New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  1640 ---- New ---- ---- taviso@google.com ghostscript: multiple critical vulnerabilities, including remote command execution CCProjectZeroMembers  
  1632 ---- Fixed ---- ---- jannh@google.com gVisor sentry can call renameat() CCProjectZeroMembers  
  1628 ---- Fixed ---- ---- jannh@google.com Linux: percpu refcounts on struct mount are racy CCProjectZeroMembers  
  1627 ---- Fixed ---- ---- jannh@google.com cgit: directory traversal in cgit_clone_objects() CCProjectZeroMembers  
  1626 ---- Fixed ---- ---- jannh@google.com Linux: reiserfs: heap overflow in listxattr_filler() CCProjectZeroMembers  
  1620 ---- Fixed ---- ---- jannh@google.com Wayland: out-of-bounds memory access in wl_connection_demarshal() on 32-bit systems CCProjectZeroMembers  
  1616 ---- Fixed ---- ---- jannh@google.com fusermount user_allow_other restriction bypass and SELinux label control CCProjectZeroMembers  
  1611 ---- Fixed ---- ---- jannh@google.com Linux/Ubuntu: other users' coredumps can be read via setgid directory and killpriv bypass CCProjectZeroMembers  
  1607 ---- New ---- ---- fwilhelm@google.com Xen: integer overflow in xen-netback xenvif_set_hash_mapping CCProjectZeroMembers  
  1600 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Out of Bounds Read in AVC Processing CCProjectZeroMembers  
  1589 ---- Fixed ---- ---- fwilhelm@google.com KVM (nested virtualization): privilege escalation in L1 guest CCProjectZeroMembers  
  1587 ---- Fixed ---- ---- ifratric@google.com Windows: use-after-free in JScript in RegExp.lastIndex CCProjectZeroMembers  
  1585 ---- Fixed ---- ---- markbrand@google.com Chrome: Reference count leak in SwiftShader OpenGL texture bindings CCProjectZeroMembers  
  1584 ---- Fixed ---- ---- markbrand@google.com Chrome: Floating-point precision errors in Swiftshader blitting CCProjectZeroMembers  
  1583 ---- Fixed ---- ---- jannh@google.com Android: directory traversal over USB via injection in blkid output CCProjectZeroMembers  
  1582 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: Bugs in InitializeNumberFormat and InitializeDateTimeFormat CCProjectZeroMembers  
  1581 ---- Duplicate ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: Magic value can cause type confusion #2 CCProjectZeroMembers  
  1580 ---- Fixed ---- ---- jannh@google.com Linux ext4: out-of-bounds memcpy via non-inline system.data xattr CCProjectZeroMembers  
  1579 ---- Fixed ---- ---- ifratric@google.com Skia: Heap overflow in SkScan::FillPath due to precision error CCProjectZeroMembers  
  1578 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: Type confusion with InlineArrayPush CCProjectZeroMembers  
  1576 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: DictionaryPropertyDescriptor::CopyFrom doesn't copy all fields CCProjectZeroMembers  
  1575 ---- Fixed ---- ---- natashenka@google.com WebRTC: Use-after-free in VP8 Block Decoding CCProjectZeroMembers  
  1574 ---- Fixed ---- ---- jannh@google.com Linux: 4-byte infoleak via uninitialized struct field in compat adjtimex syscall CCProjectZeroMembers  
  1573 ---- Fixed ---- ---- natashenka@google.com WebRTC: Overflow in FEC Processing CCProjectZeroMembers  
  1571 ---- Fixed ---- ---- natashenka@google.com WebRTC: Type Confusion when processing H264 NAL packet CCProjectZeroMembers  
  1570 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: Parameter scope parsing bug CCProjectZeroMembers  
  1569 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: A bug in BoundFunction::NewInstance CCProjectZeroMembers  
  1568 ---- Fixed ---- ---- natashenka@google.com WebRTC: Out-of-bounds memory access in WebRTC VP9 Missing Frame Processing CCProjectZeroMembers  
  1567 ---- Fixed ---- ---- natashenka@google.com WebRTC: Out-of-bounds memory access in WebRTC VP9 Frame Processing CCProjectZeroMembers  
  1566 ---- Fixed ---- ---- markbrand@google.com Chrome: Integer overflow in Swiftshader texture allocation CCProjectZeroMembers  
  1565 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: ImplicitCallFlags check bypass with Intl CCProjectZeroMembers  
  1564 ---- Fixed ---- ---- ianbeer@google.com MacOS/iOS kernel heap overflow due to lack of lower size check in getvolattrlist CCProjectZeroMembers  
  1563 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: OOB reads/writes CCProjectZeroMembers  
  1561 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: A bug with KeyAccumulator CCProjectZeroMembers  
  1560 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: Type confusion with hoisted SetConcatStrMultiItemBE instructions CCProjectZeroMembers  
  1559 ---- Fixed ---- ---- jannh@google.com Linux RNG flaws CCProjectZeroMembers  
  1558 ---- Fixed ---- ---- ianbeer@google.com XNU kernel heap overflow due to bad bounds checking in MPTCP CCProjectZeroMembers  
  1557 ---- Fixed ---- ---- taviso@google.com FromDocToPdf: exposes browsing history to all websites CCProjectZeroMembers  
  1556 ---- New ---- ---- lokihardt@google.com macOS/iOS: JavaScript injection bug in OfficeImporter CCProjectZeroMembers  
  1555 ---- Fixed ---- ---- taviso@google.com Video Downloader Extension: Universal XSS CCProjectZeroMembers  
  1554 ---- Fixed ---- ---- forshaw@google.com Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP CCProjectZeroMembers  
  1553 ---- Fixed ---- ---- natashenka@google.com WebKit: Use-after-free when resuming generator CCProjectZeroMembers  
  1552 ---- WontFix ---- ---- ifratric@google.com Microsoft Edge: ACG bypass with OpenProcess() CCProjectZeroMembers  
  1550 ---- Fixed ---- ---- forshaw@google.com Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP CCProjectZeroMembers  
  1549 ---- Fixed ---- ---- ianbeer@google.com MacOS kernel UAF due to lack of locking in nvidia GeForce driver CCProjectZeroMembers  
  1547 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion CCProjectZeroMembers  
  1546 ---- Fixed ---- ---- natashenka@google.com Google Chrome: Integer Overflow when Processing WebAssembly Locals CCProjectZeroMembers  
  1545 ---- Fixed ---- ---- natashenka@google.com WebKit: Info leak in WebAssembly Compilation CCProjectZeroMembers  
  1544 ---- Fixed ---- ---- forshaw@google.com Windows: Child Process Restriction Mitigation Bypass CCProjectZeroMembers  
  1543 ---- Fixed ---- ---- thomasdu...@google.com mpengine contains unrar code forked from unrar prior to 5.0, introduces new bug while fixing others CCProjectZeroMembers  
  1542 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: EntrySimpleObjectSlotGetter can have side effects CCProjectZeroMembers  
  1541 ---- Fixed ---- ---- ifratric@google.com Skia and Firefox: Integer overflow in SkTDArray leading to out-of-bounds write CCProjectZeroMembers  
  1540 ---- Fixed ---- ---- forshaw@google.com Windows: Token Process Trust SID Access Check Bypass EOP CCProjectZeroMembers  
  1539 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Out-of-bounds write in blur filtering CCProjectZeroMembers  
  1538 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Info Leak in Image Inflation CCProjectZeroMembers  
  1537 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Overflow when playing sound CCProjectZeroMembers  
  1536 ---- Fixed ---- ---- natashenka@google.com Adobe Flash: Overflow in Slab Rendering CCProjectZeroMembers  
  1534 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: Cross context bug CCProjectZeroMembers  
  1532 ---- Fixed ---- ---- natashenka@google.com Samsung Galaxy S7 Edge: Overflow in OMACP WbXml String Extension Processing CCProjectZeroMembers  
  1531 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: Magic value can cause type confusion CCProjectZeroMembers  
  1530 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: A bound check elimination bug CCProjectZeroMembers  
  1529 ---- Fixed ---- ---- ianbeer@google.com MacOS/iOS ReportCrash mach port replacement due to failure to respect MIG ownership rules CCProjectZeroMembers  
  1528 ---- Fixed ---- ---- jannh@google.com speculative execution, variant 4: speculative store bypass CCProjectZeroMembers  
  1527 ---- Fixed ---- ---- taviso@google.com Grammarly: auth tokens are accessible to all websites CCProjectZeroMembers  
  1526 ---- Fixed ---- ---- markbrand@google.com Chrome: V8 Integer overflow in object allocation size CCProjectZeroMembers  
  1525 ---- Fixed ---- ---- ifratric@google.com WebKit: use-after-free in WebCore::jsElementScrollHeightGetter CCProjectZeroMembers  
  1524 ---- Accepted ---- ---- taviso@google.com utorrent: various JSON-RPC issues resulting in remote code execution, information disclosure, etc. CCProjectZeroMembers  
  1523 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: Arrow function scope fixing bug CCProjectZeroMembers  
  1522 ---- Fixed ---- ---- natashenka@google.com WebKit: WebAssembly parsing does not correctly check section order CCProjectZeroMembers  
  1521 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: AwaitedPromise update bug CCProjectZeroMembers  
  1520 ---- Fixed ---- ---- ianbeer@google.com MacOS double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules CCProjectZeroMembers  
  1519 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel 64-bit stack memory disclosure in nt!NtQueryVirtualMemory (MemoryImageInformation) CCProjectZeroMembers  
  1518 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel 64-bit stack memory disclosure in nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation) CCProjectZeroMembers  
  1516 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel 64-bit pool/stack memory disclosure in nt!NtQueryInformationProcess (ProcessImageFileName) CCProjectZeroMembers  
  1515 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel pool memory disclosure in nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) CCProjectZeroMembers  
  1514 ---- Fixed ---- ---- forshaw@google.com Windows: WLDP CLSID policy .NET COM Instantiation UMCI Bypass CCProjectZeroMembers  
  1513 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel 64-bit stack memory disclosure in nt!NtQuerySystemInformation (SystemPageFileInformation(Ex)) CCProjectZeroMembers  
  1512 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryVolumeInformationFile CCProjectZeroMembers  
  1511 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryAttributesFile CCProjectZeroMembers  
  1510 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel stack memory disclosure in nt!NtQueryFullAttributesFile CCProjectZeroMembers  
  1509 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: A bug in the ObjectDescriptor class CCProjectZeroMembers  
  1508 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps CCProjectZeroMembers  
  1507 ---- Fixed ---- ---- forshaw@google.com Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix CCProjectZeroMembers  
  1506 ---- Fixed ---- ---- ifratric@google.com Windows: multiple use-after-free issues in jscript Array methods CCProjectZeroMembers  
  1505 ---- Duplicate ---- ---- ifratric@google.com IE11: use-after-free in jscript!JsErrorToString CCProjectZeroMembers  
  1504 ---- Duplicate ---- ---- ifratric@google.com Windows: use-after-free in jscript!JsArrayJoin CCProjectZeroMembers  
  1503 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: The fix for issue 1420 is incomplete #2 CCProjectZeroMembers  
  1502 ---- Fixed ---- ---- lokihardt@google.com Microsoft Edge: Chakra: JIT: The fix for issue 1420 is incomplete. CCProjectZeroMembers  
  1501 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: Bugs in Genesis::InitializeGlobal CCProjectZeroMembers  
  1500 ---- Fixed ---- ---- mjurczyk@google.com Microsoft Compiler mspdbcore.dll heap memory disclosure into output .pdb files, affects Microsoft Symbol Server CCProjectZeroMembers  
  1499 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind CCProjectZeroMembers  
  1498 ---- Fixed ---- ---- lokihardt@google.com Chrome: V8: Type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl CCProjectZeroMembers  
  1496 ---- Fixed ---- ---- jannh@google.com eBPF verifier bug backported to 4.9-stable CCProjectZeroMembers  
  1495 ---- Fixed ---- ---- mjurczyk@google.com Windows Kernel 64-bit pool memory disclosure in the win32kbase!CoreMessagingK interface CCProjectZeroMembers  
  1494 ---- Fixed ---- ---- forshaw@google.com Windows: Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write EoP CCProjectZeroMembers  
  1492 ---- Fixed ---- ---- forshaw@google.com Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP CCProjectZeroMembers  
  1491 ---- Fixed ---- ---- markbrand@google.com Pdfium: out-of-bounds read with shading pattern backed by pattern colorspace CCProjectZeroMembers  
  1490 ---- Fixed ---- ---- markbrand@google.com Pdfium: out-of-bounds read with nested colorspaces CCProjectZeroMembers  
  1489 ---- Fixed ---- ---- markbrand@google.com Pdfium: integer overflows in pattern shading CCProjectZeroMembers  
  1488 ---- Fixed ---- ---- laginimaineb@google.com Chromium: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access CCProjectZeroMembers