Automated by @ret2happy
Compromised renderer can control your mouse and escape sbx (reward: $50000) crbug.com/370856871
Security Bug Aggregator
2,091 posts
Security Bug Aggregator
@BugsAggregator
Aggregate disclosed Chromium security bugs.
Joined February 2024
- Automated by @ret2happySandbox escape from extensions due to insufficent checks in chrome.devtools.inspectedWindow.reload and chrome://policy (reward: $20000) crbug.com/338248595
- Automated by @ret2happyITW 0-day Google Chrome Sandbox Escape crbug.com/405143032
- Automated by @ret2happyPerform research on V8 Sandbox Bypass reports in one shot tracker.ret2happy.com/bugs
- Automated by @ret2happySecurity: heap-buffer-overflow in Blink (reward: $15000) crbug.com/41494860
- Automated by @ret2happyMiraclePtr bypass due to PtrCount overflow (reward: $100115) crbug.com/340122160
- Automated by @ret2happyArbitrary Wasm type confusion due to transient canonical index overflow (reward: $62000) crbug.com/400086889
- Automated by @ret2happy[Pwn2Own 2024] WebCodecs VideoFrame Race Condition UAF Write to RCE (umbrella bug) crbug.com/330563095
- Automated by @ret2happyArbitrary WASM type confusion due to incomplete fix of CVE-2024-6100 (reward: $55000) crbug.com/360533914
- Automated by @ret2happyGoogle Chrome RCE (no sandbox) crbug.com/344608204
- Automated by @ret2happyChrome Extension context isolation bypass. (reward: $10000) crbug.com/371011220
- Automated by @ret2happyV8 Sandbox Bypass: AAR/W via generic function table `call_indirect` rtt check bypass (reward: $20000) crbug.com/350292240
- Automated by @ret2happyV8 Sandbox Bypass: AAW via array length corruption in Turbofan spread call inlining (reward: $20000) crbug.com/395895382
- Automated by @ret2happyType Confusion in AsyncIteratorPrototypeAsyncDispose() Leads to RCE (reward: $50000) crbug.com/380677637