Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2022.json

Options
#Summary$$$Disclosure date
1322425CrOS: Vulnerability reported in media-libs/freetype-2022-12-31
1322858CrOS: Vulnerability reported in media-libs/freetype-2022-12-31
1343384heap-buffer-overflow in RPHReferenceManager::OnWebContentsDestroyedOrNavigated$7,0002022-12-31
1365082Existing Trusted Types check for javascript url can be bypassed-2022-12-31
1366633heap-use-after-free supports_user_data.cc:30 in base::SupportsUserData::GetUserData-2022-12-31
1366813Security: custom_element_registry use-after-poison$7,0002022-12-31
1367107CHECK failure: elements() == ReadOnlyRoots(isolate).empty_fixed_array()-2022-12-31
1367133CHECK failure: fixed_size_above_fp + (stack_slots * kSystemPointerSize) - CommonFrameConstants:-2022-12-31
1364492Security: Heap-use-after-free in UnusedSitePermissionsService::UpdateUnusedPermissionsAsync$1,0002022-12-29
1366521Security: Cast cert verification: builtin certificate verifier can be bypassed with invalid TBS signature algorithm-2022-12-29
1302813Heap-use-after-free in ImportDataHandler::~ImportDataHandler$2,0002022-12-28
1303306Security: Locked devices - VPN adding possible$5,0002022-12-28
1328708UAF in SessionLogHandler::FileSelected$2,0002022-12-28
1344514Heap-use-after-free on CaptionBubble::BackToTabButtonPressed$1,0002022-12-28
1350564Security: heap-use-after-free chrome/browser/ui/views/tabs/tab_drag_controller.cc:1480:7 (Lacros)$2,0002022-12-28
1351339double-free in libXml's error handling-2022-12-28
1359937ASSERT: i >= 0 && i < len_-2022-12-28
1365248Heap-use-after-free in void base::internal::Invoker<base::internal::BindState<void-2022-12-28
1362529v8_inspector_fuzzer: DCHECK failure in maybe_result.is_null() in microtask-queue.cc-2022-12-27
1358026Security: Heap-use-after-free in FrameUserNoteChanges$7,0002022-12-26
1363021uaf in TemplateStore::GetTemplates-2022-12-26
1363998Security: UAF in TransportClientSocket$11,0002022-12-26
1363859v8_wasm_compile_fuzzer: DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2022-12-25
1363895v8_wasm_compile_fuzzer: Trap in v8::internal::Scavenger::Process-2022-12-25
1348464Security: container-overflow in HistoryClustersHandler::OpenVisitUrlsInTabGroup$2,0002022-12-23
1362487Trap in v8::internal::__RT_impl_Runtime_AbortCSADcheck-2022-12-23
1364319DCHECK failure in type.representation() == MachineRepresentation::kFloat64 || type.representation(-2022-12-23
1364539CHECK failure: next_index().Number() >= 0 in objects-debug.cc-2022-12-23
1183604Compromised web renderer that *hasn't* run any content scripts can spoof chrome.storage (and other API calls) for any extension-2022-12-22
1237637wayland_buffer_fuzzer: Use-of-uninitialized-value in ui::WaylandScreen::AddOrUpdateDisplay-2022-12-22
1351177Security: Potential UAF in WebstoreInstallWithPrompt$2,0002022-12-22
1358375Heap-use-after-free in PresShell::DispatchSynthMouseMove-2022-12-22
1358870Security: UAF in CompoundTabContainer$8,0002022-12-22
1358907Heap-use-after-free in blink::StyleVariables::operator==$9,0002022-12-22
1359382DCHECK failure in !node->is_dead() in maglev-regalloc.cc-2022-12-22
1359429CHECK failure: properties_or_hash__value.IsSmi() || properties_or_hash__value.IsFixedArrayBase(-2022-12-22
1359745DCHECK failure in IsPrimitiveMap() in map-inl.h-2022-12-22
1359928CHECK failure: shared(isolate).IsSharedFunctionInfo() in objects-debug.cc-2022-12-22
1360792Crash in Builtins_JSEntryTrampoline-2022-12-22
1360797CHECK failure: map.IsMap(cage_base) in new-spaces.cc-2022-12-22
1360801Trap in v8::internal::Isolate::PushStackTraceAndDie-2022-12-22
1360875Crash in Builtins_StringEqual-2022-12-22
1362954Crash in v8::internal::Invoke-2022-12-22
1364069Segv on unknown address in v8::internal::IsolateData::cage_base-2022-12-22
1323488memeory corruption in frame_queue_underlying_source.cc$3,0002022-12-20
1358872DCHECK failure in descriptors.GetDetails(index).representation().IsDouble() in maglev-graph-builde-2022-12-20
1358878DCHECK failure in is_loadable() in maglev-ir.h-2022-12-20
1359427DCHECK failure in (heap) != nullptr in heap-write-barrier-inl.h-2022-12-20
1359926DCHECK failure in (prediction) == nullptr in frames.cc-2022-12-20
1361245DCHECK failure in topmost_optimized_code.is_null() || safe_if_deopt_triggered || is_builtin_code i-2022-12-20
1361332DCHECK failure in input.node()->has_register() || input.node()->is_loadable() in maglev-regalloc.c-2022-12-20
1361377Security: UAF in CrostiniUpgraderDialog::OnDialogCloseRequested-2022-12-20
1361627heap-use-after-free : display::Display::id-2022-12-20
1362174Crash in v8::internal::LookupIterator::ComputeConfiguration-2022-12-20
1362298DCHECK failure in !has_optimized_code() || optimized_code().marked_for_deoptimization() || (CodeKi-2022-12-20
1271406Fenced Frame can trigger downloads-2022-12-19
1360936Security: WebRTC VP9 Simulcast screenshare crash-2022-12-19
1361849pdfium_fuzzer: Heap-use-after-free in CPDF_StreamAcc::~CPDF_StreamAcc-2022-12-18
1345275Security: Symbolic Link Following + Upload Warning Bypass$3,0002022-12-17
1351619Security: UAF in LocalDeskDataManager$1,0002022-12-17
1359958Use-after-poison in v8::internal::maglev::StraightForwardRegisterAllocator::InitializeEmptyBlockRegi-2022-12-17
1360736DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsT-2022-12-17
1361345Crash in v8::internal::maglev::Input::node-2022-12-17
1361434Trap in v8::internal::__RT_impl_Runtime_AbortCSADcheck-2022-12-17
1361899Trap in Builtins_CheckTurbofanType-2022-12-17
1361903freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in TT_Get_MM_Var-2022-12-17
1319229UAF in ash::HatsDialog$3,0002022-12-15
1320139UAF in ash::HatsDialog::Show$2,0002022-12-15
1338114webcodecs_video_encoder_fuzzer: Stack-buffer-overflow in aom_scaled_2d_ssse3-2022-12-15
1361159freetype_cff_ftengine_fuzzer: Invalid-free in ft_free-2022-12-15
1339656audio_encoder_isac_float_fuzzer: Stack-buffer-overflow in WebRtcIsac_PitchAnalysis-2022-12-14
1342163Security: Heap-use-after-free in UserNoteUICoordinator::Invalidate$7,0002022-12-14
1358381Security: OOB Write in sqlite3FindInIndex$7,0002022-12-14
1359227DCHECK failure in (shared_object_conveyor_) != nullptr in value-serializer.cc-2022-12-14
1359675CHECK failure: key.IsName()-2022-12-14
1359776DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2022-12-14
1359991DCHECK failure in !is_length_tracking() in js-array-buffer-inl.h-2022-12-14
1360189Crash in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ScavengeVis-2022-12-14
1360295freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in TT_Get_MM_Var-2022-12-14
1360432Trap in v8::internal::__RT_impl_Runtime_Abort-2022-12-14
1360684Stack-use-after-scope in base::SplitStringPiece-2022-12-14
1360793Crash in v8::internal::CheckObjectComparisonAllowed-2022-12-14
1360796DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2022-12-14
1360803CHECK failure: IsJSFunction()-2022-12-14
1332924MicrosoftEdgeUpdate DACL Privilege Escalation-2022-12-13
1356895Crash in c:\clusterfuzz\bot\builds\v8-asan_win64-release_4b2f02da5ce6ecbd9ca48ce0c60db498-2022-12-13
1358732Security: clang-analyzer-cplusplus.NewDelete in third_party/pdfium/core/fpdfapi/parser/cpdf_object_walker.cpp-2022-12-13
1359519Crash in v8::internal::LookupIterator::ComputeConfiguration-2022-12-13
1359637DCHECK failure in !context().is_null() in isolate-inl.h-2022-12-13
1359639Crash in Builtins_ConstructWithArrayLike_WithFeedback-2022-12-13
1359784Crash in Builtins_AsyncFunctionEnter-2022-12-13
1359812Crash in v8::internal::Isolate::MayAccess-2022-12-13
1359835DCHECK failure in static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES in frames.h-2022-12-13
1359931Crash in Builtins_DatePrototypeGetUTCFullYear-2022-12-13
1360061Crash in v8::internal::LookupIterator::GetRootForNonJSReceiver-2022-12-13
1355237use-after-poison local_frame_view.cc:816 in blink::LocalFrameView::PerformLayout$9,0002022-12-12
1359163CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc-2022-12-12
1359215CHECK failure: proto.map().oddball_type() == OddballType::kNull-2022-12-12
1359425CHECK failure: context__value.IsContext() in class-verifiers.cc-2022-12-12
1359426CHECK failure: context__value.IsContext()-2022-12-12
1359598Crash in Builtins_DatePrototypeGetUTCSeconds-2022-12-12
1359658Crash in v8::internal::Factory::NewCatchContext-2022-12-12
1359662Crash in Builtins_FastNewClosure-2022-12-12
1359822Crash in Builtins_CEntry_Return2_SaveFPRegs_ArgvOnStack_BuiltinExit-2022-12-12
1359868Crash in v8::internal::Map::instance_type-2022-12-12
1359936DCHECK failure in !map->is_deprecated() in map-updater.cc-2022-12-12
1357397Security: UAF in ash::PrintServersProviderImpl::NotifyObservers$2,0002022-12-10
1359294CHECK failure: addr + size <= chunk_->area_end() in mark-compact-inl.h-2022-12-10
1359638Crash in v8::internal::Scavenger::Process-2022-12-10
1343104Extensions can Page.navigate to chrome-untrusted://crosh and chrome-untrusted://terminal$3,0002022-12-09
1343219Heap-use-after-free in ash::AshNotificationView::ActionButtonPressed$6,0002022-12-09
1344878use-after-free in Serial$3,0002022-12-09
1346938webcodecs_video_encoder_fuzzer: Stack-buffer-overflow in aom_scaled_2d_ssse3-2022-12-09
1348283Security: Pending fix for ffmpeg memory corruption bug-2022-12-09
1356308Breakpoint with empty stacktrace-2022-12-09
1357413uaf in webrtc::VideoStreamEncoder::RequestRefreshFrame$7,5002022-12-09
1358059create_trials_from_seed_fuzzer: Use-of-uninitialized-value in variations::internal::ShouldAddStudy-2022-12-09
1358075Security: heap-use-after-free in SearchNameNodeByNameInternal$10,0002022-12-09
1358597heap-use-after-free html_element.cc:1850 in blink::HTMLElement::offsetTopForBinding$7,0002022-12-09
1359084CHECK failure: c_wrapper_code__value.IsCodeDataContainer() in class-verifiers.cc-2022-12-09
1359114DCHECK failure in !has_optimized_code() || optimized_code().marked_for_deoptimization() || (CodeKi-2022-12-09
1317904Security: Select dropdown able to overlap fullscreen notification toast$3,0002022-12-07
1350111Security: compromised renderer is able to send extension message to another tab$3,0002022-12-07
1352817Security: UAF in FeedbackData::CompressSystemInfo$2,0002022-12-07
1355252use-after-free in BrowserCrashEventRouter$6,0002022-12-07
1355902Security: UAF in content::CrOSSystemTracingSession::StartTracingCallbackProxy (browser process)$5,0002022-12-07
1356234MessagingAPIMessageFilter::OnOpenChannelToNativeApp doesn't verify `const PortContext& source_context`-2022-12-07
1358090Security: heap-use-after-free in CPDF_FormField::ResetField()$10,0002022-12-07
1189392ChromeRenderFrame.RequestImageForContextNode violates the Rule of 2-2022-12-06
1267867Security: It is possible to lock the pointer while window is not focused.$1,0002022-12-06
1335706CrOS: Vulnerability reported in app-editors/vim-2022-12-06
1336938CrOS: Vulnerability reported in app-editors/vim-2022-12-06
1337542CrOS: Vulnerability reported in app-editors/vim-2022-12-06
1348498Security: UAF in LockScreenReauthHandler::HandleCompleteAuthentication$3,0002022-12-06
1350609Security: heap-use-after-free ash/app_list/views/apps_grid_view.cc:653:26 in ash::AppsGridView::EndDrag(bool) (chromeOS)$2,0002022-12-06
1357303Security: PDFium OOB Write in OpenJPEG due to a missed patch$7,0002022-12-06
1357884Heap-use-after-free in ash::MultiCaptureNotification::~MultiCaptureNotification-2022-12-06
1243932gpu_swangle_passthrough_fuzzer: Crash in gpu::gles2::GLES2DecoderPassthroughImpl::DoBindTexture-2022-12-04
1355892rtp_video_layers_allocation_fuzzer: Trap in rtc::webrtc_checks_impl::WriteFatalLog-2022-12-04
1355103Security: potential buffer overflow in zlib - CVE-2022-37434$1,0002022-12-02
1355682Security: PDFium OOB Access in CXFA_ViewLayoutProcessor::GetNextAvailContentHeight$7,0002022-12-02
1356187heap-buffer-overflow in FederatedAuthRequestImpl::RequestToken-2022-12-02
1215946Security: Chrome OS - Guest mode | critical commands via crosh which even persist guest by guest changes$1,0002022-12-01
1301333Security: bypass resource requests whose URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and less-than characters (`<`) in the fencedframe element$1,0002022-12-01
1327505Security: Chrome on Android Tablet Mode Select Dropdown Spinner able to Overlap Fullscreen Notification Toast$1,0002022-12-01
1354923Security: heap-buffer-overflow on ash/system/accessibility/dictation_bubble_controller.cc$2,0002022-12-01
1350558Security: heap-use-after-free ash/wm/gestures/wm_fling_handler.cc:59:22 in ash::WmFlingHandler::OnAnimationStep(base::TimeTicks)$2,0002022-11-30
1355748Security DCHECK failure: num_chars <= length() in segmented_string.cc-2022-11-30
1355752Security: heap-use-after-free in CaptureModeController::CaptureImage$1,0002022-11-30
1355866Crash in blink::LayoutObjectChildList::RemoveChildNode-2022-11-30
1290236Security: CDP Runtime.queryObjects leaks internal objects in JS heap, allowing CDP clients to compromise V8 process$1,0002022-11-29
1339648Security: v8: corrupt typed array from bad deserializer input$15,0002022-11-29
1346911libwebp_enc_dec_api_fuzzer: Heap-buffer-overflow in VP8LHashChainFill-2022-11-29
1352802Security: Use After Free of Device object in GPU process.$17,0002022-11-29
1354972v8_inspector_fuzzer: DCHECK failure in maybe_result.is_null() in microtask-queue.cc-2022-11-29
1355679CHECK failure: push_segment_ implies push_segment_->IsEmpty()-2022-11-29
1338023Security: heap-after-free on base/task/thread_pool/pooled_single_thread_task_runner_manager.cc (Lacros)-2022-11-28
1345540Security: heap-use-after-free third_party/wayland/src/src/wayland-server.c:799:17 in wl_resource_set_user_data (ChromeOS Lacros)-2022-11-28
1352388Security: Download notification can hide 'Press Esc to exit fullscreen' warning$3,0002022-11-25
1352549Security: v8/blink: Leaked ObservableArray Object leads to TypeConfusions, leading to RCE-2022-11-25
1243802Security: RCE - Download Silently *.exe or *.dll to users Desktop or Downloads folder$3,0002022-11-23
1346048heap-use-after-free in WebDragSourceAura::CancelDrag$10,0002022-11-23
1347015Security: UAF in HidService::GetDevices$6,0002022-11-23
1351969Security: Heap-use-after-free in ManagePasswordsUIController::SavePassword$4,0002022-11-23
1347868Null-dereference READ in blink::NGPhysicalBoxFragment::OverflowClipRect-2022-11-21
1351580heap-use-after-free : ash::AppListItemList::FindItem-2022-11-21
957002Security: Possible to include mixed content in an about:blank popup opened by a https page$3,0002022-11-19
1346245Security: UAF in AppWindowContentsImpl::~AppWindowContentsImpl$10,0002022-11-18
1350743Security: Use-After-Free in CaptureModeSessionFocusCycler::~CaptureModeSessionFocusCycler$2,0002022-11-18
1240065javascript URL is broken in ChromeCustom tab for Android Apps$1,0002022-11-17
1345630Security: Android in-the-wild Intent Redirect Vulnerability-2022-11-17
1351170Security: [ANGLE] Heap use-after-free caused by changing the framebuffer cache to sharing in context$16,0002022-11-17
1338393Security: AMD-SN-1040: IBPB and Return Address Predictor Interactions Vulnerabilities impact assessment-2022-11-16
1347707Security: UAF in UserNoteService$30,0002022-11-16
1351243Crash in cppgc::internal::ConcurrentMarkingTask::Run-2022-11-16
1247577Security: Connectivity establishment continues even if certificate verification using SSLCertificateVerifier failed-2022-11-15
1348716Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-11-15
1350097Chrome: heap-buffer-overflow in offline_items_collection::OfflineContentAggregator::OnItemRemoved-2022-11-15
1350711Security: Use-After-Free in UserNudgeController::PerformViewScaleAnimation$2,0002022-11-15
1346808Heap-use-after-free in rx::ShareGroupVk::onMutableTextureUpload-2022-11-14
1348474UAP style_invalidator.cc:192 in blink::StyleInvalidator::PushInvalidationSetsForContainerNode$7,0002022-11-14
1349493Security: console.log still allows loading images via %c formatter$5002022-11-14
1349687Security: Heap-use-after-free in WebContentsImpl::OpenURL$3,0002022-11-14
1350270DCHECK failure in ONE_BYTE == state_ in string.h-2022-11-14
1337538Security: use after free in GraphicsPipeline::containsImageWrite$7,0002022-11-12
1345546Security: Use-After-Free in WebUIBubbleDialogView::ClearContentsWrapper$3,0002022-11-12
1348415Security: UAF in ChromeOS webui chrome://assistant-optin/$4,0002022-11-11
1349322Security: heap-use-after-free in AccountSelectionBubbleView::OnAccountImageFetched-2022-11-11
1338553Incorrect use of weakptr lead to uaf$5,0002022-11-10
1346154Security: heap-buffer-overflow in ash::DesksBarView::OnDeskRemoved$2,0002022-11-10
1348714Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock()$7,0002022-11-10
1349761vp9_encoder_references_fuzzer: Trap in rtc::webrtc_checks_impl::WriteFatalLog-2022-11-10
1330038Security: Heap-use-after-free in ash::TabletModeBrowserWindowDragSessionWindowsHider::~TabletModeBrowserWindowDragSessionWindowsHider$3,0002022-11-09
1300539Security: Url Hijacking using intent:// when onload web page using bookmark (Google Chrome Android)$2,0002022-11-08
1345039v8_inspector_fuzzer: DCHECK failure in isolate->has_scheduled_exception() implies maybe_result.is_null() && maybe_excep-2022-11-08
1346810Security DCHECK failure: to <= length() in string_view.cc-2022-11-08
1348082Security: heap-buffer-overflow in TableView$4,0002022-11-08
1342586Security: `chrome.downloads.onDeterminingFilename` can be used to bypass the fix for issue 1310461 and steal environment variables$7,0002022-11-07
1333623Safebrowsing does not trigger a malware warning for malware loaded through an embed$5,0002022-11-05
1322812Security DCHECK(TypeConfuse) failed: IsA<Derived>(from) in blink::VisualViewport::StartTrackingPinch$7,0002022-11-04
1333995Security: heap-use-after-free on IsLacrosWindow ash/drag_drop/tab_drag_drop_delegate.cc (Lacros)$3,0002022-11-04
1346969TypeConfuse in blink::NGLayoutInputNode::IsEmptyTableSection ng_layout_input_node.cc:87$7,5002022-11-04
1347722CHECK failure: (location_) != nullptr in maybe-handles.h-2022-11-04
1338412Security: UAF in chromeos::multidevice::MultidevicePhoneHubHandler$3,0002022-11-03
1338560Incorrect use of weakptr lead to UAF in NearbyShare$3,0002022-11-03
1341918Security: use after free in DiceWebSigninInterceptor$5,0002022-11-03
1342722sourceMappingURL directive allows use of UNC paths on Windows$7,5002022-11-03
1345042wild read in DrawCall::run$7,0002022-11-03
1347943tint_renamer_fuzzer: Use-of-uninitialized-value in tint::reader::wgsl::ParserImpl::sync_to-2022-11-03
1318791use-after-free in reboot_notifications_scheduler$3,0002022-11-02
1338135AddressSanitizer: heap-use-after-free html_element.cc:1802 in blink::HTMLElement::offsetTopForBindin$5,0002022-11-02
1345193Security: = prepended in document.cookie allows to bypass __Secure and __Host prefixes$2,0002022-11-02
1347721Heap-buffer-overflow in void v8::internal::TypedElementsAccessor<-2022-11-02
1338637Security: heap-use-after-free chrome/browser/enterprise/browser_management/browser_management_status_provider.cc-2022-11-01
1343141Security: UAF in OnAccessTokenRefreshFailed$3,0002022-11-01
1345921UAF in AccessCodeCastSinkService$9,5002022-11-01
1346236Security: Code Injection in WebUI page leading to sandbox escape$5,0002022-11-01
1347298tint_single_entry_point_fuzzer: Container-overflow in tint::reader::wgsl::ParserImpl::sync_to-2022-11-01
1345088Security: type confusion in chrome$1,0002022-10-31
1158477Security: Bypassing HTTP auth block for subresource loads-2022-10-31
1326856CrOS: Vulnerability reported in app-admin/rsyslog-2022-10-30
1336768heap-buffer-overflow : charntorune-2022-10-29
1345245Security: heap-buffer-overflow on components/exo/shell_surface_util.cc:230:40 (Lacros)$2,0002022-10-29
1345547libwebp_enc_dec_api_fuzzer: Heap-buffer-overflow in VP8LHashChainFill-2022-10-29
1345772libwebp_enc_dec_api_fuzzer: Use-of-uninitialized-value in VP8LHistogramAddSinglePixOrCopy-2022-10-29
1345894TypeConfuse in blink::LayoutTable::AddChild layout_table.cc:194$5,0002022-10-29
1345947Security: Another UAF in WebSQL sqlite3Select$7,5002022-10-29
1346204GPU failure in blink::NGInlineNode::ComputeMinMaxSizes-2022-10-29
1346477Heap-use-after-free in ash::AppListItemList::FindItem-2022-10-29
1099587Use unique identifier rather than timestamps for verifying V8 code cache entries-2022-10-27
1232402heap buffer over flow in printing::PrintPreviewUI::SetInitialParams(use devtools)$2,0002022-10-27
1338470Security: Invalid function pointer in ~ExternalImageDXGI() in D3D backend$7,0002022-10-27
1346041Security: WebGPU OOB read in writeTexture-2022-10-27
1286203Security: Potential UaF in TabStripModel (chromeOS)$3,0002022-10-26
1344814Security: Heap-use-after-free in user_notes::FrameUserNoteChanges::Apply (Annotation - deleting a note that was just created in another tab causes crash)$3,0002022-10-26
1303308Security: Manipulate Session State (open webpages in locked sessions)$5,0002022-10-25
1319172Security: heap-use-after-free in exo::wayland::WaylandDisplayHandler::UnsetXdgOutputResource (Lacros)$1,0002022-10-25
1329147CrOS: Vulnerability reported in app-editors/vim-2022-10-25
1329798CrOS: Vulnerability reported in app-editors/vim-2022-10-25
1332958CrOS: Vulnerability reported in app-editors/vim-2022-10-25
1333970heap-use-after-free : gfx::IsValidCodePointIndex-2022-10-25
1335014CrOS: Vulnerability reported in app-editors/vim-2022-10-25
1337002Security: heap-use-after-free ash/drag_drop/drag_drop_tracker.cc:111:1 (chromeOS)$3,0002022-10-25
1340219CrOS: Vulnerability reported in app-editors/vim-2022-10-25
1344744Security: UAF in VolumeManager::OnSshfsCrostiniUnmountCallback$3,0002022-10-24
1307271CrOS: Vulnerability reported in net-wireless/bluez-2022-10-23
1343889Security: Dicey DCHECK in WebRTC-2022-10-23
1336145Security: heap-use-after-free ash/system/tray/tray_bubble_view.cc (chromeOS)$2,0002022-10-21
1343348Security: UAF in WebSQL sqlite3Select, Potential RCE in Chrome$10,0002022-10-21
1314674Use-after-Free on ArcBluetoothBridge::OnBluetoothConnectingSocketReady$4,0002022-10-20
1316983Security: Heap-use-after-free in ash::DesksTemplatesPresenter::OnNewDeskCreatedForTemplate$1,0002022-10-20
1339140Security: container-overflow in TabStripModel::AddToNewGroupImpl$2,0002022-10-20
1341539heap-overflow in blink::TableLayoutAlgorithmAuto::InsertSpanCell table_layout_algorithm_auto.cc$9,0002022-10-20
1344113Security: Heap-buffer-overflow in BrowserThemePack::GenerateMissingNtpColors-2022-10-20
1265193Referrer leakage via object & embed tags despite setting referrer policy to no-referrer$2,0002022-10-19
1311399User gesture requirements on external navigation are ineffective-2022-10-19
1338765Security: heap-use-after-free on ash/webui/eche_app_ui/eche_uid_provider.cc:51:23 (chromeOS)-2022-10-19
1339844Security: heap-use-after-free in content::ServiceWorkerVersion::MaybeTimeoutRequest-2022-10-19
1340253Security: heap-use-after-free in network::URLLoader::NotifyCompleted-2022-10-19
1342078Security: Pdfium heap bof in CFDE_TextOut::RetrievePieces()$7,5002022-10-19
1316892Security: heap-buffer-overflow on ash/host/ash_window_tree_host_platform.cc (chromeOS)$3,0002022-10-18
1340654Security: WebGPU: Missing Validation in DoBufferUpdateMappedData leads to OOB write-2022-10-18
1341603Security: UAF in CloseBubbleOnTabActivationHelper::~CloseBubbleOnTabActivationHelper$2,0002022-10-18
1329814Security: UAF in PermissionPromptBubbleView$20,0002022-10-17
1341907Security: use after free in AccountReconcilor$5,0002022-10-17
1325256UAF in GestureRecognizerImpl.$5,0002022-10-15
1330050Security: minijail mounts rw,noexec /var as ro-2022-10-15
1335015CrOS: Vulnerability reported in net-print/cups-2022-10-15
1336904An iframe on a different domain can change the location to about:blank which enables you to access properties on the window. document.baseURI is leaked from the parent frame.$2,0002022-10-15
1337132Security: HeapOverflow in PluralStringHandler::HandleGetPluralString$3,0002022-10-15
1341887Security: use after free in IPH DemoMode NeverAvailabilityModel$3,0002022-10-15
1342155Security: Use After Free of GPUExternalTexture object in renderer process.$7,5002022-10-15
1342452Heap-use-after-free in ash::DeskPreviewView::MaybeActivateHighlightedView-2022-10-15
1292451Security: heap-use-after-free on third_party/abseil-cpp/absl/types/internal/optional.h:208:13 in optional_data (chromeOS)$2,0002022-10-14
1315313sqlite3_lpm_fuzzer: Heap-use-after-free in renameTokenCheckAll-2022-10-14
1332593Remote Code Execution(RCE) via Dependency confusion$1,0002022-10-14
1337304Security: UAF in content::WebUI::Call$2,0002022-10-14
1341168Security: Heap-use-after-free in SidePanelCoordinator::PopulateSidePanel$3,0002022-10-14
1341619Typeconfuse in blink::LayoutTableRow::AddChild layout_table_row.cc:193$5,0002022-10-14
1342104chrome.debugger 'Page.navigate' can navigate iframes to file:// when not enabled.$3,0002022-10-14
1342122freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in tt_face_load_colr-2022-10-14
1342201Security: [iOS] Heap-use-afer-free in BrowsingHistoryService::QueryComplete-2022-10-14
1308391Security: UAF in SyncConfirmation$10,0002022-10-13
1330857sqlite3_fts3_lpm_fuzzer: Crash in sqlite3Fts3Incrmerge-2022-10-13
1335412Use-after-poison in blink::CSSParserImpl::ConsumeMediaRule-2022-10-13
1335902Security: chromeos Root priv escalation to write file-2022-10-13
1339745Security: container-overflow in chrome_pdf::PDFiumEngine::SelectFindResult$2,0002022-10-13
1336668Security: ChromeOS root privilege escalation (arcvm_server_proxy, virtio-wl, vmplugin_dispatcher, upstart)$30,0002022-10-12
1337676Security: use after free in DiceWebSigninInterceptor::OnAccountLevelManagedAccountsSigninRestrictionReceived$1,0002022-10-12
1338057heap-use-after-free in RenderViewContextMenu::ExecuteCommand$2,0002022-10-12
1330489Security: UAF in ManagedConfigurationAPI::GetConfigurationOnBackend$5,0002022-10-12
1341465Crash in cppgc::internal::ConcurrentMarkingTask::Run-2022-10-12
1341520Crash in blink::LayoutTable::SlowColElementAtAbsoluteColumn-2022-10-12
1341829Crash in cppgc::internal::TraceConservatively-2022-10-12
1341923Out of memory in unsigned int v8::internal::StringTable::Data::TryStringToIndexOrLookupExisting<u-2022-10-12
1341504Use-after-poison in blink::SVGElement::AddToPropertyMap-2022-10-10
1052690iframe sandbox allows redirecting to intents, including redirecting to navigation intents$2,0002022-10-08
1148777Security: Navigation to external protocol, not blocked from allow-origin sandboxed iframe.-2022-10-08
1334864Security: GetExecutionContext Type Confusion in OffscreenCanvas-2022-10-08
1336451tint_ast_spv_writer_fuzzer: Heap-buffer-overflow in tint::writer::spirv::Builder::GenerateBuiltinCall-2022-10-08
1341311freetype_type1_fuzzer: Negative-size-param in cf2_interpT2CharString-2022-10-08
1341330render_text_api_fuzzer: Heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange-2022-10-08
1323449Security: Use-after-Free in InstallUpdateCallback$1,0002022-10-07
1329794Security: heap-use-after-free in LinkToTextMenuObserver::CompleteWithError-2022-10-07
1336979Security: heap-buffer-overflow ui/wm/core/transient_window_stacking_client.cc (chromeOS)$3,0002022-10-07
1338030Security: heap-use-after-free v8/src/base/bounded-page-allocator.cc:203:27 (Lacros)-2022-10-07
1338044render_text_api_fuzzer: Heap-buffer-overflow in gfx::BreakList<gfx::BaselineStyle>::GetRange-2022-10-07
1338591Security: UAF in WebContentsFrameTracker$20,0002022-10-06
1339741Security: type confusion in chrome$8,5002022-10-06
1340488DCHECK failure in !cache_state_.frozen in liftoff-assembler.h-2022-10-06
1335316Security: Use-After-Free in safe_browsing::ExtensionTelemetryPersister::InitHelper$10,0002022-10-05
1335470Security: Heap-use-after-free in ash::CalendarEventListView::~CalendarEventListView$3,0002022-10-05
1337798Security: potential use after free in OfflinePageModelTaskified::Unpublish$1,0002022-10-05
1340335CHECK failure: !translated_values->IsMaterializedObject() in frames.cc-2022-10-05
1293820UAF in WindowManagementImpl::SetWindowBounds$2,0002022-10-04
1335688WebGL glCompressedTexImage3D Heap-Based Buffer Overflow Vulnerability$5,0002022-10-04
1339321Security: wasm br_* instructions update cache_state conditionally-2022-10-04
1245773audio_encoder_isac_float_fuzzer: Stack-buffer-overflow in WebRtcIsac_PitchAnalysis-2022-10-02
1339498Crash in v8::internal::PagedSpaceBase::Verify-2022-10-02
1316960Security: negative-size-param SnapWindow (chromeOS)$3,0002022-10-01
1337990Heap-use-after-free in blink::PaintPropertyNode<blink::EffectPaintPropertyNodeOrAlias, blink::EffectPai-2022-10-01
1338947v8_wasm_code_fuzzer: Use-after-poison in v8::internal::compiler::Node::ReplaceInput-2022-10-01
1338950v8_wasm_code_fuzzer: DCHECK failure in other_effect == nullptr in branch-elimination.cc-2022-10-01
1283033Security: (Android) Arbitrary munmap memory Vulnerability Can Cause Chrome Sandbox Escape to system_server on Pixel 6-2022-09-30
1283040Security: (Android) Heap buffer overflow Vulnerability May Can Cause Chrome Sandbox Escape to system_server on Pixel 6-2022-09-30
1283640Security: (Android) Heap buffer overflow write in Bitmap_createFromParcel Can Cause Chrome Sandbox Escape to system_server on Android 12-2022-09-30
1321350Security: Keystroke side-channel leakage$5,0002022-09-30
1329946Security: ChromeOS rma_fw_keeper command execution (UpdateAndVerifyFWOnUsb, Physical Access)$15,0002022-09-30
962815Potential use after free in CPDFSDK_FormFillEnvironment::ClearAllFocusedAnnots (XFA)-2022-09-29
1329460'unsafe-inline' is not ignored even though 'strict-dynamic' is specified in dafault-src.$3,0002022-09-29
1336014Security: WebGPU UAF leading to OOB read/write in the renderer process-2022-09-29
1268580Security: Continued cookie bypasses$4,0002022-09-28
1330775Security: Heap-use-after-free in ash::OverviewGrid::OnDesksTemplatesGridFadedOut$3,0002022-09-28
1336057dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in sw::Blitter::clear-2022-09-28
1336334Security DCHECK failure: IsA<Derived>(from) in casting.h$6,0002022-09-28
1336622Security: UAF in CacheAliasSearchPrefetchURLLoader::StartPrefetchRequest$1,0002022-09-28
1336865Trap in v8::internal::Intl::NumberFieldToType-2022-09-28
1337388Security: heap-use-after-free chrome/browser/profiles/profile_destroyer.cc:137:16 (chromeOS)$1,0002022-09-28
1337524tint_regex_spv_writer_fuzzer: Illegal-instruction in c:\clusterfuzz\bot\builds\chromium-browser-libfuzzer_win32-release_x64-asan_4834-2022-09-28
1336204Security: Heap-use-after-free in Controller::Shutdown$7,0002022-09-28
1336266Security: Use After Free in JavaScriptDialogHelper::OnPermissionResponse$16,0002022-09-27
1337523Use-after-poison in blink::NGGridNode::GridItemsIncludingSubgridded-2022-09-26
1287804render_text_api_fuzzer: Heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange-2022-09-23
1318514Security: heap-buffer-overflow on OverviewItem (chromeOS)-2022-09-23
1334963Test failures in AppNotificationsWebNotificationTest.PersistentNotificationWhenInstallAndUninstallApp on Linux Chromium OS ASan LSan Tests bot-2022-09-23
1335013CrOS: Vulnerability reported in net-misc/curl-2022-09-23
1336869Security: Misuse of CanCover$7,5002022-09-23
1308422Security: Abuse the user's system environment variables in <a> download attribute may cause DLL Hijacking or Path Interception$2,0002022-09-22
1316368Security: WebGL uniform integer overflows-2022-09-22
1329541Security: Web Share dialog URL is not elided correctly on Android$5002022-09-22
1335655<foreignObject> should collect inlines when unicode-bidi attribute/CSS property changed-2022-09-22
1335861Security: heap-use-after-free in SearchNameNodeByNameInternal$7,5002022-09-22
1336449freetype_colrv1_fuzzer: Use-of-uninitialized-value in sfnt_load_face-2022-09-22
1330125Security: heap-after-free on components/exo/extended_drag_source.cc (Lacros)$3,0002022-09-20
1332392Diagcab file extension is not blocklisted to prevent users from downloading harmful files$1,0002022-09-20
1335195DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2022-09-20
1303278libfuzzer_chrome_ubsan is behind by four weeks-2022-09-19
1307656Type confuse in blink::To<blink::LayoutTableSection,blink::LayoutObject> layout_table.cc:175$6,0002022-09-19
1325699AddressSanitizer: heap-use-after-free location_bar\permission_request_chip.cc:127 in PermissionReque$15,0002022-09-19
1329879Security: Remote code execution vulnerability in YouTube Embedded SDK-2022-09-19
1335458Security: raw_ptr broke implicit scoped_refptr for receivers in base::Bind.-2022-09-19
1335523Security: V8: GenericJsToWasmWrapper is broken, creates type confusion on the stack-2022-09-19
1329945Security: ChromeOS root privilege escalation (debugd, shill-scripts, minijail0, authpolicyd)$37,5002022-09-16
1333374Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::GetNamedDestination$7,5002022-09-16
1333977Security: Unsafe pivot root in authpolicyd init script-2022-09-16
1335054DCHECK failure in *p != to_check_ in heap.cc-2022-09-16
1158375Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut$5,0002022-09-15
1264288views::Combobox(ui::ComboboxModel*) is prone to UAF-2022-09-15
1290098Security: Autofill prompt can render over different origin in extension-created popup, allows spoofing of autofill context origin and browser UI$2,0002022-09-15
1306450Security: Sanitizer API bypass via prototype pollution$1,0002022-09-15
1327087Security: Heap-use-after-free in ash::SavedDeskDialogController::CreateDialogWidget$3,0002022-09-15
1330042Security: Heap-use-after-free in ash::OverviewItem::DestroyPhantomsForDragging$3,0002022-09-15
1335021Heap-use-after-free in ash::CalendarEventListView::~CalendarEventListView-2022-09-15
1278255Security: BackgroundFetch leaks URL of cross-origin redirects$8,0002022-09-14
1332613tint_renamer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2022-09-14
1332881Security: XSS in Chrome UI (password settings) with malicious extension name$2,0002022-09-14
1333180dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in std::Cr::__hash_const_iterator<std::Cr::__hash_node<std::Cr::__hash_value_type<s-2022-09-14
1334483Heap-use-after-free in rx::vk::BindingPointer<rx::vk::ObjectAndSerial<rx::vk::ShaderModule>>::valid-2022-09-14
1334487Segv on unknown address in rx::GraphicsPipelineCache::getPipeline-2022-09-14
1280901CrOS: Vulnerability reported in dev-libs/nss-2022-09-13
1280903CrOS: Vulnerability reported in app-crypt/nss-2022-09-13
1323564Security: UAF in SystemExtensionsInternalsPageHandler::InstallSystemExtensionFromDownloadsDir-2022-09-13
1327927AddressSanitizer: heap-use-after-free storage::QuotaDatabase::CreateBucketInternal quota_database.cc$16,0002022-09-13
1328664Heap-use-after-free in [thunk]:-2022-09-13
1332385v8_wasm_compile_fuzzer: Trap in v8::internal::compiler::WasmTyper::Reduce-2022-09-13
1332438QuickAnswersControllerTest.* cause use after free on ASAN builds.-2022-09-13
1333333Use-after-poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$6,0002022-09-13
1302159Security: Extension can obscure active window with an inactive window, user can interact with sensitive UI using keyboard without being aware$3,0002022-09-12
1329875AddressSanitizer: heap-buffer-overflow in content::BucketManagerHost::DidGetBucket content/browser/b$21,0002022-09-12
1330039Security: Set NoNewPrivs in ShillScriptsTool-2022-09-11
982361Compromised web renderer should be unable to spoof MessageSender.id if it never run a content script from the given extension-2022-09-10
1297283Security: use after free in JS self-profiling API-2022-09-10
1316578GPU failure in content::CreateChildProcessCrashWatcher-2022-09-10
1324563CrOS: Vulnerability reported in dev-libs/libxml2-2022-09-10
1327241CrOS: Vulnerability reported in dev-libs/libxslt-2022-09-10
1327872angle_translator_fuzzer: Use-of-uninitialized-value in sh::OutputHLSL::header-2022-09-10
1330289Security: heap-use-after-free in views::DialogDelegate::CancelDialog$3,0002022-09-10
1331087dcsctp_socket_fuzzer: Use-of-uninitialized-value in dcsctp::OutstandingData::ExtractChunksThatCanFit-2022-09-10
1331309CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc-2022-09-10
1313429CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1313885CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1317673Security: webgl2 CompileShader Heap Corruption$7,0002022-09-08
1317714use after free in SendQueuedMediaEvents$5,0002022-09-08
1320700CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1321096CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1324561Chromium: Vulnerability reported in third_party/libxml-2022-09-08
1326857CrOS: Vulnerability reported in app-editors/vim-2022-09-08
1330083tint_robustness_fuzzer: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter-2022-09-08
1206235Crash in icu_69::UnicodeString::isBogus-2022-09-07
1296934dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn::native::vulkan::VulkanInstance::RegisterDebugUtils-2022-09-07
1321698dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-09-07
1325298Security: PaintImage deserialization OOB-read-2022-09-07
1326928CHECK failure: GetLength() <= JSTypedArray::kMaxLength-2022-09-07
1327312Security: UAF in InterestGroupPermissionsChecker::OnRequestComplete$20,0002022-09-07
1328045AddressSanitizer: heap-use-after-free in content::ScreenlockMonitor::RemoveObserver content/browser/$11,0002022-09-07
1329298Security: PageSpeed Insights: DDOS via Blind XSS$5002022-09-07
1329417Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2022-09-07
1329766CHECK failure: external_backing_store_bytes[t] == ExternalBackingStoreBytes(t) in large-spaces.-2022-09-07
1330379Security: Heap use-after-free when bind/unbind TransformFeedback after deleting buffer$12,0002022-09-07
1330405Use-of-uninitialized-value in v8::internal::Runtime_NotifyDeoptimized-2022-09-07
1330410Crash in v8::internal::ReadOnlyHeap::Contains-2022-09-07
1330423CHECK failure: kind == DeoptimizeKind::kLazy-2022-09-07
1330452DCHECK failure in !done() in bytecode-array-iterator.h-2022-09-07
1330454Index-out-of-bounds in v8::internal::interpreter::Bytecodes::Size-2022-09-07
1330456dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in dawn::native::vulkan::GatherGlobalInfo-2022-09-07
1330484CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc-2022-09-07
1330486Crash in Builtins_AsyncFromSyncIteratorPrototypeThrow-2022-09-07
1330545Crash in v8::internal::DeoptAllOsrLoopsContainingDeoptExit-2022-09-07
1330584DCHECK failure in !IsCleared() in tagged-impl-inl.h-2022-09-07
1320538Security: Chrome on Android Hide Fullscreen Notification Toast When Multiple Times Enter and Exit Fullscreen$5,0002022-08-31
1329064DCHECK failure in !heap_->memory_allocator()->unmapper()->IsRunning() in mark-compact.cc-2022-08-31
1017145iOS Chrome javascript: URI nonce based CSP bypass$3,0002022-08-30
1306751mediasource_MP2T_AVC_pipeline_integration_fuzzer: Heap-buffer-overflow in ff_h264_update_thread_context-2022-08-30
1321899DCHECK failure in !transition_map->is_access_check_needed() in handler-configuration.cc-2022-08-30
1328808DCHECK failure in IsStackSlot() || IsFPStackSlot() in instruction.h-2022-08-30
1308341UAF in std::__Cr::vector<base::internal::CheckedObserverAdapter$7,0002022-08-29
1319227UAF in ChromeScanningAppDelegate$5,0002022-08-27
1323841DCHECK failure in merged == unmerged in maglev-interpreter-frame-state.h-2022-08-27
1322873[Region Capture] cropTo a non self-capture video track should reject-2022-08-26
1323595Security: Share hub dialog doesn't show the origin elided from the right$5002022-08-26
1324407Security: ProcessLock can change from allows_any_site to is_locked_to_site after process loads content-2022-08-26
1325636gpu_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sw::PixelProcessor::setBlendConstant-2022-08-26
1301203Security: Extension can move window off screen, user can interact with sensitive UI using keyboard without being aware$3,0002022-08-25
1310790Security: kNativeDataProperty case for SuperIC can have type confusion-2022-08-25
1321078Security: Debug check failed: marking_state_->IsBlackOrGrey(heap_object).$7,5002022-08-25
1326749Container-overflow in tint::resolver::DependencyScanner::TraverseExpression-2022-08-25
1297209Security: memory bug on webui tab dragging$3,0002022-08-24
1325615Security: heap-after-free on iOS 15.4 simulator + Chromium Dev Asan$2,0002022-08-24
1326210Security: Use-after-free in WebGPU$10,0002022-08-24
1325664Security: pdfium use-after-free in v8 cppgc::internal::GCInvoker::GCInvokerImpl::GCTask::Run()-2022-08-23
1291060CSP is bypassed for status code 100, 101, and 102 pages.$1,0002022-08-22
1316846Security: Heap-use-after-free in location::nearby::chrome::ScheduledExecutor::PendingTaskWithTimer$3,0002022-08-22
1320051Security: ChromeOS root privilege escalation (debugd GetPerfOutput eBPF)$35,0002022-08-22
1320917Security: ChromeOS cras D-Bus SetPlayerIdentity memory corruption$25,0002022-08-22
1321086AddressSanitizer: heap-use-after-free in PermissionPromptBubbleView::ClosingPermission-2022-08-22
1325341Security: UAF in WebAuthnIconView$10,0002022-08-22
1325259AddressSanitizer: use-after-poison blink\renderer\bindings\core\v8\script_promise_resolver.h:164 in$6,0002022-08-21
1305406Security: nosymfollow bind mount bypass-2022-08-20
1323605tint_ast_wgsl_writer_fuzzer: Heap-buffer-overflow in tint::writer::spirv::Builder::GenerateBuiltinCall-2022-08-20
1323738Global-buffer-overflow in v8::internal::Simulator::DecodeType2-2022-08-20
1324864AddressSanitizer: heap-use-after-free __memory/unique_ptr.h:312:28 in mojo::Connector::HandleError(b$21,0002022-08-20
1303614Security: HeapOverflow in Diagnostics$5,0002022-08-19
1320181Security: Heap-use-after-free in ReadAnythingToolbarView$3,0002022-08-19
1321013DCHECK failure in !is_length_tracking() in js-array-buffer-inl.h-2022-08-19
1321980DCHECK failure in byte_capacity_ >= max_byte_length_ in backing-store.cc-2022-08-19
1323690DCHECK failure in frame->is_unoptimized() in frames.h-2022-08-19
1324067Crash in int v8::base::AsAtomicImpl<int>::Relaxed_Load<int>-2022-08-19
1227995Security: Ability to mask file type with another extention. IE JPEG$2,0002022-08-18
1307930Security: .url files can redirect showSaveFilePicker into an arbitrary file$2,0002022-08-18
1323239Security: UAF in UserEducationInternalsPageHandlerImpl::GetFeaturePromos$3,0002022-08-18
1302494audio_decoder_g722_fuzzer: Use-of-uninitialized-value in WebRtc_g722_decode-2022-08-17
1312670VideoTrackGenerator fails Security DCHECK(TypeConfuse) failure: IsA<Derived>(from) in casting.h-2022-08-17
1320624Use-after-Free on BuildWebAppInternalsJson$5,0002022-08-17
1324302Heap-use-after-free in blink::NGHighlightPainter::NGHighlightPainter$6,0002022-08-17
1323236Security: UAF in AppServiceInternalsPageHandlerImpl::GetPreferredApps$3,0002022-08-16
1323553Security: heap-use-after-free ash/shelf/hotseat_widget.cc (chromeOS)$1,0002022-08-16
1320024Security: [ANGLE] Heap use-after-free when deleting TransformFeedback$10,0002022-08-15
1322552paint_op_buffer_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::Read-2022-08-13
1322744Security: UAF in DiscardsGraphDumpImpl$1,0002022-08-13
1312144Security: heap-use-after-free in content::WebContentsViewAura::StartDragging$15,0002022-08-12
1314998Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-08-12
1290713Uaf in OmniboxPopup$3,0002022-08-11
1320854DecodeStringMessage is missing bounds checks-2022-08-11
1322554transfer_cache_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::ReadSize-2022-08-11
1305117Security: Lockscreen leaks stored words in on-screen keyboard$1,0002022-08-10
1317746Security: container-overflow in ui::Compositor::StopThroughtputTracker$3,0002022-08-10
1319217Crash in v8::internal::HeapObject::SizeFromMap-2022-08-09
1320614v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2022-08-09
1321827CHECK failure: heap()->concurrent_marking()->IsStopped()-2022-08-09
1321841CHECK failure: object.Size() == size in heap.cc-2022-08-09
1316889heap-use-after-free in DevToolsWindow::ActivateWindow$3,0002022-08-08
1320278Unreachable code in objects-body-descriptors-inl.h-2022-08-08
1320408Security: heap-buffer-overflow ui/views/view_model.h:83:28 in ViewAtBase (chromeOS)$5002022-08-08
1320894CHECK failure: object.Size() == size in heap.cc-2022-08-08
1321349CHECK failure: object.Size() == size-2022-08-08
1316946[v8] Integer overflow leading to OOB/CHECK in icu_71::FormattedStringBuilder::prepareForInsertHelper$5,0002022-08-06
1319797AddressSanitizer: heap-use-after-free in PermissionRequestChip::CreateBubble$3,0002022-08-06
1228661AddressSanitizer: use-after-poison connector.cc:546 in mojo::Connector::DispatchMessageW$7,5002022-08-05
1319841Security: Type Confusion in Portal::ActivateImpl$20,0002022-08-05
1320592Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::OnBubbleClosed$3,0002022-08-05
1320896CHECK failure: local_weak_objects() ->discovered_ephemerons_local.IsLocalAndGlobalEmpty()-2022-08-05
1311683Android Chrome FullScreen Notification Can be Overlapped by Pop-up Blocker Notification$3,0002022-08-04
1312354Security: heap-use-after-free ash/shelf/hotseat_widget.cc-2022-08-04
1314908Security: Heap-use-after-free in remote_cocoa::NativeWidgetNSWindowBridge::SetVisibilityState$3,0002022-08-04
1315563Security: navigator.clipboard.read() can lead to mutation XSS$3,0002022-08-04
1316990Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleView::CloseWidgetWithReason$5,0002022-08-04
1318610heap-buffer-overflow : device::BluetoothAdapterMac::LowEnergyCentralManagerUpdatedState-2022-08-04
1318792dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn::native::DeviceBase::DestroyObjects-2022-08-04
1316740Security: heap-use-after-free in views::View::GetEffectiveViewTargeter$5,0002022-08-03
1319302heap-use-after-free on content::DevToolsAgentHostImpl::ForceDetachAllSessions$3,0002022-08-03
1320007CHECK failure: object.Size() == size in heap.cc-2022-08-03
1223475Security: Content-Security-Policy bypass via Console API CSS-formatted messages$5002022-08-02
1248059Security: heap-use-after-free in the views::Widget::GetNativeTheme in the browser process$3,0002022-08-02
1268445Security: Bypassing of security interstitials using debugger API$1,0002022-08-02
1315102UAF in SupportToolMessageHandler$10,0002022-08-02
1318181DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated--2022-08-02
1319081Heap-use-after-free in reporting::NetworkConditionService::NetworkConditionServiceObserver::RegisterRTT-2022-08-02
1319265Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern-2022-08-02
1319855CHECK failure: object.Size() == size in heap.cc-2022-08-02
1116450Security: Extensions can capture contents of local files using Page.captureScreenshot with fromSurface set to false$3,0002022-08-01
1317650Security: [ANGLE] Heap use-after-free caused by State::detachBuffer$10,0002022-08-01
1317875Security: Heap-use-after-free in ash::ScopedOverviewTransformWindow::~ScopedOverviewTransformWindow$3,0002022-08-01
1318673Heap-buffer-overflow in CJBig2_Context::ParseSymbolDict-2022-07-31
1308968Use-after-free crash in WaylandWindow when tabdrag source window gets destroyed-2022-07-30
1318013Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern-2022-07-30
1250993Security: URL spoofing using LATIN SMALL LETTER L WITH STROKE$5002022-07-29
1312563heap-use-after-free : media::VTVideoEncodeAccelerator::GetSupportedProfiles-2022-07-29
1313977Security: heap-buffer-overflow on ash/wm/window_animations.cc (chromeOS)$3,0002022-07-29
1314310Tab reliably crashing with STATUS_ACCESS_VIOLATION with reproduction steps$1,0002022-07-29
1315080Security: Segv on unknown address in views::internal::NativeWidgetPrivate::ReparentNativeView$3,0002022-07-29
1298867gpu_angle_passthrough_fuzzer: Crash in rx::BufferNULL::setSubData-2022-07-28
1301071CrOS: Vulnerability reported in app-editors/vim-2022-07-28
1309843CrOS: Vulnerability reported in app-editors/vim-2022-07-28
1311820Security: Browser-side origin confusion for javascript/data URLs opened in a new window/tab by cross-origin iframe$20,0002022-07-28
1312790Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-07-28
1317725DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated--2022-07-28
1311814Security: heap-use-after-free ash/accessibility/chromevox/touch_exploration_manager.cc$3,0002022-07-27
1317054Heap-use-after-free in PrintDialogGtk::OnResponse-2022-07-27
1317681DCHECK failure in U_SUCCESS(status) in intl-objects.cc-2022-07-27
1018669Security: binder: UAF write from context manager via transaction-to-self-2022-07-26
1304987clang-analyzer-core.uninitialized.Branch in third_party/blink/renderer/platform/graphics/gpu/webgl_image_conversion.cc-2022-07-26
1307515DCHECK failure in U_SUCCESS(status) in intl-objects.cc-2022-07-26
1313600Security: heap-buffer-overflow on components/ui_devtools/views/devtools_server_util.cc-2022-07-25
1306861Security: Incomplete patch for issue 1246631 (CVE-2021-37981) and inaccurate scaling in EyeDropperView$7,0002022-07-22
1316113Heap-use-after-free in policy::RebootNotificationsScheduler::~RebootNotificationsScheduler-2022-07-22
1316278dawn_wire_server_and_vulkan_backend_fuzzer: Check failed in CheckUnwind-2022-07-22
1315901Security: [0-day] JIT optimisation issue-2022-07-21
1305394Leaking window.length without opener reference.$2,0002022-07-20
1312270heap-buffer-overflow on ui_devtools::UIElement::ReorderChild$2,0002022-07-20
1312419Security: heap-use-after-free on components/global_media_controls/public/views/media_item_ui_list_view.cc$3,0002022-07-20
1312799gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap-2022-07-20
1313905Security: [ANGLE] Heap use-after-free in ContextVk::onBeginTransformFeedback$10,0002022-07-20
1314383bad free in gpu ~PackedEnumMap$7,0002022-07-20
1314616Security: JS object corruption in WasmJS::InstallConditionFeatures (CVE-2021-30561 variant)$7,5002022-07-20
1314676Security: UAF in SegmentationPlatformServiceImpl$3,0002022-07-20
1314754Security: Missing bounds check in WebGPUDecoderImpl::DoRequestDevice-2022-07-20
1315031Heap-use-after-free in ash::SearchResultView::PreferredHeight-2022-07-20
1315040Security: Drag and Drop XSS$2,0002022-07-20
1315192Security: oob read in AudioDelayDSPKernel::ProcessKRate$2,0002022-07-20
1303552hb_shape_fuzzer: Use-of-uninitialized-value in OT::hb_ot_apply_context_t::skipping_iterator_t::prev-2022-07-18
1314363DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2022-07-18
1314658Security: heap-use-after-free in PDFium CPDFSDK_AppStream::Write$5,0002022-07-17
1309035AddressSanitizer: heap-use-after-free in isCubeCompatible third_party/swiftshader/src/Vulkan/VkImage.cpp:905:25-2022-07-16
1312699AddressSanitizer: heap-use-after-free element.cc:3611 in blink::Element::RecalcOwnStyle$5,0002022-07-16
1314536DCHECK failure in !IsInProgress(function->tiering_state()) in runtime-compiler.cc-2022-07-16
1302949Security: Heap-use-after-free in send_tab_to_self::SendTabToSelfBubbleController::OnBubbleClosed$5,0002022-07-15
1310717Use-after-Free on crostini::CrostiniExportImport::OpenFileDialog$7,0002022-07-15
1311923CHECK failure: (location_) != nullptr in maybe-handles.h-2022-07-15
1314184v8_wasm_compile_fuzzer: Null-dereference WRITE in v8::internal::Simulator::WriteW-2022-07-15
1314644DCHECK failure in osr_cache->FindEntry(*shared, osr_offset) == -1 in osr-optimized-code-cache.cc-2022-07-15
1289192Security: UAF in BookmarkDragHelper$3,0002022-07-14
1300995Heap-use-after-free under ash::HandleToggleOverview in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse-2022-07-14
1304884Security: use after free in cups_printers_handler$3,0002022-07-14
1305068Security: UAF in SelectFileDialogExtension::NotifyListener$5,0002022-07-14
1306391Security: Use-After-Free in SelectFileDialog$1,0002022-07-14
1309467Type confusion in handling of accessor in ReduceNamedAccess-2022-07-14
1313983DCHECK failure in !try_catch.HasCaught() in d8.cc-2022-07-14
1311903Security: heap-use-after-free on ash/capture_mode/capture_mode_session.cc-2022-07-13
1312838DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2022-07-13
1313172Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability - TALOS-2022-1508$10,0002022-07-13
1106456Security: Possible to escape sandbox via devtools_page and Feedback app$15,0002022-07-12
1270539heap-use-after-free in TabGroupModel::GetTabGroup$3,0002022-07-12
1292870Security: UAF after adding undocked DevTools tab to a group$5,0002022-07-12
1300561Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop$2,0002022-07-12
1305267Security: ChromeOS root privilege escalation (arcvm, arcvm_server_proxy, vm_concierge, arc-create-data)$30,0002022-07-12
1305834gpu_angle_fuzzer: Trap in gpu::CommandBufferSetup::LogGLDebugMessage-2022-07-12
1311701Security: UAF in DumpDatabaseHandler$15,0002022-07-12
1307445transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap-2022-07-10
1302959Security: Extension permission escalation$5,0002022-07-09
1312022CHECK failure: !HasJobs() in optimizing-compile-dispatcher.h-2022-07-09
1307603v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2022-07-08
1311641Security: Incomplete fix for CVE-2022-1096-2022-07-08
1101001Security: UAF Read in Content process$15,0002022-07-07
1292308Security: UAF in CalendarView 2$6,0002022-07-07
1303330Security: heap-use-after-free in ui::EventTarget::RemovePreTargetHandler$15,0002022-07-07
1304660CrOS: Vulnerability reported in dev-libs/libxml2-2022-07-07
1310295Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-07-07
1305190[ANGLE] Vulkan Use After Free in onBeginTransformFeedback$7,0002022-07-06
1305900Security:SEGV on unknown address in ash::DeskPreviewView::RecreateDeskContentsMirrorLayers()$3,0002022-07-06
1307946v8_wasm_compile_fuzzer: Segv on unknown address in v8::internal::MarkCompactCollector::RootMarkingVisitor::VisitRootPointer-2022-07-06
1308199Security: Chrome Apps: Possible to read environment variables using suggestedName in chrome.fileSystem.chooseEntry$7,0002022-07-06
1234267Bad-cast to ui::Layer from cc::PictureLayer in ui::SendDamagedRectsRecursive-2022-07-05
1268541Security: Another Cross-Origin Response Size Leak Via BackgroundFetch$3,0002022-07-05
1281808Security: UAF in AXVirtualViewWrapper$15,0002022-07-05
1285234AddressSanitizer: heap-use-after-free in blink::BlobBytesProvider::AppendData$6,0002022-07-05
1292905Security DCHECK failure: IsA<Derived>(from) in casting.h$6,0002022-07-05
1301180Security: Bypass Apk Warning In Andriod$1,0002022-07-05
1305423Security: installer: encrypted_import: Disk access to root command execution-2022-07-05
1310461Security: chrome.downloads.download could be abused to steal user's environment variables like secrets, tokens or keys on windows.$7,0002022-07-05
1310597Chromium: Vulnerability reported in third_party/liblouis-2022-07-05
1283050Heap-use-after-free in RenderViewHostImpl::ActivatePrerenderedPage-2022-07-04
1278608Security: CA certificate import exploitable with large DSA and RSA-PSS signatures on Linux/ChromeOS-2022-07-02
1299211Use After Free in TextureVk::releaseAndDeleteImageAndViews$10,0002022-07-02
1301148Security: heap UaF in DesksTemplates dialog-2022-07-02
1305403Security: mnt_concierge semi-arbitrary bind mount-2022-07-02
1236325Security: Extensions with debugger permission can list URLs and send commands to incognito tabs and other profile tabs$5,0002022-07-01
1251588Security: download protection bypass on macOS with .inetloc$5002022-07-01
1301873Security: Chrome for Android Hide Custom Fullscreen Toast View with Repeated Exit Enter Fullscreen Request$3,0002022-07-01
1308360Type confusion when using simple api call accessors with SuperIC-2022-07-01
1305401Security: Arcvm custom init-2022-06-30
1306768Security: UAF in SelectFileDialogLacros::OnSelected (lacros-chrome)$3,0002022-06-30
1308178DCHECK failure in HasBytecodeArray() in shared-function-info-inl.h-2022-06-30
1309767DCHECK failure in string.length() == source.length() in string-table.cc-2022-06-30
1309842CrOS: Vulnerability reported in dev-libs/openssl-2022-06-30
1306458Security: Potential UAF in ChromeDesksTemplatesDelegate::OnLacrosChromeUrlsReturned$1,0002022-06-29
1306443getThumbnail() CHECK leaks number of available PDF pages$5002022-06-29
1308253Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-29
1309023Illegal-instruction in permissions::PermissionRequestManager::FinalizeCurrentRequests-2022-06-29
1270008OS Command Injection in node-opencv-2022-06-28
1297643Security: heap-use-after-free ash/drag_drop/drag_drop_tracker.cc:109$3,0002022-06-28
1304075uaf in FrameSinkVideoCaptureDevice::OnLog$5002022-06-28
1306507AddressSanitizer: heap-use-after-free components/history/core/browser/history_backend.cc:2542:22 in history::HistoryBackend::KillHistoryDatabase()$16,0002022-06-28
1307667Bad-cast to blink::MathMLSpaceElement from blink::MathMLElement in blink::MathMLSpaceElement* blink::DynamicTo<blink::MathMLSpaceElement, blink::El-2022-06-28
1266953Tricking a user into a same-page drag-and-drop can disclose data to cross-origin frames-2022-06-27
1293357Security: Samba vulnerabilities CVE-2021-44141, CVE-2021-44142, CVE-2022-0336-2022-06-27
1300507CrOS: Vulnerability reported in net-fs/samba-2022-06-27
1300508CrOS: Vulnerability reported in sys-libs/ldb-2022-06-27
1302431CrOS: Vulnerability reported in net-fs/samba-2022-06-27
1307610Security: RegExp[@@replace] missing write barrier, leading to RCE$20,0002022-06-27
1305706uaf in BookmarkBarView::OnTabGroupButtonPressed$2,0002022-06-25
1299287Video escapes content area$3,0002022-06-24
1299743Security: heap-use-after-free in FileSystemAccessRegularFileDelegate::DoFlush$7,5002022-06-24
1300253Security: Chrome for Android Cancel Enter Fullscreen able to Hide Omnibox$3,0002022-06-24
1304658Security: Debug check failed: type.representation() == MachineRepresentation::kFloat64 || type.representation() == MachineRepresentation::kTagged.$8,5002022-06-24
1275600Security: UAF in ViewsAXTreeManager$20,0002022-06-23
1282384Security: UAF in FocusController::SetFocusedWindow$20,0002022-06-23
1299261Security: [ANGLE] Heap overflow read in vk::IndexBuffer::getIndexBuffers$7,0002022-06-23
1302321gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2022-06-23
1303410Security: ChromeOS - Lockscreen leaks clipboard contents, i.a.$5,0002022-06-23
1305776AddressSanitizer: use-after-poison in blink::WebrtcVideoPerfReporter::InitializeOnTaskRunner webrtc_video_perf_reporter.cc:36$6,0002022-06-23
1297138Security: leak user html content using Dangling Markup injection when http upgrade to https$5002022-06-22
1298122Security: TrustedTypes does not block assignment when modifying existing attribute value via nodeValue/textContent$1,0002022-06-22
1304545Security: Potential Use After Free in ManagedValueStoreCache::OnPolicyUpdated$1,0002022-06-22
1261191Security: Form validation UI dialog can cover whole page$1,0002022-06-21
1301134Security: heap-use-after-free ash/wm/overview/overview_highlightable_view.cc:17:18 in ash::OverviewHighlightableView::SetHighlightVisibility(bool)$3,0002022-06-21
1303458[TurboFan]v8 crashed when compling optimization$5,0002022-06-21
1304368Security: UAF in ui/ozone/platform/wayland/host/wayland_window.cc$7,0002022-06-20
1275414Security: heap-use-after-free in network::server::HttpServer::FindConnection$1,0002022-06-18
1297404Security: heap-use-after-free in global_media_controls::MediaItemManagerImpl::HideItem-2022-06-17
1304045Security: AddressSanitizer: heap-use-after-free ui/views/window/dialog_delegate.cc:419:26 in views::DialogDelegate::AcceptDialog()-2022-06-17
1304145Security: UAF in ScanningHandler$5,0002022-06-17
1162424Security: racing UAF during usrsctp_close in usrsctp in webrtc$5,0002022-06-16
1303253use after free in SelectFileDialogExtension::ExtensionTerminated$3,0002022-06-16
1303613Security: HeapOverflow in ScanningHandler$3,0002022-06-16
1303615Security: HeapOverflow in CertificatesHandler$3,0002022-06-16
1304659Chromium: Vulnerability reported in third_party/libxml-2022-06-16
1301920Security: Web Share API allows to write in UNC paths and/or in C:/Users/<username>/AppData/Local/Temp/ on Windows$5,0002022-06-15
1302644Security: Use After Free in ChromePasswordProtectionService::HandleUserActionOnModalWarning$16,0002022-06-15
1303919Security: libtiff CVE vulnerabilities in 4.2.0 (from pdfium)-2022-06-15
1297429[WebUI] StartupPagesHandler does not adequately verify arguments from JS$7,5002022-06-14
1299264use after free in rx::FramebufferVk::startNewRenderPass$7,0002022-06-14
1302157Security: Heap-use-after-free in ~ExtensionUninstallDialogViews$3,0002022-06-14
1301320Security: heap-use-after-free in extensions::ExtensionApiFrameIdMap::GetFrameId-2022-06-11
1180745stack over flow in swiftshader$7,5002022-06-10
1284582CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1285554CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1287844CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1290799CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1291951CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1292966CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1294201CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1294503CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1295411Security: [ANGLE] Heap use-after-free in CommandBufferHelperCommon::bufferWrite$7,0002022-06-10
1296101CrOS: Vulnerability reported in app-editors/vim-2022-06-10
1296866Security: heap-buffer-overflow in getImageActualFormat$7,0002022-06-10
1299225Security: Heap-use-after-free in QuickAnswersUiController::CloseQuickAnswersView$3,0002022-06-10
1301840uaf in browser_switcher::`anonymous namespace'::OpenBrowserSwitchPage$2,0002022-06-10
1302625DCHECK failure in lhs.Is(Type::Number()) in operation-typer.cc-2022-06-10
1264543Security: Popup with noopener does not consume user activation-2022-06-09
1292360Security: UAF in CalendarView 3$7,0002022-06-09
1296467Security: [ANGLE] Heap use-after-free in BufferHelper::recordReadBarrier$7,0002022-06-09
1302280wayland_fuzzer: Heap-use-after-free in destroy_queued_closure-2022-06-09
1280205Security: Heap-use-after-free in TabStrip::OnGroupCreated$7,0002022-06-08
1299422Security: heap-use-after-free in content::DisplayCutoutHostImpl::SendSafeAreaToFrame-2022-06-08
1207335Chromium: Vulnerability reported in third_party/binutils-2022-06-07
1292304Security: UAF in CalendarView$5,0002022-06-07
1301209dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-06-07
1233333v8_inspector_fuzzer: Use-of-uninitialized-value in v8_crdtp::cbor::CBOREncoder::HandleInt32-2022-06-06
1292261Security: Heap-use-after-free in BrowserList::AddBrowser$7,0002022-06-06
1295654CrOS: Vulnerability reported in net-vpn/strongswan-2022-06-06
1298986dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered-2022-06-06
1273841AddressSanitizer: heap-use-after-free in blink::Screen::AreWebExposedScreenPropertiesEqual$5,0002022-06-04
1290586Calling stopTrack() in a worker fails a To<> cast DCHECK-2022-06-04
1291472MediaStreamTrackinWorker fails Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-04
1291891Uaf in qrcode_generator::QRCodeGeneratorBubbleController::OnBubbleClosed$5,0002022-06-04
1296841CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1296876v8_wasm_code_fuzzer: Crash in Builtins_GenericJSToWasmWrapper-2022-06-04
1300139CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1298884CrOS: Vulnerability reported in app-editors/vim-2022-06-04
1291986Security heap-use-after-free ash/wm/splitview/split_view_divider.cc (chromeOS)$7,0002022-06-03
1296334heap-use-after-free : safe_browsing::VerdictCacheManager::CacheRealTimeUrlVerdict-2022-06-03
1297498UAF in ThreatDetailsCacheCollector::OpenEntry$15,0002022-06-03
1299259freetype_type1_fuzzer: Crash in cf2_interpT2CharString-2022-06-03
1000408getOriginFromUrl in cryptotoken component extension doesn't use real origin-2022-06-02
1292004Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-06-01
1294612uaf in AppLaunchHandler::LaunchApp-2022-06-01
1298015Security: heap-use-after-free in base::SupportsUserData::GetUserData$7,0002022-06-01
1299814CHECK failure: !isolate->concurrent_osr_enabled()-2022-06-01
1279775Security: Stack-Buffer-Overflow in g711_interface.c-2022-05-31
1280851Security: Stack-Buffer-Overflow in WebRtc_g722_decode-2022-05-31
1299418CHECK failure: !isolate->concurrent_osr_enabled() in runtime-test.cc-2022-05-31
1299438CHECK failure: !isolate->concurrent_osr_enabled()-2022-05-31
1083835heap-use-after-free : rlz::RLZTracker::GetAccessPointRlzImpl-2022-05-29
1293191Propagating inertness into nested browsing contexts leaks information, privacy concern?-2022-05-29
1298149Use-after-poison in mojo::internal::InterfacePtrStateBase::Bind-2022-05-29
1298213heap-use-after-free : ash::`anonymous namespace'::EncodeBitmapToPNG-2022-05-29
1193390gpu_raster_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init-2022-05-26
1276002Security: fencedframe element bypass the security policy restrictions of the devtools preview limit$3,0002022-05-26
1296120Security: ChromeOS root privilege escalation (arcvm_server_proxy, cups, arc-create-data)$30,0002022-05-26
1227636Security: [SkPixmap] pdfium SEGV on getColor()-2022-05-25
1280852Security: Stack-Buffer-Overflow in WebRtcPcm16b_Decode$5,0002022-05-25
1292271Security: heap-use-after-free on ash/wm/desks/desks_controller.cc (chromeOS)$7,0002022-05-25
1296407Heap-use-after-free in content::SavePackage::ContinueGetSaveInfo-2022-05-25
1297269Security: Chrome Enterprise MSI installer Elevation of Privileges Vulnerability$20,0002022-05-25
1297541Heap-use-after-free in cppgc::internal::BasicPersistent<blink::NGLayoutResult const, cppgc::internal::S-2022-05-25
1297764Defense in depth: Remove TMP directory fallback for installer payload-2022-05-25
1253281Security: UAF in SQLite renameTokenCheckAll-2022-05-24
1281908Security: DeserializeFromMessage should validate the message header-2022-05-24
1292333DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc-2022-05-24
1295786uaf in blink::MediaInspectorContextImpl::CullPlayers(blink::WebString const&)$5,0002022-05-24
1263825Heap-use-after-free in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse-2022-05-23
1267318SameSite cookies leak via embedded browsing context$5002022-05-23
1291735Security: Sharesheet dialog doesn't show the origin elided from the right$5002022-05-23
1295699Residual UAF in token fetcher code$1,0002022-05-23
1195549dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn_native::vulkan::Device::PrepareRecordingContext-2022-05-21
1270117[iOS] CSP Bypass via Service Worker$5002022-05-21
1294723dawn_wire_server_and_frontend_fuzzer: Crash in tint::diag::Formatter::format-2022-05-21
1296526Heap-use-after-free in history_clusters::OnDeviceClusteringBackend::ClusterVisitsOnBackgroundThread-2022-05-21
1285885Security: [ANGLE] Vulkan : Out-of-bounds memory can be accessed using bound offsets$7,0002022-05-20
1290150Security: redirect detection via Performance API$1,0002022-05-20
1294097Security: Heap-use-after-free in NearbyShareAction::HandleKeyboardEvent$7,0002022-05-20
1295087Bad-cast to blink::LayoutBlock from blink::LayoutImage in blink::LayoutBlock& blink::To<blink::LayoutBlock, blink::LayoutObject>-2022-05-20
1296150Security: [0-day] Use-After-Free in UpdateAnimationTiming-2022-05-20
1077756Security: sandbox doesn't prevent setgid("disk") in shill process tree-2022-05-19
1290700uaf in BrowserSwitchHandler::OnLaunchFinished$2,0002022-05-19
1295999renderer_proto_tree_fuzzer: Use-of-uninitialized-value in blink::NGLayoutResult::NGLayoutResult-2022-05-19
1289394file_system_manager_mojolpm_fuzzer: Heap-use-after-free in storage::ObfuscatedFileUtil::GetDirectoryForStorageKey-2022-05-18
1292537Crash in memfd:swiftshader_jit-2022-05-18
1295221Security: Variant analysis of UAF in AccessiblePaneView-2022-05-18
1264561Security: Chrome for Android Hide Entering Fullscreen Notification Toast using Multiple Toast from Failed to Copy$2,5002022-05-16
1266631Cross-site information leak - CSP Violation reports contain blockedURI's hostname$2,0002022-05-16
1288919tint_wgsl_reader_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-05-15
1289116Heap-use-after-free in rx::vk::GarbageObject::destroy-2022-05-15
1292829dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in tint::diag::Formatter::format-2022-05-15
1293906Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-14
1142269Security: Chromium doesn't conform to SMS Verification APIs leading to potential Access to app protected components vulnerability$1,0002022-05-13
1291482Chrome should ignore responses with http status code 1**-2022-05-13
1270005Heap-buffer-overflow in flatbuffers::EscapeString-2022-05-12
1283546Security: UAF in ProtocolHandlerThrottle using PlzDedicatedWorker$20,0002022-05-12
1291109Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-12
1291471Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-05-12
1156237heap-use-after-free : __72+[NSRemoteViewMarshal _addFreeWindow:parameters:listenerEndpoint:reply:]_block_invoke-2022-05-11
1246188Security: Compromised renderer can set custom cursor up to 1024px over browser UI and other windows$2,0002022-05-11
1273397Security: Heap-buffer-overflow in tabgroup$7,0002022-05-11
1279665Security DCHECK failed: IsA<Derived>(from) in ng_layout_input_node.cc:96 blink::NGLayoutInputNode::TableCellColspan$5,0002022-05-11
1284293AddressSanitizer: heap-use-after-free in TryProcess ui/base/accelerators/accelerator_manager.cc:152:17$7,0002022-05-11
1285601Security: heap-use-after-use in DiscountURLLoader::NavigateToDiscountURL$16,0002022-05-11
1286940Security: heap-use-after-free in ProfileImpl::IsSameOrParent$7,0002022-05-11
1288020heap buffer overflow in sw::Blitter::fastResolve$7,0002022-05-11
1289507dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::OwnedCompilationMessages::AddMessages-2022-05-11
1291728Security: heap-use-after-free in base::ObserverList::RemoveObserver$10,0002022-05-11
1293248css_parser_fast_paths_fuzzer: Use-of-uninitialized-value in bool blink::ParsePercentage<unsigned char>-2022-05-11
1268448Fix unsafe use of lambdas in BaseRenderingContext2D-2022-05-10
1269999Heap-use-after-free in xmlAddNextSibling-2022-05-10
1287864Security: iOS Webkit can leak IndexedDB names-2022-05-09
1290008UAF in printing$15,0002022-05-09
1283402Heap-use-after-free in ChromePermissionsClient::OverrideCanonicalOrigin$15,0002022-05-06
1289383Security: [ANGLE] Heap-buffer-overflow in ImageHelper::SubresourceUpdate::isUpdateToLayers$10,0002022-05-06
1289846Security: CSS keylogger extension using PageStateMatcher and chrome.action.openPopup()$5,0002022-05-06
1290107tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-05-06
1035344API: parameterized overload of GetPropertyNames promises more flexibility than it actually supports-2022-05-05
1280132Security DCHECK failed: IsA<Derived>(from) in ng_block_node.cc:1032 blink::NGBlockNode::FirstChild$5,0002022-05-05
1280233Origin spoofing in WebUSB$3,0002022-05-05
1285636gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sse3::store_NUMBER-2022-05-05
1288251AddressSanitizer: heap-use-after-free asan-linux-release-960248 content::StoragePartitionImpl::GetLockManager() content/browser/storage_partition_impl.cc:1493$15,0002022-05-05
1288881gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in GrDirectContextPriv::validPMUPMConversionExists-2022-05-05
1289678v8_wasm_compile_fuzzer: DCHECK failure in 3 == element_size_log2(kind) in liftoff-assembler-x64.h-2022-05-05
1289715Security: heap-use-after-free in ExtensionFunction::Shutdown$15,0002022-05-05
1290587DCHECK failure in !scope_info_.is_null() in scopes.cc-2022-05-05
1250655#Summary SUMMARY: AddressSanitizer: heap-use-after-free in gpu::CommandBufferProxyImpl::OnDisconnect$7,0002022-05-03
1269996Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned int, 4u> const> hb_array_t<OT::IntType<unsigned-2022-05-03
1270333Security: Integer overflow in HandleTable::AddDispatchersFromTransit leading to memory corruption-2022-05-03
1289378heap-use-after-free : media_router::CastActivityManager::TerminateSession-2022-05-03
1289384Security: might be possible to UaF JavaScriptIsolatedWorldRequest-2022-05-03
1289798Heap-use-after-free in blink::NGBoxFragmentBuilder::PropagateBreakInfo-2022-05-03
1290079v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::SpillRegisterAtMerge-2022-05-03
1242962Security: heap-buffer-overflow in SelectFileDialogImpl::OnSelectFileExecuted$7,0002022-05-02
1270052Security: Chrome for Android Hide Entering Fullscreen Notification Toast with HTML Select Dropdown$3,0002022-05-02
1270470Security: Scrolls are detectable cross-site upon using the Scroll to text fragment feature.$2,0002022-05-02
1278322Security: heap-use-after-free in TemplateURLRef::ParseHostAndSearchTermKey$7,0002022-05-02
1284916Security: UAF in DistilledPagePrefs::SetFontScaling$20,0002022-05-02
1289523Security: heap-use-after-free in TemplateURLFetcher::RequestDelegate::OnTemplateURLParsed$7,0002022-05-02
1289802Use-of-uninitialized-value in v8::internal::JSFunction::EnsureFeedbackVector-2022-05-02
1286816WebUSB out-of-bound access to selected_alternates_ in usb_device if the device has non-sequential alternative interface number-2022-04-29
1285759Security: double-free in content::RenderFrameHostImpl::ResetNavigationRequests$5,0002022-04-28
1288130tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-28
1288769Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-28
1057296COOP isn't inherited to Blob URL-2022-04-27
1253155CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1266771CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1268369CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1268803CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1273811CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1276679CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1277921CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1281941Heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext$1,0002022-04-27
1283018CrOS: Vulnerability reported in app-editors/vim-2022-04-27
1286110Security: heap-buffer-overflow swiftshader Image::copy 3D-2022-04-27
1287364Page can use EyeDropper API to bypass mouse movement/keyboard input requirements for autofill (bypass of issue 1240472 fix)$2,0002022-04-27
1287962Security: [ANGLE] Heap-buffer-overflow in TextureVk::prepareForGenerateMipmap$12,0002022-04-27
1283434A GPU crash (or anything that causes loss of GPU support for Chrome) will create framebuffer ghosting with ImageBitmap$1,0002022-04-26
1287843Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-26
1285622tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-24
1281078Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl$7,0002022-04-23
1282480Security: AddressSanitizer: heap-use-after-free on drag_drop_controller.cc (chromeOS and Lacros)$2,0002022-04-23
1260134Security: RenderFrameHostImpl logic error leading browser UAF$20,0002022-04-23
1244205uaf in content::DesktopCaptureDevice::Core::AllocateAndStart$10,0002022-04-22
1252716Security: heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar$10,0002022-04-22
1260007Security: State tracking issue in RenderFrameHostImpl leading to UaF-2022-04-22
1274445Security: v8 Debug check failed: target_inobject < GetInObjectProperties().$5,0002022-04-22
1278375Security: stack-buffer-overflow in views::ScrollView::OnMouseWheel(ui::MouseWheelEvent const&) in the browser process$3,0002022-04-22
1280941pdf_jpx_fuzzer: Trap in pdfium::base::AlignedAlloc-2022-04-22
1283609Security: UAF in OOBEUI$7,0002022-04-22
1284584Security: UAF in safe_browsing::DownloadRequestMaker::Start$20,0002022-04-22
1285116Security: heap-use-after-free in web_app::ShortcutInfoForExtensionAndProfile$2,0002022-04-22
1286837Global-buffer-overflow in blink::CompositeOperatorName-2022-04-22
1287342Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-04-22
1262902Security: Heap-use-after-free in AccessibilityUIMessageHandler::RequestWebContentsTree$7,0002022-04-21
1274113Security: mojo race NodeName reuse to leak messages-2022-04-21
1212957AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers$8,5002022-04-20
1280743Security: JBIG2_Context.cpp arithmetic looks prone to overflow.-2022-04-20
1283077Security: heap-buffer-overflow in webui tabstrip-2022-04-20
1232866Security: Heap UAF in media_gpu!media::VideoProcessorProxy::VideoProcessorBlt$7,0002022-04-19
1251065Chrome downgrades long-running requests from HTTPS to HTTP after 3 s.$3,0002022-04-19
1275438Security: UAF in DateTimeChooserAndroid::ReplaceDateTime$25,0002022-04-19
1281763Security: UAF in GoogleSearchDomainMixingMetricsEmitter$10,0002022-04-19
1282118Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded$10,0002022-04-19
1285596Crash in cppgc::internal::MemberBase::MemberBase-2022-04-19
1285882Crash in blink::LayoutObject::RemoveChild-2022-04-19
1273017Security: Inappropriate implementation in PushMessaging$10,0002022-04-18
1282320Security: use-after-poison in blink::InspectorAccessibilityAgent::RefreshFrontendNodes$5002022-04-18
1283124AddressSanitizer: use-after-poison cc\layers\texture_layer.cc:169 in cc::TextureLayer::Update$5,0002022-04-18
1285007DCHECK failure in reg.ToInt() < register_data_.size() in mid-tier-register-allocator.cc-2022-04-18
1281859CrOS: Vulnerability reported in sys-libs/binutils-libs-2022-04-17
1277917heap-use-after-free : mojo::DataPipeDrainer::WaitComplete-2022-04-16
1283375UAF in PrintViewManagerBase$15,0002022-04-16
1284138heap-use-after-free base/memory/scoped_refptr.h:261:43 in operator bool (chromeOS)$7,0002022-04-16
1249964intent:// URIs can launch BROWSABLE non-exported activities in the sending app-2022-04-15
1267748sqlite3_fts3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeExec-2022-04-15
1270593Security: Chrome for Android Delay Navigate then requestFullScreen will Hide Omnibox$7,5002022-04-15
1271896CrOS: Vulnerability reported in dev-libs/gmp-2022-04-15
1275531CrOS: Vulnerability reported in net-wireless/bluez-2022-04-15
1275622file_system_manager_mojolpm_fuzzer.exe: Heap-use-after-free in storage::ObfuscatedFileUtil::InitOriginDatabase-2022-04-15
1277328Security: heap-use-after-free in ui::AXTree::NotifyNodeWillBeReparentedOrDeleted$7,0002022-04-15
1279188Security: Elevation of Privileges in chrome installer when removing scoped directory during updates$10,0002022-04-15
1279531heap-use-after-free in media_router::CastMediaSinkService::StartMdnsDiscovery$7,0002022-04-15
1282651dawn_wire_server_and_vulkan_backend_fuzzer: Container-overflow in dawn_native::OwnedCompilationMessages::AddMessage-2022-04-15
1282782Type Confuse Security DCHECK failed: !node || IsTextControl(*node) text_control_element.h(268)$5,0002022-04-15
1283090heap-use-after-free : DefaultPrefStore::~DefaultPrefStore-2022-04-15
1283371Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles$15,0002022-04-15
1283805Heap-buffer-overflow in TableView::OnItemsRemoved-2022-04-15
1283807Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds-2022-04-15
1284367Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails-2022-04-15
1284509tint_regex_hlsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run-2022-04-15
1284742freetype_truetype_fuzzer: Heap-buffer-overflow in tt_face_vary_cvt-2022-04-15
1285122v8_inspector_fuzzer: DCHECK failure in IsInvalid(c0_) || base::IsInRange(c0_, 0u, unibrow::Utf16::kMaxNonSurrogateCharC-2022-04-15
1249626heap-use-after-free : void exo::wayland::DestroyUserData<exo::wayland::`anonymous namespace'::WaylandPointerStylusDelegate>-2022-04-13
1250227SUMMARY: AddressSanitizer: heap-use-after-free web_view_impl.cc:1020 in blink::WebViewImpl::ClosePagePopup$7,5002022-04-13
1254422Intent selectors allow intents from the web to bypass intent filter requirements-2022-04-13
1282224v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register-2022-04-13
1282645Container-overflow in content::RenderFrameHostImpl::OnBackForwardCacheDisablingFeatureRemoved-2022-04-13
1283042v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register-2022-04-13
1283681Security: UAF in heap-use-after-free inin DevToolsWindow::Show(browser process)$3,0002022-04-13
1261713Security: Heap-use-after-free in feedback::FeedbackData::SendReport$1,0002022-04-12
1279368AddressSanitizer: use-after-poison local_frame_view.cc:818 in blink::LocalFrameView::PerformLayout-2022-04-12
1283255heap-use-after-free : DownloadItemView::DropdownButtonPressed-2022-04-09
1283198Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail-2022-04-07
1278960Security: Heap-use-after-free in autofill::EditAddressProfileView::WindowClosing$7,0002022-04-05
1282272Google Chrome Browser Private key leaks on github-2022-04-03
1274323Crash in SkArenaAllocWithReset::reset$6,0002022-04-01
1268240Security: UaF in AccessibilityUIMessageHandler::Callback$1,0002022-03-31
1275020SUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState<void (content::StorageNotificationService::*)(url::Origin), UnretainedWrapper<content::StorageNotificationService>$20,0002022-03-31
1277327Security: heap-use-after-free ui::AXEventRecorder::OnEvent$7,0002022-03-31
1280456Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop$3,0002022-03-31
1281881Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase$2,0002022-03-31
1276331Security: heap-buffer-overflow around blink::mojom::WidgetInputHandlerProxy::DispatchEvent-2022-03-30
1281800UAF crash may happen on child_process_launcher_android.cc-2022-03-30
1270358Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins$17,0002022-03-29
1270498heap-buffer-underflow : ash::ScrollableShelfView::GetTargetScreenBoundsOfItemIcon-2022-03-29
1278988Security DCHECK failed: IsA<Derived>(from) in blink::LayoutTableSection::AddCell layout_table_section.cc:277-2022-03-29
1264196heap-use-after-free : ash::ShelfID::IsNull-2022-03-27
1271538v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::AllocateInput-2022-03-27
1280822Use-after-poison in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers-2022-03-27
1274316uaf in rx::vk::CommandBufferHelper::bufferWrite$5,0002022-03-24
1278180Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId$10,0002022-03-24
1209467CrOS: Vulnerability reported in net-fs/samba-2022-03-23
1231037Security: invalid parsing of HTML by tree_builder_simulator leading to mutation XSS$5,0002022-03-23
1261790CrOS: Vulnerability reported in sys-libs/ldb-2022-03-23
1261791CrOS: Vulnerability reported in net-fs/samba-2022-03-23
1249426heap buffer overflow in BookmarkManagerPrivateDropFunction::RunOnReady$1,0002022-03-22
1261689Security: scrollTop of ListBox autofill preview discloses sensitive information$4,0002022-03-22
1272967Security: UAF in P2PSocketTcpServer::DoAccept$5,0002022-03-22
1276203heap-use-after-free : ash::DeskActivationAnimation::EndSwipeAnimation-2022-03-22
1279147Heap-use-after-free in CPDF_AnnotContext::~CPDF_AnnotContext-2022-03-22
1279151crash in v8 heap(--js-flags=--experimental-wasm-gc)$5,0002022-03-22
1279383DCHECK failure in IsAligned(result, kAlignmentInBytes) in zone.cc-2022-03-22
1238209container-overflow in blink::UserMediaProcessor::DetermineExistingAudioSessionId$5,0002022-03-21
1132124Security: SODA is provided a privileged URLLoaderFactory-2022-03-19
1272266Security: swiftshader heap-use-after-free in getOffsetPointer$5,0002022-03-19
1242339CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc-2022-03-18
1247389Security: Possible to see the user's system environment variables like secrets, tokens or keys$10,0002022-03-18
1268903Security: Use of uninitialized on-stack pointer in storage::BlobBuilderFromStream-2022-03-18
1276850UAF in AutofillPopupControllerImpl::HandleKeyPressEvent$20,0002022-03-18
1278589Security: Certificate Viewer remotely expoitable with large DSA and RSA-PSS signatures on Linux/ChromeOS (before 98.0.4714.0)-2022-03-18
1259557Security: mojo AddBrokerClient can be sent to non-broker nodes (node<->node mitm)-2022-03-17
1276715Heap-use-after-free in content::TestRunnerBindings::InvokeV8Callback-2022-03-17
1262080Security: heap-buffer-overflow swiftshader Image::copy$5,0002022-03-16
1262676SUMMARY: AddressSanitizer: access-violation regexp-interpreter.cc:461 in v8::internal::`anonymous namespace'::RawMatch<unsigned char>$5,0002022-03-16
1263457Security: Interface ID reuse leading to memory corruption in IPC::ChannelAssociatedGroupController-2022-03-16
1273537heap-use-after-free : chromeos::AppDownloadingScreenHandler::Bind-2022-03-16
1273661Security: webgl global-buffer-overflow in getIncompleteTexture$5,0002022-03-16
1274248wayland_buffer_fuzzer: Crash in libwayland-server.so.0-2022-03-16
1276923Security: Debug Check failed in HAS_WEAK_HEAP_OBJECT_TAG-2022-03-16
1272068Security: Wild read with renderbuffers$5,0002022-03-13
1270095Security: Use after Free in content::AccessibilityEventRecorderWin::AccessibleObjectFromWindowWrapper$1,0002022-03-12
1274376uaf in chrome_pdf::PdfViewPluginBase::LoadAccessibility$5,0002022-03-12
1240472Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill$3,0002022-03-11
1241585Security: Page can use space key input to cause autofill prompt to render under cursor, bypasses mouse movement/designated keyboard input requirements for autofill$1,0002022-03-11
1267060Chrome_ChromeOS: Crash Report - views::Widget::CloseWithReason via TabStripPageHandler::OnTabGroupChanged$1,0002022-03-11
1270007Heap-buffer-overflow in int flatbuffers::ReadScalar<int>-2022-03-11
1270658Security: use after free in swiftshader$5,0002022-03-11
1274499Security: [ANGLE] D3D11 : Integer Underflow in ElementsInBuffer results in wild copy$7,5002022-03-11
1275431code_cache_host_mojolpm_fuzzer: Segv on unknown address in content::GeneratedCodeCache::IssueNextOperation-2022-03-11
1275559dcsctp_socket_fuzzer: Use-of-uninitialized-value in crc32c::ExtendSse42-2022-03-11
1275892Security: UAF in ScreenCaptureMachineAndroid::OnActivityResult$15,0002022-03-11
1270014UNKNOWN READ in WelsDec::WelsMarkAsRef-2022-03-10
1115460Security: Possible for extension to escape sandbox via Input.dispatchKeyEvent and devtools_page$15,0002022-03-09
1201032Security: Use-After-Free in SelectFileDialog$25,0002022-03-09
1252562heap-use-after-free : content::ViewsWidgetVideoCaptureDeviceMac::UIThreadDelegate::OnScopedCGWindowIDMouseMoved-2022-03-09
1271747heap-use-after-free : safe_browsing::SafeBrowsingPrimaryAccountTokenFetcher::OnTokenFetched-2022-03-09
1272250Security: CSS transform and backface-visibility: hidden allow to render over Chrome UI$1,0002022-03-09
1273197heap-use-after-free window_dimmer.cc (chromeOS)$7,0002022-03-09
1273395Container-overflow in blink::DisplayLockContext::DetachDescendantTopLayerElements-2022-03-09
1273674uaf in local_card_migration_dialog_view$7,5002022-03-09
1274061Security: UAF in BluetoothPrefStateObserver-2022-03-09
1265806Security: webrtc: out-of-bounds write in audio channel processing$8,5002022-03-08
1267426Deleting broker decoder in error callback path is risky-2022-03-08
1270990Performance API is not consistent for preloaded requests which can be used to leak the size of cross-origin resources$2,0002022-03-08
1271853Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-03-08
1272208Security: heap-use-after-free in the media::AudioManagerBase in the browser process$15,0002022-03-08
1272403Security: HeapOverflow in PageLoadMetrics$15,0002022-03-08
1273609heap-use-after-free video_recording_watcher.cc:673:7$10,0002022-03-08
1274641Security: UaF on DesksBarView::EndDragDesk in desks_bar_view.cc:663:5$7,0002022-03-08
1260939Security: TFC 2021 loader bug$10,0002022-03-07
1263417Non-positive-vla-bound-value in blink::CanvasPath::roundRect$1,0002022-03-07
1267496Security: webgl heap-buffer-overflow LoadCompressedToNative$2,0002022-03-07
1274322Bad-cast to views::FootnoteContainerView from views::BubbleFrameView in views::BubbleFrameView::ViewHierarchyChanged-2022-03-07
1274324Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewBase in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed-2022-03-07
1274044Bad-cast to void *(unsigned long) in xmlAllocParserInputBuffer-2022-03-06
1271835CHECK failure: marking_state_->IsBlackOrGrey(heap_object)-2022-03-04
1273001Segv on unknown address in tint::writer::msl::Options::operator=-2022-03-04
1273140Security: heap-use-after-free in DevToolsWindow::ActivateWindow-2022-03-04
1273176Security: heap-use-after-free in DevToolsWindow::Show-2022-03-04
1273593Crash in blink::NGInlineItemsBuilderTemplate<blink::EmptyOffsetMappingBuilder>::AppendTex-2022-03-04
1273705CHECK failure: (location_) != nullptr in maybe-handles.h-2022-03-04
1177652The destruction timing issue between RenderFrameHostImpl and DedicatedWorkerHost/DedicatedWorkerHostFactoryImpl-2022-03-03
1239496Security: Pointer lock can be used to bypass mouse movement/keyboard input requirements for autofill$3,0002022-03-03
1239760Security: Autofill prompt for a page can render over different origin, allows spoofing of autofill context origin$5,0002022-03-03
1261415webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_encode_tiles_row_mt-2022-03-03
1268400Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers()$1,0002022-03-03
1267791[ozone/wayland]use-after-free in WaylandWindow$10,0002022-03-03
1272269Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleViewDelegate::IsBubbleVisible$7,0002022-03-03
1273344Null-dereference READ in rx::vk::QueryHelper::writeTimestamp-2022-03-03
1272180webcodecs_image_decoder_fuzzer: Crash in mv_projection-2022-03-02
1115847Security: SameSite policy bypassed with Service Worker FetchEvent-2022-03-01
1266510Security: container-overflow in ExtensionsToolbarContainer::SetExtensionIconVisibility$1,0002022-03-01
1271384Security: Debug check failed: receiver->IsJSReceiver()-2022-03-01
1272181Bad-cast to content::ServiceVideoCaptureProvider::ServiceProcessObserver from invalid vptr in base::internal::UnretainedWrapper<content::ServiceVideoCaptureProvider::ServiceP-2022-03-01
1113812Security: Linux Kernel shift-out-of-bounds in arch/x86/kvm/vmx/pmu_intel.c:365:45-2022-02-27
1117173Security: Possible for extension to escape sandbox via Input.synthesizeTapGesture$10,0002022-02-27
1269151Security: Extension can automatically start Crostini on log-in-2022-02-27
1271456Access violation with --turbo_inline_js_wasm_calls-2022-02-27
1272076pdf_formcalc_context_fuzzer: DCHECK failure in marking_support_ != MarkingType::kAtomic in heap.cc-2022-02-27
661852CSP form-action checks full URL on redirects-2022-02-24
1027592Security: Chrome for ios crash when selecting long message with special characters-2022-02-24
1245629heap-use-after-free in OnBrowserSetLastActive$5,0002022-02-24
1255713Security: UI spoofing using a very long URL$3,0002022-02-24
1259899heap-use-after-free : blink::RTCVideoEncoder::Impl::EncodeFrameFinished-2022-02-24
1267661Security: heap-use-after-free in content::WebContentsObserver::web_contents$15,0002022-02-24
1267811UAF on nearby_share_contact_downloader_impl.cc$10,0002022-02-24
1268738V8 debug check failed: new_target->IsConstructor()$5,0002022-02-24
1269344uaf in content::BroadcastChannelService::ConnectToChannel$20,0002022-02-24
1270817CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc-2022-02-24
1270826Crash in v8::internal::MarkCompactCollector::ProcessMarkingWorklist<0>-2022-02-24
1230444Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)$1,0002022-02-22
1262525CrOS: Vulnerability reported in net-vpn/strongswan-2022-02-22
1264705Crash in hsw::lowp::gather_NUMBER-2022-02-22
1266688Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer-2022-02-22
1269307Security: Use after free in WebApkIconHasher$20,0002022-02-22
1270356DCHECK failure in !scope_info_.is_null() in scopes.h-2022-02-22
1242424Security: History Cached Page of the Lens region search cause url spoof$2,0002022-02-21
1267514DCHECK failure in !scope_info_.is_null() in scopes.h-2022-02-21
1269225Security: Memory corruption in renderer process-2022-02-19
1171997heap-use-after-free : UnloadController::ProcessPendingTabs-2022-02-18
1265570DCHECK failure in shared_info->HasBytecodeArray() in js-objects.cc-2022-02-18
1268682mediasource_MP4_AV1_pipeline_integration_fuzzer: Crash in dav1d_refmvs_load_tmvs-2022-02-18
1268759Security: Use After Free AppServiceContextMenu::ExecuteCommand$15,0002022-02-18
1248289Service worker can use web assembly without unsafe-eval.-2022-02-17
1263741Security: libjxl has security bugs-2022-02-17
1267627Security: Web Serial - Out of bound read in SerialPortUnderlyingSink::WriteData().$7,5002022-02-17
1269315DCHECK failure in old_code_pages->size() == new_code_pages->size() + 1 in isolate.cc-2022-02-17
1011497Security: Remote debug can be used to access protected profile data (e.g. cookies)-2022-02-16
1202970Security: Sanitizer API bypass-2022-02-16
1240593Security: heap-use-after-free in blink::NativeIOFile::DoRead-2022-02-16
1262953Improper restriction in password saving form, while navigation from one site to another site-2022-02-16
1262183Security: heap-use-after-free in storage::BlobURLStoreImpl::Revoke-2022-02-16
1264873Security: SOP bypass using drag and drop-2022-02-16
1265197XSS from chrome-untrusted://new-tab-page URL parsing$5002022-02-16
1267276Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-02-16
1267624Security: Wild write in angle$5,0002022-02-16
1268274Security: Storage Foundation read()/write() access DOMArrayBufferView off the heap's thread-2022-02-16
1241188Security: "Origin" header incorrectly set for cross-site request via service worker$3,0002022-02-15
1267027Security: webgl heap-use-after-free in BitSetT$5,0002022-02-15
1267420CrOS: Vulnerability reported in net-libs/libmicrohttpd-2022-02-15
1267424Security: webgl heap-buffer-overflow getDrawSubresourceSerial$5,0002022-02-15
1260129Security: V8 CreateLiteral type confusion when processing ..spread leads to RCE$20,0002022-02-15
1241091Security: heap-use-after-free in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread-2022-02-14
1254189Primitive type confusion in ia32 AssembleCodePhase$7,5002022-02-14
1266293Security: heap-use-after-free in BluetoothSerialDeviceEnumerator::OnGotClassicAdapter-2022-02-14
1266437Use after free in getSamplerTexture$5,0002022-02-14
1267674v8_regexp_parser_fuzzer: DCHECK failure in index < length() / kUInt16Size in fixed-array-inl.h-2022-02-14
1238631Security: Share dialog on Windows can render over address bar, window controls-2022-02-12
1264584heap-use-after-free : location::nearby::chrome::SubmittableExecutor::RunTask-2022-02-12
1264988Security: ASan reports wild reads in swiftshader$5,0002022-02-12
1264703Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::~SharingHubBubbleController$5,0002022-02-11
1259170Unsafe uses of uninitialized graphics memory-2022-02-09
1264477Security: Site Isolation bypass via NavigationPreloadRequest-2022-02-09
1264508v8_regexp_parser_fuzzer: DCHECK failure in r.to() < kMaxUInt16 in regexp-macro-assembler.cc-2022-02-09
1168553Security: host root command execution-2022-02-08
1260649Leaking size of cross-origin resources by using Range Requests, Service Workers, Fetch API, and the Cache API$2,0002022-02-08
1260783Use after free in gl::VertexArray::setDependentDirtyBit$5,0002022-02-08
1262791Security: Type confusion in UnderlyingSinkBase::start$15,0002022-02-08
1264013Trap in Builtins_CheckTurbofanType-2022-02-08
1264282Security: UAF in SharingHub$5,0002022-02-08
1265275CHECK failure: function_literal_id < script->shared_function_info_count() in objects.cc-2022-02-08
1237310Security: Autofill prompt can render over permission prompts after they have opened$3,0002022-02-05
1248963CrOS: Vulnerability reported in app-editors/vim-2022-02-05
1260858Heap-use-after-free in color input on switching screens (MacOS)$10,0002022-02-05
1263620Google Chrome MediaStreamTrackGenerator use after free vulnerability (TALOS-2021-1398)$7,5002022-02-05
1139417arc-setup: ArcMounterImpl::LoopMount() can be raced-2022-02-03
1254113heap-use-after-free : crosapi::DriveIntegrationServiceAsh::~DriveIntegrationServiceAsh-2022-02-03
1256822Sandbox escape: bypass allow-popups-to-escape-sandbox$2,5002022-02-03
1259694Contact dialog can be shown over a cross-origin page which might confuse a user into leaking sensitive information to an attacker$1,0002022-02-03
1262091Security: heap-use-after-free swiftshader getCurrentViewCount$5,0002022-02-03
1262208Security: Write setgid_resetriction policy files-2022-02-03
1248444Guessing the URL a cross-origin iframe was redirected to by listening to the load event$5,0002022-02-02
1258932Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-02-02
1263462Security: JSON.stringify leaks TheHole value, leading to RCE-2022-02-02
1263486Security DCHECK failure: IsA<Derived>(from) in casting.h-2022-02-02
1263961Use-of-uninitialized-value in v8::internal::StackGuard::PopInterruptsScope-2022-02-02
1264015CHECK failure: push_segment_ implies push_segment_->IsEmpty()-2022-02-02
1248438uaf in FileManagerPrivateInternalComputeChecksumFunction::Run$10,0002022-02-01
1258809Security: UaF in extension management policy parsing-2022-02-01
1263327v8_regexp_parser_fuzzer: DCHECK failure in !ranges->is_empty() in regexp-compiler.cc-2022-02-01
1260621Security: PDFium Use-After-Free in v8::internal::ArrayBufferExtension::Mark$1,0002022-01-31
1251567Heap-buffer-overflow in rx::ProgramExecutableVk::updateBuffersDescriptorSet-2022-01-30
1261542freetype_cff_ftengine_fuzzer: Use-of-uninitialized-value in ft_mem_free-2022-01-28
1261728freetype_type1_render_fuzzer: Use-of-uninitialized-value in T1_Get_MM_Var-2022-01-28
1261762freetype_type1_fuzzer: Use-of-uninitialized-value in T1_Set_MM_Design-2022-01-28
1262112dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_native::AbslFormatConvert-2022-01-28
1197889Security: Origin spoof in external protocol dialogs via server-side redirect to external protocol$2,0002022-01-27
1261343freetype_colrv1_fuzzer: Use-of-uninitialized-value in ft_mem_free-2022-01-27
1261450freetype_truetype_fuzzer: Use-of-uninitialized-value in FT_Get_Gasp-2022-01-27
1227170Security: Another autocomplete preview text leak$5,0002022-01-26
1242667CrOS: Vulnerability reported in sys-libs/glibc-2022-01-26
1248889CSP Violation reports contain blockedURI's hostname$1,0002022-01-26
1253038Security: negative-size-param in image_editor::ScreenshotFlow::RemoveUIOverlay$5,0002022-01-26
1253101Security: font side-channel attack against <input> and <textarea> autofill preview discloses sensitive information-2022-01-26
1254746SUMMARY: AddressSanitizer: stack-use-after-scope renderer11_utils.cpp:2299 in rx::d3d11::SetDebugName$5,0002022-01-26
1259022Security: UAF when sending tab to device in android-2022-01-26
1260577Security: TianfuCup RCE bug Type confusion in LoadIC::ComputeHandler-2022-01-26
1260606gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in vk::DescriptorSet::ParseDescriptors-2022-01-26
1260690Segv on unknown address in sh::OutputSPIRVTraverser::visitConstantUnion-2022-01-26
1260940Security: TFC WebTransport bug-2022-01-26
1167028Security: WPA2-Enterprise/EAP Subject Matching Vulnerability$3,0002022-01-24
1243279CrOS: Vulnerability reported in sys-libs/glibc-2022-01-24
1249962Security: In-the-wild using intents to redirect to other browsers-2022-01-24
1251673Security: Continued AddEventListener GC problems$5,0002022-01-24
1260189PotentiallyDanglingMarkup() lost when removing fragment identifier-2022-01-24
1039885Dangling markup attack through background attribute allows data exfiltration$1,0002022-01-22
1256885Security: Page.addCompilationCache devtools API could lead to arbitrary machine code execution-2022-01-21
1259864Security: heap-use-after-free in ForceSigninVerifier::SendRequestIfNetworkAvailable$10,0002022-01-21
1259587Security: UAP on creating WebAssembly memories on document reload$7,5002022-01-20
1258398Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-01-19
1244289Security: SameSite Cookie Bypass via BackgroundFetch$3,0002022-01-18
1257891heap-buffer-overflow in WebMediaPlayerMSCompositor::ReplaceCurrentFrameWithACopyInternal()$7,5002022-01-18
1258603DCHECK failure in function->shared().HasFeedbackMetadata() in js-function.cc-2022-01-18
1258663CHECK failure: !field_type.NowStable() || field_type.NowContains(value)-2022-01-18
1258839freetype_type1_fuzzer: Heap-buffer-overflow in ps_parser_skip_spaces-2022-01-18
1259045freetype_type1_ftengine_fuzzer: Use-of-uninitialized-value in t1_decoder_parse_metrics-2022-01-18
1249491use after free in ash::sharesheet::SharesheetBubbleView::CloseBubble$7,5002022-01-17
1255464Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree-2022-01-16
1251073Container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop-2022-01-15
1258235Bad-cast to blink::HTMLSlotElement from blink::HTMLStyleElement in blink::HTMLDetailsElement::ManuallyAssignSlots-2022-01-15
906200Security: XSS in chromium-cq-status.appspot.com-2022-01-14
1255332UaF in PDF accessibility due to relayout$5,0002022-01-14
1257254Use-after-poison in mojo::InterfaceEndpointClient::NotifyError-2022-01-14
957553Security: Extension messages can indefinitely extend user activation expiry and repeatedly use of it$3,0002022-01-13
1222498Sanitize CompositorFrame for shared element directives.-2022-01-13
1253746Security: WebAudio oob read in AudioDelayDSPKernel::ProcessKRate$2,0002022-01-13
1255314hb_subset_fuzzer: Crash in BEInt<unsigned short, 2>::operator unsigned short-2022-01-13
1237730Security: v8 CHECK Failed IsStruct_NonInline in Torgue Struct-Tq-Inl$5,0002022-01-12
1249810Security: Use After Free in DevToolsFileHelper::GetFileSystems$10,0002022-01-12
1250904tint_regex_spv_writer_fuzzer: Crash in LLVMFuzzerCustomMutator-2022-01-12
1254656hb_subset_fuzzer: Heap-buffer-overflow in bool OT::OffsetTo<OT::MathGlyphAssembly, OT::IntType<unsigned short, 2u>, true>:-2022-01-12
1255152pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-12
1255368DCHECK failure in first_const_pool_32_use_ == -1 in assembler-arm.cc-2022-01-12
1256835hb_subset_fuzzer: Heap-buffer-overflow in OT::MathValueRecord* hb_serialize_context_t::embed<OT::MathValueRecord>-2022-01-12
1236318AddressSanitizer: heap-buffer-overflow mojo::internal::Serializer<BigBufferDataView,BigBufferView>::Serialize$7,5002022-01-10
1238309Security: Chrome incorrectly interprets newlines in HTTP headers in HTTP/3, allowing for some header splitting possibilities-2022-01-10
1247260Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability (TALOS-2021-1372)$7,5002022-01-10
1254704v8_regexp_parser_fuzzer: Use-of-uninitialized-value in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>-2022-01-10
1255354CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc-2022-01-10
1255330Trap in Builtins_CheckNumberInRange-2022-01-10
1252074Security: ChromeOS root command persistence$15,0002022-01-08
1252878use after poison in blink::Element::DidMoveToNewDocument$10,0002022-01-08
1254675CHECK failure: thrower->error()-2022-01-08
1251664tint_ast_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError-2022-01-07
1252858Security: mojo OnIntroduce doesn't validate peer node (node<->node mitm)-2022-01-07
1254131Security: Crash when closing tab with sending tab to device dialog-2022-01-07
1254631Security: Chrome 94 does not correctly set Integrity level of all processes to Untrusted$3,0002022-01-07
1255123Crash in PreflightLoader::HandleResponseHeader on failed preflight-2022-01-07
1252354Security: UAF in IdentityDialogController::ShowIdProviderWindow$25,0002022-01-05
1251179Security: Fetch leaks information about cross-origin redirects$1,0002022-01-05
1253399Security: pdfium heap buffer overflow in cfx_dibbase.cpp$7,5002022-01-05
1253976DCHECK failure in \\' == current() in regexp-parser.cc-2022-01-05
1254396Segv on unknown address in device::PlatformSensorFusion::Factory::SensorCreated-2022-01-05
1241860SUMMARY: AddressSanitizer: heap-use-after-free Runtime.cpp:439 in v8_inspector::protocol::Runtime::Frontend::exceptionThrown$5,0002022-01-04
1252148Security: Arbitrary bind mount-2022-01-04
1252620Heap-use-after-free in v8::internal::TurboAssemblerBase::set_root_array_available-2022-01-03
1253041DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-02
1245578Security: heap-use-after-free in PPAPIDownloadRequest::AllowlistCheckComplete$20,0002022-01-01
1252634pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc-2022-01-01
1252729tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint_all_transforms_fuzzer.cc-2022-01-01
1252795tint_vertex_pulling_fuzzer: Use-of-uninitialized-value in tint::fuzzers::DataBuilder::string-2022-01-01
1252942tint_wgsl_reader_msl_writer_fuzzer: Use-of-uninitialized-value in tint::writer::msl::Sanitize-2022-01-01