1322425
|
CrOS: Vulnerability reported in media-libs/freetype
|
-
|
2022-12-31
|
1322858
|
CrOS: Vulnerability reported in media-libs/freetype
|
-
|
2022-12-31
|
1343384
|
heap-buffer-overflow in RPHReferenceManager::OnWebContentsDestroyedOrNavigated
|
$7000
|
2022-12-31
|
1365082
|
Existing Trusted Types check for javascript url can be bypassed
|
-
|
2022-12-31
|
1366633
|
heap-use-after-free supports_user_data.cc:30 in base::SupportsUserData::GetUserData
|
-
|
2022-12-31
|
1366813
|
Security: custom_element_registry use-after-poison
|
$7000
|
2022-12-31
|
1367107
|
CHECK failure: elements() == ReadOnlyRoots(isolate).empty_fixed_array()
|
-
|
2022-12-31
|
1367133
|
CHECK failure: fixed_size_above_fp + (stack_slots * kSystemPointerSize) - CommonFrameConstants:
|
-
|
2022-12-31
|
1364492
|
Security: Heap-use-after-free in UnusedSitePermissionsService::UpdateUnusedPermissionsAsync
|
$1000
|
2022-12-29
|
1366521
|
Security: Cast cert verification: builtin certificate verifier can be bypassed with invalid TBS signature algorithm
|
-
|
2022-12-29
|
1302813
|
Heap-use-after-free in ImportDataHandler::~ImportDataHandler
|
$2000
|
2022-12-28
|
1303306
|
Security: Locked devices - VPN adding possible
|
$5000
|
2022-12-28
|
1328708
|
UAF in SessionLogHandler::FileSelected
|
$2000
|
2022-12-28
|
1344514
|
Heap-use-after-free on CaptionBubble::BackToTabButtonPressed
|
$1000
|
2022-12-28
|
1350564
|
Security: heap-use-after-free chrome/browser/ui/views/tabs/tab_drag_controller.cc:1480:7 (Lacros)
|
$2000
|
2022-12-28
|
1351339
|
double-free in libXml's error handling
|
-
|
2022-12-28
|
1359937
|
ASSERT: i >= 0 && i < len_
|
-
|
2022-12-28
|
1365248
|
Heap-use-after-free in void base::internal::Invoker<base::internal::BindState<void
|
-
|
2022-12-28
|
1362529
|
v8_inspector_fuzzer: DCHECK failure in maybe_result.is_null() in microtask-queue.cc
|
-
|
2022-12-27
|
1358026
|
Security: Heap-use-after-free in FrameUserNoteChanges
|
$7000
|
2022-12-26
|
1363021
|
uaf in TemplateStore::GetTemplates
|
-
|
2022-12-26
|
1363998
|
Security: UAF in TransportClientSocket
|
$11000
|
2022-12-26
|
1363859
|
v8_wasm_compile_fuzzer: DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in
|
-
|
2022-12-25
|
1363895
|
v8_wasm_compile_fuzzer: Trap in v8::internal::Scavenger::Process
|
-
|
2022-12-25
|
1348464
|
Security: container-overflow in HistoryClustersHandler::OpenVisitUrlsInTabGroup
|
$2000
|
2022-12-23
|
1362487
|
Trap in v8::internal::__RT_impl_Runtime_AbortCSADcheck
|
-
|
2022-12-23
|
1364319
|
DCHECK failure in type.representation() == MachineRepresentation::kFloat64 || type.representation(
|
-
|
2022-12-23
|
1364539
|
CHECK failure: next_index().Number() >= 0 in objects-debug.cc
|
-
|
2022-12-23
|
1183604
|
Compromised web renderer that *hasn't* run any content scripts can spoof chrome.storage (and other API calls) for any extension
|
-
|
2022-12-22
|
1237637
|
wayland_buffer_fuzzer: Use-of-uninitialized-value in ui::WaylandScreen::AddOrUpdateDisplay
|
-
|
2022-12-22
|
1351177
|
Security: Potential UAF in WebstoreInstallWithPrompt
|
$2000
|
2022-12-22
|
1358375
|
Heap-use-after-free in PresShell::DispatchSynthMouseMove
|
-
|
2022-12-22
|
1358870
|
Security: UAF in CompoundTabContainer
|
$8000
|
2022-12-22
|
1358907
|
Heap-use-after-free in blink::StyleVariables::operator==
|
$9000
|
2022-12-22
|
1359382
|
DCHECK failure in !node->is_dead() in maglev-regalloc.cc
|
-
|
2022-12-22
|
1359429
|
CHECK failure: properties_or_hash__value.IsSmi() || properties_or_hash__value.IsFixedArrayBase(
|
-
|
2022-12-22
|
1359745
|
DCHECK failure in IsPrimitiveMap() in map-inl.h
|
-
|
2022-12-22
|
1359928
|
CHECK failure: shared(isolate).IsSharedFunctionInfo() in objects-debug.cc
|
-
|
2022-12-22
|
1360792
|
Crash in Builtins_JSEntryTrampoline
|
-
|
2022-12-22
|
1360797
|
CHECK failure: map.IsMap(cage_base) in new-spaces.cc
|
-
|
2022-12-22
|
1360801
|
Trap in v8::internal::Isolate::PushStackTraceAndDie
|
-
|
2022-12-22
|
1360875
|
Crash in Builtins_StringEqual
|
-
|
2022-12-22
|
1362954
|
Crash in v8::internal::Invoke
|
-
|
2022-12-22
|
1364069
|
Segv on unknown address in v8::internal::IsolateData::cage_base
|
-
|
2022-12-22
|
1323488
|
memeory corruption in frame_queue_underlying_source.cc
|
$3000
|
2022-12-20
|
1358872
|
DCHECK failure in descriptors.GetDetails(index).representation().IsDouble() in maglev-graph-builde
|
-
|
2022-12-20
|
1358878
|
DCHECK failure in is_loadable() in maglev-ir.h
|
-
|
2022-12-20
|
1359427
|
DCHECK failure in (heap) != nullptr in heap-write-barrier-inl.h
|
-
|
2022-12-20
|
1359926
|
DCHECK failure in (prediction) == nullptr in frames.cc
|
-
|
2022-12-20
|
1361245
|
DCHECK failure in topmost_optimized_code.is_null() || safe_if_deopt_triggered || is_builtin_code i
|
-
|
2022-12-20
|
1361332
|
DCHECK failure in input.node()->has_register() || input.node()->is_loadable() in maglev-regalloc.c
|
-
|
2022-12-20
|
1361377
|
Security: UAF in CrostiniUpgraderDialog::OnDialogCloseRequested
|
-
|
2022-12-20
|
1361627
|
heap-use-after-free : display::Display::id
|
-
|
2022-12-20
|
1362174
|
Crash in v8::internal::LookupIterator::ComputeConfiguration
|
-
|
2022-12-20
|
1362298
|
DCHECK failure in !has_optimized_code() || optimized_code().marked_for_deoptimization() || (CodeKi
|
-
|
2022-12-20
|
1271406
|
Fenced Frame can trigger downloads
|
-
|
2022-12-19
|
1360936
|
Security: WebRTC VP9 Simulcast screenshare crash
|
-
|
2022-12-19
|
1361849
|
pdfium_fuzzer: Heap-use-after-free in CPDF_StreamAcc::~CPDF_StreamAcc
|
-
|
2022-12-18
|
1345275
|
Security: Symbolic Link Following + Upload Warning Bypass
|
$3000
|
2022-12-17
|
1351619
|
Security: UAF in LocalDeskDataManager
|
$1000
|
2022-12-17
|
1359958
|
Use-after-poison in v8::internal::maglev::StraightForwardRegisterAllocator::InitializeEmptyBlockRegi
|
-
|
2022-12-17
|
1360736
|
DCHECK failure in to_kind == DICTIONARY_ELEMENTS || to_kind == SLOW_STRING_WRAPPER_ELEMENTS || IsT
|
-
|
2022-12-17
|
1361345
|
Crash in v8::internal::maglev::Input::node
|
-
|
2022-12-17
|
1361434
|
Trap in v8::internal::__RT_impl_Runtime_AbortCSADcheck
|
-
|
2022-12-17
|
1361899
|
Trap in Builtins_CheckTurbofanType
|
-
|
2022-12-17
|
1361903
|
freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in TT_Get_MM_Var
|
-
|
2022-12-17
|
1319229
|
UAF in ash::HatsDialog
|
$3000
|
2022-12-15
|
1320139
|
UAF in ash::HatsDialog::Show
|
$2000
|
2022-12-15
|
1338114
|
webcodecs_video_encoder_fuzzer: Stack-buffer-overflow in aom_scaled_2d_ssse3
|
-
|
2022-12-15
|
1361159
|
freetype_cff_ftengine_fuzzer: Invalid-free in ft_free
|
-
|
2022-12-15
|
1339656
|
audio_encoder_isac_float_fuzzer: Stack-buffer-overflow in WebRtcIsac_PitchAnalysis
|
-
|
2022-12-14
|
1342163
|
Security: Heap-use-after-free in UserNoteUICoordinator::Invalidate
|
$7000
|
2022-12-14
|
1358381
|
Security: OOB Write in sqlite3FindInIndex
|
$7000
|
2022-12-14
|
1359227
|
DCHECK failure in (shared_object_conveyor_) != nullptr in value-serializer.cc
|
-
|
2022-12-14
|
1359675
|
CHECK failure: key.IsName()
|
-
|
2022-12-14
|
1359776
|
DCHECK failure in HAS_SMI_TAG(ptr) in smi.h
|
-
|
2022-12-14
|
1359991
|
DCHECK failure in !is_length_tracking() in js-array-buffer-inl.h
|
-
|
2022-12-14
|
1360189
|
Crash in void v8::internal::BodyDescriptorBase::IteratePointers<v8::internal::ScavengeVis
|
-
|
2022-12-14
|
1360295
|
freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in TT_Get_MM_Var
|
-
|
2022-12-14
|
1360432
|
Trap in v8::internal::__RT_impl_Runtime_Abort
|
-
|
2022-12-14
|
1360684
|
Stack-use-after-scope in base::SplitStringPiece
|
-
|
2022-12-14
|
1360793
|
Crash in v8::internal::CheckObjectComparisonAllowed
|
-
|
2022-12-14
|
1360796
|
DCHECK failure in HAS_SMI_TAG(ptr) in smi.h
|
-
|
2022-12-14
|
1360803
|
CHECK failure: IsJSFunction()
|
-
|
2022-12-14
|
1332924
|
MicrosoftEdgeUpdate DACL Privilege Escalation
|
-
|
2022-12-13
|
1356895
|
Crash in c:\clusterfuzz\bot\builds\v8-asan_win64-release_4b2f02da5ce6ecbd9ca48ce0c60db498
|
-
|
2022-12-13
|
1358732
|
Security: clang-analyzer-cplusplus.NewDelete in third_party/pdfium/core/fpdfapi/parser/cpdf_object_walker.cpp
|
-
|
2022-12-13
|
1359519
|
Crash in v8::internal::LookupIterator::ComputeConfiguration
|
-
|
2022-12-13
|
1359637
|
DCHECK failure in !context().is_null() in isolate-inl.h
|
-
|
2022-12-13
|
1359639
|
Crash in Builtins_ConstructWithArrayLike_WithFeedback
|
-
|
2022-12-13
|
1359784
|
Crash in Builtins_AsyncFunctionEnter
|
-
|
2022-12-13
|
1359812
|
Crash in v8::internal::Isolate::MayAccess
|
-
|
2022-12-13
|
1359835
|
DCHECK failure in static_cast<uintptr_t>(type) < Type::NUMBER_OF_TYPES in frames.h
|
-
|
2022-12-13
|
1359931
|
Crash in Builtins_DatePrototypeGetUTCFullYear
|
-
|
2022-12-13
|
1360061
|
Crash in v8::internal::LookupIterator::GetRootForNonJSReceiver
|
-
|
2022-12-13
|
1355237
|
use-after-poison local_frame_view.cc:816 in blink::LocalFrameView::PerformLayout
|
$9000
|
2022-12-12
|
1359163
|
CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc
|
-
|
2022-12-12
|
1359215
|
CHECK failure: proto.map().oddball_type() == OddballType::kNull
|
-
|
2022-12-12
|
1359425
|
CHECK failure: context__value.IsContext() in class-verifiers.cc
|
-
|
2022-12-12
|
1359426
|
CHECK failure: context__value.IsContext()
|
-
|
2022-12-12
|
1359598
|
Crash in Builtins_DatePrototypeGetUTCSeconds
|
-
|
2022-12-12
|
1359658
|
Crash in v8::internal::Factory::NewCatchContext
|
-
|
2022-12-12
|
1359662
|
Crash in Builtins_FastNewClosure
|
-
|
2022-12-12
|
1359822
|
Crash in Builtins_CEntry_Return2_SaveFPRegs_ArgvOnStack_BuiltinExit
|
-
|
2022-12-12
|
1359868
|
Crash in v8::internal::Map::instance_type
|
-
|
2022-12-12
|
1359936
|
DCHECK failure in !map->is_deprecated() in map-updater.cc
|
-
|
2022-12-12
|
1357397
|
Security: UAF in ash::PrintServersProviderImpl::NotifyObservers
|
$2000
|
2022-12-10
|
1359294
|
CHECK failure: addr + size <= chunk_->area_end() in mark-compact-inl.h
|
-
|
2022-12-10
|
1359638
|
Crash in v8::internal::Scavenger::Process
|
-
|
2022-12-10
|
1343104
|
Extensions can Page.navigate to chrome-untrusted://crosh and chrome-untrusted://terminal
|
$3000
|
2022-12-09
|
1343219
|
Heap-use-after-free in ash::AshNotificationView::ActionButtonPressed
|
$6000
|
2022-12-09
|
1344878
|
use-after-free in Serial
|
$3000
|
2022-12-09
|
1346938
|
webcodecs_video_encoder_fuzzer: Stack-buffer-overflow in aom_scaled_2d_ssse3
|
-
|
2022-12-09
|
1348283
|
Security: Pending fix for ffmpeg memory corruption bug
|
-
|
2022-12-09
|
1356308
|
Breakpoint with empty stacktrace
|
-
|
2022-12-09
|
1357413
|
uaf in webrtc::VideoStreamEncoder::RequestRefreshFrame
|
$7500
|
2022-12-09
|
1358059
|
create_trials_from_seed_fuzzer: Use-of-uninitialized-value in variations::internal::ShouldAddStudy
|
-
|
2022-12-09
|
1358075
|
Security: heap-use-after-free in SearchNameNodeByNameInternal
|
$10000
|
2022-12-09
|
1358597
|
heap-use-after-free html_element.cc:1850 in blink::HTMLElement::offsetTopForBinding
|
$7000
|
2022-12-09
|
1359084
|
CHECK failure: c_wrapper_code__value.IsCodeDataContainer() in class-verifiers.cc
|
-
|
2022-12-09
|
1359114
|
DCHECK failure in !has_optimized_code() || optimized_code().marked_for_deoptimization() || (CodeKi
|
-
|
2022-12-09
|
1317904
|
Security: Select dropdown able to overlap fullscreen notification toast
|
$3000
|
2022-12-07
|
1350111
|
Security: compromised renderer is able to send extension message to another tab
|
$3000
|
2022-12-07
|
1352817
|
Security: UAF in FeedbackData::CompressSystemInfo
|
$2000
|
2022-12-07
|
1355252
|
use-after-free in BrowserCrashEventRouter
|
$6000
|
2022-12-07
|
1355902
|
Security: UAF in content::CrOSSystemTracingSession::StartTracingCallbackProxy (browser process)
|
$5000
|
2022-12-07
|
1356234
|
MessagingAPIMessageFilter::OnOpenChannelToNativeApp doesn't verify `const PortContext& source_context`
|
-
|
2022-12-07
|
1358090
|
Security: heap-use-after-free in CPDF_FormField::ResetField()
|
$10000
|
2022-12-07
|
1189392
|
ChromeRenderFrame.RequestImageForContextNode violates the Rule of 2
|
-
|
2022-12-06
|
1267867
|
Security: It is possible to lock the pointer while window is not focused.
|
$1000
|
2022-12-06
|
1335706
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-12-06
|
1336938
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-12-06
|
1337542
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-12-06
|
1348498
|
Security: UAF in LockScreenReauthHandler::HandleCompleteAuthentication
|
$3000
|
2022-12-06
|
1350609
|
Security: heap-use-after-free ash/app_list/views/apps_grid_view.cc:653:26 in ash::AppsGridView::EndDrag(bool) (chromeOS)
|
$2000
|
2022-12-06
|
1357303
|
Security: PDFium OOB Write in OpenJPEG due to a missed patch
|
$7000
|
2022-12-06
|
1357884
|
Heap-use-after-free in ash::MultiCaptureNotification::~MultiCaptureNotification
|
-
|
2022-12-06
|
1243932
|
gpu_swangle_passthrough_fuzzer: Crash in gpu::gles2::GLES2DecoderPassthroughImpl::DoBindTexture
|
-
|
2022-12-04
|
1355892
|
rtp_video_layers_allocation_fuzzer: Trap in rtc::webrtc_checks_impl::WriteFatalLog
|
-
|
2022-12-04
|
1355103
|
Security: potential buffer overflow in zlib - CVE-2022-37434
|
$1000
|
2022-12-02
|
1355682
|
Security: PDFium OOB Access in CXFA_ViewLayoutProcessor::GetNextAvailContentHeight
|
$7000
|
2022-12-02
|
1356187
|
heap-buffer-overflow in FederatedAuthRequestImpl::RequestToken
|
-
|
2022-12-02
|
1215946
|
Security: Chrome OS - Guest mode | critical commands via crosh which even persist guest by guest changes
|
$1000
|
2022-12-01
|
1301333
|
Security: bypass resource requests whose URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and less-than characters (`<`) in the fencedframe element
|
$1000
|
2022-12-01
|
1327505
|
Security: Chrome on Android Tablet Mode Select Dropdown Spinner able to Overlap Fullscreen Notification Toast
|
$1000
|
2022-12-01
|
1354923
|
Security: heap-buffer-overflow on ash/system/accessibility/dictation_bubble_controller.cc
|
$2000
|
2022-12-01
|
1350558
|
Security: heap-use-after-free ash/wm/gestures/wm_fling_handler.cc:59:22 in ash::WmFlingHandler::OnAnimationStep(base::TimeTicks)
|
$2000
|
2022-11-30
|
1355748
|
Security DCHECK failure: num_chars <= length() in segmented_string.cc
|
-
|
2022-11-30
|
1355752
|
Security: heap-use-after-free in CaptureModeController::CaptureImage
|
$1000
|
2022-11-30
|
1355866
|
Crash in blink::LayoutObjectChildList::RemoveChildNode
|
-
|
2022-11-30
|
1290236
|
Security: CDP Runtime.queryObjects leaks internal objects in JS heap, allowing CDP clients to compromise V8 process
|
$1000
|
2022-11-29
|
1339648
|
Security: v8: corrupt typed array from bad deserializer input
|
$15000
|
2022-11-29
|
1346911
|
libwebp_enc_dec_api_fuzzer: Heap-buffer-overflow in VP8LHashChainFill
|
-
|
2022-11-29
|
1352802
|
Security: Use After Free of Device object in GPU process.
|
$17000
|
2022-11-29
|
1354972
|
v8_inspector_fuzzer: DCHECK failure in maybe_result.is_null() in microtask-queue.cc
|
-
|
2022-11-29
|
1355679
|
CHECK failure: push_segment_ implies push_segment_->IsEmpty()
|
-
|
2022-11-29
|
1338023
|
Security: heap-after-free on base/task/thread_pool/pooled_single_thread_task_runner_manager.cc (Lacros)
|
-
|
2022-11-28
|
1345540
|
Security: heap-use-after-free third_party/wayland/src/src/wayland-server.c:799:17 in wl_resource_set_user_data (ChromeOS Lacros)
|
-
|
2022-11-28
|
1352388
|
Security: Download notification can hide 'Press Esc to exit fullscreen' warning
|
$3000
|
2022-11-25
|
1352549
|
Security: v8/blink: Leaked ObservableArray Object leads to TypeConfusions, leading to RCE
|
-
|
2022-11-25
|
1243802
|
Security: RCE - Download Silently *.exe or *.dll to users Desktop or Downloads folder
|
$3000
|
2022-11-23
|
1346048
|
heap-use-after-free in WebDragSourceAura::CancelDrag
|
$10000
|
2022-11-23
|
1347015
|
Security: UAF in HidService::GetDevices
|
$6000
|
2022-11-23
|
1351969
|
Security: Heap-use-after-free in ManagePasswordsUIController::SavePassword
|
$4000
|
2022-11-23
|
1347868
|
Null-dereference READ in blink::NGPhysicalBoxFragment::OverflowClipRect
|
-
|
2022-11-21
|
1351580
|
heap-use-after-free : ash::AppListItemList::FindItem
|
-
|
2022-11-21
|
957002
|
Security: Possible to include mixed content in an about:blank popup opened by a https page
|
$3000
|
2022-11-19
|
1346245
|
Security: UAF in AppWindowContentsImpl::~AppWindowContentsImpl
|
$10000
|
2022-11-18
|
1350743
|
Security: Use-After-Free in CaptureModeSessionFocusCycler::~CaptureModeSessionFocusCycler
|
$2000
|
2022-11-18
|
1240065
|
javascript URL is broken in ChromeCustom tab for Android Apps
|
$1000
|
2022-11-17
|
1345630
|
Security: Android in-the-wild Intent Redirect Vulnerability
|
-
|
2022-11-17
|
1351170
|
Security: [ANGLE] Heap use-after-free caused by changing the framebuffer cache to sharing in context
|
$16000
|
2022-11-17
|
1338393
|
Security: AMD-SN-1040: IBPB and Return Address Predictor Interactions Vulnerabilities impact assessment
|
-
|
2022-11-16
|
1347707
|
Security: UAF in UserNoteService
|
$30000
|
2022-11-16
|
1351243
|
Crash in cppgc::internal::ConcurrentMarkingTask::Run
|
-
|
2022-11-16
|
1247577
|
Security: Connectivity establishment continues even if certificate verification using SSLCertificateVerifier failed
|
-
|
2022-11-15
|
1348716
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-11-15
|
1350097
|
Chrome: heap-buffer-overflow in offline_items_collection::OfflineContentAggregator::OnItemRemoved
|
-
|
2022-11-15
|
1350711
|
Security: Use-After-Free in UserNudgeController::PerformViewScaleAnimation
|
$2000
|
2022-11-15
|
1346808
|
Heap-use-after-free in rx::ShareGroupVk::onMutableTextureUpload
|
-
|
2022-11-14
|
1348474
|
UAP style_invalidator.cc:192 in blink::StyleInvalidator::PushInvalidationSetsForContainerNode
|
$7000
|
2022-11-14
|
1349493
|
Security: console.log still allows loading images via %c formatter
|
$500
|
2022-11-14
|
1349687
|
Security: Heap-use-after-free in WebContentsImpl::OpenURL
|
$3000
|
2022-11-14
|
1350270
|
DCHECK failure in ONE_BYTE == state_ in string.h
|
-
|
2022-11-14
|
1337538
|
Security: use after free in GraphicsPipeline::containsImageWrite
|
$7000
|
2022-11-12
|
1345546
|
Security: Use-After-Free in WebUIBubbleDialogView::ClearContentsWrapper
|
$3000
|
2022-11-12
|
1348415
|
Security: UAF in ChromeOS webui chrome://assistant-optin/
|
$4000
|
2022-11-11
|
1349322
|
Security: heap-use-after-free in AccountSelectionBubbleView::OnAccountImageFetched
|
-
|
2022-11-11
|
1338553
|
Incorrect use of weakptr lead to uaf
|
$5000
|
2022-11-10
|
1346154
|
Security: heap-buffer-overflow in ash::DesksBarView::OnDeskRemoved
|
$2000
|
2022-11-10
|
1348714
|
Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock()
|
$7000
|
2022-11-10
|
1349761
|
vp9_encoder_references_fuzzer: Trap in rtc::webrtc_checks_impl::WriteFatalLog
|
-
|
2022-11-10
|
1330038
|
Security: Heap-use-after-free in ash::TabletModeBrowserWindowDragSessionWindowsHider::~TabletModeBrowserWindowDragSessionWindowsHider
|
$3000
|
2022-11-09
|
1300539
|
Security: Url Hijacking using intent:// when onload web page using bookmark (Google Chrome Android)
|
$2000
|
2022-11-08
|
1345039
|
v8_inspector_fuzzer: DCHECK failure in isolate->has_scheduled_exception() implies maybe_result.is_null() && maybe_excep
|
-
|
2022-11-08
|
1346810
|
Security DCHECK failure: to <= length() in string_view.cc
|
-
|
2022-11-08
|
1348082
|
Security: heap-buffer-overflow in TableView
|
$4000
|
2022-11-08
|
1342586
|
Security: `chrome.downloads.onDeterminingFilename` can be used to bypass the fix for issue 1310461 and steal environment variables
|
$7000
|
2022-11-07
|
1333623
|
Safebrowsing does not trigger a malware warning for malware loaded through an embed
|
$5000
|
2022-11-05
|
1322812
|
Security DCHECK(TypeConfuse) failed: IsA<Derived>(from) in blink::VisualViewport::StartTrackingPinch
|
$7000
|
2022-11-04
|
1333995
|
Security: heap-use-after-free on IsLacrosWindow ash/drag_drop/tab_drag_drop_delegate.cc (Lacros)
|
$3000
|
2022-11-04
|
1346969
|
TypeConfuse in blink::NGLayoutInputNode::IsEmptyTableSection ng_layout_input_node.cc:87
|
$7500
|
2022-11-04
|
1347722
|
CHECK failure: (location_) != nullptr in maybe-handles.h
|
-
|
2022-11-04
|
1338412
|
Security: UAF in chromeos::multidevice::MultidevicePhoneHubHandler
|
$3000
|
2022-11-03
|
1338560
|
Incorrect use of weakptr lead to UAF in NearbyShare
|
$3000
|
2022-11-03
|
1341918
|
Security: use after free in DiceWebSigninInterceptor
|
$5000
|
2022-11-03
|
1342722
|
sourceMappingURL directive allows use of UNC paths on Windows
|
$7500
|
2022-11-03
|
1345042
|
wild read in DrawCall::run
|
$7000
|
2022-11-03
|
1347943
|
tint_renamer_fuzzer: Use-of-uninitialized-value in tint::reader::wgsl::ParserImpl::sync_to
|
-
|
2022-11-03
|
1318791
|
use-after-free in reboot_notifications_scheduler
|
$3000
|
2022-11-02
|
1338135
|
AddressSanitizer: heap-use-after-free html_element.cc:1802 in blink::HTMLElement::offsetTopForBindin
|
$5000
|
2022-11-02
|
1345193
|
Security: = prepended in document.cookie allows to bypass __Secure and __Host prefixes
|
$2000
|
2022-11-02
|
1347721
|
Heap-buffer-overflow in void v8::internal::TypedElementsAccessor<
|
-
|
2022-11-02
|
1338637
|
Security: heap-use-after-free chrome/browser/enterprise/browser_management/browser_management_status_provider.cc
|
-
|
2022-11-01
|
1343141
|
Security: UAF in OnAccessTokenRefreshFailed
|
$3000
|
2022-11-01
|
1345921
|
UAF in AccessCodeCastSinkService
|
$9500
|
2022-11-01
|
1346236
|
Security: Code Injection in WebUI page leading to sandbox escape
|
$5000
|
2022-11-01
|
1347298
|
tint_single_entry_point_fuzzer: Container-overflow in tint::reader::wgsl::ParserImpl::sync_to
|
-
|
2022-11-01
|
1345088
|
Security: type confusion in chrome
|
$1000
|
2022-10-31
|
1158477
|
Security: Bypassing HTTP auth block for subresource loads
|
-
|
2022-10-31
|
1326856
|
CrOS: Vulnerability reported in app-admin/rsyslog
|
-
|
2022-10-30
|
1336768
|
heap-buffer-overflow : charntorune
|
-
|
2022-10-29
|
1345245
|
Security: heap-buffer-overflow on components/exo/shell_surface_util.cc:230:40 (Lacros)
|
$2000
|
2022-10-29
|
1345547
|
libwebp_enc_dec_api_fuzzer: Heap-buffer-overflow in VP8LHashChainFill
|
-
|
2022-10-29
|
1345772
|
libwebp_enc_dec_api_fuzzer: Use-of-uninitialized-value in VP8LHistogramAddSinglePixOrCopy
|
-
|
2022-10-29
|
1345894
|
TypeConfuse in blink::LayoutTable::AddChild layout_table.cc:194
|
$5000
|
2022-10-29
|
1345947
|
Security: Another UAF in WebSQL sqlite3Select
|
$7500
|
2022-10-29
|
1346204
|
GPU failure in blink::NGInlineNode::ComputeMinMaxSizes
|
-
|
2022-10-29
|
1346477
|
Heap-use-after-free in ash::AppListItemList::FindItem
|
-
|
2022-10-29
|
1099587
|
Use unique identifier rather than timestamps for verifying V8 code cache entries
|
-
|
2022-10-27
|
1232402
|
heap buffer over flow in printing::PrintPreviewUI::SetInitialParams(use devtools)
|
$2000
|
2022-10-27
|
1338470
|
Security: Invalid function pointer in ~ExternalImageDXGI() in D3D backend
|
$7000
|
2022-10-27
|
1346041
|
Security: WebGPU OOB read in writeTexture
|
-
|
2022-10-27
|
1286203
|
Security: Potential UaF in TabStripModel (chromeOS)
|
$3000
|
2022-10-26
|
1344814
|
Security: Heap-use-after-free in user_notes::FrameUserNoteChanges::Apply (Annotation - deleting a note that was just created in another tab causes crash)
|
$3000
|
2022-10-26
|
1303308
|
Security: Manipulate Session State (open webpages in locked sessions)
|
$5000
|
2022-10-25
|
1319172
|
Security: heap-use-after-free in exo::wayland::WaylandDisplayHandler::UnsetXdgOutputResource (Lacros)
|
$1000
|
2022-10-25
|
1329147
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-10-25
|
1329798
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-10-25
|
1332958
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-10-25
|
1333970
|
heap-use-after-free : gfx::IsValidCodePointIndex
|
-
|
2022-10-25
|
1335014
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-10-25
|
1337002
|
Security: heap-use-after-free ash/drag_drop/drag_drop_tracker.cc:111:1 (chromeOS)
|
$3000
|
2022-10-25
|
1340219
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-10-25
|
1344744
|
Security: UAF in VolumeManager::OnSshfsCrostiniUnmountCallback
|
$3000
|
2022-10-24
|
1307271
|
CrOS: Vulnerability reported in net-wireless/bluez
|
-
|
2022-10-23
|
1343889
|
Security: Dicey DCHECK in WebRTC
|
-
|
2022-10-23
|
1336145
|
Security: heap-use-after-free ash/system/tray/tray_bubble_view.cc (chromeOS)
|
$2000
|
2022-10-21
|
1343348
|
Security: UAF in WebSQL sqlite3Select, Potential RCE in Chrome
|
$10000
|
2022-10-21
|
1314674
|
Use-after-Free on ArcBluetoothBridge::OnBluetoothConnectingSocketReady
|
$4000
|
2022-10-20
|
1316983
|
Security: Heap-use-after-free in ash::DesksTemplatesPresenter::OnNewDeskCreatedForTemplate
|
$1000
|
2022-10-20
|
1339140
|
Security: container-overflow in TabStripModel::AddToNewGroupImpl
|
$2000
|
2022-10-20
|
1341539
|
heap-overflow in blink::TableLayoutAlgorithmAuto::InsertSpanCell table_layout_algorithm_auto.cc
|
$9000
|
2022-10-20
|
1344113
|
Security: Heap-buffer-overflow in BrowserThemePack::GenerateMissingNtpColors
|
-
|
2022-10-20
|
1265193
|
Referrer leakage via object & embed tags despite setting referrer policy to no-referrer
|
$2000
|
2022-10-19
|
1311399
|
User gesture requirements on external navigation are ineffective
|
-
|
2022-10-19
|
1338765
|
Security: heap-use-after-free on ash/webui/eche_app_ui/eche_uid_provider.cc:51:23 (chromeOS)
|
-
|
2022-10-19
|
1339844
|
Security: heap-use-after-free in content::ServiceWorkerVersion::MaybeTimeoutRequest
|
-
|
2022-10-19
|
1340253
|
Security: heap-use-after-free in network::URLLoader::NotifyCompleted
|
-
|
2022-10-19
|
1342078
|
Security: Pdfium heap bof in CFDE_TextOut::RetrievePieces()
|
$7500
|
2022-10-19
|
1316892
|
Security: heap-buffer-overflow on ash/host/ash_window_tree_host_platform.cc (chromeOS)
|
$3000
|
2022-10-18
|
1340654
|
Security: WebGPU: Missing Validation in DoBufferUpdateMappedData leads to OOB write
|
-
|
2022-10-18
|
1341603
|
Security: UAF in CloseBubbleOnTabActivationHelper::~CloseBubbleOnTabActivationHelper
|
$2000
|
2022-10-18
|
1329814
|
Security: UAF in PermissionPromptBubbleView
|
$20000
|
2022-10-17
|
1341907
|
Security: use after free in AccountReconcilor
|
$5000
|
2022-10-17
|
1325256
|
UAF in GestureRecognizerImpl.
|
$5000
|
2022-10-15
|
1330050
|
Security: minijail mounts rw,noexec /var as ro
|
-
|
2022-10-15
|
1335015
|
CrOS: Vulnerability reported in net-print/cups
|
-
|
2022-10-15
|
1336904
|
An iframe on a different domain can change the location to about:blank which enables you to access properties on the window. document.baseURI is leaked from the parent frame.
|
$2000
|
2022-10-15
|
1337132
|
Security: HeapOverflow in PluralStringHandler::HandleGetPluralString
|
$3000
|
2022-10-15
|
1341887
|
Security: use after free in IPH DemoMode NeverAvailabilityModel
|
$3000
|
2022-10-15
|
1342155
|
Security: Use After Free of GPUExternalTexture object in renderer process.
|
$7500
|
2022-10-15
|
1342452
|
Heap-use-after-free in ash::DeskPreviewView::MaybeActivateHighlightedView
|
-
|
2022-10-15
|
1292451
|
Security: heap-use-after-free on third_party/abseil-cpp/absl/types/internal/optional.h:208:13 in optional_data (chromeOS)
|
$2000
|
2022-10-14
|
1315313
|
sqlite3_lpm_fuzzer: Heap-use-after-free in renameTokenCheckAll
|
-
|
2022-10-14
|
1332593
|
Remote Code Execution(RCE) via Dependency confusion
|
$1000
|
2022-10-14
|
1337304
|
Security: UAF in content::WebUI::Call
|
$2000
|
2022-10-14
|
1341168
|
Security: Heap-use-after-free in SidePanelCoordinator::PopulateSidePanel
|
$3000
|
2022-10-14
|
1341619
|
Typeconfuse in blink::LayoutTableRow::AddChild layout_table_row.cc:193
|
$5000
|
2022-10-14
|
1342104
|
chrome.debugger 'Page.navigate' can navigate iframes to file:// when not enabled.
|
$3000
|
2022-10-14
|
1342122
|
freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in tt_face_load_colr
|
-
|
2022-10-14
|
1342201
|
Security: [iOS] Heap-use-afer-free in BrowsingHistoryService::QueryComplete
|
-
|
2022-10-14
|
1308391
|
Security: UAF in SyncConfirmation
|
$10000
|
2022-10-13
|
1330857
|
sqlite3_fts3_lpm_fuzzer: Crash in sqlite3Fts3Incrmerge
|
-
|
2022-10-13
|
1335412
|
Use-after-poison in blink::CSSParserImpl::ConsumeMediaRule
|
-
|
2022-10-13
|
1335902
|
Security: chromeos Root priv escalation to write file
|
-
|
2022-10-13
|
1339745
|
Security: container-overflow in chrome_pdf::PDFiumEngine::SelectFindResult
|
$2000
|
2022-10-13
|
1336668
|
Security: ChromeOS root privilege escalation (arcvm_server_proxy, virtio-wl, vmplugin_dispatcher, upstart)
|
$30000
|
2022-10-12
|
1337676
|
Security: use after free in DiceWebSigninInterceptor::OnAccountLevelManagedAccountsSigninRestrictionReceived
|
$1000
|
2022-10-12
|
1338057
|
heap-use-after-free in RenderViewContextMenu::ExecuteCommand
|
$2000
|
2022-10-12
|
1330489
|
Security: UAF in ManagedConfigurationAPI::GetConfigurationOnBackend
|
$5000
|
2022-10-12
|
1341465
|
Crash in cppgc::internal::ConcurrentMarkingTask::Run
|
-
|
2022-10-12
|
1341520
|
Crash in blink::LayoutTable::SlowColElementAtAbsoluteColumn
|
-
|
2022-10-12
|
1341829
|
Crash in cppgc::internal::TraceConservatively
|
-
|
2022-10-12
|
1341923
|
Out of memory in unsigned int v8::internal::StringTable::Data::TryStringToIndexOrLookupExisting<u
|
-
|
2022-10-12
|
1341504
|
Use-after-poison in blink::SVGElement::AddToPropertyMap
|
-
|
2022-10-10
|
1052690
|
iframe sandbox allows redirecting to intents, including redirecting to navigation intents
|
$2000
|
2022-10-08
|
1148777
|
Security: Navigation to external protocol, not blocked from allow-origin sandboxed iframe.
|
-
|
2022-10-08
|
1334864
|
Security: GetExecutionContext Type Confusion in OffscreenCanvas
|
-
|
2022-10-08
|
1336451
|
tint_ast_spv_writer_fuzzer: Heap-buffer-overflow in tint::writer::spirv::Builder::GenerateBuiltinCall
|
-
|
2022-10-08
|
1341311
|
freetype_type1_fuzzer: Negative-size-param in cf2_interpT2CharString
|
-
|
2022-10-08
|
1341330
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange
|
-
|
2022-10-08
|
1323449
|
Security: Use-after-Free in InstallUpdateCallback
|
$1000
|
2022-10-07
|
1329794
|
Security: heap-use-after-free in LinkToTextMenuObserver::CompleteWithError
|
-
|
2022-10-07
|
1336979
|
Security: heap-buffer-overflow ui/wm/core/transient_window_stacking_client.cc (chromeOS)
|
$3000
|
2022-10-07
|
1338030
|
Security: heap-use-after-free v8/src/base/bounded-page-allocator.cc:203:27 (Lacros)
|
-
|
2022-10-07
|
1338044
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::BreakList<gfx::BaselineStyle>::GetRange
|
-
|
2022-10-07
|
1338591
|
Security: UAF in WebContentsFrameTracker
|
$20000
|
2022-10-06
|
1339741
|
Security: type confusion in chrome
|
$8500
|
2022-10-06
|
1340488
|
DCHECK failure in !cache_state_.frozen in liftoff-assembler.h
|
-
|
2022-10-06
|
1335316
|
Security: Use-After-Free in safe_browsing::ExtensionTelemetryPersister::InitHelper
|
$10000
|
2022-10-05
|
1335470
|
Security: Heap-use-after-free in ash::CalendarEventListView::~CalendarEventListView
|
$3000
|
2022-10-05
|
1337798
|
Security: potential use after free in OfflinePageModelTaskified::Unpublish
|
$1000
|
2022-10-05
|
1340335
|
CHECK failure: !translated_values->IsMaterializedObject() in frames.cc
|
-
|
2022-10-05
|
1293820
|
UAF in WindowManagementImpl::SetWindowBounds
|
$2000
|
2022-10-04
|
1335688
|
WebGL glCompressedTexImage3D Heap-Based Buffer Overflow Vulnerability
|
$5000
|
2022-10-04
|
1339321
|
Security: wasm br_* instructions update cache_state conditionally
|
-
|
2022-10-04
|
1245773
|
audio_encoder_isac_float_fuzzer: Stack-buffer-overflow in WebRtcIsac_PitchAnalysis
|
-
|
2022-10-02
|
1339498
|
Crash in v8::internal::PagedSpaceBase::Verify
|
-
|
2022-10-02
|
1316960
|
Security: negative-size-param SnapWindow (chromeOS)
|
$3000
|
2022-10-01
|
1337990
|
Heap-use-after-free in blink::PaintPropertyNode<blink::EffectPaintPropertyNodeOrAlias, blink::EffectPai
|
-
|
2022-10-01
|
1338947
|
v8_wasm_code_fuzzer: Use-after-poison in v8::internal::compiler::Node::ReplaceInput
|
-
|
2022-10-01
|
1338950
|
v8_wasm_code_fuzzer: DCHECK failure in other_effect == nullptr in branch-elimination.cc
|
-
|
2022-10-01
|
1283033
|
Security: (Android) Arbitrary munmap memory Vulnerability Can Cause Chrome Sandbox Escape to system_server on Pixel 6
|
-
|
2022-09-30
|
1283040
|
Security: (Android) Heap buffer overflow Vulnerability May Can Cause Chrome Sandbox Escape to system_server on Pixel 6
|
-
|
2022-09-30
|
1283640
|
Security: (Android) Heap buffer overflow write in Bitmap_createFromParcel Can Cause Chrome Sandbox Escape to system_server on Android 12
|
-
|
2022-09-30
|
1321350
|
Security: Keystroke side-channel leakage
|
$5000
|
2022-09-30
|
1329946
|
Security: ChromeOS rma_fw_keeper command execution (UpdateAndVerifyFWOnUsb, Physical Access)
|
$15000
|
2022-09-30
|
962815
|
Potential use after free in CPDFSDK_FormFillEnvironment::ClearAllFocusedAnnots (XFA)
|
-
|
2022-09-29
|
1329460
|
'unsafe-inline' is not ignored even though 'strict-dynamic' is specified in dafault-src.
|
$3000
|
2022-09-29
|
1336014
|
Security: WebGPU UAF leading to OOB read/write in the renderer process
|
-
|
2022-09-29
|
1268580
|
Security: Continued cookie bypasses
|
$4000
|
2022-09-28
|
1330775
|
Security: Heap-use-after-free in ash::OverviewGrid::OnDesksTemplatesGridFadedOut
|
$3000
|
2022-09-28
|
1336057
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in sw::Blitter::clear
|
-
|
2022-09-28
|
1336334
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
$6000
|
2022-09-28
|
1336622
|
Security: UAF in CacheAliasSearchPrefetchURLLoader::StartPrefetchRequest
|
$1000
|
2022-09-28
|
1336865
|
Trap in v8::internal::Intl::NumberFieldToType
|
-
|
2022-09-28
|
1337388
|
Security: heap-use-after-free chrome/browser/profiles/profile_destroyer.cc:137:16 (chromeOS)
|
$1000
|
2022-09-28
|
1337524
|
tint_regex_spv_writer_fuzzer: Illegal-instruction in c:\clusterfuzz\bot\builds\chromium-browser-libfuzzer_win32-release_x64-asan_4834
|
-
|
2022-09-28
|
1336204
|
Security: Heap-use-after-free in Controller::Shutdown
|
$7000
|
2022-09-28
|
1336266
|
Security: Use After Free in JavaScriptDialogHelper::OnPermissionResponse
|
$16000
|
2022-09-27
|
1337523
|
Use-after-poison in blink::NGGridNode::GridItemsIncludingSubgridded
|
-
|
2022-09-26
|
1287804
|
render_text_api_fuzzer: Heap-buffer-overflow in gfx::internal::StyleIterator::GetTextBreakingRange
|
-
|
2022-09-23
|
1318514
|
Security: heap-buffer-overflow on OverviewItem (chromeOS)
|
-
|
2022-09-23
|
1334963
|
Test failures in AppNotificationsWebNotificationTest.PersistentNotificationWhenInstallAndUninstallApp on Linux Chromium OS ASan LSan Tests bot
|
-
|
2022-09-23
|
1335013
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2022-09-23
|
1336869
|
Security: Misuse of CanCover
|
$7500
|
2022-09-23
|
1308422
|
Security: Abuse the user's system environment variables in <a> download attribute may cause DLL Hijacking or Path Interception
|
$2000
|
2022-09-22
|
1316368
|
Security: WebGL uniform integer overflows
|
-
|
2022-09-22
|
1329541
|
Security: Web Share dialog URL is not elided correctly on Android
|
$500
|
2022-09-22
|
1335655
|
<foreignObject> should collect inlines when unicode-bidi attribute/CSS property changed
|
-
|
2022-09-22
|
1335861
|
Security: heap-use-after-free in SearchNameNodeByNameInternal
|
$7500
|
2022-09-22
|
1336449
|
freetype_colrv1_fuzzer: Use-of-uninitialized-value in sfnt_load_face
|
-
|
2022-09-22
|
1330125
|
Security: heap-after-free on components/exo/extended_drag_source.cc (Lacros)
|
$3000
|
2022-09-20
|
1332392
|
Diagcab file extension is not blocklisted to prevent users from downloading harmful files
|
$1000
|
2022-09-20
|
1335195
|
DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h
|
-
|
2022-09-20
|
1303278
|
libfuzzer_chrome_ubsan is behind by four weeks
|
-
|
2022-09-19
|
1307656
|
Type confuse in blink::To<blink::LayoutTableSection,blink::LayoutObject> layout_table.cc:175
|
$6000
|
2022-09-19
|
1325699
|
AddressSanitizer: heap-use-after-free location_bar\permission_request_chip.cc:127 in PermissionReque
|
$15000
|
2022-09-19
|
1329879
|
Security: Remote code execution vulnerability in YouTube Embedded SDK
|
-
|
2022-09-19
|
1335458
|
Security: raw_ptr broke implicit scoped_refptr for receivers in base::Bind.
|
-
|
2022-09-19
|
1335523
|
Security: V8: GenericJsToWasmWrapper is broken, creates type confusion on the stack
|
-
|
2022-09-19
|
1329945
|
Security: ChromeOS root privilege escalation (debugd, shill-scripts, minijail0, authpolicyd)
|
$37500
|
2022-09-16
|
1333374
|
Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::GetNamedDestination
|
$7500
|
2022-09-16
|
1333977
|
Security: Unsafe pivot root in authpolicyd init script
|
-
|
2022-09-16
|
1335054
|
DCHECK failure in *p != to_check_ in heap.cc
|
-
|
2022-09-16
|
1158375
|
Security: Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in blink::LayoutObject::AssertLaidOut
|
$5000
|
2022-09-15
|
1264288
|
views::Combobox(ui::ComboboxModel*) is prone to UAF
|
-
|
2022-09-15
|
1290098
|
Security: Autofill prompt can render over different origin in extension-created popup, allows spoofing of autofill context origin and browser UI
|
$2000
|
2022-09-15
|
1306450
|
Security: Sanitizer API bypass via prototype pollution
|
$1000
|
2022-09-15
|
1327087
|
Security: Heap-use-after-free in ash::SavedDeskDialogController::CreateDialogWidget
|
$3000
|
2022-09-15
|
1330042
|
Security: Heap-use-after-free in ash::OverviewItem::DestroyPhantomsForDragging
|
$3000
|
2022-09-15
|
1335021
|
Heap-use-after-free in ash::CalendarEventListView::~CalendarEventListView
|
-
|
2022-09-15
|
1278255
|
Security: BackgroundFetch leaks URL of cross-origin redirects
|
$8000
|
2022-09-14
|
1332613
|
tint_renamer_fuzzer.exe: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter
|
-
|
2022-09-14
|
1332881
|
Security: XSS in Chrome UI (password settings) with malicious extension name
|
$2000
|
2022-09-14
|
1333180
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in std::Cr::__hash_const_iterator<std::Cr::__hash_node<std::Cr::__hash_value_type<s
|
-
|
2022-09-14
|
1334483
|
Heap-use-after-free in rx::vk::BindingPointer<rx::vk::ObjectAndSerial<rx::vk::ShaderModule>>::valid
|
-
|
2022-09-14
|
1334487
|
Segv on unknown address in rx::GraphicsPipelineCache::getPipeline
|
-
|
2022-09-14
|
1280901
|
CrOS: Vulnerability reported in dev-libs/nss
|
-
|
2022-09-13
|
1280903
|
CrOS: Vulnerability reported in app-crypt/nss
|
-
|
2022-09-13
|
1323564
|
Security: UAF in SystemExtensionsInternalsPageHandler::InstallSystemExtensionFromDownloadsDir
|
-
|
2022-09-13
|
1327927
|
AddressSanitizer: heap-use-after-free storage::QuotaDatabase::CreateBucketInternal quota_database.cc
|
$16000
|
2022-09-13
|
1328664
|
Heap-use-after-free in [thunk]:
|
-
|
2022-09-13
|
1332385
|
v8_wasm_compile_fuzzer: Trap in v8::internal::compiler::WasmTyper::Reduce
|
-
|
2022-09-13
|
1332438
|
QuickAnswersControllerTest.* cause use after free on ASAN builds.
|
-
|
2022-09-13
|
1333333
|
Use-after-poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents
|
$6000
|
2022-09-13
|
1302159
|
Security: Extension can obscure active window with an inactive window, user can interact with sensitive UI using keyboard without being aware
|
$3000
|
2022-09-12
|
1329875
|
AddressSanitizer: heap-buffer-overflow in content::BucketManagerHost::DidGetBucket content/browser/b
|
$21000
|
2022-09-12
|
1330039
|
Security: Set NoNewPrivs in ShillScriptsTool
|
-
|
2022-09-11
|
982361
|
Compromised web renderer should be unable to spoof MessageSender.id if it never run a content script from the given extension
|
-
|
2022-09-10
|
1297283
|
Security: use after free in JS self-profiling API
|
-
|
2022-09-10
|
1316578
|
GPU failure in content::CreateChildProcessCrashWatcher
|
-
|
2022-09-10
|
1324563
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2022-09-10
|
1327241
|
CrOS: Vulnerability reported in dev-libs/libxslt
|
-
|
2022-09-10
|
1327872
|
angle_translator_fuzzer: Use-of-uninitialized-value in sh::OutputHLSL::header
|
-
|
2022-09-10
|
1330289
|
Security: heap-use-after-free in views::DialogDelegate::CancelDialog
|
$3000
|
2022-09-10
|
1331087
|
dcsctp_socket_fuzzer: Use-of-uninitialized-value in dcsctp::OutstandingData::ExtractChunksThatCanFit
|
-
|
2022-09-10
|
1331309
|
CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc
|
-
|
2022-09-10
|
1313429
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-09-08
|
1313885
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-09-08
|
1317673
|
Security: webgl2 CompileShader Heap Corruption
|
$7000
|
2022-09-08
|
1317714
|
use after free in SendQueuedMediaEvents
|
$5000
|
2022-09-08
|
1320700
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-09-08
|
1321096
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-09-08
|
1324561
|
Chromium: Vulnerability reported in third_party/libxml
|
-
|
2022-09-08
|
1326857
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-09-08
|
1330083
|
tint_robustness_fuzzer: Illegal-instruction in tint::fuzzers::TintInternalCompilerErrorReporter
|
-
|
2022-09-08
|
1206235
|
Crash in icu_69::UnicodeString::isBogus
|
-
|
2022-09-07
|
1296934
|
dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn::native::vulkan::VulkanInstance::RegisterDebugUtils
|
-
|
2022-09-07
|
1321698
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered
|
-
|
2022-09-07
|
1325298
|
Security: PaintImage deserialization OOB-read
|
-
|
2022-09-07
|
1326928
|
CHECK failure: GetLength() <= JSTypedArray::kMaxLength
|
-
|
2022-09-07
|
1327312
|
Security: UAF in InterestGroupPermissionsChecker::OnRequestComplete
|
$20000
|
2022-09-07
|
1328045
|
AddressSanitizer: heap-use-after-free in content::ScreenlockMonitor::RemoveObserver content/browser/
|
$11000
|
2022-09-07
|
1329298
|
Security: PageSpeed Insights: DDOS via Blind XSS
|
$500
|
2022-09-07
|
1329417
|
Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc
|
-
|
2022-09-07
|
1329766
|
CHECK failure: external_backing_store_bytes[t] == ExternalBackingStoreBytes(t) in large-spaces.
|
-
|
2022-09-07
|
1330379
|
Security: Heap use-after-free when bind/unbind TransformFeedback after deleting buffer
|
$12000
|
2022-09-07
|
1330405
|
Use-of-uninitialized-value in v8::internal::Runtime_NotifyDeoptimized
|
-
|
2022-09-07
|
1330410
|
Crash in v8::internal::ReadOnlyHeap::Contains
|
-
|
2022-09-07
|
1330423
|
CHECK failure: kind == DeoptimizeKind::kLazy
|
-
|
2022-09-07
|
1330452
|
DCHECK failure in !done() in bytecode-array-iterator.h
|
-
|
2022-09-07
|
1330454
|
Index-out-of-bounds in v8::internal::interpreter::Bytecodes::Size
|
-
|
2022-09-07
|
1330456
|
dawn_wire_server_and_frontend_fuzzer: Use-of-uninitialized-value in dawn::native::vulkan::GatherGlobalInfo
|
-
|
2022-09-07
|
1330484
|
CHECK failure: kind == DeoptimizeKind::kLazy in deoptimizer.cc
|
-
|
2022-09-07
|
1330486
|
Crash in Builtins_AsyncFromSyncIteratorPrototypeThrow
|
-
|
2022-09-07
|
1330545
|
Crash in v8::internal::DeoptAllOsrLoopsContainingDeoptExit
|
-
|
2022-09-07
|
1330584
|
DCHECK failure in !IsCleared() in tagged-impl-inl.h
|
-
|
2022-09-07
|
1320538
|
Security: Chrome on Android Hide Fullscreen Notification Toast When Multiple Times Enter and Exit Fullscreen
|
$5000
|
2022-08-31
|
1329064
|
DCHECK failure in !heap_->memory_allocator()->unmapper()->IsRunning() in mark-compact.cc
|
-
|
2022-08-31
|
1017145
|
iOS Chrome javascript: URI nonce based CSP bypass
|
$3000
|
2022-08-30
|
1306751
|
mediasource_MP2T_AVC_pipeline_integration_fuzzer: Heap-buffer-overflow in ff_h264_update_thread_context
|
-
|
2022-08-30
|
1321899
|
DCHECK failure in !transition_map->is_access_check_needed() in handler-configuration.cc
|
-
|
2022-08-30
|
1328808
|
DCHECK failure in IsStackSlot() || IsFPStackSlot() in instruction.h
|
-
|
2022-08-30
|
1308341
|
UAF in std::__Cr::vector<base::internal::CheckedObserverAdapter
|
$7000
|
2022-08-29
|
1319227
|
UAF in ChromeScanningAppDelegate
|
$5000
|
2022-08-27
|
1323841
|
DCHECK failure in merged == unmerged in maglev-interpreter-frame-state.h
|
-
|
2022-08-27
|
1322873
|
[Region Capture] cropTo a non self-capture video track should reject
|
-
|
2022-08-26
|
1323595
|
Security: Share hub dialog doesn't show the origin elided from the right
|
$500
|
2022-08-26
|
1324407
|
Security: ProcessLock can change from allows_any_site to is_locked_to_site after process loads content
|
-
|
2022-08-26
|
1325636
|
gpu_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sw::PixelProcessor::setBlendConstant
|
-
|
2022-08-26
|
1301203
|
Security: Extension can move window off screen, user can interact with sensitive UI using keyboard without being aware
|
$3000
|
2022-08-25
|
1310790
|
Security: kNativeDataProperty case for SuperIC can have type confusion
|
-
|
2022-08-25
|
1321078
|
Security: Debug check failed: marking_state_->IsBlackOrGrey(heap_object).
|
$7500
|
2022-08-25
|
1326749
|
Container-overflow in tint::resolver::DependencyScanner::TraverseExpression
|
-
|
2022-08-25
|
1297209
|
Security: memory bug on webui tab dragging
|
$3000
|
2022-08-24
|
1325615
|
Security: heap-after-free on iOS 15.4 simulator + Chromium Dev Asan
|
$2000
|
2022-08-24
|
1326210
|
Security: Use-after-free in WebGPU
|
$10000
|
2022-08-24
|
1325664
|
Security: pdfium use-after-free in v8 cppgc::internal::GCInvoker::GCInvokerImpl::GCTask::Run()
|
-
|
2022-08-23
|
1291060
|
CSP is bypassed for status code 100, 101, and 102 pages.
|
$1000
|
2022-08-22
|
1316846
|
Security: Heap-use-after-free in location::nearby::chrome::ScheduledExecutor::PendingTaskWithTimer
|
$3000
|
2022-08-22
|
1320051
|
Security: ChromeOS root privilege escalation (debugd GetPerfOutput eBPF)
|
$35000
|
2022-08-22
|
1320917
|
Security: ChromeOS cras D-Bus SetPlayerIdentity memory corruption
|
$25000
|
2022-08-22
|
1321086
|
AddressSanitizer: heap-use-after-free in PermissionPromptBubbleView::ClosingPermission
|
-
|
2022-08-22
|
1325341
|
Security: UAF in WebAuthnIconView
|
$10000
|
2022-08-22
|
1325259
|
AddressSanitizer: use-after-poison blink\renderer\bindings\core\v8\script_promise_resolver.h:164 in
|
$6000
|
2022-08-21
|
1305406
|
Security: nosymfollow bind mount bypass
|
-
|
2022-08-20
|
1323605
|
tint_ast_wgsl_writer_fuzzer: Heap-buffer-overflow in tint::writer::spirv::Builder::GenerateBuiltinCall
|
-
|
2022-08-20
|
1323738
|
Global-buffer-overflow in v8::internal::Simulator::DecodeType2
|
-
|
2022-08-20
|
1324864
|
AddressSanitizer: heap-use-after-free __memory/unique_ptr.h:312:28 in mojo::Connector::HandleError(b
|
$21000
|
2022-08-20
|
1303614
|
Security: HeapOverflow in Diagnostics
|
$5000
|
2022-08-19
|
1320181
|
Security: Heap-use-after-free in ReadAnythingToolbarView
|
$3000
|
2022-08-19
|
1321013
|
DCHECK failure in !is_length_tracking() in js-array-buffer-inl.h
|
-
|
2022-08-19
|
1321980
|
DCHECK failure in byte_capacity_ >= max_byte_length_ in backing-store.cc
|
-
|
2022-08-19
|
1323690
|
DCHECK failure in frame->is_unoptimized() in frames.h
|
-
|
2022-08-19
|
1324067
|
Crash in int v8::base::AsAtomicImpl<int>::Relaxed_Load<int>
|
-
|
2022-08-19
|
1227995
|
Security: Ability to mask file type with another extention. IE JPEG
|
$2000
|
2022-08-18
|
1307930
|
Security: .url files can redirect showSaveFilePicker into an arbitrary file
|
$2000
|
2022-08-18
|
1323239
|
Security: UAF in UserEducationInternalsPageHandlerImpl::GetFeaturePromos
|
$3000
|
2022-08-18
|
1302494
|
audio_decoder_g722_fuzzer: Use-of-uninitialized-value in WebRtc_g722_decode
|
-
|
2022-08-17
|
1312670
|
VideoTrackGenerator fails Security DCHECK(TypeConfuse) failure: IsA<Derived>(from) in casting.h
|
-
|
2022-08-17
|
1320624
|
Use-after-Free on BuildWebAppInternalsJson
|
$5000
|
2022-08-17
|
1324302
|
Heap-use-after-free in blink::NGHighlightPainter::NGHighlightPainter
|
$6000
|
2022-08-17
|
1323236
|
Security: UAF in AppServiceInternalsPageHandlerImpl::GetPreferredApps
|
$3000
|
2022-08-16
|
1323553
|
Security: heap-use-after-free ash/shelf/hotseat_widget.cc (chromeOS)
|
$1000
|
2022-08-16
|
1320024
|
Security: [ANGLE] Heap use-after-free when deleting TransformFeedback
|
$10000
|
2022-08-15
|
1322552
|
paint_op_buffer_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::Read
|
-
|
2022-08-13
|
1322744
|
Security: UAF in DiscardsGraphDumpImpl
|
$1000
|
2022-08-13
|
1312144
|
Security: heap-use-after-free in content::WebContentsViewAura::StartDragging
|
$15000
|
2022-08-12
|
1314998
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-08-12
|
1290713
|
Uaf in OmniboxPopup
|
$3000
|
2022-08-11
|
1320854
|
DecodeStringMessage is missing bounds checks
|
-
|
2022-08-11
|
1322554
|
transfer_cache_fuzzer: Heap-buffer-overflow in cc::PaintOpReader::ReadSize
|
-
|
2022-08-11
|
1305117
|
Security: Lockscreen leaks stored words in on-screen keyboard
|
$1000
|
2022-08-10
|
1317746
|
Security: container-overflow in ui::Compositor::StopThroughtputTracker
|
$3000
|
2022-08-10
|
1319217
|
Crash in v8::internal::HeapObject::SizeFromMap
|
-
|
2022-08-09
|
1320614
|
v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h
|
-
|
2022-08-09
|
1321827
|
CHECK failure: heap()->concurrent_marking()->IsStopped()
|
-
|
2022-08-09
|
1321841
|
CHECK failure: object.Size() == size in heap.cc
|
-
|
2022-08-09
|
1316889
|
heap-use-after-free in DevToolsWindow::ActivateWindow
|
$3000
|
2022-08-08
|
1320278
|
Unreachable code in objects-body-descriptors-inl.h
|
-
|
2022-08-08
|
1320408
|
Security: heap-buffer-overflow ui/views/view_model.h:83:28 in ViewAtBase (chromeOS)
|
$500
|
2022-08-08
|
1320894
|
CHECK failure: object.Size() == size in heap.cc
|
-
|
2022-08-08
|
1321349
|
CHECK failure: object.Size() == size
|
-
|
2022-08-08
|
1316946
|
[v8] Integer overflow leading to OOB/CHECK in icu_71::FormattedStringBuilder::prepareForInsertHelper
|
$5000
|
2022-08-06
|
1319797
|
AddressSanitizer: heap-use-after-free in PermissionRequestChip::CreateBubble
|
$3000
|
2022-08-06
|
1228661
|
AddressSanitizer: use-after-poison connector.cc:546 in mojo::Connector::DispatchMessageW
|
$7500
|
2022-08-05
|
1319841
|
Security: Type Confusion in Portal::ActivateImpl
|
$20000
|
2022-08-05
|
1320592
|
Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::OnBubbleClosed
|
$3000
|
2022-08-05
|
1320896
|
CHECK failure: local_weak_objects() ->discovered_ephemerons_local.IsLocalAndGlobalEmpty()
|
-
|
2022-08-05
|
1311683
|
Android Chrome FullScreen Notification Can be Overlapped by Pop-up Blocker Notification
|
$3000
|
2022-08-04
|
1312354
|
Security: heap-use-after-free ash/shelf/hotseat_widget.cc
|
-
|
2022-08-04
|
1314908
|
Security: Heap-use-after-free in remote_cocoa::NativeWidgetNSWindowBridge::SetVisibilityState
|
$3000
|
2022-08-04
|
1315563
|
Security: navigator.clipboard.read() can lead to mutation XSS
|
$3000
|
2022-08-04
|
1316990
|
Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleView::CloseWidgetWithReason
|
$5000
|
2022-08-04
|
1318610
|
heap-buffer-overflow : device::BluetoothAdapterMac::LowEnergyCentralManagerUpdatedState
|
-
|
2022-08-04
|
1318792
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in dawn::native::DeviceBase::DestroyObjects
|
-
|
2022-08-04
|
1316740
|
Security: heap-use-after-free in views::View::GetEffectiveViewTargeter
|
$5000
|
2022-08-03
|
1319302
|
heap-use-after-free on content::DevToolsAgentHostImpl::ForceDetachAllSessions
|
$3000
|
2022-08-03
|
1320007
|
CHECK failure: object.Size() == size in heap.cc
|
-
|
2022-08-03
|
1223475
|
Security: Content-Security-Policy bypass via Console API CSS-formatted messages
|
$500
|
2022-08-02
|
1248059
|
Security: heap-use-after-free in the views::Widget::GetNativeTheme in the browser process
|
$3000
|
2022-08-02
|
1268445
|
Security: Bypassing of security interstitials using debugger API
|
$1000
|
2022-08-02
|
1315102
|
UAF in SupportToolMessageHandler
|
$10000
|
2022-08-02
|
1318181
|
DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated-
|
-
|
2022-08-02
|
1319081
|
Heap-use-after-free in reporting::NetworkConditionService::NetworkConditionServiceObserver::RegisterRTT
|
-
|
2022-08-02
|
1319265
|
Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern
|
-
|
2022-08-02
|
1319855
|
CHECK failure: object.Size() == size in heap.cc
|
-
|
2022-08-02
|
1116450
|
Security: Extensions can capture contents of local files using Page.captureScreenshot with fromSurface set to false
|
$3000
|
2022-08-01
|
1317650
|
Security: [ANGLE] Heap use-after-free caused by State::detachBuffer
|
$10000
|
2022-08-01
|
1317875
|
Security: Heap-use-after-free in ash::ScopedOverviewTransformWindow::~ScopedOverviewTransformWindow
|
$3000
|
2022-08-01
|
1318673
|
Heap-buffer-overflow in CJBig2_Context::ParseSymbolDict
|
-
|
2022-07-31
|
1308968
|
Use-after-free crash in WaylandWindow when tabdrag source window gets destroyed
|
-
|
2022-07-30
|
1318013
|
Trap in auto v8::internal::BodyDescriptorApply<v8::internal::CallIsValidSlot, v8::intern
|
-
|
2022-07-30
|
1250993
|
Security: URL spoofing using LATIN SMALL LETTER L WITH STROKE
|
$500
|
2022-07-29
|
1312563
|
heap-use-after-free : media::VTVideoEncodeAccelerator::GetSupportedProfiles
|
-
|
2022-07-29
|
1313977
|
Security: heap-buffer-overflow on ash/wm/window_animations.cc (chromeOS)
|
$3000
|
2022-07-29
|
1314310
|
Tab reliably crashing with STATUS_ACCESS_VIOLATION with reproduction steps
|
$1000
|
2022-07-29
|
1315080
|
Security: Segv on unknown address in views::internal::NativeWidgetPrivate::ReparentNativeView
|
$3000
|
2022-07-29
|
1298867
|
gpu_angle_passthrough_fuzzer: Crash in rx::BufferNULL::setSubData
|
-
|
2022-07-28
|
1301071
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-07-28
|
1309843
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-07-28
|
1311820
|
Security: Browser-side origin confusion for javascript/data URLs opened in a new window/tab by cross-origin iframe
|
$20000
|
2022-07-28
|
1312790
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-07-28
|
1317725
|
DCHECK failure in MarkCompactCollector::IsMapOrForwarded(invalidated_object.map()) in invalidated-
|
-
|
2022-07-28
|
1311814
|
Security: heap-use-after-free ash/accessibility/chromevox/touch_exploration_manager.cc
|
$3000
|
2022-07-27
|
1317054
|
Heap-use-after-free in PrintDialogGtk::OnResponse
|
-
|
2022-07-27
|
1317681
|
DCHECK failure in U_SUCCESS(status) in intl-objects.cc
|
-
|
2022-07-27
|
1018669
|
Security: binder: UAF write from context manager via transaction-to-self
|
-
|
2022-07-26
|
1304987
|
clang-analyzer-core.uninitialized.Branch in third_party/blink/renderer/platform/graphics/gpu/webgl_image_conversion.cc
|
-
|
2022-07-26
|
1307515
|
DCHECK failure in U_SUCCESS(status) in intl-objects.cc
|
-
|
2022-07-26
|
1313600
|
Security: heap-buffer-overflow on components/ui_devtools/views/devtools_server_util.cc
|
-
|
2022-07-25
|
1306861
|
Security: Incomplete patch for issue 1246631 (CVE-2021-37981) and inaccurate scaling in EyeDropperView
|
$7000
|
2022-07-22
|
1316113
|
Heap-use-after-free in policy::RebootNotificationsScheduler::~RebootNotificationsScheduler
|
-
|
2022-07-22
|
1316278
|
dawn_wire_server_and_vulkan_backend_fuzzer: Check failed in CheckUnwind
|
-
|
2022-07-22
|
1315901
|
Security: [0-day] JIT optimisation issue
|
-
|
2022-07-21
|
1305394
|
Leaking window.length without opener reference.
|
$2000
|
2022-07-20
|
1312270
|
heap-buffer-overflow on ui_devtools::UIElement::ReorderChild
|
$2000
|
2022-07-20
|
1312419
|
Security: heap-use-after-free on components/global_media_controls/public/views/media_item_ui_list_view.cc
|
$3000
|
2022-07-20
|
1312799
|
gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap
|
-
|
2022-07-20
|
1313905
|
Security: [ANGLE] Heap use-after-free in ContextVk::onBeginTransformFeedback
|
$10000
|
2022-07-20
|
1314383
|
bad free in gpu ~PackedEnumMap
|
$7000
|
2022-07-20
|
1314616
|
Security: JS object corruption in WasmJS::InstallConditionFeatures (CVE-2021-30561 variant)
|
$7500
|
2022-07-20
|
1314676
|
Security: UAF in SegmentationPlatformServiceImpl
|
$3000
|
2022-07-20
|
1314754
|
Security: Missing bounds check in WebGPUDecoderImpl::DoRequestDevice
|
-
|
2022-07-20
|
1315031
|
Heap-use-after-free in ash::SearchResultView::PreferredHeight
|
-
|
2022-07-20
|
1315040
|
Security: Drag and Drop XSS
|
$2000
|
2022-07-20
|
1315192
|
Security: oob read in AudioDelayDSPKernel::ProcessKRate
|
$2000
|
2022-07-20
|
1303552
|
hb_shape_fuzzer: Use-of-uninitialized-value in OT::hb_ot_apply_context_t::skipping_iterator_t::prev
|
-
|
2022-07-18
|
1314363
|
DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h
|
-
|
2022-07-18
|
1314658
|
Security: heap-use-after-free in PDFium CPDFSDK_AppStream::Write
|
$5000
|
2022-07-17
|
1309035
|
AddressSanitizer: heap-use-after-free in isCubeCompatible third_party/swiftshader/src/Vulkan/VkImage.cpp:905:25
|
-
|
2022-07-16
|
1312699
|
AddressSanitizer: heap-use-after-free element.cc:3611 in blink::Element::RecalcOwnStyle
|
$5000
|
2022-07-16
|
1314536
|
DCHECK failure in !IsInProgress(function->tiering_state()) in runtime-compiler.cc
|
-
|
2022-07-16
|
1302949
|
Security: Heap-use-after-free in send_tab_to_self::SendTabToSelfBubbleController::OnBubbleClosed
|
$5000
|
2022-07-15
|
1310717
|
Use-after-Free on crostini::CrostiniExportImport::OpenFileDialog
|
$7000
|
2022-07-15
|
1311923
|
CHECK failure: (location_) != nullptr in maybe-handles.h
|
-
|
2022-07-15
|
1314184
|
v8_wasm_compile_fuzzer: Null-dereference WRITE in v8::internal::Simulator::WriteW
|
-
|
2022-07-15
|
1314644
|
DCHECK failure in osr_cache->FindEntry(*shared, osr_offset) == -1 in osr-optimized-code-cache.cc
|
-
|
2022-07-15
|
1289192
|
Security: UAF in BookmarkDragHelper
|
$3000
|
2022-07-14
|
1300995
|
Heap-use-after-free under ash::HandleToggleOverview in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse
|
-
|
2022-07-14
|
1304884
|
Security: use after free in cups_printers_handler
|
$3000
|
2022-07-14
|
1305068
|
Security: UAF in SelectFileDialogExtension::NotifyListener
|
$5000
|
2022-07-14
|
1306391
|
Security: Use-After-Free in SelectFileDialog
|
$1000
|
2022-07-14
|
1309467
|
Type confusion in handling of accessor in ReduceNamedAccess
|
-
|
2022-07-14
|
1313983
|
DCHECK failure in !try_catch.HasCaught() in d8.cc
|
-
|
2022-07-14
|
1311903
|
Security: heap-use-after-free on ash/capture_mode/capture_mode_session.cc
|
-
|
2022-07-13
|
1312838
|
DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in
|
-
|
2022-07-13
|
1313172
|
Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability - TALOS-2022-1508
|
$10000
|
2022-07-13
|
1106456
|
Security: Possible to escape sandbox via devtools_page and Feedback app
|
$15000
|
2022-07-12
|
1270539
|
heap-use-after-free in TabGroupModel::GetTabGroup
|
$3000
|
2022-07-12
|
1292870
|
Security: UAF after adding undocked DevTools tab to a group
|
$5000
|
2022-07-12
|
1300561
|
Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop
|
$2000
|
2022-07-12
|
1305267
|
Security: ChromeOS root privilege escalation (arcvm, arcvm_server_proxy, vm_concierge, arc-create-data)
|
$30000
|
2022-07-12
|
1305834
|
gpu_angle_fuzzer: Trap in gpu::CommandBufferSetup::LogGLDebugMessage
|
-
|
2022-07-12
|
1311701
|
Security: UAF in DumpDatabaseHandler
|
$15000
|
2022-07-12
|
1307445
|
transfer_cache_fuzzer: Use-of-uninitialized-value in cc::ReadPixmap
|
-
|
2022-07-10
|
1302959
|
Security: Extension permission escalation
|
$5000
|
2022-07-09
|
1312022
|
CHECK failure: !HasJobs() in optimizing-compile-dispatcher.h
|
-
|
2022-07-09
|
1307603
|
v8_wasm_compile_fuzzer: DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h
|
-
|
2022-07-08
|
1311641
|
Security: Incomplete fix for CVE-2022-1096
|
-
|
2022-07-08
|
1101001
|
Security: UAF Read in Content process
|
$15000
|
2022-07-07
|
1292308
|
Security: UAF in CalendarView 2
|
$6000
|
2022-07-07
|
1303330
|
Security: heap-use-after-free in ui::EventTarget::RemovePreTargetHandler
|
$15000
|
2022-07-07
|
1304660
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2022-07-07
|
1310295
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2022-07-07
|
1305190
|
[ANGLE] Vulkan Use After Free in onBeginTransformFeedback
|
$7000
|
2022-07-06
|
1305900
|
Security:SEGV on unknown address in ash::DeskPreviewView::RecreateDeskContentsMirrorLayers()
|
$3000
|
2022-07-06
|
1307946
|
v8_wasm_compile_fuzzer: Segv on unknown address in v8::internal::MarkCompactCollector::RootMarkingVisitor::VisitRootPointer
|
-
|
2022-07-06
|
1308199
|
Security: Chrome Apps: Possible to read environment variables using suggestedName in chrome.fileSystem.chooseEntry
|
$7000
|
2022-07-06
|
1234267
|
Bad-cast to ui::Layer from cc::PictureLayer in ui::SendDamagedRectsRecursive
|
-
|
2022-07-05
|
1268541
|
Security: Another Cross-Origin Response Size Leak Via BackgroundFetch
|
$3000
|
2022-07-05
|
1281808
|
Security: UAF in AXVirtualViewWrapper
|
$15000
|
2022-07-05
|
1285234
|
AddressSanitizer: heap-use-after-free in blink::BlobBytesProvider::AppendData
|
$6000
|
2022-07-05
|
1292905
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
$6000
|
2022-07-05
|
1301180
|
Security: Bypass Apk Warning In Andriod
|
$1000
|
2022-07-05
|
1305423
|
Security: installer: encrypted_import: Disk access to root command execution
|
-
|
2022-07-05
|
1310461
|
Security: chrome.downloads.download could be abused to steal user's environment variables like secrets, tokens or keys on windows.
|
$7000
|
2022-07-05
|
1310597
|
Chromium: Vulnerability reported in third_party/liblouis
|
-
|
2022-07-05
|
1283050
|
Heap-use-after-free in RenderViewHostImpl::ActivatePrerenderedPage
|
-
|
2022-07-04
|
1278608
|
Security: CA certificate import exploitable with large DSA and RSA-PSS signatures on Linux/ChromeOS
|
-
|
2022-07-02
|
1299211
|
Use After Free in TextureVk::releaseAndDeleteImageAndViews
|
$10000
|
2022-07-02
|
1301148
|
Security: heap UaF in DesksTemplates dialog
|
-
|
2022-07-02
|
1305403
|
Security: mnt_concierge semi-arbitrary bind mount
|
-
|
2022-07-02
|
1236325
|
Security: Extensions with debugger permission can list URLs and send commands to incognito tabs and other profile tabs
|
$5000
|
2022-07-01
|
1251588
|
Security: download protection bypass on macOS with .inetloc
|
$500
|
2022-07-01
|
1301873
|
Security: Chrome for Android Hide Custom Fullscreen Toast View with Repeated Exit Enter Fullscreen Request
|
$3000
|
2022-07-01
|
1308360
|
Type confusion when using simple api call accessors with SuperIC
|
-
|
2022-07-01
|
1305401
|
Security: Arcvm custom init
|
-
|
2022-06-30
|
1306768
|
Security: UAF in SelectFileDialogLacros::OnSelected (lacros-chrome)
|
$3000
|
2022-06-30
|
1308178
|
DCHECK failure in HasBytecodeArray() in shared-function-info-inl.h
|
-
|
2022-06-30
|
1309767
|
DCHECK failure in string.length() == source.length() in string-table.cc
|
-
|
2022-06-30
|
1309842
|
CrOS: Vulnerability reported in dev-libs/openssl
|
-
|
2022-06-30
|
1306458
|
Security: Potential UAF in ChromeDesksTemplatesDelegate::OnLacrosChromeUrlsReturned
|
$1000
|
2022-06-29
|
1306443
|
getThumbnail() CHECK leaks number of available PDF pages
|
$500
|
2022-06-29
|
1308253
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-06-29
|
1309023
|
Illegal-instruction in permissions::PermissionRequestManager::FinalizeCurrentRequests
|
-
|
2022-06-29
|
1270008
|
OS Command Injection in node-opencv
|
-
|
2022-06-28
|
1297643
|
Security: heap-use-after-free ash/drag_drop/drag_drop_tracker.cc:109
|
$3000
|
2022-06-28
|
1304075
|
uaf in FrameSinkVideoCaptureDevice::OnLog
|
$500
|
2022-06-28
|
1306507
|
AddressSanitizer: heap-use-after-free components/history/core/browser/history_backend.cc:2542:22 in history::HistoryBackend::KillHistoryDatabase()
|
$16000
|
2022-06-28
|
1307667
|
Bad-cast to blink::MathMLSpaceElement from blink::MathMLElement in blink::MathMLSpaceElement* blink::DynamicTo<blink::MathMLSpaceElement, blink::El
|
-
|
2022-06-28
|
1266953
|
Tricking a user into a same-page drag-and-drop can disclose data to cross-origin frames
|
-
|
2022-06-27
|
1293357
|
Security: Samba vulnerabilities CVE-2021-44141, CVE-2021-44142, CVE-2022-0336
|
-
|
2022-06-27
|
1300507
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2022-06-27
|
1300508
|
CrOS: Vulnerability reported in sys-libs/ldb
|
-
|
2022-06-27
|
1302431
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2022-06-27
|
1307610
|
Security: RegExp[@@replace] missing write barrier, leading to RCE
|
$20000
|
2022-06-27
|
1305706
|
uaf in BookmarkBarView::OnTabGroupButtonPressed
|
$2000
|
2022-06-25
|
1299287
|
Video escapes content area
|
$3000
|
2022-06-24
|
1299743
|
Security: heap-use-after-free in FileSystemAccessRegularFileDelegate::DoFlush
|
$7500
|
2022-06-24
|
1300253
|
Security: Chrome for Android Cancel Enter Fullscreen able to Hide Omnibox
|
$3000
|
2022-06-24
|
1304658
|
Security: Debug check failed: type.representation() == MachineRepresentation::kFloat64 || type.representation() == MachineRepresentation::kTagged.
|
$8500
|
2022-06-24
|
1275600
|
Security: UAF in ViewsAXTreeManager
|
$20000
|
2022-06-23
|
1282384
|
Security: UAF in FocusController::SetFocusedWindow
|
$20000
|
2022-06-23
|
1299261
|
Security: [ANGLE] Heap overflow read in vk::IndexBuffer::getIndexBuffers
|
$7000
|
2022-06-23
|
1302321
|
gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2022-06-23
|
1303410
|
Security: ChromeOS - Lockscreen leaks clipboard contents, i.a.
|
$5000
|
2022-06-23
|
1305776
|
AddressSanitizer: use-after-poison in blink::WebrtcVideoPerfReporter::InitializeOnTaskRunner webrtc_video_perf_reporter.cc:36
|
$6000
|
2022-06-23
|
1297138
|
Security: leak user html content using Dangling Markup injection when http upgrade to https
|
$500
|
2022-06-22
|
1298122
|
Security: TrustedTypes does not block assignment when modifying existing attribute value via nodeValue/textContent
|
$1000
|
2022-06-22
|
1304545
|
Security: Potential Use After Free in ManagedValueStoreCache::OnPolicyUpdated
|
$1000
|
2022-06-22
|
1261191
|
Security: Form validation UI dialog can cover whole page
|
$1000
|
2022-06-21
|
1301134
|
Security: heap-use-after-free ash/wm/overview/overview_highlightable_view.cc:17:18 in ash::OverviewHighlightableView::SetHighlightVisibility(bool)
|
$3000
|
2022-06-21
|
1303458
|
[TurboFan]v8 crashed when compling optimization
|
$5000
|
2022-06-21
|
1304368
|
Security: UAF in ui/ozone/platform/wayland/host/wayland_window.cc
|
$7000
|
2022-06-20
|
1275414
|
Security: heap-use-after-free in network::server::HttpServer::FindConnection
|
$1000
|
2022-06-18
|
1297404
|
Security: heap-use-after-free in global_media_controls::MediaItemManagerImpl::HideItem
|
-
|
2022-06-17
|
1304045
|
Security: AddressSanitizer: heap-use-after-free ui/views/window/dialog_delegate.cc:419:26 in views::DialogDelegate::AcceptDialog()
|
-
|
2022-06-17
|
1304145
|
Security: UAF in ScanningHandler
|
$5000
|
2022-06-17
|
1162424
|
Security: racing UAF during usrsctp_close in usrsctp in webrtc
|
$5000
|
2022-06-16
|
1303253
|
use after free in SelectFileDialogExtension::ExtensionTerminated
|
$3000
|
2022-06-16
|
1303613
|
Security: HeapOverflow in ScanningHandler
|
$3000
|
2022-06-16
|
1303615
|
Security: HeapOverflow in CertificatesHandler
|
$3000
|
2022-06-16
|
1304659
|
Chromium: Vulnerability reported in third_party/libxml
|
-
|
2022-06-16
|
1301920
|
Security: Web Share API allows to write in UNC paths and/or in C:/Users/<username>/AppData/Local/Temp/ on Windows
|
$5000
|
2022-06-15
|
1302644
|
Security: Use After Free in ChromePasswordProtectionService::HandleUserActionOnModalWarning
|
$16000
|
2022-06-15
|
1303919
|
Security: libtiff CVE vulnerabilities in 4.2.0 (from pdfium)
|
-
|
2022-06-15
|
1297429
|
[WebUI] StartupPagesHandler does not adequately verify arguments from JS
|
$7500
|
2022-06-14
|
1299264
|
use after free in rx::FramebufferVk::startNewRenderPass
|
$7000
|
2022-06-14
|
1302157
|
Security: Heap-use-after-free in ~ExtensionUninstallDialogViews
|
$3000
|
2022-06-14
|
1301320
|
Security: heap-use-after-free in extensions::ExtensionApiFrameIdMap::GetFrameId
|
-
|
2022-06-11
|
1180745
|
stack over flow in swiftshader
|
$7500
|
2022-06-10
|
1284582
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1285554
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1287844
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1290799
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1291951
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1292966
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1294201
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1294503
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1295411
|
Security: [ANGLE] Heap use-after-free in CommandBufferHelperCommon::bufferWrite
|
$7000
|
2022-06-10
|
1296101
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-10
|
1296866
|
Security: heap-buffer-overflow in getImageActualFormat
|
$7000
|
2022-06-10
|
1299225
|
Security: Heap-use-after-free in QuickAnswersUiController::CloseQuickAnswersView
|
$3000
|
2022-06-10
|
1301840
|
uaf in browser_switcher::`anonymous namespace'::OpenBrowserSwitchPage
|
$2000
|
2022-06-10
|
1302625
|
DCHECK failure in lhs.Is(Type::Number()) in operation-typer.cc
|
-
|
2022-06-10
|
1264543
|
Security: Popup with noopener does not consume user activation
|
-
|
2022-06-09
|
1292360
|
Security: UAF in CalendarView 3
|
$7000
|
2022-06-09
|
1296467
|
Security: [ANGLE] Heap use-after-free in BufferHelper::recordReadBarrier
|
$7000
|
2022-06-09
|
1302280
|
wayland_fuzzer: Heap-use-after-free in destroy_queued_closure
|
-
|
2022-06-09
|
1280205
|
Security: Heap-use-after-free in TabStrip::OnGroupCreated
|
$7000
|
2022-06-08
|
1299422
|
Security: heap-use-after-free in content::DisplayCutoutHostImpl::SendSafeAreaToFrame
|
-
|
2022-06-08
|
1207335
|
Chromium: Vulnerability reported in third_party/binutils
|
-
|
2022-06-07
|
1292304
|
Security: UAF in CalendarView
|
$5000
|
2022-06-07
|
1301209
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered
|
-
|
2022-06-07
|
1233333
|
v8_inspector_fuzzer: Use-of-uninitialized-value in v8_crdtp::cbor::CBOREncoder::HandleInt32
|
-
|
2022-06-06
|
1292261
|
Security: Heap-use-after-free in BrowserList::AddBrowser
|
$7000
|
2022-06-06
|
1295654
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2022-06-06
|
1298986
|
dawn_wire_server_and_vulkan_backend_fuzzer: Use-of-uninitialized-value in llvm::PassNameParser::passRegistered
|
-
|
2022-06-06
|
1273841
|
AddressSanitizer: heap-use-after-free in blink::Screen::AreWebExposedScreenPropertiesEqual
|
$5000
|
2022-06-04
|
1290586
|
Calling stopTrack() in a worker fails a To<> cast DCHECK
|
-
|
2022-06-04
|
1291472
|
MediaStreamTrackinWorker fails Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-06-04
|
1291891
|
Uaf in qrcode_generator::QRCodeGeneratorBubbleController::OnBubbleClosed
|
$5000
|
2022-06-04
|
1296841
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-04
|
1296876
|
v8_wasm_code_fuzzer: Crash in Builtins_GenericJSToWasmWrapper
|
-
|
2022-06-04
|
1300139
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-04
|
1298884
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-06-04
|
1291986
|
Security heap-use-after-free ash/wm/splitview/split_view_divider.cc (chromeOS)
|
$7000
|
2022-06-03
|
1296334
|
heap-use-after-free : safe_browsing::VerdictCacheManager::CacheRealTimeUrlVerdict
|
-
|
2022-06-03
|
1297498
|
UAF in ThreatDetailsCacheCollector::OpenEntry
|
$15000
|
2022-06-03
|
1299259
|
freetype_type1_fuzzer: Crash in cf2_interpT2CharString
|
-
|
2022-06-03
|
1000408
|
getOriginFromUrl in cryptotoken component extension doesn't use real origin
|
-
|
2022-06-02
|
1292004
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-06-01
|
1294612
|
uaf in AppLaunchHandler::LaunchApp
|
-
|
2022-06-01
|
1298015
|
Security: heap-use-after-free in base::SupportsUserData::GetUserData
|
$7000
|
2022-06-01
|
1299814
|
CHECK failure: !isolate->concurrent_osr_enabled()
|
-
|
2022-06-01
|
1279775
|
Security: Stack-Buffer-Overflow in g711_interface.c
|
-
|
2022-05-31
|
1280851
|
Security: Stack-Buffer-Overflow in WebRtc_g722_decode
|
-
|
2022-05-31
|
1299418
|
CHECK failure: !isolate->concurrent_osr_enabled() in runtime-test.cc
|
-
|
2022-05-31
|
1299438
|
CHECK failure: !isolate->concurrent_osr_enabled()
|
-
|
2022-05-31
|
1083835
|
heap-use-after-free : rlz::RLZTracker::GetAccessPointRlzImpl
|
-
|
2022-05-29
|
1293191
|
Propagating inertness into nested browsing contexts leaks information, privacy concern?
|
-
|
2022-05-29
|
1298149
|
Use-after-poison in mojo::internal::InterfacePtrStateBase::Bind
|
-
|
2022-05-29
|
1298213
|
heap-use-after-free : ash::`anonymous namespace'::EncodeBitmapToPNG
|
-
|
2022-05-29
|
1193390
|
gpu_raster_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init
|
-
|
2022-05-26
|
1276002
|
Security: fencedframe element bypass the security policy restrictions of the devtools preview limit
|
$3000
|
2022-05-26
|
1296120
|
Security: ChromeOS root privilege escalation (arcvm_server_proxy, cups, arc-create-data)
|
$30000
|
2022-05-26
|
1227636
|
Security: [SkPixmap] pdfium SEGV on getColor()
|
-
|
2022-05-25
|
1280852
|
Security: Stack-Buffer-Overflow in WebRtcPcm16b_Decode
|
$5000
|
2022-05-25
|
1292271
|
Security: heap-use-after-free on ash/wm/desks/desks_controller.cc (chromeOS)
|
$7000
|
2022-05-25
|
1296407
|
Heap-use-after-free in content::SavePackage::ContinueGetSaveInfo
|
-
|
2022-05-25
|
1297269
|
Security: Chrome Enterprise MSI installer Elevation of Privileges Vulnerability
|
$20000
|
2022-05-25
|
1297541
|
Heap-use-after-free in cppgc::internal::BasicPersistent<blink::NGLayoutResult const, cppgc::internal::S
|
-
|
2022-05-25
|
1297764
|
Defense in depth: Remove TMP directory fallback for installer payload
|
-
|
2022-05-25
|
1253281
|
Security: UAF in SQLite renameTokenCheckAll
|
-
|
2022-05-24
|
1281908
|
Security: DeserializeFromMessage should validate the message header
|
-
|
2022-05-24
|
1292333
|
DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc
|
-
|
2022-05-24
|
1295786
|
uaf in blink::MediaInspectorContextImpl::CullPlayers(blink::WebString const&)
|
$5000
|
2022-05-24
|
1263825
|
Heap-use-after-free in base::ObserverList<aura::WindowObserver, true, true, base::internal::CheckedObse
|
-
|
2022-05-23
|
1267318
|
SameSite cookies leak via embedded browsing context
|
$500
|
2022-05-23
|
1291735
|
Security: Sharesheet dialog doesn't show the origin elided from the right
|
$500
|
2022-05-23
|
1295699
|
Residual UAF in token fetcher code
|
$1000
|
2022-05-23
|
1195549
|
dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in dawn_native::vulkan::Device::PrepareRecordingContext
|
-
|
2022-05-21
|
1270117
|
[iOS] CSP Bypass via Service Worker
|
$500
|
2022-05-21
|
1294723
|
dawn_wire_server_and_frontend_fuzzer: Crash in tint::diag::Formatter::format
|
-
|
2022-05-21
|
1296526
|
Heap-use-after-free in history_clusters::OnDeviceClusteringBackend::ClusterVisitsOnBackgroundThread
|
-
|
2022-05-21
|
1285885
|
Security: [ANGLE] Vulkan : Out-of-bounds memory can be accessed using bound offsets
|
$7000
|
2022-05-20
|
1290150
|
Security: redirect detection via Performance API
|
$1000
|
2022-05-20
|
1294097
|
Security: Heap-use-after-free in NearbyShareAction::HandleKeyboardEvent
|
$7000
|
2022-05-20
|
1295087
|
Bad-cast to blink::LayoutBlock from blink::LayoutImage in blink::LayoutBlock& blink::To<blink::LayoutBlock, blink::LayoutObject>
|
-
|
2022-05-20
|
1296150
|
Security: [0-day] Use-After-Free in UpdateAnimationTiming
|
-
|
2022-05-20
|
1077756
|
Security: sandbox doesn't prevent setgid("disk") in shill process tree
|
-
|
2022-05-19
|
1290700
|
uaf in BrowserSwitchHandler::OnLaunchFinished
|
$2000
|
2022-05-19
|
1295999
|
renderer_proto_tree_fuzzer: Use-of-uninitialized-value in blink::NGLayoutResult::NGLayoutResult
|
-
|
2022-05-19
|
1289394
|
file_system_manager_mojolpm_fuzzer: Heap-use-after-free in storage::ObfuscatedFileUtil::GetDirectoryForStorageKey
|
-
|
2022-05-18
|
1292537
|
Crash in memfd:swiftshader_jit
|
-
|
2022-05-18
|
1295221
|
Security: Variant analysis of UAF in AccessiblePaneView
|
-
|
2022-05-18
|
1264561
|
Security: Chrome for Android Hide Entering Fullscreen Notification Toast using Multiple Toast from Failed to Copy
|
$2500
|
2022-05-16
|
1266631
|
Cross-site information leak - CSP Violation reports contain blockedURI's hostname
|
$2000
|
2022-05-16
|
1288919
|
tint_wgsl_reader_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run
|
-
|
2022-05-15
|
1289116
|
Heap-use-after-free in rx::vk::GarbageObject::destroy
|
-
|
2022-05-15
|
1292829
|
dawn_wire_server_and_frontend_fuzzer: Heap-use-after-free in tint::diag::Formatter::format
|
-
|
2022-05-15
|
1293906
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-05-14
|
1142269
|
Security: Chromium doesn't conform to SMS Verification APIs leading to potential Access to app protected components vulnerability
|
$1000
|
2022-05-13
|
1291482
|
Chrome should ignore responses with http status code 1**
|
-
|
2022-05-13
|
1270005
|
Heap-buffer-overflow in flatbuffers::EscapeString
|
-
|
2022-05-12
|
1283546
|
Security: UAF in ProtocolHandlerThrottle using PlzDedicatedWorker
|
$20000
|
2022-05-12
|
1291109
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-05-12
|
1291471
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-05-12
|
1156237
|
heap-use-after-free : __72+[NSRemoteViewMarshal _addFreeWindow:parameters:listenerEndpoint:reply:]_block_invoke
|
-
|
2022-05-11
|
1246188
|
Security: Compromised renderer can set custom cursor up to 1024px over browser UI and other windows
|
$2000
|
2022-05-11
|
1273397
|
Security: Heap-buffer-overflow in tabgroup
|
$7000
|
2022-05-11
|
1279665
|
Security DCHECK failed: IsA<Derived>(from) in ng_layout_input_node.cc:96 blink::NGLayoutInputNode::TableCellColspan
|
$5000
|
2022-05-11
|
1284293
|
AddressSanitizer: heap-use-after-free in TryProcess ui/base/accelerators/accelerator_manager.cc:152:17
|
$7000
|
2022-05-11
|
1285601
|
Security: heap-use-after-use in DiscountURLLoader::NavigateToDiscountURL
|
$16000
|
2022-05-11
|
1286940
|
Security: heap-use-after-free in ProfileImpl::IsSameOrParent
|
$7000
|
2022-05-11
|
1288020
|
heap buffer overflow in sw::Blitter::fastResolve
|
$7000
|
2022-05-11
|
1289507
|
dawn_wire_server_and_frontend_fuzzer: Crash in dawn_native::OwnedCompilationMessages::AddMessages
|
-
|
2022-05-11
|
1291728
|
Security: heap-use-after-free in base::ObserverList::RemoveObserver
|
$10000
|
2022-05-11
|
1293248
|
css_parser_fast_paths_fuzzer: Use-of-uninitialized-value in bool blink::ParsePercentage<unsigned char>
|
-
|
2022-05-11
|
1268448
|
Fix unsafe use of lambdas in BaseRenderingContext2D
|
-
|
2022-05-10
|
1269999
|
Heap-use-after-free in xmlAddNextSibling
|
-
|
2022-05-10
|
1287864
|
Security: iOS Webkit can leak IndexedDB names
|
-
|
2022-05-09
|
1290008
|
UAF in printing
|
$15000
|
2022-05-09
|
1283402
|
Heap-use-after-free in ChromePermissionsClient::OverrideCanonicalOrigin
|
$15000
|
2022-05-06
|
1289383
|
Security: [ANGLE] Heap-buffer-overflow in ImageHelper::SubresourceUpdate::isUpdateToLayers
|
$10000
|
2022-05-06
|
1289846
|
Security: CSS keylogger extension using PageStateMatcher and chrome.action.openPopup()
|
$5000
|
2022-05-06
|
1290107
|
tint_ast_hlsl_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run
|
-
|
2022-05-06
|
1035344
|
API: parameterized overload of GetPropertyNames promises more flexibility than it actually supports
|
-
|
2022-05-05
|
1280132
|
Security DCHECK failed: IsA<Derived>(from) in ng_block_node.cc:1032 blink::NGBlockNode::FirstChild
|
$5000
|
2022-05-05
|
1280233
|
Origin spoofing in WebUSB
|
$3000
|
2022-05-05
|
1285636
|
gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in sse3::store_NUMBER
|
-
|
2022-05-05
|
1288251
|
AddressSanitizer: heap-use-after-free asan-linux-release-960248 content::StoragePartitionImpl::GetLockManager() content/browser/storage_partition_impl.cc:1493
|
$15000
|
2022-05-05
|
1288881
|
gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in GrDirectContextPriv::validPMUPMConversionExists
|
-
|
2022-05-05
|
1289678
|
v8_wasm_compile_fuzzer: DCHECK failure in 3 == element_size_log2(kind) in liftoff-assembler-x64.h
|
-
|
2022-05-05
|
1289715
|
Security: heap-use-after-free in ExtensionFunction::Shutdown
|
$15000
|
2022-05-05
|
1290587
|
DCHECK failure in !scope_info_.is_null() in scopes.cc
|
-
|
2022-05-05
|
1250655
|
#Summary SUMMARY: AddressSanitizer: heap-use-after-free in gpu::CommandBufferProxyImpl::OnDisconnect
|
$7000
|
2022-05-03
|
1269996
|
Heap-buffer-overflow in hb_array_t<OT::IntType<unsigned int, 4u> const> hb_array_t<OT::IntType<unsigned
|
-
|
2022-05-03
|
1270333
|
Security: Integer overflow in HandleTable::AddDispatchersFromTransit leading to memory corruption
|
-
|
2022-05-03
|
1289378
|
heap-use-after-free : media_router::CastActivityManager::TerminateSession
|
-
|
2022-05-03
|
1289384
|
Security: might be possible to UaF JavaScriptIsolatedWorldRequest
|
-
|
2022-05-03
|
1289798
|
Heap-use-after-free in blink::NGBoxFragmentBuilder::PropagateBreakInfo
|
-
|
2022-05-03
|
1290079
|
v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::SpillRegisterAtMerge
|
-
|
2022-05-03
|
1242962
|
Security: heap-buffer-overflow in SelectFileDialogImpl::OnSelectFileExecuted
|
$7000
|
2022-05-02
|
1270052
|
Security: Chrome for Android Hide Entering Fullscreen Notification Toast with HTML Select Dropdown
|
$3000
|
2022-05-02
|
1270470
|
Security: Scrolls are detectable cross-site upon using the Scroll to text fragment feature.
|
$2000
|
2022-05-02
|
1278322
|
Security: heap-use-after-free in TemplateURLRef::ParseHostAndSearchTermKey
|
$7000
|
2022-05-02
|
1284916
|
Security: UAF in DistilledPagePrefs::SetFontScaling
|
$20000
|
2022-05-02
|
1289523
|
Security: heap-use-after-free in TemplateURLFetcher::RequestDelegate::OnTemplateURLParsed
|
$7000
|
2022-05-02
|
1289802
|
Use-of-uninitialized-value in v8::internal::JSFunction::EnsureFeedbackVector
|
-
|
2022-05-02
|
1286816
|
WebUSB out-of-bound access to selected_alternates_ in usb_device if the device has non-sequential alternative interface number
|
-
|
2022-04-29
|
1285759
|
Security: double-free in content::RenderFrameHostImpl::ResetNavigationRequests
|
$5000
|
2022-04-28
|
1288130
|
tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run
|
-
|
2022-04-28
|
1288769
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-04-28
|
1057296
|
COOP isn't inherited to Blob URL
|
-
|
2022-04-27
|
1253155
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1266771
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1268369
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1268803
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1273811
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1276679
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1277921
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1281941
|
Heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext
|
$1000
|
2022-04-27
|
1283018
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-04-27
|
1286110
|
Security: heap-buffer-overflow swiftshader Image::copy 3D
|
-
|
2022-04-27
|
1287364
|
Page can use EyeDropper API to bypass mouse movement/keyboard input requirements for autofill (bypass of issue 1240472 fix)
|
$2000
|
2022-04-27
|
1287962
|
Security: [ANGLE] Heap-buffer-overflow in TextureVk::prepareForGenerateMipmap
|
$12000
|
2022-04-27
|
1283434
|
A GPU crash (or anything that causes loss of GPU support for Chrome) will create framebuffer ghosting with ImageBitmap
|
$1000
|
2022-04-26
|
1287843
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-04-26
|
1285622
|
tint_regex_spv_writer_fuzzer.exe: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run
|
-
|
2022-04-24
|
1281078
|
Security: heap-buffer-overflow in TabStripModel::MoveWebContentsAtImpl
|
$7000
|
2022-04-23
|
1282480
|
Security: AddressSanitizer: heap-use-after-free on drag_drop_controller.cc (chromeOS and Lacros)
|
$2000
|
2022-04-23
|
1244205
|
uaf in content::DesktopCaptureDevice::Core::AllocateAndStart
|
$10000
|
2022-04-22
|
1252716
|
Security: heap-use-after-free in PrefChangeRegistrar::~PrefChangeRegistrar
|
$10000
|
2022-04-22
|
1260007
|
Security: State tracking issue in RenderFrameHostImpl leading to UaF
|
-
|
2022-04-22
|
1274445
|
Security: v8 Debug check failed: target_inobject < GetInObjectProperties().
|
$5000
|
2022-04-22
|
1278375
|
Security: stack-buffer-overflow in views::ScrollView::OnMouseWheel(ui::MouseWheelEvent const&) in the browser process
|
$3000
|
2022-04-22
|
1280941
|
pdf_jpx_fuzzer: Trap in pdfium::base::AlignedAlloc
|
-
|
2022-04-22
|
1283609
|
Security: UAF in OOBEUI
|
$7000
|
2022-04-22
|
1284584
|
Security: UAF in safe_browsing::DownloadRequestMaker::Start
|
$20000
|
2022-04-22
|
1285116
|
Security: heap-use-after-free in web_app::ShortcutInfoForExtensionAndProfile
|
$2000
|
2022-04-22
|
1286837
|
Global-buffer-overflow in blink::CompositeOperatorName
|
-
|
2022-04-22
|
1287342
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-04-22
|
1262902
|
Security: Heap-use-after-free in AccessibilityUIMessageHandler::RequestWebContentsTree
|
$7000
|
2022-04-21
|
1274113
|
Security: mojo race NodeName reuse to leak messages
|
-
|
2022-04-21
|
1212957
|
AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
|
$8500
|
2022-04-20
|
1280743
|
Security: JBIG2_Context.cpp arithmetic looks prone to overflow.
|
-
|
2022-04-20
|
1283077
|
Security: heap-buffer-overflow in webui tabstrip
|
-
|
2022-04-20
|
1232866
|
Security: Heap UAF in media_gpu!media::VideoProcessorProxy::VideoProcessorBlt
|
$7000
|
2022-04-19
|
1251065
|
Chrome downgrades long-running requests from HTTPS to HTTP after 3 s.
|
$3000
|
2022-04-19
|
1275438
|
Security: UAF in DateTimeChooserAndroid::ReplaceDateTime
|
$25000
|
2022-04-19
|
1281763
|
Security: UAF in GoogleSearchDomainMixingMetricsEmitter
|
$10000
|
2022-04-19
|
1282118
|
Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded
|
$10000
|
2022-04-19
|
1285596
|
Crash in cppgc::internal::MemberBase::MemberBase
|
-
|
2022-04-19
|
1285882
|
Crash in blink::LayoutObject::RemoveChild
|
-
|
2022-04-19
|
1273017
|
Security: Inappropriate implementation in PushMessaging
|
$10000
|
2022-04-18
|
1282320
|
Security: use-after-poison in blink::InspectorAccessibilityAgent::RefreshFrontendNodes
|
$500
|
2022-04-18
|
1283124
|
AddressSanitizer: use-after-poison cc\layers\texture_layer.cc:169 in cc::TextureLayer::Update
|
$5000
|
2022-04-18
|
1285007
|
DCHECK failure in reg.ToInt() < register_data_.size() in mid-tier-register-allocator.cc
|
-
|
2022-04-18
|
1281859
|
CrOS: Vulnerability reported in sys-libs/binutils-libs
|
-
|
2022-04-17
|
1277917
|
heap-use-after-free : mojo::DataPipeDrainer::WaitComplete
|
-
|
2022-04-16
|
1283375
|
UAF in PrintViewManagerBase
|
$15000
|
2022-04-16
|
1284138
|
heap-use-after-free base/memory/scoped_refptr.h:261:43 in operator bool (chromeOS)
|
$7000
|
2022-04-16
|
1249964
|
intent:// URIs can launch BROWSABLE non-exported activities in the sending app
|
-
|
2022-04-15
|
1267748
|
sqlite3_fts3_lpm_fuzzer: Use-of-uninitialized-value in sqlite3VdbeExec
|
-
|
2022-04-15
|
1270593
|
Security: Chrome for Android Delay Navigate then requestFullScreen will Hide Omnibox
|
$7500
|
2022-04-15
|
1271896
|
CrOS: Vulnerability reported in dev-libs/gmp
|
-
|
2022-04-15
|
1275531
|
CrOS: Vulnerability reported in net-wireless/bluez
|
-
|
2022-04-15
|
1275622
|
file_system_manager_mojolpm_fuzzer.exe: Heap-use-after-free in storage::ObfuscatedFileUtil::InitOriginDatabase
|
-
|
2022-04-15
|
1277328
|
Security: heap-use-after-free in ui::AXTree::NotifyNodeWillBeReparentedOrDeleted
|
$7000
|
2022-04-15
|
1279188
|
Security: Elevation of Privileges in chrome installer when removing scoped directory during updates
|
$10000
|
2022-04-15
|
1279531
|
heap-use-after-free in media_router::CastMediaSinkService::StartMdnsDiscovery
|
$7000
|
2022-04-15
|
1282651
|
dawn_wire_server_and_vulkan_backend_fuzzer: Container-overflow in dawn_native::OwnedCompilationMessages::AddMessage
|
-
|
2022-04-15
|
1282782
|
Type Confuse Security DCHECK failed: !node || IsTextControl(*node) text_control_element.h(268)
|
$5000
|
2022-04-15
|
1283090
|
heap-use-after-free : DefaultPrefStore::~DefaultPrefStore
|
-
|
2022-04-15
|
1283371
|
Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles
|
$15000
|
2022-04-15
|
1283805
|
Heap-buffer-overflow in TableView::OnItemsRemoved
|
-
|
2022-04-15
|
1283807
|
Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds
|
-
|
2022-04-15
|
1284367
|
Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails
|
-
|
2022-04-15
|
1284509
|
tint_regex_hlsl_writer_fuzzer: Illegal-instruction in tint::fuzzers::CommonFuzzer::Run
|
-
|
2022-04-15
|
1284742
|
freetype_truetype_fuzzer: Heap-buffer-overflow in tt_face_vary_cvt
|
-
|
2022-04-15
|
1285122
|
v8_inspector_fuzzer: DCHECK failure in IsInvalid(c0_) || base::IsInRange(c0_, 0u, unibrow::Utf16::kMaxNonSurrogateCharC
|
-
|
2022-04-15
|
1249626
|
heap-use-after-free : void exo::wayland::DestroyUserData<exo::wayland::`anonymous namespace'::WaylandPointerStylusDelegate>
|
-
|
2022-04-13
|
1250227
|
SUMMARY: AddressSanitizer: heap-use-after-free web_view_impl.cc:1020 in blink::WebViewImpl::ClosePagePopup
|
$7500
|
2022-04-13
|
1254422
|
Intent selectors allow intents from the web to bypass intent filter requirements
|
-
|
2022-04-13
|
1282224
|
v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register
|
-
|
2022-04-13
|
1282645
|
Container-overflow in content::RenderFrameHostImpl::OnBackForwardCacheDisablingFeatureRemoved
|
-
|
2022-04-13
|
1283042
|
v8_wasm_compile_fuzzer: DCHECK failure in allocated_registers_bits_ == register_state_ ? GetAllocatedRegBitVector(register
|
-
|
2022-04-13
|
1283681
|
Security: UAF in heap-use-after-free inin DevToolsWindow::Show(browser process)
|
$3000
|
2022-04-13
|
1261713
|
Security: Heap-use-after-free in feedback::FeedbackData::SendReport
|
$1000
|
2022-04-12
|
1279368
|
AddressSanitizer: use-after-poison local_frame_view.cc:818 in blink::LocalFrameView::PerformLayout
|
-
|
2022-04-12
|
1283255
|
heap-use-after-free : DownloadItemView::DropdownButtonPressed
|
-
|
2022-04-09
|
1283198
|
Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail
|
-
|
2022-04-07
|
1278960
|
Security: Heap-use-after-free in autofill::EditAddressProfileView::WindowClosing
|
$7000
|
2022-04-05
|
1282272
|
Google Chrome Browser Private key leaks on github
|
-
|
2022-04-03
|
1274323
|
Crash in SkArenaAllocWithReset::reset
|
$6000
|
2022-04-01
|
1268240
|
Security: UaF in AccessibilityUIMessageHandler::Callback
|
$1000
|
2022-03-31
|
1275020
|
SUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState<void (content::StorageNotificationService::*)(url::Origin), UnretainedWrapper<content::StorageNotificationService>
|
$20000
|
2022-03-31
|
1277327
|
Security: heap-use-after-free ui::AXEventRecorder::OnEvent
|
$7000
|
2022-03-31
|
1280456
|
Security: container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop
|
$3000
|
2022-03-31
|
1281881
|
Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase
|
$2000
|
2022-03-31
|
1276331
|
Security: heap-buffer-overflow around blink::mojom::WidgetInputHandlerProxy::DispatchEvent
|
-
|
2022-03-30
|
1281800
|
UAF crash may happen on child_process_launcher_android.cc
|
-
|
2022-03-30
|
1270358
|
Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins
|
$17000
|
2022-03-29
|
1270498
|
heap-buffer-underflow : ash::ScrollableShelfView::GetTargetScreenBoundsOfItemIcon
|
-
|
2022-03-29
|
1278988
|
Security DCHECK failed: IsA<Derived>(from) in blink::LayoutTableSection::AddCell layout_table_section.cc:277
|
-
|
2022-03-29
|
1264196
|
heap-use-after-free : ash::ShelfID::IsNull
|
-
|
2022-03-27
|
1271538
|
v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::compiler::SinglePassRegisterAllocator::AllocateInput
|
-
|
2022-03-27
|
1280822
|
Use-after-poison in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
|
-
|
2022-03-27
|
1274316
|
uaf in rx::vk::CommandBufferHelper::bufferWrite
|
$5000
|
2022-03-24
|
1278180
|
Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
|
$10000
|
2022-03-24
|
1209467
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2022-03-23
|
1231037
|
Security: invalid parsing of HTML by tree_builder_simulator leading to mutation XSS
|
$5000
|
2022-03-23
|
1261790
|
CrOS: Vulnerability reported in sys-libs/ldb
|
-
|
2022-03-23
|
1261791
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2022-03-23
|
1249426
|
heap buffer overflow in BookmarkManagerPrivateDropFunction::RunOnReady
|
$1000
|
2022-03-22
|
1261689
|
Security: scrollTop of ListBox autofill preview discloses sensitive information
|
$4000
|
2022-03-22
|
1272967
|
Security: UAF in P2PSocketTcpServer::DoAccept
|
$5000
|
2022-03-22
|
1276203
|
heap-use-after-free : ash::DeskActivationAnimation::EndSwipeAnimation
|
-
|
2022-03-22
|
1279147
|
Heap-use-after-free in CPDF_AnnotContext::~CPDF_AnnotContext
|
-
|
2022-03-22
|
1279151
|
crash in v8 heap(--js-flags=--experimental-wasm-gc)
|
$5000
|
2022-03-22
|
1279383
|
DCHECK failure in IsAligned(result, kAlignmentInBytes) in zone.cc
|
-
|
2022-03-22
|
1238209
|
container-overflow in blink::UserMediaProcessor::DetermineExistingAudioSessionId
|
$5000
|
2022-03-21
|
1132124
|
Security: SODA is provided a privileged URLLoaderFactory
|
-
|
2022-03-19
|
1272266
|
Security: swiftshader heap-use-after-free in getOffsetPointer
|
$5000
|
2022-03-19
|
1242339
|
CHECK failure: byte_length() <= JSArrayBuffer::kMaxByteLength in objects-debug.cc
|
-
|
2022-03-18
|
1247389
|
Security: Possible to see the user's system environment variables like secrets, tokens or keys
|
$10000
|
2022-03-18
|
1268903
|
Security: Use of uninitialized on-stack pointer in storage::BlobBuilderFromStream
|
-
|
2022-03-18
|
1276850
|
UAF in AutofillPopupControllerImpl::HandleKeyPressEvent
|
$20000
|
2022-03-18
|
1278589
|
Security: Certificate Viewer remotely expoitable with large DSA and RSA-PSS signatures on Linux/ChromeOS (before 98.0.4714.0)
|
-
|
2022-03-18
|
1259557
|
Security: mojo AddBrokerClient can be sent to non-broker nodes (node<->node mitm)
|
-
|
2022-03-17
|
1276715
|
Heap-use-after-free in content::TestRunnerBindings::InvokeV8Callback
|
-
|
2022-03-17
|
1262080
|
Security: heap-buffer-overflow swiftshader Image::copy
|
$5000
|
2022-03-16
|
1262676
|
SUMMARY: AddressSanitizer: access-violation regexp-interpreter.cc:461 in v8::internal::`anonymous namespace'::RawMatch<unsigned char>
|
$5000
|
2022-03-16
|
1263457
|
Security: Interface ID reuse leading to memory corruption in IPC::ChannelAssociatedGroupController
|
-
|
2022-03-16
|
1273537
|
heap-use-after-free : chromeos::AppDownloadingScreenHandler::Bind
|
-
|
2022-03-16
|
1273661
|
Security: webgl global-buffer-overflow in getIncompleteTexture
|
$5000
|
2022-03-16
|
1274248
|
wayland_buffer_fuzzer: Crash in libwayland-server.so.0
|
-
|
2022-03-16
|
1276923
|
Security: Debug Check failed in HAS_WEAK_HEAP_OBJECT_TAG
|
-
|
2022-03-16
|
1272068
|
Security: Wild read with renderbuffers
|
$5000
|
2022-03-13
|
1270095
|
Security: Use after Free in content::AccessibilityEventRecorderWin::AccessibleObjectFromWindowWrapper
|
$1000
|
2022-03-12
|
1274376
|
uaf in chrome_pdf::PdfViewPluginBase::LoadAccessibility
|
$5000
|
2022-03-12
|
1240472
|
Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill
|
$3000
|
2022-03-11
|
1241585
|
Security: Page can use space key input to cause autofill prompt to render under cursor, bypasses mouse movement/designated keyboard input requirements for autofill
|
$1000
|
2022-03-11
|
1267060
|
Chrome_ChromeOS: Crash Report - views::Widget::CloseWithReason via TabStripPageHandler::OnTabGroupChanged
|
$1000
|
2022-03-11
|
1270007
|
Heap-buffer-overflow in int flatbuffers::ReadScalar<int>
|
-
|
2022-03-11
|
1270658
|
Security: use after free in swiftshader
|
$5000
|
2022-03-11
|
1274499
|
Security: [ANGLE] D3D11 : Integer Underflow in ElementsInBuffer results in wild copy
|
$7500
|
2022-03-11
|
1275431
|
code_cache_host_mojolpm_fuzzer: Segv on unknown address in content::GeneratedCodeCache::IssueNextOperation
|
-
|
2022-03-11
|
1275559
|
dcsctp_socket_fuzzer: Use-of-uninitialized-value in crc32c::ExtendSse42
|
-
|
2022-03-11
|
1275892
|
Security: UAF in ScreenCaptureMachineAndroid::OnActivityResult
|
$15000
|
2022-03-11
|
1270014
|
UNKNOWN READ in WelsDec::WelsMarkAsRef
|
-
|
2022-03-10
|
1115460
|
Security: Possible for extension to escape sandbox via Input.dispatchKeyEvent and devtools_page
|
$15000
|
2022-03-09
|
1201032
|
Security: Use-After-Free in SelectFileDialog
|
$25000
|
2022-03-09
|
1252562
|
heap-use-after-free : content::ViewsWidgetVideoCaptureDeviceMac::UIThreadDelegate::OnScopedCGWindowIDMouseMoved
|
-
|
2022-03-09
|
1271747
|
heap-use-after-free : safe_browsing::SafeBrowsingPrimaryAccountTokenFetcher::OnTokenFetched
|
-
|
2022-03-09
|
1272250
|
Security: CSS transform and backface-visibility: hidden allow to render over Chrome UI
|
$1000
|
2022-03-09
|
1273197
|
heap-use-after-free window_dimmer.cc (chromeOS)
|
$7000
|
2022-03-09
|
1273395
|
Container-overflow in blink::DisplayLockContext::DetachDescendantTopLayerElements
|
-
|
2022-03-09
|
1273674
|
uaf in local_card_migration_dialog_view
|
$7500
|
2022-03-09
|
1274061
|
Security: UAF in BluetoothPrefStateObserver
|
-
|
2022-03-09
|
1265806
|
Security: webrtc: out-of-bounds write in audio channel processing
|
$8500
|
2022-03-08
|
1267426
|
Deleting broker decoder in error callback path is risky
|
-
|
2022-03-08
|
1270990
|
Performance API is not consistent for preloaded requests which can be used to leak the size of cross-origin resources
|
$2000
|
2022-03-08
|
1271853
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-03-08
|
1272208
|
Security: heap-use-after-free in the media::AudioManagerBase in the browser process
|
$15000
|
2022-03-08
|
1272403
|
Security: HeapOverflow in PageLoadMetrics
|
$15000
|
2022-03-08
|
1273609
|
heap-use-after-free video_recording_watcher.cc:673:7
|
$10000
|
2022-03-08
|
1274641
|
Security: UaF on DesksBarView::EndDragDesk in desks_bar_view.cc:663:5
|
$7000
|
2022-03-08
|
1260939
|
Security: TFC 2021 loader bug
|
$10000
|
2022-03-07
|
1263417
|
Non-positive-vla-bound-value in blink::CanvasPath::roundRect
|
$1000
|
2022-03-07
|
1267496
|
Security: webgl heap-buffer-overflow LoadCompressedToNative
|
$2000
|
2022-03-07
|
1274322
|
Bad-cast to views::FootnoteContainerView from views::BubbleFrameView in views::BubbleFrameView::ViewHierarchyChanged
|
-
|
2022-03-07
|
1274324
|
Bad-cast to content::RenderWidgetHostViewChildFrame from content::RenderWidgetHostViewBase in content::RenderWidgetHostInputEventRouter::OnRenderWidgetHostViewBaseDestroyed
|
-
|
2022-03-07
|
1274044
|
Bad-cast to void *(unsigned long) in xmlAllocParserInputBuffer
|
-
|
2022-03-06
|
1271835
|
CHECK failure: marking_state_->IsBlackOrGrey(heap_object)
|
-
|
2022-03-04
|
1273001
|
Segv on unknown address in tint::writer::msl::Options::operator=
|
-
|
2022-03-04
|
1273140
|
Security: heap-use-after-free in DevToolsWindow::ActivateWindow
|
-
|
2022-03-04
|
1273176
|
Security: heap-use-after-free in DevToolsWindow::Show
|
-
|
2022-03-04
|
1273593
|
Crash in blink::NGInlineItemsBuilderTemplate<blink::EmptyOffsetMappingBuilder>::AppendTex
|
-
|
2022-03-04
|
1273705
|
CHECK failure: (location_) != nullptr in maybe-handles.h
|
-
|
2022-03-04
|
1177652
|
The destruction timing issue between RenderFrameHostImpl and DedicatedWorkerHost/DedicatedWorkerHostFactoryImpl
|
-
|
2022-03-03
|
1239496
|
Security: Pointer lock can be used to bypass mouse movement/keyboard input requirements for autofill
|
$3000
|
2022-03-03
|
1239760
|
Security: Autofill prompt for a page can render over different origin, allows spoofing of autofill context origin
|
$5000
|
2022-03-03
|
1261415
|
webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in vp9_encode_tiles_row_mt
|
-
|
2022-03-03
|
1268400
|
Security: Heap-use-after-free in ui::EventDispatcher::DispatchEventToEventHandlers()
|
$1000
|
2022-03-03
|
1267791
|
[ozone/wayland]use-after-free in WaylandWindow
|
$10000
|
2022-03-03
|
1272269
|
Security: Heap-use-after-free in ash::sharesheet::SharesheetBubbleViewDelegate::IsBubbleVisible
|
$7000
|
2022-03-03
|
1273344
|
Null-dereference READ in rx::vk::QueryHelper::writeTimestamp
|
-
|
2022-03-03
|
1272180
|
webcodecs_image_decoder_fuzzer: Crash in mv_projection
|
-
|
2022-03-02
|
1115847
|
Security: SameSite policy bypassed with Service Worker FetchEvent
|
-
|
2022-03-01
|
1266510
|
Security: container-overflow in ExtensionsToolbarContainer::SetExtensionIconVisibility
|
$1000
|
2022-03-01
|
1271384
|
Security: Debug check failed: receiver->IsJSReceiver()
|
-
|
2022-03-01
|
1272181
|
Bad-cast to content::ServiceVideoCaptureProvider::ServiceProcessObserver from invalid vptr in base::internal::UnretainedWrapper<content::ServiceVideoCaptureProvider::ServiceP
|
-
|
2022-03-01
|
1113812
|
Security: Linux Kernel shift-out-of-bounds in arch/x86/kvm/vmx/pmu_intel.c:365:45
|
-
|
2022-02-27
|
1117173
|
Security: Possible for extension to escape sandbox via Input.synthesizeTapGesture
|
$10000
|
2022-02-27
|
1269151
|
Security: Extension can automatically start Crostini on log-in
|
-
|
2022-02-27
|
1271456
|
Access violation with --turbo_inline_js_wasm_calls
|
-
|
2022-02-27
|
1272076
|
pdf_formcalc_context_fuzzer: DCHECK failure in marking_support_ != MarkingType::kAtomic in heap.cc
|
-
|
2022-02-27
|
661852
|
CSP form-action checks full URL on redirects
|
-
|
2022-02-24
|
1027592
|
Security: Chrome for ios crash when selecting long message with special characters
|
-
|
2022-02-24
|
1245629
|
heap-use-after-free in OnBrowserSetLastActive
|
$5000
|
2022-02-24
|
1255713
|
Security: UI spoofing using a very long URL
|
$3000
|
2022-02-24
|
1259899
|
heap-use-after-free : blink::RTCVideoEncoder::Impl::EncodeFrameFinished
|
-
|
2022-02-24
|
1267661
|
Security: heap-use-after-free in content::WebContentsObserver::web_contents
|
$15000
|
2022-02-24
|
1267811
|
UAF on nearby_share_contact_downloader_impl.cc
|
$10000
|
2022-02-24
|
1268738
|
V8 debug check failed: new_target->IsConstructor()
|
$5000
|
2022-02-24
|
1269344
|
uaf in content::BroadcastChannelService::ConnectToChannel
|
$20000
|
2022-02-24
|
1270817
|
CHECK failure: IsValidHeapObject(heap_, heap_object) in heap.cc
|
-
|
2022-02-24
|
1270826
|
Crash in v8::internal::MarkCompactCollector::ProcessMarkingWorklist<0>
|
-
|
2022-02-24
|
1230444
|
Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)
|
$1000
|
2022-02-22
|
1262525
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2022-02-22
|
1264705
|
Crash in hsw::lowp::gather_NUMBER
|
-
|
2022-02-22
|
1266688
|
Heap-use-after-free in blink::NGPhysicalFragment::HasSelfPaintingLayer
|
-
|
2022-02-22
|
1269307
|
Security: Use after free in WebApkIconHasher
|
$20000
|
2022-02-22
|
1270356
|
DCHECK failure in !scope_info_.is_null() in scopes.h
|
-
|
2022-02-22
|
1242424
|
Security: History Cached Page of the Lens region search cause url spoof
|
$2000
|
2022-02-21
|
1267514
|
DCHECK failure in !scope_info_.is_null() in scopes.h
|
-
|
2022-02-21
|
1269225
|
Security: Memory corruption in renderer process
|
-
|
2022-02-19
|
1171997
|
heap-use-after-free : UnloadController::ProcessPendingTabs
|
-
|
2022-02-18
|
1265570
|
DCHECK failure in shared_info->HasBytecodeArray() in js-objects.cc
|
-
|
2022-02-18
|
1268682
|
mediasource_MP4_AV1_pipeline_integration_fuzzer: Crash in dav1d_refmvs_load_tmvs
|
-
|
2022-02-18
|
1268759
|
Security: Use After Free AppServiceContextMenu::ExecuteCommand
|
$15000
|
2022-02-18
|
1248289
|
Service worker can use web assembly without unsafe-eval.
|
-
|
2022-02-17
|
1263741
|
Security: libjxl has security bugs
|
-
|
2022-02-17
|
1267627
|
Security: Web Serial - Out of bound read in SerialPortUnderlyingSink::WriteData().
|
$7500
|
2022-02-17
|
1269315
|
DCHECK failure in old_code_pages->size() == new_code_pages->size() + 1 in isolate.cc
|
-
|
2022-02-17
|
1011497
|
Security: Remote debug can be used to access protected profile data (e.g. cookies)
|
-
|
2022-02-16
|
1202970
|
Security: Sanitizer API bypass
|
-
|
2022-02-16
|
1240593
|
Security: heap-use-after-free in blink::NativeIOFile::DoRead
|
-
|
2022-02-16
|
1262953
|
Improper restriction in password saving form, while navigation from one site to another site
|
-
|
2022-02-16
|
1262183
|
Security: heap-use-after-free in storage::BlobURLStoreImpl::Revoke
|
-
|
2022-02-16
|
1264873
|
Security: SOP bypass using drag and drop
|
-
|
2022-02-16
|
1265197
|
XSS from chrome-untrusted://new-tab-page URL parsing
|
$500
|
2022-02-16
|
1267276
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2022-02-16
|
1267624
|
Security: Wild write in angle
|
$5000
|
2022-02-16
|
1268274
|
Security: Storage Foundation read()/write() access DOMArrayBufferView off the heap's thread
|
-
|
2022-02-16
|
1241188
|
Security: "Origin" header incorrectly set for cross-site request via service worker
|
$3000
|
2022-02-15
|
1267027
|
Security: webgl heap-use-after-free in BitSetT
|
$5000
|
2022-02-15
|
1267420
|
CrOS: Vulnerability reported in net-libs/libmicrohttpd
|
-
|
2022-02-15
|
1267424
|
Security: webgl heap-buffer-overflow getDrawSubresourceSerial
|
$5000
|
2022-02-15
|
1241091
|
Security: heap-use-after-free in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread
|
-
|
2022-02-14
|
1254189
|
Primitive type confusion in ia32 AssembleCodePhase
|
$7500
|
2022-02-14
|
1266293
|
Security: heap-use-after-free in BluetoothSerialDeviceEnumerator::OnGotClassicAdapter
|
-
|
2022-02-14
|
1266437
|
Use after free in getSamplerTexture
|
$5000
|
2022-02-14
|
1267674
|
v8_regexp_parser_fuzzer: DCHECK failure in index < length() / kUInt16Size in fixed-array-inl.h
|
-
|
2022-02-14
|
1238631
|
Security: Share dialog on Windows can render over address bar, window controls
|
-
|
2022-02-12
|
1264584
|
heap-use-after-free : location::nearby::chrome::SubmittableExecutor::RunTask
|
-
|
2022-02-12
|
1264988
|
Security: ASan reports wild reads in swiftshader
|
$5000
|
2022-02-12
|
1264703
|
Security: Heap-use-after-free in sharing_hub::SharingHubBubbleController::~SharingHubBubbleController
|
$5000
|
2022-02-11
|
1259170
|
Unsafe uses of uninitialized graphics memory
|
-
|
2022-02-09
|
1264477
|
Security: Site Isolation bypass via NavigationPreloadRequest
|
-
|
2022-02-09
|
1264508
|
v8_regexp_parser_fuzzer: DCHECK failure in r.to() < kMaxUInt16 in regexp-macro-assembler.cc
|
-
|
2022-02-09
|
1168553
|
Security: host root command execution
|
-
|
2022-02-08
|
1260649
|
Leaking size of cross-origin resources by using Range Requests, Service Workers, Fetch API, and the Cache API
|
$2000
|
2022-02-08
|
1260783
|
Use after free in gl::VertexArray::setDependentDirtyBit
|
$5000
|
2022-02-08
|
1262791
|
Security: Type confusion in UnderlyingSinkBase::start
|
$15000
|
2022-02-08
|
1264013
|
Trap in Builtins_CheckTurbofanType
|
-
|
2022-02-08
|
1264282
|
Security: UAF in SharingHub
|
$5000
|
2022-02-08
|
1265275
|
CHECK failure: function_literal_id < script->shared_function_info_count() in objects.cc
|
-
|
2022-02-08
|
1237310
|
Security: Autofill prompt can render over permission prompts after they have opened
|
$3000
|
2022-02-05
|
1248963
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2022-02-05
|
1260858
|
Heap-use-after-free in color input on switching screens (MacOS)
|
$10000
|
2022-02-05
|
1263620
|
Google Chrome MediaStreamTrackGenerator use after free vulnerability (TALOS-2021-1398)
|
$7500
|
2022-02-05
|
1139417
|
arc-setup: ArcMounterImpl::LoopMount() can be raced
|
-
|
2022-02-03
|
1254113
|
heap-use-after-free : crosapi::DriveIntegrationServiceAsh::~DriveIntegrationServiceAsh
|
-
|
2022-02-03
|
1256822
|
Sandbox escape: bypass allow-popups-to-escape-sandbox
|
$2500
|
2022-02-03
|
1259694
|
Contact dialog can be shown over a cross-origin page which might confuse a user into leaking sensitive information to an attacker
|
$1000
|
2022-02-03
|
1262091
|
Security: heap-use-after-free swiftshader getCurrentViewCount
|
$5000
|
2022-02-03
|
1262208
|
Security: Write setgid_resetriction policy files
|
-
|
2022-02-03
|
1248444
|
Guessing the URL a cross-origin iframe was redirected to by listening to the load event
|
$5000
|
2022-02-02
|
1258932
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2022-02-02
|
1263462
|
Security: JSON.stringify leaks TheHole value, leading to RCE
|
-
|
2022-02-02
|
1263486
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2022-02-02
|
1263961
|
Use-of-uninitialized-value in v8::internal::StackGuard::PopInterruptsScope
|
-
|
2022-02-02
|
1264015
|
CHECK failure: push_segment_ implies push_segment_->IsEmpty()
|
-
|
2022-02-02
|
1248438
|
uaf in FileManagerPrivateInternalComputeChecksumFunction::Run
|
$10000
|
2022-02-01
|
1258809
|
Security: UaF in extension management policy parsing
|
-
|
2022-02-01
|
1263327
|
v8_regexp_parser_fuzzer: DCHECK failure in !ranges->is_empty() in regexp-compiler.cc
|
-
|
2022-02-01
|
1260621
|
Security: PDFium Use-After-Free in v8::internal::ArrayBufferExtension::Mark
|
$1000
|
2022-01-31
|
1251567
|
Heap-buffer-overflow in rx::ProgramExecutableVk::updateBuffersDescriptorSet
|
-
|
2022-01-30
|
1261542
|
freetype_cff_ftengine_fuzzer: Use-of-uninitialized-value in ft_mem_free
|
-
|
2022-01-28
|
1261728
|
freetype_type1_render_fuzzer: Use-of-uninitialized-value in T1_Get_MM_Var
|
-
|
2022-01-28
|
1261762
|
freetype_type1_fuzzer: Use-of-uninitialized-value in T1_Set_MM_Design
|
-
|
2022-01-28
|
1262112
|
dawn_wire_server_and_frontend_fuzzer.exe: Heap-use-after-free in dawn_native::AbslFormatConvert
|
-
|
2022-01-28
|
1197889
|
Security: Origin spoof in external protocol dialogs via server-side redirect to external protocol
|
$2000
|
2022-01-27
|
1261343
|
freetype_colrv1_fuzzer: Use-of-uninitialized-value in ft_mem_free
|
-
|
2022-01-27
|
1261450
|
freetype_truetype_fuzzer: Use-of-uninitialized-value in FT_Get_Gasp
|
-
|
2022-01-27
|
1227170
|
Security: Another autocomplete preview text leak
|
$5000
|
2022-01-26
|
1242667
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2022-01-26
|
1248889
|
CSP Violation reports contain blockedURI's hostname
|
$1000
|
2022-01-26
|
1253038
|
Security: negative-size-param in image_editor::ScreenshotFlow::RemoveUIOverlay
|
$5000
|
2022-01-26
|
1253101
|
Security: font side-channel attack against <input> and <textarea> autofill preview discloses sensitive information
|
-
|
2022-01-26
|
1254746
|
SUMMARY: AddressSanitizer: stack-use-after-scope renderer11_utils.cpp:2299 in rx::d3d11::SetDebugName
|
$5000
|
2022-01-26
|
1259022
|
Security: UAF when sending tab to device in android
|
-
|
2022-01-26
|
1260577
|
Security: TianfuCup RCE bug Type confusion in LoadIC::ComputeHandler
|
-
|
2022-01-26
|
1260606
|
gpu_raster_swangle_passthrough_fuzzer: Use-of-uninitialized-value in vk::DescriptorSet::ParseDescriptors
|
-
|
2022-01-26
|
1260690
|
Segv on unknown address in sh::OutputSPIRVTraverser::visitConstantUnion
|
-
|
2022-01-26
|
1260940
|
Security: TFC WebTransport bug
|
-
|
2022-01-26
|
1167028
|
Security: WPA2-Enterprise/EAP Subject Matching Vulnerability
|
$3000
|
2022-01-24
|
1243279
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2022-01-24
|
1249962
|
Security: In-the-wild using intents to redirect to other browsers
|
-
|
2022-01-24
|
1251673
|
Security: Continued AddEventListener GC problems
|
$5000
|
2022-01-24
|
1260189
|
PotentiallyDanglingMarkup() lost when removing fragment identifier
|
-
|
2022-01-24
|
1039885
|
Dangling markup attack through background attribute allows data exfiltration
|
$1000
|
2022-01-22
|
1256885
|
Security: Page.addCompilationCache devtools API could lead to arbitrary machine code execution
|
-
|
2022-01-21
|
1259864
|
Security: heap-use-after-free in ForceSigninVerifier::SendRequestIfNetworkAvailable
|
$10000
|
2022-01-21
|
1259587
|
Security: UAP on creating WebAssembly memories on document reload
|
$7500
|
2022-01-20
|
1258398
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2022-01-19
|
1244289
|
Security: SameSite Cookie Bypass via BackgroundFetch
|
$3000
|
2022-01-18
|
1257891
|
heap-buffer-overflow in WebMediaPlayerMSCompositor::ReplaceCurrentFrameWithACopyInternal()
|
$7500
|
2022-01-18
|
1258603
|
DCHECK failure in function->shared().HasFeedbackMetadata() in js-function.cc
|
-
|
2022-01-18
|
1258663
|
CHECK failure: !field_type.NowStable() || field_type.NowContains(value)
|
-
|
2022-01-18
|
1258839
|
freetype_type1_fuzzer: Heap-buffer-overflow in ps_parser_skip_spaces
|
-
|
2022-01-18
|
1259045
|
freetype_type1_ftengine_fuzzer: Use-of-uninitialized-value in t1_decoder_parse_metrics
|
-
|
2022-01-18
|
1249491
|
use after free in ash::sharesheet::SharesheetBubbleView::CloseBubble
|
$7500
|
2022-01-17
|
1255464
|
Use-after-poison in blink::HTMLSlotElement::DetachLayoutTree
|
-
|
2022-01-16
|
1251073
|
Container-overflow in ash::ScrollableShelfView::ShouldCountActivatedInkDrop
|
-
|
2022-01-15
|
1258235
|
Bad-cast to blink::HTMLSlotElement from blink::HTMLStyleElement in blink::HTMLDetailsElement::ManuallyAssignSlots
|
-
|
2022-01-15
|
906200
|
Security: XSS in chromium-cq-status.appspot.com
|
-
|
2022-01-14
|
1255332
|
UaF in PDF accessibility due to relayout
|
$5000
|
2022-01-14
|
1257254
|
Use-after-poison in mojo::InterfaceEndpointClient::NotifyError
|
-
|
2022-01-14
|
957553
|
Security: Extension messages can indefinitely extend user activation expiry and repeatedly use of it
|
$3000
|
2022-01-13
|
1222498
|
Sanitize CompositorFrame for shared element directives.
|
-
|
2022-01-13
|
1253746
|
Security: WebAudio oob read in AudioDelayDSPKernel::ProcessKRate
|
$2000
|
2022-01-13
|
1255314
|
hb_subset_fuzzer: Crash in BEInt<unsigned short, 2>::operator unsigned short
|
-
|
2022-01-13
|
1237730
|
Security: v8 CHECK Failed IsStruct_NonInline in Torgue Struct-Tq-Inl
|
$5000
|
2022-01-12
|
1249810
|
Security: Use After Free in DevToolsFileHelper::GetFileSystems
|
$10000
|
2022-01-12
|
1250904
|
tint_regex_spv_writer_fuzzer: Crash in LLVMFuzzerCustomMutator
|
-
|
2022-01-12
|
1254656
|
hb_subset_fuzzer: Heap-buffer-overflow in bool OT::OffsetTo<OT::MathGlyphAssembly, OT::IntType<unsigned short, 2u>, true>:
|
-
|
2022-01-12
|
1255152
|
pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc
|
-
|
2022-01-12
|
1255368
|
DCHECK failure in first_const_pool_32_use_ == -1 in assembler-arm.cc
|
-
|
2022-01-12
|
1256835
|
hb_subset_fuzzer: Heap-buffer-overflow in OT::MathValueRecord* hb_serialize_context_t::embed<OT::MathValueRecord>
|
-
|
2022-01-12
|
1236318
|
AddressSanitizer: heap-buffer-overflow mojo::internal::Serializer<BigBufferDataView,BigBufferView>::Serialize
|
$7500
|
2022-01-10
|
1238309
|
Security: Chrome incorrectly interprets newlines in HTTP headers in HTTP/3, allowing for some header splitting possibilities
|
-
|
2022-01-10
|
1247260
|
Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability (TALOS-2021-1372)
|
$7500
|
2022-01-10
|
1254704
|
v8_regexp_parser_fuzzer: Use-of-uninitialized-value in v8::internal::IrregexpInterpreter::Result v8::internal::RawMatch<unsigned char>
|
-
|
2022-01-10
|
1255354
|
CHECK failure: all.IsLive(use) && (use->opcode() == IrOpcode::kIfTrue || use->opcode() == IrOpc
|
-
|
2022-01-10
|
1255330
|
Trap in Builtins_CheckNumberInRange
|
-
|
2022-01-10
|
1252074
|
Security: ChromeOS root command persistence
|
$15000
|
2022-01-08
|
1252878
|
use after poison in blink::Element::DidMoveToNewDocument
|
$10000
|
2022-01-08
|
1254675
|
CHECK failure: thrower->error()
|
-
|
2022-01-08
|
1251664
|
tint_ast_spv_writer_fuzzer: Illegal-instruction in tint::fuzzers::FatalError
|
-
|
2022-01-07
|
1252858
|
Security: mojo OnIntroduce doesn't validate peer node (node<->node mitm)
|
-
|
2022-01-07
|
1254131
|
Security: Crash when closing tab with sending tab to device dialog
|
-
|
2022-01-07
|
1254631
|
Security: Chrome 94 does not correctly set Integrity level of all processes to Untrusted
|
$3000
|
2022-01-07
|
1255123
|
Crash in PreflightLoader::HandleResponseHeader on failed preflight
|
-
|
2022-01-07
|
1252354
|
Security: UAF in IdentityDialogController::ShowIdProviderWindow
|
$25000
|
2022-01-05
|
1251179
|
Security: Fetch leaks information about cross-origin redirects
|
$1000
|
2022-01-05
|
1253399
|
Security: pdfium heap buffer overflow in cfx_dibbase.cpp
|
$7500
|
2022-01-05
|
1253976
|
DCHECK failure in \\' == current() in regexp-parser.cc
|
-
|
2022-01-05
|
1254396
|
Segv on unknown address in device::PlatformSensorFusion::Factory::SensorCreated
|
-
|
2022-01-05
|
1241860
|
SUMMARY: AddressSanitizer: heap-use-after-free Runtime.cpp:439 in v8_inspector::protocol::Runtime::Frontend::exceptionThrown
|
$5000
|
2022-01-04
|
1252148
|
Security: Arbitrary bind mount
|
-
|
2022-01-04
|
1252620
|
Heap-use-after-free in v8::internal::TurboAssemblerBase::set_root_array_available
|
-
|
2022-01-03
|
1253041
|
DCHECK failure in header->IsMarked() in pointer-policies.cc
|
-
|
2022-01-02
|
1245578
|
Security: heap-use-after-free in PPAPIDownloadRequest::AllowlistCheckComplete
|
$20000
|
2022-01-01
|
1252634
|
pdf_formcalc_context_fuzzer: DCHECK failure in header->IsMarked() in pointer-policies.cc
|
-
|
2022-01-01
|
1252729
|
tint_all_transforms_fuzzer: Use-of-uninitialized-value in tint_all_transforms_fuzzer.cc
|
-
|
2022-01-01
|
1252795
|
tint_vertex_pulling_fuzzer: Use-of-uninitialized-value in tint::fuzzers::DataBuilder::string
|
-
|
2022-01-01
|
1252942
|
tint_wgsl_reader_msl_writer_fuzzer: Use-of-uninitialized-value in tint::writer::msl::Sanitize
|
-
|
2022-01-01
|