Chrome


收集Chrome每次的Stable Channel Update中的security部分

Chrome 64.0.3282.119

[$3000][780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
[$2000][787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
[$1000][793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
[$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
[$2500][797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
[$2000][789952] Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK’s National Cyber Security Centre (NCSC) on 2017-11-30
[$1000][753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
[$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
[$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
[$1000][778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-26
[$500][760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
[$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
[$500][785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
[$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
[$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
[$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
[$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
[$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@aaspring) on 2017-10-05
[$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-13
[$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
[$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
[$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
[$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
[$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24

63.0.3239.108

[$7500][788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24.

Chrome 63.0.3239.84

[$10500][778505] Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson on 2017-10-26
[$6337][762374] High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu of Tencent’s Xuanwu LAB on 2017-09-06
[$5000][763972] High CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous on 2017-09-11
[$5000][765921] High CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-16
[$5000][770148] High CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-29
[$3500][727039] High CVE-2017-15412: Use after free in libXML. Reported by Nick Wellnhofer on 2017-05-27
[$500][766666] High CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan(@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-09-19
[$3337][765512] Medium CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15
[$2500][779314] Medium CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson on 2017-10-28
[$2000][699028] Medium CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May on 2017-03-07
[$1000][765858] Medium CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-09-15
[$1000][780312] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-31
[$500][777419] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-23
[$TBD][774382] Medium CVE-2017-15422: Integer overflow in ICU. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13
[$500][778101] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson on 2017-10-25
[$N/A][756226] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani on 2017-08-16
[$N/A][756456] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-17
[$N/A][756735] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-18
[$N/A][768910] Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan (fb.me/junaid.farhan.54) on 2017-09-26

62.0.3202.94

[$3000][782145] High CVE-2017-15428: Out of bounds read in V8. Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-11-07

62.0.3202.89

[$TBD][777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24
[$7500][776677] High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-10-20

62.0.3202.75

[$3000][770452] High CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30
[$1000][770450] Medium CVE-2017-15406: Stack overflow in V8. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30

Chrome 62.0.3202.62

[$7500+$1337][762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
[$5000][749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
[$3000][760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
[$3000][765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
[$3000][765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
[$3000][765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
[$3000][718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
[$N/A][722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
[$5000][744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
[$2000][762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
[$1000][752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-03
[$1000][756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
[$1000][756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-08-17
[$500][739621] Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-07-06
[$500][750239] Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
[$500][598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
[$N/A][714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
[$N/A][732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
[$N/A][745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
[$N/A][759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman (johberlvi@) on 2017-08-28

61.0.3163.100

[$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
[$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04

Chrome 61.0.3163.79

[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-06-27
[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10
[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20
[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent’s Xuanwu LAB on 2017-08-07
[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17
[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported Guang Gong of Alpha Team, Qihoo 360 on 2017-08-28
[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04
[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-07-24
[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22
[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

 Chrome 60.0.3112.78

[$10000][728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson on 2017-06-02
[$5000][733549] High CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) on 2017-06-15
[$3000][550017] High CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera on 2015-10-31
[$1000][702946] High CVE-2017-5094: Type confusion in extensions. Reported by Anonymous on 2017-03-19
[$1000][732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous on 2017-06-13
[$TBD][714442] High CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada on 2017-04-23
[$TBD][740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous on 2017-07-11
[$TBD][740803] High CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim on 2017-07-11
[$N/A][733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) on 2017-06-15
[$2000][718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous on 2017-05-04
[$1000][681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera on 2017-01-17
[$1000][727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous on 2017-05-30
[$500][726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous on 2017-05-25
[$500][729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani on 2017-06-02
[$N/A][742407] Medium CVE-2017-6991: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative
[$1000][729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora on 2017-06-06
[$TBD][714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac on 2017-04-24
[$N/A][686253] Low CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner of UC San Diego on 2017-01-27
[$N/A][695830] Low CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24
[$N/A][710400] Low CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado on 2017-04-11
[$N/A][717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-05-02

59.0.3071.104

[$10,500][725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22
[$4,000][729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06
[$2,000][714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski on 2017-04-21.

Chrome 59.0.3071.86

[$7500][722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
[$3000][715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
[$3000][709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
[$2000][716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
[$1000][700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
[$2000][678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
[$1000][722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
[$1000][719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
[$1000][716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
[$1000][711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
[$500][713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
[$500][708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
[$N/A][672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
[$N/A][721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
[$N/A][714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
[$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15

58.0.3029.96

[$500][679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke

Chrome 58.0.3029.81

[$3000][695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
[$2000][694382] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
[$N/A][684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro’s Zero Day Initiative
[$2000][683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
[$2000][672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
[$1500][702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
[$1000][700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
[$1000][693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
[$500][704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
[$500][690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)
[$500][648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
[$N/A][691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman

57.0.2987.133

[$9337][698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
[$3000][699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
[$1000][662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
[$N/A][705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous
[$N/A][702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

Chrome 57.0.2987.98

[$7500][682194] High CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
[$5000][682020] High CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
[$3000][668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari – Project Srishti
[$3000][676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
[$3000][678461] High CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$3000][688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
[$3000][691371] High CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
[$1000][679640] High CVE-2017-5037, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com)
[$500][679649] High CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
[$2000][691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
[$1000][642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
[$1000][669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum
[$1000][671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
[$1000][695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
[$1000][683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
[$1000][688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet’s FortiGuard Labs
[$500][667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
[$500][680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa

Chrome 56.0.2924.76

[$8837][671102] High CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
[$8000][673170] High CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
[$8000][668552] High CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][663476] High CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
[$3000][662859] High CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
[$3000][667504] High CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
[$5500][681843] High CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
[$2000][677716] Medium CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
[$2000][675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
[$2000][673971] Medium CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
[$2000][666714] Medium CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
[$1000][673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
[$500][676975] Medium CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman
[$500][668665] Medium CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
[$TBD][668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
[$N/A][663726] Low CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
[$N/A][663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to evi1m0#ly.com
[$N/A][651443] Low CVE-2017-5023: Type confusion in metrics. Credit to the UK’s National Cyber Security Centre (NCSC)
[$N/A][643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
[$N/A][643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
[$500][634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
[$N/A][661126] Low CVE-2017-5027: Bypass of Content Security Policy in Blink. Credit to 李普君 of 无声信息技术PKAV Team

Chrome 55.0.2883.75

[$N/A][664411] High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360 reported through Pwnfest
[$7500][658535] High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][655904] High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
[$7500][653749] High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
[$7500][646610] High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
[$7500][630870] High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
[$5000][664139] High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
[$3000][644219] High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
[$3500][654183] High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$3000][653134] High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
[$3000][649229] High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
[$500][652548] High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
[$N/A][601538] Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
[$3000][653090] Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
[$3000][619463] Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
[$2500][654280] Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
[$2000][660498] Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
[$1500][657568] Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
[$1000][660854] Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
[$1000][654279] Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
[$500][657720] Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent’s Xuanwu Lab
[$N/A][653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
[$N/A][652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
[$N/A][639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
[$N/A][630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
[$N/A][615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak

54.0.2840.99

[$5500][643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta
[$5000][658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
[$1000][660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Jann Horn

54.0.2840.87

[$NA][659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro’s Zero Day Initiative

Chrome 54.0.2840.59

[$7500][645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
[$5500][638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN
[$3000][645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
[$3000][630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
[$3000][621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
[$1000][639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera
[$3133.7][565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera
[$1000][633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com
[$500][646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent’s Xuanwu Lab
[$500][644963] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab)
[$500][639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
[$N/A][642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG
[$500][639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)
[654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives

53.0.2785.143

[$5000][642496] High CVE-2016-5177: Use after free in V8. Credit to Anonymous
[651092] CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives.

 

53.0.2785.113

[$5000][641101] High CVE-2016-5170: Use after free in Blink. Credit to Anonymous

[$7500][643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous

[$5000][616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han

[$3000][468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous

[$1000][579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
[$n/a][595838] Medium CVE-2016-5176: SafeBrowsing bypass. Credit to Lokihardt working with Trend Micro’s Zero Day Initiative

[646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

Chrome 53.0.2785.89 and 53.0.2785.92

[$7500][628942] High CVE-2016-5147: Universal XSS in Blink. Credit to anonymous
[$7500][621362] High CVE-2016-5148: Universal XSS in Blink. Credit to anonymous
[$7500][573131] High CVE-2016-5149: Script injection in extensions. Credit to Max Justicz  (http://web.mit.edu/maxj/www/)
[$5000][637963] High CVE-2016-5150: Use after free in Blink. Credit to anonymous
[$5000][634716] High CVE-2016-5151: Use after free in PDFium. Credit to anonymous
[$5000][629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$3500][631052] High CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen of OUSPG
[$3000][633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous
[$3000][630662] High CVE-2016-5155: Address bar spoofing. Credit to anonymous
[$3000][625404] High CVE-2016-5156: Use after free in event bindings. Credit to jinmo123
[$3000][632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous
[$3500][628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$3500][628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$n/a][622420] Medium CVE-2016-5161: Type confusion in Blink. Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative
[$n/a][589237] Medium CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic
[$3000][609680] Medium CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)
[$2000][637594] Medium CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous
[$1000][618037] Medium CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal
[$1000][616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal
[$500][576867] Low CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally, FogMarks.com (@FogMarks)
[642598] CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives.

 52.0.2743.116

[$4000][629542] High CVE-2016-5141 Address bar spoofing. Credit to anonymous
[$4000][626948] High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous
[$3000][625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealien
[$3500][619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu of Tencent’s Xuanwu LAB
[$4000][623406] Medium CVE-2016-5145 Same origin bypass for images in Blink. Credit to anonymous
[$1000][619414] Medium CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
[$1000][618333] Medium CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
[633486] CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives.

Chrome 52.0.2743.82

[$15000][610600High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
[$3000][622183High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent’s Xuanwu Lab
[$500][613949High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
[$500][614934High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
[$8000][616907High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$7500][617495High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$3000][618237High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
[$7500][619166High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
[$5000][620553High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
[$2000][623319High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
[$3500][623378High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
[$1000][607543Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
[$1000][613626Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
[$500][593759Medium CVE-2016-5134: URL leakage via PAC script. Credit to Alex Chapman and Paul Stone of Context Information Security
[$500][605451Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu of  Tencent Security Response Center, TSRC
[$1000][625393Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
[$1000][625945Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu

51.0.2704.79

[$7500][601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
[$7500][613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$4000][603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
[$3500][607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
[$1500][608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
[$1000][608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
[$1000][609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.

Chrome 51.0.2704.63

[$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
[$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
[$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
[$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
[$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
[$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
[$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
[$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
[$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
[$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
[$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
[$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
[$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
[$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
[$N/A][602046] Medium CVE-2016-10403: Out-of-bounds read in PDFium. Credit to kdot working with Trend Micro’s Zero Day Initiative.
[$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
[$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
[$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
[$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan.

50.0.2661.102

[$8000][605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
[$3000][606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
[$1337][578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
[$500][586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

50.0.2661.94

[$3000][574802] High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
[$3000][601629] High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar.
[$3000][603732] High CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
[$3000][603987] High CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous.
[$1000][597322] Medium CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
[$1000][606181] Medium CVE-2016-1665: Information leak in V8. Credit to HyungSeok Han.
[$n/a][586820Low CVE-2016-5168: Side channel information leak in Skia. Credit to Roeland Krak.

Chrome 50.0.2661.75

[$7500][590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
[$5000][589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP’s Zero Day Initiative.
[$1500][589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
[$1500][582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
[$500][570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
[$1000][567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
[$500][573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.

49.0.2623.108

[$7500][594574] High CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
[$5500][590284] High CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
[$5000][590455] High CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
[595836] High CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.

49.0.2623.87

[$5000][589838] High CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
[$3500][590620] High CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
[587227] High CVE-2016-1645: Out-of-bounds write in PDFium. Credit to anonymous working with HP’s Zero Day Initiative.

Chrome 49.0.2623.75

[$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
[$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
[$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
[$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
[$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
[$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
[$500][560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.
[$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
[$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
[$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
[$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.
[$500][583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.

48.0.2564.116

[587128] High CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow. Credit to Fermin Serna, Michael Schaller, Neel Mehta, Tom Payne and the Google Prod Security Team.

48.0.2564.109

[$7500][546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
[$7500][577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
[$TBD][583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to Luke Li and Jonathan Metzman.
[$1000][509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
[571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.
[571479] Medium CVE-2016-1628: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.

48.0.2564.92

[579179] High CVE-2016-0728 Kernel keyring refcount leak. Credit to Perception Point Research Team.

Chrome 48.0.2564.82

[$3000][497632] High CVE-2016-1612: Bad cast in V8. Credit to cloudfuzzer.
[$3000][572871] High CVE-2016-1613: Use-after-free in PDFium. Credit to anonymous.
[$2000][544691] Medium CVE-2016-1614: Information leak in Blink. Credit to Christoph Diehl.
[$500][468179] Medium CVE-2016-1615: Origin confusion in Omnibox. Credit to Ron Masas.
[$500][541415] Medium CVE-2016-1616: URL Spoofing. Credit to Luan Herrera.
[$500][544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP. Credit to Yan Zhu.
[$500][552749] Medium CVE-2016-1618: Weak random number generator in Blink. Credit to Aaron Toponce.
[$500][557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium. Credit to Keve Nagy.

47.0.2526.80

[$5000][548273] High CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
[$2000][557981] High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
[$500][542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire.

Chrome 47.0.2526.73

[$10000][558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
[$11337][551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.
[$10000][554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.
[$8000][556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.
[$7500][541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.
[$7500][546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.
[$5000][491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.
[$5000][549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.
[$3500][529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.
[$3000][457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck.
[$3000][544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.
[$2000][514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.
[$2000][528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.
[$1000][490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.
[$1000][497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.
[$1000][536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.
[$1000][537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.
[$500][503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
[$500][534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.
[$500][534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

Chrome 46.0.2490.71

[$8837][519558] High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$6337][507316] High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous.
[$3500][529520] High CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne.
[$3000][522131] High CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG.
[$1000][514076] Medium CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki Nishimura (nishimunea).
[$1000][519642] Medium CVE-2015-6760: Improper error handling in libANGLE. Credit to Ronald Crane, an independent security researcher.
[$500][447860 & 532967] Medium CVE-2015-6761: Memory corruption in FFMpeg. Credit to Aki Helin of OUSPG and Khalil Zhani.
[$500][512678] Low CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura (nishimunea).

45.0.2454.101

[$TBD][530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[$TBD][531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.

Chrome 45.0.2454.85

[$7500][516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
[$7500][522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
[$7500][524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$5000][492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
[$3000][502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
[$1000][421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
[$3000][510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
[$3000][518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
[$2000][416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
[$1000][511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

Chrome 44.0.2403.89

[$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.

[$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.

[$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to  andrewm.bpi.

[$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.

[$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.

[$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.

[$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.

[$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.

[$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.

[$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.

[$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.

[$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
[$TBD][505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.

[$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.

[$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.

[$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.

[479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.

[$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.

[$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.

[$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.

43.0.2357.130

[$5000][464922High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
[TBD][494640High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[TBD][497507Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
[TBD][461481Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

Chrome 43.0.2357.65

[$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
[$7500][464552High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
[$3000][444927High CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou.
[$3000][473253High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
[$2000][478549High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
[481015High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative
[$1500][468519Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
[$1000][450939Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
[$1000][468167Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
[$1000][474370Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
[$500][466351Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
[$500][476647Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
[$500][479162Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
[$500][481015Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

Chrome 42.0.2311.90

[$7500][456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
[$4000][313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
[$3000][461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
[$2000][445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
[$1000][463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
[$1000][418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield.
[$500][460917] High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
[$500][455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
[$500][444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
[$500][437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
[$500][429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
[$500][380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

Chrome 41.0.2272.76

[$7500][456516] High CVE-2015-1232: Out-of-bounds write in media. Credit to anonymous.
[$5000][448423] High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$5000][445810] High CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$5000][445809] High CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
[$4000][454954] High CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous.
[$3000][456192] High CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous.
[$3000][456059] High CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer.
[$3000][446164] High CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.
[$3000][437651] High CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin of OUSPG.
[$2500][455368] High CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne.
[$2500][448082] High CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne.
[$2000][454231] High CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl.
[449610] High CVE-2015-1230: Type confusion in v8. Credit to Skylined working with HP’s Zero Day Initiative.
[$2000][449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin of OUSPG.
[$1000][446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer.
[$1000][456841] Medium CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu.
[$1000][450389] Medium CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl.
[$1000][444707] Medium CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz.
[$500][431504] Medium CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy.

Chrome 40.0.2214.91

[$5000][430353High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
[$4500][435880High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
[$4000][434136High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer@booktrack.com.
[$4000][422824High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
[$3500][444695High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
[$3500][435073High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
[$3000][442806High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
[$3000][442710High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
[$2000][443115High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][429666High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
[$2000][427266High CVE-2014-7933: Use-after-free in FFmpeg. Credit to Aki Helin of OUSPG.
[$2000][427249High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][402957High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
[$1500][428561High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
[$1500][419060High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
[$1000][416323High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
[$1000][399951High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
[$1000][433866Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
[$1000][428557Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
[$1000][426762Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
[$1000][422492Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
[$1000][418881Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414310Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414109Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
[$500][430566Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
[$500][414026Medium CVE-2014-7948: Caching error in AppCache. Credit to Yaoqi Jia.

Chrome 39.0.2171.65

[$500][389734High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
[$1500][406868High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
[$1000][413375High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
[$1000][414504High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
[$3000][414525High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
[$2000][418161High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
[$2000][421817High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
[$500][423030High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$7500][423703High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
[$5000][424453High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$500][425980High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
[$500][391001Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.