Chrome

收集Chrome每次的Stable Channel Update中的security部分

Chrome 68.0.3440.75

log

[$5000][850350] High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07
[$3000][848914] High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01
[$N/A][842265] High CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-11
[$N/A][841962] High CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10
[$N/A][840536] High CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-07
[$2000][841280] Medium CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-09
[$2000][837275] Medium CVE-2018-6159: Same origin policy bypass in ServiceWorker.Reported by Jun Kokatsu (@shhnjk) on 2018-04-26
[$1000][839822] Medium CVE-2018-6160: URL spoof in Chrome on iOS. Reported by evi1m0 of Bilibili Security Team on 2018-05-04
[$1000][826552] Medium CVE-2018-6161: Same origin policy bypass in WebAudio.Reported by Jun Kokatsu (@shhnjk) on 2018-03-27
[$1000][804123] Medium CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair on 2018-01-21
[$500][849398] Medium CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-06-04
[$500][848786] Medium CVE-2018-6164: Same origin policy bypass in ServiceWorker.Reported by Jun Kokatsu (@shhnjk) on 2018-06-01
[$500][847718] Medium CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-05-30
[$500][835554] Medium CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-21
[$500][833143] Medium CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-15
[$500][828265] Medium CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang of Princeton University, Frank Li of UC Berkeley on 2018-04-03
[$500][394518] Medium CVE-2018-6169: Permissions bypass in extension installation .Reported by Sam P on 2014-07-16
[$TBD][862059] Medium CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous on 2018-07-10
[$TBD][851799] Medium CVE-2018-6171: Use after free in WebBluetooth. Reported by amazon@mimetics.ca on 2018-06-12
[$TBD][847242] Medium CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-05-28
[$TBD][836885] Medium CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-04-25
[$N/A][835299] Medium CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-04-20
[$TBD][826019] Medium CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-26
[$N/A][666824] Medium CVE-2018-6176: Local user privilege escalation in Extensions.Reported by Jann Horn of Google Project Zero on 2016-11-18
[$500][826187] Low CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas (Imperva) on 2018-03-27
[$500][823194] Low CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani on 2018-03-19
[$500][816685] Low CVE-2018-6179: Local file information leak in Extensions.Reported by Anonymous on 2018-02-26
[$500][797461] Low CVE-2018-6044: Request privilege escalation in Extensions .Reported by Rob Wu on 2017-12-23
[$500][791324] Low CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz – @AhsanEjazA on 2017-12-03

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[866821] Various fixes from internal audits, fuzzing and other initiatives

The following bugs were fixed in previous Chrome releases, but were mistakenly omitted from the release notes at the time:

[$1000][812667] Medium CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu on 2018-02-15

[$500][805905] Medium CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu on 2018-01-25

[$2000][805445] Medium CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu on 2018-01-24

67.0.3396.87

[$TBD][848672] High CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab on 2018-06-01

Chrome 67.0.3396.62

log

[$3000][835639] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22
[$5000][840320] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07
[$5000][818592] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05
[$N/A][844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18
[$TBD][842990] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15
[$TBD][841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09
[$N/A][838672] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01
[$N/A][838402] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30
[$N/A][826434] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27
[$500][839960] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04
[$500][817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28
[$500][797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23
[$1000][823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19
[$1500][831943] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12
[$2000][835589] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21
[$2000][810220] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert on 2018-02-08
[$2000][805224] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24
[$2000][798222] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01
[$2000][796107] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2017-12-19
[$4500][837939] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28
[$TBD][843022] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15
[$500][828049] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02
[$500][805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25
[$TBD][818133] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02

Chrome 66.0.3359.117

log

[$TBD][826626] Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
[$TBD][827492] Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
[$7500][813876] High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
[$5000][822091] High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
[$4500][808838] High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
[$3000][820913] High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
[$500][771933] High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
[$N/A][819869] High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
[$4000][780435] Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
[$2000][633030] Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
[$2000][637098] Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
[$1000][776418] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-19
[$1000][806162] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent’s Xuanwu Lab on 2018-01-26
[$500][798892] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
[$500][808825] Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
[$500][811117] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
[$500][813540] Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
[$500][813814] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
[$500][816033] Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
[$500][820068] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
[$N/A][803571] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
[$N/A][805729] Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
[$N/A][808316] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
[$N/A][816769] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
[$N/A][710190] Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
[$N/A][777737] Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
[$N/A][780694] Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
[$N/A][798096] Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
[$N/A][805900] Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
[$N/A][811691] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
[$TBD][819809] Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
[$N/A][822266] Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
[$N/A][822465] Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
[$N/A][822424] Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15

Chrome 65.0.3325.146

log

[$5000][758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$5000][758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$3000][780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02
[$3000][794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12
[$1000][780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31
[$N/A][789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30
[$N/A][792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07
[$N/A][798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03
[$N/A][808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01
[$4000][799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05
[$2000][779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
[$2000][798933] Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera on 2018-01-04
[$1500][799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08
[$1000][668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25
[$1000][777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23
[$1000][791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01
[$1000][804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20
[$1000][809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06
[$500][608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03
[$500][758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24
[$500][778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26
[$500][793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10
[$TBD][788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24
[$N/A][792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05
[$1000][797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24
[$N/A][767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-09-21
[$N/A][771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04

Chrome 64.0.3282.119

log

[$3000][780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
[$2000][787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
[$1000][793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
[$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
[$2500][797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
[$2000][789952] Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK’s National Cyber Security Centre (NCSC) on 2017-11-30
[$1000][753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
[$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
[$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
[$1000][778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-26
[$500][760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
[$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
[$500][785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
[$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
[$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
[$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
[$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
[$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@aaspring) on 2017-10-05
[$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-13
[$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
[$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
[$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
[$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
[$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24

63.0.3239.108

[$7500][788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24.

Chrome 63.0.3239.84

[$10500][778505] Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson on 2017-10-26
[$6337][762374] High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu of Tencent’s Xuanwu LAB on 2017-09-06
[$5000][763972] High CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous on 2017-09-11
[$5000][765921] High CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-16
[$5000][770148] High CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-29
[$3500][727039] High CVE-2017-15412: Use after free in libXML. Reported by Nick Wellnhofer on 2017-05-27
[$500][766666] High CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan(@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-09-19
[$3337][765512] Medium CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15
[$2500][779314] Medium CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson on 2017-10-28
[$2000][699028] Medium CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May on 2017-03-07
[$1000][765858] Medium CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-09-15
[$1000][780312] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-31
[$500][777419] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-23
[$TBD][774382] Medium CVE-2017-15422: Integer overflow in ICU. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13
[$500][778101] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson on 2017-10-25
[$N/A][756226] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani on 2017-08-16
[$N/A][756456] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-17
[$N/A][756735] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-18
[$N/A][768910] Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan (fb.me/junaid.farhan.54) on 2017-09-26

62.0.3202.94

[$3000][782145] High CVE-2017-15428: Out of bounds read in V8. Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-11-07

62.0.3202.89

[$TBD][777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24
[$7500][776677] High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-10-20

62.0.3202.75

[$3000][770452] High CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30
[$1000][770450] Medium CVE-2017-15406: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30

Chrome 62.0.3202.62

[$7500+$1337][762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
[$5000][749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
[$3000][760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
[$3000][765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
[$3000][765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
[$3000][765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
[$3000][718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
[$N/A][722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
[$5000][744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
[$2000][762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
[$1000][752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-03
[$1000][756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
[$1000][756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-08-17
[$500][739621] Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-07-06
[$500][750239] Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
[$500][598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
[$N/A][714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
[$N/A][732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
[$N/A][745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
[$N/A][759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman (johberlvi@) on 2017-08-28

61.0.3163.100

[$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
[$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04

Chrome 61.0.3163.79

[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-06-27
[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10
[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20
[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent’s Xuanwu LAB on 2017-08-07
[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17
[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported Guang Gong of Alpha Team, Qihoo 360 on 2017-08-28
[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04
[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-07-24
[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22
[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

 Chrome 60.0.3112.78

[$10000][728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson on 2017-06-02
[$5000][733549] High CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) on 2017-06-15
[$3000][550017] High CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera on 2015-10-31
[$1000][702946] High CVE-2017-5094: Type confusion in extensions. Reported by Anonymous on 2017-03-19
[$1000][732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous on 2017-06-13
[$TBD][714442] High CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada on 2017-04-23
[$TBD][740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous on 2017-07-11
[$TBD][740803] High CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim on 2017-07-11
[$N/A][733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) on 2017-06-15
[$2000][718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous on 2017-05-04
[$1000][681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera on 2017-01-17
[$1000][727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous on 2017-05-30
[$500][726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous on 2017-05-25
[$500][729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani on 2017-06-02
[$N/A][742407] Medium CVE-2017-6991: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative
[$1000][729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora on 2017-06-06
[$TBD][714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac on 2017-04-24
[$N/A][686253] Low CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner of UC San Diego on 2017-01-27
[$N/A][695830] Low CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24
[$N/A][710400] Low CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado on 2017-04-11
[$N/A][717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-05-02

59.0.3071.104

[$10,500][725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22
[$4,000][729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06
[$2,000][714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski on 2017-04-21.

Chrome 59.0.3071.86

[$7500][722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
[$3000][715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
[$3000][709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
[$2000][716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
[$1000][700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
[$2000][678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
[$1000][722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
[$1000][719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
[$1000][716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
[$1000][711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
[$500][713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
[$500][708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
[$N/A][672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
[$N/A][721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
[$N/A][714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
[$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15

58.0.3029.96

[$500][679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke

Chrome 58.0.3029.81

[$3000][695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
[$2000][694382] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
[$N/A][684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro’s Zero Day Initiative
[$2000][683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
[$2000][672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
[$1500][702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
[$1000][700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
[$1000][693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
[$500][704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
[$500][690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)
[$500][648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
[$N/A][691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman

57.0.2987.133

[$9337][698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
[$3000][699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
[$1000][662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
[$N/A][705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous
[$N/A][702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

Chrome 57.0.2987.98

[$7500][682194] High CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
[$5000][682020] High CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
[$3000][668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari – Project Srishti
[$3000][676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
[$3000][678461] High CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$3000][688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
[$3000][691371] High CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
[$1000][679640] High CVE-2017-5037, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com)
[$500][679649] High CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
[$2000][691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
[$1000][642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
[$1000][669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum
[$1000][671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
[$1000][695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
[$1000][683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
[$1000][688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet’s FortiGuard Labs
[$500][667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
[$500][680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa

Chrome 56.0.2924.76

[$8837][671102] High CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
[$8000][673170] High CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
[$8000][668552] High CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][663476] High CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
[$3000][662859] High CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
[$3000][667504] High CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
[$5500][681843] High CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
[$2000][677716] Medium CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
[$2000][675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
[$2000][673971] Medium CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
[$2000][666714] Medium CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
[$1000][673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
[$500][676975] Medium CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman
[$500][668665] Medium CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
[$TBD][668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
[$N/A][663726] Low CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
[$N/A][663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to evi1m0#ly.com
[$N/A][651443] Low CVE-2017-5023: Type confusion in metrics. Credit to the UK’s National Cyber Security Centre (NCSC)
[$N/A][643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
[$N/A][643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
[$500][634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
[$N/A][661126] Low CVE-2017-5027: Bypass of Content Security Policy in Blink. Credit to 李普君 of 无声信息技术PKAV Team

Chrome 55.0.2883.75

[$N/A][664411] High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360 reported through Pwnfest
[$7500][658535] High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][655904] High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][653749] High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
[$7500][646610] High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
[$7500][630870] High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
[$5000][664139] High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
[$3000][644219] High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
[$3500][654183] High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$3000][653134] High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
[$3000][649229] High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
[$500][652548] High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
[$N/A][601538] Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
[$3000][653090] Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
[$3000][619463] Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
[$2500][654280] Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
[$2000][660498] Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
[$1500][657568] Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
[$1000][660854] Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
[$1000][654279] Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
[$500][657720] Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent’s Xuanwu Lab
[$N/A][653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
[$N/A][652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
[$N/A][639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
[$N/A][630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
[$N/A][615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak

54.0.2840.99

[$5500][643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta
[$5000][658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
[$1000][660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Jann Horn

54.0.2840.87

[$NA][659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro’s Zero Day Initiative

Chrome 54.0.2840.59

[$7500][645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
[$5500][638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN
[$3000][645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
[$3000][630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
[$3000][621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
[$1000][639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera
[$3133.7][565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera
[$1000][633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com
[$500][646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent’s Xuanwu Lab
[$500][644963] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab)
[$500][639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
[$N/A][642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG
[$500][639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)
[654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives

53.0.2785.143

[$5000][642496] High CVE-2016-5177: Use after free in V8. Credit to Anonymous
[651092] CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives.

 

53.0.2785.113

[$5000][641101] High CVE-2016-5170: Use after free in Blink. Credit to Anonymous

[$7500][643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous

[$5000][616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han

[$3000][468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous

[$1000][579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
[$n/a][595838] Medium CVE-2016-5176: SafeBrowsing bypass. Credit to Lokihardt working with Trend Micro’s Zero Day Initiative

[646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

Chrome 53.0.2785.89 and 53.0.2785.92

[$7500][628942] High CVE-2016-5147: Universal XSS in Blink. Credit to anonymous
[$7500][621362] High CVE-2016-5148: Universal XSS in Blink. Credit to anonymous
[$7500][573131] High CVE-2016-5149: Script injection in extensions. Credit to Max Justicz  (http://web.mit.edu/maxj/www/)
[$5000][637963] High CVE-2016-5150: Use after free in Blink. Credit to anonymous
[$5000][634716] High CVE-2016-5151: Use after free in PDFium. Credit to anonymous
[$5000][629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$3500][631052] High CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen of OUSPG
[$3000][633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous
[$3000][630662] High CVE-2016-5155: Address bar spoofing. Credit to anonymous
[$3000][625404] High CVE-2016-5156: Use after free in event bindings. Credit to jinmo123
[$3000][632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous
[$3500][628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$3500][628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$n/a][622420] Medium CVE-2016-5161: Type confusion in Blink. Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative
[$n/a][589237] Medium CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic
[$3000][609680] Medium CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)
[$2000][637594] Medium CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous
[$1000][618037] Medium CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal
[$1000][616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal
[$500][576867] Low CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally, FogMarks.com (@FogMarks)
[642598] CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives.

 52.0.2743.116

[$4000][629542] High CVE-2016-5141 Address bar spoofing. Credit to anonymous
[$4000][626948] High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous
[$3000][625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealien
[$3500][619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$4000][623406] Medium CVE-2016-5145 Same origin bypass for images in Blink. Credit to anonymous
[$1000][619414] Medium CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
[$1000][618333] Medium CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
[633486] CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives.

Chrome 52.0.2743.82

[$15000][610600High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
[$3000][622183High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent’s Xuanwu Lab
[$500][613949High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
[$500][614934High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
[$8000][616907High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$7500][617495High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$3000][618237High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
[$7500][619166High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
[$5000][620553High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
[$2000][623319High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
[$3500][623378High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
[$1000][607543Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
[$1000][613626Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
[$500][593759Medium CVE-2016-5134: URL leakage via PAC script. Credit to Alex Chapman and Paul Stone of Context Information Security
[$500][605451Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu of  Tencent Security Response Center, TSRC
[$1000][625393Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
[$1000][625945Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu

51.0.2704.79

[$7500][601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
[$7500][613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$4000][603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
[$3500][607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
[$1500][608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
[$1000][608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
[$1000][609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.

Chrome 51.0.2704.63

[$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
[$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
[$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
[$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
[$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
[$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
[$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
[$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
[$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
[$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
[$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
[$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
[$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
[$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
[$N/A][602046] Medium CVE-2016-10403: Out-of-bounds read in PDFium. Credit to kdot working with Trend Micro’s Zero Day Initiative.
[$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
[$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
[$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
[$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan.

50.0.2661.102

[$8000][605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
[$3000][606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
[$1337][578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
[$500][586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

50.0.2661.94

[$3000][574802] High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
[$3000][601629] High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar.
[$3000][603732] High CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
[$3000][603987] High CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous.
[$1000][597322] Medium CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
[$1000][606181] Medium CVE-2016-1665: Information leak in V8. Credit to HyungSeok Han.
[$n/a][586820Low CVE-2016-5168: Side channel information leak in Skia. Credit to Roeland Krak.

Chrome 50.0.2661.75

[$7500][590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
[$5000][589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP’s Zero Day Initiative.
[$1500][589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
[$1500][582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
[$500][570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
[$1000][567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
[$500][573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.

49.0.2623.108

[$7500][594574] High CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
[$5500][590284] High CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
[$5000][590455] High CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
[595836] High CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.

49.0.2623.87

[$5000][589838] High CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
[$3500][590620] High CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
[587227] High CVE-2016-1645: Out-of-bounds write in PDFium. Credit to anonymous working with HP’s Zero Day Initiative.

Chrome 49.0.2623.75

[$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
[$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
[$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
[$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
[$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
[$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
[$500][560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.
[$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
[$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
[$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
[$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.
[$500][583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.

48.0.2564.116

[587128] High CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow. Credit to Fermin Serna, Michael Schaller, Neel Mehta, Tom Payne and the Google Prod Security Team.

48.0.2564.109

[$7500][546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
[$7500][577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
[$TBD][583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to Luke Li and Jonathan Metzman.
[$1000][509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
[571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.
[571479] Medium CVE-2016-1628: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.

48.0.2564.92

[579179] High CVE-2016-0728 Kernel keyring refcount leak. Credit to Perception Point Research Team.

Chrome 48.0.2564.82

[$3000][497632] High CVE-2016-1612: Bad cast in V8. Credit to cloudfuzzer.
[$3000][572871] High CVE-2016-1613: Use-after-free in PDFium. Credit to anonymous.
[$2000][544691] Medium CVE-2016-1614: Information leak in Blink. Credit to Christoph Diehl.
[$500][468179] Medium CVE-2016-1615: Origin confusion in Omnibox. Credit to Ron Masas.
[$500][541415] Medium CVE-2016-1616: URL Spoofing. Credit to Luan Herrera.
[$500][544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP. Credit to Yan Zhu.
[$500][552749] Medium CVE-2016-1618: Weak random number generator in Blink. Credit to Aaron Toponce.
[$500][557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium. Credit to Keve Nagy.

47.0.2526.80

[$5000][548273] High CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
[$2000][557981] High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
[$500][542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire.

Chrome 47.0.2526.73

[$10000][558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
[$11337][551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.
[$10000][554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.
[$8000][556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.
[$7500][541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.
[$7500][546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.
[$5000][491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.
[$5000][549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.
[$3500][529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.
[$3000][457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck.
[$3000][544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.
[$2000][514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.
[$2000][528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.
[$1000][490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.
[$1000][497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.
[$1000][536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.
[$1000][537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.
[$500][503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
[$500][534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.
[$500][534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

Chrome 46.0.2490.71

[$8837][519558] High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$6337][507316] High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous.
[$3500][529520] High CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne.
[$3000][522131] High CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG.
[$1000][514076] Medium CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki Nishimura (nishimunea).
[$1000][519642] Medium CVE-2015-6760: Improper error handling in libANGLE. Credit to Ronald Crane, an independent security researcher.
[$500][447860 & 532967] Medium CVE-2015-6761: Memory corruption in FFMpeg. Credit to Aki Helin of OUSPG and Khalil Zhani.
[$500][512678] Low CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura (nishimunea).

45.0.2454.101

[$TBD][530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[$TBD][531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.

Chrome 45.0.2454.85

[$7500][516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
[$7500][522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
[$7500][524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$5000][492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
[$3000][502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
[$1000][421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
[$3000][510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
[$3000][518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
[$2000][416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
[$1000][511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

Chrome 44.0.2403.89

[$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.

[$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.

[$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to  andrewm.bpi.

[$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.

[$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.

[$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.

[$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.

[$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.

[$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.

[$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.

[$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.

[$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
[$TBD][505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.

[$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.

[$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.

[$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.

[479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.

[$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.

[$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.

[$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.

43.0.2357.130

[$5000][464922High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
[TBD][494640High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[TBD][497507Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
[TBD][461481Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

Chrome 43.0.2357.65

[$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
[$7500][464552High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
[$3000][444927High CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou.
[$3000][473253High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
[$2000][478549High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
[481015High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative
[$1500][468519Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
[$1000][450939Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
[$1000][468167Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
[$1000][474370Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
[$500][466351Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
[$500][476647Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
[$500][479162Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
[$500][481015Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

Chrome 42.0.2311.90

[$7500][456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
[$4000][313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
[$3000][461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
[$2000][445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
[$1000][463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
[$1000][418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield.
[$500][460917] High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
[$500][455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
[$500][444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
[$500][437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
[$500][429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
[$500][380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

Chrome 41.0.2272.76

[$7500][456516] High CVE-2015-1232: Out-of-bounds write in media. Credit to anonymous.
[$5000][448423] High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$5000][445810] High CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$5000][445809] High CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$4000][454954] High CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous.
[$3000][456192] High CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous.
[$3000][456059] High CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer.
[$3000][446164] High CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.
[$3000][437651] High CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin of OUSPG.
[$2500][455368] High CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne.
[$2500][448082] High CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne.
[$2000][454231] High CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl.
[449610] High CVE-2015-1230: Type confusion in v8. Credit to Skylined working with HP’s Zero Day Initiative.
[$2000][449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin of OUSPG.
[$1000][446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer.
[$1000][456841] Medium CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu.
[$1000][450389] Medium CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl.
[$1000][444707] Medium CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz.
[$500][431504] Medium CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy.

Chrome 40.0.2214.91

[$5000][430353High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
[$4500][435880High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
[$4000][434136High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer@booktrack.com.
[$4000][422824High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
[$3500][444695High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
[$3500][435073High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
[$3000][442806High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
[$3000][442710High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
[$2000][443115High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][429666High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
[$2000][427266High CVE-2014-7933: Use-after-free in FFmpeg. Credit to Aki Helin of OUSPG.
[$2000][427249High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][402957High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
[$1500][428561High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
[$1500][419060High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
[$1000][416323High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
[$1000][399951High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
[$1000][433866Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
[$1000][428557Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
[$1000][426762Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
[$1000][422492Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
[$1000][418881Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414310Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414109Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
[$500][430566Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
[$500][414026Medium CVE-2014-7948: Caching error in AppCache. Credit to Yaoqi Jia.

Chrome 39.0.2171.65

[$500][389734High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
[$1500][406868High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
[$1000][413375High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
[$1000][414504High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
[$3000][414525High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
[$2000][418161High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
[$2000][421817High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
[$500][423030High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$7500][423703High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
[$5000][424453High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$500][425980High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
[$500][391001Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.