Avatar of this page

Chromium Disclosed Security Bugs

Google discloses Chromium security bugs 14 weeks after fixing them. This website makes it easier to keep track of them.

This page is run by @securityMB but it is not an official Google product.

You can also follow this project on the following social platforms:

Bugs disclosed in 2023.json

Options
#Summary$$$Disclosure date
1472558 Inadequate Registry management within the Chrome uninstaller resulting in privilege escalation$3,0002023-11-28
1425355Security: Intent URLs also bypass CSP sandbox with "allow-popups" set$1,0002023-11-27
1455587sql_recovery_fuzzer: Trap in std::__Cr::__libcpp_verbose_abort-2023-11-26
1472966Security: Experimental features: Type assertion failed! (value/expectedType/nodeId)-2023-11-25
1473389DCHECK failure in i_isolate->has_pending_exception() || thrower.error() in wasm-js.cc-2023-11-24
1473631Security: CSA_DCHECK failed: Torque assert 'Is<A>(o)' failed$16,0002023-11-24
1463903Security: ChromeOS: Information leak due to type confusion in u32 classifier$7502023-11-23
1467666Security: Potential Design Flaw in Service Worker Lifecycle Management within Performance Manager-2023-11-23
1468442Security: heap-use-after-free in vkr_context_submit_fence$2,0002023-11-23
1472173Security: UAF in SimpleHostResolverImpl::ResolveHost with chrome$7,0002023-11-23
1472317DCHECK failure in enum_length > 0 in keys.cc-2023-11-23
1472364Avoid std::vector<Node*>-2023-11-23
1472174DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2023-11-22
1472318DCHECK failure in (location_) != nullptr in handles.cc-2023-11-22
1472618DCHECK failure in !i_isolate->has_scheduled_exception() in wasm-js.cc-2023-11-22
1472696Crash in v8::internal::VerifyPointersVisitor::VerifyPointers-2023-11-22
1066555Security: tel: URL scheme reference origin spoof on Android Chrome$5002023-11-21
1414936Security: Android file picker dialog can be shown over a different tab$5,0002023-11-20
1453927Security: Chrome OS: Buffer overflow in function parse_raw_formats of venus driver$5002023-11-20
1453934Security: Chrome OS: Heap Buffer OOB write in function init_codecs of venus driver$5002023-11-20
1453935Security: Chrome OS: Multiple Heap Buffer OOB write bugs in venus driver because of reenter in hfi_parser function$5002023-11-20
1453937Security: Chrome OS: OOB write in function session_get_prop_buf_req of venus driver$5002023-11-20
1454624Security: Chrome OS: OOB read and write in venus_read_queue and venus_write_queue of venus driver-2023-11-20
1468848Security: stack-use-after-return in tint::wgsl::writer::ASTPrinter::EmitStructType$11,0002023-11-20
1470539[zlib][fix] Heap overflow in minizip library (part of zlib)-2023-11-20
1451543Security: Spoof empty titlebar via javascript: URI in Document PIP$2,0002023-11-18
1455619Security: Heap over read in libwebp WebPEncode (with lossless / alpha) under OOM condition-2023-11-18
1469542UAF in rx::vk::DynamicDescriptorPool::destroyCachedDescriptorSet$10,0002023-11-18
1357442Security: Draw Mouse Cursor to hide omni box$1,0002023-11-17
1443147Security: Chrome iOS$1,0002023-11-17
1443214Security: On Chrome OS, any webpage is able to interface with the Chrome Goodies extension-2023-11-17
1443571Security: Chrome iOS$1,0002023-11-17
1470668Security: Out-of-bounds access in ReduceJSLoadPropertyWithEnumeratedKey-2023-11-17
1472121DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(this->length(kAcquireLoad))-2023-11-17
1451680Security: OOB in vb2ops_venc_queue_setup$5002023-11-16
1470522Memory corruption in Timeline-2023-11-16
1467146Security: error json-stringifier.cc:1337-2023-11-15
1469754Security: Heap-use-after-free in blink::ThrottlingURLLoader::OnReceiveResponse$3,0002023-11-15
1470477Security: stack-use-after-scope$2,0002023-11-15
1464456XSS on chrome://file-manager, abusable by extensions$5,0002023-11-14
1465203XSS on Image Loader extension and chrome://resources, abusable by extensions to access private APIs$5,0002023-11-14
1467093Stack-buffer-overflow in v8::internal::JsonStringifier::SerializeString-2023-11-14
1470434Security: Debug check failed: HasBytecodeArray()$2,0002023-11-14
1470448Security: Crash in v8::internal::OrderedHashTable<v8::internal::OrderedHashSet, 1>::Rehash-2023-11-14
1468717DCHECK failure in type == MachineType::Int32() || type == MachineType::Uint32() || type.representa-2023-11-13
1469909Security: wrong hole check against property cells-2023-11-13
1470495DCHECK failure in load.outputs_rep()[0] == Asm().output_graph().Get(replacement).outputs_rep()[0 i-2023-11-13
1469348freetype_colrv1_fuzzer: UNKNOWN READ in tt_face_load_colr-2023-11-12
1430867Permission Tapjacking Is Possible In Android Custom Tabs$3,0002023-11-11
1435669UAF in ScrollableShelfView::shelf_container_view_-2023-11-11
1448548Security: UAF in AcquireFileAccessPermissionDoneForScheduleDownload$30,0002023-11-11
1464137Race Condition UAF in DRM_IOCTL_MODE_ATOMIC-2023-11-11
1464511Chrome Custom Tab No Longer Tied to Parent App-2023-11-11
1467921Security: heap-use-after-free on ash/wm/desks/desks_controller.cc$3,0002023-11-11
1468813Security: heap-use-after-free on ash/wm/overview/overview_item.cc$3,0002023-11-11
1469800Security: Type cast failed in v8$8,0002023-11-11
1470166DCHECK failure in MachineRepresentation::kTagged == type.representation() in code-generator.cc-2023-11-11
1316379Security: Heap Buffer Overflow in mojo Message$1,0002023-11-09
1454515Security: Cursor hijacking mitigation bypass if iframe's content area is outside the top-layer content area$2,0002023-11-09
1464215Security: SKIA: integer overflow in sk_path_analyze_verbs.-2023-11-09
1465833Security: heap-use-after-free in network::NetworkContext::DestroyURLLoaderFactory$2,0002023-11-09
1466415Security: Heap-use-after-free in HostResolverManager::Job::RunNextTask$3,0002023-11-09
1467743Security: chrome.devtools.inspectedWindow.getResources allows resources from enterprise policy-blocked hosts$5002023-11-09
1468458Security: Debug check failed: page->area_size() >= static_cast<size_t>(page->live_bytes())$10,0002023-11-09
1468943Security: Dangling FixedArray pointers in Torque lead to memory corruption-2023-11-09
1469534Debug check failed: IsKind(TypeBase::kWasm) in WasmLoadElimination::HalfState::KillField-2023-11-09
1398996Security: ChromeOS wpa_supplicant arbitrary shared object load-2023-11-08
1406165Security: Race Condition UAF in i915_perf_add_config_ioctl$16,0002023-11-08
1421706Security: Race Condition UAF in mtk_jpeg_job_timeout_work$5,0002023-11-07
1454817Security: Users cannot escape the full screen mode in this offline .html file$3,0002023-11-07
1455857potential victim of Spectre in intel_pxp_sm_ioctl_terminate_session-2023-11-07
1456561Race Condition UAF in amdgpu_cs_wait_fences_ioctl$1,0002023-11-07
1458807Security: Chrome OS : Multiple bugs in cros_gralloc$1,0002023-11-07
1459182Security: Use-After-Free in NFT_MSG_NEWRULE-2023-11-07
1462551Security: Chrome OS : Two security bugs of mwifiex$1,5002023-11-07
1463447Extensions can open chrome-untrusted:// URLs with identity.launchWebAuthFlow$7502023-11-07
1464445Security: Chrome OS: bluez missed patch can cause remotely information leak in function cli_feat_read_cb$5002023-11-07
1467751Security: chrome.devtools.inspectedWindow.eval can bypass enterprise-policy blocked hosts using subframes$5002023-11-07
1468886Uaf in OmniboxPopupPresenter::WaitForHandler$2,0002023-11-07
1464449UAF in gsm_cleanup_mux$1,5002023-11-06
1465224net_quic_stream_factory_fuzzer: Heap-use-after-free in net::QuicChromiumClientStream::Handle::ReadBody-2023-11-06
1468148Security: v8 error Received signal 11 SEGV_MAPERR 000000000dd0-2023-11-06
1468901Security: LoadPropertyFromGlobalDictionary checks the wrong hole-2023-11-06
1458046Security: [GPU/Angle] heap-buffer-overflow WRITE of size 496 [@rx::PackPixels]-2023-11-04
1467554Trap in Builtins_CheckTurboshaftWord32Type-2023-11-03
1449166Fatal error in #41:Dead should be followed by IfSuccess/IfException, but is only followed by si-2023-11-02
1458303Security: Heap-use-after-free in KeyRotationLauncherImpl::SynchronizePublicKey$5,0002023-11-02
1462723Security: Eyedropper API can confuse real cursor position which can cause users to be tricked into clicking unwanted positions (ie. accepting permission prompts)$2,0002023-11-02
1467142Security: V8: Debug check failed: result_type.IsSubtypeOf(output_graph_types_[index]).$7,0002023-11-02
1467622UAF in raw_ptr with FedCM IDP Signin status-2023-11-02
1465230[Autofill] Keyboard accessory, bottom sheet accept unintentional user input$2,0002023-11-01
1466124dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::run-2023-11-01
1466128dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::runUntilIdle-2023-11-01
1467157Security: Heap-use-after-free in GetAuthorizationRightsWithPrompt$3,0002023-11-01
1467169Security: Extension Has Access to File URL Despite Access is Disabled$5,0002023-11-01
1453507Security: Multiple cros_ec bugs when handling host commands from Application Processor$5002023-10-31
1458291Security: V8: Fatal error in ../../src/api/api-inl.h, line 55$7,0002023-10-31
1459281Security: about:blank origin shown in Bluetooth and other permission dialogs$3,0002023-10-31
1467471DCHECK failure in kind.tagged_base ? ValidOpInputRep(graph, base(), RegisterRepresentation::Tagged-2023-10-31
1423266Security: ChromeOS: Local privilege escalation due to use-after-free in u32 classifier-2023-10-30
1447376Security: Race Condition UAF in hci_remove_ltk$6,0002023-10-30
1464636Security: UAF in VisualSearchClassifierHost::StartClassificationWithModel$3,0002023-10-30
1467028DCHECK failure in !maybe_outer_scope_info.is_null() in parser.cc-2023-10-30
1449874Security: Bypass the Protection of input fields cache (Autofill) due to inappropriate code design (Bypass 1108181)$6,0002023-10-29
1412965Security: use of uninitialized member variable in omnibox_popup_view_views.cc:575$4,0002023-10-28
1455964Security: persistent and arbitrary pip2 window-2023-10-28
1441228Security: Select option can cover permission buble , lead to spoof$5002023-10-27
1463293Security: interstitials with one click to proceed are clickjackable-2023-10-27
1466183Security: Memory corrupt in v8, leading to RCE$23,0002023-10-27
1466315DCHECK failure in mode == FastCloneObjectMode::kIdenticalMap implies !map->is_prototype_map() in i-2023-10-27
1466543DCHECK failure in descriptor_number.as_int() < number_of_descriptors() in descriptor-array-inl.h-2023-10-27
1466785DCHECK failure in details.kind() == PropertyKind::kData in ic.cc-2023-10-27
1444766Security: A use after free vulnerability exists in ChromeOS Kernel$15,0002023-10-25
1456243Security: [ANGLE] opengl : Out-of-bounds memory can be accessed using offsets in vertexAttribPointer$10,0002023-10-25
1464038I'm reporting an incomplete fix for a prior report (1451211) and (1427865).$15,0002023-10-25
1465326Security: Type confusion in VisitFindNonDefaultConstructorOrConstruct of Maglev$21,0002023-10-25
1215629Security: stack-buffer-overflow WRITE of size 169 while parsing a file in espeak-ng (ChromeOS relevant)-2023-10-24
1215641Security: heap-use-after-free READ of size 4 while parsing a file in espeak-ng (ChromeOS relevant)-2023-10-24
1215645Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relevant)-2023-10-24
1215650Security: stack-buffer-overflow WRITE of size 494 while parsing a file in espeak-ng (ChromeOS relevant)-2023-10-24
1215660Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215664Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215672Security: heap-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215678Security: global-buffer-overflow WRITE of size 4 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215752Security: heap-use-after-free READ of size 4 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215756Security: global-buffer-overflow WRITE of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215761Security: stack-buffer-overflow WRITE of size 62 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215768Security: heap-use-after-free READ of size 4 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215772Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215774Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215781Security: heap-use-after-free READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215783Security: heap-use-after-free READ of size 4 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215789Security: heap-use-after-free READ of size 4 while parsing a file in espeak-ng (ChromeOS relavant-2023-10-24
1215794Security: global-buffer-overflow WRITE of size 4 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215797Security:stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215800Security: stack-buffer-overflow READ of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215806Security: stack-buffer-overflow WRITE of size 1 while parsing a file in espeak-ng (ChromeOS relavant)-2023-10-24
1215820Security: stack-buffer-overflow WRITE of size 420 while parsing a file in espeak-ng (ChromeOS relevant)-2023-10-24
1216020Security: espeak-ng memory vulnerabilities$1,0002023-10-24
1458911Security: Libxslt arbitrary file reading using document() method and external entities.$3,0002023-10-24
1459124Security: prevent ssrc-related SDP munging-2023-10-24
1464680Security: Incomplete fix for 1431761-2023-10-24
1465120DCHECK failure in is_activated_ || shared_heap_worklist_.has_value() in marking-barrier.cc-2023-10-24
1465193Security: Memory corruption due to HeapVector iterator invalidation$4,0002023-10-24
1465293Security: Heap-use-after-free in BrowsingTopicsServiceImpl::GetBrowsingTopicsStateForWebUi$2,0002023-10-24
1395323Security: ChromeOS Guest User Can Force Persistent Rollback on Stable Channel-2023-10-23
1454328Security: Out of bound in intel_pxp_sm_ioctl_query_pxp_tag$1,2502023-10-23
1455270Security: Heap-use-after-free in ui::PropertyHandler::GetPropertyInternal$2,0002023-10-23
1464516Security: v8 Fatal error in ../../src/objects/tagged-impl-inl.h, line 213-2023-10-23
1465130Security: Debug check failed: !s.InSharedHeap().$7,0002023-10-23
1465300Crash in Builtins_ArrayPrototypeJoin-2023-10-23
1465342DCHECK failure in page->area_size() >= static_cast<size_t>(page->live_bytes()) in sweeper.cc-2023-10-23
1465347Crash in v8::internal::ConcurrentMarking::JobTaskMajor::Run-2023-10-23
1465350Crash in Builtins_ArrayIteratorPrototypeNext-2023-10-23
1465351Crash in void v8::internal::String::WriteToFlat<unsigned char>-2023-10-23
1465352Crash in Builtins_KeyedLoadIC-2023-10-23
1465356Crash in void v8::internal::String::WriteToFlat<unsigned char>-2023-10-23
1465358CHECK failure: result->IsValue()-2023-10-23
1465359Crash in void v8::internal::String::WriteToFlat<unsigned char>-2023-10-23
1465362CHECK failure: space->Contains(index)-2023-10-23
1465365Crash in v8::internal::Runtime_RunMicrotaskCallback-2023-10-23
1465368Crash in v8::internal::Map::visitor_id-2023-10-23
1465370CHECK failure: storage_.is_populated_-2023-10-23
1465374CHECK failure: IsContext()-2023-10-23
1465375Crash in v8::internal::RecordMigratedSlotVisitor::RecordMigratedSlot-2023-10-23
1465377Crash in Builtins_MapPrototypeSet-2023-10-23
1422272Security: Using popups, Incognito Mode-specific external protocol prompts can be overlaid on other origins on Android.$5002023-10-21
1458819Security: Heap-buffer-overflow in CompositorFrameSinkSupport::DidPresentCompositorFrame$17,0002023-10-21
1464734Use-after-poison in blink::MessagePort::~MessagePort-2023-10-21
1421349Security: stack OOB in xfrm_state_find$1,0002023-10-20
1457049Security: SoftNavigation + first-paint can leak history information$5,0002023-10-20
1462104Incognito Mode Leaving Alert Dialog Box Tapjacking on DoubleClick$2,0002023-10-20
1463850Security: Segment Fault in v8 wasm at address > page size$1,0002023-10-20
1464324Security: Puppeteer's vm2 dependency has major security vuln-2023-10-20
1464682Security: shouldLimitTypeSizes check bypassable from a compromised renderer-2023-10-20
1464786DCHECK failure in !shared_heap_worklist_.has_value() in marking-barrier.cc-2023-10-20
1431043Security: Picture in picture can hide fullscreen notification$1,0002023-10-19
1464008DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2023-10-19
1464179CVE-2023-26966 and CVE-2023-2908 were fixed in libtiff and published but not propagated to Pdfium yet-2023-10-19
1367085Security: Web Share dialog URL is incorrectly elided in Android (ineffective fix for issue 1329541)$1,0002023-10-18
1464080CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsHeapObject()) in heap--2023-10-18
1464231v8_wasm_fuzzer: Crash in v8::internal::RootScavengeVisitor::VisitRootPointer-2023-10-18
1420130Security: [WebGL2/Mali] Heap-buffer-overflow in WebGL2 Shader compilation on Android-2023-10-17
1457757UAF in media_router::IssuesObserver::~IssuesObserver()$5,0002023-10-17
1461969Race Condition UAF in KVM_DEV_VFIO_GROUP$9,5002023-10-17
1462501DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2023-10-17
1463134DCHECK failure in constant.is_int64() in instruction-selector-x64.cc-2023-10-17
1463219DCHECK failure in index < parameter_count_ in signature.h-2023-10-17
1463289DCHECK failure in end.valid() in graph.h-2023-10-17
1463826DCHECK failure in chunk->Contains(slot_addr) in remembered-set.h-2023-10-17
1451146chrome.devtools.inspectedWindow.reload can run scripts on the Chrome Web Store$3,0002023-10-16
1461895chrome.devtools.inspectedWindow origin limitations are very broken and can be bypassed$1,0002023-10-16
1462951Security: Type Confusion in V8 WebAssembly, leading to RCE$20,0002023-10-16
1463001pdfium_xfa_fuzzer: Container-overflow in CFDE_TextOut::RetrievePieces-2023-10-16
1462937DCHECK failure in old_map->owns_descriptors() in js-objects.cc-2023-10-14
1463218CHECK failure: IsEmpty()-2023-10-14
1424415DCHECK failure in !space->IsInlineAllocationEnabled() implies space->limit() == space->top() in ru-2023-10-13
1457095Security: use-after-free/data-race (in off-by-default JavaScriptExperimentalSharedMemory feature)$10,0002023-10-13
1449929Security: heap-use-after-free on AudioManagerWin$5,0002023-10-12
1453465Security: heap-use-after-free on chrome/browser/ui/views/tabs/tab_strip.cc:220:5$2,0002023-10-12
1457472Security: Interactionfull Devtools UXSS-2023-10-12
1457840Security: [ANGLE] metal : Out-of-bounds memory can be accessed on DrawCmd$10,0002023-10-12
1458955Heap-use-after-free in ui::AXTreeSerializer<blink::AXObject*>::AnyDescendantWasReparented-2023-10-12
1460019v8_wasm_compile_fuzzer: Segv on unknown address in v8::internal::WasmInternalFunction::GetOrCreateExternal-2023-10-12
1462527DCHECK failure in displacement != 0 in instruction-selector-x64.cc-2023-10-12
1457131Security: webrtc: wildptr in VideoCaptureModulePipeWire::StopCapture()-2023-10-11
1457421Security: UAF in webrtc::SctpDataChannel::SetState$7,0002023-10-11
1342896Security: UAF in PermissionAuditingService multiple functions$4,0002023-10-10
1454105Trap in Builtins_CheckTurboshaftFloat64Type-2023-10-10
1454544New webstore domain needs to be added into the devtools extension API URL checks-2023-10-10
1457717memory corruption in MarkCompactCollector::ProcessMarkingWorklist(v8)$7,0002023-10-10
1458837Crash in Builtins_StringEqual-2023-10-10
1460177Use-of-uninitialized-value in v8::internal::JsonParser<unsigned char>::CalculateFileLocation-2023-10-10
1459172Crash in Builtins_TypedArrayPrototypeMap-2023-10-09
1404001Security: PWA Install prompt can be overlaid over other origins.$4,0002023-10-08
821625Data URL doesn't inherit CSP$1,0002023-10-06
821628CSP not inherited after navigation to JavaScript scheme URI (iOS)$1,0002023-10-06
821632CSP form-action seems to be ignored if target="_blank"$1,0002023-10-06
1458337CHECK failure: static_cast<uintptr_t>(caller_frame_top_) > stack_guard->real_jslimit() in deopt-2023-10-06
1458376sequence_manager_fuzzer: Heap-use-after-free in base::sequence_manager::internal::TaskQueueImpl::TaskRunner::PostDelayedTask-2023-10-06
1429353chrome.devtools.inspectedWindow.eval bypasses the ExtensionSettings policy-2023-10-05
1458355Out of bounds read in oscillator_kernel_neon.cc-2023-10-05
1459277Security: Out of bounds read due to a missing bounds check-2023-10-05
1457802CHECK failure: Object::AddDataProperty(&it, context, attributes, Just(kDontThrow), StoreOrigin:-2023-10-03
1455485Security: UaF in GpuImageDecodeCachePurgeOnTimerTest.SimplePurgeOneImage-2023-10-02
1457745Trap in Builtins_CheckTurboshaftFloat64Type-2023-10-02
1455706DCHECK failure in var.has_value() in optimization-phase.h-2023-09-29
1427288Reloading the original request URL incorrectly uses NavigationEntry state with a different URL-2023-09-28
1454086UAF in webrtc::DataChannelController::OnChannelStateChanged$7,0002023-09-28
1456853CHECK failure: !available->IsEmpty() in macro-assembler-arm64.h-2023-09-28
1451286heap-use-after-free : ash::libassistant::GrpcServicesInitializer::~GrpcServicesInitializer-2023-09-27
1455679DCHECK failure in !argument.IsTheHole() in elements.cc-2023-09-27
1455959DCHECK failure in !value->properties().is_conversion() in maglev-interpreter-frame-state.h-2023-09-27
1456617DCHECK failure in IsPrimitiveMap() || instance_type() == WASM_NULL_TYPE in map-inl.h-2023-09-27
1447387Security: Right Click Prompt overlap autofill. , it can confuse lead to spoof$5002023-09-26
1451164Security: UAF in ash::diagnostics::AsyncLog::Append$5,0002023-09-26
1455797CHECK failure: predecessor in maglev-graph-builder.h-2023-09-26
1342115Security: V8 Typer hardening bypass via ReduceArrayPrototypeAt$5,0002023-09-25
1453232DCHECK failure in source.IsValid() in js-heap-broker.cc-2023-09-25
1453582CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsJSReceiver_NonInline(*-2023-09-25
1455185CHECK failure: !available->IsEmpty() in macro-assembler-arm64.h-2023-09-25
1455517DCHECK failure in !is_empty() in reglist-base.h-2023-09-25
1455550DCHECK failure in bytecode_analysis().IsLoopHeader(offset) in maglev-graph-builder.h-2023-09-25
1455641DCHECK failure in 1 == args.length() in runtime-collections.cc-2023-09-25
1443292Security: adb wireless debugging bugfix bypass$3,0002023-09-22
1449007Security: Forced user interaction for Hidden permission prompts by freezing/resizing the browser Bypass of 1371215 $3,0002023-09-22
1453209Security: Heap-use-after-free in UploadToReportingServer$3,0002023-09-22
1454722Crash in blink::LayoutTreeBuilderTraversal::FirstChild-2023-09-22
1454860WebRTC crashes on closing a peerconnection which munges the RTX ssrc to be the same as the primary SSRC-2023-09-22
1455189DCHECK failure in IsStackSlot() || IsFPStackSlot() in instruction.h-2023-09-22
1455238Crash in memfd:swiftshader_jit-2023-09-22
1455318Crash in Builtins_InterpreterEntryTrampoline-2023-09-22
1455359DCHECK failure in predecessor_count_ > 1 in maglev-interpreter-frame-state.cc-2023-09-22
1348733Security: Dangling pointer in Dawn::Buffer-2023-09-21
1412057sql_recovery_fuzzer: Crash in sql::recover::VirtualCursor::AppendPageDecoder-2023-09-21
1449799Security: type mismatch with jit,0 vs 65536$7,0002023-09-21
1454097Security: heap-buffer-overflow in vkr_dispatch_vkAllocateMemory-2023-09-21
1454436DCHECK failure in ((immediate >> kWRegSizeInBits) == 0) || ((immediate >> kWRegSizeInBits) == -1) -2023-09-21
1454478DCHECK failure in HasValue() in maglev-graph-builder.h-2023-09-21
1449150freetype_truetype_render_fuzzer.exe: Int-overflow in T1_Face_Init-2023-09-20
1449895Security: SEGV on emit_ios_generic_outputs$7,0002023-09-20
1451115Heap-use-after-free in ui::AXTreeSerializer<blink::AXObject*>::AnyDescendantWasReparented$9,0002023-09-20
1451999Crash in v8::internal::DependentCode::SetDependentCode-2023-09-20
1452137Security: Type confusion in v8 caused by incorrect side effect modelling of JSStackCheck$20,0002023-09-20
1452254CHECK failure: !descriptors.GetKey(i).IsInteresting(isolate) in objects-debug.cc-2023-09-20
1454726DCHECK failure in owner == interpreter::Register::current_context() implies IsResumableFunction( b-2023-09-20
1443722Regression: External protocol confirmation dialog may overlap with other origins$2,0002023-09-19
1448729sqlite3_dbfuzz2_fuzzer: Use-of-uninitialized-value in cellSizePtrTableLeaf-2023-09-19
1450809UAF in MarkingWorklists::Local::IsEmpty(v8)$7,0002023-09-19
1452076Security: Read-only property overwrite in TurboFan-2023-09-19
1453973Security: Fatal error in ../../src/compiler/turboshaft/types.h$7,0002023-09-19
1168551Security: android-root privilege escalation-2023-09-18
1413104Security: Race Condition UAF in hci_cmd_sync_work(2)$4,0002023-09-18
1423627Security: OOB Access in intel_pxp_sm_ioctl_mark_session_in_play$16,0002023-09-18
1424269Security: use after free in virtwl_ioctl_recv-2023-09-18
1424270Security: out of bound read in vfd_out_locked$1,0002023-09-18
1441306Security: Calling ash::DiagnosticsDialog::ShowDialog multiple times can result in an Use-After-Free (UAF) error in ash::diagnostics::NetworkingLog::UpdateNetworkList.$5,0002023-09-18
1447372Security:Integer overflow in vn_decode_vkExecuteCommandStreamsMESA_args_temp$7,0002023-09-18
1447373Integer overflow in vkr_cs_encoder_set_stream$7,0002023-09-18
1447984Security: Chrome OS cros_camera_service UAF in mojo Camera3DeviceOps interface-2023-09-18
1450118Security: OOB in NotificationDaemon::OnClicked-2023-09-18
1451803Security : Heap UaF on ash/wm/splitview/split_view_divider_view.cc:168:23$3,0002023-09-18
1453435dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in CmdBeginRenderPass::execute-2023-09-18
1453608Security: Stack-use-after-return in BrowserAttestationService::OnChallengeValidated$5,0002023-09-18
1453781DCHECK failure in argc_value.IsSmi() in frames.cc-2023-09-18
1453875Crash in v8::internal::ErrorUtils::Construct-2023-09-18
1450203Security: PWA dialog can be triggered from malicious origin and shown over Trusted Origin(Spoofing) Bypassing Google Security Measures in Chrome UI$5,0002023-09-17
1453481dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::run-2023-09-17
1427861sql_recovery_fuzzer: Trap in std::Cr::__libcpp_verbose_abort-2023-09-16
1434438Security: Custom Tab Scroll Inference$2,0002023-09-16
1438549Security: UAF in SaveUPIOfferBubbleViews::WindowClosing$6,0002023-09-15
1444438Security: destroying a SiteInstance can use-after-free the BrowserContext-2023-09-15
1450899Security: IPCZ FragmentDescriptors are not validated.-2023-09-15
1451338dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::runUntilIdle-2023-09-15
1451763lightweight-heap-use-after-free : ui::AXTree::Destroy-2023-09-15
1447568Security: TALOS-2023-1751 - Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability$10,0002023-09-14
1449678Security: heap-use-after-free on LibcastSocketService$16,0002023-09-14
1451957Security: CVE-2016-10195-2023-09-14
1450568Security: UAF in AutofillSnackbarController$21,0002023-09-13
1450771Security: v8 crash Bytecode mismatch at offset 78$7,0002023-09-13
1450784Security: UAF in extensions::OffscreenCreateDocumentFunction::OnExtensionHostDestroyed (browser process)$1,0002023-09-13
1451275dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::run-2023-09-13
1451332dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in CmdBeginRenderPass::execute-2023-09-13
1450114CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsSeqOneByteString_NonIn$5,0002023-09-12
1450397Security: UAF in guest_view::GuestViewManager::EmbedderProcessDestroyed(browser process)$5,0002023-09-12
1451056DCHECK failure in !is_compiled() || ActiveTierIsIgnition() || ActiveTierIsBaseline() || ActiveTier-2023-09-12
1450330DCHECK failure in effect_edges > 0 in verifier.cc-2023-09-11
1443540Security: `Sec-Browsing-Topics` exposes the number of topics sent to cross-site recipients-2023-09-09
1447264gpu_swangle_passthrough_fuzzer.exe: Crash in vk::Queue::taskLoop-2023-09-09
1449559dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::runUntilIdle-2023-09-09
1450376Security: Document PiP URL spoof$5,0002023-09-09
1450862DCHECK failure in last_position.IsKnown() in profiler-listener.cc-2023-09-09
1445492Security: Heap-use-after-free in AboutThisSiteSidePanelView::HandleKeyboardEvent$3,0002023-09-08
1446274Security: UAF in webrtc::PeerConnection::ReportTransportStats()$3,0002023-09-08
1449912dawn_wire_server_and_vulkan_backend_fuzzer: Incorrect-function-pointer-type in marl_fiber_trampoline-2023-09-08
1450142Security: [WebGPU] Dawn trusts function pointer from Renderer Process-2023-09-08
1450481Security: [0-day] Bug in the handling of the arguments object-2023-09-08
1450601Security: heap-use-after-free in device::OpenXrApiWrapper::InitSession-2023-09-08
1449054DCHECK failure in (receiver_) != nullptr in scopes.h-2023-09-07
1449589DCHECK failure in (BasicBlock::GetCommonDominator(block, user_block) == block) || (user_block->IsL-2023-09-07
1449611CHECK failure: (chunk->slot_set<OLD_TO_NEW>()) == nullptr in heap-verifier.cc-2023-09-07
1450395DCHECK failure in known_node_aspects().possible_maps[object].possible_maps.contains( map) in magle-2023-09-07
1450443DCHECK failure in !ActiveTierIsTurbofan() in js-function.cc-2023-09-07
1429999Security: Heap-use-after-free in SavedTabGroupButton::MoveGroupToNewWindowPressed$3,0002023-09-06
1446754Security: Bypass Of 1342072$2,0002023-09-06
1447382v8_wasm_compile_fuzzer: Use-after-poison in v8::internal::wasm::LiftoffAssembler::SpillRegister-2023-09-06
1448746pdf_codec_icc_fuzzer: Incorrect-function-pointer-type in cmsPipelineEval16-2023-09-06
1449085pdf_jpx_fuzzer: Incorrect-function-pointer-type in opj_setup_decoder-2023-09-06
1449208DCHECK failure in HeapType(heap_type).is_valid() in value-type.h-2023-09-06
1449540DCHECK failure in offset < length() in fixed-array-inl.h-2023-09-06
1406922Security: Forced user interaction for permission prompts by closing a popup window$1,0002023-09-05
1449291CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsJSReceiver_NonInline(*-2023-09-05
1449497Heap-use-after-free in net::HostResolverSystemTask::StartLookupAttempt-2023-09-04
1446045Security: Omaha EoP on Windows via COM-2023-09-02
1447363Security DCHECK failure: IsA<Derived>(from) in casting.h-2023-09-02
1448032Security: Heap Buffer Overflow and Security DCHECK failed: IsA<Derived>(from) in MediaStreamTrackImpl::stopTrack$11,0002023-09-01
1426517Security: Heap-use-after-free in ash::DeskMiniView::UpdateDeskButtonVisibility$1,0002023-08-31
1438990DCHECK failure in all implies !none in maglev-graph-builder.cc-2023-08-31
1441254Security:Debug check failed: HasBuiltinId() implies builtin_id() != Builtin::kCompileLazy.$8,0002023-08-31
1448041Debug check failed: Heap::InFromPage(object).-2023-08-31
1394226Unsigned code execution on enrolled devices via modified RMA shim-2023-08-30
1435142Security: UAF in base::ObserverList<ash::ArcWindowWatcher::ArcWindowDisplayObserver$1,0002023-08-30
1443107Security: Race Condition in amdgpu_ttm_tt_get_user_pages$1,0002023-08-30
1444835DCHECK failure in !MaybeHasTurbofanCodeBit::decode(state) in feedback-vector.cc-2023-08-30
1447344v8_wasm_streaming_fuzzer.exe: Use-after-poison in v8::internal::wasm::ValidateSingleFunction-2023-08-30
1447396sql_built_in_recovery_fuzzer: Crash in sqlite3VdbeMemSetStr-2023-08-30
1381375Security: UAF in device_del$5,0002023-08-29
1398995Security: ChromeOS cryptohome udev rules chgrp argument injection (unexploitable)-2023-08-29
1420885ServiceWorkers in credentialless iframes could access long lived cookies$2,0002023-08-29
1443100Heap-use-after-free in CPDF_StructElement::~CPDF_StructElement-2023-08-29
1447392Crash in memfd:swiftshader_jit-2023-08-29
1447430CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsHeapObject()) in heap--2023-08-29
1398985Security: ChromeOS shill-scripts Command Execution$1,0002023-08-28
1403836Security: PWA Installation can be unknowingly installed and launched into by pressing the "Enter" button repeatedly$1,0002023-08-28
1407576Security: Hostname checking options can all be empty when Default option is toggled "Server CA certificate" in Wi-Fi UI in ChromeOS Flex$2,0002023-08-28
1443956Security: Chrome OS cros_camera_service integer overflow in calculate_camera_metadata_size can cause OOB write $10,0002023-08-28
1443961Security: Chrome OS cros_camera_service OOB read and write when handling metadata_entry$7,0002023-08-28
1443964Security: Chrome OS cros_camera_service OOB write in function CameraDeviceAdapter::RegisterBufferLocked$7,0002023-08-28
1446841CHECK failure: static_cast<uintptr_t>(caller_frame_top_) - total_output_frame_size > stack_guar-2023-08-28
1446918Security: Debug check failed: NodeTypeIs(type, known_info->type)-2023-08-28
1447123DCHECK failure in NodeTypeIs(known_info->type, merger.node_type()) in maglev-graph-builder.cc-2023-08-28
96885UXSS via Object::GetRealNamedPropertyInPrototypeChain$2,3372023-08-28
1446738Heap-use-after-free in blink::scheduler::MainThreadTaskQueue::ShutdownTaskQueue-2023-08-26
1411109Security: Android - Bypass the Protection of input fields cache (Autofill) Bypass 1398579$3,0002023-08-25
1442086Security: Chrome OS cras server OOB read & write because of share memory content can be controlled by arcvm and chrome browser $10,0002023-08-25
1445275DCHECK failure in NodeTypeIs(type, known_info->type) in maglev-graph-builder.cc-2023-08-25
1446221v8_wasm_streaming_fuzzer: Use-after-poison in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::FullValidationT-2023-08-25
1436018Security: Linux kernel (including Chrome OS kernels) msm drm gpu driver refcount leak in msm_ioctl_gem_submit-2023-08-24
1407519Security: .lnk / .local Restricted Extension Download Bypass-2023-08-23
1423656Security: heap-use-after-free in extensions::NativeExtensionBindingsSystem::HandleResponse$1,0002023-08-23
1433304 heap-buffer-overflow in SavedTabGroup$3,0002023-08-23
1443401Security: UAF in extensions::WebViewFindHelper::FindReply in browser process$10,0002023-08-23
1443452Extending non-extensible objects leads to type confusion in V8-2023-08-23
1443955Security:stack-buffer-overflow in vrend_shader_sampler_views_mask_get bypassed$7,0002023-08-23
1444348heap-use-after-free : nlp_fst::SortedMatcher<nlp_fst::Fst<nlp_fst::ArcTpl<nlp_fst::TropicalWeightTpl<float>, int, int>>>::GetLabel-2023-08-23
1446239Abrt in v8::internal::maglev::LoadPolymorphicDoubleField::GenerateCode-2023-08-23
1433577Security: heap-use-after-free ui/ozone/platform/wayland/host/wayland_connection.cc$3,0002023-08-22
1437137DCHECK failure in var.has_value() in optimization-phase.h-2023-08-22
1440695Security: Type confusion in v8::internal::Object::SetPropertyWithAccessor-2023-08-22
1441030Security: chrome os vboot_reference vb2_unpack_key_buffer can cause integer overflow on 32 bit binaries-2023-08-22
1444195heap-use-after-free : TlmProvider::AppendNameToMetadata-2023-08-22
1444842CHECK failure: (location_) != nullptr in maybe-handles.h-2023-08-22
1445426Security: Use-after-free in CPWL_ComboBox::OnKeyDown$9,0002023-08-22
1445926DCHECK failure in var.has_value() in optimization-phase.h-2023-08-22
1368270Security: Safe Browsing vs manual Safe Browsing Query in Transparency Report-2023-08-21
1434330Security: cursor pointer can cover autofill prompt$1,0002023-08-21
1443114Memory corruption in v8::internal::MemoryChunk::ReleaseTypedSlotSet-2023-08-21
1445228DCHECK failure in map().has_prototype_slot() in js-function-inl.h-2023-08-21
1445235DCHECK failure in 0 == memcmp(reinterpret_cast<void*>(fresh->address() + offset), reinterpret_cast-2023-08-21
1445286CHECK failure: is_int8(disp) in assembler-x64.cc-2023-08-21
1443218DCHECK failure in expected_value_stack_size <= stack_value_types_for_debugging_.size() + num_gc_st-2023-08-19
1444134CHECK failure: maybe_constructor.IsJSFunction() in call-optimization.cc-2023-08-19
1444238Security: PDFium (XFA) Use-after-free in CPWL_ComboBox::OnChar$9,0002023-08-19
1444360Security: UAF in CommitErrorPage$31,0002023-08-19
1444581Security: PDFium (XFA) Use-after-free in CFFL_ListBox::SaveData$9,0002023-08-19
1444025Heap-use-after-free in v8::internal::TracedHandles::Destroy$9,0002023-08-17
1394410Security: Permission Prompts can be made totally hidden and user can Accept and interact with sensitive data without being aware Similar to (1358647)$2,0002023-08-16
1425637Security: Race Condition UAF in evdi_gem_create$11,0002023-08-16
1432470Security: CSA_DCHECK failed: Torque assert 'IsConstructor(target)'$10,0002023-08-16
1440006Security: heap-use-after-free in vrend_set_single_image_view$5,0002023-08-16
1441348DCHECK failure in has_prototype_slot(cage_base) in js-function-inl.h-2023-08-16
1441804Security: wildptr in webrtc::videocapturemodule::GetMaxOfFrameArray-2023-08-16
1442516Security: UAF in content::BrowserPluginGuest::GetProspectiveOuterDocument() in browser process$10,0002023-08-16
1443080Security: Type Confusion in V8-2023-08-16
1443193Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2023-08-16
1443200DCHECK failure in !Bytecodes::IsPrefixScalingBytecode(current_bytecode) in bytecode-array-iterator-2023-08-16
1443445Security: Stack-based Buffer Overflow in ANGLE source code (CreateTemporaryFile function)-2023-08-16
1360710Security: Custom cursor can overlay parts of the permission prompt.$2,0002023-08-15
1370705Arbitrary URI Origin Spoof on Chrome Android Incognito mode$1,0002023-08-15
1433503v8_inspector_fuzzer.exe: Heap-use-after-free in v8_inspector::EvaluateCallback::sendFailure-2023-08-15
1435438Security: stack-buffer-overflow in vrend_shader_sampler_views_mask_get$7,0002023-08-15
1436013Security: out-of-bounds write in tgsi_scan_shader$7,0002023-08-15
1436049Security: out-of-bounds access in tgsi_scan_shader$7,0002023-08-15
1438400Security: Heap-use-after-free in SearchCompanionSidePanelCoordinator::CreateCompanionEntry$5,0002023-08-15
1440005Security: heap-use-after-free in vrend_set_uniform_buffer$5,0002023-08-15
1440653Security: heap-use-after-free in vrend_apply_sampler_state$7,0002023-08-15
1441417Security:OOB read in vrend_set_single_image_view$2,0002023-08-15
1441241CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsJSReceiver_NonInline(*-2023-08-14
1442262Crash in Builtins_InterpreterEntryTrampoline-2023-08-14
1442301DCHECK failure in AllocatedSinceLastGC() + limit() - top() == std::accumulate(begin(), end(), 0, [-2023-08-14
1423634GpuMemoryAblationExperiment and Vulkan stack overflow-2023-08-12
1429141DCHECK failure in type.IsWord32() in assert-types-reducer.h-2023-08-12
1421616Security: fastfail in Builtins_DeoptimizationEntry_Eager -2023-08-11
1436790Security: Chrome OS amd drm gpu driver UAF bug in amdgpu_sched_ioctl which can be triggered from chrome browser context$10,0002023-08-11
1431761Security: [WebGL/WebGPU] Integer overflow in Swiftshader JIT optimization leads to oob read/write-2023-08-10
1437674UAF in CrostiniManager::profile_;-2023-08-10
1440764Security: [swiftshader] heap-use-after-free on vk::Query::start (another)$10,0002023-08-10
1441270dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::runUntilIdle-2023-08-10
1435422Security: stack-buffer-overflow in prepare_so_movs$7,0002023-08-09
1440685Fatal error in Type cast failed in CAST(args.GetReceiver()) at ../../src/builtins/builtins-call-2023-08-09
1442015DCHECK failure in source_position_iterator_.code_offset() > offset in maglev-graph-builder.h-2023-08-09
1442263Security: WebGPU D3D12 Descriptor Heap Issue Could Cause Unauthorized Memory Access-2023-08-09
1404039[ChromeOS Security] Multiple Share Memory TOCTOU Vulnerabilities in Qualcomm Snapdragon 7c Gen 2 Camera Drivers Which can be triggered from Chome Browser Context$10,0002023-08-08
1425115file_path_fuzzer: Global-buffer-overflow in base::FilePath::HFSFastUnicodeCompare-2023-08-08
1429059Fatal error in SimplifiedLoweringVerifierError: verified type Boolean of node #NUMBER:TypeGuard-2023-08-08
1434669Security: UAF in ReadAnythingAppController::OnAXTreeDistilled$7,0002023-08-08
1435166Security: UAF in DevToolsDataSource::OnLoadComplete$3,0002023-08-08
1436863Security: heap-use-after-free in translate_tex$7,0002023-08-08
1440893DCHECK failure in HasValue() in maglev-graph-builder.h-2023-08-08
1441262Crash in v8::internal::maglev::MaglevGraphBuilder::TryFindNextBranch-2023-08-08
1400905Security: UAF in AutofillSnackbarControllerImpl::OnActionClicked$7,0002023-08-07
1441089DCHECK failure in source_position_iterator_.code_offset() > offset in maglev-graph-builder.h-2023-08-05
1441092DCHECK failure in index >= 0 in bytecode-liveness-map.h-2023-08-05
1405223Chrome Theme contains link to malware, safe browser does not catch it$1,0002023-08-04
1426807Security: Extensions with "download" permissions can read local files by using FSA API$2,0002023-08-03
1430089Security: UAF in sampler_state$10,0002023-08-03
1433211Security: Internal JavaScript object access via Origin Trials-2023-08-03
1433468Security:stack buffer overflow in set_stream_out_varyings$7,0002023-08-03
1433506Security: heap-use-after-free in vrend_draw_bind_abo_shader$7,0002023-08-03
1434231Security:heap-buffer-overflow in rewrite_1d_image_coordinate$2,0002023-08-03
1436050Portals URL spoof after crash$2,0002023-08-03
1439691DCHECK failure in Smi::IsValid(value) in smi.h-2023-08-03
1439781CHECK failure: (location_) != nullptr in maybe-handles.h-2023-08-03
1440164DCHECK failure in !has_optimized_code() || optimized_code().marked_for_deoptimization() || (CodeKi-2023-08-03
1440463Vulnerability reported in /third_party/harfbuzz-ng-2023-08-03
1440490CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsJSObject_NonInline(*th-2023-08-03
1440714dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in marl::Scheduler::Worker::runUntilIdle-2023-08-03
1428820heap-use-after-free : net::SpdyProxyClientSocket::RunWriteCallback-2023-08-02
1433180Security: use-after-poison libANGLE\renderer\d3d\d3d11\VertexBuffer11.cpp:129 in rx::VertexBuffer11::storeVertexAttributes$11,0002023-08-02
1434904Debug check failed: IsSweepingInProgress() in ../../src/heap/gc-tracer.cc, line 584 -2023-08-02
1439688Heap-use-after-free in blink::PaintArtifactCompositor::CollectPendingLayers-2023-08-02
1381455Use-after-free in the filepicker$1,0002023-08-01
1426480Failed DCHECK on page finalization in ExternalCanvasResource::~ExternalCanvasResource-2023-08-01
1427918Security:UAF in content::SyntheticPointerAction::ForwardTouchOrMouseInputEvents(browser process)$3,0002023-08-01
1430985Security: WebGPU zero length GPUBuffers return address `0xCAFED00D`-2023-08-01
1433460Security: Chrome OS i915 drm gpu driver create_clone UAF$10,0002023-08-01
1433646Security: arbitrary address write in allocate_temp_range$7,0002023-08-01
1437346DCHECK failure in static_cast<unsigned>(length_) > static_cast<unsigned>(i) in zone-list.h-2023-08-01
1439211Fatal error in Type cast failed in CAST(LoadRegisterAtOperandIndex(0)) at ../../src/interpreter-2023-08-01
1439694DCHECK failure in !Heap::InYoungGeneration(table) in ephemeron-remembered-set.cc-2023-08-01
1439699DCHECK failure in last_position.IsKnown() in profiler-listener.cc-2023-08-01
1427804Security: UAF in extensions::SupervisedUserExtensionsDelegateImpl::ShowParentPermissionDialogForExtension$4,0002023-07-31
1432892Security:heap-buffer-overflow in translate$1,0002023-07-31
1435080dawn_wire_server_and_vulkan_backend_fuzzer.exe: Crash in CmdBeginRenderPass::execute-2023-07-31
1432249Crash in memfd:swiftshader_jit-2023-07-30
1434955DCHECK failure in HasOutputRegister(target) in maglev-graph-builder.h-2023-07-29
1435078Crash in unsigned int v8::base::AsAtomicImpl<int>::Relaxed_Load<unsigned int>-2023-07-29
1435079DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-intern-2023-07-29
1435152CHECK failure: shared(isolate).IsSharedFunctionInfo()-2023-07-29
1435756CHECK failure: function__value.IsJSFunction()-2023-07-29
1423360heap-use-after-free : base::internal::begin-2023-07-28
1430323Security: UAF in vrend_update_stencil_state$7,0002023-07-28
1434531DCHECK failure in current_counter_ < aoc.next_counter_ in allocation-observer.cc-2023-07-28
1435077CHECK failure: function__value.IsJSFunction()-2023-07-28
1430381Security: UAF in vrend_renderer_pipe_resource_set_type$7,0002023-07-27
1432508net_host_resolver_manager_fuzzer.exe: Heap-use-after-free in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImp-2023-07-27
1398986Security: ChromeOS kerberosd-exec command execution$2,0002023-07-26
1427353Security: Error Path Double Free in __i915_gem_ttm_object_init$1,0002023-07-26
1422844oob in operator_selection-2023-07-25
1425370Security: UAF in MLGraphXnnpack::BuildOnBackgroundThread$11,0002023-07-25
1425922Security: UAF in blink::MLGraphXnnpack::ComputeOnBackgroundThread$8,0002023-07-25
1432603Security: [0-day] Integer overflow in SkSLVMCodeGenerator (skia)-2023-07-25
1434193DCHECK failure in 0 == result in mutex.cc-2023-07-25
1428786memory corruption in v8$7,0002023-07-24
1419895Use-of-uninitialized-value in v8::internal::StackFrameIteratorForProfiler::IsValidCaller-2023-07-22
1433037Crash in Builtins_GeneratorPrototypeNext-2023-07-22
1433328Vulnerability reported in /third_party/libxslt-2023-07-22
1068358mount-encrypted: creating incorrect encstateful space in dev mode can force dumping encstateful key to disk-2023-07-21
1414398Security: Bypass Issue 1385343 Extension with <all_urls> permission can read arbitrary local files although (Allow access to file URLs) is disabled$5,0002023-07-21
1426521Security: Heap-use-after-free in ExclusiveAccessBubbleViews::UpdateBounds$10,0002023-07-21
1427012Security: Race Condition UAF in l2cap_disconnect_req and l2cap_disconnect_rsp$5,0002023-07-21
1430079Security: heap-use-after-free on ash/drag_drop/tab_drag_drop_windows_hider.cc$3,0002023-07-21
1430269Security: Very long extension name spoofs debugging infobar and breaks other UI$5002023-07-21
1430692Security: UAF in Chrome OS Camera App ash::CameraAppHelperImpl::OnStorageStatusUpdated$5,0002023-07-21
1413813Fenced frame spoof documentPictureInPicture$4,0002023-07-20
1430981DCHECK failure in static_cast<unsigned>(index) < static_cast<unsigned>(length()) in fixed-array-in-2023-07-20
1431729__mm256_castsi128_si256 high-bit uninitialized memory eventually leads to unknown behavior(such as b-2023-07-20
1407048Security: Race Condition UAF in amdtee_open_session$10,0002023-07-19
1424177LAN9500, LAN75xx driver information leak$3,0002023-07-19
1427332oob write in vrend_renderer_transfer_write_iov$15,0002023-07-19
1428743Extension has access to chrome://new-tab-page-2023-07-19
1430106Security: heap-use-after-free on chrome/browser/ui/ash/crosapi_new_window_delegate.cc$3,0002023-07-19
1431659CHECK failure: ReadOnlyHeap::Contains(heap_object) || shared_space_->Contains(heap_object) || s-2023-07-19
1431834Use-after-poison in mojo::SimpleWatcher::OnHandleReady-2023-07-19
1432210Security: [0-day] JIT optimisation issue-2023-07-19
1432248DCHECK failure in !value->properties().is_conversion() in maglev-interpreter-frame-state.h-2023-07-19
1416350Security: Document PiP can spoof top-level page origin, show attacker content in PiP window, open PiP windows from iframes$4,0002023-07-18
1422250Security: Race Condition UAF in evdi_painter_mode_changed_notify$6,0002023-07-18
1429372freetype_cff_ftengine_fuzzer: Heap-buffer-overflow in tt_size_reset_iterator-2023-07-18
1429753DCHECK failure in source_position_iterator_.code_offset() > offset in maglev-graph-builder.h-2023-07-18
1430649Stack-use-after-scope in blink::AnimationFrameTimingMonitor::Did-2023-07-18
1432198GPU failure in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork-2023-07-18
1431635DCHECK failure in value.InAnySharedSpace() in marking-barrier-inl.h-2023-07-17
1431773Use-after-poison in mojo::InterfaceEndpointClient::HandleValidatedMessage-2023-07-17
1430644Security: heap-buffer-overflow on WebSQL sqlite3VdbeSorterInit$1,0002023-07-14
1414235heap-buffer-overflow : charntorune-2023-07-13
1425779Security: SEGV_ACCERR in v8 JSArrayBuffer::Attach-2023-07-13
1429201Security: Memory corruption due to HeapVector iterator invalidation$8,0002023-07-13
1429570CHECK failure: (chunk->slot_set<OLD_TO_NEW>()) == nullptr in heap-verifier.cc-2023-07-13
1429787CHECK failure: ReadOnlyHeap::Contains(heap_object) || shared_space_->Contains(heap_object) || s-2023-07-13
1430221Security: [WEBGPU] UAF in SetForwardingDeviceCallbacks-2023-07-13
1430927CHECK failure: !v8::internal::v8_flags.enable_slow_asserts.value() || (IsHeapObject()) in heap--2023-07-13
1038996MessageSender.url should not be spoofable by a compromised renderer-2023-07-12
1420161Security: RACE CONDITION UAF in kfd_ioctl_unmap_memory_from_gpu$11,0002023-07-12
1427845DCHECK failure in HasFeedbackMetadata() in shared-function-info-inl.h-2023-07-12
1428853lightweight-heap-use-after-free : profile_metrics::GetBrowserProfileType-2023-07-12
1415129Security: Uninitialized Pointer in `msm_parse_post_deps`$16,0002023-07-11
1429720Security: Mojo message validation bypass due to shared memory.-2023-07-11
1429197Security: Memory corruption due to accessing invalid context$8,0002023-07-10
1429810DCHECK failure in new_properties.can_eager_deopt() implies properties().can_eager_deopt() in magle-2023-07-10
1406900Security: FedCM should have clickjacking protection$1,0002023-07-08
1408120heap overflow in ForeignSessionHandler::OpenForeignSessionWindows$3,0002023-07-08
1429323DCHECK failure in ValidOpInputRep(graph, input, rep) in operations.h-2023-07-07
1429464DCHECK failure in use_reprs - UseRepresentationSet({UseRepresentation::kInt32, UseRepresentation::-2023-07-07
1367125Security: [webkit] heap-use-after-free in WebCore::DOMWrapperWorld::~DOMWrapperWorld()+0x25b$7,0002023-07-06
1410191Crash in vk::ImageView::clear$15,0002023-07-06
1417881sql_recovery_fuzzer: Use-of-uninitialized-value in sql::recover::LeafPayloadReader::PopulateNextOverflowPageId-2023-07-06
1423304Security: Permission bypass due to not erase request properly$7,5002023-07-06
1424337UAF in DevToolsAgentHostImpl::ForceDetachAllSessions(with headless mode and puppeteer) $3,0002023-07-06
1427431Chrome Crashpad arbitrary file create$3,0002023-07-06
1427449UAF in content::NavigationState::RunCommitSameDocumentNavigationCallback$7,0002023-07-06
1428984neteq_signal_fuzzer: Heap-use-after-free in webrtc::test::FuzzSignalInput::PopPacket-2023-07-06
900441Security: Content-Type & Nosniff Ignored in Chrome for iOS$5002023-07-05
1426851Chrome: Crash Report - permissions::PermissionRequestManager::PreIgnoreQuietPromptInternal-2023-07-05
1427746Security: Triggering SEGV && Debug check failed: reinterpret_cast<Address>(result) < reinterpret_cast<Address>(data->limit) in v8-2023-07-05
1427865Arbitrary OOB read and write with WebGL via SwiftShader$10,0002023-07-05
1427876Security: Debug check failed: last_position.IsKnown().-2023-07-05
1428440Security: Heap-use-after-free in ScreenAIService::TriggerProcessingNextTaskInQueue$11,0002023-07-05
1428524DCHECK failure in input_phi->value_representation() == repr in maglev-phi-representation-selector.-2023-07-05
1428580DCHECK failure in has_value() in heap-refs.h-2023-07-05
1425058Security: UAF in base::ObserverList<ash::eche_app::EcheConnectionStatusObserver::Observer$1,0002023-07-04
1426351Security: Heap-use-after-free in ProfileTokenNavigationThrottle::WillProcessRespons $4,0002023-07-04
1427043Heap-use-after-free in SavedTabGroupBar$3,0002023-07-04
1427388Segv on unknown address in unsigned int v8::base::AsAtomicImpl<int>::Relaxed_Load<unsigned int>-2023-07-04
14278823 vulnerabilities reported in /third_party/libxml-2023-07-04
1428354DCHECK failure in scope->is_declaration_scope() implies !scope->AsDeclarationScope()->was_lazily_p-2023-07-04
1428357skia_path_fuzzer: Crash in SkMallocPixelRef::MakeAllocate-2023-07-04
1428584DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2023-07-04
1425821Security:Kernel Info Leak in cros_ec_chardev_ioctl_xcmd$4,0002023-07-03
1427719net_http_server_fuzzer: Heap-use-after-free in net::HttpServer::HandleReadResult-2023-07-03
1427943DCHECK failure in ThreadId::Current() == thread_id() in isolate.cc-2023-07-03
1337597dawn_wire_server_and_vulkan_backend_fuzzer: Segv on unknown address in __tls_get_addr-2023-06-30
1350561Security: heap-use-after-free ui/events/event_processor.cc:77:26 in ui::EventProcessor::OnEventFromSource(ui::Event*)$4,0002023-06-30
1398991Security: ChromeOS pluginvm arbitrary chmod 777$5,0002023-06-30
1425769Security: segv in JsonStringifier::SerializeString$8,0002023-06-30
1426157DCHECK failure in last_position.IsKnown() in profiler-listener.cc-2023-06-30
1413031Security: Race Condition UAF in hci_cmd_sync_work$8,5002023-06-28
1416380Security: Document PiP window can be resized and moved by compromised renderer, user can interact with sensitive UI using keyboard without being aware$1,0002023-06-28
1420029DCHECK failure in type.IsWord32() in assert-types-reducer.h-2023-06-28
1420510Security: heap-use-after-free in blink::WebString::WebString$3,0002023-06-28
1411593Global-buffer-overflow in gl::GLDisplayManager<gl::GLDisplayEGL>::RemoveGpuPreference-2023-06-27
1413586Security: Android permission prompt tapjacking$2,0002023-06-27
1418224Security: String with different encoding mismatch, leading Out-of-bounds access.$5,0002023-06-27
1420631Security: ChromeOS cras D-Bus cras_iodev_start_volume_ramp memory corruption$3,0002023-06-27
1424955Security: Debug check failed: IsSweepingInProgress()$8,0002023-06-27
1425339Security: Heap-use-after-free in LocalTabGroupListener::AddWebContents $5,0002023-06-27
1425630Heap-use-after-free in blink::NGGridLayoutAlgorithm::BuildGridSizingSubtree-2023-06-27
1425670Heap-use-after-free in blink::NGSubgriddedItemData::CreateSubgridCollection-2023-06-27
1305410Security: crosvm user command execution-2023-06-26
1361042Security: Lockscreen - phone options available$1,0002023-06-26
1413701Security: UAF in void perfetto::DataSource<perfetto::perfetto_track_event::TrackEvent$3,0002023-06-26
1424486Crash in Builtins_KeyedHasIC-2023-06-26
1425333Security: unreachable code at src/builtins/torque-internal.tq:101:45-2023-06-26
1425488Security: SEGV_MAPERR 00001bd0c4a9 in V8-2023-06-26
1425765DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2023-06-26
1425782Crash in Builtins_SortCompareUserFn-2023-06-26
1425338Security: Heap-use-after-free in SavedTabGroupButton::DeleteGroupPressed-2023-06-24
1290664Security: Autofill prompt can be obscured by Picture-in-Picture overlay, allows stealthy autofill data theft$5,0002023-06-23
1415330Security: TALOS-2023-1724 - Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability $15,0002023-06-23
1421619Security: Check failed: frame_index < output_count_ - 1.-2023-06-23
1422533Heap-use-after-free in blink::NGTextDecorationPainter::UpdateDecorationInfo$11,0002023-06-23
1422876UAF in PerformanceControlsHatsService-2023-06-23
1423610Security: SEGV_ACCERR in v8$21,0002023-06-23
1424721DCHECK failure in isolate->main_thread_local_heap()->IsRunning() in handles-inl.h-2023-06-23
1424926DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2023-06-23
1424995Security: Heap-use-after-free in TabGroupModel::GetTabGroup$3,0002023-06-23
1425124Fatal error in Type representation error: node Phi (input @1 = Identity) type Tagged is not Int-2023-06-23
1375133Security: Device chooser dialogs do not show origin if initiator origin is opaque$3,0002023-06-21
1407564Security: Race Condition UAF in hidp_session_thread$20,0002023-06-21
1418549Security: Document PIP inherits wrong origin when opened from an extension popup$2,0002023-06-21
1419732Bypass 1349146, local file access checks can be bypassed by using `file:` instead of `file://`$5,0002023-06-21
1421609Security: Debug check failed: !IsBound() || (Predecessors().size() == 1 && kind_ == Kind::kLoopHeader)-2023-06-21
1422830UAF in v8_inspector$1,0002023-06-21
1422836Security: use-after-poison animation_frame_timing_monitor.cc:173 in blink::AnimationFrameTimingMonitor::OnMicrotasksCompleted-2023-06-21
1423207Security: Security: SEGV_MAPERR 00000000d849 in v8-2023-06-21
1423258Security: Bypass https://chromium-review.googlesource.com/c/chromium/src/+/4294941 using upper-cased file: protocol (Source maps support for file:// URLs gives devtools_page extensions local file access)$5,0002023-06-21
1423580DCHECK failure in input_index == StoreTaggedFieldWithWriteBarrier::kObjectIndex implies phi->value-2023-06-21
1424187Check permissions of shared memory for Linux lock-2023-06-21
1424274Use-of-uninitialized-value in v8::internal::Sweeper::LocalSweeper::ParallelIteratePromotedPageForRememberedSet-2023-06-21
1424276Use-of-uninitialized-value in v8::internal::Sweeper::LocalSweeper::ParallelIteratePromotedPageForRememberedSet-2023-06-21
1424307Crash in Builtins_RecordWriteIgnoreFP-2023-06-21
1424487DCHECK failure in UsableCapacity() <= TotalCapacity() in new-spaces.cc-2023-06-21
1418061Security: Chrome on Android can self-intent into CCT, allowing sandboxed iframe allow-popups-to-escape-sandbox bypass.$1,0002023-06-19
1421268Security: Lack of validation in mojom traits for media::mojom::VideoFrame.-2023-06-19
1423139DCHECK failure in IsPrimitiveMap() in map-inl.h-2023-06-19
1411862heap-use-after-free in Read Anything$1,0002023-06-17
1422594Security: GL_ShaderBinary exposed to untrusted processes.-2023-06-17
1422812DCHECK failure in string.IsFlat() in string-inl.h-2023-06-17
1423402DCHECK failure in BasicBlock::GetCommonDominator(block, user_block) == block in effect-control-lin-2023-06-17
1417325Security: Safe Browsing bypass via data URI, no warning if SB fails$3,0002023-06-16
1418955Security: PDFium leaks JSGlobalObject-2023-06-16
1419751[wasm][memory64][simd] DCHECK failure in is_gp_pair() in liftoff-register.h-2023-06-16
1421773Security: use-after-free in ManagePasswordsUIController::OnChooseCredentials$10,0002023-06-16
1398990Security: ChromeOS Arbitrary Root File Delete$5,0002023-06-15
1411997Security: Race Condition UAF in i915_gem_execbuffer2_ioctl$21,0002023-06-15
1413919documentPictureInPicture UI spoof via opener$1,0002023-06-15
1422110Security DCHECK failed: IsA<Derived>(from) blink::TimelineOffset::Create timeline_offset.cc:82$8,0002023-06-15
1223346Security: heap-use-after-free CmdDrawBase::draw-2023-06-14
1374224Disallow apps to prevent the lock key-2023-06-14
1385714Security: Permissions Prompt UI spoof through a custom CSS cursor$3,0002023-06-14
1419831Security: PDFium UAF vulns$7,0002023-06-14
1420329Security: Heap-buffer-overflowREAD {*} in strtol in freetype library-2023-06-14
1421237DCHECK failure in object->FitsRepresentation(representation) in objects.cc-2023-06-14
1422256Crash in Builtins_ObjectPrototypeIsPrototypeOf-2023-06-14
1422510Crash in v8::internal::HandleBase::IsDereferenceAllowed-2023-06-14
1422564Crash in v8::internal::Object::AddDataProperty-2023-06-14
1422569Crash in Builtins_Construct-2023-06-14
1421170Security: [WebGPU] UAF in TransitionMappableBuffersEagerly -2023-06-13
1421257DCHECK failure in !IsNullValue(args[1]) && !IsUndefinedValue(args[1]) in maglev-graph-builder.cc-2023-06-13
1421451Crash in Builtins_StoreTypedElementJSAny_Int16Elements_0$9,0002023-06-13
1421591DCHECK failure in IrOpcode::kInt64Constant == node->opcode() in instruction-selector-x64.cc-2023-06-13
1421712DCHECK failure in double_registers_.free() | node->double_temporaries() == double_registers_.free(-2023-06-13
1365884Security: Crostini apps can draw over "Press [Esc] to exit full screen" UI-2023-06-12
1420475Security: IsA<Derived>(from) blink::LayoutMultiColumnFlowThread::UpdateGeometry layout_multi_column_flow_thread.cc:1684-2023-06-12
1420790Security: ChromeOS cras D-Bus audio_thread_config_global_remix memory corruption$17,5002023-06-12
1418561Security: heap-use-after-free worker_thread.cc:671 in blink::WorkerThread::InitializeOnWorkerThread$8,0002023-06-10
1421146GPU failure in ChromeContentUtilityClient::UtilityThreadStarted-2023-06-10
1421152GPU failure in content::IntentionallyCrashBrowserForUnusableGpuProcess-2023-06-10
1204438Security: seneschal shared paths can include symlinks-2023-06-09
1406120Security: Android Text Selection Menu Able to Overlap Fullscreen Notification Toast$2,0002023-06-09
1407475Security: unreachable code in maglev::MaglevGraphBuilder::VisitStaCurrentContextSlot$7,0002023-06-09
1418837Security: After refactor, page can use EyeDropper API to bypass mouse movement/keyboard input requirements for autofill (regression of issue 1287364)$3,0002023-06-09
1419718Security: web HID memory corruption bug$8,0002023-06-09
1419742Crash in blink::AXObjectCacheImpl::RemoveSubtree-2023-06-09
1419773Security: Heap-use-after-free in UserNotesPageHandler::GetNoteOverviews$4,0002023-06-09
1420107Security: Double-free in libwebp WebPEncode (with alpha) under OOM condition$1,3372023-06-09
1420206Security: heap-use-after-free fake_video_capture_device.cc:515:15 in media::FakePhotoDevice::TakePhoto-2023-06-09
1420719Negative-size-param in void v8::internal::WriteFixedArrayToFlat<unsigned char>-2023-06-09
1420860Crash in v8::internal::JSArray::ArrayJoinConcatToSequentialString-2023-06-09
1420863Heap-use-after-free in BookmarkBubbleView::BookmarkBubbleDelegate::ShowEditor-2023-06-09
1420963DCHECK failure in Heap::InToPage(heap_object) in mark-compact.cc-2023-06-09
1156246Security: tamachiyomi unowned-2023-06-07
1278708AddressSanitizer: heap-use-after-free in blink::NetworkStateNotifier::NotifyObserversOnTaskRunner$2,0002023-06-07
1404745heap-use-after-free : keyboard::decoder::runtime5::GetUnicodesNearShift-2023-06-07
1417514Security DCHECK failed: !NeedsLayout() || ChildLayoutBlockedByDisplayLock() in layout_object.h-2023-06-07
1420117Security: SEGV_ACCERR in v8 -2023-06-07
1374518Security: Presentation API dialog does not show origin if initiator origin is opaque (due to fix for issue 1342072)$3,0002023-06-06
1378476Out of bound write in GPU$15,0002023-06-06
1399862Insufficient fix for Cross-Origin (Partial) Status Code leak (XS-Leak)$1,0002023-06-06
1410850Apps and websites can arbitrarily open new browser windows on Android-2023-06-06
1414018Security: Heap-buffer-overflow in FrameSinkManagerImpl::UnregisterFrameSinkHierarchy$5,0002023-06-06
1029296CrOS: Vulnerability reported in sys-libs/ncurses-2023-06-05
1043332CrOS: Vulnerability reported in media-sound/sox-2023-06-05
1405410CrOS: Vulnerability reported in net-misc/curl-2023-06-05
1417133Security: UAF when code runs after NavigationThrottle's Resume() or CancelDeferredNavigation() are called$10,0002023-06-05
1417176Security: Security DCHECK failed: IsA<Derived>(from) blink::StylePropertyMap::append style_property_map.cc:384$7,0002023-06-05
1417649Security: UAF in simple_devtools_protocol_client::SimpleDevToolsProtocolClient::DispatchProtocolMessageTask($4,0002023-06-05
1418734Convert it != .end() DCHECKs for known failures in the wild-2023-06-05
1419677DCHECK failure in object.Size() == current_.size in invalidated-slots-inl.h-2023-06-05
1418223pdf_formcalc_context_fuzzer: Segv on unknown address in Builtins_InterpreterPushArgsThenCall-2023-06-04
1418706v8_wasm_code_fuzzer: DCHECK failure in opcode >> 8 == kGCPrefix in function-body-decoder-impl.h-2023-06-03
1412658Security: stack-buffer-overflow in crashpad $3,0002023-06-02
1418078Vulnerability reported in /third_party/libxml-2023-06-02
1418508blink_storage_key_fuzzer: Trap in NotImplemented-2023-06-02
1418621DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2023-06-02
1285604Side-channel attack can deanonymize users (potential risk to journalists and activists) "Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses"-2023-06-01
1404279DCHECK failure in code == topmost_ implies safe_to_deopt_ in deoptimizer.cc-2023-05-31
1414278UAF in aura::Window$1,0002023-05-31
1414581Security: Heap-use-after-free in ash::WizardController::HandleAccelerator$1,0002023-05-31
1414975Security: Document PIP origin spoof$3,0002023-05-31
1415008Security: Possible UAF in PinManager::NotifyDelete$1,0002023-05-31
1417122Security: UAF in PlatformAuthNavigationThrottle::FetchHeadersCallback$38,0002023-05-31
1417185Security: heap-buffer-overflow in base::SampleVectorBase::MoveSingleSampleToCounts-2023-05-31
1417389[Security] V8 Debug check failed: OFFSET_OF(Isolate, string_stream_current_security_token_) == strin$7,0002023-05-31
1412487Security: Type confusion in v8 value serializer$10,0002023-05-30
1413539Heap-use-after-free in ui::Layer::OnDeviceScaleFactorChanged-2023-05-30
1414224heap-use-after-free : TemplateURLService::CreateSyncDataFromTemplateURL-2023-05-30
1415328Security: heap-buffer-overflow in base::debug::ActivityUserData::ActivityUserData-2023-05-30
1416785base_activity_analyzer_fuzzer: Heap-buffer-overflow in base::debug::ThreadActivityTracker::IsValid-2023-05-30
1416921base_activity_analyzer_fuzzer: Use-of-uninitialized-value in base::debug::GlobalActivityAnalyzer::PrepareAllAnalyzers-2023-05-30
1417089Security: Heap-use-after-free in PasswordAutofillManager::DidAcceptSuggestion $42,0002023-05-30
1417353Security: Debug check failed: 0 != new_nodes_.count(value) (0 vs. 0).-2023-05-30
1417380DCHECK failure in CpuFeatures::IsSupported(*feature) in macro-assembler-shared-ia32-x64.h-2023-05-30
1417412DCHECK failure in 0 != new_nodes_.count(value) in maglev-graph-builder.h-2023-05-30
1417463DCHECK failure in ValidOpInputRep(graph, left(), input_rep) in operations.h-2023-05-30
1417585Map deprecation racing with concurrent compilation can break invariant-2023-05-30
1417908v8_wasm_fuzzer: Global-buffer-overflow in v8::internal::wasm::WasmFullDecoder<v8::internal::wasm::Decoder::NoValidationTag-2023-05-30
1415366UAF in permissions::PermissionRequest::request_type$41,0002023-05-29
1381812sql_recovery_fuzzer: Use-of-uninitialized-value in sql::recover::LeafPayloadReader::ReadPayload-2023-05-28
1415371crashpad_process_snapshot_intermediate_dump_fuzzer: Heap-buffer-overflow in crashpad::internal::ExceptionSnapshotIOSIntermediateDump::InitializeFromMachExce-2023-05-28
1416828Heap-use-after-free in ui::Layer::OnDeviceScaleFactorChanged-2023-05-28
1411210Security: [swiftshader] heap-use-after-free on vk::Query::start$15,0002023-05-27
1417317heap-buffer-overflow in base::PersistentHistogramAllocator::GetHistogram-2023-05-27
1417370Use-after-poison in v8::internal::maglev::MaxCallDepthProcessor::ConservativeFrameSize-2023-05-27
1417386DCHECK failure in new_properties.can_eager_deopt() implies properties().can_eager_deopt() in magle-2023-05-27
1341430Security: Page can obtain autofill data with two consecutive taps with minimal user awareness, bypasses issue 1240472 and issue 1279268 fixes$3,0002023-05-26
1394736Security:UAF in content::SyntheticMouseDriver::DispatchEvent(browser process)$2,0002023-05-26
1402533heap-use-after-free : base::ScopedObservation<ash::WindowState, ash::WindowStateObserver>::Reset-2023-05-26
1412343v8 oob read in turboshaft::Graph::IncrementInputUses$7,0002023-05-26
1413628Security: use-after-poison rtp_contributing_source_cache.cc:215 in blink::RtpContributingSourceCache::ClearCache$4,0002023-05-26
1414146DCHECK failure in !detail::is_float_special_value(min) in types.h-2023-05-26
1414201DCHECK failure in IsFloat64() in types.h-2023-05-26
1414255DCHECK failure in min <= max in type-inference-reducer.h-2023-05-26
1415158flac_audio_handler_fuzzer: Heap-buffer-overflow in media::FlacAudioHandler::WriteCallbackInternal-2023-05-26
1415249DCHECK failure in !receiver->IsAccessCheckNeeded() || lookup->name()->IsPrivate() in ic.cc-2023-05-26
1416146flac_audio_handler_fuzzer: Trap in std::Cr::__libcpp_verbose_abort-2023-05-26
1416695DCHECK failure in !detail::is_float_special_value(max) in types.h-2023-05-26
1413618Security: Bug 1238631 regression (Share dialog on Windows can render over address bar, window controls)$1,0002023-05-23
1414511Security: ChromeOS root privilege escalation (mount-passthrough-jailed)$31,0002023-05-23
1414738Security: UAF in AppFinder::OnGetAppDescriptions$31,0002023-05-23
1400589Buffer overflow in the rndis_wlan driver for Linux kernel$20,0002023-05-22
1413945Security: Security DCHECK failed: IsA<Derived>(from) blink::LayoutMultiColumnFlowThread::ComputeSize layout_multi_column_flow_thread.cc:1666$8,0002023-05-22
1413842flac_audio_handler_fuzzer: Global-buffer-overflow in media::AudioFifo::Consume-2023-05-20
1414788Bad-cast to unsigned int (const void *) in FcHashTableFind-2023-05-20
1401560Security: UAF in drm_gem_object_release_handle2$1,0002023-05-19
1413005Security: A UAF in WebRTC$2,0002023-05-19
1413600Segv on unknown address in blink::LayoutObjectChildList::Trace-2023-05-19
1409761Security: Race Condition Double Free in i915_gem_set_tiling_ioctl$20,0002023-05-17
1410942heap-use-after-free : nearby::connections::`anonymous namespace'::IncomingStreamInternalPayload::Close-2023-05-17
1412020Security DCHECK failure: IsA<Derived>(from) in casting.h-2023-05-17
1412629type mismatch with turboshaft,1 vs NaN$7,0002023-05-17
1413194Segv on unknown address in v8::internal::StackFrame::ComputeType-2023-05-17
1413533DCHECK failure in iterator_.next_bytecode() == interpreter::Bytecode::kJumpIfUndefined in maglev-g-2023-05-17
1413584safe_browsing_dmg_fuzzer: Trap in std::Cr::__libcpp_verbose_abort-2023-05-17
1413651DCHECK failure in main-thread handle can only be created on the main thread in handles-inl.h-2023-05-17
1293640Security: Linux Kernel i915 Linear Out-Of-Bound read and write access-2023-05-15
1412643DCHECK failure in !MarkCompactCollector::IsOnEvacuationCandidate(target) in scavenger.cc-2023-05-15
1412940v8_wasm_compile_fuzzer: DCHECK failure in !SlotInterference(target.stack_state[i], base::VectorOf(cache_state_.stack_state-2023-05-15
1410766heap-buffer-overflow in aom_yv12_copy_v_c$10,0002023-05-14
1045681Security: Extension fingerprinting by detecting fetched resources$1,0002023-05-13
1382969Security: heap-use-after-free in observer_list.h triggered via Notes/Annotation feature$1,0002023-05-13
1398638Security: UAF in drm_gem_shmem_vm_close-2023-05-13
1399742stack use after return in gpu::raster::(anonymous namespace)::OnReadYUVImagePixelsDone$10,0002023-05-13
1401562Security: UAF in drm_gem_object_release_handle3$21,0002023-05-13
1401595Security: Race Condition UAF in i915_gem_context_getparam_ioctl$21,0002023-05-13
1406429v8 oobr on an obj$7,0002023-05-13
1411558Segv on unknown address in v8::internal::TracedHandlesImpl::Create$9,0002023-05-13
1411656CrOS: Vulnerability reported in media-libs/tiff-2023-05-13
1412023boringssl_conf_fuzzer: Use-of-uninitialized-value in ASN1_template_free-2023-05-13
1412233boringssl_conf_fuzzer: Heap-use-after-free in sk_num-2023-05-13
1412236pdfium_fuzzer: Heap-use-after-free in CPDF_PageImageCache::StartGetCachedBitmap-2023-05-13
1412309Use-after-poison in cppgc::internal::ConservativeTracingVisitor::TraceConservativelyIfNeeded-2023-05-13
1412352boringssl_conf_fuzzer: Heap-use-after-free in sk_num-2023-05-13
878351CrOS: Vulnerability reported in media-libs/tiff-2023-05-10
1350740Security: access-violation on unknown address 0x12dfa490bbaa in dawn::native::TextureBase::TextureBase(browser process) $5,0002023-05-10
1354505Security: Hide real extension of file by many white spaces via suggestedName parameter - showSaveFilePicker$1,0002023-05-10
1394272Security: stack-use-after-scope in dawn::native::CommandEncoder::BeginRenderPass$10,0002023-05-10
1403515Heap Buffer Overflow in AudioWorkletProcessor::ClonePortTopology$7,0002023-05-10
1407595DCHECK failure in !object.InSharedHeap() in code-inl.h-2023-05-10
1407701UAF in blink::VideoFrameSubmitter::OnContextLost$3,0002023-05-10
1410970Security: SEGV_ACCERR in Maglev$7,0002023-05-10
1411076DCHECK failure in old_.bytes_ >= bytes in array-buffer-sweeper.cc-2023-05-10
1411153Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_))$7,0002023-05-10
1411533Crash in ProbeMemory-2023-05-10
1412001Security: Potential security bug in JSCallReducer::ReduceDataViewAccess-2023-05-10
1350329Security: UAFin CreateMdnsResponder$2,0002023-05-09
1406588Security: Heap-buffer-overflowREAD 1 in g_utf8_substring-2023-05-09
1407095Debug check failed: !MarkCompactCollector::IsOnEvacuationCandidate(target).-2023-05-09
1407955Security DCHECK failure: IsA<Derived>(from) in casting.h$9,0002023-05-09
1409217CrOS: Vulnerability reported in net-fs/samba-2023-05-09
1411113DCHECK failure in collector == GarbageCollector::MINOR_MARK_COMPACTOR implies !pretenuring_handler-2023-05-09
1401594Security: Race Condition UAF in i915_gem_context_create_ioctl$21,0002023-05-06
1258363URL Spoof after crash$1,0002023-05-05
1365100Security: Bypass iframe sandbox on Android via intent:// URLs (possibly due to intent:// url popups not inheriting sandbox)$3,0002023-05-05
1404621Security: Incognito Mode-specific external protocol prompts can be overlaid on other origins on Android.$1,0002023-05-05
1406032RendererAppContainer overwrites PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY mitigation-2023-05-05
1406162v8 crash in maglev::UseMarkingProcessor::MarkUse with maglev compiler$7,0002023-05-05
1407101Security: Debug check failed: result->owner() == owner (<unprintable> vs. <unprintable>).-2023-05-05
1407342Security: Debug check failed: begin.valid().$7,0002023-05-05
1407360Security: Debug check failed: entry->Is<InitialValue>().-2023-05-05
1407477Security: unreachable code in deoptimizer/translated-state.cc-2023-05-05
1408354Security: Debug check failed: pred_reverse_index != -1 (-1 vs. -1)$7,0002023-05-05
837495Security: Heap Buffer Overflow found in stream_decoder.c of libFLAC used by chromium-2023-05-03
1299235gpu_swangle_passthrough_fuzzer: Incorrect-function-pointer-type in rx::vk::PersistentCommandPool::init-2023-05-03
1311885Security: heap-use-after-free ash/host/ash_window_tree_host_unified.cc$2,0002023-05-03
1409785DCHECK failure in code->IsBytecodeArray(cage_base) || code->GetCode().kind() == CodeKind::BASELINE-2023-05-03
1410126Crash in ProbeMemory-2023-05-03
1337747v8_inspector_fuzzer: Use-of-uninitialized-value in v8_crdtp::cbor::CBOREncoder::HandleInt32-2023-05-02
1348791Security: heap-use-after-free ash/drag_drop/drag_drop_controller.cc (Lacros)$3,0002023-05-02
1408392TALOS-2023-1693 - Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability -2023-05-02
1408993Security: Security DCHECK failed: IsA<Derived>(from) blink::`anonymous namespace'::CalcToNumericValue:css_numeric_value.cc:162$8,0002023-05-02
1409171heap-use-after-free : PrefService::RemovePrefObserver via ash::input_method::NativeInputMethodEngineObserver::~NativeInputMethodEngineObserver()-2023-05-02
1409210DCHECK failure in !object.InSharedHeap() in code-inl.h-2023-05-02
1409650Security: SwiftShader binaries are included in the following Dockerfile by just pulling them from a bucket$2,0002023-05-02
1394659DCHECK failure in code->IsCode(cage_base) implies code->kind(cage_base) == CodeKind::BASELINE in p-2023-05-01
1408957Crash in ProbeMemory-2023-05-01
1409225DCHECK failure in receiver == lookup_start_object in maglev-graph-builder.cc-2023-05-01
1407045rtp_packet_fuzzer: Use-of-uninitialized-value in webrtc::ReadLeb128-2023-04-30
1406034memory corruption in blink::ReadableStreamDefaultControllerWithScriptScope::Enqueue$3,0002023-04-29
1274887Security: Autofill suggestion covers URL bar on Android-2023-04-28
1346924Security: ResourceTiming entries are not generated for responses with 204, 205 status codes when loaded in a iframe$2,0002023-04-28
1398579Security: Android - Bypass the Protection of input fields cache (Autofill) $5,0002023-04-28
1403573oob in RTCStatsCollector::ProduceTransportStats_n$2,0002023-04-28
1406265UAP in blink::WebGPUSwapBufferProvider::DiscardCurrentSwapBuffer(with --enable-unsafe-webgpu)$7,0002023-04-28
1408467Crash in blink::HTMLFastPathParser<unsigned char>::ParseAttributes$4,0002023-04-28
1257537CrOS: Vulnerabilities reported in net-misc/curl-2023-04-27
1341541Security: Bypass(1301873)Chrome for Android Hide Custom Fullscreen Toast View with Repeated delayed Enter Fullscreen Request $4,0002023-04-27
1386011UAF in MerchantViewerDataManager$1,0002023-04-27
1407571[TF::OptimizationBug] After optimization, running the "poc.js" yields segmentation fault$7,0002023-04-27
1048852Security: Leak of user's local IP address via unenforced Cross Site Origin policy and leak of networking timing-2023-04-27
1404822FedCM privacy_policy_url and terms_of_service_url accepts arbitrary URL-2023-04-26
1405123Google Chrome Console WebUI Heap-Overflow Vulnerability$2,0002023-04-26
1406115Out of bounds array access in SyncPointManager::GetSyncPointClientState()-2023-04-26
1407930DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-intern-2023-04-26
1408337v8_wasm_code_fuzzer: DCHECK failure in base::IsInBounds<uintptr_t>(offset, access_size, env_->module->max_memory_size) -2023-04-26
1382477Security: Fenced frames: can use focus to communicate across the fenced frame boundary-2023-04-25
1405574type confusion in chrome$1,0002023-04-25
1407606Crash in Builtins_Construct_WithFeedback-2023-04-25
1404230Security: (Android) PWA Install prompt can be overlaid over other origins.$2,0002023-04-24
1406203DCHECK failure in clients_head_ == shared_heap_isolate_ in safepoint.cc-2023-04-24
1406729Security: Debug check failed: old_entry.IsRegularEntry() in v8$8,0002023-04-24
1400037Security: UAF in VIRTGPU_RESOURCE_CREATE and VIRTGPU_RESOURCE_CREATE_BLOB$21,0002023-04-23
1401666Security: sideload APKs on ChromeOS without enabling developer mode nor ADB$3,0002023-04-22
1405107Security: UAF in KAnonymityServiceSqlStorage::InitializeOnDbSequence-2023-04-22
1405568Security: Race Condition Double Free in adreno_set_param$21,0002023-04-22
1406041Browser crashes when right clicking on input text-2023-04-22
1407363Heap-use-after-free in blink::CharacterData::ContainsOnlyWhitespaceOrEmpty-2023-04-22
1404864Security: Integer overflows in CountPages$11,0002023-04-21
1405256UAF in blink::RTCPeerConnectionHandler::OnIceCandidate$3,0002023-04-21
1406727Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)).-2023-04-21
1406760template_url_parser_fuzzer: Heap-buffer-overflow in xmlParseTryOrFinish-2023-04-21
1361204Security: heap-buffer-overflow components/ui_devtools/ui_element.cc:112:5$2,0002023-04-20
1364115Security: UAF in device_is_authenticating$5002023-04-20
1382971Chrome_ChromeOS: Crash Report - content::RenderFrameHostImpl::CreateURLLoaderNetworkObserver-2023-04-20
1400841Security: UAF in GuestViewBase::StopTrackingEmbedderZoomLevel$7,0002023-04-20
1401765Page background behind semi-transparent canvas leak content from other pages-2023-04-20
1402920DCHECK failure in !value->IsShared() in objects.cc-2023-04-20
1403539Security: PaymentRequest dialog selects an accept button by default$5,0002023-04-20
1403910Security: Debug check failed: IsJSObject().-2023-04-20
1404052Security: Debug check failed: ReadOnlyHeap::Contains(object) || heap_->Contains(object)$7,0002023-04-20
1404128Security: [maglev] Debug check failed: last_position.IsKnown()-2023-04-20
1404704V8 type confusion of object as v8::Function in CallMethodOnFrame$1,0002023-04-20
1376011heap-use-after-free : lens::LensSidePanelController::~LensSidePanelController-2023-04-18
1385343Security: Extension with <all_urls> permission can read arbitrary local files although (Allow access to file URLs) is disabled$10,0002023-04-18
1400522Security: heap-use-after-free in blink::PropertyTreeManager::EnsureCompositorTransformNode$8,0002023-04-18
1402921Crash in Builtins_ConstructProxy-2023-04-18
1403129Security: Fatal error in ../../src/heap/mark-compact.cc$7,0002023-04-18
1404079Security: segmentation fault in ResizableArrayBuffer in v8$8,0002023-04-18
1404123DCHECK failure in Shared heap must not have clients at teardown. The first isolate that is created-2023-04-18
1405324CHECK failure: !v8::internal::v8_flags.enable_slow_asserts || (!MarkCompactCollector::IsOnEvacu-2023-04-18
1394852Heap-use-after-free in v8::Isolate::IsInUse-2023-04-17
1401525CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)-2023-04-17
1404652Crash in v8::internal::SamplingEventsProcessor::Run-2023-04-17
1405157Heap-use-after-free in v8::Isolate::IsInUse-2023-04-17
1405707DCHECK failure in current_code_reachable_and_ok_ == this->ok() && control_.back().reachable() in f-2023-04-17
1404986Security DCHECK failure: IsA<Derived>(from) in casting.h-2023-04-15
1405110Security: Heap-use-after-free in KAnonymityServiceSqlStorage::WaitUntilReady-2023-04-15
1398989Security: ChromeOS On halt/reboot root file overwrite$20,0002023-04-14
1404639V8 type confusion of Undefined as v8::Function in ServiceWorkerGlobalScope::FetchHandlerType$7,5002023-04-14
1213778Security: Full screen notification overlap on Windows-2023-04-13
1376354UAF in network::WebTransport::TearDown$16,0002023-04-13
1395354Security:UAF in content::SyntheticPointerAction::ForwardTouchOrMouseInputEvents(browser process)$7,0002023-04-13
1400809DCHECK failure in _is_listening_to_code_events == IsListeningToCodeEvents() in code-events.h-2023-04-13
1402113Security: UAF in policy::DlpCopyOrMoveHookDelegate::RequestCopyAccess$7,0002023-04-13
1403531UAF in AsyncCompileJob::Abort$10,0002023-04-13
1405150DCHECK failure in element_size == 2 || element_size == 4 in maglev-ir-x64.cc-2023-04-13
1372356Flaky uninitialized memory in SkChromeRemoteGlyphCache-2023-04-12
1400113Security: Race Condition UAF in panfrost_ioctl_create_bo$20,0002023-04-12
1401965Security: Container-overflow in SavedTabGroupModel::RemoveTabFromGroup$2,0002023-04-12
1403546CHECK failure: !v8::internal::v8_flags.enable_slow_asserts || (IsSeqString_NonInline(*this)) in-2023-04-12
1403574register assign error with jit$7,0002023-04-12
1381857Security: ChromiumOS CRAS Server D-Bus SetGlobalOutputChannelRemix heap-over-flow$13,0002023-04-11
1404299flexfec_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RtpPacket::ParseBuffer-2023-04-11
1403099DCHECK failure in !was_told_to_yield_ in default-job.h-2023-04-10
1404232Heap-use-after-free in base::internal::CrashImmediatelyOnUseAfterFree-2023-04-08
1401933Heap-use-after-free in content::RendererCancellationThrottle::NavigationCancellationWindowEnded-2023-04-07
1320701CrOS: Vulnerability reported in sys-libs/ncurses-2023-04-06
1403397flexfec_receiver_fuzzer: Use-of-uninitialized-value in webrtc::RtpPacket::ParseBuffer-2023-04-06
1402000Security: heap-buffer-overflow in HidDeviceManager::GetApiDevicesFromList$2,0002023-04-05
1403168Security: Heap-use-after-free in ExtensionViewHost::OnDidStopFirstLoad$4,0002023-04-05
1401995Crash in content::GetDocumentUserData-2023-03-31
1402660DCHECK failure in ((chunk->slot_set<OLD_TO_OLD, AccessMode::ATOMIC>())) == nullptr in mark-compact-2023-03-31
1403399DCHECK failure in is_loadable() in maglev-ir.h-2023-03-31
1160485Security: Access to camera with clickjacking and popup window$2,0002023-03-30
1385982Security: Escape the page sandbox to the Chromium debugger via Chrome headless snapshots$2,0002023-03-30
1398992Security: ChromeOS potential crosvm command execution via virgl_render_server (unexploitable)$1,0002023-03-30
1400048Security: Debug check failed: string->InSharedHeap() in v8$8,0002023-03-30
1402270Debug check failed: value.IsForeign().$7,0002023-03-30
1042963Security: bypass of CSP validator to run remote code in extensions$3,0002023-03-28
1395027Heap-use-after-free in blink::AXObject::ComputeIsInertViaStyle-2023-03-28
1401996CHECK failure: !control->Is<JumpLoop>() in maglev-regalloc.cc-2023-03-28
1402139CHECK failure: is_backed_by_rab == typed_array->is_backed_by_rab() in value-serializer.cc-2023-03-28
1398987Security: ChromeOS debugd denial of service/service restart-2023-03-27
1400257Use-of-uninitialized-value in v8::sampler::SamplerManager::DoSample-2023-03-27
14015822 vulnerabilities reported in /third_party/libxml-2023-03-27
1402011CHECK failure: non_atomic_marking_state()->IsWhite(obj) in mark-compact.cc-2023-03-27
1402012Segv on unknown address in v8::internal::Heap::ExternalStringTable::TearDown-2023-03-27
1402057CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc-2023-03-27
1383708Heap-buffer-overflow in Fill32BppDestStorageWithPalette-2023-03-26
1396730Use-after-poison in content::InspectorMediaEventHandler::SendQueuedMediaEvents$9,0002023-03-25
1401295DCHECK failure in this->is_prototype_map() in map-inl.h-2023-03-25
1401571Vulnerability reported in /third_party/dav1d-2023-03-25
14015742 vulnerabilities reported in /third_party/libxml-2023-03-25
813542Security: Web sites can open privileged pages via remote debugging server (CSRF)$3,0002023-03-24
1399331Crash in v8::internal::MemoryAllocator::LookupChunkContainingAddress-2023-03-24
1400176GetEntriesWithChildFrames exposes top-level same origin iframes to cross-origin ones-2023-03-24
1401528DCHECK failure in entry.IsRegularEntry() in external-pointer-table-inl.h-2023-03-24
1394968DCHECK failure in Shared heap must not have clients at teardown. The first isolate that is created-2023-03-23
1400730Use-of-uninitialized-value in v8::internal::MarkingBarrier::Write-2023-03-23
1401069CHECK failure: untyped_->count(slot.address()) > 0 in heap-verifier.cc-2023-03-23
1401077DCHECK failure in ReadOnlyHeap::Contains(obj) || heap()->Contains(obj) in mark-compact-inl.h-2023-03-23
1401078CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)-2023-03-23
1401180DCHECK failure in !heap_->always_allocate() in incremental-marking.cc-2023-03-23
1401181CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k-2023-03-23
1401183CHECK failure: IsValidHeapObject(heap_, heap_object) in heap-verifier.cc-2023-03-23
1401336CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k-2023-03-23
1401337CHECK failure: IsValidHeapObject(heap_, heap_object) in heap-verifier.cc-2023-03-23
1361294CrOS: Vulnerability reported in net-wireless/bluez-2023-03-22
1386095CrOS: Vulnerability reported in media-libs/tiff-2023-03-22
1394279DCHECK failure in code == topmost_ implies safe_to_deopt_ in deoptimizer.cc-2023-03-22
1394408Security: Debug check failed: enum_length == map->NumberOfEnumerableProperties()$11,0002023-03-22
1394973Fatal error in Bytecode mismatch at offset 2 in interpreter.cc-2023-03-22
1395604Abrt in v8::internal::abort_with_reason-2023-03-22
1397348memory corruption in v8$7,0002023-03-22
1398994Security: ChromeOS CrosDisks mount-zip fuse argument injection$1,0002023-03-22
1399379DCHECK failure in ThreadId::Current() == thread_id() in isolate.cc-2023-03-22
1399424v8_wasm_fuzzer: Crash in v8::internal::Simulator::WriteW-2023-03-22
1399511Security: UAF in MojoQueryQuotaIpcz$30,0002023-03-22
1399799CHECK failure: !destination.IsDetachedOrOutOfBounds() in elements.cc-2023-03-22
1399805Crash in Builtins_PromiseRejectReactionJob-2023-03-22
1399904Security: Container Overflow in UDPSocket::OnLeaveGroupCompleted$10,0002023-03-22
1400054Bad-cast to mojo::core::ipcz_driver::ObjectBase from ipcz::ParcelWrapper in mojo::core::ipcz_driver::Object<mojo::core::ipcz_driver::DataPipe>::FromHandle-2023-03-22
1400062CrOS: Vulnerability reported in net-misc/curl-2023-03-22
1400431v8_serialized_script_value_fuzzer: Heap-buffer-overflow in v8::internal::ValueDeserializer::ReadJSArrayBuffer-2023-03-22
1400549DCHECK failure in frame->is_unoptimized() in frames.h-2023-03-22
1400551DCHECK failure in pred_reverse_index != -1 in graph.h-2023-03-22
1400810DCHECK failure in 0 < level_ in mutex.h-2023-03-22
1400051Security: Debug check failed: Shared heap must not have clients at teardown, leading to SEGV_ACCERR$8,0002023-03-19
1385941DCHECK failure in !initializing_store && property_details_.constness() == PropertyConstness::kCons-2023-03-18
1393499Security: UAF in drm_gem_object_release_handle$2,0002023-03-18
1395029CrOS: Vulnerability reported in dev-libs/libxml2-2023-03-18
1399080 Security: libtiff CVE vulnerabilities in Chromium 106.0.5249.103$5002023-03-18
1399328Crash in v8::internal::BasicMemoryChunk::area_start-2023-03-18
1399330CHECK failure: untyped_->count(slot.address()) > 0-2023-03-18
1399488Crash in v8::internal::LookupIterator::Start<0>-2023-03-18
1399489CHECK failure: index < size()-2023-03-18
1399491Crash in void v8::internal::MarkingVisitorBase<v8::internal::ConcurrentMarkingVisitor, v8-2023-03-18
1399696CHECK failure: value__value.IsJSReceiver() || value__value.IsSmi() || value__value.IsHeapNumber-2023-03-18
866311Security: Google Update for Windows allows arbitrary file creation when logs are enabled$5,0002023-03-16
1083278Security: DNS Cache Poisoning through resource exhaustion in Chrome.$5,0002023-03-16
1357366Sandbox bypass "allow-downloads"$3,0002023-03-16
1384737AppCommands: perhaps deprecate older command format-2023-03-16
1393547DCHECK failure in IsInRegister(target_state, incoming) in maglev-regalloc.cc-2023-03-16
1395603DCHECK failure in !value->allocation().IsConstant() in maglev-assembler-x64-inl.h-2023-03-16
1395718Security: UAF in HandleExpandedPaths$31,0002023-03-16
1399332DCHECK failure in heap()->non_atomic_marking_state()->IsWhite(target) in scavenger-inl.h-2023-03-16
1399377CHECK failure: external_page_bytes[t] == page->ExternalBackingStoreBytes(t)-2023-03-16
1378233CrOS: Vulnerability reported in dev-libs/libtasn1-2023-03-15
1396254Security: CVE-2022-3970 was fixed in libtiff and published but not propagated to Pdfium yet$1,0002023-03-15
1057218Security: Implement Resource Isolation with Random Restricted SIDs-2023-03-14
1392661Security: heap-use-after-free drop_target_event.cc:28 in ui::DropTargetEvent::DropTargetEvent$5,0002023-03-14
1395542Security: heap-use-after-free third_party/swiftshader/src/WSI/VkSwapchainKHR.cpp:43:13$2,0002023-03-14
1396222Security: Fatal error in ../../src/heap/sweeper.cc$7,0002023-03-14
1396338Crash in v8::internal::HeapObject::SizeFromMap-2023-03-14
1396339CHECK failure: marking_state_->IsBlack(heap_object) in mark-compact.cc-2023-03-14
1396341Use-of-uninitialized-value in v8::internal::MarkingBarrier::Write-2023-03-14
1396342DCHECK failure in handle & ~kVisitedHandleMarker == index << kExternalPointerIndexShift in externa-2023-03-14
1396344DCHECK failure in page->area_size() >= static_cast<size_t>(marking_state_->live_bytes(page)) in sw-2023-03-14
1018214Security: Updated Google Password. One of my Chrome OS machines still takes the old password though after over a week$1,0002023-03-13
1384403DCHECK failure in GetCurrentStackPosition() >= stack_guard()->real_climit() - 8 * KB in isolate.cc-2023-03-13
1394741DCHECK failure in isolate()->thread_id() == ThreadId::Current() in heap.cc-2023-03-13
1395117Crash in v8::internal::JsonParser<unsigned char>::ParseJson-2023-03-13
1395237Heap-use-after-free in v8::internal::NodeBase<v8::internal::GlobalHandles::Node>::index-2023-03-13
1395520CHECK failure: untyped_->count(slot.address()) > 0-2023-03-13
1395737DCHECK failure in LocationOperand::cast(source)->IsCompatible( LocationOperand::cast(destination))-2023-03-13
1371859stack-use-after-return in gpu::gles2::ProgramInfoManager::Program::UpdateES2$3,0002023-03-12
1383991blink::MediaInspectorContextImpl::CullPlayers$7,0002023-03-12
1395311CHECK failure: !base::IsInRange(slot.address(), start, end + 1) in remembered-set.h-2023-03-12
840716Unicode Line Terminators Can Cause UI Manipulation and Browser Crashes-2023-03-10
1385831UAF in CartService$2,5002023-03-10
1392721Security: heap-use-after-free on chromeOS using PhoneHub + Screensharing$2,0002023-03-10
1393384webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in av1_get_one_pass_rt_params-2023-03-10
1393564Security: UAF in content::NavigationRequest::SetViewTransitionState in browser process$20,0002023-03-10
1394382Chromium: Vulnerability reported in third_party/libxml-2023-03-10
1395183Crash in v8::internal::SpaceWithLinearArea::InvokeAllocationObservers-2023-03-10
1395186Chromium: Vulnerability reported in third_party/libxml-2023-03-10
1395240Crash in Builtins_JSEntryTrampoline-2023-03-10
1349146Security: Source maps support for file:// URLs gives devtools_page extensions local file access$5,0002023-03-09
1365366Security: [maglev] VisitSwitchOnGeneratorState function JumpTableTargetOffsets can be 0 $7,0002023-03-09
1380645Security: Use After Free in PasswordsPrivateDelegateImpl::OsReauthTimeoutCall,$1,0002023-03-09
1382484Security: Chrome on Android Keyboard Able to Overlap Fullscreen Notification Toast$7,5002023-03-09
1392588Security: Security DCHECK failed: IsA<Derived>(from) blink::CSSPrimitiveValue::ConvertToLength$8,0002023-03-09
1393728Security: stack-use-after-scope in dawn::native::d3d12::ShaderModule::Compile$10,0002023-03-09
1393732Security: Download notification can hide "Press and hold Esc to exit full screen" $3,0002023-03-09
1393865Turbofan-Optimization Bug: "Check failed: IsBigInt()"$7,0002023-03-09
1394692UAF in OnSyncMessageEventReady$6,0002023-03-09
1384516gpu_raster_fuzzer: Use-of-uninitialized-value in cc::ServiceImageTransferCacheEntry::Deserialize-2023-03-08
1385368Security: Debug check failed: s->IsFlat().$7,0002023-03-08
1393227Security: dcheck failed in object.InSharedHeap $7,0002023-03-08
1393270Crash in v8::internal::IsPrimitiveHeapObject_NonInline-2023-03-08
1393733CHECK failure: InstructionBlockAt(predecessor_id)->IsDeferred() in instruction.cc-2023-03-08
1393940CHECK failure: is_int8(disp) in assembler-x64.cc-2023-03-08
1394036CHECK failure: !control->Is<JumpLoop>() in maglev-regalloc.cc-2023-03-08
1394403Security: [0-day] FeedbackCell issue leading to type confusion-2023-03-08
1246736Security: Imagination PowerVR DRM Driver Integer overflow vulnerabilities on MTK platform Chromebook$20,0002023-03-07
1350386Security: UAF in ArcInputOverlayManager::ReadDefaultData-2023-03-07
1356760Reject hidden name-only cookie prefixes-2023-03-07
1370562uaf in ui::PropertyHandler::GetPropertyInternal(with )$2,0002023-03-07
1375131Security: Unknown crash with READ of size 8 when access the chrome://gpu with WebGPU enabled-2023-03-07
1380602Security: heap-use-after-free ui/views/view.cc:1921:7 in views::View::HandleAccessibleAction$2,0002023-03-07
1383442Security: UAF IN video_capture::VideoSourceImpl::OnClientDisconnected() services/video_capture/video_source_impl.cc:88:14$16,0002023-03-07
1386120Security: Pdfium heap-buffer-overflow in RgbByteOrderTransferBitmap()-2023-03-07
1386122Security: heap-buffer-overflow in CFX_DIBBase::SwapXY()-2023-03-07
1386123Security: Pdfium heap-buffer-overflow in RgbByteOrderTransferBitmap()-2023-03-07
1386124Security: Pdfium heap-buffer-overflow in CPDF_RenderStatus::LoadSMask()-2023-03-07
1392061Security: Debug check failed: IsPrimitiveMap()$10,0002023-03-07
1393097mhtml_parser_fuzzer: Heap-buffer-overflow in modp_b64_decode-2023-03-07
1393177Security: WebGPU UAF in Dawn Memory Transfer Service -2023-03-07
1392755DCHECK failure in isolate()->thread_id() == ThreadId::Current() in heap.cc-2023-03-06
1392934v8_wasm_async_fuzzer: DCHECK failure in has_index() in value-type.h-2023-03-06
1393468gpu_swangle_passthrough_fuzzer: Segv on unknown address in __tls_get_addr-2023-03-05
1393375Security: Read OOB due to resizing underline typed array buffer-2023-03-03
1393464DCHECK failure in handle & ~kVisitedHandleMarker == index << kExternalPointerIndexShift in externa-2023-03-03
1381871UAF in blink::WidgetBase::BeginMainFrame(base::TimeTicks)$1,5002023-03-02
1382761UAF in search::(anonymous namespace)::NewTabURLDetails::ForProfile(Profile*)$3,0002023-03-02
1386249Security: Unretained() can be used for objects on the Oilpan heap$3,0002023-03-02
1386667Negative-size-param in ipcz::BlockAllocator::InitializeRegion-2023-03-02
1392585Crash in Builtins_ConstructProxy-2023-03-02
1392865CHECK failure: InTypedSet(SlotType::kEmbeddedObjectFull, rinfo->pc()) || InTypedSet(SlotType::k-2023-03-02
1392936DCHECK failure in receiver_mode_ != ConvertReceiverMode::kNullOrUndefined in maglev-graph-builder.-2023-03-02
1392953Optimization bug in TurboShaft::MachineOptimizationReducer::ReduceSignedDiv$10,0002023-03-02
1316301DCHECK failure at blink::WebFrameWidgetImpl::DragTargetDragEnter$1,5002023-03-01
1382033Security: heap-buffer-overflow in network::ThrottlingNetworkInterceptor::UpdateThrottledRecords$2,0002023-03-01
1385709UAF in CartHandler$2,5002023-03-01
1386121Security: Pdfium heap-buffer-overflow in CFX_BitmapComposer::ComposeScanlineV()-2023-03-01
1392577Security: Debug Check end <= typed_aray->GetLength() -2023-03-01
1392589substring_set_matcher_fuzzer: Crash in base::SubstringSetMatcher::AhoCorasickNode::SetEdge-2023-03-01
1392715Security: heap-buffer-overflow in gpu::gles2::Texture::SetLevelCleared-2023-03-01
1385691Security: global-buffer-overflow css_property.cc:27 in blink::CSSProperty::Get$7,0002023-02-28
1385717Security: Debug check failed: slot < sentinel_ in UpdateUntypedOldToSharedPointers$8,0002023-02-28
1386647tint_regex_msl_writer_fuzzer.exe: Illegal-instruction in tint::Program::Program-2023-02-28
1386129substring_set_matcher_fuzzer: Heap-buffer-overflow in base::SubstringSetMatcher::AhoCorasickNode::SetEdge-2023-02-27
1386287DCHECK failure in result.valid() in optimization-phase.h-2023-02-27
1387883DCHECK failure in bytecode_offset >= kFunctionEntryBytecodeOffset in factory.cc-2023-02-27
1388938v8_wasm_streaming_fuzzer: DCHECK failure in sub_module->has_type(sub_index) in wasm-subtyping.cc-2023-02-27
1386649audio_encoder_isac_float_fuzzer.exe: Stack-buffer-overflow in webrtc::AudioEncoderIsacT<webrtc::IsacFloat>::EncodeImpl-2023-02-26
1360743Security: heap-use-after-free in the Metal features in the GPU process$1,0002023-02-25
1369205Tests are failing: Verify that the placeholder <canvas> associated with an OffscreenCanvas tainted with cross-origin content cannot be read once commit has propagated...-2023-02-25
1382074ui_x11_cursor_loader_fuzzer: Heap-buffer-overflow in ui::ParseCursorFile-2023-02-25
1383203DCHECK failure in input_count <= std::numeric_limits<decltype(this->input_count)>::max() in operat-2023-02-25
1384847Revisit configurations for CoInitializeSecurity calls-2023-02-25
1385673DCHECK failure in IsJSFunction() in heap-refs.cc-2023-02-25
1385935DCHECK failure in page->area_size() >= static_cast<size_t>(marking_state_->live_bytes(page)) in sw-2023-02-25
1379359MTLDeviceProxy does not properly copy NSStrings-2023-02-23
1155961wildcard entry with runtime_blocked_hosts in ExtensionSettings policy is not enforced correctly-2023-02-22
1339079Security: GPU process continues running even if we fail to initialize the sandbox-2023-02-22
1378564Use-after-free in Mojo ChannelMac::SendMessageLocked$30,0002023-02-22
1381849Memory corruption in PresentationRequest$8,5002023-02-22
1383755tint_ast_clone_fuzzer: Heap-use-after-free in tint::utils::HashmapBase<tint::sem::Type const*, tint::Source const*, 8ul, tint:-2023-02-22
1383976DCHECK failure in !initializing_store && property_details_.constness() == PropertyConstness::kCons-2023-02-22
1384318DCHECK failure in value->Is<Int32Constant>() || value->Is<StringLength>() || value->Is<BuiltinStri-2023-02-22
1384408Crash in v8::internal::Invoke-2023-02-22
1384411Crash in Builtins_StringSubstring-2023-02-22
1384474DCHECK failure in count <= destination.GetLength() in elements.cc-2023-02-22
1384513Stack-use-after-return in blink::NGConstraintSpaceBuilder::NGConstraintSpaceBuilder-2023-02-22
1384765Check return from AddAllowedAce in ServiceMain::InitializeComSecurity-2023-02-22
1384796Maybe use PROCESS_QUERY_LIMITED_INFORMATION in LegacyProcessLauncherImpl::LaunchCmdElevated-2023-02-22
1385291DCHECK failure in kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)) in tagged-impl.h-2023-02-22
1385305Segv on unknown address in Builtins_InterpreterEntryTrampoline-2023-02-22
1238642Security: Refcount overflow in RefCountedThreadSafeBase$1,0002023-02-21
1368230Security: SameSite cookie bypass on Android by redirecting to to intent-picker$5,0002023-02-21
1378357Security: Avast aswJsFlt.dll 18.0.1479.0 exposes vulnerable pipe endpoint to renderers-2023-02-21
1382363UAF in AppIconReader$2,0002023-02-21
1382581Security: UAF in validation_message_overlay_delegate$7,0002023-02-21
1383204Trap in Builtins_CheckTurbofanType-2023-02-21
1383422Security: Heap-buffer-overflow in CommerceHintAgent::DidFinishLoadCallback $2,5002023-02-21
1383791Security: UAF in lens::LensStaticPageController::LoadChromeLens$4,0002023-02-21
1384520Crash in Builtins_StringEqual-2023-02-21
1371215Security: Forced user interaction for permission prompts by freezing the browser$3,0002023-02-20
1379860DCHECK failure in !HAS_WEAK_HEAP_OBJECT_TAG(ptr_) in tagged-impl-inl.h-2023-02-20
1381763CrOS: Vulnerability reported in x11-libs/pixman-2023-02-20
1372019Security: ClientNativePixmapFactory implementations are probably not validating enough and should use checked math-2023-02-18
1344756Security: Heap-use-after-free in ReadAnythingCoordinator::CreateAndRegisterEntry$4,0002023-02-17
1381094Security: UAF in DlpScopedFileAccessDelegate::OnResponse-2023-02-17
1381217Security: Bypass 1342722, sourceMappingURL directive allows use of UNC paths on Windows$5,0002023-02-17
1382652Security: global-buffer-overflow in ash::default_user_image::GetRandomDefaultImageIndex()-2023-02-17
1382816v8_wasm_code_fuzzer: DCHECK failure in opcode >> 8 == kNumericPrefix in function-body-decoder-impl.h-2023-02-17
1382993Security: UAF in content::RenderFrameDevToolsAgentHost::RenderProcessExited$31,0002023-02-17
1383362DCHECK failure in type == MachineType::Int32() || type == MachineType::Uint32() || type.representa-2023-02-17
1383367DCHECK failure in value->Is<Int32Constant>() || value->Is<StringLength>() || value->Is<BuiltinStri-2023-02-17
1383369Crash in v8::internal::maglev::GetInputLocationsArraySize-2023-02-17
1383374Crash in Builtins_ConstructProxy-2023-02-17
1375021uaf in FederatedAuthRequestImpl$10,0002023-02-16
1376995uaf in FederatedAuthRequestimpl$10,0002023-02-16
1377165Reading local files through an extension that only has the "downloads" permission$5,0002023-02-16
1380860gl_lpm_fuzzer: Use-of-uninitialized-value in wsi_unsupported_instance_extension-2023-02-16
1382369UAF in ScreenAIService$2,5002023-02-16
1382434Security: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess-2023-02-16
1382690UAF in ScreenAIServiceRouter$5,0002023-02-16
1377783Security: heap-use-after-free in StreamFactory::DestroyMuter-2023-02-15
1378601webcodecs_video_encoder_fuzzer: Heap-buffer-overflow in aom_variance64x64_avx2-2023-02-15
1381335Security: Debug check failed: kCanBeWeak || (!IsSmi() == HAS_STRONG_HEAP_OBJECT_TAG(ptr_)).$11,0002023-02-15
1381401Security: UAF in VideoCaptureDeviceWin$11,0002023-02-15
1358647Security: Bypass the Protection of input fields cache (Autofill) 1108181$5,0002023-02-14
1367632Security: Extension sanitization bypass by using %% $2,0002023-02-14
1376099Security: Design flaw in Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple UAFs-2023-02-14
1379242UAF in ExtensionInstalledWaiter$2,0002023-02-14
1380751CrOS: Vulnerability reported in net-vpn/strongswan-2023-02-14
1382423Trap in Builtins_CheckTurbofanType-2023-02-14
1358505Security: V8: Missing TurboFan bounds check on DataView when buffer is resizable-2023-02-13
1365053CHECK failure: result.failed() implies v8_flags.wasm_lazy_validation in module-compiler.cc-2023-02-13
1379579Security: heap-use-after-free browser\renderer_host\render_process_host_impl.cc:2068 in content::RenderProcessHostImpl::CreateNotificationService$8,0002023-02-13
1381330v8_wasm_async_fuzzer: DCHECK failure in opcode >> 8 == kAtomicPrefix in function-body-decoder-impl.h-2023-02-13
1381663Crash in v8::internal::maglev::InterpreterFrameState::get-2023-02-13
1381665DCHECK failure in count() > 0 in maglev-graph-builder.h-2023-02-13
1326788Security: Lackluster "File System Access API" block-list provides full disk read/write access$1,0002023-02-10
1359122Security: SOP bypass leaks navigation history of iframe from other subdomain if location changed to about:blank$2,0002023-02-10
1372457Possible vulnerability in crosvm: Invalid check for Virtio descriptors-2023-02-10
1378457Security: UAF in PasswordAutofillManager::OnBiometricReauthCompleted$7,0002023-02-10
1378813extension_file_highlighter_fuzzer: Trap in std::Cr::__libcpp_verbose_abort-2023-02-10
1378997Security: FileChooserImpl still traverse symlink in symlink to directory$3,0002023-02-10
1380398Crash in Builtins_StringEqual-2023-02-10
1380498v8_wasm_code_fuzzer: DCHECK failure in a == b in liftoff-assembler.cc-2023-02-10
956979Mixed content can be bypassed by sandboxed pages$1,0002023-02-09
1359678CrOS: Vulnerability reported in media-libs/tiff-2023-02-09
1377610CrOS: Vulnerability reported in media-libs/tiff-2023-02-09
1377790Security: CSA_DCHECK failed: Torque assert 'remainingElementsCount >= 0' failed in v8-2023-02-09
1379740Security DCHECK failure: unit.TextContentEnd() <= text.length() in ng_offset_mapping.cc-2023-02-09
1380478Security: clang-analyzer-cplusplus.NewDelete in third_party/pdfium/core/fpdfapi/parser/cpdf_object_walker.cpp-2023-02-09
1352445Security: heap-use-after-free in password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode-2023-02-08
1356987Security: External notifications from external apps (such as Telegram) can block Android fullscreen notification. (Testes on latest Chrome stable)$2,0002023-02-08
1375132Security: Android: Bluetooth and USB chooser dialogs do not use top-level origin with permission delegation$3,0002023-02-08
1378456Security: UAF in PasswordAutofillManager::DidAcceptSuggestion-2023-02-08
1378814DCHECK failure in properties().can_eager_deopt() in maglev-ir.h-2023-02-08
1378916Security: local IP address disclosure using WebRTC candidate foundation-2023-02-08
1379054Security: Promise.any.call leak hole, leading to RCE$15,0002023-02-08
1379201Security: Stack-buffer-overflow in WebGL vulkan backend$11,0002023-02-08
1379364DCHECK failure in IsImmAddSub(frame_size) in liftoff-assembler-arm64.h-2023-02-08
1379468DCHECK failure in 0 != new_nodes_.count(value) in maglev-graph-builder.h-2023-02-08
1379831Security: stack-buffer-overflow in mojo::core::ipcz_driver::ObjectBase::PeekBox(browser process)-2023-02-08
1379864DCHECK failure in new_target->IsConstructor() in js-objects.cc-2023-02-08
1380313Use-after-poison in blink::CSSSelector::SelectorListOrParent$12,0002023-02-08
1370028Security: Chrome on Android the Fullscreen Notification Toast Not shown when fullscreen (screen lock mode landscape)$5,0002023-02-06
1374995Trap in Builtins_CheckTurbofanType-2023-02-03
1375073DCHECK failure in constructor->IsNull(isolate) in runtime-classes.cc-2023-02-03
1378571Security: UAF in MultiplexEncoderFactory$11,0002023-02-03
1345045CSP Bypass (Old Issue)$3,0002023-02-02
1371844Security: UAF in PluginVmInstaller::DetectImageType$1,0002023-02-02
1374746CHECK failure: proto.map().oddball_type() == OddballType::kNull in compilation-dependencies.cc-2023-02-02
1377775Crash in Builtins_StringIndexOf-2023-02-02
1377816Security: WebAssembly UAF in catch block with stale memory start pointer$21,0002023-02-02
1377840Security: Incorrect rab flags setting leads to type confusion in V8-2023-02-02
1378286Security: Heap-use-after-free in InstallablePaymentAppCrawler::OnPaymentMethodManifestParsed$39,0002023-02-02
1378287Security: Heap-use-after-free in ChromeAutofillClient::DidFinishNavigation-2023-02-02
1378323compositor_frame_fuzzer: Global-buffer-overflow in gfx::Transform::RotateAboutZAxis-2023-02-02
1365877Security: Esc doesn't exit fullscreen in Crostini apps-2023-02-01
1374294Security: access-violation src\v8\src\api\api.cc:5809 in v8::String::WriteOneByte$5,0002023-02-01
1378437Crash in Builtins_Construct_WithFeedback-2023-02-01
1378494Crash in Builtins_StringSubstring-2023-02-01
1378495Crash in Builtins_InterpreterEntryTrampoline-2023-02-01
1340924CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1343339CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1344118CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1344821CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1346256CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1346675Security: UTF chartorune heap-buffer-overflow crash$8,0002023-01-31
1361911CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1362225CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1362331Generic CORS bypass that enables Cross-Site-Tracing (XST)$1,0002023-01-31
1363579CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1366771CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1367617CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1368560CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1369956CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1370293CrOS: Vulnerability reported in app-editors/vim-2023-01-31
1372757Security: Heap-use-after-free in ash::OverviewItem::ShowWindowInOverview$1,5002023-01-31
1378168Use-of-uninitialized-value in v8::internal::compiler::BranchElimination::SimplifyBranchCondition-2023-01-31
1368739Security: FencedFrame - Two way communication between embedder and frame$6,0002023-01-30
1251790Security: Top-level redirect from cross-origin iframe by setting `Content-Security-Policy: sandbox allow-top-navigation`$5,0002023-01-28
1375059Multiple checks fail, cross process crash, maybe race condition & use-after-free in video_encoder.cc$7,0002023-01-28
1303597Heap-use-after-free in blink::BoxPainterBase::PaintFillLayer$10,0002023-01-27
1342072Security: Presentation API dialog unexpectedly shows top-level origin when called by cross-origin iframe without explicit allow-presentation delegation$7,5002023-01-27
1361066Security: OOB write on Lacros$2,0002023-01-27
1365945Security: UAF in ash::network_diagnostics::DnsResolutionRoutine::CreateHostResolver() (browser process)$3,0002023-01-27
1376856Crash in Builtins_Construct_WithFeedback-2023-01-27
1376930CHECK failure: BigIntNegate of kRepTaggedPointer (BigInt) cannot be changed to kRepTaggedPointe-2023-01-27
1377250UaF in PRM observerlist after browser change (confirmation chip)-2023-01-27
985740CrOS: Vulnerability reported in sys-libs/glibc-2023-01-25
1372746Security: Heap-use-after-free in ash::ScopedOverviewHideWindows::~ScopedOverviewHideWindows$2,0002023-01-25
1373941Security: heap-use-after-free in ProfileDestroyer::DestroyProfileNow$2,0002023-01-25
1374513Security: Bypass powerwash using factory_install_reset file-2023-01-25
1375088Security: UAF in webgpu\gpu.cc in blink::`anonymous namespace'::CreateContextProviderOnMainThread$8,0002023-01-25
1376067Heap-buffer-overflow in blink::CSSParserImpl::ConsumeStyleRule-2023-01-25
1355718Security: UAF in hci_cmd_timeout$15,0002023-01-24
1367547Security: Heap-use-after-free in autofill::AutofillContextMenuManager::ExecuteCommand$5,0002023-01-24
1370393Container-overflow in ui::Layer::OnDeviceScaleFactorChanged-2023-01-24
1374341Heap-buffer-overflow in blink::GetCrossOriginAttributeValue-2023-01-24
1375932DCHECK failure in isolate->context().is_null() || isolate->context().IsContext() in runtime-string-2023-01-24
1376069Crash in v8::internal::Runtime_StringCharCodeAt-2023-01-24
1370502Security: Double free in setup_cb_free-2023-01-23
1372665Security: UAF in MyFilesSizeCalculator::ComputeLocalFilesSize,-2023-01-23
1372695Security: heap-use-after-free third_party\blink\renderer\core\workers\worker_thread.cc:905 in blink::WorkerThread::PauseOrFreezeOnWorkerThread$7,0002023-01-23
1329374Security: heap-buffer-overflow on ash/shelf/shelf_view.cc (chromeOS)-2023-01-21
1368587Security: heap-use-after-free on aura::WindowOcclusionTracker::MaybeObserveAnimatedWindow$1,0002023-01-21
1374226Illegal-instruction in blink::NGTableSectionLayoutAlgorithm::Layout-2023-01-21
1374535DCHECK failure in imm.index < num_locals() in function-body-decoder-impl.h-2023-01-21
1374626DCHECK failure in JSFunction::cast(entry.map(isolate).GetConstructor()) == native_context.array_fu-2023-01-21
1372999Security: Heap-use-after-free in SpeechRecognitionRecognizerImpl::ChangeLanguage$10,0002023-01-19
1373314Security: WebGPU: Out of bounds write in OnBufferMapAsyncCallback-2023-01-19
1374232v8_regexp_parser_fuzzer: DCHECK failure in index <= known_captures in regexp-parser.cc-2023-01-19
1344647chrome.debugger API bypasses the runtime_blocked_hosts cookie protection$3,0002023-01-18
1354518Security: .url files can be saved via getFileHandle and redirect showSaveFilePicker to arbitrary file$1,0002023-01-18
1366330CrOS: Vulnerability reported in media-libs/tiff-2023-01-18
1371860Security: UAF in mojo::SimpleWatcher::Context in MojoIpcz feature (browser process)$20,0002023-01-18
1371926Security: file_type_policies changes reintroduce attack surface-2023-01-18
1372500CHECK failure: !v8::internal::FLAG_enable_slow_asserts || (IsJSReceiver_NonInline(*this)) in js-2023-01-18
1372653Use-after-poison in blink::NGBlockNode::StoreResultInLayoutBox-2023-01-18
1372784use after poison in HeapObjectHeader::LoadEncoded()$10,0002023-01-18
1373770DCHECK failure in gc_epilogue_callbacks_.IsEmpty() in local-heap.cc-2023-01-18
1373772CHECK failure: diff <= 0.5-2023-01-18
1080624CrOS: Vulnerability reported in sys-libs/glibc-2023-01-16
1162252CrOS: Vulnerability reported in x11-libs/gdk-pixbuf-2023-01-16
1176031Reading local files through an extension that only has the "downloads" permission$5,0002023-01-16
1294202CrOS: Vulnerability reported in dev-libs/protobuf-2023-01-16
1298886CrOS: Vulnerability reported in media-libs/tiff-2023-01-16
1354271Security: [ANGLE] Heap-buffer-overflow caused by writing exceeding the querypool size$17,0002023-01-14
1365004Security: Chrome Android: Incognito Mode grants access to the address bar although reauthentication is required-2023-01-14
1279268Security: Page can cause autofill prompt to render near cursor in order to bypass intentional mouse movement input requirements for autofill (Bypass of issue 1240472 fix)$3,0002023-01-13
1356211Security: XML object's heap memory difference leaking or potential ASLR bypass in libXML$1,0002023-01-13
1365330Security: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199)-2023-01-12
1366415UAF in AccessibilityManager$2,0002023-01-12
1369871Security: Race condition in JSCreateLowering, leading to RCE$20,0002023-01-12
1369882Security: use-after-poison interface_endpoint_client.cc:900 in mojo::InterfaceEndpointClient::HandleValidatedMessage$10,0002023-01-12
1370439UAF in SelectFileDialogLinuxKde::CallKDialogOutput$7,0002023-01-12
1370969Crash in blink::NGBlockNode::StoreResultInLayoutBox-2023-01-12
1350442Security: UAF in BackForwardCache$30,0002023-01-11
1358168Security: clang-analyzer-core.uninitialized.Assign in third_party/ffmpeg/libavformat/riffdec.c-2023-01-11
1364662Security: UAF in in safe_browsing::IncidentReportingService::AddIncident(browser process)$7,0002023-01-11
1367650DCHECK failure in offsets.size() != 0 in maglev-graph-builder.cc-2023-01-11
1370416DCHECK failure in is_loadable() in maglev-ir.h-2023-01-11
1370423DCHECK failure in HAS_SMI_TAG(ptr) in smi.h-2023-01-11
587956Security: Android: Apps with external storage access can steal CSRF tokens-2023-01-10
1361612heap-use-after-free : webrtc::`anonymous namespace'::ProduceRemoteInboundRtpStreamStatsFromReportBlockData-2023-01-10
1363583Security: Heap-use-after-free in UserNoteService::OnNoteCreationDone$5,0002023-01-10
1366843uaf in v8_inspector::InjectedScript::addPromiseCallback$1,0002023-01-10
1367862DCHECK failure in IsPrimitiveMap() in map-inl.h-2023-01-10
1368046Security: Type confusion in V8$10,0002023-01-10
1370400DCHECK failure in key->IsJSReceiver() in runtime-collections.cc-2023-01-10
1370402DCHECK failure in target().IsUndefined() || target().IsJSReceiver() in js-weak-refs-inl.h-2023-01-10
1259492Security UI Spoofing on Chrome for Android due to the Contact permission dialog hiding the fullscreen alert message$7,5002023-01-09
1363287DCHECK failure in GetCurrentStackPosition() >= stack_guard()->real_climit() - 32 * KB in isolate.c-2023-01-08
1368076Security: Report 2 Vulnerabilities in WebSQL$13,0002023-01-07
1051198Compromised renderer can arbitrarily read the clipboard-2023-01-06
1363040uaf in PermissionStatus::OnPermissionStatusChange$2,5002023-01-06
1366812Security: UAF in content::DevToolsSession::DispatchProtocolResponse (browser process)$1,0002023-01-06
1366464Back Forward Cache storage of RenderViewHost is unsafe-2023-01-05
1367680GPU failure in blink::NGPhysicalBoxFragment::CheckSameForSimplifiedLayout-2023-01-05
1355560heap-use-after-free ui/views/view.cc:1898:7 in views::View::HandleAccessibleAction$2,0002023-01-04
1366806Security: Heap-use-after-free in InstallablePaymentAppCrawler::OnPaymentMethodManifestParsed$38,0002023-01-04
1367678DCHECK failure in generator_block->control_node()->opcode() == Opcode::kSwitch in maglev-regalloc.-2023-01-04
345205DevTools: Combat self-xss-2023-01-04
1360042V8: Generic lowering of JSForInPrepare tries to read from FixedArray-2023-01-03
1363030uaf in ArcInputOverlayManager::ReadData-2023-01-03
1364604Security: heap-use-after-free in GrClientMappedBufferManager::owningDirectContext$15,0002023-01-03
1367231Security: UAF in AutofillContextMenuManager::ExecuteCommand$7,0002023-01-03
1367651CHECK failure: size <= kMaxRegularHeapObjectSize-2023-01-03
1367993Security: WebRTC crash in `AudioMultiVector::PushBackInterleaved`-2023-01-03
1340879Security: Custom Tab HTTP Header Injection$3,0002023-01-02