| |
ID ▼ |
Type ▼ |
Status ▼ |
Priority ▼ |
Milestone ▼ |
Owner ▼ |
Summary + Labels ▼ |
... |
|---|
|
|
9 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Safari sandbox logic error enables reading of arbitrary files
|
|
|
|
10 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Safari sandbox IPC memory corruption with WebEvent::Wheel
|
|
|
|
11 |
----
|
Fixed
|
----
|
----
|
cevans@google.com
|
Safari sandbox IPC memory corruption with WebEvent::Char
|
|
|
|
77 |
----
|
Duplicate
|
----
|
----
|
cevans@google.com
|
WebKit JavaScriptCore integer truncation vulnerability
|
|
|
|
862 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
WebKit: Memory Corruption in TypedArray.copyWithin
CCProjectZeroMembers
|
|
|
|
863 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
WebKit: Memory Corruption in TypedArray.fill
CCProjectZeroMembers
|
|
|
|
1032 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
Safari Browser: Builtin JavaScript allows Function.caller to be used in strict mode
CCProjectZeroMembers
|
|
|
|
1033 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
Safari Browser: Out-of-bounds read when calling bound function
CCProjectZeroMembers
|
|
|
|
1036 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
Safari Browser: Type Confusion in DateTimeFormat.format
CCProjectZeroMembers
|
|
|
|
1095 |
----
|
Fixed
|
----
|
----
|
natashenka@google.com
|
Safari Browser: Memory corruption in Array concat
CCProjectZeroMembers
|
|