1418223
|
pdf_formcalc_context_fuzzer: Segv on unknown address in Builtins_InterpreterPushArgsThenCall
|
-
|
2023-06-04
|
1418706
|
v8_wasm_code_fuzzer: DCHECK failure in opcode >> 8 == kGCPrefix in function-body-decoder-impl.h
|
-
|
2023-06-03
|
1412658
|
Security: stack-buffer-overflow in crashpad
|
$3000
|
2023-06-02
|
1418078
|
Vulnerability reported in /third_party/libxml
|
-
|
2023-06-02
|
1418508
|
blink_storage_key_fuzzer: Trap in NotImplemented
|
-
|
2023-06-02
|
1418621
|
DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h
|
-
|
2023-06-02
|
1285604
|
Side-channel attack can deanonymize users (potential risk to journalists and activists) "Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses"
|
-
|
2023-06-01
|
1404279
|
DCHECK failure in code == topmost_ implies safe_to_deopt_ in deoptimizer.cc
|
-
|
2023-05-31
|
1414278
|
UAF in aura::Window
|
$1000
|
2023-05-31
|
1414581
|
Security: Heap-use-after-free in ash::WizardController::HandleAccelerator
|
$1000
|
2023-05-31
|
1414975
|
Security: Document PIP origin spoof
|
$3000
|
2023-05-31
|
1415008
|
Security: Possible UAF in PinManager::NotifyDelete
|
$1000
|
2023-05-31
|
1417122
|
Security: UAF in PlatformAuthNavigationThrottle::FetchHeadersCallback
|
$38000
|
2023-05-31
|
1417185
|
Security: heap-buffer-overflow in base::SampleVectorBase::MoveSingleSampleToCounts
|
-
|
2023-05-31
|
1417389
|
[Security] V8 Debug check failed: OFFSET_OF(Isolate, string_stream_current_security_token_) == strin
|
$7000
|
2023-05-31
|
1412487
|
Security: Type confusion in v8 value serializer
|
$10000
|
2023-05-30
|
1413539
|
Heap-use-after-free in ui::Layer::OnDeviceScaleFactorChanged
|
-
|
2023-05-30
|
1414224
|
heap-use-after-free : TemplateURLService::CreateSyncDataFromTemplateURL
|
-
|
2023-05-30
|
1415328
|
Security: heap-buffer-overflow in base::debug::ActivityUserData::ActivityUserData
|
-
|
2023-05-30
|
1416785
|
base_activity_analyzer_fuzzer: Heap-buffer-overflow in base::debug::ThreadActivityTracker::IsValid
|
-
|
2023-05-30
|
1416921
|
base_activity_analyzer_fuzzer: Use-of-uninitialized-value in base::debug::GlobalActivityAnalyzer::PrepareAllAnalyzers
|
-
|
2023-05-30
|
1417089
|
Security: Heap-use-after-free in PasswordAutofillManager::DidAcceptSuggestion
|
$42000
|
2023-05-30
|
1417353
|
Security: Debug check failed: 0 != new_nodes_.count(value) (0 vs. 0).
|
-
|
2023-05-30
|
1417380
|
DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h
|
-
|
2023-05-30
|
1417412
|
DCHECK failure in 0 != new_nodes_.count(value) in maglev-graph-builder.h
|
-
|
2023-05-30
|
1417463
|
DCHECK failure in ValidOpInputRep(graph, left(), input_rep) in operations.h
|
-
|
2023-05-30
|
1417585
|
Map deprecation racing with concurrent compilation can break invariant
|
-
|
2023-05-30
|
1417908
|
v8_wasm_fuzzer: Global-buffer-overflow in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::NoValidationTag
|
-
|
2023-05-30
|
1415366
|
UAF in permissions::PermissionRequest::request_type
|
$41000
|
2023-05-29
|
1381812
|
sql_recovery_fuzzer: Use-of-uninitialized-value in sql::recover::LeafPayloadReader::ReadPayload
|
-
|
2023-05-28
|
1415371
|
crashpad_process_snapshot_intermediate_dump_fuzzer: Heap-buffer-overflow in crashpad::internal::ExceptionSnapshotIOSIntermediateDump::InitializeFromMachExce
|
-
|
2023-05-28
|
1416828
|
Heap-use-after-free in ui::Layer::OnDeviceScaleFactorChanged
|
-
|
2023-05-28
|
1411210
|
Security: [swiftshader] heap-use-after-free on vk::Query::start
|
$15000
|
2023-05-27
|
1417317
|
heap-buffer-overflow in base::PersistentHistogramAllocator::GetHistogram
|
-
|
2023-05-27
|
1417370
|
Use-after-poison in v8::internal::maglev::MaxCallDepthProcessor::ConservativeFrameSize
|
-
|
2023-05-27
|
1417386
|
DCHECK failure in new_properties.can_eager_deopt() implies properties().can_eager_deopt() in magle
|
-
|
2023-05-27
|
1341430
|
Security: Page can obtain autofill data with two consecutive taps with minimal user awareness, bypasses issue 1240472 and issue 1279268 fixes
|
$3000
|
2023-05-26
|
1394736
|
Security:UAF in content::SyntheticMouseDriver::DispatchEvent(browser process)
|
$2000
|
2023-05-26
|
1402533
|
heap-use-after-free : base::ScopedObservation<ash::WindowState, ash::WindowStateObserver>::Reset
|
-
|
2023-05-26
|
1412343
|
v8 oob read in turboshaft::Graph::IncrementInputUses
|
$7000
|
2023-05-26
|
1413628
|
Security: use-after-poison rtp_contributing_source_cache.cc:215 in blink::RtpContributingSourceCache::ClearCache
|
$4000
|
2023-05-26
|
1414146
|
DCHECK failure in !detail::is_float_special_value(min) in types.h
|
-
|
2023-05-26
|
1414201
|
DCHECK failure in IsFloat64() in types.h
|
-
|
2023-05-26
|
1414255
|
DCHECK failure in min <= max in type-inference-reducer.h
|
-
|
2023-05-26
|
1415158
|
flac_audio_handler_fuzzer: Heap-buffer-overflow in media::FlacAudioHandler::WriteCallbackInternal
|
-
|
2023-05-26
|
1415249
|
DCHECK failure in !receiver->IsAccessCheckNeeded() || lookup->name()->IsPrivate() in ic.cc
|
-
|
2023-05-26
|
1416146
|
flac_audio_handler_fuzzer: Trap in std::Cr::__libcpp_verbose_abort
|
-
|
2023-05-26
|
1416695
|
DCHECK failure in !detail::is_float_special_value(max) in types.h
|
-
|
2023-05-26
|
1413618
|
Security: Bug 1238631 regression (Share dialog on Windows can render over address bar, window controls)
|
$1000
|
2023-05-23
|
1414511
|
Security: ChromeOS root privilege escalation (mount-passthrough-jailed)
|
$31000
|
2023-05-23
|
1414738
|
Security: UAF in AppFinder::OnGetAppDescriptions
|
$31000
|
2023-05-23
|
1400589
|
Buffer overflow in the rndis_wlan driver for Linux kernel
|
$20000
|
2023-05-22
|
1413945
|
Security: Security DCHECK failed: IsA<Derived>(from) blink::LayoutMultiColumnFlowThread::ComputeSize layout_multi_column_flow_thread.cc:1666
|
$8000
|
2023-05-22
|
1413842
|
flac_audio_handler_fuzzer: Global-buffer-overflow in media::AudioFifo::Consume
|
-
|
2023-05-20
|
1414788
|
Bad-cast to unsigned int (const void *) in FcHashTableFind
|
-
|
2023-05-20
|
1401560
|
Security: UAF in drm_gem_object_release_handle2
|
$1000
|
2023-05-19
|
1413005
|
Security: A UAF in WebRTC
|
$2000
|
2023-05-19
|
1413600
|
Segv on unknown address in blink::LayoutObjectChildList::Trace
|
-
|
2023-05-19
|
1409761
|
Security: Race Condition Double Free in i915_gem_set_tiling_ioctl
|
$20000
|
2023-05-17
|
1410942
|
heap-use-after-free : nearby::connections::`anonymous namespace'::IncomingStreamInternalPayload::Close
|
-
|
2023-05-17
|
1412020
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2023-05-17
|
1412629
|
type mismatch with turboshaft,1 vs NaN
|
$7000
|
2023-05-17
|
1413194
|
Segv on unknown address in v8::internal::StackFrame::ComputeType
|
-
|
2023-05-17
|
1413533
|
DCHECK failure in iterator_.next_bytecode() == interpreter::Bytecode::kJumpIfUndefined in maglev-g
|
-
|
2023-05-17
|
1413584
|
safe_browsing_dmg_fuzzer: Trap in std::Cr::__libcpp_verbose_abort
|
-
|
2023-05-17
|
1413651
|
DCHECK failure in main-thread handle can only be created on the main thread in handles-inl.h
|
-
|
2023-05-17
|
1293640
|
Security: Linux Kernel i915 Linear Out-Of-Bound read and write access
|
-
|
2023-05-15
|
1412643
|
DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in scavenger.cc
|
-
|
2023-05-15
|
1412940
|
v8_wasm_compile_fuzzer: DCHECK failure in !SlotInterference(target.stack_state[i], base::VectorOf(cache_state_.stack_state
|
-
|
2023-05-15
|
1410766
|
heap-buffer-overflow in aom_yv12_copy_v_c
|
$10000
|
2023-05-14
|
1045681
|
Security: Extension fingerprinting by detecting fetched resources
|
$1000
|
2023-05-13
|
1382969
|
Security: heap-use-after-free in observer_list.h triggered via Notes/Annotation feature
|
$1000
|
2023-05-13
|
1398638
|
Security: UAF in drm_gem_shmem_vm_close
|
-
|
2023-05-13
|
1399742
|
stack use after return in gpu::raster::(anonymous namespace)::OnReadYUVImagePixelsDone
|
$10000
|
2023-05-13
|
1401562
|
Security: UAF in drm_gem_object_release_handle3
|
$21000
|
2023-05-13
|
1401595
|
Security: Race Condition UAF in i915_gem_context_getparam_ioctl
|
$21000
|
2023-05-13
|
1406429
|
v8 oobr on an obj
|
$7000
|
2023-05-13
|
1411558
|
Segv on unknown address in v8::internal::TracedHandlesImpl::Create
|
$9000
|
2023-05-13
|
1411656
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-05-13
|
1412023
|
boringssl_conf_fuzzer: Use-of-uninitialized-value in ASN1_template_free
|
-
|
2023-05-13
|
1412233
|
boringssl_conf_fuzzer: Heap-use-after-free in sk_num
|
-
|
2023-05-13
|
1412236
|
pdfium_fuzzer: Heap-use-after-free in CPDF_PageImageCache::StartGetCachedBitmap
|
-
|
2023-05-13
|
1412309
|
Use-after-poison in cppgc::internal::ConservativeTracingVisitor::TraceConservativelyIfNeeded
|
-
|
2023-05-13
|
1412352
|
boringssl_conf_fuzzer: Heap-use-after-free in sk_num
|
-
|
2023-05-13
|
878351
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-05-10
|
1350740
|
Security: access-violation on unknown address 0x12dfa490bbaa in dawn::native::TextureBase::TextureBase(browser process)
|
$5000
|
2023-05-10
|
1354505
|
Security: Hide real extension of file by many white spaces via suggestedName parameter - showSaveFilePicker
|
$1000
|
2023-05-10
|
1394272
|
Security: stack-use-after-scope in dawn::native::CommandEncoder::BeginRenderPass
|
$10000
|
2023-05-10
|
1403515
|
Heap Buffer Overflow in AudioWorkletProcessor::ClonePortTopology
|
$7000
|
2023-05-10
|
1407595
|
DCHECK failure in !object.InSharedHeap() in code-inl.h
|
-
|
2023-05-10
|
1407701
|
UAF in blink::VideoFrameSubmitter::OnContextLost
|
$3000
|
2023-05-10
|
1410970
|
Security: SEGV_ACCERR in Maglev
|
$7000
|
2023-05-10
|
1411076
|
DCHECK failure in old_.bytes_ >= bytes in array-buffer-sweeper.cc
|
-
|
2023-05-10
|
1411153
|
Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_))
|
$7000
|
2023-05-10
|
1411533
|
Crash in ProbeMemory
|
-
|
2023-05-10
|
1412001
|
Security: Potential security bug in JSCallReducer::ReduceDataViewAccess
|
-
|
2023-05-10
|
1350329
|
Security: UAFin CreateMdnsResponder
|
$2000
|
2023-05-09
|
1406588
|
Security: Heap-buffer-overflowREAD 1 in g_utf8_substring
|
-
|
2023-05-09
|
1407095
|
Debug check failed: !MarkCompactCollector::IsOnEvacuationCandidate(target).
|
-
|
2023-05-09
|
1407955
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
$9000
|
2023-05-09
|
1409217
|
CrOS: Vulnerability reported in net-fs/samba
|
-
|
2023-05-09
|
1411113
|
DCHECK failure in collector == GarbageCollector::MINOR_MARK_COMPACTOR implies !pretenuring_handler
|
-
|
2023-05-09
|
1401594
|
Security: Race Condition UAF in i915_gem_context_create_ioctl
|
$21000
|
2023-05-06
|
1258363
|
URL Spoof after crash
|
$1000
|
2023-05-05
|
1365100
|
Security: Bypass iframe sandbox on Android via intent:// URLs (possibly due to intent:// url popups not inheriting sandbox)
|
$3000
|
2023-05-05
|
1404621
|
Security: Incognito Mode-specific external protocol prompts can be overlaid on other origins on Android.
|
$1000
|
2023-05-05
|
1406032
|
RendererAppContainer overwrites PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY mitigation
|
-
|
2023-05-05
|
1406162
|
v8 crash in maglev::UseMarkingProcessor::MarkUse with maglev compiler
|
$7000
|
2023-05-05
|
1407101
|
Security: Debug check failed: result->owner() == owner (<unprintable> vs. <unprintable>).
|
-
|
2023-05-05
|
1407342
|
Security: Debug check failed: begin.valid().
|
$7000
|
2023-05-05
|
1407360
|
Security: Debug check failed: entry->Is<InitialValue>().
|
-
|
2023-05-05
|
1407477
|
Security: unreachable code in deoptimizer/translated-state.cc
|
-
|
2023-05-05
|
1408354
|
Security: Debug check failed: pred_reverse_index != -1 (-1 vs. -1)
|
$7000
|
2023-05-05
|
837495
|
Security: Heap Buffer Overflow found in stream_decoder.c of libFLAC used by chromium
|
-
|
2023-05-03
|
1299235
|
gpu_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init
|
-
|
2023-05-03
|
1311885
|
Security: heap-use-after-free ash/host/ash_window_tree_host_unified.cc
|
$2000
|
2023-05-03
|
1409785
|
DCHECK failure in code->IsBytecodeArray(cage_base) || code->GetCode().kind() == CodeKind::BASELINE
|
-
|
2023-05-03
|
1410126
|
Crash in ProbeMemory
|
-
|
2023-05-03
|
1337747
|
v8_inspector_fuzzer: Use-of-uninitialized-value in v8_crdtp::cbor::CBOREncoder::HandleInt32
|
-
|
2023-05-02
|
1348791
|
Security: heap-use-after-free ash/drag_drop/drag_drop_controller.cc (Lacros)
|
$3000
|
2023-05-02
|
1408392
|
TALOS-2023-1693 - Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability
|
-
|
2023-05-02
|
1408993
|
Security: Security DCHECK failed: IsA<Derived>(from) blink::`anonymous namespace'::CalcToNumericValue:css_numeric_value.cc:162
|
$8000
|
2023-05-02
|
1409171
|
heap-use-after-free : PrefService::RemovePrefObserver via ash::input_method::NativeInputMethodEngineObserver::~NativeInputMethodEngineObserver()
|
-
|
2023-05-02
|
1409210
|
DCHECK failure in !object.InSharedHeap() in code-inl.h
|
-
|
2023-05-02
|
1409650
|
Security: SwiftShader binaries are included in the following Dockerfile by just pulling them from a bucket
|
$2000
|
2023-05-02
|
1394659
|
DCHECK failure in code->IsCode(cage_base) implies code->kind(cage_base) == CodeKind::BASELINE in p
|
-
|
2023-05-01
|
1408957
|
Crash in ProbeMemory
|
-
|
2023-05-01
|
1409225
|
DCHECK failure in receiver == lookup_start_object in maglev-graph-builder.cc
|
-
|
2023-05-01
|
1407045
|
rtp_packet_fuzzer: Use-of-uninitialized-value in webrtc::ReadLeb128
|
-
|
2023-04-30
|
1406034
|
memory corruption in blink::ReadableStreamDefaultControllerWithScriptScope::Enqueue
|
$3000
|
2023-04-29
|
1274887
|
Security: Autofill suggestion covers URL bar on Android
|
-
|
2023-04-28
|
1346924
|
Security: ResourceTiming entries are not generated for responses with 204, 205 status codes when loaded in a iframe
|
$2000
|
2023-04-28
|
1398579
|
Security: Android - Bypass the Protection of input fields cache (Autofill)
|
$5000
|
2023-04-28
|
1403573
|
oob in RTCStatsCollector::ProduceTransportStats_n
|
$2000
|
2023-04-28
|
1406265
|
UAP in blink::WebGPUSwapBufferProvider::DiscardCurrentSwapBuffer(with --enable-unsafe-webgpu)
|
$7000
|
2023-04-28
|
1408467
|
Crash in blink::HTMLFastPathParser<unsigned char>::ParseAttributes
|
$4000
|
2023-04-28
|
1257537
|
CrOS: Vulnerabilities reported in net-misc/curl
|
-
|
2023-04-27
|
1341541
|
Security: Bypass(1301873)Chrome for Android Hide Custom Fullscreen Toast View with Repeated delayed Enter Fullscreen Request
|
$4000
|
2023-04-27
|
1386011
|
UAF in MerchantViewerDataManager
|
$1000
|
2023-04-27
|
1407571
|
[TF::OptimizationBug] After optimization, running the "poc.js" yields segmentation fault
|
$7000
|
2023-04-27
|
1048852
|
Security: Leak of user's local IP address via unenforced Cross Site Origin policy and leak of networking timing
|
-
|
2023-04-27
|
1404822
|
FedCM privacy_policy_url and terms_of_service_url accepts arbitrary URL
|
-
|
2023-04-26
|
1405123
|
Google Chrome Console WebUI Heap-Overflow Vulnerability
|
$2000
|
2023-04-26
|
1406115
|
Out of bounds array access in SyncPointManager::GetSyncPointClientState()
|
-
|
2023-04-26
|
1407930
|
DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-intern
|
-
|
2023-04-26
|
1408337
|
v8_wasm_code_fuzzer: DCHECK failure in base::IsInBounds<uintptr_t>(offset, access_size, env_->module->max_memory_size)
|
-
|
2023-04-26
|
1382477
|
Security: Fenced frames: can use focus to communicate across the fenced frame boundary
|
-
|
2023-04-25
|
1405574
|
type confusion in chrome
|
$1000
|
2023-04-25
|
1407606
|
Crash in Builtins_Construct_WithFeedback
|
-
|
2023-04-25
|
1404230
|
Security: (Android) PWA Install prompt can be overlaid over other origins.
|
$2000
|
2023-04-24
|
1406203
|
DCHECK failure in clients_head_ == shared_heap_isolate_ in safepoint.cc
|
-
|
2023-04-24
|
1406729
|
Security: Debug check failed: old_entry.IsRegularEntry() in v8
|
$8000
|
2023-04-24
|
1400037
|
Security: UAF in VIRTGPU_RESOURCE_CREATE and VIRTGPU_RESOURCE_CREATE_BLOB
|
$21000
|
2023-04-23
|
1401666
|
Security: sideload APKs on ChromeOS without enabling developer mode nor ADB
|
$3000
|
2023-04-22
|
1405107
|
Security: UAF in KAnonymityServiceSqlStorage::InitializeOnDbSequence
|
-
|
2023-04-22
|
1405568
|
Security: Race Condition Double Free in adreno_set_param
|
$21000
|
2023-04-22
|
1406041
|
Browser crashes when right clicking on input text
|
-
|
2023-04-22
|
1407363
|
Heap-use-after-free in blink::CharacterData::ContainsOnlyWhitespaceOrEmpty
|
-
|
2023-04-22
|
1404864
|
Security: Integer overflows in CountPages
|
$11000
|
2023-04-21
|
1405256
|
UAF in blink::RTCPeerConnectionHandler::OnIceCandidate
|
$3000
|
2023-04-21
|
1406727
|
Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)).
|
-
|
2023-04-21
|
1406760
|
template_url_parser_fuzzer: Heap-buffer-overflow in xmlParseTryOrFinish
|
-
|
2023-04-21
|
1361204
|
Security: heap-buffer-overflow components/ui_devtools/ui_element.cc:112:5
|
$2000
|
2023-04-20
|
1364115
|
Security: UAF in device_is_authenticating
|
$500
|
2023-04-20
|
1382971
|
Chrome_ChromeOS: Crash Report - content::RenderFrameHostImpl::CreateURLLoaderNetworkObserver
|
-
|
2023-04-20
|
1400841
|
Security: UAF in GuestViewBase::StopTrackingEmbedderZoomLevel
|
$7000
|
2023-04-20
|
1401765
|
Page background behind semi-transparent canvas leak content from other pages
|
-
|
2023-04-20
|
1402920
|
DCHECK failure in !value->IsShared() in objects.cc
|
-
|
2023-04-20
|
1403539
|
Security: PaymentRequest dialog selects an accept button by default
|
$5000
|
2023-04-20
|
1403910
|
Security: Debug check failed: IsJSObject().
|
-
|
2023-04-20
|
1404052
|
Security: Debug check failed: ReadOnlyHeap::Contains(object) || heap_->Contains(object)
|
$7000
|
2023-04-20
|
1404128
|
Security: [maglev] Debug check failed: last_position.IsKnown()
|
-
|
2023-04-20
|
1404704
|
V8 type confusion of object as v8::Function in CallMethodOnFrame
|
$1000
|
2023-04-20
|
1376011
|
heap-use-after-free : lens::LensSidePanelController::~LensSidePanelController
|
-
|
2023-04-18
|
1385343
|
Security: Extension with <all_urls> permission can read arbitrary local files although (Allow access to file URLs) is disabled
|
$10000
|
2023-04-18
|
1400522
|
Security: heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode
|
$8000
|
2023-04-18
|
1402921
|
Crash in Builtins_ConstructProxy
|
-
|
2023-04-18
|
1403129
|
Security: Fatal error in ../../src/heap/mark-compact.cc
|
$7000
|
2023-04-18
|
1404079
|
Security: segmentation fault in ResizableArrayBuffer in v8
|
$8000
|
2023-04-18
|
1404123
|
DCHECK failure in Shared heap must not have clients at teardown. The first isolate that is created
|
-
|
2023-04-18
|
1405324
|
CHECK failure: !v8::internal::v8_flags.enable_slow_asserts || (!MarkCompactCollector::IsOnEvacu
|
-
|
2023-04-18
|
1394852
|
Heap-use-after-free in v8::Isolate::IsInUse
|
-
|
2023-04-17
|
1401525
|
CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)
|
-
|
2023-04-17
|
1404652
|
Crash in v8::internal::SamplingEventsProcessor::Run
|
-
|
2023-04-17
|
1405157
|
Heap-use-after-free in v8::Isolate::IsInUse
|
-
|
2023-04-17
|
1405707
|
DCHECK failure in current_code_reachable_and_ok_ == this->ok() && control_.back().reachable() in f
|
-
|
2023-04-17
|
1404986
|
Security DCHECK failure: IsA<Derived>(from) in casting.h
|
-
|
2023-04-15
|
1405110
|
Security: Heap-use-after-free in KAnonymityServiceSqlStorage::WaitUntilReady
|
-
|
2023-04-15
|
1398989
|
Security: ChromeOS On halt/reboot root file overwrite
|
$20000
|
2023-04-14
|
1404639
|
V8 type confusion of Undefined as v8::Function in ServiceWorkerGlobalScope::FetchHandlerType
|
$7500
|
2023-04-14
|
1376354
|
UAF in network::WebTransport::TearDown
|
$16000
|
2023-04-13
|
1395354
|
Security:UAF in content::SyntheticPointerAction::ForwardTouchOrMouseInputEvents(browser process)
|
$7000
|
2023-04-13
|
1400809
|
DCHECK failure in _is_listening_to_code_events == IsListeningToCodeEvents() in code-events.h
|
-
|
2023-04-13
|
1402113
|
Security: UAF in policy::DlpCopyOrMoveHookDelegate::RequestCopyAccess
|
$7000
|
2023-04-13
|
1403531
|
UAF in AsyncCompileJob::Abort
|
$10000
|
2023-04-13
|
1405150
|
DCHECK failure in element_size == 2 || element_size == 4 in maglev-ir-x64.cc
|
-
|
2023-04-13
|
1372356
|
Flaky uninitialized memory in SkChromeRemoteGlyphCache
|
-
|
2023-04-12
|
1400113
|
Security: Race Condition UAF in panfrost_ioctl_create_bo
|
$20000
|
2023-04-12
|
1401965
|
Security: Container-overflow in SavedTabGroupModel::RemoveTabFromGroup
|
$2000
|
2023-04-12
|
1403546
|
CHECK failure: !v8::internal::v8_flags.enable_slow_asserts || (IsSeqString_NonInline(*this)) in
|
-
|
2023-04-12
|
1403574
|
register assign error with jit
|
$7000
|
2023-04-12
|
1381857
|
Security: ChromiumOS CRAS Server D-Bus SetGlobalOutputChannelRemix heap-over-flow
|
$13000
|
2023-04-11
|
1404299
|
flexfec_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RtpPacket::ParseBuffer
|
-
|
2023-04-11
|
1403099
|
DCHECK failure in !was_told_to_yield_ in default-job.h
|
-
|
2023-04-10
|
1404232
|
Heap-use-after-free in base::internal::CrashImmediatelyOnUseAfterFree
|
-
|
2023-04-08
|
1401933
|
Heap-use-after-free in content::RendererCancellationThrottle::NavigationCancellationWindowEnded
|
-
|
2023-04-07
|
1320701
|
CrOS: Vulnerability reported in sys-libs/ncurses
|
-
|
2023-04-06
|
1403397
|
flexfec_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RtpPacket::ParseBuffer
|
-
|
2023-04-06
|
1402000
|
Security: heap-buffer-overflow in HidDeviceManager::GetApiDevicesFromList
|
$2000
|
2023-04-05
|
1403168
|
Security: Heap-use-after-free in ExtensionViewHost::OnDidStopFirstLoad
|
$4000
|
2023-04-05
|
1401995
|
Crash in content::GetDocumentUserData
|
-
|
2023-03-31
|
1402660
|
DCHECK failure in ((chunk->slot_set<OLD_TO_OLD, AccessMode::ATOMIC>())) == nullptr in mark-compact
|
-
|
2023-03-31
|
1403399
|
DCHECK failure in is_loadable() in maglev-ir.h
|
-
|
2023-03-31
|
1160485
|
Security: Access to camera with clickjacking and popup window
|
$2000
|
2023-03-30
|
1385982
|
Security: Escape the page sandbox to the Chromium debugger via Chrome headless snapshots
|
$2000
|
2023-03-30
|
1398992
|
Security: ChromeOS potential crosvm command execution via virgl_render_server (unexploitable)
|
$1000
|
2023-03-30
|
1400048
|
Security: Debug check failed: string->InSharedHeap() in v8
|
$8000
|
2023-03-30
|
1402270
|
Debug check failed: value.IsForeign().
|
$7000
|
2023-03-30
|
1042963
|
Security: bypass of CSP validator to run remote code in extensions
|
$3000
|
2023-03-28
|
1395027
|
Heap-use-after-free in blink::AXObject::ComputeIsInertViaStyle
|
-
|
2023-03-28
|
1401996
|
CHECK failure: !control->Is<JumpLoop>() in maglev-regalloc.cc
|
-
|
2023-03-28
|
1402139
|
CHECK failure: is_backed_by_rab == typed_array->is_backed_by_rab() in value-serializer.cc
|
-
|
2023-03-28
|
1398987
|
Security: ChromeOS debugd denial of service/service restart
|
-
|
2023-03-27
|
1400257
|
Use-of-uninitialized-value in v8::sampler::SamplerManager::DoSample
|
-
|
2023-03-27
|
1401582
|
2 vulnerabilities reported in /third_party/libxml
|
-
|
2023-03-27
|
1402011
|
CHECK failure: non_atomic_marking_state()->IsWhite(obj) in mark-compact.cc
|
-
|
2023-03-27
|
1402012
|
Segv on unknown address in v8::internal::Heap::ExternalStringTable::TearDown
|
-
|
2023-03-27
|
1402057
|
CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc
|
-
|
2023-03-27
|
1383708
|
Heap-buffer-overflow in Fill32BppDestStorageWithPalette
|
-
|
2023-03-26
|
1396730
|
Use-after-poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents
|
$9000
|
2023-03-25
|
1401295
|
DCHECK failure in this->is_prototype_map() in map-inl.h
|
-
|
2023-03-25
|
1401571
|
Vulnerability reported in /third_party/dav1d
|
-
|
2023-03-25
|
1401574
|
2 vulnerabilities reported in /third_party/libxml
|
-
|
2023-03-25
|
813542
|
Security: Web sites can open privileged pages via remote debugging server (CSRF)
|
$3000
|
2023-03-24
|
1399331
|
Crash in v8::internal::MemoryAllocator::LookupChunkContainingAddress
|
-
|
2023-03-24
|
1400176
|
GetEntriesWithChildFrames exposes top-level same origin iframes to cross-origin ones
|
-
|
2023-03-24
|
1401528
|
DCHECK failure in entry.IsRegularEntry() in external-pointer-table-inl.h
|
-
|
2023-03-24
|
1394968
|
DCHECK failure in Shared heap must not have clients at teardown. The first isolate that is created
|
-
|
2023-03-23
|
1400730
|
Use-of-uninitialized-value in v8::internal::MarkingBarrier::Write
|
-
|
2023-03-23
|
1401069
|
CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc
|
-
|
2023-03-23
|
1401077
|
DCHECK failure in ReadOnlyHeap::Contains(obj) || heap()->Contains(obj) in mark-compact-inl.h
|
-
|
2023-03-23
|
1401078
|
CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)
|
-
|
2023-03-23
|
1401180
|
DCHECK failure in !heap_->always_allocate() in incremental-marking.cc
|
-
|
2023-03-23
|
1401181
|
CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k
|
-
|
2023-03-23
|
1401183
|
CHECK failure: IsValidHeapObject(heap_, heap_object) in heap-verifier.cc
|
-
|
2023-03-23
|
1401336
|
CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k
|
-
|
2023-03-23
|
1401337
|
CHECK failure: IsValidHeapObject(heap_, heap_object) in heap-verifier.cc
|
-
|
2023-03-23
|
1361294
|
CrOS: Vulnerability reported in net-wireless/bluez
|
-
|
2023-03-22
|
1386095
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-03-22
|
1394279
|
DCHECK failure in code == topmost_ implies safe_to_deopt_ in deoptimizer.cc
|
-
|
2023-03-22
|
1394408
|
Security: Debug check failed: enum_length == map->NumberOfEnumerableProperties()
|
$11000
|
2023-03-22
|
1394973
|
Fatal error in Bytecode mismatch at offset 2 in interpreter.cc
|
-
|
2023-03-22
|
1395604
|
Abrt in v8::internal::abort_with_reason
|
-
|
2023-03-22
|
1397348
|
memory corruption in v8
|
$7000
|
2023-03-22
|
1398994
|
Security: ChromeOS CrosDisks mount-zip fuse argument injection
|
$1000
|
2023-03-22
|
1399379
|
DCHECK failure in ThreadId::Current() == thread_id() in isolate.cc
|
-
|
2023-03-22
|
1399424
|
v8_wasm_fuzzer: Crash in v8::internal::Simulator::WriteW
|
-
|
2023-03-22
|
1399511
|
Security: UAF in MojoQueryQuotaIpcz
|
$30000
|
2023-03-22
|
1399799
|
CHECK failure: !destination.IsDetachedOrOutOfBounds() in elements.cc
|
-
|
2023-03-22
|
1399805
|
Crash in Builtins_PromiseRejectReactionJob
|
-
|
2023-03-22
|
1399904
|
Security: Container Overflow in UDPSocket::OnLeaveGroupCompleted
|
$10000
|
2023-03-22
|
1400054
|
Bad-cast to mojo::core::ipcz_driver::ObjectBase from ipcz::ParcelWrapper in mojo::core::ipcz_driver::Object<mojo::core::ipcz_driver::DataPipe>::FromHandle
|
-
|
2023-03-22
|
1400062
|
CrOS: Vulnerability reported in net-misc/curl
|
-
|
2023-03-22
|
1400431
|
v8_serialized_script_value_fuzzer: Heap-buffer-overflow in v8::internal::ValueDeserializer::ReadJSArrayBuffer
|
-
|
2023-03-22
|
1400549
|
DCHECK failure in frame->is_unoptimized() in frames.h
|
-
|
2023-03-22
|
1400551
|
DCHECK failure in pred_reverse_index != -1 in graph.h
|
-
|
2023-03-22
|
1400810
|
DCHECK failure in 0 < level_ in mutex.h
|
-
|
2023-03-22
|
1400051
|
Security: Debug check failed: Shared heap must not have clients at teardown, leading to SEGV_ACCERR
|
$8000
|
2023-03-19
|
1385941
|
DCHECK failure in !initializing_store && property_details_.constness() == PropertyConstness::kCons
|
-
|
2023-03-18
|
1393499
|
Security: UAF in drm_gem_object_release_handle
|
$2000
|
2023-03-18
|
1395029
|
CrOS: Vulnerability reported in dev-libs/libxml2
|
-
|
2023-03-18
|
1399080
|
Security: libtiff CVE vulnerabilities in Chromium 106.0.5249.103
|
$500
|
2023-03-18
|
1399328
|
Crash in v8::internal::BasicMemoryChunk::area_start
|
-
|
2023-03-18
|
1399330
|
CHECK failure: untyped_->count(slot.address()) > 0
|
-
|
2023-03-18
|
1399488
|
Crash in v8::internal::LookupIterator::Start<0>
|
-
|
2023-03-18
|
1399489
|
CHECK failure: index < size()
|
-
|
2023-03-18
|
1399491
|
Crash in void v8::internal::MarkingVisitorBase<v8::internal::ConcurrentMarkingVisitor, v8
|
-
|
2023-03-18
|
1399696
|
CHECK failure: value__value.IsJSReceiver() || value__value.IsSmi() || value__value.IsHeapNumber
|
-
|
2023-03-18
|
866311
|
Security: Google Update for Windows allows arbitrary file creation when logs are enabled
|
$5000
|
2023-03-16
|
1083278
|
Security: DNS Cache Poisoning through resource exhaustion in Chrome.
|
$5000
|
2023-03-16
|
1357366
|
Sandbox bypass "allow-downloads"
|
$3000
|
2023-03-16
|
1384737
|
AppCommands: perhaps deprecate older command format
|
-
|
2023-03-16
|
1393547
|
DCHECK failure in IsInRegister(target_state, incoming) in maglev-regalloc.cc
|
-
|
2023-03-16
|
1395603
|
DCHECK failure in !value->allocation().IsConstant() in maglev-assembler-x64-inl.h
|
-
|
2023-03-16
|
1395718
|
Security: UAF in HandleExpandedPaths
|
$31000
|
2023-03-16
|
1399332
|
DCHECK failure in heap()->non_atomic_marking_state()->IsWhite(target) in scavenger-inl.h
|
-
|
2023-03-16
|
1399377
|
CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)
|
-
|
2023-03-16
|
1378233
|
CrOS: Vulnerability reported in dev-libs/libtasn1
|
-
|
2023-03-15
|
1396254
|
Security: CVE-2022-3970 was fixed in libtiff and published but not propagated to Pdfium yet
|
$1000
|
2023-03-15
|
1057218
|
Security: Implement Resource Isolation with Random Restricted SIDs
|
-
|
2023-03-14
|
1392661
|
Security: heap-use-after-free drop_target_event.cc:28 in ui::DropTargetEvent::DropTargetEvent
|
$5000
|
2023-03-14
|
1395542
|
Security: heap-use-after-free third_party/swiftshader/src/WSI/VkSwapchainKHR.cpp:43:13
|
$2000
|
2023-03-14
|
1396222
|
Security: Fatal error in ../../src/heap/sweeper.cc
|
$7000
|
2023-03-14
|
1396338
|
Crash in v8::internal::HeapObject::SizeFromMap
|
-
|
2023-03-14
|
1396339
|
CHECK failure: marking_state_->IsBlack(heap_object) in mark-compact.cc
|
-
|
2023-03-14
|
1396341
|
Use-of-uninitialized-value in v8::internal::MarkingBarrier::Write
|
-
|
2023-03-14
|
1396342
|
DCHECK failure in handle & ~kVisitedHandleMarker == index << kExternalPointerIndexShift in externa
|
-
|
2023-03-14
|
1396344
|
DCHECK failure in page->area_size() >= static_cast<size_t>(marking_state_->live_bytes(page)) in sw
|
-
|
2023-03-14
|
1018214
|
Security: Updated Google Password. One of my Chrome OS machines still takes the old password though after over a week
|
$1000
|
2023-03-13
|
1384403
|
DCHECK failure in GetCurrentStackPosition() >= stack_guard()->real_climit() - 8 * KB in isolate.cc
|
-
|
2023-03-13
|
1394741
|
DCHECK failure in isolate()->thread_id() == ThreadId::Current() in heap.cc
|
-
|
2023-03-13
|
1395117
|
Crash in v8::internal::JsonParser<unsigned char>::ParseJson
|
-
|
2023-03-13
|
1395237
|
Heap-use-after-free in v8::internal::NodeBase<v8::internal::GlobalHandles::Node>::index
|
-
|
2023-03-13
|
1395520
|
CHECK failure: untyped_->count(slot.address()) > 0
|
-
|
2023-03-13
|
1395737
|
DCHECK failure in LocationOperand::cast(source)->IsCompatible( LocationOperand::cast(destination))
|
-
|
2023-03-13
|
1371859
|
stack-use-after-return in gpu::gles2::ProgramInfoManager::Program::UpdateES2
|
$3000
|
2023-03-12
|
1383991
|
blink::MediaInspectorContextImpl::CullPlayers
|
$7000
|
2023-03-12
|
1395311
|
CHECK failure: !base::IsInRange(slot.address(), start, end + 1) in remembered-set.h
|
-
|
2023-03-12
|
840716
|
Unicode Line Terminators Can Cause UI Manipulation and Browser Crashes
|
-
|
2023-03-10
|
1385831
|
UAF in CartService
|
$2500
|
2023-03-10
|
1392721
|
Security: heap-use-after-free on chromeOS using PhoneHub + Screensharing
|
$2000
|
2023-03-10
|
1393384
|
webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in av1_get_one_pass_rt_params
|
-
|
2023-03-10
|
1393564
|
Security: UAF in content::NavigationRequest::SetViewTransitionState in browser process
|
$20000
|
2023-03-10
|
1394382
|
Chromium: Vulnerability reported in third_party/libxml
|
-
|
2023-03-10
|
1395183
|
Crash in v8::internal::SpaceWithLinearArea::InvokeAllocationObservers
|
-
|
2023-03-10
|
1395186
|
Chromium: Vulnerability reported in third_party/libxml
|
-
|
2023-03-10
|
1395240
|
Crash in Builtins_JSEntryTrampoline
|
-
|
2023-03-10
|
1349146
|
Security: Source maps support for file:// URLs gives devtools_page extensions local file access
|
$5000
|
2023-03-09
|
1365366
|
Security: [maglev] VisitSwitchOnGeneratorState function JumpTableTargetOffsets can be 0
|
$7000
|
2023-03-09
|
1380645
|
Security: Use After Free in PasswordsPrivateDelegateImpl::OsReauthTimeoutCall,
|
$1000
|
2023-03-09
|
1382484
|
Security: Chrome on Android Keyboard Able to Overlap Fullscreen Notification Toast
|
$7500
|
2023-03-09
|
1392588
|
Security: Security DCHECK failed: IsA<Derived>(from) blink::CSSPrimitiveValue::ConvertToLength
|
$8000
|
2023-03-09
|
1393728
|
Security: stack-use-after-scope in dawn::native::d3d12::ShaderModule::Compile
|
$10000
|
2023-03-09
|
1393732
|
Security: Download notification can hide "Press and hold Esc to exit full screen"
|
$3000
|
2023-03-09
|
1393865
|
Turbofan-Optimization Bug: "Check failed: IsBigInt()"
|
$7000
|
2023-03-09
|
1394692
|
UAF in OnSyncMessageEventReady
|
$6000
|
2023-03-09
|
1384516
|
gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize
|
-
|
2023-03-08
|
1385368
|
Security: Debug check failed: s->IsFlat().
|
$7000
|
2023-03-08
|
1393227
|
Security: dcheck failed in object.InSharedHeap
|
$7000
|
2023-03-08
|
1393270
|
Crash in v8::internal::IsPrimitiveHeapObject_NonInline
|
-
|
2023-03-08
|
1393733
|
CHECK failure: InstructionBlockAt(predecessor_id)->IsDeferred() in instruction.cc
|
-
|
2023-03-08
|
1393940
|
CHECK failure: is_int8(disp) in assembler-x64.cc
|
-
|
2023-03-08
|
1394036
|
CHECK failure: !control->Is<JumpLoop>() in maglev-regalloc.cc
|
-
|
2023-03-08
|
1394403
|
Security: [0-day] FeedbackCell issue leading to type confusion
|
-
|
2023-03-08
|
1246736
|
Security: Imagination PowerVR DRM Driver Integer overflow vulnerabilities on MTK platform Chromebook
|
$20000
|
2023-03-07
|
1350386
|
Security: UAF in ArcInputOverlayManager::ReadDefaultData
|
-
|
2023-03-07
|
1356760
|
Reject hidden name-only cookie prefixes
|
-
|
2023-03-07
|
1370562
|
uaf in ui::PropertyHandler::GetPropertyInternal(with )
|
$2000
|
2023-03-07
|
1375131
|
Security: Unknown crash with READ of size 8 when access the chrome://gpu with WebGPU enabled
|
-
|
2023-03-07
|
1380602
|
Security: heap-use-after-free ui/views/view.cc:1921:7 in views::View::HandleAccessibleAction
|
$2000
|
2023-03-07
|
1383442
|
Security: UAF IN video_capture::VideoSourceImpl::OnClientDisconnected() services/video_capture/video_source_impl.cc:88:14
|
$16000
|
2023-03-07
|
1386120
|
Security: Pdfium heap-buffer-overflow in RgbByteOrderTransferBitmap()
|
-
|
2023-03-07
|
1386122
|
Security: heap-buffer-overflow in CFX_DIBBase::SwapXY()
|
-
|
2023-03-07
|
1386123
|
Security: Pdfium heap-buffer-overflow in RgbByteOrderTransferBitmap()
|
-
|
2023-03-07
|
1386124
|
Security: Pdfium heap-buffer-overflow in CPDF_RenderStatus::LoadSMask()
|
-
|
2023-03-07
|
1392061
|
Security: Debug check failed: IsPrimitiveMap()
|
$10000
|
2023-03-07
|
1393097
|
mhtml_parser_fuzzer: Heap-buffer-overflow in modp_b64_decode
|
-
|
2023-03-07
|
1393177
|
Security: WebGPU UAF in Dawn Memory Transfer Service
|
-
|
2023-03-07
|
1392755
|
DCHECK failure in isolate()->thread_id() == ThreadId::Current() in heap.cc
|
-
|
2023-03-06
|
1392934
|
v8_wasm_async_fuzzer: DCHECK failure in has_index() in value-type.h
|
-
|
2023-03-06
|
1393468
|
gpu_swangle_passthrough_fuzzer: Segv on unknown address in __tls_get_addr
|
-
|
2023-03-05
|
1393375
|
Security: Read OOB due to resizing underline typed array buffer
|
-
|
2023-03-03
|
1393464
|
DCHECK failure in handle & ~kVisitedHandleMarker == index << kExternalPointerIndexShift in externa
|
-
|
2023-03-03
|
1381871
|
UAF in blink::WidgetBase::BeginMainFrame(base::TimeTicks)
|
$1500
|
2023-03-02
|
1382761
|
UAF in search::(anonymous namespace)::NewTabURLDetails::ForProfile(Profile*)
|
$3000
|
2023-03-02
|
1386249
|
Security: Unretained() can be used for objects on the Oilpan heap
|
$3000
|
2023-03-02
|
1386667
|
Negative-size-param in ipcz::BlockAllocator::InitializeRegion
|
-
|
2023-03-02
|
1392585
|
Crash in Builtins_ConstructProxy
|
-
|
2023-03-02
|
1392865
|
CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k
|
-
|
2023-03-02
|
1392936
|
DCHECK failure in receiver_mode_ != ConvertReceiverMode::kNullOrUndefined in maglev-graph-builder.
|
-
|
2023-03-02
|
1392953
|
Optimization bug in TurboShaft::MachineOptimizationReducer::ReduceSignedDiv
|
$10000
|
2023-03-02
|
1316301
|
DCHECK failure at blink::WebFrameWidgetImpl::DragTargetDragEnter
|
$1500
|
2023-03-01
|
1382033
|
Security: heap-buffer-overflow in network::ThrottlingNetworkInterceptor::UpdateThrottledRecords
|
$2000
|
2023-03-01
|
1385709
|
UAF in CartHandler
|
$2500
|
2023-03-01
|
1386121
|
Security: Pdfium heap-buffer-overflow in CFX_BitmapComposer::ComposeScanlineV()
|
-
|
2023-03-01
|
1392577
|
Security: Debug Check end <= typed_aray->GetLength()
|
-
|
2023-03-01
|
1392589
|
substring_set_matcher_fuzzer: Crash in base::SubstringSetMatcher::AhoCorasickNode::SetEdge
|
-
|
2023-03-01
|
1392715
|
Security: heap-buffer-overflow in gpu::gles2::Texture::SetLevelCleared
|
-
|
2023-03-01
|
1385691
|
Security: global-buffer-overflow css_property.cc:27 in blink::CSSProperty::Get
|
$7000
|
2023-02-28
|
1385717
|
Security: Debug check failed: slot < sentinel_ in UpdateUntypedOldToSharedPointers
|
$8000
|
2023-02-28
|
1386647
|
tint_regex_msl_writer_fuzzer.exe: Illegal-instruction in tint::Program::Program
|
-
|
2023-02-28
|
1386129
|
substring_set_matcher_fuzzer: Heap-buffer-overflow in base::SubstringSetMatcher::AhoCorasickNode::SetEdge
|
-
|
2023-02-27
|
1386287
|
DCHECK failure in result.valid() in optimization-phase.h
|
-
|
2023-02-27
|
1387883
|
DCHECK failure in bytecode_offset >= kFunctionEntryBytecodeOffset in factory.cc
|
-
|
2023-02-27
|
1388938
|
v8_wasm_streaming_fuzzer: DCHECK failure in sub_module->has_type(sub_index) in wasm-subtyping.cc
|
-
|
2023-02-27
|
1386649
|
audio_encoder_isac_float_fuzzer.exe: Stack-buffer-overflow in webrtc::AudioEncoderIsacT<webrtc::IsacFloat>::EncodeImpl
|
-
|
2023-02-26
|
1360743
|
Security: heap-use-after-free in the Metal features in the GPU process
|
$1000
|
2023-02-25
|
1369205
|
Tests are failing: Verify that the placeholder <canvas> associated with an OffscreenCanvas tainted with cross-origin content cannot be read once commit has propagated...
|
-
|
2023-02-25
|
1382074
|
ui_x11_cursor_loader_fuzzer: Heap-buffer-overflow in ui::ParseCursorFile
|
-
|
2023-02-25
|
1383203
|
DCHECK failure in input_count <= std::numeric_limits<decltype(this->input_count)>::max() in operat
|
-
|
2023-02-25
|
1384847
|
Revisit configurations for CoInitializeSecurity calls
|
-
|
2023-02-25
|
1385673
|
DCHECK failure in IsJSFunction() in heap-refs.cc
|
-
|
2023-02-25
|
1385935
|
DCHECK failure in page->area_size() >= static_cast<size_t>(marking_state_->live_bytes(page)) in sw
|
-
|
2023-02-25
|
1379359
|
MTLDeviceProxy does not properly copy NSStrings
|
-
|
2023-02-23
|
1155961
|
wildcard entry with runtime_blocked_hosts in ExtensionSettings policy is not enforced correctly
|
-
|
2023-02-22
|
1339079
|
Security: GPU process continues running even if we fail to initialize the sandbox
|
-
|
2023-02-22
|
1378564
|
Use-after-free in Mojo ChannelMac::SendMessageLocked
|
$30000
|
2023-02-22
|
1381849
|
Memory corruption in PresentationRequest
|
$8500
|
2023-02-22
|
1383755
|
tint_ast_clone_fuzzer: Heap-use-after-free in tint::utils::HashmapBase<tint::sem::Type const*, tint::Source const*, 8ul, tint:
|
-
|
2023-02-22
|
1383976
|
DCHECK failure in !initializing_store && property_details_.constness() == PropertyConstness::kCons
|
-
|
2023-02-22
|
1384318
|
DCHECK failure in value->Is<Int32Constant>() || value->Is<StringLength>() || value->Is<BuiltinStri
|
-
|
2023-02-22
|
1384408
|
Crash in v8::internal::Invoke
|
-
|
2023-02-22
|
1384411
|
Crash in Builtins_StringSubstring
|
-
|
2023-02-22
|
1384474
|
DCHECK failure in count <= destination.GetLength() in elements.cc
|
-
|
2023-02-22
|
1384513
|
Stack-use-after-return in blink::NGConstraintSpaceBuilder::NGConstraintSpaceBuilder
|
-
|
2023-02-22
|
1384765
|
Check return from AddAllowedAce in ServiceMain::InitializeComSecurity
|
-
|
2023-02-22
|
1384796
|
Maybe use PROCESS_QUERY_LIMITED_INFORMATION in LegacyProcessLauncherImpl::LaunchCmdElevated
|
-
|
2023-02-22
|
1385291
|
DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h
|
-
|
2023-02-22
|
1385305
|
Segv on unknown address in Builtins_InterpreterEntryTrampoline
|
-
|
2023-02-22
|
1238642
|
Security: Refcount overflow in RefCountedThreadSafeBase
|
$1000
|
2023-02-21
|
1368230
|
Security: SameSite cookie bypass on Android by redirecting to to intent-picker
|
$5000
|
2023-02-21
|
1378357
|
Security: Avast aswJsFlt.dll 18.0.1479.0 exposes vulnerable pipe endpoint to renderers
|
-
|
2023-02-21
|
1382363
|
UAF in AppIconReader
|
$2000
|
2023-02-21
|
1382581
|
Security: UAF in validation_message_overlay_delegate
|
$7000
|
2023-02-21
|
1383204
|
Trap in Builtins_CheckTurbofanType
|
-
|
2023-02-21
|
1383422
|
Security: Heap-buffer-overflow in CommerceHintAgent::DidFinishLoadCallback
|
$2500
|
2023-02-21
|
1383791
|
Security: UAF in lens::LensStaticPageController::LoadChromeLens
|
$4000
|
2023-02-21
|
1384520
|
Crash in Builtins_StringEqual
|
-
|
2023-02-21
|
1371215
|
Security: Forced user interaction for permission prompts by freezing the browser
|
$3000
|
2023-02-20
|
1379860
|
DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h
|
-
|
2023-02-20
|
1381763
|
CrOS: Vulnerability reported in x11-libs/pixman
|
-
|
2023-02-20
|
1372019
|
Security: ClientNativePixmapFactory implementations are probably not validating enough and should use checked math
|
-
|
2023-02-18
|
1344756
|
Security: Heap-use-after-free in ReadAnythingCoordinator::CreateAndRegisterEntry
|
$4000
|
2023-02-17
|
1381094
|
Security: UAF in DlpScopedFileAccessDelegate::OnResponse
|
-
|
2023-02-17
|
1381217
|
Security: Bypass 1342722, sourceMappingURL directive allows use of UNC paths on Windows
|
$5000
|
2023-02-17
|
1382652
|
Security: global-buffer-overflow in ash::default_user_image::GetRandomDefaultImageIndex()
|
-
|
2023-02-17
|
1382816
|
v8_wasm_code_fuzzer: DCHECK failure in opcode >> 8 == kNumericPrefix in function-body-decoder-impl.h
|
-
|
2023-02-17
|
1382993
|
Security: UAF in content::RenderFrameDevToolsAgentHost::RenderProcessExited
|
$31000
|
2023-02-17
|
1383362
|
DCHECK failure in type == MachineType::Int32() || type == MachineType::Uint32() || type.representa
|
-
|
2023-02-17
|
1383367
|
DCHECK failure in value->Is<Int32Constant>() || value->Is<StringLength>() || value->Is<BuiltinStri
|
-
|
2023-02-17
|
1383369
|
Crash in v8::internal::maglev::GetInputLocationsArraySize
|
-
|
2023-02-17
|
1383374
|
Crash in Builtins_ConstructProxy
|
-
|
2023-02-17
|
1375021
|
uaf in FederatedAuthRequestImpl
|
$10000
|
2023-02-16
|
1376995
|
uaf in FederatedAuthRequestimpl
|
$10000
|
2023-02-16
|
1377165
|
Reading local files through an extension that only has the "downloads" permission
|
$5000
|
2023-02-16
|
1380860
|
gl_lpm_fuzzer: Use-of-uninitialized-value in wsi_unsupported_instance_extension
|
-
|
2023-02-16
|
1382369
|
UAF in ScreenAIService
|
$2500
|
2023-02-16
|
1382434
|
Security: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess
|
-
|
2023-02-16
|
1382690
|
UAF in ScreenAIServiceRouter
|
$5000
|
2023-02-16
|
1377783
|
Security: heap-use-after-free in StreamFactory::DestroyMuter
|
-
|
2023-02-15
|
1378601
|
webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in aom_variance64x64_avx2
|
-
|
2023-02-15
|
1381335
|
Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)).
|
$11000
|
2023-02-15
|
1381401
|
Security: UAF in VideoCaptureDeviceWin
|
$11000
|
2023-02-15
|
1358647
|
Security: Bypass the Protection of input fields cache (Autofill) 1108181
|
$5000
|
2023-02-14
|
1367632
|
Security: Extension sanitization bypass by using %%
|
$2000
|
2023-02-14
|
1376099
|
Security: Design flaw in Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple UAFs
|
-
|
2023-02-14
|
1379242
|
UAF in ExtensionInstalledWaiter
|
$2000
|
2023-02-14
|
1380751
|
CrOS: Vulnerability reported in net-vpn/strongswan
|
-
|
2023-02-14
|
1382423
|
Trap in Builtins_CheckTurbofanType
|
-
|
2023-02-14
|
1358505
|
Security: V8: Missing TurboFan bounds check on DataView when buffer is resizable
|
-
|
2023-02-13
|
1365053
|
CHECK failure: result.failed() implies v8_flags.wasm_lazy_validation in module-compiler.cc
|
-
|
2023-02-13
|
1379579
|
Security: heap-use-after-free browser\renderer_host\render_process_host_impl.cc:2068 in content::RenderProcessHostImpl::CreateNotificationService
|
$8000
|
2023-02-13
|
1381330
|
v8_wasm_async_fuzzer: DCHECK failure in opcode >> 8 == kAtomicPrefix in function-body-decoder-impl.h
|
-
|
2023-02-13
|
1381663
|
Crash in v8::internal::maglev::InterpreterFrameState::get
|
-
|
2023-02-13
|
1381665
|
DCHECK failure in count() > 0 in maglev-graph-builder.h
|
-
|
2023-02-13
|
1326788
|
Security: Lackluster "File System Access API" block-list provides full disk read/write access
|
$1000
|
2023-02-10
|
1359122
|
Security: SOP bypass leaks navigation history of iframe from other subdomain if location changed to about:blank
|
$2000
|
2023-02-10
|
1372457
|
Possible vulnerability in crosvm: Invalid check for Virtio descriptors
|
-
|
2023-02-10
|
1378457
|
Security: UAF in PasswordAutofillManager::OnBiometricReauthCompleted
|
$7000
|
2023-02-10
|
1378813
|
extension_file_highlighter_fuzzer: Trap in std::Cr::__libcpp_verbose_abort
|
-
|
2023-02-10
|
1378997
|
Security: FileChooserImpl still traverse symlink in symlink to directory
|
$3000
|
2023-02-10
|
1380398
|
Crash in Builtins_StringEqual
|
-
|
2023-02-10
|
1380498
|
v8_wasm_code_fuzzer: DCHECK failure in a == b in liftoff-assembler.cc
|
-
|
2023-02-10
|
956979
|
Mixed content can be bypassed by sandboxed pages
|
$1000
|
2023-02-09
|
1359678
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-02-09
|
1377610
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-02-09
|
1377790
|
Security: CSA_DCHECK failed: Torque assert 'remainingElementsCount >= 0' failed in v8
|
-
|
2023-02-09
|
1379740
|
Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc
|
-
|
2023-02-09
|
1380478
|
Security: clang-analyzer-cplusplus.NewDelete in third_party/pdfium/core/fpdfapi/parser/cpdf_object_walker.cpp
|
-
|
2023-02-09
|
1352445
|
Security: heap-use-after-free in password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode
|
-
|
2023-02-08
|
1356987
|
Security: External notifications from external apps (such as Telegram) can block Android fullscreen notification. (Testes on latest Chrome stable)
|
$2000
|
2023-02-08
|
1375132
|
Security: Android: Bluetooth and USB chooser dialogs do not use top-level origin with permission delegation
|
$3000
|
2023-02-08
|
1378456
|
Security: UAF in PasswordAutofillManager::DidAcceptSuggestion
|
-
|
2023-02-08
|
1378814
|
DCHECK failure in properties().can_eager_deopt() in maglev-ir.h
|
-
|
2023-02-08
|
1378916
|
Security: local IP address disclosure using WebRTC candidate foundation
|
-
|
2023-02-08
|
1379054
|
Security: Promise.any.call leak hole, leading to RCE
|
$15000
|
2023-02-08
|
1379201
|
Security: Stack-buffer-overflow in WebGL vulkan backend
|
$11000
|
2023-02-08
|
1379364
|
DCHECK failure in IsImmAddSub(frame_size) in liftoff-assembler-arm64.h
|
-
|
2023-02-08
|
1379468
|
DCHECK failure in 0 != new_nodes_.count(value) in maglev-graph-builder.h
|
-
|
2023-02-08
|
1379831
|
Security: stack-buffer-overflow in mojo::core::ipcz_driver::ObjectBase::PeekBox(browser process)
|
-
|
2023-02-08
|
1379864
|
DCHECK failure in new_target->IsConstructor() in js-objects.cc
|
-
|
2023-02-08
|
1380313
|
Use-after-poison in blink::CSSSelector::SelectorListOrParent
|
$12000
|
2023-02-08
|
1370028
|
Security: Chrome on Android the Fullscreen Notification Toast Not shown when fullscreen (screen lock mode landscape)
|
$5000
|
2023-02-06
|
1374995
|
Trap in Builtins_CheckTurbofanType
|
-
|
2023-02-03
|
1375073
|
DCHECK failure in constructor->IsNull(isolate) in runtime-classes.cc
|
-
|
2023-02-03
|
1378571
|
Security: UAF in MultiplexEncoderFactory
|
$11000
|
2023-02-03
|
1345045
|
CSP Bypass (Old Issue)
|
$3000
|
2023-02-02
|
1371844
|
Security: UAF in PluginVmInstaller::DetectImageType
|
$1000
|
2023-02-02
|
1374746
|
CHECK failure: proto.map().oddball_type() == OddballType::kNull in compilation-dependencies.cc
|
-
|
2023-02-02
|
1377775
|
Crash in Builtins_StringIndexOf
|
-
|
2023-02-02
|
1377816
|
Security: WebAssembly UAF in catch block with stale memory start pointer
|
$21000
|
2023-02-02
|
1377840
|
Security: Incorrect rab flags setting leads to type confusion in V8
|
-
|
2023-02-02
|
1378286
|
Security: Heap-use-after-free in InstallablePaymentAppCrawler::OnPaymentMethodManifestParsed
|
$39000
|
2023-02-02
|
1378287
|
Security: Heap-use-after-free in ChromeAutofillClient::DidFinishNavigation
|
-
|
2023-02-02
|
1378323
|
compositor_frame_fuzzer: Global-buffer-overflow in gfx::Transform::RotateAboutZAxis
|
-
|
2023-02-02
|
1365877
|
Security: Esc doesn't exit fullscreen in Crostini apps
|
-
|
2023-02-01
|
1374294
|
Security: access-violation src\v8\src\api\api.cc:5809 in v8::String::WriteOneByte
|
$5000
|
2023-02-01
|
1378437
|
Crash in Builtins_Construct_WithFeedback
|
-
|
2023-02-01
|
1378494
|
Crash in Builtins_StringSubstring
|
-
|
2023-02-01
|
1378495
|
Crash in Builtins_InterpreterEntryTrampoline
|
-
|
2023-02-01
|
1340924
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1343339
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1344118
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1344821
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1346256
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1346675
|
Security: UTF chartorune heap-buffer-overflow crash
|
$8000
|
2023-01-31
|
1361911
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1362225
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1362331
|
Generic CORS bypass that enables Cross-Site-Tracing (XST)
|
$1000
|
2023-01-31
|
1363579
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1366771
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1367617
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1368560
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1369956
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1370293
|
CrOS: Vulnerability reported in app-editors/vim
|
-
|
2023-01-31
|
1372757
|
Security: Heap-use-after-free in ash::OverviewItem::ShowWindowInOverview
|
$1500
|
2023-01-31
|
1378168
|
Use-of-uninitialized-value in v8::internal::compiler::BranchElimination::SimplifyBranchCondition
|
-
|
2023-01-31
|
1368739
|
Security: FencedFrame - Two way communication between embedder and frame
|
$6000
|
2023-01-30
|
1251790
|
Security: Top-level redirect from cross-origin iframe by setting `Content-Security-Policy: sandbox allow-top-navigation`
|
$5000
|
2023-01-28
|
1375059
|
Multiple checks fail, cross process crash, maybe race condition & use-after-free in video_encoder.cc
|
$7000
|
2023-01-28
|
1303597
|
Heap-use-after-free in blink::BoxPainterBase::PaintFillLayer
|
$10000
|
2023-01-27
|
1342072
|
Security: Presentation API dialog unexpectedly shows top-level origin when called by cross-origin iframe without explicit allow-presentation delegation
|
$7500
|
2023-01-27
|
1361066
|
Security: OOB write on Lacros
|
$2000
|
2023-01-27
|
1365945
|
Security: UAF in ash::network_diagnostics::DnsResolutionRoutine::CreateHostResolver() (browser process)
|
$3000
|
2023-01-27
|
1376856
|
Crash in Builtins_Construct_WithFeedback
|
-
|
2023-01-27
|
1376930
|
CHECK failure: BigIntNegate of kRepTaggedPointer (BigInt) cannot be changed to kRepTaggedPointe
|
-
|
2023-01-27
|
1377250
|
UaF in PRM observerlist after browser change (confirmation chip)
|
-
|
2023-01-27
|
985740
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2023-01-25
|
1372746
|
Security: Heap-use-after-free in ash::ScopedOverviewHideWindows::~ScopedOverviewHideWindows
|
$2000
|
2023-01-25
|
1373941
|
Security: heap-use-after-free in ProfileDestroyer::DestroyProfileNow
|
$2000
|
2023-01-25
|
1374513
|
Security: Bypass powerwash using factory_install_reset file
|
-
|
2023-01-25
|
1375088
|
Security: UAF in webgpu\gpu.cc in blink::`anonymous namespace'::CreateContextProviderOnMainThread
|
$8000
|
2023-01-25
|
1376067
|
Heap-buffer-overflow in blink::CSSParserImpl::ConsumeStyleRule
|
-
|
2023-01-25
|
1355718
|
Security: UAF in hci_cmd_timeout
|
$15000
|
2023-01-24
|
1367547
|
Security: Heap-use-after-free in autofill::AutofillContextMenuManager::ExecuteCommand
|
$5000
|
2023-01-24
|
1370393
|
Container-overflow in ui::Layer::OnDeviceScaleFactorChanged
|
-
|
2023-01-24
|
1374341
|
Heap-buffer-overflow in blink::GetCrossOriginAttributeValue
|
-
|
2023-01-24
|
1375932
|
DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-string
|
-
|
2023-01-24
|
1376069
|
Crash in v8::internal::Runtime_StringCharCodeAt
|
-
|
2023-01-24
|
1370502
|
Security: Double free in setup_cb_free
|
-
|
2023-01-23
|
1372665
|
Security: UAF in MyFilesSizeCalculator::ComputeLocalFilesSize,
|
-
|
2023-01-23
|
1372695
|
Security: heap-use-after-free third_party\blink\renderer\core\workers\worker_thread.cc:905 in blink::WorkerThread::PauseOrFreezeOnWorkerThread
|
$7000
|
2023-01-23
|
1329374
|
Security: heap-buffer-overflow on ash/shelf/shelf_view.cc (chromeOS)
|
-
|
2023-01-21
|
1368587
|
Security: heap-use-after-free on aura::WindowOcclusionTracker::MaybeObserveAnimatedWindow
|
$1000
|
2023-01-21
|
1374226
|
Illegal-instruction in blink::NGTableSectionLayoutAlgorithm::Layout
|
-
|
2023-01-21
|
1374535
|
DCHECK failure in imm.index < num_locals() in function-body-decoder-impl.h
|
-
|
2023-01-21
|
1374626
|
DCHECK failure in JSFunction::cast(entry.map(isolate).GetConstructor()) == native_context.array_fu
|
-
|
2023-01-21
|
1372999
|
Security: Heap-use-after-free in SpeechRecognitionRecognizerImpl::ChangeLanguage
|
$10000
|
2023-01-19
|
1373314
|
Security: WebGPU: Out of bounds write in OnBufferMapAsyncCallback
|
-
|
2023-01-19
|
1374232
|
v8_regexp_parser_fuzzer: DCHECK failure in index <= known_captures in regexp-parser.cc
|
-
|
2023-01-19
|
1344647
|
chrome.debugger API bypasses the runtime_blocked_hosts cookie protection
|
$3000
|
2023-01-18
|
1354518
|
Security: .url files can be saved via getFileHandle and redirect showSaveFilePicker to arbitrary file
|
$1000
|
2023-01-18
|
1366330
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-01-18
|
1371860
|
Security: UAF in mojo::SimpleWatcher::Context in MojoIpcz feature (browser process)
|
$20000
|
2023-01-18
|
1371926
|
Security: file_type_policies changes reintroduce attack surface
|
-
|
2023-01-18
|
1372500
|
CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver_NonInline(*this)) in js
|
-
|
2023-01-18
|
1372653
|
Use-after-poison in blink::NGBlockNode::StoreResultInLayoutBox
|
-
|
2023-01-18
|
1372784
|
use after poison in HeapObjectHeader::LoadEncoded()
|
$10000
|
2023-01-18
|
1373770
|
DCHECK failure in gc_epilogue_callbacks_.IsEmpty() in local-heap.cc
|
-
|
2023-01-18
|
1373772
|
CHECK failure: diff <= 0.5
|
-
|
2023-01-18
|
1080624
|
CrOS: Vulnerability reported in sys-libs/glibc
|
-
|
2023-01-16
|
1162252
|
CrOS: Vulnerability reported in x11-libs/gdk-pixbuf
|
-
|
2023-01-16
|
1176031
|
Reading local files through an extension that only has the "downloads" permission
|
$5000
|
2023-01-16
|
1294202
|
CrOS: Vulnerability reported in dev-libs/protobuf
|
-
|
2023-01-16
|
1298886
|
CrOS: Vulnerability reported in media-libs/tiff
|
-
|
2023-01-16
|
1354271
|
Security: [ANGLE] Heap-buffer-overflow caused by writing exceeding the querypool size
|
$17000
|
2023-01-14
|
1365004
|
Security: Chrome Android: Incognito Mode grants access to the address bar although reauthentication is required
|
-
|
2023-01-14
|
1279268
|
Security: Page can cause autofill prompt to render near cursor in order to bypass intentional mouse movement input requirements for autofill (Bypass of issue 1240472 fix)
|
$3000
|
2023-01-13
|
1356211
|
Security: XML object's heap memory difference leaking or potential ASLR bypass in libXML
|
$1000
|
2023-01-13
|
1365330
|
Security: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199)
|
-
|
2023-01-12
|
1366415
|
UAF in AccessibilityManager
|
$2000
|
2023-01-12
|
1369871
|
Security: Race condition in JSCreateLowering, leading to RCE
|
$20000
|
2023-01-12
|
1369882
|
Security: use-after-poison interface_endpoint_client.cc:900 in mojo::InterfaceEndpointClient::HandleValidatedMessage
|
$10000
|
2023-01-12
|
1370439
|
UAF in SelectFileDialogLinuxKde::CallKDialogOutput
|
$7000
|
2023-01-12
|
1370969
|
Crash in blink::NGBlockNode::StoreResultInLayoutBox
|
-
|
2023-01-12
|
1350442
|
Security: UAF in BackForwardCache
|
$30000
|
2023-01-11
|
1358168
|
Security: clang-analyzer-core.uninitialized.Assign in third_party/ffmpeg/libavformat/riffdec.c
|
-
|
2023-01-11
|
1364662
|
Security: UAF in in safe_browsing::IncidentReportingService::AddIncident(browser process)
|
$7000
|
2023-01-11
|
1367650
|
DCHECK failure in offsets.size() != 0 in maglev-graph-builder.cc
|
-
|
2023-01-11
|
1370416
|
DCHECK failure in is_loadable() in maglev-ir.h
|
-
|
2023-01-11
|
1370423
|
DCHECK failure in HAS_SMI_TAG(ptr) in smi.h
|
-
|
2023-01-11
|
587956
|
Security: Android: Apps with external storage access can steal CSRF tokens
|
-
|
2023-01-10
|
1361612
|
heap-use-after-free : webrtc::`anonymous namespace'::ProduceRemoteInboundRtpStreamStatsFromReportBlockData
|
-
|
2023-01-10
|
1363583
|
Security: Heap-use-after-free in UserNoteService::OnNoteCreationDone
|
$5000
|
2023-01-10
|
1366843
|
uaf in v8_inspector::InjectedScript::addPromiseCallback
|
$1000
|
2023-01-10
|
1367862
|
DCHECK failure in IsPrimitiveMap() in map-inl.h
|
-
|
2023-01-10
|
1368046
|
Security: Type confusion in V8
|
$10000
|
2023-01-10
|
1370400
|
DCHECK failure in key->IsJSReceiver() in runtime-collections.cc
|
-
|
2023-01-10
|
1370402
|
DCHECK failure in target().IsUndefined() || target().IsJSReceiver() in js-weak-refs-inl.h
|
-
|
2023-01-10
|
1259492
|
Security UI Spoofing on Chrome for Android due to the Contact permission dialog hiding the fullscreen alert message
|
$7500
|
2023-01-09
|
1363287
|
DCHECK failure in GetCurrentStackPosition() >= stack_guard()->real_climit() - 32 * KB in isolate.c
|
-
|
2023-01-08
|
1368076
|
Security: Report 2 Vulnerabilities in WebSQL
|
$13000
|
2023-01-07
|
1051198
|
Compromised renderer can arbitrarily read the clipboard
|
-
|
2023-01-06
|
1363040
|
uaf in PermissionStatus::OnPermissionStatusChange
|
$2500
|
2023-01-06
|
1366812
|
Security: UAF in content::DevToolsSession::DispatchProtocolResponse (browser process)
|
$1000
|
2023-01-06
|
1366464
|
Back Forward Cache storage of RenderViewHost is unsafe
|
-
|
2023-01-05
|
1367680
|
GPU failure in blink::NGPhysicalBoxFragment::CheckSameForSimplifiedLayout
|
-
|
2023-01-05
|
1355560
|
heap-use-after-free ui/views/view.cc:1898:7 in views::View::HandleAccessibleAction
|
$2000
|
2023-01-04
|
1366806
|
Security: Heap-use-after-free in InstallablePaymentAppCrawler::OnPaymentMethodManifestParsed
|
$38000
|
2023-01-04
|
1367678
|
DCHECK failure in generator_block->control_node()->opcode() == Opcode::kSwitch in maglev-regalloc.
|
-
|
2023-01-04
|
345205
|
DevTools: Combat self-xss
|
-
|
2023-01-04
|
1360042
|
V8: Generic lowering of JSForInPrepare tries to read from FixedArray
|
-
|
2023-01-03
|
1363030
|
uaf in ArcInputOverlayManager::ReadData
|
-
|
2023-01-03
|
1364604
|
Security: heap-use-after-free in GrClientMappedBufferManager::owningDirectContext
|
$15000
|
2023-01-03
|
1367231
|
Security: UAF in AutofillContextMenuManager::ExecuteCommand
|
$7000
|
2023-01-03
|
1367651
|
CHECK failure: size <= kMaxRegularHeapObjectSize
|
-
|
2023-01-03
|
1367993
|
Security: WebRTC crash in `AudioMultiVector::PushBackInterleaved`
|
-
|
2023-01-03
|
1340879
|
Security: Custom Tab HTTP Header Injection
|
$3000
|
2023-01-02
|