MemoryCache - 2020-04-14
991217 Security: Memory access violations when setting a breakpoint at a specific location - 2020-04-14
991899 Security: PDFium (XFA) Use-after-free in CXFA_FFWidget::OnKillFocus $7500 2020-04-14
1014371 Security: iframe sandbox can be worked around via javascript: links and window.opener $3000 2020-04-14
1035464 Heap-use-after-free in blink::NGOutOfFlowLayoutPart::Run - 2020-04-14
1021871 cras_rclient_message_fuzzer: Null-dereference READ in pthread_create - 2020-04-13
1031697 AutofillAssistantFacade.callerIsOnWhitelist() is not secure - 2020-04-13
609527 Make sure active mixed content and broken-https subresources do something reasonable on weird origins - 2020-04-11
1034299 media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals - 2020-04-11
1034480 CVE-2019-19332: Security: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid - 2020-04-11
1030411 JavaScript injection via malicious WebExtension in CWS $5000 2020-04-10
1030892 Site Isolation Bypass: SpeechRecognitionDispatcherHost doesn't properly check origin from renderer - 2020-04-10
1033795 UAF in blink::PaintLayer::CommonAncestor $5000 2020-04-10
1035058 Security: Autocomplete preview text leak #4: using ::first-line pseudo-element $5000 2020-04-10
1036697 CrOS: Vulnerability reported in dev-db/sqlite - 2020-04-09
1031142 Security: ñ˜‚ Site Isolation Bypass and Browser Code execution with heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed - 2020-04-08
999114 CVE-2019-15117 CrOS: Vulnerability reported in Linux kernel - 2020-04-07
999115 CVE-2019-15118 CrOS: Vulnerability reported in Linux kernel - 2020-04-07
1034563 Heap-use-after-free in views::BoundsAnimator::AnimationProgressed - 2020-04-07
1036604 CVE-2019-19241 CrOS: Vulnerability reported in Linux kernel - 2020-03-30
714617 Security: chrome.tabs.executeScript can reveal Chrome's profile path $500 2020-03-28
1035779 Security: heap-use-after-free in blink::BaseRenderingContext2D::DrawImageInternal - 2020-03-28
639173 ignored TLS errors propagate from webview to main browser $500 2020-03-27
959571 Security: Mixed content state reset when navigating back $500 2020-03-27
1033407 Security:Potential Use after free in the function ProfilerListener::CodeCreateEvent $2000 2020-03-27
1035371 Chromium: Two Vulnerabilities reported in sqlite 3.30.1 - 2020-03-27
571546 Security: Prompt boxes steal focus in popups - 2020-03-26
1025700 CrOS: Vulnerability reported in media-libs/tiff - 2020-03-26
1028722 sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint $3000 2020-03-26
1029002 sqlite3_shadow_table_fuzzer: ASSERT: pWriter || bIgnoreEmpty - 2020-03-26
1029027 sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3GetVarint - 2020-03-26
1029210 sqlite3_shadow_table_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge - 2020-03-26
1029506 sqlite3_shadow_table_fuzzer: Use-of-uninitialized-value in fts3IncrmergeHintPop - 2020-03-26
1031112 CVE-2019-17133 CrOS: Vulnerability reported in Linux kernel - 2020-03-26
1032170 Use browser-side URL to verify if extension messaging connection is allowed - 2020-03-26
1033395 Security:Wrong assumption lead to Use After Free in deserializer.cc $500 2020-03-26
1034745 Security: QuicStreamFactory incorrectly installs NullDecrypter - 2020-03-26
1035331 DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl.h - 2020-03-26
1035373 CVE-2019-19602 CrOS: Vulnerability reported in Linux kernel - 2020-03-26
1035723 Security: Heap-use-after-free in PaintController::FinishCycle() related to devtools overlay - 2020-03-26
1032090 pdfium: use-of-uninitialized-value in CRYPT_AESSetKey $2000 2020-03-24
1033841 Security: Debug check failed: IsNumber(). - 2020-03-23
1034394 A null pointer dereference has been discovered in V8 compiler which affects the latest version. $5000 2020-03-23
1015693 net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QuicSpdyStreamBodyManager::ReadBody - 2020-03-21
1032422 Security: pdfium(XFA) heap-use-after-free in CXFA_FFComboBox::OnProcessEvent $5000 2020-03-21
1033974 DCHECK failure in 0 <= at_least_space_for in objects.cc - 2020-03-21
1034167 DCHECK failure in i::AllowHeapAllocation::IsAllowed() in api.cc - 2020-03-21
1023810 use-after-poison in webaudio $10000 2020-03-20
1029462 use-after-free in AudioWorklet $7500 2020-03-20
1029530 CHECK failure: BigIntAsUintN of kRepWord64 (BigInt) cannot be changed to kRepWord32 in represen - 2020-03-20
1032548 Security: heap-buffer-overflow in AudioDelayDSPKernel::Process - 2020-03-20
1033260 Heap-use-after-free in net::VerifyWithGivenFlags - 2020-03-20
1026546 Security: Steal any local picture when open a local html file $1000 2020-03-19
1029375 Security: extensions with downloads.open permission can execute code on the device using .fileloc files $500 2020-03-19
1031895 Security: ReadableStream::pipeTo do not check IsLockedStream - 2020-03-19
1032054 Security: Debug check failed: IsAligned(ptr, kSlotDataAlignment) - 2020-03-19
1032906 Use-of-uninitialized-value in v8::internal::Runtime_StringCompareSequence - 2020-03-19
1033092 mediasource_MP4_FLAC_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals - 2020-03-19
1013906 Security: expose stored (in cache) cross-site response's size $500 2020-03-18
1029612 audio_decoder_fuzzer: Use-of-uninitialized-value in decode_residuals - 2020-03-18
1030381 Crash in cc::LayerTreeImpl::TotalScrollOffset - 2020-03-18
1031653 Security: heap-use-after-free in DesktopMediaPickerController::WebContentsDestroyed - 2020-03-18
1019732 Make sure that NetworkService doesn't propagate HttpOnly cookies to a renderer process - 2020-03-17
1032534 CVE-2019-19319 CrOS: Vulnerability reported in Linux kernel - 2020-03-17
922882 Security: Possible load of unitialized memory in WebRtcAec_Create - 2020-03-16
1022044 cups_ippreadio_fuzzer: Global-buffer-overflow in ippEnumString - 2020-03-14
1029054 cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrAlloc - 2020-03-14
1030660 CrOS: Vulnerability reported in net-analyzer/tcpdump - 2020-03-14
1031102 CrOS: Vulnerability reported in app-arch/libarchive - 2020-03-14
1031523 pdfium (XFA): oob read in HTMLSTR2Code $2500 2020-03-14
875503 Chrome notification system permits to a domain to request permissions for each 3rd level domain with no restriction $500 2020-03-13
968303 heap-use-after-free : base::RunLoop::Delegate::ShouldQuitWhenIdle - 2020-03-13
1027408 Security: tel: URL scheme reference origin spoof on Windows and Linux $2000 2020-03-12
1029414 Security: The sharing dialog can appear over the wrong tab (spoof) $2000 2020-03-12
1030583 Negative size parameter to memcpy in CPDF_SecurityHandler::GetUserPassword $500 2020-03-12
1030912 v8_wasm_compile_fuzzer: Segv on unknown address in unsigned long v8::internal::Simulator::MemoryRead<unsigned long, unsigned long> - 2020-03-12
1029565 pdfium (XFA): oob read in EncodeXML $2000 2020-03-11
1029576 Security: Debug check failed: 0 <= index && index < node->op()->ValueInputCount(). - 2020-03-11
1029617 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT - 2020-03-11
1018629 Use-of-uninitialized-value in SkPngEncoder::onEncodeRows - 2020-03-10
1025470 Security: Negative size passed to memcpy() in fts3NodeAddTerm (OOB read) - 2020-03-10
1025471 Security: Negative size passed to memcpy() in fts3IncrmergePush - 2020-03-10
1025472 Security: Memory leak in fts4, matchinfo() - 2020-03-10
1027426 Security: UaF in BrowserTabStripController::AddNewTabInGroup() - 2020-03-10
1028152 Heap-buffer-overflow in blink::FindBuffer::RangeFromBufferIndex $3000 2020-03-10
1028208 DCHECK failure in !is_compiled() || IsInterpreted() in js-objects.cc - 2020-03-10
1029338 DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h - 2020-03-10
1025463 Security: TFC2019 - Multiple issues in sqlite (Tracking Bug) - 2020-03-09
1028863 v8: Wrong JIT code that triggers SIGTRAP at runtime $5000 2020-03-09
1029129 Crash in cc::LayerTreeImpl::TotalScrollOffset - 2020-03-09
1026911 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false> - 2020-03-07
1027065 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT - 2020-03-07
1027470 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate - 2020-03-07
1023807 Update WHL microcode to enable kernel TAA mitigations - 2020-03-06
1025489 use-after-poison in base::internal::WeakReferenceOwner::Invalidate() $5000 2020-03-06
1028862 Trap in Builtins_InterpreterEntryTrampoline $5000 2020-03-06
1017871 Security: Injecting styles via copy-and-paste $10000 2020-03-05
1021431 Heap-use-after-free in content::GpuBenchmarking::Freeze - 2020-03-05
1022278 render_text_api_fuzzer: Heap-buffer-overflow in gfx::GetTextIndexForOtherText - 2020-03-05
1023843 CVE-2019-2201: libjpeg-turbo: code execution - 2020-03-05
1024182 Security: Arbitrary system memory access Intel GPU vulnerability (CVE-2019-0155) - 2020-03-05
1028172 agc_fuzzer: Heap-buffer-overflow in webrtc::GainControlImpl::ProcessCaptureAudio - 2020-03-05
1029174 DCHECK failure in *result == *match_info in js-regexp.cc - 2020-03-05
1029200 Crash in v8::internal::OrderedHashSet::ConvertToKeysArray - 2020-03-05
708595 Security: Print Preview allows spoofing on other tab $500 2020-03-04
1026994 Security: EC host commands leaking stack to AP userspace - 2020-03-04
1027025 DCHECK failure in *(maybe_code_handler.object()) == *StoreHandler::StoreSlow(GetIsolate()) in feed - 2020-03-04
1027176 Check feature policy for payment in the browser. - 2020-03-04
1028809 audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FloatToFloatS16 - 2020-03-04
1028614 audio_processing_fuzzer: Use-of-uninitialized-value in webrtc::FileWrapper::Write - 2020-03-04
990428 Tighten IDN policy for Kana + Latin domains - 2020-03-03
1016506 heap-buffer-overflow : WebRtcSpl_DownsampleFastC - 2020-03-03
1023095 zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in zucchini::Rel32FinderX86::Scan - 2020-03-03
1023183 zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned - 2020-03-03
1025255 hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage - 2020-03-03
1025464 Security: SQLite defense-in-depth bypass - 2020-03-03
1025465 Security: Uninitialized memory leak by nPrefix in fts3SegReaderNext - 2020-03-03
1025466 Security: Arbitrary memory overwrites (write-what-where) by nHeight in fts3IncrmergeLoad - 2020-03-03
1026729 DCHECK failure in !name->AsIntegerIndex(&index) in lookup-inl.h - 2020-03-03
1026909 DCHECK failure in name.IsUniqueName() in stub-cache.cc - 2020-03-03
1027109 DCHECK failure in heap_object.IsInternalizedString() in feedback-vector.cc - 2020-03-03
1027498 CHECK failure: 0 == instance_descriptors().number_of_slack_descriptors() in objects-debug.cc - 2020-03-03
1027926 Security: v8 Debug check failed: ResumeJumpTargetsAreValid(). - 2020-03-03
1028092 agc_fuzzer: Heap-buffer-overflow in webrtc::ApplyDigitalGain - 2020-03-03
1028181 DCHECK failure in !Heap::InYoungGeneration(name) in stub-cache.cc - 2020-03-03
1028191 CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc - 2020-03-03
1028207 Security: Debug check failed: !Heap::InYoungGeneration(name) - 2020-03-03
1028396 CHECK failure: descriptors != ReadOnlyRoots(isolate).empty_descriptor_array() implies !parent.o - 2020-03-03
1028475 DCHECK failure in start + search_string->length() <= string->length() in runtime-strings.cc - 2020-03-03
968809 Security: Clear rollback info from FPMCU stack when accessed - 2020-02-29
1026918 pdfium (XFA): invalid-vptr in CXFA_FFTextEdit::UpdateFWLData $2000 2020-02-29
1027410 DCHECK failure in dst_offset != src_offset in liftoff-assembler-x64.h - 2020-02-29
1027650 net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackInstructionDecoder::Decode - 2020-02-29
1027707 transfer_cache_fuzzer: Heap-buffer-overflow in SkRectMemcpy - 2020-02-29
1021677 Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc - 2020-02-28
1024741 transfer_cache_fuzzer: Crash in SkRectMemcpy - 2020-02-28
1025209 net_quic_stream_factory_fuzzer: Bad-cast to quic::QpackProgressiveDecoder from invalid vptr in quic::QpackProgressiveDecoder::Decode - 2020-02-28
1025467 2 Vulnerabilities in websql & sqlite (Tracking Bug) $2000 2020-02-28
1025911 transfer_cache_fuzzer: Heap-buffer-overflow in GrConvertPixels - 2020-02-28
1026354 gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8> - 2020-02-28
1027152 Security: heap-buffer-overflow in PasswordFormManager::OnGeneratedPasswordAccepted - 2020-02-28
1027292 Security: import maps are executed as classic scripts when the import map's flag is disabled - 2020-02-28
884693 Security: IDN URL Spoofing with using "ы" $500 2020-02-27
896453 Domain spoof using unicode characters that look like numbers - 2020-02-27
1025442 Security: IDN spoof with Latin Middle Dot (U+00B7) - 2020-02-27
1025468 DCHECK failure in result.NumberOfOwnDescriptors() == result.instance_descriptors().number_of_descr - 2020-02-27
1026500 Use-of-uninitialized-value in v8::internal::Simulator::FPRoundInt - 2020-02-27
1027045 Bad-cast to v8::internal::compiler::Operator1<v8::internal::compiler::FrameStateInfo, v8::internal::compiler::OpEqualTo<v8::internal::compiler::FrameStateInfo>, v8::internal::compiler::OpHash<v8::internal::compiler::FrameStateInfo> > from v8::internal::compiler::Operator1<v8::internal::MachineRepresentation, v8::internal::compiler::OpEqualTo<v8::internal::MachineRepresentation>, v8::internal::compiler::OpHash<v8::internal::MachineRepresentation> > in v8::internal::compiler::FrameStateInfoOf - 2020-02-27
930683 Security: Broadcom Bluetooth firmware vulnerability - 2020-02-26
954207 Heap-buffer-overflow in s_RLE_process - 2020-02-26
1015518 spvtools_as_fuzzer: Bad-free in spvBinaryDestroy - 2020-02-26
1015697 spvtools_as_fuzzer: Use-of-uninitialized-value in spvtools_as_fuzzer.cpp - 2020-02-26
1024256 Crash in blink::FindBuffer::RangeFromBufferIndex with emoji input - 2020-02-26
1025067 UaF in BluetoothAdapter::OnDiscoveryChangeComplete $20000 2020-02-26
1025109 Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer - 2020-02-26
1026479 CHECK failure: Type cast failed in CAST(last_index) at ../../src/builtins/builtins-regexp-gen.c - 2020-02-26
1053604 Security: Incorrect side effect modelling for JSCreate - 2020-02-26
1024758 Security: OOB Write in ReduceRegExpPrototypeTest $7500 2020-02-25
1025502 gpu_raster_angle_fuzzer: Crash in void downsample_1_2<ColorTypeFilter_8> - 2020-02-25
1018493 ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum - 2020-02-24
1022695 Crash in Builtins_InterpreterEntryTrampoline - 2020-02-24
1023144 ndproxy_fuzzer: Heap-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame - 2020-02-24
1024736 transfer_cache_fuzzer: Crash in GrConvertPixels - 2020-02-22
1024762 gpu_raster_angle_fuzzer: Heap-buffer-overflow in void downsample_1_2<ColorTypeFilter_8> - 2020-02-22
881675 Chrome v69 URL Spoof via FILE_SCHEME $500 2020-02-21
1022466 render_text_api_fuzzer: Heap-buffer-overflow in u_strlen_65 - 2020-02-21
1023853 use after poison in rtc_rtp_sender_impl.cc $5000 2020-02-21
1024099 CHECK failure: bytes <= NUMBER in runtime-typedarray.cc - 2020-02-21
1024116 Out-of-bounds access in WebBluetoothServiceImpl $20000 2020-02-21
1025089 Security: Fix number of arguments being passed when setting the thread name on Windows. - 2020-02-21
999956 Security: U2F misses reloading hardware binding secrets after deep sleep - 2020-02-20
1013669 Security: USBGuard accepts D-Bus messages from any - 2020-02-20
1019616 wayland_fuzzer: Heap-use-after-free in GrMemoryPool::allocate - 2020-02-20
1022554 render_text_api_fuzzer: Heap-buffer-overflow in gfx::CreateObscuredText - 2020-02-20
1022598 render_text_api_fuzzer: Stack-buffer-overflow in gfx::RenderText::OnTextAttributeChanged - 2020-02-20
1022855 Security: Missing HasPrototypeSlot() check in ConstructorBuiltinsbAssembler::EmitFastNewObject() results in out-of-bound read. $3000 2020-02-20
1022893 render_text_api_fuzzer: Heap-buffer-overflow in gfx::RenderText::OnTextAttributeChanged - 2020-02-20
1023442 ExcludeSchemeFromRequestInitiatorSiteLockChecks bypasses GetTrustworthyInitiator - 2020-02-20
1023941 heap-use-after-free : views::View::SetBackground - 2020-02-20
1024121 Heap-use-after-free in WebBluetoothServiceImpl $20000 2020-02-20
1016106 hammerd_load_ec_image_fuzzer: Crash in hammerd::FirmwareUpdater::LoadEcImage - 2020-02-19
1017793 vb2_keyblock_fuzzer: Global-buffer-overflow in vb2_load_fw_keyblock - 2020-02-19
1021855 Download Protection bypass - 2020-02-19
1023351 Use-after-poison in blink::EventListenerMap::Find - 2020-02-19
1023972 DCHECK failure in 4 == kSystemPointerSize in code-generator.cc - 2020-02-19
1016703 DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(capacity()) in fixed-array- - 2020-02-18
1007414 Security: Tracking Chrome OS running e2fsck on an untrusted file system? - 2020-02-17
1020031 CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar - 2020-02-17
699342 Security: //components/search_engine appears to be parsing arbitrary XML in the browser process - 2020-02-15
754304 UI Spoofing in External Protocol confirmation $1000 2020-02-15
947876 pdfium (XFA): oob read in CFXJSE_FormCalcContext::WordNum $2500 2020-02-15
968505 Security: Domain name spoofing on Unicode top-level domains - 2020-02-15
984513 The Permission for an important activity is set to null, as the result it can launched by any app. $1000 2020-02-15
997724 trunks_resource_manager_fuzzer: Use-of-uninitialized-value in base::debug::ProcessBacktrace - 2020-02-15
1005596 Security: tel: URL scheme reference origin spoof $2000 2020-02-15
1013882 Security: Autocomplete preview text STILL leaks credit card numbers - attacker can simply override system-ui font $5000 2020-02-15
1015872 libbrillo_dbus_data_serialization_fuzzer: Crash in variant_reader_recurse - 2020-02-15
1015858 libbrillo_dbus_data_serialization_fuzzer: Crash in _dbus_marshal_skip_array - 2020-02-15
1015881 zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned - 2020-02-15
1016092 hammerd_load_ec_image_fuzzer: Use-of-uninitialized-value in fmap_find_area - 2020-02-15
1016099 arc_setup_util_expand_property_contents_fuzzer: Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch - 2020-02-15
1016103 runtime_probe_probestatement_fuzzer: Index-out-of-bounds in _dbus_mem_pool_alloc - 2020-02-15
1016168 libbrillo_dbus_data_serialization_fuzzer: Use-of-uninitialized-value in _dbus_first_type_in_signature - 2020-02-15
1016813 cups_ippreadio_fuzzer: Heap-buffer-overflow in _cupsStrFree - 2020-02-15
1017020 heap-use-after-free : libusb_get_next_timeout - 2020-02-15
1017494 Security: PDFium heap-use-after-free in CPDFSDK_PageView::ExitWidget (XFA) $7500 2020-02-15
1017256 cups_ippreadio_fuzzer: Heap-buffer-overflow in ippAttributeString - 2020-02-15
1017707 Security: Phishing with Unicode Domains $500 2020-02-15
1017797 cgpt_fuzzer: Use-of-uninitialized-value in Crc32 - 2020-02-15
1017961 Heap-use-after-free in blink::AudioNodeOutput::Pull - 2020-02-15
1018512 ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame - 2020-02-15
1019648 v8_wasm_fuzzer: DCHECK failure in val.type == kWasmBottom || ValueTypes::MachineRepresentationFor(val.type) == Val - 2020-02-15
1020533 DCHECK failure in cell->value().IsTheHole(isolate) in js-objects.cc - 2020-02-15
1020906 ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::TranslateNDFrame - 2020-02-15
1021457 Security: Out of bounds index in array in function parameters $3000 2020-02-15
1021919 Use-after-poison in blink::RTCPeerConnectionHandler::OnaddICECandidateResult - 2020-02-15
1022558 Bad-cast to blink::RTCVoidRequest from invalid vptr in blink::OnReplaceTrackCompleted - 2020-02-15
856927 Omnibox with URL is displayed on NTP when forward history is browsed with Wifi or Mobile network disabled. - 2020-02-06
925035 CodeCacheHostImpl::DidGenerateCacheableMetadataInCacheStorage should verify |cache_storage_origin|. - 2020-02-06
1017695 spvtools_opt_legalization_fuzzer: Container-overflow in spvtools::Optimizer::Run - 2020-02-06
1018528 Flickering WebGL with {alpha:false} on mali-400 $500 2020-02-06
1018871 DCHECK failure in !has_pending_exception() in isolate.cc - 2020-02-06
1000887 Crash in v8::internal::Simulator::LoadStorePairHelper - 2020-02-05
1014607 Security: Out-of-bounds read/write in RegisterAllocationData after ResetSpillState - 2020-02-05
1017441 Sandboxed iframe Document can end up sharing execution context/type system with iframe's initial about:blank Document $5000 2020-02-05
1019226 Security - UAF in OfflineAudioContext $13370 2020-02-05
1019544 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::DoDeleteQueriesEXT - 2020-02-05
1019553 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::error::Error gpu::gles2::GLES2DecoderPassthroughImpl::DoCommandsImpl<false> - 2020-02-05
1019565 gpu_angle_passthrough_fuzzer: Null-dereference READ in gpu::gles2::GLES2DecoderPassthroughImpl::HandleDrawBuffersEXTImmediate - 2020-02-05
1008312 heap-use-after-free : GrSurfaceProxy::~GrSurfaceProxy - 2020-02-04
1010526 Security: URL bar spoofing with using a file:/// URL $500 2020-02-04
1017918 Heap-buffer-overflow in hsw::store_NUMBER - 2020-02-04
1008470 Security: AV in blink::ReadableStreamNative::Trace - 2020-02-03
1018565 Use-of-uninitialized-value in v8::internal::compiler::Hints::Add - 2020-02-03
1011600 PaymentManager: attacker has some control over PaymentManager/PaymentInstruments of a cross-origin context $500 2020-01-31
1016167 powerd_als_fuzzer: Use-of-uninitialized-value in base::internal::find_first_not_of - 2020-01-31
1016169 vpn_manager_service_manager_fuzzer: Stack-buffer-overflow in vpn_manager::ServiceManager::ConvertSockAddrToIPString - 2020-01-31
1017564 Security: URL bar spoofing on iOS with a very long URL $2000 2020-01-31
1016061 Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker - 2020-01-30
1016100 ndproxy_fuzzer: Stack-buffer-overflow in arc_networkd::NDProxy::Icmpv6Checksum - 2020-01-30
1016109 ec_usb_tcpm_v2_fuzzer: Index-out-of-bounds in prl_tx_construct_message - 2020-01-30
1016111 ndproxy_fuzzer: Use-of-uninitialized-value in arc_networkd::NDProxy::TranslateNDFrame - 2020-01-30
1016393 v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp - 2020-01-30
1016436 Bad-cast to content::RenderFrameImpl from invalid vptr in content::GpuBenchmarkingContext::GpuBenchmarkingContext - 2020-01-30
1017061 v8_wasm_code_fuzzer: DCHECK failure in stack_height >= c->end_label->target_stack_height in wasm-interpreter.cc - 2020-01-30
1015864 trunks_tpm_pinweaver_fuzzer: Stack-buffer-overflow in trunks::Serialize_pw_insert_leaf_t - 2020-01-29
1016166 dlcservice_boot_device_fuzzer: Use-of-uninitialized-value in dlcservice::BootDevice::GetBootDevice - 2020-01-29
1016450 DCHECK failure in HAS_SMI_TAG(ptr) in smi.h - 2020-01-29
993706 Security: Possible to obtain results of queryObjects using custom devtools formatters - 2020-01-28
1016038 Security: IndexedDB transactions should be inactive during structured serialization - 2020-01-28
1016165 Heap-buffer-overflow in blink::AudioDelayDSPKernel::Process - 2020-01-28
1016515 Unknown signal in Builtins_InterpreterEntryTrampoline - 2020-01-28
1010581 Use-of-uninitialized-value in test_runner::TestRunner::WorkQueue::ProcessWork - 2020-01-27
1015945 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (this->IsStruct()) in class-definitio - 2020-01-27
1013868 Security: heap-use-after-free in CPDF_AnnotList::CPDF_AnnotList $7500 2020-01-25
1015070 net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::IgnoreWirelessChange - 2020-01-25
1015129 net_base_address_tracker_linux_fuzzer: Heap-buffer-overflow in net::internal::AddressTrackerLinux::HandleMessage - 2020-01-25
1015567 Null-dereference READ in v8::internal::VariableProxy::var - 2020-01-25
971917 Site Isolation: Multiple restriction bypasses in registerñ€‹Protocolñ€‹Handler $3000 2020-01-24
1011950 Security: "universal" XSS via copy&paste $2000 2020-01-24
1013418 Bad-cast to ToolbarIconContainerView from views::View in AvatarToolbarButton::~AvatarToolbarButton - 2020-01-24
1015042 chaps_attributes_fuzzer: Heap-buffer-overflow in chaps::Attributes::ParseInternal - 2020-01-24
1015256 rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::HandlePli - 2020-01-24
1015791 Use-of-uninitialized-value in v8::internal::Scope::Scope - 2020-01-24
696208 Security: Chrome extension is disabled by crafted chrome-extension:// URL $500 2020-01-23
853670 SameSite cookies leakage via child browsing context $1000 2020-01-23
1013823 zucchini_disassembler_elf_fuzzer: Crash in zucchini::Rel32FinderX86::Scan - 2020-01-23
1013871 zucchini_disassembler_elf_fuzzer: Heap-buffer-overflow in (std::is_function<std::__Cr::remove_pointer<unsigned - 2020-01-23
1014834 v8_wasm_async_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffCompiler::UnOp - 2020-01-23
1010518 Security: AbsentPlaster bug on Chrome OS - 2020-01-22
1013490 Heap-use-after-free in blink::LayoutObject::IsDescendantOf - 2020-01-22
944619 Security: CORB not enforced for WebSocket requests $10000 2020-01-21
1013920 Security: Debug check failed: is_wasm_memory_. - 2020-01-21
1010569 Heap-use-after-free in content::WebContentsImpl::~WebContentsImpl - 2020-01-20
467329 Popups can be moved below the taskbar in windows $500 2020-01-18
990867 Cross-origin-read attack by using an audio tag to download a cross-origin resource $500 2020-01-18
1012055 Use-after-poison in mojo::ReceiverSetBase<mojo::Receiver<blink::mojom::blink::ManifestManager, mojo: - 2020-01-18
1012579 CHECK failure: Failed to create ICU number format, are ICU data files missing? in js-relative-t - 2020-01-18
1012663 Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe - 2020-01-18
1012727 Container-overflow in performance_manager::SharedWorkerWatcher::RemoveChildWorker - 2020-01-18
1013048 Use-of-uninitialized-value in performance_manager::GraphImpl::GetAllProcessNodes - 2020-01-18
1013485 Heap-use-after-free in performance_manager::GraphImpl::AddNewNode - 2020-01-18
981100 Security: ChromeVox exposes browser text from locked screen - 2020-01-17
999932 Security: Possible to spoof URL through use of document.open $500 2020-01-17
1001503 Security: UaF in Aura $20000 2020-01-17
1004212 Security: Insecure Chrome download allows malicious software to change downloaded file integrity - 2020-01-17
1004458 Use-of-uninitialized-value in password_manager::PasswordReuseDetectionManager::OnPaste - 2020-01-17
1005218 Security: Multiple file download protection bypass 2 $1000 2020-01-17
1007334 Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0) $2000 2020-01-17
1010765 Security: URL in Omnibox doesn't always match page content on iOS - 2020-01-17
1013013 CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h - 2020-01-17
1013042 Security: Debug check failed: Smi::IsValid(value) $5000 2020-01-17
1013058 DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in - 2020-01-17
1013135 DCHECK failure in !kCanBeWeak implies !IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_) in tagged-impl. - 2020-01-17
954219 Heap-use-after-free in pdf14_decrement_smask_color - 2020-01-15
984327 gstoraster_fuzzer: Heap-use-after-free in ptr_struct_mark - 2020-01-15
993415 Use-after-poison in blink::Node::EnsureEventTargetData $3000 2020-01-15
1003316 CVE-2017-18595 CrOS: Vulnerability reported in Linux kernel - 2020-01-15
1008947 Heap-use-after-free in AvatarMenu::~AvatarMenu - 2020-01-15
1011596 javascript_parser_proto_fuzzer: DCHECK failure in !parsing_module_ in preparser.h - 2020-01-15
1011677 heap-use-after-free : base::OnTaskRunnerDeleter::OnTaskRunnerDeleter - 2020-01-15
1011980 DCHECK failure in effect_edges > 0 in verifier.cc - 2020-01-15
1012580 Use-of-uninitialized-value in blink::GraphicsContext::SetURLForRect - 2020-01-15
1001854 CVE-2019-15214 CrOS: Vulnerability reported in Linux kernel - 2020-01-14
1003325 CVE-2019-15902 CrOS: Vulnerability reported in Linux kernel - 2020-01-14
1003326 CVE-2019-15916 CrOS: Vulnerability reported in Linux kernel - 2020-01-14
1010379 Security DCHECK failure: !object || (object->IsBox()) in layout_box.h - 2020-01-12
1010477 Security DCHECK failure: !object || (object->IsLayoutInline()) in layout_inline.h - 2020-01-12
1010759 Use-of-uninitialized-value in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2020-01-12
1011267 Heap-use-after-free in blink::PaintLayer::CompositingContainer - 2020-01-12
1011603 Heap-use-after-free in blink::LayoutObject::SetShouldCheckForPaintInvalidation - 2020-01-12
1010690 Use-of-uninitialized-value in views::ScrollView::Viewport::ViewHierarchyChanged - 2020-01-11
1010703 dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::ErrorScope::HandleErrorImpl - 2020-01-11
1010706 Heap-use-after-free in blink::LayoutObject::DestroyAndCleanupAnonymousWrappers - 2020-01-11
1011294 net_quic_stream_factory_fuzzer: Heap-use-after-free in quic::QpackHeaderTable::UnregisterObserver - 2020-01-11
1007194 Security: Use after free in MojoCdmProxyService $5000 2020-01-09
1009458 Use-after-poison in void blink::ScriptPromiseResolver::ResolveOrReject<blink::ScriptValue> - 2020-01-09
918674 Security: CVE-2018-19664 in libjpeg-turbo - 2020-01-08
948445 Security: multiple issues in SafeSetID LSM - 2020-01-08
957314 ClientNativePixmap implelementations don't validate handles - 2020-01-08
974375 ClientNativePixmapDmaBuf::ImportFromDmabuf() doesn't validate buffer size - 2020-01-08
1005251 Security: heap-use-after-free in RTCPeerConnectionHandler::SetLocalDescription $7500 2020-01-08
1005635 transfer_cache_fuzzer: Use-of-uninitialized-value in sse2::store_NUMBER - 2020-01-08
1010026 Heap-use-after-free in std::__1::vector<performance_manager::ProcessNode const*, std::__1::allocator<pe - 2020-01-08
981649 Use-of-uninitialized-value in send_delete_event - 2020-01-07
1004341 Security: Upgrade expat to 2.2.8 $500 2020-01-07
1005615 transfer_cache_fuzzer: Heap-buffer-overflow in load2 - 2020-01-07
1005630 transfer_cache_fuzzer: Heap-buffer-overflow in sse2::load_rgf16 - 2020-01-07
1005948 Security: Headers are processed for aborted requests when passed through service worker $500 2020-01-07
1008419 Crash in blink::MarkingVisitorBase::Visit - 2020-01-07
1008632 Sanitizer CHECK failure in "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0) - 2020-01-07
1009207 Crash in blink::HeapObjectHeader::CheckHeader - 2020-01-07
1009260 pdf_font_fuzzer: Use-of-uninitialized-value in ft_mem_free - 2020-01-07
1009278 Crash in blink::DOMWrapperWorld::Current - 2020-01-07
1009382 Crash in v8::internal::GlobalHandles::InvokeFirstPassWeakCallbacks - 2020-01-07
1008414 CHECK failure: Bytecode mismatch at offset 177 in interpreter.cc - 2020-01-06
1008714 Crash in blink::IsCallbackFunctionRunnableInternal - 2020-01-06
1007423 Heap-use-after-free in test_runner::TestRunner::WorkQueue::ProcessWork - 2020-01-05
974648 Use-of-uninitialized-value in uint64divmod - 2020-01-04
1000543 Use-of-uninitialized-value in blink::LayoutObject::ShouldUseTransformFromContainer - 2020-01-03
1007866 Security DCHECK failure: IsA<Derived>(from) in casting.h - 2020-01-03
1008216 Bad-cast to blink::Nodeblink::Node::ShadowIncludingRoot in blink::Node::UpdateDistributionInternal - 2020-01-03
1008316 Crash in blink::EventListenerMap::Contains - 2020-01-03
1008506 Use-of-uninitialized-value in viz::ContextCacheController::ClientBecameNotVisible - 2020-01-03
1008610 Bad-cast to GrContext from invalid vptr in viz::ContextCacheController::ClientBecameNotVisible - 2020-01-03
1008631 DCHECK failure in index < length_ in vector.h - 2020-01-03
1008709 Use-of-uninitialized-value in hsw::blit_row_s32a_opaque - 2020-01-03
985499 third_party/liblouis version 3.2.0 is vulnerable - 2020-01-02
990234 sqlite3_fts3_lpm_fuzzer: Heap-use-after-free in findElementWithHash - 2020-01-02
991888 SOP & Site Isolation bypass with Reader mode $5000 2020-01-02
1005753 Security: UAF in indexed_db_cursor.cc $20500 2020-01-02
1006544 Use-of-uninitialized-value in gfx::CubicBezier::SolveCurveX $4000 2020-01-02
1006545 Heap-use-after-free in blink::NGBlockNode::CopyChildFragmentPosition - 2020-01-02
1006763 Security: https://www.madeupdomainforcheck123.com reference in Chrome and Chromium code - 2020-01-02
824715 Security: RTL+ space, formatting, invisible characters can lead to URL Spoofing $3000 2020-01-01
1006435 spvtools_opt_size_fuzzer: Container-overflow in spvtools::opt::Instruction::GetSingleWordOperand - 2020-01-01