Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2021.json

Options
#Summary$$$Disclosure date
1040837Security: open an evil exe file via a "shortcut" in chrome://downloads/$5002021-12-31
1233375Referrer Spoof using <base href> and <style>$5002021-12-30
1248567SEGV in vk::Image::clear()$5,0002021-12-30
1252351tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::RandomGenerator::CalculateSeed-2021-12-30
1233566Cryptohome ephemeral mounts lack nosymfollow-2021-12-29
1251787Security: ASLR bypass via memory_instrumentation.mojom.Coordinator-2021-12-29
1251727Security: heap-use-after-free in content::RenderFrameHostImpl::delegate-2021-12-29
1283234Payment Handler gets cropped or partially lives outside of popup window -2021-12-29
1108714Security: WPA2-Enterprise/EAP WiFi Connection UI Discrepancy$3,0002021-12-28
1195566crash in ModalCloseWatcher::Close-2021-12-28
1240921Symlink traversal in network driver modprobe script$20,0002021-12-28
1250660Potential race condition during concurrent JIT compilation-2021-12-28
1250730h264_bitstream_parser_fuzzer: Crash in webrtc::BitstreamReader::ReadExponentialGolomb-2021-12-28
1250775Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-12-28
1251010vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::LibvpxVp9Encoder::SetSvcRates-2021-12-28
1248435SUMMARY: AddressSanitizer: use-after-poison event_listener_map.cc:144 in blink::EventListenerMap::Add$7,5002021-12-27
1152952Security: Cast tab can appear after navigation to a different origin$1,0002021-12-25
1085762Security: Improper Theme name sanitization in theme manager.$5002021-12-24
1182188Chromium: Vulnerability reported in third_party/xstream-2021-12-24
1206928use-after-poison network_state_notifier.cc:314 in blink::NetworkStateNotifier::NotifyObserversOnTaskRunner$5,0002021-12-24
1245607CrOS: Vulnerability reported in dev-libs/openssl-2021-12-24
1248665Null-dereference READ in ubsan_GetStackTrace-2021-12-24
1249602tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-24
1244348Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers$15,0002021-12-23
1246728dawn_wire_server_and_vulkan_backend_fuzzer.exe: Heap-use-after-free in tint::transform::DataMap::Add<tint::transform::SingleEntryPoint::Config,const-2021-12-23
1248661Security: heap-use-after-free in app_controller_mac.mm$10,0002021-12-23
1094945Security: Speculative type confusion - [1/3 - eBPF]$10,0002021-12-22
1182687Executable libraries could be loaded from noexec partitions-2021-12-22
1241643Crash in memfd:swiftshader_jit-2021-12-22
1246631SUMMARY: AddressSanitizer: heap-buffer-overflow SkPixmap.cpp:321 in SkPixmap::getColor$20,0002021-12-22
1246692skia_image_filter_deserialize_fuzzer: Illegal-instruction in SkSL::DSLParser::swizzle-2021-12-22
1193196CrOS: Vulnerability reported in dev-libs/glib-2021-12-21
1218099Yoga commit may be a security fix-2021-12-21
1238944Android Chrome & Chromium Browsers Address Bar Spoofing$3,0002021-12-21
1242392heap buffer overflow iin FingerprintHandler::HandleGetEnrollmentLabel$10,0002021-12-21
1247395Security: WebView's CookieManager APIs fix up URLs incorrectly, potentially allowing cookie theft-2021-12-21
1248768Heap-use-after-free in blink::ElementRuleCollector::CollectMatchingRules-2021-12-21
456994Extension Debugger API restrictions are trivially circumvented-2021-12-20
1246394Security: heap-use-after-free C:\b\s\w\ir\cache\builder\src\chrome\browser\ui\views\media_router\web_contents_display_observer_view.cc:56:22 in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive(class Browser *)$15,0002021-12-20
1248514Heap buffer overflow in PasswordSpecFetcher-2021-12-20
1248030Security: Use After Free in FileSystemAccessManagerImpl$15,0002021-12-19
1141803Heap-use-after-free in content::RenderFrameImpl::GetLocalRootRenderWidget-2021-12-17
1234050Nearby Share UI incorrectly appears in non-ChromeOS browsers: causes UAF$15,0002021-12-17
1241123Security: [ANGLE] Stack buffer overwrite in rx::StateManager11::syncVertexBuffersAndInputLayout$7,5002021-12-16
1242257Heap-use-after-free in ui::SendDamagedRectsRecursive$16,0002021-12-16
1245879Security: Incomplete fix for CVE-2021-30577$10,0002021-12-16
1246163tint_first_index_offset_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2021-12-16
1246301angle_translator_fuzzer: Use-of-uninitialized-value in sh::StructNameString-2021-12-16
1246612Use-after-poison in base::internal::WeakReferenceOwner::Invalidate-2021-12-16
1246652Bad-cast to SkSL::dsl::DSLGlobalVar from invalid vptr in SkTArray<SkSL::dsl::DSLGlobalVar, false>::checkRealloc-2021-12-16
1246705Crash in cppgc::internal::ConcurrentMarkingTask::Run-2021-12-16
1246780SUMMARY: AddressSanitizer: use-after-poison timer.cc:217 in base::internal::TimerBase::OnScheduledTaskInvoked$7,5002021-12-16
1246919Use-after-poison in blink::LayoutGrid::LayoutPositionedObjects-2021-12-16
1247182rtcp_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RTCPReceiver::ParseCompoundPacket-2021-12-16
1247686Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2021-12-16
1240952Security: [Chrome OS Readiness Tool] Public tracking bug: Service installer assigns wrong permissions to DCOM objects-2021-12-14
1243318M94 Merge Request for crbug.com/dawn/1065-2021-12-14
1244568Security: Cross-Origin information leak or delete in ContentIndex$5,0002021-12-14
1246748dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize-2021-12-14
1245881AddressSanitizer: use-after-poison execution_context_lifecycle_observer.cc:40 in blink::ExecutionContextLifecycleObserver::GetExecutionContext$5,0002021-12-13
1246606Security DCHECK failure: i < length() in string_view.h-2021-12-13
1246619Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2021-12-13
1244408dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in sw::PixelRoutine::PixelRoutine-2021-12-11
1245141dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in vk::CommandBuffer::submit-2021-12-11
1245605Chromium: Vulnerability reported in third_party/xstream-2021-12-11
1245786Security: Security DCHECK failure at blink::LayoutInline$5,0002021-12-11
1246412code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-12-11
1240538BluetoothRemoteGattCharacteristicTestWinrtOnly.StartNotifySessionDisconnectOnError failing on builder "win-asan"-2021-12-10
1240884Security: UAF in EditAddressProfileView::WindowClosing$17,0002021-12-10
1241036Chrome ANGLE Out-of-Bound in texStorage3D$7,5002021-12-10
1243117Security: UAF in AvailableOfflineContentProvider$15,0002021-12-10
1243622Security: Cross-Origin information leak in GetDeveloperIdsTask$2,0002021-12-10
1243535Security: AddressSanitizer: heap-use-after-free on address 0x11de0a00f100 SkPathEffectBase::asPoints and AddressSanitizer: heap-use-after-free on address 0x119b5ac92cd8 base::circular_deque-2021-12-10
1244490[sparkplug]Security: jit code memory corruption after use the generated baseline code to optimiztion the machine code-2021-12-10
1245053Security: Cross-Origin Response Size Leak Via BackgroundFetch$3,0002021-12-10
1245870DCHECK failure in (class_variable_) == nullptr in scopes.cc-2021-12-10
1245907Heap-use-after-free in chromeos::LoginApiDataForNextLoginAttemptPrefCleaner::~LoginApiDataForNextLoginA-2021-12-10
1246158dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_native::vulkan::ComputePipeline::Initialize-2021-12-10
1234284Use-after-Free in AudioDebugRecordingsHandler::StartAudioDebugRecordings$20,0002021-12-09
1242404oob in function StartupPagesHandler::HandleEditStartupPage$6,0002021-12-09
1242742Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$10,0002021-12-09
1243646Security: container-overflow in RecordEngagementMetric$20,0002021-12-09
1245046tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-09
1246065DCHECK failure in storage_.is_populated_ in optional.h-2021-12-09
1214199Security: Heap-use-after-free in BackgroundFetchDelegateBase::CancelDownload$10,0002021-12-08
1232279Security: Security: Clickjacking RCE of Chrome headless with Remote Debugging$3,0002021-12-08
1233942Use-after-Free on AudioDebugRecordingsHandler::StopAudioDebugRecordings$20,0002021-12-08
1239516use after free in sharing_hub::ScreenshotCapturedBubbleController::Capture$10,0002021-12-08
1239709Security: Insufficient CORS Check Leads to Cross-Origin Size Leak via BackgroundFetch API$3,0002021-12-08
1243733virgl_venus_fuzzer: Use-of-uninitialized-value in vn_decode_VkFormatProperties2_pnext_partial_temp-2021-12-08
1243989Use-after-poison in v8::internal::Scope::AllocateVariablesRecursively-2021-12-08
1244254Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvInRegister_NoBuiltinExit-2021-12-08
1244435DCHECK failure in header->IsMarked() in pointer-policies.cc-2021-12-08
1245003CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc-2021-12-08
1245079CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add-2021-12-08
1245145CHECK failure: map_object.IsMap() in mark-compact-inl.h-2021-12-08
1245357CHECK failure: black_size <= marking_state->live_bytes(page) in paged-spaces.cc-2021-12-08
1245405CHECK failure: bitmap(page)->AllBitsSetInRange( page->AddressToMarkbitIndex(current), page->Add-2021-12-08
1242269Security: Blink - Use After Free of DawnCallback.$7,5002021-12-04
1243562WebGPU mapped buffer range ArrayBuffers can be transferred-2021-12-04
1243920Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-12-04
1244134tint_spirv_tools_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-04
1203612Chrome OS cannot handle multiple/wildcard server names for "SubjectMatch" in .onc profiles, opening doors to impersonation attacks and credential thefts$3,0002021-12-03
1233932CrOS: Vulnerability reported in app-arch/libarchive-2021-12-03
1242315Security: Manifest.json can display overlay on non-origin tabs$1,0002021-12-03
1242841Security: UAF in WebAppIdentityUpdate$7,0002021-12-03
1242865tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-12-03
1243944tint_renamer_fuzzer: Stack-use-after-return in tint::sem::Pointer::Pointer-2021-12-03
1072444Security: cryptohomed file system interactions with less-privileged chronos user at /home/chronos/u-<hash>-2021-12-02
1100761Security: Possible to download files from sandboxed frames$3,0002021-12-02
1239910Security: Web GPU - Out of bound object manupilation in WebGPUImplementation::OnGpuControlReturnData()$7,5002021-12-02
1242862Heap-use-after-free in base::UnguessableToken const& base::internal::FunctorTraits<base::UnguessableTok-2021-12-02
1203399gpu_swangle_passthrough_fuzzer: Crash in gpu::gles2::GLES2DecoderPassthroughImpl::DoBindTexture-2021-12-01
1228248Feedback WebUIDialog does not observe Profile lifetime$5,0002021-12-01
1234544Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper-2021-12-01
1238108Heap-use-after-free in content::WebAXObjectProxy::ActiveDescendant-2021-12-01
1241193tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-12-01
1242650Heap-use-after-free in content::MediaStreamDispatcherHost::OnWebContentsFocused-2021-12-01
1233067Security: Overlong iframe CSP attribute allows you to send near-arbitrary length headers to a server and induce server errors$2,0002021-11-30
1237533TALOS-2021-1352: Google Chrome Blink setBaseAndExtent use after free vulnerability$7,5002021-11-30
1238158heap-use-after-free : ChromeAppDelegate::OnHide-2021-11-30
1238178heap-use-after-free : WebUIAllowlist::GetRuleIterator-2021-11-30
1241024uaf in sharing_hub::ScreenshotCapturedBubble::DownloadButtonPressed-2021-11-30
1241606M94 Merge Request for crbug.com/dawn/837-2021-11-30
1241912media_h265_decoder_fuzzer: Heap-buffer-overflow in media::H265Decoder::CalcRefPicPocs-2021-11-30
1241687crash in qrcode_generator::QRCodeGeneratorBubbleController::UpdateIcon-2021-11-30
1241913CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (!(!concurrent_search) || (array->IsS-2021-11-30
1242666CrOS: Vulnerability reported in dev-libs/nettle-2021-11-30
1242669CrOS: Vulnerability reported in net-misc/curl-2021-11-30
1202613Security: Stack overflow in nested message loops-2021-11-29
1242319Security: CVE-2021-3560 local privilege escalation through polkit-2021-11-29
1239895Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc-2021-11-28
1239057Security: UaF in TabStripModel::MoveWebContentsAtImpl$10,0002021-11-26
1239472Security: UAF in dav1d_get_bits function$5,0002021-11-26
1240033Heap-use-after-free in ash::AppDragIconProxy::GetBoundsInScreen-2021-11-26
1241192vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::ReadBits-2021-11-26
1241297vp9_qp_parser_fuzzer: Heap-buffer-overflow in rtc::BitBuffer::PeekBits-2021-11-26
1221913cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-25
1232095CHECK failure: args[0].IsJSPromise()-2021-11-25
1232658Security: ChromeOS root privilege escalation (pita, vm_concierge, arc-setup, DBus)$30,0002021-11-25
1232875CHECK failure: static_cast<uintptr_t>(caller_frame_top_) > stack_guard->real_jslimit() in deopt-2021-11-25
1233570Risky mkdirs and chowns in vm_tools init-2021-11-25
1234701dawn_wire_server_and_vulkan_backend_fuzzer: Crash in memfd:swiftshader_jit-2021-11-25
1235949Security: heap-use-after-free in ~PermissionRequestChip$10,0002021-11-25
1236209cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-25
1240670v8_wasm_compile_fuzzer: Crash in v8::internal::WasmArray::GcSafeSizeFor-2021-11-25
1213238heap-use-after-free : media_router::MediaRouterAndroidBridge::DetachRoute-2021-11-24
1234491Security: ChromeOS root privilege escalation (cups, crash-reporter, ghostscript, Upstart)$30,0002021-11-24
1234882Security: cupsd.conf Upstart root file write target-2021-11-24
1239595use after free in DiceTurnSyncOnHelperDelegateImpl::ShowEnterpriseAccountConfirmation($5,0002021-11-24
1240714CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsName_NonInline(*this)) in name-tq--2021-11-24
1235165Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-11-23
1235316use after free in blink::FrameLoader::DetachDocument$7,5002021-11-23
1240548dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-11-23
1239522DCHECK failure in native_module == current_native_module_ in code-space-access.cc-2021-11-22
1239820DCHECK failure in !header->IsFree() in pointer-policies.cc-2021-11-22
1238406cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-11-20
1238466hb_subset_fuzzer: Crash in OT::CPALV1Tail::serialize-2021-11-20
1239116v8_wasm_code_fuzzer: Crash in v8::internal::Simulator::LoadStoreHelper-2021-11-20
1237069Heap-use-after-free in ui::AXNode::GetUnignoredParent-2021-11-18
1238469hb_subset_fuzzer: Use-of-uninitialized-value in TrySubset-2021-11-18
1238731paint_op_buffer_fuzzer: Heap-use-after-free in SkCanvas::internalRestore-2021-11-18
1232914Security: Heap-use-after-free in AutofillManager::OnLoadedServerPredictions$1,0002021-11-17
1234878Security: Arbitrary code execution in ghostscript-2021-11-17
1234880Security: crash-reporter dirty root write-2021-11-17
1238268Security: heap-use-after-free in in download::NetworkStatusListenerImpl::OnNetworkStatusReady$20,0002021-11-17
1083337URL spoofing on iOS by repeatedly navigating a new window$5002021-11-16
1221914cras_rclient_message_fuzzer: Use-of-uninitialized-value in volume_gain-2021-11-16
1230767Google Chrome WebRTC addIceCandidate use after free vulnerability (TALOS-2021-1348)$22,0002021-11-16
1232628uaf in display::DisplayList::GetCurrentDisplay (chromeos version)$15,0002021-11-16
1234259Security: a READ memory access in jsimd_huff_encode_one_block_sse2$5,0002021-11-16
1234829Security: [ANGLE] Heap use-after-free in TextureD3D::releaseTexStorage$9,5002021-11-16
1236701Security: UAF in Screens::UpdateScreenInfos due to iterator invalidation$7,5002021-11-16
1236958v8_wasm_compile_fuzzer: DCHECK failure in node->InputAt(1) == loop_header in loop-analysis.cc-2021-11-16
1209469Security: OOB write after creating pinned tab that's also in a group$10,0002021-11-15
1209616Security: OOB read when window is closed while a link is being dragged over the tab strip$5,0002021-11-15
1223388hb_subset_fuzzer: Heap-buffer-overflow in OT::CPALV1Tail::serialize-2021-11-15
1230932libaom_av1_dec_fuzzer: Use-of-uninitialized-value in aom_lowbd_blend_a64_d16_mask_c-2021-11-15
1231650tint_spv_reader_wgsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2021-11-15
1232808libaom_av1_dec_fuzzer: Use-of-uninitialized-value in av1_dist_wtd_convolve_2d_copy_c-2021-11-15
1236809Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-11-15
1237387CHECK failure: Ref construction failed in heap-refs.cc-2021-11-15
999110CrOS: Vulnerability reported in net-wireless/hostapd-2021-11-12
1199865Security: spook.js attacks on site vs origin isolation; extensions$3,0002021-11-12
1221068heap-use-after-free : content::NativeIOManager::OnDeleteOriginDataCompleted-2021-11-12
1228557Security: UaF in TabGroupEditorBubbleView::UpdateGroup()$10,0002021-11-12
1233564Security: Data race in HRTFDatabaseLoader::WaitForLoaderThreadCompletion-2021-11-12
1233585vm_concierge init allows bind mounting over symlinks-2021-11-12
1235222Security: Autofill prompt can render over browser UI (bypasses of recent reports)$3,0002021-11-12
1236563CHECK failure: Ref construction failed-2021-11-12
1236614DCHECK failure in FLAG_flush_baseline_code || FLAG_flush_bytecode in heap-inl.h-2021-11-12
1236694Security: BigInt ToStringFormatter Crash$5,0002021-11-12
1237073CHECK failure: Ref construction failed in heap-refs.cc-2021-11-12
1004112CVE-2019-16234 CrOS: Vulnerability reported in Linux kernel-2021-11-09
1209622AddressSanitizer: heap-use-after-free scoped_blocking_call_internal.cc:208 in base::internal::IOJankMonitoringWindow::OnBlockingCallCompleted$15,0002021-11-09
1234764v8/Turbofan: Invalid rotate-right optimization + Typer hardening bypass$21,0002021-11-09
1234770v8/Turbofan: Wrong optimization of bitfield checks$21,0002021-11-09
1231933Security: UAF in perfromance_manager's site_data_impl.cc$10,0002021-11-08
1234009Use-after-Free in FileSystemChooseEntryFunction::FilesSelected$20,0002021-11-08
1234321Security: blink_platform!blink::CreateImageFromVideoFrame checkfailed-2021-11-08
1235072dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-11-08
1232617use after free in IsIndeterminate (chromeos version)$15,0002021-11-07
1234676Stack-use-after-return in blink::StyleVariables::GetValue-2021-11-07
1231877tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-11-05
1233975Use-after-Free on HandleOnPerformDrop$20,0002021-11-05
1022790Security: SameSite=Lax cookie sent with cross-origin request inside iframe$1,0002021-11-04
1217396trunks_tpm_pinweaver_fuzzer: Global-buffer-overflow in google::protobuf::internal::EpsCopyInputStream::ReadString-2021-11-04
1230128tint_inspector_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-11-04
1231134UAF in PrintViewManager$20,0002021-11-04
1233354Heap-buffer-overflow in CJS_Field::setFocus-2021-11-04
1233430Type confusion in blink::StyleBuilderConverterBase::ConvertFontSize Security DCHECK failed: IsA<Derived>(from).$5,0002021-11-04
1233572dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Server from invalid vptr in dawn_wire::server::Server::InjectDevice-2021-11-04
1233707sqlite3_select_printf_lpm_fuzzer: Use-of-uninitialized-value in fixDistinctOpenEph-2021-11-04
1234206CHECK failure: !map.is_dictionary_map() implies map.is_stable()-2021-11-04
1234357dawn_wire_server_and_frontend_fuzzer: Bad-cast to dawn_wire::server::Serverdawn_wire::server::Server::InjectDevice in dawn_native::LoggingCallbackTask::HandleShutDown-2021-11-04
1190550Security: UAF in InputHandler::InputInjector::InjectKeyboardEvent$10,0002021-11-02
1216898Security: heap-buffer-overflow in TabStripModel::IsTabBlocked-2021-11-02
1219354URL spoofing using tel:$1,0002021-11-02
1222120Heap-use-after-free in ash::DesksBarView::FinalizeDragDesk-2021-11-02
1224238use after free content::FontAccessManagerImpl::DidChooseLocalFonts$20,0002021-11-02
1224753Security: SkAbort_FileLine Assert Failed-2021-11-02
1228036CHECK failure: addr + size <= chunk_->area_end()-2021-11-02
1231369tint_binding_remapper_fuzzer: Heap-buffer-overflow in tint::fuzzers::ExtractBindingRemapperInputs-2021-11-02
1231503tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::Reader::string-2021-11-02
1231950v8_wasm_async_fuzzer: Crash in v8::internal::LogicVRegister::ReadUintFromMem-2021-11-02
1232733DCHECK failure in chars[i] != bigint::kStringZapValue in bigint.cc-2021-11-02
1233397Security: Out of bounds memory access in BigInt$15,0002021-11-02
1251541Security: Universal Cross-Site Scripting (UXSS) - completing previously searched text in NTP$1,0002021-11-01
663512Redirects should be handled by CSP form-action in a spec-compliant way-2021-10-30
823241Referrer Policy bypass with javascript URL$1,0002021-10-30
923648CrOS: Vulnerability reported in sys-apps/busybox-2021-10-30
1101897Security: Possible to escape sandbox via devtools_page (alternative method)$5,0002021-10-30
1215711v8_inspector_fuzzer: Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit-2021-10-29
1223390dawn_wire_server_and_d3d12_backend_fuzzer.exe: Heap-use-after-free in dawn_wire::server::Server::InjectDevice::<lambda_1>::__invoke-2021-10-29
1223603dawn_wire_server_and_vulkan_backend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::InjectDevice-2021-10-29
1227777Security: HeapOverflow in RecentlyUsedFoldersComboModel$20,0002021-10-29
1227933Heap-use-after-free in blink::NGOutOfFlowLayoutPart::SaveStaticPositionOnPaintLayer-2021-10-29
1228134dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return-2021-10-29
1228672CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-29
1229298Security: Chrome: UAF in BindFileUtilitiesHost$20,0002021-10-29
1229516Security: WebShare from ephemeral tab triggers browser crash-2021-10-29
1229625TaskManager fails to keep Profile alive leading to UAF in CreateNativeWidget$1,0002021-10-29
1230369webcodecs_audio_encoder_fuzzer: Use-of-uninitialized-value in media::AudioOpusEncoder::OnFifoOutput-2021-10-29
1230409webcodecs_image_decoder_fuzzer: Heap-buffer-overflow in media::DownShiftHighbitVideoFrame-2021-10-29
1230431DCHECK failure in IsNumber() in objects-inl.h-2021-10-29
1230530Security: heap-use-after-free in the PaymentCredential in the browser process$20,0002021-10-29
1230513Security: heap-use-after-free in WebDataRequestManager::RequestCompletedOnThread$10,0002021-10-29
1231117CHECK failure: proto.map().oddball_type() == OddballType::kNull in compilation-dependencies.cc-2021-10-29
1231169tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint::fuzzers::AddPlatformIndependentPasses-2021-10-29
1231432use after poison in ImageDecoderExternal$5,0002021-10-29
1231704Crash in v8::internal::ClearStaleLeftTrimmedHandlesVisitor::FixHandle-2021-10-29
1231705DCHECK failure in current.map_word(kRelaxedLoad).IsForwardingAddress() || current.IsFixedArrayBase-2021-10-29
1231952CHECK failure: Promise::kPending == promise->status() in objects.cc-2021-10-29
1232115garcon_mime_types_parser_fuzzer: Use-of-uninitialized-value in ReadInt-2021-10-29
1221130CrOS: Vulnerability reported in dev-libs/libgcrypt-2021-10-26
1226373Security: Clickjacking$5002021-10-26
1229196code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-10-26
1230324tint_ast_clone_fuzzer: Illegal-instruction in TintInternalCompilerErrorReporter-2021-10-26
1230784Crash in cppgc::internal::PageBackend::FreeLargePageMemory-2021-10-26
1230936DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-compil-2021-10-26
1203880heap-use-after-free : system_media_permissions::`anonymous namespace'::CheckSystemMediaCapturePermission-2021-10-25
1227351v8_wasm_fuzzer: DCHECK failure in force_emit || !require_jump in assembler-arm.cc-2021-10-25
1230239vp9_replay_fuzzer.exe: Illegal-instruction in webrtc::vp9::BitstreamReader::IfNextBoolean-2021-10-25
1230265Trap in v8::internal::__RT_impl_Runtime_AbortCSAAssert-2021-10-25
1230266tint_all_transforms_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read-2021-10-25
1197196tint_spv_reader_msl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2021-10-24
1218468heap use after free in ChromePageInfoDelegate::OpenConnectionHelpCenterPage-2021-10-24
1230139Security: heap-buffer-overflow in libavif's avifImageScale() function-2021-10-24
1205883COOP is ignored on navigation errors followed by reloads-2021-10-22
1220692BrlTTY allows for arbitrary chmod 777-2021-10-22
1220696BrlTTY allows for arbitrary root write-2021-10-22
1226909Security: crossOriginIsolated bypass$3,0002021-10-22
1228720v8_wasm_async_fuzzer: DCHECK failure in pc_offset() <= first_const_pool_32_use_ + kMaxDistToIntPool in assembler-arm.h-2021-10-22
1220237Null-dereference READ in ubsan_GetStackTrace-2021-10-21
1226318virgl_fuzzer: Use-of-uninitialized-value in vrend_destroy_shader_object-2021-10-21
1228233DCHECK failure in effect_edges > 0 in verifier.cc-2021-10-21
1228669tint_robustness_fuzzer.exe: Illegal-instruction in tint::fuzzers::FatalError-2021-10-21
1229198Heap-use-after-free in blink::LayoutObject::PropagateStyleToAnonymousChildren-2021-10-21
1227315Security: HeapOverflow in ProtocolHandler$20,0002021-10-20
1227979Security DCHECK failure: as_image_observer_count_ > 0u in layout_object.cc-2021-10-20
1228643zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X86Traits>::MakeReadAbs32-2021-10-20
1228641zucchini_disassembler_win32_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations-2021-10-20
1228730Bad-cast to blink::LayoutObject from invalid vptr in blink::LayoutInline::SplitFlow-2021-10-20
1228950zucchini_imposed_ensemble_matcher_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerWin32<zucchini::Win32X64Traits>::MakeReadAbs32-2021-10-20
1229001Crash in blink::LayoutObject::SlowLastChild-2021-10-20
1229004Heap-use-after-free in blink::Text::RecalcTextStyle-2021-10-20
1229031Heap-use-after-free in blink::HasRenderedNonAnonymousDescendantsWithHeight-2021-10-20
1229056Crash in blink::LayoutListItem* blink::DynamicTo<blink::LayoutListItem, blink::LayoutObje-2021-10-20
1229032Heap-use-after-free in blink::NGBlockNode::FirstChild-2021-10-20
1229071Heap-use-after-free in blink::LayoutObject::SetNeedsLayoutAndFullPaintInvalidation-2021-10-20
1229201Heap-use-after-free in blink::LocalFrameView::UpdateDocumentAnnotatedRegions-2021-10-20
1163124arc-sensor.conf can be used to break out the user namespace when creating /dev/.arc_sensor_ready-2021-10-19
1193925Security: Overflow in handwriting-2021-10-19
1217064v8_wasm_code_fuzzer: CHECK failure: interpreter_result.result() == result_compiled-2021-10-19
1228069tint_msl_transform_fuzzer: Heap-buffer-overflow in tint::writer::msl::GeneratorImpl::EmitTypeConstructor-2021-10-19
1228365CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h-2021-10-19
854424Cross-origin download bypasses SameSite cookie$1,0002021-10-18
1209154zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::RemoveOverlappingAbs32Locations-2021-10-18
1224142Debug check failed: scheduled_exception() == ReadOnlyRoots(heap()).termination_exception()-2021-10-18
1228229CHECK failure: kind() == CodeKind::BASELINE-2021-10-18
1226337Container-overflow in cc::draw_property_utils::LayerShouldBeSkippedForDrawPropertiesComputation-2021-10-17
1226357Container-overflow in cc::LayerImpl::LayerPropertyChangedFromPropertyTrees-2021-10-17
1174491CrOS: Vulnerability reported in sys-libs/glibc-2021-10-16
1214481(Chrome & Chromium Browsers) Blank Address Bar Temporary Spoof$1,0002021-10-16
1223426gpu_raster_passthrough_fuzzer: Crash in CopyRow_C-2021-10-16
1226890Security: Use-After-Free in FileSystemAccessManager.GetEntryFromDataTransferToken-2021-10-16
1226298Container-overflow in cc::draw_property_utils::CalculateDrawProperties-2021-10-16
936397CrOS: Vulnerability reported in sys-libs/glibc-2021-10-15
1220810CHECK failure: addr + size <= chunk_->area_end()-2021-10-15
1219994Chromium: Vulnerability reported in third_party/libxml-2021-10-15
1225929Security: Web pages can use ProcessInternals and ConversionInternals Mojo interfaces-2021-10-15
1226323Security: Security DCHECK failed i < length() in WTF::StringView::operator[]$2,0002021-10-15
1227241Bad-cast to blink::ScriptWrappable from invalid vptr in blink::DOMDataStore::GetWrapper-2021-10-15
1227596CHECK failure: JSFunctionRef construction failed-2021-10-15
1259077Security: form-action's blocking of redirects allows top-navigation XSLeak-2021-10-15
1214234Security: Heap-use-after-free in CreditCardAccessManager::FetchCreditCard$20,0002021-10-14
1216822Security: An <option> with a long label causes browser crash$6,0002021-10-14
1221880Invalid-free in base::TaskAnnotator::RunTask-2021-10-14
1219995CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-14
1224419UAF in WebAppInternalsPageHandlerImpl::GetExternallyInstalledWebAppPrefs-2021-10-14
1226659Use-after-poison in blink::ImageResourceContent::ShouldPauseAnimation-2021-10-14
1226988CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsHeapObject()) in heap-object.h-2021-10-14
1227228heap-use-after-free : IOSurfaceNotifierNotifyFunc-2021-10-14
1226360Segv on unknown address in blink::ScriptState::From-2021-10-13
1190493Heap-use-after-free in vk::Buffer::getOffsetPointer$6,0002021-10-12
1225607DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2021-10-12
1223839DCHECK failure in is_liftoff() || tier() == ExecutionTier::kTurbofan in wasm-code-manager.cc-2021-10-11
1226056Crash in MergeUVRow_SSE2-2021-10-10
1219082Security: [ANGLE] Out-of-bounds write in Renderer11::blitRenderbufferRect$7,5002021-10-09
1225786DCHECK failure in !broker->IsMainThread() in heap-refs.cc-2021-10-09
1197149Add FTPS to request port blocklist to combat ALPACA attack-2021-10-07
1200995heap-use-after-free : extensions::ChromeAppSorting::FixNTPOrdinalCollisions-2021-10-07
1204722Security: Autofill suggestion UI should dismiss permissions UI-2021-10-07
1219870Security: Use-after-free in NavigatorShare::OnConnectionError$7,5002021-10-07
1223667Security: HeapOverflow in BookmarkBarView$10,0002021-10-07
1207839tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::Reader::read-2021-10-05
1214842Security: GC freeing reachable objects in JSON parser$5,0002021-10-05
1217598Heap-use-after-free in blink::TextPainterBase::CreateDrawLooper-2021-10-05
1219209Security: Use-after-free with XSLT strip-space$2,0002021-10-05
1219630Security: JS object corruption in WasmJs::InstallConditionalFeatures-2021-10-05
1219886AddressSanitizer: heap-buffer-overflow on gpu::CopyArraysToBuffer transfer_buffer_cmd_copy_helpers.h:80$8,5002021-10-05
1220250Crash in GL_GenerateMipmap method.$7,5002021-10-05
1221309OpenXR VR session exits with Samsung mixed reality controllers$5002021-10-05
1221406heap-use-after-free in task_manager$15,0002021-10-05
1224041Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-10-05
1219199dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-10-02
1223103cras_rclient_message_fuzzer: Use-of-uninitialized-value in cras_main_message_send-2021-10-02
1223459virgl_fuzzer: Segv on unknown address in virgl_renderer_context_destroy-2021-10-02
1127594CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1194959CrOS: Vulnerability reported in app-arch/tar-2021-10-01
1211312CrOS: Vulnerability reported in dev-libs/libxml2-2021-10-01
1215243counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-10-01
1216022dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-10-01
1220068DCHECK fail in webaudio worklet-2021-10-01
1221221Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-10-01
1221890Security DCHECK failure: !resource_clipper->NeedsLayout() in clip_path_clipper.cc-2021-10-01
1223191Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode-2021-10-01
1223549ec_pchg_fuzzer: Global-buffer-overflow in test_fuzz_one_input-2021-10-01
1223584CHECK failure: args.Length() == 2 in d8-test.cc-2021-10-01
1223740heap-use-after-free : blink::PaintController::FinishCycle-2021-10-01
1206407tint_single_entry_point_fuzzer: Illegal-instruction in tint::fuzzers::ValidityErrorReporter-2021-09-30
1210550gpu_raster_passthrough_fuzzer: Crash in CopyRow_ERMS-2021-09-30
1210985Security: OOB write after moving pinned tab into a group$15,0002021-09-30
1218973Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1219377Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-09-30
1194689heap-buffer-overflow : media::D3D11H264Accelerator::SubmitFrameMetadata-2021-09-29
1209517sqlite3_fts3_lpm_fuzzer: Heap-buffer-overflow in sqlite3Fts3Incrmerge-2021-09-29
1218707Security: UAF in websql$5002021-09-29
1218974Security: ChromeOS root privilege escalation (brltty, vpn-manager, cros_camera_server)$30,0002021-09-29
1220754skia_path_fuzzer: Crash in blit_aaa_trapezoid_row-2021-09-29
1221897Heap-use-after-free in blink::LayoutBlockFlow::RemoveChild-2021-09-29
1221840Heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode$6,0002021-09-29
1222160Bad-cast to blink::LayoutBox from blink::LayoutInline in blink::LayoutBox::SplitAnonymousBoxesAroundChild-2021-09-29
1178183cups_ipp_t_fuzzer: Crash in ippDelete-2021-09-28
1202102Security: UAF when attempting to move tab group in restored window$10,0002021-09-28
1212599AddressSanitizer: heap-use-after-free fft_frame_pffft.cc:81 in blink::FFTFrame::FFTSetupForSize$7,5002021-09-28
1214641Heap-use-after-free in blink::IsLayoutObjectRelevantForAccessibility-2021-09-28
1215029Security: UAF when sending tab to device$10,0002021-09-28
1221812DCHECK failure in details.representation().Equals( map.GetPropertyDetails(descriptor).representati-2021-09-28
1216678Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-09-26
1215912Freelist Corruption with PartitionAlloc on 93.0.4541.0+ related to allocation of LayoutObjects/PaintLayers-2021-09-24
1219925Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-24
1221031Crash in cppgc::internal::PageBackend::AllocateLargePageMemory-2021-09-24
1221062heap-use-after-free : disk_cache::SparseControl::GetAvailableRange-2021-09-24
1212612Security: Use after free in Payments$20,0002021-09-23
1219539Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-23
1219898v8_wasm_fuzzer: DCHECK failure in 0 < code.size() in function-compiler.cc-2021-09-23
1151507Security: Cross-origin iframe can navigate top window to different site via same-site open redirect or XSS redirect$3,0002021-09-22
1183440Heap-use-after-free in views::MenuController::ExitMenu-2021-09-22
1195278UAF in bookmark$7,5002021-09-22
1200679Security: Double-free when extension is uninstalled while uninstall dialog is being shown$10,0002021-09-22
1201033Security: Out-of-bounds access in WebAudio$7,5002021-09-22
1206458heap-use-after-free : resource_coordinator::TabLifecycleUnitSource::TabLifecycleUnit::SetFocused-2021-09-22
1145553bypass blocked autoredirects from cross-origin iframes$5,0002021-09-21
1181522CrOS: Intel graphics drivers advisory INTEL-SA-00438-2021-09-21
1194899BigInt toLocaleString free invalid pointer$1,0002021-09-21
1211308Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-09-21
1213350Security: Incorrect Security UI in downloads$3,0002021-09-21
1219101Security: Simplified Lowering DCHECK restriction type-2021-09-21
1219634v8_wasm_code_fuzzer: DCHECK failure in exception_stack.back() == control_stack.size() - 1 in wasm-interpreter.cc-2021-09-21
1214699Null-dereference READ in ubsan_GetStackTrace-2021-09-20
1216941Null-dereference READ in content::BrowserContext::GetDefaultStoragePartition-2021-09-19
1219231Heap-use-after-free in ash::TrayBubbleView::RerouteEventHandler::OnKeyEvent-2021-09-19
1216837Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-18
1218439Bad-cast to blink::ImageResourceObserver from invalid vptr in blink::ImageResourceContent::PriorityFromObservers-2021-09-18
1218587Heap-use-after-free in blink::StyleCrossfadeImage::ImageChanged-2021-09-18
1218811Heap-buffer-overflow in ash::ScrollableShelfView::CalculateTappableIconIndices-2021-09-18
1219036Crash in v8::internal::ElementsAccessorBase<v8::internal::FastHoleyObjectElementsAccessor-2021-09-18
1210487AddressSanitizer: use-after-poison long_task_detector.cc:46 in blink::LongTaskDetector::DidProcessTask$7,5002021-09-17
1214140Heap-use-after-free in views::Widget::OnNativeWidgetDestroying-2021-09-17
1214584Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-09-17
1215504CrOS: Vulnerability reported in net-nds/openldap-2021-09-17
1217741dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-09-17
1206911Security: heap-use-after-free in autofill::SaveCardBubbleViews::WindowClosing-2021-09-16
1209558Breakpoint with empty stacktrace-2021-09-16
1209769uaf in browser process DestroyURLLoader(network::cors::CorsURLLoaderFactory)$15,0002021-09-16
1210547dawn_wire_server_and_vulkan_backend_fuzzer: Stack-buffer-overflow in rr::Variable::loadValue-2021-09-16
1211215DCHECK failure in *p != to_check_ in heap.cc-2021-09-16
1212498Security: UAF after user clicks help link in enhanced spell check dialog$10,0002021-09-16
1212500Security: UAF after use clicks help link in accessibility labels dialog$10,0002021-09-16
1212618Security: UAF in ServiceWorker with bfcache$25,0002021-09-16
1212862Security: Crash in Zenith dialog-2021-09-16
1216437Security: Unexpected JS execution in GetScriptableObjectProperty leads to JS object corruption-2021-09-16
1176218Security: TALOS-2021-1241 Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability$7,5002021-09-15
1187797Security: UAF in usrsctp on sctp_association->str_reset$7,5002021-09-15
1191778policy_fuzzer: Heap-use-after-free in base::JoinString-2021-09-15
1197146Security: UAF when extension removes tab group during drag$10,0002021-09-15
1198717Security: OOB write after extension pins tab during drag$10,0002021-09-15
1199198Security: UAF caused by some WebUIMessageHandlers when OnJavascriptDisallowed() is not called before destruction$15,0002021-09-15
1202598Security: Heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$10,0002021-09-15
1203693dawn_wire_server_and_frontend_fuzzer: Container-overflow in tint::diag::Formatter::format-2021-09-15
1204814sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-09-15
1206631Chrome: Crash Report - base::CancelableTaskTracker::Untrack-2021-09-15
1215974CrOS: Vulnerability reported in x11-libs/gdk-pixbuf-2021-09-15
1216212hb_subset_fuzzer: Crash in OT::hb_colrv1_closure_context_t::return_t OT::Paint::dispatch<OT::hb_colrv1_clos-2021-09-15
1140831harbfuzz is affected by unfixed upstream bugs-2021-09-14
1201073Security: UAP in FileReader$7,5002021-09-14
1202534v8_inspector_fuzzer: DCHECK failure in enabled() in v8-debugger-agent-impl.cc-2021-09-14
1209444Trap in Builtins_JSEntryTrampoline-2021-09-14
1211782CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1212460CrOS: Vulnerability reported in net-fs/samba-2021-09-14
1215250paint_op_buffer_fuzzer: Use-of-uninitialized-value in cc::PaintOpReader::ReadRecordPaintFilter-2021-09-14
1215808DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1215976Memcpy-param-overlap in v8::base::Memcpy-2021-09-14
1216595Attaching an inner contents that has already created a platform RenderWidgetHostView causes a bad cast on Mac and Android-2021-09-14
1216928code_cache_host_mojolpm_fuzzer: Illegal-instruction in StackTraceGetter::CurrentStackTrace-2021-09-14
1217311DCHECK failure in new_pages * wasm::kWasmPageSize >= byte_length_ in backing-store.cc-2021-09-14
1210823dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-09-12
1202661Security: Stack overflow in printing$10,0002021-09-11
1201031Security: Use-after-free in extension install dialog$20,0002021-09-10
1209802tint_ast_clone_fuzzer: Illegal-instruction in tint_ast_clone_fuzzer.cc-2021-09-10
1210414Security: [ANGLE] Out-of-bound write in rx::Image11::GenerateMipmap$7,5002021-09-10
1216021counters_service_fuzzer: Use-of-uninitialized-value in patchpanel::ParseOutput-2021-09-10
1216215DCHECK failure in (optimizing_compile_dispatcher_) != nullptr in isolate.h-2021-09-10
1211326SUMMARY: AddressSanitizer: heap-use-after-free devtools_agent_host_impl.h:84 in std::__1::vector<content::protocol::TargetHandler*, std::__1::allocator<content::protocol::TargetHandler*> > content::DevToolsAgentHostImpl::HandlersByName<content::protocol::TargetHandler>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)$10,0002021-09-09
1213313Security: HeapOverflow in FillPhoneCountryCode$15,0002021-09-09
1214280dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in sw::SpirvShader::Operand::Float-2021-09-09
921607Cross-Origin URL steal using Fetch and no-cors requests on iOS Chrome.$2,0002021-09-08
1070399Security: URL spoofing using 'very-long-hostname' URL in the Suggestion box$5002021-09-08
1200440ExtensionFunction::browser_context() and deleted private profiles-2021-09-08
1180210Security: CVE-2020-12362: Privilege escalation vulnerability in i915 GuC firmware-2021-09-06
1181227Security: Failure to enforce EC is booted from RO when performing dev mode transitions on dedede, volteer-2021-09-06
1213770CHECK failure: unregister_token().IsUndefined(isolate) implies key_list_prev().IsUndefined(isol-2021-09-05
1214311counters_service_fuzzer: Heap-buffer-overflow in patchpanel::ParseOutput-2021-09-05
1195722Security: UAP in JS Self-Profiling API$5,0002021-09-04
1195431Security: UAF in Android-specific (not in upstream Linux) xt_qtaguid kernel module-2021-09-04
1213709DCHECK failure in 0 < number_of_all_descriptors in factory-base.cc-2021-09-04
1201938DCHECK failure in descriptor_number.as_int() < number_of_descriptors() in descriptor-array-inl.h-2021-09-02
1206404Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-09-02
1208264Security: Heap-use-after-free in media_router::WebContentsDisplayObserverView::OnBrowserSetLastActive$15,0002021-09-02
1208782DCHECK failure in IsAligned(reinterpret_cast<uintptr_t>(dst), kAtomicWordSize) in atomicops.h-2021-09-02
1210394crash in canvas filter$5,0002021-09-02
1212694Security: libxml CVE-2021-3541-2021-09-02
1213476Heap-use-after-free in blink::mojom::CodeCacheHostStubDispatch::Accept-2021-09-02
1213678DCHECK failure in that == nullptr || v8::internal::Object( *reinterpret_cast<const v8::internal::A-2021-09-02
1213764Crash in v8::internal::Map::instance_type-2021-09-02
1213851CHECK failure: ReadOnlyRoots(isolate).empty_descriptor_array() == *this-2021-09-02
1023503Security: PlatformSensorReaderWin32 use after free bug-2021-09-01
1094449CrOS: Vulnerability reported in sys-apps/dbus-2021-09-01
1204811Security: Local Elevation of Privilege vulnerability in Google Update Service$10,0002021-09-01
1210593CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2021-09-01
1212206Heap-use-after-free in rx::FramebufferVk::startNewRenderPass-2021-09-01
1212321Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-09-01
1212733Security: expat vulnerable to CVE-2013-0340?$5002021-09-01
538562Chrome inherits window name from sandboxed iframe, enabling global variable confusion-2021-08-31
1129379CrOS: Vulnerability reported in dev-libs/openssl-2021-08-31
1207277Security: heap-use-after-free in BrowserView::ProcessFullscreen$7,5002021-08-31
1207334CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-31
1209798CHECK failure: Ref construction failed-2021-08-31
1212582DCHECK failure in !node->op()->HasProperty(Operator::kNoThrow) in simplified-lowering.cc-2021-08-31
1172694Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-08-28
1197431Bad-cast to rx::RenderTargetVk from invalid vptr in rx::FramebufferVk::startNewRenderPass-2021-08-28
1203607Security: Heap-use-after-free in TabStripLayoutHelper::CalculateMinimumWidth$7,5002021-08-28
1184954Security: Heap-use-after-free in TabStrip::GetSizeNeededForViews$10,0002021-08-27
1196480Security: Multiple Bugs in WebP-2021-08-27
1196773Security: heap-use-after-free in libwebp ConvertBGRAToRGB_SSE41-2021-08-27
1196775Security: heap-buffer-overflow in libwebp PlanarTo24b_SSE41-2021-08-27
1196777Security: heap-buffer-overflow in libwebp VP8YuvToRgb-2021-08-27
1196778Security: heap-buffer-overflow in libwebp UpsampleRgbLinePair_SSE41-2021-08-27
1206289CHECK failure: function->closure_feedback_cell_array().length() == function->shared().feedback_-2021-08-27
1211711dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in rr::optimize-2021-08-27
1178202Security: X-Chrome-offline allows arbitrary file reads from compromised renderer.-2021-08-26
1196232CrOS: Vulnerability reported in sys-libs/binutils-libs-2021-08-26
1197199gpu_raster_swangle_passthrough_fuzzer: Heap-use-after-free in libvk_swiftshader.so-2021-08-26
1196309Security: OOB vector insertion when extension highlights tab during drag$10,0002021-08-26
1197875Security: OOB read when attempting to add tab to group after groups have changed$11,0002021-08-26
1201340DCHECK failure in offset_imm <= std::numeric_limits<int32_t>::max() in liftoff-assembler-ia32.h-2021-08-26
1201446Security: heap-buffer-overflow in CreateFaviconImageSkia$20,0002021-08-26
1203590container-overflow in dom_distiller::TaskTracker::NotifyViewersAndCallbacks-2021-08-26
1209118SUMMARY: AddressSanitizer: heap-use-after-free (Chromium/asan-mac-release-876501/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/92.0.4491.0/Chromium Framework:x86_64+0x1958102f) in blink::ComputedAccessibleNode::checked()$5,0002021-08-26
1185801Remove header sizes from ResourceTiming transferSize-2021-08-25
1194431Security: UAF in TracingHandler$5,0002021-08-25
1194896Security: UAF after moving tab associated with undocked devtools instance into another browser window$10,0002021-08-25
1200766UAF in AutofillPopupControllerImpl$20,0002021-08-25
1203674AddressSanitizer: heap-use-after-free in dom_distiller::UMAHelper::LogTimeOnDistillablePage-2021-08-25
1205059video_capture_host_mojolpm_fuzzer: Bad parameters to --sanitizer-annotate-contiguous-container in media::FakeV4L2Impl::ioctl-2021-08-25
1208414render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1208721Security: heap-over-flow in AutofillPopupControllerImpl::RemoveSuggestion$20,0002021-08-25
1209178render_text_api_fuzzer: Crash in gfx::RenderTextHarfBuzz::EnsureLayout-2021-08-25
1209638dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-08-25
1206623DCHECK failure in StackFrame::IsTypeMarker(marker) in frames.cc-2021-08-23
1177325libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2-2021-08-22
1190030Crash in rx::IOSurfaceSurfaceVkMac::releaseTexImage-2021-08-21
1200246dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_native::ObjectBase::IsError-2021-08-21
1204347Security: 3d css can still glitch onto native browser UI-2021-08-21
1206131Security: PresentationRequest dialog can appear over the wrong tab$1,0002021-08-21
1208984Heap-buffer-overflow in GrPathUtils::generateQuadraticPoints-2021-08-21
1189110Crash in sw::SpirvShader::getImageSampler-2021-08-20
1205981Visited links leak via CSS transitions and the transitionrun event (Windows 10, Linux)$5,0002021-08-20
1207078v8_inspector_fuzzer: DCHECK failure in has_scheduled_exception() in isolate-inl.h-2021-08-20
1208865zucchini_disassembler_elf_fuzzer: Use-of-uninitialized-value in zucchini::DisassemblerElfIntel<zucchini::Elf32IntelTraits>::MakeReadAbs32-2021-08-20
1194058Security: heap-use-after-free in the payment dialog in the browser process$15,0002021-08-19
1195340Security: HeapOverflow in MediaFeeds$15,0002021-08-19
1195573Security: UAF when WebContents being dragged is destroyed$1,0002021-08-19
1197436Security: heap-use-after-free in DesktopWindowTreeHostPlatform::SetFullscreen$10,0002021-08-19
1200019Security: heap-buffer-overflow in PlatformNotificationServiceImpl::CreateNotificationFromData$20,0002021-08-19
1206329UAF in InternalAuthenticatorAndroid::InvokeIsUserVerifyingPlatformAuthenticatorAvailableResponse-2021-08-19
1207992Heap-use-after-free in viz::SkiaRenderer::DrawRenderPassQuad-2021-08-19
1153363Security: With full pointers, a wrong SmiUntag() operation on a TaggedIndex value can cause operating on the wrong feedback slot.-2021-08-18
1198216sqlite3_dbfuzz2_fuzzer.exe: Heap-buffer-overflow in insertCell-2021-08-18
12004900 and -0 confusion in SpeculativeNumberMultiply-2021-08-18
1203593Static-imported scripts are wrongly considered main scripts during service worker update-2021-08-18
1204071Segv on unknown address in Builtins_InterpreterEntryTrampoline-2021-08-18
1206674Heap-use-after-free in hsw::run_program-2021-08-18
1206822Trap in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit-2021-08-18
1207680CHECK failure: Ref construction failed-2021-08-18
1194829use after poison write in mojo::InterfaceEndpointClient::NotifyError when deal with WebBundle$5,0002021-08-17
1205670CVE-2021-31829 - Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory-2021-08-17
1206754DCHECK failure in !__isolate__->has_pending_exception() in ic.cc-2021-08-17
1206994CHECK failure: promise_result.is_null() == promise_->GetIsolate()->has_pending_exception()-2021-08-17
1207679CHECK failure: storage_.is_populated_-2021-08-17
1205752tint_spv_reader_wgsl_writer_fuzzer: Bad-cast to const tint::ast::Pointer from tint::ast::Vector in tint::typ::TypePair<tint::ast::Pointer, tint::sem::Pointer> tint::typ::Call_type-2021-08-15
1149086gstoraster_fuzzer: Use-of-uninitialized-value in gp_pwrite_impl-2021-08-14
1164941Heap-buffer-overflow in sw::SpirvShader::getImageSampler-2021-08-14
1198369Security: ink refers to non-existent upstream-2021-08-14
1204484tint_first_index_offset_fuzzer: Stack-buffer-overflow in tint::fuzzers::ExtractFirstIndexOffsetInputs-2021-08-14
1171630gstoraster_fuzzer: Use-of-uninitialized-value in cf_decode_2d-2021-08-13
1172655gstoraster_fuzzer: Use-of-uninitialized-value in template_compose_group-2021-08-13
1201501Bad-cast to content::ChildThreadImpl from invalid vptr in content::ChildThreadImpl::OnFieldTrialGroupFinalized-2021-08-13
1201710gstoraster_fuzzer: Segv on unknown address in stream_dct_end_passthrough-2021-08-13
1202506gstoraster_fuzzer: Heap-use-after-free in real_param-2021-08-13
1203122Security: Type confusion bug in LoadSuperIC$20,0002021-08-13
1168081CrOS: Vulnerability reported in sys-libs/glibc-2021-08-12
1193233Security: Arbitrary file read when caching file using CallAsSelfAndImpersonate2$5,0002021-08-12
1200017Heap-use-after-free in gl::GLFenceNV::~GLFenceNV-2021-08-12
1201074Security: use-of-uninitialized-value in libavif when decode the crafted avif file$7,5002021-08-12
1202203Heap-buffer-overflow in vk::Buffer::getOffsetPointer-2021-08-12
1201772FLEDGE passes privileged url_loader_factory to utility process-2021-08-11
1203240freetype_cidtype1_render_ftengine_fuzzer: Use-of-uninitialized-value in cf2_interpT2CharString-2021-08-11
1203738freetype_cidtype1_fuzzer: Use-of-uninitialized-value in cid_read_subrs-2021-08-11
1204829Heap-use-after-free in cricket::AllocationSequence::Init-2021-08-11
1197786sqlite3_lpm_fuzzer: Segv on unknown address in sqlite3MemCompare-2021-08-10
1194021CrOS: Vulnerability reported in x11-libs/cairo-2021-08-09
1203060freetype_bdf_fuzzer: Use-of-uninitialized-value in inflate-2021-08-07
1204313Heap-use-after-free in viz::SkiaRenderer::PrepareRenderPassOverlay-2021-08-07
1177875Security: Openjpeg security fix may be missing$5002021-08-04
1198705Security: Range miscalculation for nodes of type SpeculativeSafeIntegerAdd in v8's TurboFan$7,5002021-08-04
1199345missing the -0 case in VisitSpeculativeIntegerAdditiveOp$15,0002021-08-04
1202736DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-08-04
1139156Security: chrome.debugger API bypasses the runtime_blocked_hosts Enterprise policy$5,0002021-08-03
1195331Trap in v8::internal::Map::UpdateFieldType-2021-08-03
1198854use after poison inMediaStreamAudioTrack::StopAndNotify$5,0002021-08-03
1202119Stack-use-after-return in SkRect::x$6,0002021-08-03
1202609incorrect range constraint converting {u,}int64_t to double-2021-08-03
1189092Security: Steal arbitrary data in Android chrome private directory$5,0002021-08-03
1180510security: click-to-call across devices has inconsistent escaping & URL validation$3,0002021-08-02
1163228Security: Missing usrsctp fixes-2021-07-31
1201537vp9_encoder_references_fuzzer: Use-of-uninitialized-value in webrtc::FrameValidator::OnEncodedImage-2021-07-31
1195650Security: v8 SIGTRAP in optimized code$5,0002021-07-30
1199402Security: Remote Code Execution?-2021-07-30
1200231Crash in v8::internal::compiler::Operator1<v8::internal::Handle<v8::internal::HeapObject>-2021-07-30
1110036gstoraster_fuzzer: Use-of-uninitialized-value in parse_dict-2021-07-29
1107972gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1157498gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-07-29
1159499gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-07-29
1160913gstoraster_fuzzer: Use-of-uninitialized-value in charstring_font_params-2021-07-29
1198895use-after-poison in blink::ImageDecoderExternal::OnMetadata$7,5002021-07-29
1200184v8_wasm_compile_fuzzer: Trap in v8::internal::wasm::fuzzer::InterpretAndExecuteModule-2021-07-29
1201113Crash in v8::internal::Simulator::LoadStoreHelper-2021-07-29
1201432Crash in Builtins_RunMicrotasks-2021-07-29
1175058Security: heap-use-after-free using Presentation API-2021-07-28
1175522sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-28
1181276sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in sqlite3VdbeRecordCompareWithSkip-2021-07-28
1188889Security: UAF in PageHandler::Navigate$10,0002021-07-28
1194046Security: Site isolation break because of double fetch of shared buffer$15,0002021-07-28
1194491Security: Potential out-of-bound write, origin confusion, permission type confusion in PermissionManager-2021-07-28
1195308Security: Integer Overflow leads to heap buffer overflow in the function$20,0002021-07-28
1195686Security: Heap-use-after-free in constrained_window::CreateWebModalDialogViews$5,0002021-07-28
1195777Security: Incorrect representation change from Word64 to Word32$20,0002021-07-28
1196654CrOS: Vulnerability reported in net-misc/curl-2021-07-28
1197829[cros] Device unlocked after resume from sleep-2021-07-28
1197904Security: UAF in NavigationPredictor$27,0002021-07-28
1198165(Chrome & Chromium Browsers) File Download Pop-up Origin Spoof$7,5002021-07-28
1198696Harden ArrayPrototypePop and ArrayPrototypeShift against typer bugs-2021-07-28
1199662v8_wasm_compile_fuzzer: DCHECK failure in 0 == four_lanes & in code-generator-arm.cc-2021-07-28
1200162freetype_colrv1_fuzzer: Use-of-uninitialized-value in tt_face_get_paint-2021-07-28
1172533Security: Autofill suggestion drop-down can cover browser UI-2021-07-26
1173297Security: Autofill dropdown can be made hidden-2021-07-26
1198611freetype_colrv1_fuzzer: Crash in tt_face_get_paint-2021-07-26
1185732UAF in indexeddb database$5,0002021-07-24
1195579DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2021-07-24
1025683Permission Service Use After Free$20,0002021-07-23
1192552heap-use-after-free : views::HWNDMessageHandler::OnDisplayChange-2021-07-23
1195333Security: The Browser Process wrongly handle ACCEPT_BROKER_CLIENT message$15,0002021-07-23
1199526v8_wasm_compile_fuzzer: Trap in V8_Dcheck-2021-07-23
1195977Security: v8 Array.concat IterateElements OOB access leads to RCE$22,0002021-07-22
1197759Segv on unknown address in HistoryClustersTabHelper::OnOmniboxUrlCopied-2021-07-22
1197852Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-22
1198385heap-buffer-overflow : metal::`anonymous namespace'::TestShaderNow-2021-07-22
1198871Abrt in blink::FontCache::GetLastResortFallbackFont-2021-07-22
830101SameSite cookie bypass via redirect$3,0002021-07-21
1166502Known vulnerability detected in third_party/unrar-2021-07-21
1175503Security: same-to-cross-to-same-origin redirects are allowed for dedicated module workers-2021-07-21
1178032heap-use-after-free : PermissionBubbleMediaAccessHandler::ProcessQueuedAccessRequest-2021-07-21
1196683Security: 2021 pwn2own entry-2021-07-21
1196803iframe sandbox escape using incognito intent fallback URLs-2021-07-21
1197492Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut-2021-07-21
1197839Chromium: Vulnerability reported in third_party/xstream-2021-07-21
1072486Security: udev: root file write -> command execution privilege escalation-2021-07-20
1161806potential uaf in webmidi-2021-07-20
1166012Heap-buffer-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop-2021-07-20
1166496Known vulnerability detected in third_party/unrar-2021-07-20
1166497Known vulnerability detected in third_party/unrar-2021-07-20
1166498Known vulnerability detected in third_party/unrar-2021-07-20
1166499Known vulnerability detected in third_party/unrar-2021-07-20
1166500Known vulnerability detected in third_party/unrar-2021-07-20
1166501Known vulnerability detected in third_party/unrar-2021-07-20
1181688Security: UAF in Ozone Clipboard$20,0002021-07-20
1184294Security: xdgmime missing security-relevant commits-2021-07-20
1190525Heap-buffer-overflow in SkScalerContext_FreeType_Base::generateGlyphImage-2021-07-20
1197393Stack-buffer-overflow in void v8::internal::compiler::VisitBinop<v8::internal::compiler::BinopMatcher<v8:-2021-07-20
448539Autofill should not fill hidden fields-2021-07-19
1197819Bad-cast to int (const char *, void *) in xdg_run_command_on_dirs-2021-07-19
1197910Heap-use-after-free in ash::TrayBubbleView::~TrayBubbleView-2021-07-19
1195552Crash in v8::internal::Isolate::embedded_blob_code-2021-07-16
1195615Crash in blink::HTMLPopupElement::hide-2021-07-16
1168541Security: cryptohome chronos-access chgrp-2021-07-15
1168549Security: Cryptohome chown chronos-2021-07-15
1190519Heap-buffer-overflow in rx::vk::ImageViewHelper::getLevelLayerDrawImageView-2021-07-15
1193739heap-use-after-free : media::MojoVideoDecoder::OnVideoFrameDecoded-2021-07-15
1194358Security: OOB in v8$15,0002021-07-15
1195356Trap in void v8::internal::SharedTurboAssembler::AvxHelper<v8::internal::XMMRegister, v8-2021-07-15
1157030CrOS: Vulnerability reported in app-text/poppler-2021-07-14
1165654Security: 30x Redirect On Reload Can Navigate to Unsafe URLs / Cause Spoofing Issues-2021-07-14
1195370Trap in v8::internal::Handle<v8::internal::JSFunctionOrBoundFunction> const v8::internal-2021-07-14
1196503Crash in v8::base::Relaxed_Load-2021-07-14
1184929v8_wasm_async_fuzzer: DCHECK failure in min_block == BasicBlock::GetCommonDominator(block, min_block) in scheduler.cc-2021-07-13
1194417Security: PermissionControllerImpl::UnsubscribePermissionStatusChange UAF-2021-07-13
1195343CrOS: Vulnerability reported in dev-libs/openssl-2021-07-13
1193327freetype_colrv1_fuzzer: Heap-buffer-overflow in tt_face_get_paint-2021-07-11
1189926Aww snap crash when editing canvas text$1,0002021-07-10
1191389dawn_wire_server_and_vulkan_backend_fuzzer: Crash in dawn_native::ValidateImageCopyTexture-2021-07-10
1192574Security: 30x to data URI aren't blocked on iOS-2021-07-10
1192789Security: upgrade to openssl 1.1.1k.-2021-07-10
1156531Security: IDN Spoofing-2021-07-09
1175992Security: Heap-buffer-overflow in TabStripModel::IsTabPinned$10,0002021-07-08
1184399Security: Legacy ipc::Message passed via shared memory.-2021-07-08
1190462CrOS: Vulnerability reported in net-libs/gnutls-2021-07-08
1192054Security: heap-use-after-free in blink::InvalidatableInterpolation::MaybeConvertPairwise$5,0002021-07-08
1192313v8_wasm_compile_fuzzer: Negative-size-param in v8::internal::wasm::WasmFullDecoder<-2021-07-08
1193257webcodecs_audio_decoder_fuzzer: Bad-cast to media::MediaLog from invalid vptr in media::LogHelper::~LogHelper-2021-07-08
1194784v8_wasm_code_fuzzer: DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-08
1194669Trap in v8::internal::FunctionLiteral::GetDebugName-2021-07-08
1161379kCanvasReadback is used for two fingerprint surfaces-2021-07-07
1161847Trap in Builtins_InterpreterEntryTrampoline-2021-07-07
1173903Security: container-overflow in TabStrip-2021-07-07
1181228Security: UAF in DesktopCapture$20,0002021-07-07
1182647Security: Use after free in V8$15,0002021-07-07
1185463DCHECK failure in PropertyConstness::kMutable == old_descriptors_->GetDetails(modified_descriptor_-2021-07-07
1185482Security: use-after-free in WindowTreeHostPlatform::OnBoundsChanged$1,0002021-07-07
1186641Security: heap-use-after-free in Blink$7,5002021-07-07
1192311Use-after-poison in blink::AXObjectCacheImpl::Dispose-2021-07-07
1193098gpu_raster_swiftshader_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2021-07-07
1193209pdf_codec_jbig2_fuzzer: Stack-use-after-scope in fxcrt::UnownedPtr<std::__Cr::list<std::__Cr::pair<std::__Cr::pair<unsigned int,-2021-07-07
1193493CHECK failure: !available->IsEmpty() in macro-assembler-arm64.cc-2021-07-07
1193728CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-07-07
1194316DCHECK failure in this->ok() in function-body-decoder-impl.h-2021-07-07
1177419Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree [LayoutNG only]-2021-07-06
1187210sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in vdbeRecordCompareInt-2021-07-06
1169049Security: ARM GPU driver vulnerabilities-2021-07-05
1192926Use-of-uninitialized-value in mojo::core::ChannelPosix::WriteNoLock-2021-07-05
1193116Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2021-07-04
1193210Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-04
1188407Security: ChromeOS: missing path restriction in arc-obb-mounter-2021-07-03
1189576crash in VideoFrame$2,0002021-07-03
1190554Use-of-uninitialized-value in media::MediaMetricsProvider::~MediaMetricsProvider-2021-07-03
1191853v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-07-03
1192418Segv on unknown address in blink::Node::parentNode-2021-07-03
1192456Use-of-uninitialized-value in blink::AXLayoutObject::CanHaveChildren-2021-07-03
1192569Heap-use-after-free in blink::AXLayoutObject::GetDocument-2021-07-03
1190290v8_inspector_fuzzer: DCHECK failure in has_exception == isolate->has_pending_exception() in execution.cc-2021-06-30
1106907uaf in WebRTC_Network$5,0002021-06-29
1176510Use-of-uninitialized-value in GURL::SchemeIs-2021-06-29
1189890Heap-buffer-overflow in v8::internal::Simulator::LoadStoreHelper-2021-06-29
1184562Security: NAT Slipstreaming via RTSP(TCP/554) allows attacker to access local udp ports$3,0002021-06-27
1185611Heap-use-after-free in libvk_swiftshader.dylib$6,0002021-06-27
1187217Security DCHECK failure: IsTextControl(node) in text_control_element.h-2021-06-27
1187896v8_wasm_code_fuzzer: DCHECK failure in !unreachable implies stack_height >= c->end_label->target_stack_height in wasm-i-2021-06-27
1190077Container-overflow in views::View::Layout-2021-06-27
1000248Using the CSS Layout API and contenteditable causes the page to crash$5,0002021-06-24
1100748Security: Possible for extensions to access chrome.cloudPrintPrivate API$1,0002021-06-24
1115045CSP frame-src bypass using: window.open + javascript-url + about:srcdoc + doubly-nested-iframe.$3,0002021-06-24
1116869Security: heap-buffer-overflow in "SkiaState::AdjustClip" function$5,0002021-06-24
1145024Security&UI: WPA2-Enterprise/EAP WiFi Connection "Default" UI Discrepancy$5002021-06-24
1161891Security: Reloading iframes with data: src causes partial CSP bypass$5002021-06-24
1166091Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166462Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166478Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1166972Security: Use of conditionally uninitialised stack variable may leak stack state$5002021-06-24
1167507Security: Offline view bypasses Content-Security-Policy of the original page$3,0002021-06-24
1167629Security: Context menu "Open" on a javascript: link bypasses Content-Security-Policy$1,0002021-06-24
1180588Memcpy-param-overlap in mojo::core::Channel::Message::ExtendPayload-2021-06-24
1182767Security: Amended fix for Side-channel attack against Autofill Preview$5,0002021-06-24
1184037Container-overflow in blink::LocalFrameView::PushPaintArtifactToCompositor-2021-06-24
1184147Security: Incorrect Security UI in payment$5002021-06-24
1185735[spark-plug]SharedFunctionInfo pending execption error which can lead to RCE-2021-06-24
1188868DCHECK failure in 0 == result in mutex.cc-2021-06-24
1189396CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc-2021-06-24
1189467Use-of-uninitialized-value in v8::internal::compiler::Schedule::block-2021-06-24
1146813Crash in v8::internal::Builtins::builtin_handle-2021-06-23
1166138Security: Debug check failed: kMinCPOffset <= by (-32768 vs. -65536).$5,0002021-06-23
1187203Security: SandboxedUnpacker unsafe use of shared memory.-2021-06-23
1187403Heap-use-after-free in CurrentTabDesktopMediaList::Refresh$15,0002021-06-23
1187826CrOS: Vulnerability reported in media-libs/tiff-2021-06-23
1187836v8_wasm_compile_fuzzer: DCHECK failure in is_gp() in liftoff-register.h-2021-06-23
1188483DCHECK failure in invalidated_object.map().IsMap() in invalidated-slots-inl.h-2021-06-23
1188974DCHECK failure in !is_linked() in label.h-2021-06-23
1186603v8_wasm_async_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-06-22
1167357potential uaf in rtc_peer_connection$5002021-06-18
1179915heap-use-after-free : ui::EventTarget::RemovePreTargetHandler-2021-06-18
1181387Security: container-overflow in TabGroups-2021-06-18
1182109Security: dPWAs can change their icons after installation-2021-06-18
1187170DCHECK failure in IsPrimitiveMap() in map-inl.h-2021-06-18
1177674Security: Site Isolation bypass after BrowsingInstance state deleted-2021-06-17
1185829v8_wasm_compile_fuzzer: DCHECK failure in source.stack_height() == target.stack_height() in liftoff-assembler.cc-2021-06-17
1186802v8_wasm_compile_fuzzer: DCHECK failure in sig->return_count() <= cache_state_.stack_height() in liftoff-assembler.cc-2021-06-17
1040988media_pipeline_integration_fuzzer: Use-of-uninitialized-value in decode_residuals-2021-06-16
1152226Leaking the URL of any cross-origin redirect through AppCache's network section$5,0002021-06-16
1152334Security: UAF in PaymentResponseHelper::GeneratePaymentResponse$15,0002021-06-16
1174493CrOS: Vulnerability reported in dev-python/jinja-2021-06-16
1185512cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-16
1185999v8_wasm_code_fuzzer: DCHECK failure in (cond) != nullptr in wasm-compiler.cc-2021-06-16
916326CSP bypass via wrong inheritance-2021-06-15
1097480CrOS: Vulnerability reported in dev-libs/libpcre-2021-06-15
1146651X-Frame-Options console error leaks cross-origin redirect information to a cross-site renderer process-2021-06-15
1161144Security: UAF in Bookmark OpenAll$10,0002021-06-15
1173879Security: Autofill preview suggestion value can be made to persist-2021-06-15
1175507Security: heap-use-after-free in TabSearchPageHandler::CloseTab-2021-06-15
1175975WebCodecs VideoFrame allows tainting bypass for ImageBitmaps.-2021-06-15
1181131CrOS: Multiple vulnerabilities in dev-libs/openssl-2021-06-15
1182571v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-06-15
1183026v8_wasm_async_fuzzer: DCHECK failure in function->has_prototype_slot() in js-function.cc-2021-06-15
1184182Heap-use-after-free in aura::Window::~Window-2021-06-15
1184928DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-06-15
1184964DCHECK failure in !cache_state_.stack_state.empty() in liftoff-assembler.cc-2021-06-15
1184966CHECK failure: Node::New() Error: #743:Phi[0] is nullptr in node.cc-2021-06-15
1184991DCHECK failure in (val.node) != nullptr in graph-builder-interface.cc-2021-06-15
1185072DCHECK failure in (location_) != nullptr in handles.cc-2021-06-15
1185322DCHECK failure in kBottom != kind in value-type.h-2021-06-15
1185579CHECK failure: Node::New() Error: #287:Float32LessThanOrEqual[1] is nullptr in node.cc-2021-06-15
1178181cups_ipp_t_fuzzer: Crash in create_item-2021-06-12
1164846Security: ImageFetchTabHelper::GetImageDataByJs allows child frames to inject scripts into parent (UXSS)$10,0002021-06-12
583058Security: root->kernel scribble in cros_ec_dev:ec_device_ioctl_xcmd on 32bit$5,0002021-06-11
957606Security: CSP restrictions aren't applied when navigating a frame to about:blank$7,5002021-06-11
971231Chrome Content security Policy bypass$1,0002021-06-11
1075734Security: Side-channel attack against Autofill Preview that can steal user's data (e.g., credit card number).$5002021-06-11
1115298Full CSP bypass by opening a blob URL in a new tab and reloading it with history.back$3,0002021-06-11
1115628Security: Full CSP bypass through blob: URIs$5,0002021-06-11
1117687Security: Full CSP bypass through filesystem URIs$5,0002021-06-11
1154250Security: determining size of CORB/CORP'd cross-origin responses$5002021-06-11
1155302Security: UaF in V4L2VideoEncodeAccelerator-2021-06-11
1158010Security: Referrer Header Spoofing Vulnerability via <base> tags$5002021-06-11
1170584UI/URL Spoofing by putting the page into fullscreen when a user opens the emoji dialog$1,0002021-06-11
1174943uaf in DestroyURLLoader(network::cors::CorsURLLoaderFactory)$15,0002021-06-11
1175436uaf in CrossOriginEmbedderPolicyReporter(browser)$15,0002021-06-11
1178165cups_ipp_t_fuzzer: Heap-buffer-overflow in ippAddDate-2021-06-11
1181701CrOS: Vulnerability reported in dev-libs/glib-2021-06-11
1183192Use-of-uninitialized-value in blink::LayoutGrid::FirstLineBoxBaseline-2021-06-11
1184441Racy UAF when handling usrsctp notification on timer thread-2021-06-11
1173311Security: Backport futex fix to older kernels-2021-06-09
1181673noopener not applied to popups opened from a cross origin iframe in a cross-origin-isolated environment-2021-06-09
1181684v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-06-09
1183122Heap-use-after-free in blink::GridLayoutUtils::FlowAwareDirectionForChild-2021-06-09
1181676Security: UAF in ClipboardHistory$20,0002021-06-08
1182572Heap-buffer-overflow in mojo::core::Channel::Message::ExtendPayload-2021-06-05
1013133CHECK failure: API call returned invalid object in api-arguments-inl.h-2021-06-04
1181310Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181125Container-overflow in blink::LocalVideoCapturerSource::OnLog-2021-06-04
1181599sanitizer_api_fuzzer: Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-06-04
996770Security: [xfa] pdfium SEGV on RelocateTableRowCells$5,0002021-06-02
1180435Crash in v8::internal::Simulator::DecodeType2-2021-06-01
1180871Heap-use-after-free in storage::DataPipeTransportStrategy::OnDataPipeReadable-2021-06-01
1180129v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1180563Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-30
1180579v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::LiveRangeBuilder::ComputeLiveOut-2021-05-30
1177623Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1177812Use-of-uninitialized-value in v8::internal::JSDateTimeFormat::New-2021-05-29
1180181v8_wasm_fuzzer: Segv on unknown address in v8::internal::Simulator::LoadStoreHelper-2021-05-29
1180157tint_spv_reader_wgsl_writer_fuzzer: Use-of-uninitialized-value in tint::ValidatorImpl::Validate-2021-05-29
1159255cras_rclient_message_fuzzer: Crash in cras_system_state_stream_added-2021-05-28
1160414heapoverflow in web gpu$5,0002021-05-28
1179120Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179118Known vulnerability detected in third_party/harfbuzz-ng-2021-05-28
1179182v8_wasm_fuzzer: Segv on unknown address in v8::base::Memcpy-2021-05-28
1179292Heap-buffer-overflow in base::internal::VectorBuffer<char>::RangesOverlap-2021-05-28
1179545v8_wasm_compile_fuzzer: Stack-use-after-scope in v8::internal::wasm::fuzzer::WasmGenerator::BlockScope::BlockScope-2021-05-28
1179595[sparkplug]baseline optimize function PrologueFillFrame register_count can be 0 .which can lead to code execution$5,0002021-05-28
1179677Heap-use-after-free in base::ScopedMultiSourceObservation<aura::WindowTreeHost, aura::WindowTreeHostObs-2021-05-28
1179948wayland_fuzzer: Heap-use-after-free in decltype-2021-05-28
1144074Heap-use-after-free in EGL_DestroyContext-2021-05-27
1160218dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-05-27
1160258crash in gpu::gles2::GLES2Implementation::ReadPixels$5,0002021-05-27
1176728Security: Does eigen3 need updating?-2021-05-27
1178219Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-27
1179336Heap-buffer-overflow in base::circular_deque<char>::MoveBuffer-2021-05-27
1143526Security: leak cross-site response size - countermeasure bypass$3,0002021-05-26
1168544Security: crash-reporter chmod 660-2021-05-26
1171049Security: container-overflow in TabStrip::SetSelection$10,0002021-05-26
1174373UAP in MojoWatcher::OnHandleReady$2,0002021-05-26
1177593heap-buffer-overflow : blink::H264Encoder::EncodeOnEncodingTaskRunner-2021-05-26
1178008dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-26
1178136Chromium: Vulnerability reported in third_party/libzip-2021-05-26
1179025DCHECK failure in !pinned.has(reg) in liftoff-assembler.h-2021-05-26
1172054UaF in WebRTC P2PSocketManagerProxy::CreateSocket$5,0002021-05-25
1174626datapath_fuzzer: Use-of-uninitialized-value in patchpanel::IPv6AddressToString-2021-05-25
1178224Bad-cast to blink::LayoutTableSection from blink::LayoutNGTableSection in blink::LayoutTable::AddChild-2021-05-25
1178263Heap-buffer-overflow in blink::LayoutTable::AddColumn$6,0002021-05-25
1128895CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-05-24
1178455Test report from guest gmail account-2021-05-24
1176909Heap-use-after-free in blink::DisplayItemClient::IsJustCreated-2021-05-23
1177273Heap-use-after-free in blink::PaintLayer::RemoveAncestorScrollContainerLayer-2021-05-23
1178142Crash in blink::LayoutTable::AddCaption-2021-05-23
1178074Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-23
1111646Security: Possible to spoof URL after renderer crash$3,0002021-05-22
1174186CSS 3D transform intersection glitch in Chrome / Windows$5002021-05-22
1177684Use-of-uninitialized-value in blink::LayoutTable::AddCaption-2021-05-22
1177832Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-22
1178007Crash in blink::LayoutObjectChildList::RemoveChildNode-2021-05-22
1174582Security: ScriptProcessorNode allows write of Float32Array across threads-2021-05-21
1176606Heap-use-after-free in ash::NotificationCounterView::~NotificationCounterView-2021-05-21
1177341Security: Insufficient fix for CVE-2021-21148-2021-05-21
1155819gpu_raster_swiftshader_fuzzer: Bad-cast to llvm::cl::Option from llvm::cl::opt<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, false, llvm::cl::parser<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > in llvm::cl::applicator<llvm::cl::FormattingFlags>::opt-2021-05-20
1176557dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-20
1177070Crash in v8::internal::interpreter::BytecodeArrayAccessor::Advance-2021-05-20
1170531Talos Security Advisory for Google Chrome browser (TALOS-2021-1235)$7,5002021-05-19
1170776Security: V8 Incorrect array bounds calculation-2021-05-19
1176318DCHECK failure in CanTransitionTo(new_details, *new_value) in property-cell-inl.h-2021-05-19
1035260libyuv_scale_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_SSSE3-2021-05-18
1172819Heap-buffer-overflow in blink::NGTableLayoutAlgorithm::Layout-2021-05-18
1175222Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-05-18
1175500Security: Heap-buffer-overflow in TabStripModel::GroupTab (Windows-only)$7,5002021-05-18
1174551Heap-buffer-overflow in unsigned int v8::internal::StringHasher::HashSequentialString<char>-2021-05-17
1174900dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-17
1165724CrOS: Vulnerability reported in sys-libs/e2fsprogs-libs-2021-05-15
1168545Security: Arbitrary code execution in ghostscript-2021-05-15
1168555Security: android-root persistence-2021-05-14
1173269Security: heap-buffer-overflow in TabStripModel-2021-05-14
1173702Security: Heap buffer overflow in Tab Groups$7,5002021-05-14
1174641ANGLE: Out-of-bounds read for emulated compressed texture formats in 3D textures-2021-05-14
1166932Security: ChromeOS root privilege escalation and android-root persistence$45,0002021-05-13
1173925Use-of-uninitialized-value in blink::PaintPropertyTreeBuilder::UpdateForSelf-2021-05-13
1160459AddressSanitizer: access-violation on unknown address 0x000000000000-2021-05-12
1170826Third party apps and web pages can switch Chrome tabs-2021-05-12
1171785Heap-use-after-free in blink::LocalFrameView::PerformPreLayoutTasks-2021-05-12
1172192Security: UAF in Drag and Drop Download$20,0002021-05-12
1098582Security: allow-top-navigation-by-user-activation bypasses via message event listeners on iOS$5,0002021-05-11
1164655dawn_wire_server_and_vulkan_backend_fuzzer: Crash in vk::DescriptorSetLayout::DescriptorSetLayout-2021-05-11
1168552Security: host root file write-2021-05-11
1171954DCHECK failure in other->values_[index] != builder()->jsgraph()->OptimizedOutConstant() in bytecod-2021-05-11
1172121v8_inspector_fuzzer: DCHECK failure in host_import_module_dynamically_callback_ != nullptr == host_import_module_dynami-2021-05-11
1172591Heap-use-after-free in views::ColorChooser::OnViewClosing-2021-05-11
1172687Use-of-uninitialized-value in blink::LayoutObject::SetNeedsOverflowRecalc-2021-05-11
1172885dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-11
1172912v8_wasm_code_fuzzer: Heap-buffer-overflow in v8::internal::wasm::LiftoffAssembler::MergeFullStackWith-2021-05-11
1171846v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-05-10
1171759v8_multi_return_fuzzer: DCHECK failure in stack_decrement == kSystemPointerSize in code-generator-arm.cc-2021-05-09
1171956dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-05-08
1172117Bad-cast to blink::LayoutTableCol from blink::LayoutNGTableColumn in blink::HTMLTableColElement::ParseAttribute-2021-05-08
1172118Heap-buffer-overflow in blink::NGTablePainter::PaintBoxDecorationBackground-2021-05-08
1094642gstoraster_fuzzer: Segv on unknown address in s_DCTD_process-2021-05-06
1160665Requests for script sent even when main document is text/plain$5002021-05-06
1161759DCHECK failure in 0 == Heap::GetFillToAlign(obj->address(), HeapObject::RequiredAlignment(*map)) i-2021-05-06
1166504heap bufferoverflow in VideoFrameYUVConverter$5,0002021-05-06
1170657use after poison in DOMWebSocket$5,0002021-05-06
1170933garcon_ini_parse_util_fuzzer: Heap-buffer-overflow in vm_tools::garcon::ExtractKeyLocale-2021-05-06
1171195DCHECK failure in scope_data_->ReadUint32() == static_cast<uint32_t>(name->length()) in preparse-d-2021-05-06
1171327Security: Sudo vulnerability-2021-05-06
1171600DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-05-06
1171441tint_spv_reader_hlsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-06
1158376Security: Browser process heap-use-after-free in the portal element$15,0002021-05-05
1169317Security: UaF in payments::SecurePaymentConfirmationAppFactory$20,0002021-05-05
1170615garcon_ini_parse_util_fuzzer: Use-of-uninitialized-value in vm_tools::garcon::ExtractKeyLocale-2021-05-05
1170990CHECK failure: serialized_prototype_ in js-heap-broker.cc-2021-05-05
1165624Security: UaF in chrome!payments::PaymentRequestSheetController::UpdateHeaderView$15,0002021-05-04
1170112tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-05-04
1168116v8_wasm_async_fuzzer.exe: Null-dereference in v8::base::Thread::Start-2021-05-02
1155974Security: WebGL Shader Stack Exhaustion leading to PC control in llvmpipe$1,0002021-05-01
1168550Security: mediadrm command injection-2021-05-01
1156170Security: Oilpan: Use After Poision in IsInConstruction<>() with chrome/xfa-2021-04-30
1161739Security: UAP in animate-2021-04-30
1167337tint_spv_reader_spv_writer_fuzzer: Segv on unknown address in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1167759tint_spv_reader_msl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168408tint_spv_reader_wgsl_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1168725tint_spv_reader_spv_writer_fuzzer: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-30
1138542gstoraster_fuzzer: Heap-buffer-overflow in mem_mapped4_copy_mono-2021-04-29
1155426Security: UAF in MediaStreamCapture$20,0002021-04-29
1162942Security: website is able to draw over protected UI elements (URL, padlock, tab list, titlebar) using 3D CSS transforms$5,0002021-04-29
1167242dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-29
1166549v8_inspector_fuzzer: DCHECK failure in isolate->has_pending_exception() != result in bootstrapper.cc-2021-04-29
1167277Lacros 3D Canvas can leak outside of iFrame-2021-04-29
1167918DCHECK failure in HasRemainingBytes(kUint8Size) in preparse-data-impl.h-2021-04-29
1167981CHECK failure: Bytecode mismatch at offset 2 in interpreter.cc-2021-04-29
1167988DCHECK failure in expr->scope()->outer_scope() == current_scope() in bytecode-generator.cc-2021-04-29
1168055CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver()) in js-objects-inl.h-2021-04-29
1169077tint_spv_reader_hlsl_writer_fuzzer.exe: Heap-use-after-free in tint::fuzzers::CommonFuzzer::Run-2021-04-29
1167709DCHECK failure in !done() in state-values-utils.cc-2021-04-27
1161705Security: heap-user-after-free in SearchTabHelper::DidStartNavigation-2021-04-26
1167505Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-26
1167430Heap-use-after-free in content::RenderWidgetHostViewAura::ForwardKeyboardEventWithLatencyInfo-2021-04-25
1138143segmentation fault in mojom::clipboard$20,0002021-04-24
1154965use after poison in blink::TimerBase::RunInternal$7,5002021-04-24
1163504Security: heap-buffer-overflow in extension$10,0002021-04-24
1163845Security: HeapOverflow in TabStripModel$10,0002021-04-24
1158381Security: Bypass iframe security policy in the portal element$5002021-04-23
1159377CrOS: Vulnerability reported in net-misc/curl-2021-04-23
1162123heap-use-after-free : web_app::WebAppMetrics::~WebAppMetrics-2021-04-23
1165966v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-23
1166354Use-of-uninitialized-value in v8::internal::RootScavengeVisitor::VisitRootPointers-2021-04-22
1160952dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-04-21
1162303Security: ChromeOS chronos privilege escalation to root$30,0002021-04-21
1164055Security: Blink web_test fonts unowned-2021-04-21
1164816Security: chrome://settings ImportData out-of-bounds READ-2021-04-21
1152894Security: WebView and Chromium based browser Omnibar Spoofing with Race Condition$3,0002021-04-19
1163184DCHECK failure in !code.marked_for_deoptimization() in compiler.cc-2021-04-19
1161654v8_wasm_fuzzer: DCHECK failure in has(reg.low()) == has(reg.high()) in liftoff-register.h-2021-04-17
1164158Security: PDFIum (XFA) Heap Overflow in RelocateTableRowCells$5,0002021-04-17
1164187Heap-use-after-free in ash::tray::TimeTrayItemView::~TimeTrayItemView-2021-04-17
1164326wayland_fuzzer: Heap-use-after-free in decltype-2021-04-17
1157818performance API reveals information about redirects (XS-Leak)-2021-04-16
1160448uaf in webgpu-2021-04-16
1162131Security: heap-use-after-free in IsBox$5,0002021-04-16
1163122Security: /run/arc/host_generated allows chronos to configure any Android system properties-2021-04-16
1163882Chromium: Vulnerability reported in third_party/binutils-2021-04-16
1147416uaf in dawn_wire::server::Server::OnBufferMapAsyncCallback(--enable-unsafe-webgpu)-2021-04-15
1160602Security: Use After Free in WebSQL$5,0002021-04-15
1161357Security: Debug check failed: code == topmost_ implies safe_to_deopt_$16,0002021-04-15
1161943dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in void dawn_wire::ChunkedCommandSerializer::SerializeCommandImpl<dawn_wire::Return-2021-04-15
1162156dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-04-15
1162198heap-use-after-free : mojo::core::NodeController::DropPeer-2021-04-15
1156904Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-04-14
1157743Security: spoof download on any websites$5002021-04-14
1162036UAF in MediaStreamTrackProcessor$5,0002021-04-14
1162834Heap-use-after-free in blink::ShadowList::CreateDrawLooper-2021-04-14
1161954v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-04-13
1162400v8_wasm_compile_fuzzer: Crash in Builtins_JSEntryTrampoline-2021-04-13
1150012gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token-2021-04-10
1062941libyuv_scale_fuzzer: Heap-buffer-overflow in ScaleFilterCols_16_C-2021-04-07
1161048Upgrade SQLite to 3.34.0-2021-04-07
1160225CrOS: Vulnerability reported in dev-util/glib-utils-2021-04-06
1160224CrOS: Vulnerability reported in dev-libs/glib-2021-04-05
1151727spvtools_opt_size_fuzzer: Heap-buffer-overflow in spvtools::opt::analysis::IntConstant::GetU64BitValue-2021-04-02
1159663uaf in media::learning::MojoLearningTaskControllerService::PredictDistribution$15,0002021-04-01
1128206Security: Possible for extension to escape sandbox via devtools_page and intentionally crashed renderer$10,0002021-03-30
1131346Potential UAF in Speech Recognizer-2021-03-30
1099985Heap-use-after-free for desks widget in bool ui::PropertyHandler::GetProperty<bool>-2021-03-29
1153993Security: Skia etc1 missing an uninitialized data fix-2021-03-29
1158266uaf in use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$5002021-03-29
1137607dawn_spirv_cross_glsl_fast_fuzzer: Use-of-uninitialized-value in spirv_cross::Compiler::CombinedImageSamplerUsageHandler::add_dependency-2021-03-28
1159267Security: URL bar spoofing in Payments API$5002021-03-27
1160286Use-of-uninitialized-value in base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>,-2021-03-27
1155876cgpt_fuzzer: Use-of-uninitialized-value in Crc32-2021-03-26
1159763CrOS: Vulnerability reported in net-misc/curl-2021-03-26
1137247Security: Spoofing download filename extension in 86 chrome - showSaveFilePicker$1,0002021-03-25
1159164Use-of-uninitialized-value in v8::internal::PerfJitLogger::LogWriteDebugInfo-2021-03-25
1159679dawn_spirv_cross_glsl_fast_fuzzer: Crash in spirv_cross::CompilerGLSL::to_array_size_literal-2021-03-25
1152645Security: Race condition on destruction of GpuMemoryBufferFactoryNativePixmap may cause use after free-2021-03-24
1157800Incomplete fix for auth dialog spoof in iOS$5002021-03-24
1157814Security: UAF in PasswordProtectionRequest$20,0002021-03-24
1158774ots_fuzzer: Use-of-uninitialized-value in ots::OpenTypeGLYF::ParseSimpleGlyph-2021-03-24
1157790Security: Out of Bounds in V8$1,0002021-03-23
1157799CrOS: Vulnerability reported in dev-libs/openssl-2021-03-23
1157994DCHECK failure in !SharedStringAccessGuardIfNeeded::IsNeeded(*this) in string-inl.h-2021-03-22
1158071Bad-cast to mojo::InterfaceEndpointClient from content::RenderFrameImpl in mojo::internal::AssociatedInterfacePtrStateBase::~AssociatedInterfacePtrStateBas-2021-03-21
1153516Heap-buffer-overflow in SkAnalyticEdge::setLine$6,0002021-03-19
1154468use after poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$5,0002021-03-19
1155854CrOS: Vulnerability reported in net-fs/samba-2021-03-19
1156431v8_multi_return_fuzzer: DCHECK failure in saved_fpregisters[i] == dreg_bits(PopLowestIndexAsCode(&fpregister_list)) in sim-2021-03-19
1157324v8_wasm_compile_fuzzer: DCHECK failure in caller->CanTailCall(callee) in instruction-selector.cc-2021-03-19
1020667Security: Insecure Memory Copy in Trousers$5002021-03-18
1101961Heap-buffer-overflow in cc::PaintWorkletImageProvider::GetPaintRecordResult-2021-03-18
1150810Security: File System Access API - getFileHandle() allowing to save .lnk files$1,0002021-03-18
1151726Heap-use-after-free in printing::PrintManager::GetPrintRenderFrame-2021-03-18
1156513pdf_codec_jpeg_fuzzer: Use-of-uninitialized-value in decompress_smooth_data-2021-03-18
831761SameSite cookie bypass via Custom Scheme$1,0002021-03-17
1148749Double free/UAF in RegionDataLoaderImpl::DeleteThis$20,0002021-03-17
1150065UaF in AudioHandler::ProcessIfNecessary-2021-03-17
1153658uaf in AudioNodeOutput::Pull$6,0002021-03-17
1155710Iterating a directory with the File System Access API does not check current permissions.-2021-03-17
1156510Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized$5,0002021-03-17
957042Security: Possible to partially break sandbox restrictions imposed upon popup windows$1,0002021-03-16
1105875Security: XS-Leak with Resource Timing API and CSP Embedded Enforcement$1,0002021-03-16
1131929[Resource Timing] Missing PerformanceResourceTiming entries for iframe Requests that don't receive a Response$1,0002021-03-16
1149171Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-03-16
1149895Security: OpenSSL certificate blocklist isn't installed in images-2021-03-16
1151069Security: heap-buffer-overflow in AudioWorkletProcessor::CopyParamValueMapToObject-2021-03-16
1151298Security: Use-After-Free in DeflateTransformer$7,5002021-03-16
1154936webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in init_encode_frame_mb_context-2021-03-16
1155497v8_wasm_compile_fuzzer: DCHECK failure in IsSimd128Register() in instruction.h-2021-03-16
1155959DCHECK failure in kCanBeWeak || (!IsSmi() == (((static_cast<i::Tagged_t>(ptr_) & ::i::kHeapObjectT-2021-03-15
1156001Crash in v8::internal::HandleBase::IsDereferenceAllowed-2021-03-15
1140435Security: showSaveFilePicker allowing to save file extension with space at the end - cannot delete file on windows-2021-03-13
1140403Security: Hide real extension of file by many white spaces - showSaveFilePicker$1,0002021-03-13
1140410Security: Hide real extension of file by RTL - showSaveFilePicker$1,0002021-03-12
1140417Security: showSaveFilePicker allowing to save .lnk and .local files on windows!$1,0002021-03-12
1146855Heap-use-after-free in blink::AggregatingSampleCollector::Flush-2021-03-12
1150249Index-out-of-bounds in blink::AudioArray<float>::Allocate-2021-03-12
1150798Security: UAF in the views::DialogDelegate in the browser process$5,0002021-03-12
1152327Security: File System Access API & Symlinks-2021-03-12
1153595Security: UAF in Drag-and-drop$20,0002021-03-12
1155178Security: Skia GPU bug$6,0002021-03-12
1149125Security: Some WebUI pages enable MojoJS bindings for the subsequently-navigated site$7,5002021-03-10
1150772Index-out-of-bounds in blink::NGPhysicalBoxFragment::Create-2021-03-10
1152387Crash in icu_68::RuleBasedBreakIterator::handleNext-2021-03-10
1153442DCHECK failure in UseScratchRegisterScope{this}.CanAcquire() in liftoff-assembler-arm.h-2021-03-10
1154439DCHECK failure in num_locals_ == local_types_.size() in function-body-decoder-impl.h-2021-03-10
1114062heap-use-after-free in is_null-2021-03-09
1149204Security: heap-buffer-overflow in blink::WebGLRenderingContextBase::MakeXrCompatibleSync$5,0002021-03-09
1110751Security: GoogleCrashHandler exist Any process DOS vulnerability-2021-03-08
1149115Heap-buffer-overflow in v8::internal::Simulator::WriteW-2021-03-08
1152937v8_wasm_fuzzer: DCHECK failure in decoder->ok() in graph-builder-interface.cc-2021-03-05
1049265Extensions with no special privileges are allowed to navigate to devtools:// scheme pages.$1,0002021-03-04
1108126Security: Chrome Apps can access chrome.storage for other extensions via webview$3,0002021-03-04
1150371Security: OOBW in the icu_68::FormattedStringBuilder::insert$5,0002021-03-04
1151865Security: OOB-read in network DataElement struct traits.-2021-03-04
1151890Security: Uninitialised memory read with BigInt right-shift$3,0002021-03-04
1143412Security: Pixelbook reveals windows underneath lock screen when external display is plugged in-2021-03-03
1151684webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_enc_setup_mi-2021-03-03
1151799heap-buffer-overflow in MoveWebContentsAtImpl(extension)$15,0002021-03-03
978798Security: Possible to fake the lock or login screen in full screen mode to phish user passwords-2021-03-02
1142024heap-use-after-free : gpu::SharedImageRepresentationDawnIOSurface::EndAccess-2021-03-02
1146872Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-03-02
1149586v8_inspector_fuzzer: DCHECK failure in ThreadId::Current() == isolate->thread_id() in compiler.cc-2021-03-02
1150649DCHECK failure in 0 <= length && length <= kMaxSafeInteger in builtins-array.cc-2021-03-02
1151270Heap-buffer-overflow in avx::rect_memset32-2021-03-02
1151248Crash in hsw::load_NUMBER_dst-2021-03-02
1151294Crash in erms::rect_memset32-2021-03-02
1151320Crash in hsw::load_NUMBER_dst-2021-03-02
1151322Crash in hsw::blit_row_s32a_opaque-2021-03-02
1151460Crash in SkARGB32_Black_Blitter::blitAntiH-2021-03-02
1151532Heap-buffer-overflow in ssse3::blit_mask_d32_a8-2021-03-02
1151551Heap-buffer-overflow in hsw::lowp::load_NUMBER_dst-2021-03-02
1151601Heap-use-after-free in hsw::blit_row_s32a_opaque-2021-03-02
1151602Use-after-poison in v8::internal::AstRawString::Compare-2021-03-02
1151611Heap-buffer-overflow in hsw::S32_alpha_D32_filter_DX-2021-03-02
709946Security: <link rel='prerender'> causes same-site cookies to be sent along with cross-site requests$2,0002021-02-26
1038002Unintended Data Leakage Through HTTP Request Headers$2,0002021-02-26
1149692Security: Heap-use-after-free in BluetoothChooserController::AddOrUpdateDevice$15,0002021-02-26
1150317Security: Potential remote code exec from web content in u2fd-2021-02-26
1138683Security: Use-after-free in MediaStreamCaptureIndicator::WebContentsDeviceUsage::AddDevices()$10,0002021-02-24
1141376Security: --experimental-wasm-gc array length allocation wraps on 32bit-2021-02-24
1147357Heap-use-after-free in blink::NGContainerFragmentBuilder::MoveOutOfFlowDescendantCandidatesToDescendant-2021-02-24
1146670TFC chrome full chain-2021-02-22
1142331Security: use-after-poison in blink::FileReaderLoader::OnReceivedData$5,0002021-02-20
1148504media_h265_decoder_fuzzer: Stack-buffer-overflow in media::H265Decoder::BuildRefPicLists-2021-02-20
1148657Use-after-poison in blink::MediaInspectorContextImpl::RemovePlayer-2021-02-20
1106424gstoraster_fuzzer: Use-of-uninitialized-value in s_A85D_process-2021-02-19
1130226gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph-2021-02-19
1141062gstoraster_fuzzer: Use-of-uninitialized-value in aes_setkey_enc-2021-02-19
1142020heap-buffer-overflow : gfx::internal::StyleIterator::GetTextBreakingRange-2021-02-19
1143662use-after-poison in blink::CanvasResourceHost::InitializeForRecording(canvas_resource_host.cc)$5,0002021-02-19
1146025Content-Security-Policy headers are lost when the page is restored from bfcache-2021-02-19
1144646NAT Slipstream: Overlong usernames in TURN credentials-2021-02-19
1146068Crash in icu_68::FormattedValueStringBuilderImpl::nextPositionImpl-2021-02-19
1147430Security: Heap-buffer-overflow in SkBitmapOperations::UnPreMultiply-2021-02-19
1147516airscan_query_fuzzer: Index-out-of-bounds in log_message-2021-02-19
1147944airscan_query_fuzzer: Use-of-uninitialized-value in trace_unref-2021-02-19
1147943DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-19
1148772media_h265_decoder_fuzzer: Crash in base::AtomicRefCount::Decrement-2021-02-19
1146654media_h265_parser_fuzzer: Stack-buffer-overflow in media::H265Parser::ParseStRefPicSet-2021-02-17
1146673Security: type confusion in wasm cache-2021-02-17
1146709Security: Browser UAF when detaching a provisional frame-2021-02-17
1146714DCHECK failure in vector->optimization_marker() != OptimizationMarker::kCompileOptimizedConcurrent-2021-02-17
1147431Security: Heap-buffer-overflow in ClipboardWin::WriteBitmap-2021-02-17
1147623media_h265_decoder_fuzzer: Stack-buffer-overflow in scoped_refptr<media::H265Picture>::swap-2021-02-17
1128479Heap-buffer-overflow in cc::TransformTree::StickyPositionOffset-2021-02-16
1137606Heap-use-after-free in ui::LayerAnimationSequence::ProgressToEnd-2021-02-16
1142069heap-use-after-free : content::DownloadManagerImpl::GetDownload-2021-02-16
1145906heap-use-after-free : ProfileInfoCache::NotifyProfileAuthInfoChanged-2021-02-16
1146675Security: UAF in PepperFileIOHost-2021-02-16
1146761Security: UAF in ImageDecoderExternal due to ArrayBuffer Neuter$7,5002021-02-16
1146789Bad-cast to blink::LayoutBox from blink::LayoutTextFragment in blink::LayoutBox::LastChildBox-2021-02-16
1146861DCHECK failure in dst.low_gp() != lhs.high_gp() in liftoff-assembler-arm.h-2021-02-16
1146873net_host_resolver_manager_fuzzer: Heap-buffer-overflow in net::ServiceFormHttpsRecordRdata::IsEqual-2021-02-16
1147331Bad-cast to int () in x11::InitXlib-2021-02-16
1136078UaF in PaymentCredential::DidDownloadFavicon-2021-02-15
1137362Security: Chrome Browser Policy Bypass "Allow invocation of file selection dialogs"$5002021-02-15
1146728DCHECK failure in vector->optimization_tier() == OptimizationTier::kNone || (vector->optimization_-2021-02-15
1144017Use-of-uninitialized-value in policy::UserCloudPolicyManager::IsFirstPolicyLoadComplete-2021-02-14
1146679Security: WeakPtr checks are optimized out-2021-02-14
1139411Security: cryptohomed skeleton copy can be raced to chown things to user chronos-2021-02-12
1139414Security: imageburner path check can be raced-2021-02-12
1144489Security: OSExchangeDataProviderWin::SetDragImage-2021-02-11
1144603v8_wasm_code_fuzzer: DCHECK failure in array_buffer->is_shared() in isolate.cc-2021-02-11
1146013DCHECK failure in function->is_compiled() in compiler.cc-2021-02-11
1137104uaf in load4 SkRasterPipeline_opts.h$5,0002021-02-10
1137179Security: Root priv escalation through cryptohomed, imageburner, arc-obb-mounter$30,0002021-02-10
1140376neteq_rtp_fuzzer: Use-of-uninitialized-value in webrtc::test::NetEqTest::RunToNextGetAudio-2021-02-10
1143448Heap-use-after-free in ScopedObserver<views::Widget, views::WidgetObserver, &-2021-02-10
1144449cras_rclient_message_fuzzer: Heap-buffer-overflow in ccr_handle_message_from_client-2021-02-10
1116444Security: Extensions can capture contents of local files using Page.captureScreenshot$5,0002021-02-09
1125362Security: Possible for extension to escape sandbox via chrome.debugger API and error page$10,0002021-02-09
1140949CrOS: Vulnerability reported in net-wireless/bluez-2021-02-09
1143057Security: WebUSB permission dialog can appear over the wrong tab$5002021-02-09
1145124Bad-cast to icu_68::UVector from invalid vptr in icu_68::AliasReplacer::outputToString-2021-02-09
1144368Security: ConvertToJavaBitmap heap-buffer-overflow.-2021-02-07
1144070mediasource_MP2T_AACSBR_pipeline_integration_fuzzer: Use-of-uninitialized-value in float media::FloatSampleTypeTraits<float>::From<float>-2021-02-06
1119873Security: UAF in CSSLayout worklet$5,0002021-02-05
1143772Security: V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion-2021-02-05
1084649dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in libvulkan.so.1-2021-02-04
1137581cups_ippreadio_fuzzer: Use-of-uninitialized-value in create_item-2021-02-04
1137604Heap-use-after-free in ScopedObserver<aura::Window, aura::WindowObserver, &-2021-02-04
1143053v8_wasm_code_fuzzer: Crash in v8::internal::TaggedField<v8::internal::WasmModuleObject, 112>::load-2021-02-04
1141350Security: Yet another universal XSS via copy&paste$3,0002021-02-03
1142675uaf in VideoFrame::CreateImageBitmap$5,0002021-02-03
1134107Security: stack buffer overflow write in RtcEventLogEncoderLegacy::EncodeRtcpPacket$1,0002021-02-02
1137594CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsDereferenceAllowed()) in handles.h-2021-02-02
1137603Heap-use-after-free in blink::PropertyTreeStateOrAlias::Unalias-2021-02-02
1139409Security: cros-disks will mount local loop devices-2021-02-02
1093791Security: Chrome's insecure construction of curl commands allows untrusted websites to retrieve local files from the user's system$5002021-02-01
1140549v8_wasm_compile_fuzzer: DCHECK failure in src.is_byte_register() in assembler-ia32.cc-2021-01-30
1141868Security DCHECK failure: IsA<Derived>(from) in casting.h-2021-01-30
1132954Security: Root priv escalation through shill, arc-setup, and upstart$30,0002021-01-29
1133047Security: arc-setup should validate /run/arc/oem/etc/media_profiles.xml is not a symlink-2021-01-29
1136714Incorrect security UI at screen share API$5002021-01-29
1138878Possible UAF in SctpTransport's sctp_inpcb_free-2021-01-29
1141743Use-of-uninitialized-value in blink::IsOperatorWithSpecialShaping-2021-01-29
1125018Arbitrary file deletion in google chrome updater in master/chrome/updater/installer.cc$1,0002021-01-28
1127595Chromium: Vulnerability reported in third_party/libxml-2021-01-28
1138190pdfium CompositeRow_8bppRgb2Rgb_NoBlend_RgbByteOrder heap-buffer-overflow-2021-01-28
1139153Security: Heap-use-after-free in WebRTC$7,5002021-01-28
1139825pdfium heapoverflow CompositeRow_Argb2Argb_RgbByteOrder-2021-01-28
1141256Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect-2021-01-28
1097499pdf_scanlinecompositor_fuzzer: Crash in GetAlphaWithSrc-2021-01-27
1137580Bad-cast to content::AgentSchedulingGroup from invalid vptr in content::RenderFrameImpl::Send-2021-01-27
1138942Bad-cast to content::AgentSchedulingGroup from invalid vptr in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-27
1139398Security: [ANGLE] Invalid memory access in libglesv2!rx::IndexDataManager::streamIndexData$15,0002021-01-27
1037839pdf_scanlinecompositor_fuzzer: Crash in RGB_Blend-2021-01-26
1128340CVE-2020-25211 CrOS: Vulnerability reported in Linux kernel-2021-01-26
1134261Security: UAF in Skia SkContourMeasureIter caused by SkPath::shrinkToFit-2021-01-26
1137608v8_wasm_compile_fuzzer: DCHECK failure in 0 <= offset in assembler-arm.cc-2021-01-26
1138877Security: heap-buffer-overflow in window.find$2,0002021-01-26
1138911Security: UAF in TabStrip$15,0002021-01-26
1139786CHECK failure: Type cast failed in CAST(p->receiver()) at ../../src/ic/accessor-assembler.cc:25-2021-01-26
1140197Security: Apply fix for freetype heap buffer overflow to Chrome OS-2021-01-26
1137583DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-x64.h-2021-01-25
1137584Bad-cast to blink::DrawingDisplayItem from blink::DisplayItem in blink::ConversionContext::Convert-2021-01-25
1137591Heap-use-after-free in blink::PaintArtifactCompositor::UpdateDebugInfo-2021-01-25
1139408arc-media-removable-{read,write} are not using noexec-2021-01-25
945997Using Flash's ProgressEvent to extract the length of cross-site responses$1,0002021-01-24
1138446Security: webrtc container-overflow in the browser process$5,0002021-01-24
1139163Security DCHECK failure: tree_order < tree_scopes_.size() in match_result.h-2021-01-24
830808SameSite cookie bypass via openWindow$5002021-01-22
1115590CSP Bypass via Chrome Extension$3,0002021-01-22
1133527Security: Debug check failed: IsFound() || !holder_->HasFastProperties(isolate_)$5,0002021-01-22
1135594Security: woff2 missing upstream fix for integer overflow-2021-01-22
1137630Security: PDFium heap-use-after-free in CPWL_ListBox::~CPWL_ListBox()$7,5002021-01-22
1125614UaF in Payment (Android)-2021-01-21
1135018Security: UaF in TabSharingUI$15,0002021-01-21
1137586DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1137590Crash in blink::NGBlockLayoutAlgorithm::CreateConstraintSpaceForChild-2021-01-21
1137609Crash in blink::ShapeResultView::CreateShapeResult-2021-01-21
1137650Crash in blink::ComputedStyleBase::MutableFilterInternal-2021-01-21
1138577Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-21
1138776CHECK failure: fixed_size_above_fp + in deoptimizer.cc-2021-01-21
1138915DCHECK failure in effect_edges > 0 in verifier.cc-2021-01-21
1107970gstoraster_fuzzer: Use-of-uninitialized-value in clip_runs_enumerate-2021-01-20
1116729dawn_wire_server_and_vulkan_backend_fuzzer: Heap-buffer-overflow in vk::DescriptorSetLayout::DescriptorSetLayout-2021-01-20
1125240dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::Server::GetCmdSpace-2021-01-20
1137578v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<-2021-01-20
1137579Crash in cc::DroppedFrameCounter::ReportFrames-2021-01-20
1137582DCHECK failure in stack_capacity_end_ > stack_end_ in function-body-decoder-impl.h-2021-01-20
1137588Use-after-poison in blink::VideoFrameCallbackRequesterImpl::~VideoFrameCallbackRequesterImpl-2021-01-20
1137587ndproxy_fuzzer: Use-of-uninitialized-value in patchpanel::NDProxy::GetPrefixInfoOption-2021-01-20
1137596v8_wasm_compile_fuzzer: Crash in unsigned int v8::base::ReadUnalignedValue<unsigned int>-2021-01-20
1137597CHECK failure: IsValidHeapObject(isolate->heap(), HeapObject::cast(p)) in objects-debug.cc-2021-01-20
1137598dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn_wire::server::KnownObjects<WGPUBufferImpl*>::Get-2021-01-20
1137601CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2021-01-20
1137600v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::kValidate,v8::i-2021-01-20
1137602Crash in Builtins_TestEqualStrictHandler-2021-01-20
1137605Crash in Builtins_TypeOfHandler-2021-01-20
1137652Bad-cast to float (float) noexcept in skvx::Vec<sizeof...-2021-01-20
1137668PDFium(XFA) Heap-use-after-free in ProbeForLowSeverityLifetimeIssue-2021-01-20
1138197DCHECK failure in 2 == args.length() in builtins-reflect.cc-2021-01-20
1133009Security: login_manager symlink attack-2021-01-19
1134338Security: Incorrect Handling of XFrameOptions with mailMsg in the PDF Viewer$3,0002021-01-19
1136327Security: Use of use-of-uninitialized-value in UsbDeviceHandleUsbfs-2021-01-19
1137595Bad-cast to content::AgentSchedulingGroup from mojo::core::UserMessageImpl in base::internal::Invoker<base::internal::BindState<content::RenderFrameImpl::OnUn-2021-01-19
1133210DCHECK failure in !IsJSGlobalObject(isolate) in js-objects-inl.h$5,0002021-01-18
1133635Security: UAF in PasswordGenerationPopupControllerImpl::PasswordAccepted$20,0002021-01-18
1135835DialURLFetcher::Start may bypass Sec-Fetch-Site-2021-01-18
1125337Portrait photos (taken by Pixel3aXL) with EXIF crash on Desktop$5002021-01-15
1128270Security: UAF in UrlLoaderFactoryProxyImpl$20,0002021-01-14
1132998CrosDisks accepts arbitrary bind mount parameters-2021-01-14
1134960Security: Use-after-free with using print dialog$3,0002021-01-14
1135857Security: UAF in USBDevice$10,0002021-01-14
1133006Security: network_diag does not validate multiline input-2021-01-12
1134983CrOS: Vulnerability reported in net-fs/samba-2021-01-12
1110195Security: Method field allows injection of HTTP requests-2021-01-09
1122487UAF in devtools$5002021-01-08
1133183Incorrect Security UI when using Tab preview$5002021-01-08
1133275CrOS: Vulnerability reported in sys-libs/ldb-2021-01-08
1133668Use after free triggered from mojo::SyncEventWatcher-2021-01-08
1133671Security: UAF in AutofillPopupControllerImpl::HandleKeyPressEvent$20,0002021-01-08
1133688Security: UAF in PasswordGenerationPopupControllerImpl::HandleKeyPressEvent$20,0002021-01-08
1133983Security: UaF in printing::PrintRenderFrameHelper::PreviewPageRendered()$5,0002021-01-08
1124661Bad-cast to blink::LayoutInline from blink::LayoutBlockFlow in blink::NGInlineNode::ComputeOffsetMapping-2021-01-06
1124963Heap-buffer-overflow in blink::NGOffsetMapping::GetMappingUnitsForLayoutObject-2021-01-06
1128657audio.captureStream() may allow cross-origin resource theft-2021-01-06
1133000ArcObbMounter mounts without noexec-2021-01-06
1133001Security: ArcObbMounterInterface.MountObb takes arbitrary gid offset-2021-01-06
960357Chrome v74 JS dialog description Spoof vulnerability on IOS$5002021-01-05
1127322UaF in ServiceWorkerPaymentApp-2021-01-05
1129850uaf in browser process(ServiceWorkerScriptLoaderFactory())-2021-01-05
1127620DCHECK failure in OperatorProperties::GetTotalInputCount(node->op()) == node->InputCount() in veri-2021-01-05
1132641Security: out of bounds write in CanonicalizeTimeZoneID-2021-01-05
1132926Step "browser_tests" failing on builder "Linux ChromiumOS MSan Tests"-2021-01-05
1080395Android/iOS: URL spoofing using long sub-domain for blob:URL$3,0002021-01-04
1126881CrOS: Vulnerability reported in net-libs/gnutls-2021-01-02
1131040Check secure payment confirmation feature state in browser process.-2021-01-02