Create a gist now

Instantly share code, notes, and snippets.

@devd /ChromeData.csv Secret
Created Jun 16, 2013

What would you like to do?
Datasets used in our Usenix Security 2013 paper "An Empirical Study of Vulnerability Rewards Programs"
We can't make this file beautiful and searchable because it's too large.
id,severity,alllabels,security_impact,reward,reward_status,owner,summary,modified,modifiedtimestamp,opened,openedtimestamp,closed,closedtimestamp,reporter,cve
3275,"Low","Cr-Blink, M-4, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Security: Popup-blocker bypass using click event","Apr 06, 2013 03:00:12",1365217212,"Oct 09, 2008 12:48:26",1223556506,"Oct 30, 2009 08:07:15",1256890035,"skylined@chromium.org",""
6062,"High","Cr-Blink, Crash-2.0.156.1, Crash-2.0.157.1, Mstone-2.0, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, stable","Stable",,"","pkasting@chromium.org","Chrome: Crash Report - Stack Signature: WebCore::GIFImageDecoder::haveDecodedRow","Apr 06, 2013 02:56:35",1365216995,"Jan 07, 2009 00:00:08",1231286408,"Feb 05, 2009 00:01:17",1233792077,"mberkow...@chromium.org",""
6264,"High","Area-Misc, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","f...@chromium.org","Security bug: something very wrong with same-origin checks","Mar 21, 2013 20:58:11",1363899491,"Jan 12, 2009 00:05:32",1231718732,"Feb 19, 2009 19:05:44",1235070344,"lcam...@gmail.com",""
6869,"High","Cr-Blink, Crash-2.0.166.1, Crash-2.0.168.0, Crash-2.0.169.0, Crash-2.0.169.1, Crash-2.0.170.0, Mstone-2.1, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","j...@chromium.org","SVG support is crashy in 2.0.157.2","Apr 06, 2013 02:55:47",1365216947,"Jan 22, 2009 19:36:50",1232653010,"Apr 27, 2009 17:36:01",1240853761,"scarybea...@gmail.com",""
7214,"Medium","Cr-Blink, M-4, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Cross-domain access to stylesheet text should not be allowed","Apr 06, 2013 02:55:30",1365216930,"Jan 29, 2009 23:58:13",1233273493,"Nov 09, 2009 20:32:14",1257798734,"abarth@chromium.org",""
7338,"High","Cr-Internals, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","abarth@chromium.org","30x redirects silently honored in response to CONNECT","Mar 21, 2013 20:58:10",1363899490,"Feb 03, 2009 09:05:11",1233651911,"Feb 27, 2009 07:58:27",1235721507,"lcam...@gmail.com",""
7590,"Low","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Rogue renderer can tamper with Windows.","Mar 21, 2013 20:58:09",1363899489,"Feb 11, 2009 14:56:18",1234364178,"Feb 12, 2009 13:52:05",1234446725,"de...@chromium.org",""
7713,"Medium","Cr-Internals, Fixit, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Unescape according to the safe browsing spec","Mar 21, 2013 21:01:39",1363899699,"Feb 13, 2009 21:33:13",1234560793,"Mar 30, 2010 17:41:17",1269970877,"brettw@chromium.org",""
8198,"High","Cr-Internals, Cr-UI-Internationalization, M-4, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, TaskForce-Fixit, Type-Bug-Security, bulkmove","Stable",,"","jshin@chromium.org","Need to upgrade ICU in third_party","Mar 21, 2013 20:58:09",1363899489,"Feb 27, 2009 17:46:05",1235756765,"Sep 10, 2009 18:21:37",1252606897,"a...@chromium.org",""
8473,"Low","Cr-Internals, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Fix CONNECT requests with user-cancelled auth","Mar 21, 2013 20:58:08",1363899488,"Mar 06, 2009 19:03:43",1236366223,"Mar 11, 2009 21:20:36",1236806436,"abarth@chromium.org",""
8706,"Low","Area-BrowserUI, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Mixed content warning can be removed","Mar 21, 2013 20:58:08",1363899488,"Mar 12, 2009 09:45:50",1236851150,"Mar 20, 2009 06:16:54",1237529814,"adhi...@google.com",""
9019,"High","Cr-Blink, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","mal@chromium.org","zdi-can-464: malformed svglist parsing code execution","Apr 06, 2013 02:53:32",1365216812,"Mar 19, 2009 23:43:41",1237506221,"May 13, 2009 18:26:49",1242239209,"whbe...@gmail.com",""
9760,"Low","Cr-Internals, Mstone-2.0, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","est...@chromium.org"," to address bar causes full crash","Mar 21, 2013 20:58:07",1363899487,"Apr 06, 2009 03:09:12",1238987352,"Apr 08, 2009 21:51:14",1239227474,"gotoken",""
9860,"High","Cr-Internals, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cpu@chromium.org","ChromeHTML URI handler vulnerability","Mar 21, 2013 20:58:07",1363899487,"Apr 08, 2009 10:32:19",1239186739,"Apr 08, 2009 16:16:27",1239207387,"roisaltz...@gmail.com",""
9877,"Medium","Cr-Blink, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","scarybea...@gmail.com","Security: cross domain thefts via CSS string property injection","Apr 06, 2013 02:52:27",1365216747,"Apr 08, 2009 19:24:09",1239218649,"Jan 06, 2010 00:57:46",1262739466,"scarybea...@gmail.com",""
10736,"High","Area-Misc, BTW, Mstone-2.0, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","brettw@chromium.org","SkMask::computeImageSize() integer overflow","Mar 21, 2013 20:58:06",1363899486,"Apr 19, 2009 19:40:58",1240170058,"Apr 24, 2009 19:50:35",1240602635,"skylined@chromium.org",""
10869,"High","Cr-Internals, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","mal.chromium@gmail.com","Buffer overflow in browser process while de-serializing SkBitmap (heap overwrite) ","Mar 21, 2013 20:58:06",1363899486,"Apr 23, 2009 01:17:23",1240449443,"Apr 24, 2009 03:01:32",1240542092,"cpu@chromium.org",""
10996,"Medium","Cr-Internals, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","nsylv...@chromium.org","Security: job object based restrictions no longer seem to be enforced","Mar 21, 2013 21:01:38",1363899698,"Apr 24, 2009 19:37:42",1240601862,"Jan 12, 2010 05:44:26",1263275066,"tav...@gmail.com",""
11205,"Low","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cpu@chromium.org","CoInitialize called in renderer (before sandbox lockdown)","Mar 21, 2013 20:58:05",1363899485,"Apr 30, 2009 01:36:50",1241055410,"May 01, 2009 01:09:28",1241140168,"cpu@chromium.org",""
11308,"Medium","Cr-Blink, OS-All, Plugins, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","ana...@chromium.org","ReadAV [ARBITRARY]@chrome!NPAPI::PluginInstance::NPP_DestroyStream+0x111","Apr 06, 2013 02:48:40",1365216520,"May 01, 2009 14:37:49",1241188669,"May 06, 2009 23:55:48",1241654148,"skylined@chromium.org",""
11739,"High","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","a...@chromium.org","V8Proxy::ToNativeObjectImpl ASSERT(MaybeDOMWrapper(object));","Mar 21, 2013 20:58:04",1363899484,"May 11, 2009 14:16:14",1242051374,"May 12, 2009 13:44:04",1242135844,"skylined@chromium.org",""
11934,"High","Area-BrowserUI, M-3, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","dglazkov@chromium.org","Crash: Alert box in event listeners","Mar 21, 2013 20:58:04",1363899484,"May 14, 2009 02:04:25",1242266665,"Jun 05, 2009 00:42:33",1244162553,"sg.deve...@gmail.com",""
12142,"Low","Cr-Internals, OS-Windows, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Crash when proxy responds to CONNECT request with Content-Length: 0","Mar 21, 2013 20:58:04",1363899484,"May 18, 2009 05:06:00",1242623160,"May 18, 2009 22:53:33",1242687213,"abarth@chromium.org",""
12303,"Low","Cr-Internals, M-4, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Size-Medium, Type-Bug-Security","Stable",,"","eroman@chromium.org","Chrome falls back to DIRECT connections once all proxies have failed.","Mar 21, 2013 20:58:03",1363899483,"May 20, 2009 03:22:59",1242789779,"Jan 06, 2010 19:40:08",1262806808,"eroman@chromium.org",""
12307,"Low","Cr-Blink, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Size-Small, Type-Bug-Security","Stable",,"","abarth@chromium.org","Subtle mixed content bugs","Apr 06, 2013 02:47:48",1365216468,"May 20, 2009 06:07:00",1242799620,"Oct 16, 2009 08:24:52",1255681492,"abarth@chromium.org",""
12523,"Medium","Area-BrowserUI, Crash-2.0.172.28, M-4, OS-Windows, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","erg@chromium.org","Crash - Menu::RunMenuAt(int,int)","Mar 21, 2013 21:01:37",1363899697,"May 22, 2009 16:56:18",1243011378,"Jul 07, 2009 22:35:20",1247006120,"lafo...@chromium.org",""
12617,"Low","Area-Misc, OS-All, Pri-3, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Starting a hiden download can allow attacker to determine how long the browser stays open.","Mar 21, 2013 20:58:01",1363899481,"May 25, 2009 12:37:01",1243255021,"Oct 28, 2009 15:48:54",1256744934,"skylined@chromium.org",""
12810,"Low","Area-Misc, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Renderer can crash browser through OOM using document.title","Mar 21, 2013 20:58:00",1363899480,"May 28, 2009 10:58:55",1243508335,"May 30, 2009 08:12:26",1243671146,"skylined@chromium.org",""
14508,"Critical","Cr-Internals, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","abarth@chromium.org","Security: browser crash with memmove() memory corruption upon large chunked encoding chunk size","Mar 21, 2013 21:08:13",1363900093,"Jun 18, 2009 04:05:26",1245297926,"Jun 18, 2009 05:00:00",1245301200,"scarybea...@gmail.com",""
14719,"High","Cr-Blink, JavaScript, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","erik.corry","Security: possible memory corruption in v8 regex execution engine","Apr 06, 2013 02:45:48",1365216348,"Jun 19, 2009 16:44:48",1245429888,"Jul 14, 2009 18:42:37",1247596957,"scarybea...@gmail.com",""
15556,"Low","Cr-Blink, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","innerHTML applies meta/link/title tags before getting commited.","Apr 06, 2013 02:45:05",1365216305,"Jun 29, 2009 04:05:44",1246248344,"Feb 24, 2010 23:22:40",1267053760,"sirdarckcat",""
15701,"Low","Cr-Blink, M-3, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security-Low, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jshin@chromium.org","XSS issue due to the lack of support for ISO-2022-KR","Apr 06, 2013 02:44:51",1365216291,"Jun 30, 2009 20:40:52",1246394452,"Sep 09, 2009 10:46:41",1252493201,"dpra...@chromium.org",""
15766,"Medium","Cr-Blink, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Security: focus() selective keystroke redirection","Apr 06, 2013 02:44:47",1365216287,"Jul 01, 2009 19:52:31",1246477951,"May 05, 2010 21:51:26",1273096286,"lcam...@gmail.com",""
16413,"Medium","Cr-Blink, M-3, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security-Medium, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","darin@chromium.org","Security: Redirected XHR includes custom headers, CSRF risk","Apr 06, 2013 02:44:06",1365216246,"Jul 10, 2009 03:24:19",1247196259,"Jul 30, 2009 21:27:59",1248989279,"jack...@chromium.org",""
16535,"High","Area-Misc, M-5, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","creis@chromium.org","Security: terminate busy loops on page transitions","Mar 21, 2013 20:57:56",1363899476,"Jul 11, 2009 17:32:10",1247333530,"Mar 17, 2010 17:08:15",1268845695,"lcam...@gmail.com",""
17655,"Low","Cr-Blink, M-8, OS-All, Pri-2, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","Security: Bypass pop-up blocker using javascript: url in a pop-up.","Apr 06, 2013 02:42:39",1365216159,"Jul 24, 2009 11:13:40",1248434020,"Oct 18, 2010 21:19:38",1287436778,"skylined@chromium.org",""
18009,"Medium","Cr-Internals, M-3, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","wtc@chromium.org","Security: Investigate NTLM reflection vulnerability","Mar 21, 2013 21:01:35",1363899695,"Jul 29, 2009 18:39:07",1248892747,"Sep 23, 2009 20:47:25",1253738845,"wtc@chromium.org",""
18639,"High","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security-High, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Crash [@ 0xffffffff]","Mar 21, 2013 20:57:55",1363899475,"Aug 06, 2009 16:43:37",1249577017,"Aug 15, 2009 19:22:27",1250364147,"nth1...@gmail.com",""
19158,"High","Cr-Internals, M-3, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","libxml2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529","Mar 21, 2013 20:57:54",1363899474,"Aug 12, 2009 16:07:31",1250093251,"Aug 27, 2009 21:13:44",1251407624,"maruel@chromium.org",""
19340,"Low","Area-Extensions, Cr-Platform-Extensions, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Size-Medium, Type-Bug-Security","Stable",,"","a...@chromium.org"," file extension install without prompt","Mar 21, 2013 20:57:54",1363899474,"Aug 14, 2009 07:57:17",1250236637,"Aug 14, 2009 22:44:49",1250289889,"a...@chromium.org",""
19505,"Low","Cr-Internals, M-4, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Size-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Mixed content flash not causing mixed content warnings","Mar 21, 2013 20:57:53",1363899473,"Aug 17, 2009 17:09:12",1250528952,"Oct 17, 2009 00:20:36",1255738836,"ian.chromium@gmail.com",""
20233,"Low","Area-Misc, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Crash potentially due to resource exhaustion","Mar 21, 2013 20:57:52",1363899472,"Aug 25, 2009 18:01:36",1251223296,"Jan 08, 2010 00:13:21",1262909601,"sg.deve...@gmail.com",""
20318,"Low","Cr-UI, M-5, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: do not auto-complete URLs with cloaked credentials","Mar 21, 2013 20:57:51",1363899471,"Aug 26, 2009 17:29:38",1251307778,"Mar 16, 2010 22:08:22",1268777302,"lcam...@gmail.com",""
20334,"Medium","Area-Misc, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","phajdan.jr@chromium.org","Security: restrict IPs, ports for PASV ftp mode","Mar 21, 2013 21:01:34",1363899694,"Aug 26, 2009 19:55:03",1251316503,"Aug 31, 2009 19:30:02",1251747002,"lcam...@gmail.com",""
20450,"Low","Cr-Internals, LayoutTests, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Size-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Chromium shouldn't allow XHR to local directories","Mar 21, 2013 20:57:50",1363899470,"Aug 27, 2009 23:12:20",1251414740,"Nov 24, 2009 21:46:22",1259099182,"jparent@chromium.org",""
21238,"Medium","Cr-Internals, M-3, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security-Medium, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","security: Content-Type: application/rss+xml being rendered as active content","Mar 21, 2013 21:01:33",1363899693,"Sep 07, 2009 22:41:03",1252363263,"Sep 07, 2009 23:30:22",1252366222,"chris.bi...@gmail.com",""
21242,"High","Cr-Blink, M-3, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","lafo...@chromium.org","Merge webkit.org@48142 to mstone-3","Apr 06, 2013 02:39:08",1365215948,"Sep 08, 2009 01:59:25",1252375165,"Sep 09, 2009 01:51:32",1252461092,"abarth@chromium.org",""
21338,"High","Cr-Blink, M-3, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Reward-500, Security, Security-High, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","lafo...@chromium.org","Same Origin Policy Bypass via getSVGDocument() method.","Apr 06, 2013 02:39:04",1365215944,"Sep 09, 2009 01:24:43",1252459483,"Sep 10, 2009 02:56:32",1252551392,"isaac.da...@gmail.com",""
21354,"Low","Cr-Internals, M-4, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Size-Medium, Type-Bug-Security","Stable",,"","jshin@chromium.org","ISO-2022-CN and ISO-2022-CN-Ext are not supported leading to a potential XSS attack","Mar 21, 2013 20:57:49",1363899469,"Sep 09, 2009 10:50:28",1252493428,"Jan 05, 2010 00:42:59",1262652179,"jshin@chromium.org",""
21770,"High","Area-Misc, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Security: ParseFTPList buffer fencepost, integer underflow","Mar 21, 2013 20:57:49",1363899469,"Sep 14, 2009 17:15:53",1252948553,"Sep 22, 2009 16:42:48",1253637768,"lcam...@gmail.com",""
21771,"High","Area-Misc, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Security: ParseFTPList integer underflow","Mar 21, 2013 20:57:49",1363899469,"Sep 14, 2009 17:19:09",1252948749,"Sep 22, 2009 16:50:46",1253638246,"lcam...@gmail.com",""
22115,"High","Cr-Blink, M-3, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Size-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Two pages munged together if an anchor is clicked during unload","Apr 06, 2013 02:38:36",1365215916,"Sep 17, 2009 08:06:42",1253174802,"Sep 21, 2009 02:36:17",1253500577,"darin@chromium.org",""
23188,"Low","Area-BuildTools, M-4, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","micha...@chromium.org","Gears DLL is not marked at NX compatible","Mar 21, 2013 20:57:48",1363899468,"Sep 27, 2009 01:46:38",1254015998,"Oct 26, 2009 07:37:38",1256542658,"cpu@chromium.org",""
23189,"Low","Area-Misc, HTML5, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, Video","Stable",,"","","avcodec-52.dll is not marked NX, SafeSEH or DBCompat","Mar 21, 2013 20:57:48",1363899468,"Sep 27, 2009 01:54:54",1254016494,"Oct 06, 2009 00:23:31",1254788611,"cpu@chromium.org",""
23693,"Low","Area-Misc, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Security: sanitize URLs better before creating desktop shortcuts","Mar 21, 2013 20:57:47",1363899467,"Oct 02, 2009 22:43:29",1254523409,"Dec 30, 2009 20:20:28",1262204428,"lcam...@gmail.com",""
23979,"Medium","Cr-Internals, M-3, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Security: add other common HTML extensions to the dangerous extensions list","Mar 21, 2013 21:01:31",1363899691,"Oct 06, 2009 20:36:46",1254861406,"Oct 08, 2009 07:27:43",1254986863,"lcam...@gmail.com",""
24375,"Medium","Area-Misc, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","Unbounded read (possible write) in SDCH header parsing","Mar 21, 2013 21:01:31",1363899691,"Oct 08, 2009 23:19:56",1255043996,"Oct 12, 2009 23:43:08",1255390988,"jschuh+legacy@google.com",""
24486,"Medium","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","cev...@chromium.org","Chrome does not checksum downloaded .bdic files; Leads to crashes, possible exploits.","Mar 21, 2013 21:01:31",1363899691,"Oct 09, 2009 23:48:58",1255132138,"Oct 19, 2009 22:55:02",1255992902,"breakf...@gmail.com",""
24646,"High","Cr-Blink, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Security: Skia memory corruption with x<0 in SkA*_Blitter::blitH","Apr 06, 2013 02:36:07",1365215767,"Oct 12, 2009 19:05:39",1255374339,"Dec 01, 2009 10:49:33",1259664573,"berendjanwever",""
24733,"Critical","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","","Browser crash in icu processing text from Japanese page","Mar 21, 2013 21:08:13",1363900093,"Oct 13, 2009 19:06:21",1255460781,"Oct 26, 2009 07:46:32",1256543192,"scarybea...@gmail.com",""
26129,"High","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security","None",500,"accept","","Security: MSVR report: Chrome Frame allows x-domain data theft in IE","Mar 21, 2013 20:48:30",1363898910,"Oct 28, 2009 20:52:25",1256763145,"Oct 29, 2009 14:39:13",1256827153,"su...@chromium.org",""
26179,"Critical","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","","Security: Chromium bug for gears fts2 security vulnerability","Mar 21, 2013 21:08:13",1363900093,"Oct 29, 2009 03:49:10",1256788150,"Oct 29, 2009 03:49:31",1256788171,"scarybea...@gmail.com",""
26585,"High","Cr-Internals, Internals-Plugins, M-4, OS-Mac, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","ama...@chromium.org","Security: Flash does not lose focus, which allows things like key logging","Mar 21, 2013 20:57:45",1363899465,"Nov 03, 2009 14:25:12",1257258312,"Nov 20, 2009 19:26:44",1258745204,"jonat...@hogervorst.info",""
27916,"Low","Cr-Internals, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Bounds error in skAlphaRuns causes renderer hang","Mar 21, 2013 20:57:44",1363899464,"Nov 17, 2009 00:27:24",1258417644,"Dec 10, 2009 15:19:51",1260458391,"jsc...@chromium.org",""
28250,"High","Area-Misc, OS-Linux, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","a...@chromium.org","Chrome/chromium crash in Skia (memset) due to excessive stroke","Mar 21, 2013 20:57:44",1363899464,"Nov 19, 2009 17:03:23",1258650203,"Nov 23, 2009 22:14:37",1259014477,"robert.s...@gmail.com",""
28360,"Low","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","ham...@chromium.org","Security: Chromium/chrome crash in WebCore::RenderMarquee::computePosition","Apr 06, 2013 02:33:20",1365215600,"Nov 20, 2009 16:33:05",1258734785,"Dec 21, 2009 07:21:51",1261380111,"robert.s...@gmail.com",""
28449,"High","Cr-Blink, Mstone-4.1, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","senorbla...@chromium.org","Linear gradient on a table row crashes Chromium","Apr 06, 2013 02:33:17",1365215597,"Nov 21, 2009 02:19:11",1258769951,"Jan 15, 2010 03:39:49",1263526789,"scherkus@chromium.org",""
28566,"High","Cr-Blink, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","pkasting@chromium.org","Security: Crash when opening a corrupted GIF image","Apr 06, 2013 02:33:12",1365215592,"Nov 23, 2009 14:44:59",1258987499,"Jan 05, 2010 23:24:47",1262733887,"robert.s...@gmail.com",""
28574,"High","Area-Misc, OS-Linux, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Security: Memory corruption in WebCore::ResourceLoader","Mar 21, 2013 20:57:43",1363899463,"Nov 23, 2009 15:44:38",1258991078,"Jan 05, 2010 16:16:40",1262708200,"robert.s...@gmail.com",""
28582,"Medium","Area-Misc, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","a...@chromium.org","Out-of-bounds read in memcpy() upon one line CSS - sometimes OOM too","Mar 21, 2013 21:01:30",1363899690,"Nov 23, 2009 17:55:57",1258998957,"Dec 18, 2009 16:50:01",1261155001,"robert.s...@gmail.com",""
28798,"Medium","Cr-Internals, Mstone-4.1, OS-Windows, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","nsylv...@chromium.org","[MD audit] [Window Sandbox] Integrity Level Race Condition","Mar 21, 2013 21:01:30",1363899690,"Nov 25, 2009 19:26:22",1259177182,"Feb 01, 2010 22:32:15",1265063535,"cpu@chromium.org",""
28804,"Medium","Cr-Internals, Mstone-4.1, OS-Windows, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","rvargas@chromium.org","[MD audit] [Window Sandbox] PreProcessName() Race Condition","Mar 21, 2013 21:01:30",1363899690,"Nov 25, 2009 19:32:25",1259177545,"Jan 28, 2010 21:51:48",1264715508,"cpu@chromium.org",""
28811,"High","Cr-Blink, Cr-UI-Notifications, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","john...@chromium.org","Security: WebKit Bug 31886 - Notification::Notification m_presenter reuse of freed memory","Apr 06, 2013 02:33:00",1365215580,"Nov 25, 2009 20:53:04",1259182384,"Dec 15, 2009 21:08:35",1260911315,"skylined@chromium.org",""
28880,"Low","Area-Misc, M-4, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Security: Crash in WebCore/platform/graphics/chromium/FontLinux.cpp:355 (WebCore::TextRunWalker::setupFontForScriptRun)","Mar 21, 2013 20:57:41",1363899461,"Nov 27, 2009 00:05:12",1259280312,"Dec 17, 2009 19:21:27",1261077687,"robert.s...@gmail.com",""
29577,"High","Cr-Blink, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","yusukes@chromium.org","Crash on complicated @font-face rule","Apr 06, 2013 02:32:13",1365215533,"Dec 07, 2009 16:53:07",1260204787,"Dec 16, 2009 01:18:10",1260926290,"yusukes@chromium.org",""
29645,"Medium","Area-BrowserUI, Cr-Blink, Cr-UI-Browser-Autofill, Mstone-X, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","zelidrag@chromium.org","Prevent exposing autocomplete values via Javascript","Apr 06, 2013 02:32:11",1365215531,"Dec 08, 2009 00:25:55",1260231955,"Dec 16, 2009 19:03:47",1260990227,"zelidrag@chromium.org",""
29828,"High","Area-Misc, M-4, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: sandbox bypass due to directory traversal opening Web Database files","Mar 21, 2013 20:57:40",1363899460,"Dec 09, 2009 05:08:13",1260335293,"Dec 15, 2009 16:41:23",1260895283,"cev...@chromium.org",""
29854,"High","Cr-Blink, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: WebKit Bug 32316 - WebCore::RenderObject::arenaDelete ExecAV@??? (292164e5b2ee939ff3ddf062439c2a3e)","Apr 06, 2013 02:32:02",1365215522,"Dec 09, 2009 10:31:29",1260354689,"Dec 17, 2009 00:32:07",1261009927,"skylined@chromium.org",""
29914,"Low","Cr-Internals, M-4, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","eroman@chromium.org","DNS queries not forwarded through SOCKS v5 proxies","Mar 21, 2013 20:57:39",1363899459,"Dec 09, 2009 21:11:47",1260393107,"May 28, 2010 19:41:27",1275075687,"Christop...@gmail.com",""
29920,"Low","Cr-Internals, M-4, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jap...@chromium.org","Referer: header is sent when redirect from https to http","Mar 21, 2013 20:57:38",1363899458,"Dec 09, 2009 21:43:24",1260395004,"Dec 18, 2009 05:00:49",1261112449,"jap...@chromium.org",""
29932,"Low","Area-Misc, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","ukai@chromium.org","Security: Websockets - malformed URL freezes browser","Mar 21, 2013 20:57:38",1363899458,"Dec 09, 2009 22:54:06",1260399246,"Dec 17, 2009 04:50:27",1261025427,"Mario.He...@googlemail.com",""
30079,"Medium","Cr-UI-Browser-SafeBrowsing, M-5, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","Security SafeBrowsingService pure virtual function call and memory corruption","Mar 21, 2013 21:01:29",1363899689,"Dec 11, 2009 09:21:31",1260523291,"Mar 19, 2010 00:58:00",1268960280,"skylined@chromium.org",""
30146,"High","Cr-Platform-Extensions, M-4, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rafaelw@chromium.org","chrome.tabs.executeScriptInTab allows running script in the gallery","Mar 21, 2013 20:57:37",1363899457,"Dec 11, 2009 20:20:22",1260562822,"Dec 24, 2009 00:26:01",1261614361,"a...@chromium.org",""
30510,"Low","Area-Misc, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: invalid pointer access when calling HTML5 Web Database REGEXP() function with just one argument","Mar 21, 2013 20:57:35",1363899455,"Dec 15, 2009 22:35:16",1260916516,"Dec 16, 2009 21:37:57",1260999477,"scarybea...@gmail.com",""
30525,"High","Cr-Blink, M-4, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Merge HTMLParser security fix from WebKit","Apr 06, 2013 02:31:43",1365215503,"Dec 16, 2009 00:56:17",1260924977,"Dec 17, 2009 00:03:30",1261008210,"abarth@chromium.org",""
30660,"High","Area-Misc, OS-All, Pri-0, Restrict-AddIssueComment-Commit, Reward-1000, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",1000,"accept","abarth@chromium.org","window.open() Method Javascript Same-Origin Policy Violation","Mar 21, 2013 20:57:35",1363899455,"Dec 17, 2009 07:16:27",1261034187,"Dec 20, 2009 07:24:31",1261293871,"tokuji.a...@gmail.com",""
30682,"Medium","Cr-Internals, M-5, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","wtc@chromium.org","Disable the null encryption and weak encryption TLS/SSL cipher suites","Mar 21, 2013 21:01:28",1363899688,"Dec 17, 2009 16:51:49",1261068709,"Jan 15, 2010 18:49:49",1263581389,"wtc@chromium.org",""
30937,"Medium","Area-Feature, Cr-Platform-Extensions, M-4, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","a...@chromium.org","Possible to execute script on unpermitted domains using chrome.tabs.executeScript()","Mar 21, 2013 21:01:28",1363899688,"Dec 21, 2009 20:41:23",1261428083,"Jan 07, 2010 05:49:26",1262843366,"a...@chromium.org",""
31009,"High","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","lrn%chro...@gtempaccount.com","[MD audit] [V8]: integer errors lead to dangerous crashes in memory allocators","Mar 21, 2013 20:57:33",1363899453,"Dec 22, 2009 20:05:30",1261512330,"Jan 15, 2010 13:47:42",1263563262,"scarybea...@gmail.com",""
31293,"Low","Cr-Blink, Cr-Internals-Media, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, ffmpeg","Stable",,"","fbarch...@chromium.org","Audio TAG MP3 plays noise burst at beginning","Apr 06, 2013 02:31:02",1365215462,"Dec 29, 2009 20:53:24",1262120004,"Feb 12, 2010 23:34:17",1266017657,"isocket...@gmail.com",""
31307,"High","M-4, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","[MD audit] [RPC] More errors deserializing SkBitmaps!!","Mar 21, 2013 20:57:32",1363899452,"Dec 30, 2009 02:42:22",1262140942,"Dec 30, 2009 05:33:46",1262151226,"scarybea...@gmail.com",""
31517,"Low","Cr-Internals, M-4, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","ChildProcessSecurityPolicy::CanRequestURL recusion stack exhaustion in URL parsing with nested protocols","Mar 21, 2013 20:57:32",1363899452,"Jan 04, 2010 16:32:37",1262622757,"Jan 06, 2010 02:47:28",1262746048,"anton.ki...@gmail.com",""
31542,"High","Cr-Blink, M-4, Pri-2, ReleaseBlock-Beta, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Use after free crash in RTL text handling","Apr 06, 2013 02:30:50",1365215450,"Jan 04, 2010 20:44:09",1262637849,"Jan 04, 2010 21:38:52",1262641132,"jamesr@chromium.org",""
31568,"High","Cr-Blink, Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Need to merge WebKit fix for ZDI-CAN-632 to Beta branch","Apr 06, 2013 02:30:48",1365215448,"Jan 05, 2010 01:56:13",1262656573,"Feb 17, 2010 02:49:30",1266374970,"scarybea...@gmail.com",""
31692,"High","Cr-Blink, Cr-Content-Core, Mstone-4.1, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rolandsteiner.chromium@gmail.com","Bug 33266 - WebCore::InlineFlowBox::determineSpacingForFlowBoxes ReadAV@NULL (43c64e8abbda6766e5f5edbd254c2d57)","Apr 06, 2013 02:30:41",1365215441,"Jan 06, 2010 20:34:53",1262810093,"Jan 26, 2010 07:48:47",1264492127,"skylined@chromium.org",""
31880,"High","Cr-Internals, Mstone-4.1, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","ana...@chromium.org","[MD audit] [plugins] Sandbox Violation: Raw pointer from renderer manipulated in plugin process","Mar 21, 2013 20:57:30",1363899450,"Jan 09, 2010 05:31:30",1263015090,"Jan 20, 2010 07:23:00",1263972180,"jsc...@chromium.org",""
32309,"Medium","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","Stylesheet URL property leaks redirection target","Mar 21, 2013 21:01:27",1363899687,"Jan 14, 2010 22:57:54",1263509874,"Jan 21, 2010 07:40:58",1264059658,"scarybea...@gmail.com",""
32455,"High","M-4, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","ValidityState can hold a stale pointer to control","Mar 21, 2013 20:57:29",1363899449,"Jan 16, 2010 07:28:34",1263626914,"Jan 16, 2010 23:11:12",1263683472,"abarth@chromium.org",""
32718,"Medium","Pri-0, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-decline","Stable",500,"decline","tim@chromium.org","Security: Cross-domain bug in password manager","Mar 21, 2013 21:01:26",1363899686,"Jan 20, 2010 18:27:22",1264012042,"Jan 22, 2010 01:40:05",1264124405,"0adian0@gmail.com",""
32915,"High","OS-Windows, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cpu@chromium.org","[MD audit] [Window Sandbox] CrossCallParamsEx::CreateFromBuffer() integer overflow","Mar 21, 2013 20:57:28",1363899448,"Jan 22, 2010 21:25:31",1264195531,"Jan 23, 2010 02:40:05",1264214405,"cpu@chromium.org",""
33053,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Use of stale HTMLImageElement pointer in JSHTMLFormElement::nameGetter","Mar 21, 2013 20:57:28",1363899448,"Jan 25, 2010 10:55:57",1264416957,"Jan 26, 2010 11:21:49",1264504909,"abarth@chromium.org",""
33445,"Low","Cr-Blink, Mstone-4.1, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","STS design questions around probing what sites a user has been to","Apr 06, 2013 02:28:40",1365215320,"Jan 28, 2010 23:25:58",1264721158,"Feb 23, 2010 22:03:02",1266962582,"teddyl...@gmail.com",""
33572,"Medium","Cr-UI, Cr-UI-Browser-SafeBrowsing, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","eroman@chromium.org"," are allowed to initiate downloads without user intervention.","Mar 21, 2013 21:01:25",1363899685,"Jan 29, 2010 21:38:15",1264801095,"Feb 27, 2010 09:42:24",1267263744,"mike.dou...@gmail.com",""
33664,"Low","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","XSS Filter can disable legitimate code, creating vulnerabilities in otherwise safe webpages","Mar 21, 2013 20:57:27",1363899447,"Jan 30, 2010 02:55:58",1264820158,"Mar 02, 2010 22:25:15",1267568715,"tste...@gmail.com",""
33876,"Low","Cr-Blink, M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jor...@chromium.org","Security: LocalStorage Cross Domain Denial of Service Attack","Apr 06, 2013 02:28:28",1365215308,"Jan 31, 2010 07:54:44",1264924484,"Mar 09, 2010 06:16:45",1268115405,"inferno...@gmail.com",""
33952,"Low","Cr-UI, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Infinite redirects with long URL can cause browser process OOM.","Mar 21, 2013 20:57:26",1363899446,"Jan 31, 2010 23:05:15",1264979115,"Apr 01, 2010 05:53:17",1270101197,"charlie....@gmail.com",""
34135,"High","Cr-UI, Cr-UI-Browser-TabStrip, M-9, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","sky@chromium.org","Browser process crash (CHECK failure) in TabStripModel::GetContentsAt(int) const","Mar 21, 2013 20:57:26",1363899446,"Feb 01, 2010 23:52:04",1265068324,"Feb 02, 2011 19:46:58",1296676018,"huanr@chromium.org",""
34414,"Low","Cr-Blink, M-7, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","Regression:m7: Chrome Popup Blocker ByPass","Apr 06, 2013 02:28:10",1365215290,"Feb 03, 2010 08:52:02",1265187122,"Sep 03, 2010 18:34:48",1283538888,"inferno...@gmail.com",""
34495,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Crash in XMLTokenizer::popCurrentNode if window.close() is called during parsing [CVE-2010-0048]","Mar 21, 2013 20:57:25",1363899445,"Feb 03, 2010 22:02:09",1265234529,"Oct 05, 2011 01:37:37",1317778657,"scarybea...@gmail.com",""
34498,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Navigating to a cached page can result in accessing a destroyed HTMLInputElement [CVE-2010-0052]","Mar 21, 2013 20:57:25",1363899445,"Feb 03, 2010 22:15:04",1265235304,"Oct 05, 2011 01:37:37",1317778657,"scarybea...@gmail.com",""
34721,"Low","Cr-UI, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, bulkmove","Stable",,"","pkasting@chromium.org","Long string in alert() 100% CPU DoS","Mar 21, 2013 20:57:24",1363899444,"Feb 05, 2010 08:22:12",1265358132,"Apr 19, 2010 16:04:16",1271693056,"ramazanb...@gmail.com",""
34978,"High","Cr-Blink, Mstone-4.1, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","esei...@chromium.org","WebCore::Document::recalcStyleSelector+0x7c","Apr 06, 2013 02:27:57",1365215277,"Feb 08, 2010 08:27:11",1265617631,"Feb 20, 2010 05:50:33",1266645033,"woo...@gmail.com",""
35079,"High","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Stale pointer in WebKit with captions","Mar 21, 2013 20:57:23",1363899443,"Feb 09, 2010 02:12:03",1265681523,"Feb 11, 2010 00:25:53",1265847953,"scarybea...@gmail.com",""
35168,"Low","Cr-Stability, Cr-UI, M-5, OS-Chrome, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Crash when clicking long URL with unknown scheme","Mar 21, 2013 20:57:23",1363899443,"Feb 09, 2010 19:48:14",1265744894,"Mar 29, 2010 22:10:37",1269900637,"derat@chromium.org",""
35366,"High","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","dglazkov@chromium.org","[MD audit] DOM tree node reference errors when manipulating DOM tree inside certain callbacks","Apr 06, 2013 02:27:35",1365215255,"Feb 11, 2010 04:09:32",1265861372,"Jul 12, 2010 21:11:38",1278969098,"scarybea...@gmail.com",""
35724,"High","Cr-Blink, Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Reward-1337, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",1337,"accept","cev...@chromium.org","Integer overflow in webGL","Apr 06, 2013 02:27:22",1365215242,"Feb 14, 2010 14:31:57",1266157917,"Mar 02, 2010 22:42:02",1267569722,"serg.gla...@gmail.com",""
35732,"High","Cr-UI, Pri-0, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security","None",500,"accept","pkasting@chromium.org","Security: Renderer segfault when a malformed png file is loaded.","Mar 21, 2013 20:48:17",1363898897,"Feb 14, 2010 16:26:45",1266164805,"Feb 22, 2010 23:26:34",1266881194,"aohelin",""
35979,"Low","Area-libxml, M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: Opening a malformed XML file causes a segmentation fault in xmlParseGetLasts.","Mar 21, 2013 20:57:22",1363899442,"Feb 17, 2010 07:02:39",1266390159,"Mar 23, 2010 22:33:12",1269383592,"aohelin",""
36277,"Medium","Cr-UI, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","Passwords may be easily seen.","Mar 21, 2013 21:01:21",1363899681,"Feb 19, 2010 18:35:21",1266604521,"Mar 09, 2010 22:58:10",1268175490,"igascr...@gmail.com",""
36772,"Medium","Cr-UI, Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: HTTP AUTH dialog spoofing using long subdomains (Windows Only)","Mar 21, 2013 21:01:21",1363899681,"Feb 25, 2010 09:36:28",1267090588,"Mar 05, 2010 16:55:31",1267808131,"inferno...@gmail.com",""
36774,"Low","Cr-Internals, Cr-UI-Browser-SafeBrowsing, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","The 1 second timeout on safebrowsing get hash might be exploitable","Mar 21, 2013 20:57:20",1363899440,"Feb 25, 2010 10:23:53",1267093433,"Mar 24, 2010 03:39:44",1269401984,"eroman@chromium.org",""
36976,"Low","Cr-Blink, Cr-Content-Core, M-5, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","WebCore::SVGAnimationElement::calculatePercentFromKeyPoints ReadAV@NULL (00939658970e30ddcc2953e88ebb851d)","Apr 06, 2013 02:26:10",1365215170,"Feb 27, 2010 09:00:09",1267261209,"Mar 19, 2010 19:36:21",1269027381,"aohelin",""
37007,"Medium","Cr-Internals, Cr-Internals-Network, Cr-UI-Browser-Downloads, Mstone-4.1, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Bypass unsafe file types dialog using extra dots at end of file name.","Mar 21, 2013 21:01:20",1363899680,"Feb 28, 2010 04:13:56",1267330436,"Mar 03, 2010 06:50:47",1267599047,"kuz...@gmail.com",""
37061,"High","Cr-Blink, Mstone-4.1, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security","None",500,"accept","mal@chromium.org","WebCore::SVGUseElement::updateContainerOffsets ExecAV@Arbitrary (1dc75f12fe3750aa1828ea20506a5d54)","Apr 06, 2013 02:26:07",1365215167,"Mar 01, 2010 10:18:48",1267438728,"Mar 06, 2010 07:35:47",1267860947,"aohelin",""
37184,"Medium","Cr-Blink, Cr-Internals-Media, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","scherkus@chromium.org","Security: ff_vorbis_floor1_render_list ReadAV@Arbitrary (multiple stacks)","Apr 06, 2013 02:26:03",1365215163,"Mar 02, 2010 08:40:19",1267519219,"Apr 01, 2010 00:12:23",1270080743,"berendjanwever",""
37201,"Medium","Cr-UI, Cr-UI-Browser-Omnibox, M-6, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jshin@chromium.org","Omnibox visual spoofing with Japanese Maru","Mar 21, 2013 21:01:19",1363899679,"Mar 02, 2010 18:10:58",1267553458,"Jul 27, 2010 22:05:43",1280268343,"chris@casaba.com",""
37310,"High","Cr-Blink, Cr-Internals-Media, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","scherkus@chromium.org","Crash in media::FFmpegDemuxer::~FFmpegDemuxer()","Apr 06, 2013 02:25:55",1365215155,"Mar 03, 2010 17:03:08",1267635788,"Mar 23, 2010 22:42:44",1269384164,"thestig@chromium.org",""
37383,"High","Cr-Internals, Cr-Internals-Core, Mstone-4.1, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Reward-1000, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",1000,"accept","jsc...@chromium.org","javascript: url with a leading NULL byte can bypass cross origin protection.","Mar 21, 2013 20:57:17",1363899437,"Mar 04, 2010 07:28:45",1267687725,"Mar 11, 2010 03:54:19",1268279659,"kuz...@gmail.com",""
37447,"Low","Cr-Internals, M-5, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","secur...@chromium.org","Google Chrome OCX Automatic Download","Mar 21, 2013 20:57:17",1363899437,"Mar 04, 2010 22:37:09",1267742229,"Mar 07, 2010 04:42:06",1267936926,"jconsult...@gmail.com",""
37826,"High","Mstone-4.1, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Need to merge fix for https://bugs.webkit.org/show_bug.cgi?id=35621 / ZDI-CAN-688","Mar 21, 2013 20:57:17",1363899437,"Mar 10, 2010 06:25:08",1268202308,"Mar 10, 2010 06:49:18",1268203758,"scarybea...@gmail.com",""
37827,"High","Mstone-4.1, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Need to merge fix for https://bugs.webkit.org/show_bug.cgi?id=35598 / ZDI-CAN-704","Mar 21, 2013 20:57:16",1363899436,"Mar 10, 2010 06:54:16",1268204056,"Mar 10, 2010 07:06:48",1268204808,"scarybea...@gmail.com",""
38512,"Low","Cr-Internals, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","a...@chromium.org","libpng < (1.4.1|1.2.43) suffer DoS issues (CVE-2010-0205)","Mar 21, 2013 20:57:16",1363899436,"Mar 18, 2010 15:18:49",1268925529,"Mar 18, 2010 18:29:39",1268936979,"a...@chromium.org",""
38550,"Low","Cr-Internals, Cr-Internals-Network, M-5, OS-Mac, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","s...@chromium.org","Mac: Don't send client cert before verifying received server cert","Mar 21, 2013 20:57:16",1363899436,"Mar 18, 2010 21:23:46",1268947426,"Mar 19, 2010 23:17:50",1269040670,"s...@chromium.org",""
38845,"Low","Cr-Internals, Cr-Internals-Network, Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Out of bounds array read in FTP network transaction","Mar 21, 2013 20:57:15",1363899435,"Mar 21, 2010 20:54:08",1269204848,"Mar 22, 2010 01:05:13",1269219913,"tk.chromium@googlemail.com",""
38920,"Medium","Cr-Internals, Cr-Platform-Extensions, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jochen@chromium.org","extensions can circumvent access restrictions by over-writing chromeHidden.event.dispatchJSON","Mar 21, 2013 21:01:18",1363899678,"Mar 22, 2010 18:57:07",1269284227,"Mar 24, 2010 21:17:58",1269465478,"jochen@chromium.org",""
39047,"High","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Reward-1000, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",1000,"accept","jsc...@chromium.org","Cross-origin bypass","Mar 21, 2013 20:57:15",1363899435,"Mar 23, 2010 16:38:53",1269362333,"Mar 29, 2010 04:09:41",1269835781,"serg.gla...@gmail.com",""
39277,"Low","M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Browser GDI crash with excessive downloads.","Mar 21, 2013 20:57:14",1363899434,"Mar 25, 2010 04:33:36",1269491616,"Mar 29, 2010 22:34:47",1269902087,"kuz...@gmail.com",""
39303,"Low","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","icudt42.dll does not support ASLR(on Win7/Vista)","Mar 21, 2013 20:57:14",1363899434,"Mar 25, 2010 14:31:21",1269527481,"Mar 26, 2010 17:13:35",1269623615,"radu.sta...@gmail.com",""
39443,"High","Mstone-4.1, Pri-2, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","cev...@chromium.org","crash with form tag","Mar 21, 2013 20:57:14",1363899434,"Mar 26, 2010 11:58:30",1269604710,"Mar 30, 2010 00:45:48",1269909948,"kuz...@gmail.com",""
39660,"High","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Need to merge fix for CSSPrimitiveValue::setFloatValue() type confusion error","Mar 21, 2013 20:57:13",1363899433,"Mar 29, 2010 04:30:52",1269837052,"Mar 29, 2010 04:53:51",1269838431,"scarybea...@gmail.com",""
39698,"High","Cr-Blink, Mstone-4.1, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Security: Synchronous preflight XHR allows arbitrary XSRF ","Apr 06, 2013 02:24:04",1365215044,"Mar 29, 2010 16:23:01",1269879781,"Apr 05, 2010 01:21:22",1270430482,"me...@google.com",""
39740,"Medium","Cr-Internals, Cr-Privacy, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","cev...@chromium.org","Plugins are not always blocked by content settings","Mar 21, 2013 21:01:18",1363899678,"Mar 29, 2010 22:19:23",1269901163,"Apr 07, 2010 03:06:18",1270609578,"darin@chromium.org",""
39861,"Medium","Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","cev...@chromium.org","Cross-origin image theft via SVGs as a canvas pattern","Mar 21, 2013 21:01:18",1363899678,"Mar 30, 2010 17:56:42",1269971802,"Mar 30, 2010 23:01:55",1269990115,"scarybea...@gmail.com",""
39985,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Cross-origin bypass: Javascript URL can be set in iframe.src via numerous DOM aliases (via Node and NamedNodeMap)","Apr 06, 2013 02:23:47",1365215027,"Mar 31, 2010 14:33:44",1270046024,"May 23, 2010 16:16:47",1274631407,"jsc...@chromium.org",""
40136,"Medium","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: Path Traversal in Devtools","Mar 21, 2013 21:01:17",1363899677,"Apr 01, 2010 20:16:13",1270152973,"Apr 03, 2010 01:17:35",1270257455,"tav...@gmail.com",""
40137,"Medium","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: XSS in net-internals","Mar 21, 2013 21:01:17",1363899677,"Apr 01, 2010 20:17:49",1270153069,"Apr 01, 2010 22:46:23",1270161983,"tav...@gmail.com",""
40138,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: XSS in chrome://downloads","Mar 21, 2013 20:57:11",1363899431,"Apr 01, 2010 20:18:45",1270153125,"Apr 02, 2010 00:12:59",1270167179,"tav...@gmail.com",""
40147,"Low","Cr-UI, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: XSS issue in the FTP parser","Mar 21, 2013 20:57:11",1363899431,"Apr 01, 2010 22:35:27",1270161327,"Apr 06, 2010 03:44:32",1270525472,"robert.s...@gmail.com",""
40445,"High","Cr-Blink, M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Reward-1000, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",1000,"accept","infe...@chromium.org"," on JAVASCRIPT URI ","Apr 06, 2013 02:23:27",1365215007,"Apr 05, 2010 19:45:36",1270496736,"Apr 08, 2010 20:13:21",1270757601,"jconsult...@gmail.com",""
40487,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","<video> inside <foreignObject> inside <svg> inside <img> --> crash","Apr 06, 2013 02:23:23",1365215003,"Apr 05, 2010 23:29:01",1270510141,"Apr 21, 2010 01:30:24",1271813424,"bl...@google.com",""
40575,"Medium","Cr-Internals, M-4, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","brettw@chromium.org","An HTTP page loaded quickly after NTP can gain DOMUI bindings privilege","Mar 21, 2013 21:01:17",1363899677,"Apr 06, 2010 19:32:11",1270582331,"Apr 07, 2010 21:28:06",1270675686,"eroman@chromium.org",""
40605,"Low","Chrome-only, Cr-Internals, Cr-UI-Browser-SafeBrowsing, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Redirecting to a data URI without a / in the data section crashes the entire browser","Mar 21, 2013 20:57:09",1363899429,"Apr 06, 2010 23:55:24",1270598124,"Jun 02, 2010 14:38:45",1275489525,"ric...@gmail.com",""
40628,"Low","Cr-Internals, Cr-Internals-Core, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","darin@chromium.org","WebKit: WebCore::PageGroupLoadDeferrer::PageGroupLoadDeferrer ReadAV@NULL (7a3291a05aead0cc3a4bc8a6b440d145)","Mar 21, 2013 20:57:09",1363899429,"Apr 07, 2010 08:54:45",1270630485,"Apr 27, 2010 06:32:05",1272349925,"skylined@chromium.org",""
40635,"High","Cr-Blink, Cr-Blink-JavaScript, Mstone-4.1, Pri-0, Restrict-AddIssueComment-Commit, Reward-500, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","","Security: v8: WebKitPoint() memory corruption","Apr 06, 2013 03:28:10",1365218890,"Apr 07, 2010 09:46:55",1270633615,"Apr 07, 2010 20:08:25",1270670905,"skylined@chromium.org",""
40801,"Low","Cr-Internals, M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB Array Indexing Bug","Mar 21, 2013 20:57:08",1363899428,"Apr 08, 2010 16:17:09",1270743429,"Apr 08, 2010 17:27:08",1270747628,"flolech...@gmail.com",""
41469,"Medium","Cr-Blink, Cr-Content-Core, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Drag and drop bad reference counting leads to re-use of freed memory: WebCore..String..length ReadAV@Arbitrary (394bb1a56acd66a43221b2a08fa5b25a)","Apr 06, 2013 02:22:36",1365214956,"Apr 14, 2010 15:39:13",1271259553,"May 01, 2010 16:38:36",1272731916,"skylined@chromium.org",""
41654,"Medium","Cr-Blink, Cr-Content-Core, M-6, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: Permanent Clipboard Hijack","Apr 06, 2013 02:22:24",1365214944,"Apr 15, 2010 19:14:07",1271358847,"May 04, 2010 05:24:05",1272950645,"infe...@chromium.org",""
41778,"Low","Cr-UI, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org"," right click context menu option can open arbitary urls like chrome:// file:// etc.","Mar 21, 2013 20:57:08",1363899428,"Apr 16, 2010 16:10:30",1271434230,"Apr 20, 2010 19:21:46",1271791306,"kuz...@gmail.com",""
42228,"High","M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","ca...@chromium.org","Security: a malicious page may gain access to context of an extension's content script","Mar 21, 2013 20:57:07",1363899427,"Apr 21, 2010 19:06:11",1271876771,"Apr 27, 2010 16:44:27",1272386667,"ca...@chromium.org",""
42294,"High","Cr-Blink, Cr-Blink-Fonts, Cr-Content-Core, M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Reward-500, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","yusukes@chromium.org","WebCore::FontFallbackList::determinePitch memory corruption (0b4c05aab686a31bc4954a5bd6bae27b)","Apr 06, 2013 04:51:09",1365223869,"Apr 22, 2010 10:04:09",1271930649,"Apr 24, 2010 02:07:38",1272074858,"woo...@gmail.com",""
42306,"High","Cr-Blink, Cr-Internals-Media, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","fbarch...@chromium.org","Possible num_patches array indexing errors in AAC SBR","Apr 06, 2013 02:21:32",1365214892,"Apr 22, 2010 13:21:16",1271942476,"Apr 23, 2010 23:20:49",1272064849,"scarybea...@gmail.com",""
42356,"Medium","Cr-Platform-Extensions, Cr-UI, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","arv@chromium.org","User scripts can access chrome:// URLs","Mar 21, 2013 21:01:14",1363899674,"Apr 22, 2010 21:49:24",1271972964,"Apr 23, 2010 02:18:48",1271989128,"arv@chromium.org",""
42391,"Medium","Cr-Blink, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","dcheng@chromium.org","Chromium exposes file paths when dropping files","Apr 06, 2013 02:21:25",1365214885,"Apr 23, 2010 07:06:44",1272006404,"Apr 29, 2010 03:40:20",1272512420,"dcheng@chromium.org",""
42396,"Low","Cr-Blink, Cr-Content-Core, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","kbr@chromium.org","Security: WebKit: WebCore::WebGLUnsignedIntArrayInternal::getCallback ReadAV@Arbitrary (deef89ee3d0345edebeaf13cf974c47c)","Apr 06, 2013 02:21:24",1365214884,"Apr 23, 2010 08:59:25",1272013165,"May 07, 2010 17:59:19",1273255159,"skylined@chromium.org",""
42538,"Low","Cr-Internals, Cr-Internals-Network, M-5, OS-Linux, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","wtc@chromium.org","segfault in net::X509Certificate::Verify [Linux]","Mar 21, 2013 20:57:06",1363899426,"Apr 26, 2010 07:29:16",1272266956,"Apr 29, 2010 21:03:44",1272575024,"aohelin",""
42574,"Low","CVE-2011-1185, Cr-Blink, M-10, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Sandboxed iframes should not allow navigation to history forward,back without allow-top-navigation set.","Apr 06, 2013 02:21:17",1365214877,"Apr 26, 2010 20:57:47",1272315467,"Jan 02, 2011 03:58:49",1293940729,"evn@google.com","2011-1185"
42575,"Medium","Cr-Blink, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","abarth@chromium.org","sessionStorage is shared on iframe@sandbox","Apr 06, 2013 02:21:17",1365214877,"Apr 26, 2010 21:00:26",1272315626,"May 07, 2010 00:01:35",1273190495,"evn@google.com",""
42723,"High","Cr-Blink, Cr-Content-Core, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Reward-500, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",500,"accept","infe...@chromium.org","Table layout crash bug from wushi","Apr 06, 2013 02:20:56",1365214856,"Apr 28, 2010 14:15:49",1272464149,"May 14, 2010 22:21:59",1273875719,"scarybea...@gmail.com",""
42736,"Medium","Cr-Blink, Cr-Content-Core, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500, reward-decline","Stable",500,"decline","","Memory corruption (read random system memory) or crash","Apr 06, 2013 02:20:54",1365214854,"Apr 28, 2010 16:15:13",1272471313,"Jun 29, 2010 17:51:26",1277833886,"Michail....@gmail.com",""
42755,"High","M-5, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Merge fix for WebKit CSS hover security bug to 375","Mar 21, 2013 20:57:04",1363899424,"Apr 28, 2010 18:17:59",1272478679,"Apr 28, 2010 18:37:37",1272479857,"scarybea...@gmail.com",""
42765,"Low","CVE-2011-1185, Cr-Blink, M-10, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","top.close() is allowed on iframe@sandbox when allow-same-origin is not set","Apr 06, 2013 02:20:52",1365214852,"Apr 28, 2010 19:19:57",1272482397,"Jan 02, 2011 07:26:40",1293953200,"evn@google.com","2011-1185"
42980,"Medium","Cr-Blink, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Sandboxed iframes should not autocomplete/autofill unless allow-same-origin set","Apr 06, 2013 02:20:38",1365214838,"Apr 30, 2010 23:15:57",1272669357,"May 21, 2010 04:57:07",1274417827,"evn@google.com",""
42989,"Low","Cr-Internals, M-10, OS-Mac, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, Verifier-Deepakg","Stable",,"","jeremy@chromium.org","Mac sandbox allows calls to stat() on arbitrary paths.","Mar 21, 2013 20:57:03",1363899423,"May 01, 2010 01:47:24",1272678444,"Oct 26, 2010 13:42:37",1288100557,"dcheng@chromium.org",""
43304,"High","M-5, OS-Linux, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","a...@chromium.org","[MD audit] Linux sandbox escape","Mar 21, 2013 20:57:02",1363899422,"May 05, 2010 12:32:25",1273062745,"May 07, 2010 17:50:12",1273254612,"scarybea...@gmail.com",""
43307,"High","M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","[MD audit] Possible memory corruption with bad bitmap shared memory object in clipboard IPC","Mar 21, 2013 20:57:02",1363899422,"May 05, 2010 13:27:50",1273066070,"May 06, 2010 23:13:41",1273187621,"scarybea...@gmail.com",""
43315,"High","M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","[MD audit] Stale pointer error when normalizing DOM nodes","Mar 21, 2013 20:57:02",1363899422,"May 05, 2010 14:24:48",1273069488,"May 11, 2010 00:13:32",1273536812,"scarybea...@gmail.com",""
43322,"High","Pri-3, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","[MD audit] Problems with video messages and sizes","Mar 21, 2013 20:57:01",1363899421,"May 05, 2010 14:53:15",1273071195,"Jun 08, 2010 02:37:14",1275964634,"scarybea...@gmail.com",""
43487,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","ZDI-CAN-765: CSS Charset Text Transformation Vulnerability ","Apr 06, 2013 02:20:09",1365214809,"May 06, 2010 23:49:04",1273189744,"May 20, 2010 00:02:27",1274313747,"jsc...@chromium.org",""
43488,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1786","Stable",,"","jsc...@chromium.org","ZDI-CAN-766: SVG ForeignObject Rendering Layout Vulnerability","Apr 06, 2013 02:20:08",1365214808,"May 06, 2010 23:50:46",1273189846,"Jun 23, 2010 12:34:11",1277296451,"jsc...@chromium.org","2010-1786"
43813,"High","Cr-Internals, Cr-Internals-Skia, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","wjmacl...@chromium.org","chrome_1c30000!SkAlphaRuns::Break+0x13 - Memory Corruption","Mar 21, 2013 20:57:01",1363899421,"May 10, 2010 22:33:53",1273530833,"Jul 13, 2010 17:27:16",1279042036,"sp3x...@gmail.com",""
43846,"Low","Cr-Blink, M-6, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Null deref during image drag, crash in drag selection controller.","Apr 06, 2013 02:19:52",1365214792,"May 11, 2010 08:44:36",1273567476,"Jun 18, 2010 01:28:01",1276824481,"infe...@chromium.org",""
43902,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","innerHTML decompilation issues in textarea","Apr 06, 2013 02:19:49",1365214789,"May 11, 2010 19:10:34",1273605034,"May 12, 2010 18:18:45",1273688325,"evn@google.com",""
43967,"High","Cr-UI, Cr-UI-Browser-Omnibox, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, bulkmove","Stable",,"","brettw@chromium.org","REGRESSION: Currently loading subresource displayed in omnibox","Mar 21, 2013 20:57:00",1363899420,"May 12, 2010 05:08:28",1273640908,"May 25, 2010 16:23:09",1274804589,"jo...@google.com",""
44424,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","","security:chrome_1c30000!WebCore::InlineBox::paint+0x70","Apr 06, 2013 02:19:08",1365214748,"May 18, 2010 01:46:15",1274147175,"Jun 26, 2010 00:48:03",1277513283,"woo...@gmail.com",""
44500,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1788","Stable",,"","","Invalid read handling malformed SVG <use> element","Apr 06, 2013 02:19:03",1365214743,"May 18, 2010 20:42:06",1274215326,"Jul 05, 2010 15:33:09",1278343989,"jsc...@chromium.org","2010-1788"
44658,"High","Cr-Internals, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","","Security: Insecure behavior in /tmp by Keystone on Mac OS X","Mar 21, 2013 20:56:59",1363899419,"May 20, 2010 16:37:31",1274373451,"Jun 29, 2010 17:22:15",1277832135,"googlec...@vtty.com",""
44740,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Need to merge fix for WebKit font issue to 375 branch","Apr 06, 2013 02:18:49",1365214729,"May 21, 2010 11:11:05",1274440265,"May 23, 2010 16:22:07",1274631727,"scarybea...@gmail.com",""
44759,"Low","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","sad tab with little script","Mar 21, 2013 20:56:58",1363899418,"May 21, 2010 16:03:21",1274457801,"May 21, 2010 16:44:01",1274460241,"javg0...@gmail.com",""
44868,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Geolocation events fire after document deletion","Apr 06, 2013 02:18:41",1365214721,"May 23, 2010 16:15:21",1274631321,"Oct 05, 2011 01:39:10",1317778750,"jsc...@chromium.org",""
44955,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Need to merge WebCore::toAlphabetic() crash to 375 branch.","Apr 06, 2013 02:18:34",1365214714,"May 24, 2010 23:17:57",1274743077,"May 24, 2010 23:28:00",1274743680,"infe...@chromium.org",""
45164,"Low","Cr-Blink, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Crash with invalid images.","Apr 06, 2013 02:18:23",1365214703,"May 26, 2010 22:36:52",1274913412,"Jun 10, 2010 22:08:12",1276207692,"javg0...@gmail.com",""
45267,"High","Pri-3, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","ViewHostMsg_UpdateVideo memory corruption","Mar 21, 2013 20:56:57",1363899417,"May 27, 2010 20:19:03",1274991543,"Jun 08, 2010 02:37:56",1275964676,"chromium.cdn@gmail.com",""
45331,"High","Cr-Blink, M-6, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Reward-500, Security, Security_Severity-High, Type-Bug-Security","None",500,"accept","","Memory Corruption with invalid svg rendering","Apr 06, 2013 02:18:17",1365214697,"May 28, 2010 13:28:00",1275053280,"Jun 22, 2010 17:43:56",1277228636,"aohelin",""
45400,"Critical","Cr-Internals, Cr-Stability, M-5, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1337","Stable",1337,"accept","infe...@chromium.org","Browser crash @ RenderViewHost::FilesSelectedInChooser","Mar 21, 2013 21:08:11",1363900091,"May 29, 2010 16:01:32",1275148892,"Aug 03, 2010 16:36:08",1280853368,"serg.gla...@gmail.com",""
45609,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1784","Stable",,"","jsc...@chromium.org","ZDI-CAN-784: Apple Webkit Rendering Counter Remote Code Execution Vulnerability","Apr 06, 2013 02:17:59",1365214679,"Jun 02, 2010 03:13:26",1275448406,"Jul 01, 2010 17:24:43",1278005083,"infe...@chromium.org","2010-1784"
45614,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1785","Stable",,"","infe...@chromium.org","ZDI-CAN-782: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability","Apr 06, 2013 02:17:59",1365214679,"Jun 02, 2010 05:37:01",1275457021,"Jun 12, 2010 00:58:12",1276304292,"infe...@chromium.org","2010-1785"
45615,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1787","Stable",,"","infe...@chromium.org","ZDI-CAN-785: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability","Apr 06, 2013 02:17:59",1365214679,"Jun 02, 2010 05:58:49",1275458329,"Jun 12, 2010 00:49:06",1276303746,"infe...@chromium.org","2010-1787"
45659,"High","Cr-Blink, M-6, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Stale pointer in SVGResourceFilter","Apr 06, 2013 02:17:55",1365214675,"Jun 02, 2010 17:56:58",1275501418,"Jun 02, 2010 22:01:17",1275516077,"tav...@gmail.com",""
45876,"Medium","Cr-Internals, Cr-Platform-Extensions, M-6, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","Web pages should NOT be able to load resources if there are NO content scripts from that extension on the page","Mar 21, 2013 21:01:12",1363899672,"Jun 04, 2010 20:07:29",1275682049,"Aug 05, 2010 20:35:47",1281040547,"a...@chromium.org",""
45983,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","Segmentation fault in WebCore::RenderLayer::paintList when a malformed PNG image is viewed","Apr 06, 2013 02:17:38",1365214658,"Jun 07, 2010 07:27:19",1275895639,"Jun 25, 2010 03:18:46",1277435926,"aohelin",""
46018,"Critical","Cr-UI, Cr-UI-Notifications, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","john...@chromium.org","Crash - BalloonViewImpl::DelayedClose","Mar 21, 2013 21:08:10",1363900090,"Jun 07, 2010 20:19:49",1275941989,"Aug 06, 2010 18:50:41",1281120641,"huanr@chromium.org",""
46126,"High","Cr-Internals, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","wtc@chromium.org","crash with processing invalid x509-user-cert responses.","Mar 21, 2013 20:56:54",1363899414,"Jun 09, 2010 02:36:56",1276051016,"Jun 10, 2010 22:34:37",1276209277,"infe...@chromium.org",""
46360,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","Memory corruption in :first-letter rendering","Apr 06, 2013 02:17:14",1365214634,"Jun 11, 2010 16:30:11",1276273811,"Jun 22, 2010 04:43:15",1277181795,"infe...@chromium.org",""
46452,"High","Cr-Blink, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, not-extensions","Stable",,"","tony@chromium.org"," when combined with certain JavaScripts","Apr 06, 2013 02:17:07",1365214627,"Jun 13, 2010 13:35:26",1276436126,"Jul 21, 2010 01:24:25",1279675465,"thaberm...@gmail.com",""
46575,"Low","Cr-UI, M-5, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","est...@chromium.org","DoS by opening unlimited number of print dialogs","Mar 21, 2013 20:56:53",1363899413,"Jun 15, 2010 16:15:33",1276618533,"Jun 21, 2010 21:50:48",1277157048,"mats.ahl...@gmail.com",""
46750,"Low","Cr-Internals, Feature-WebSocket, M-5, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","ukai@chromium.org","Browser crash in WebSocket creation","Mar 21, 2013 20:56:53",1363899413,"Jun 17, 2010 00:53:27",1276736007,"Aug 04, 2010 00:20:21",1280881221,"jsc...@chromium.org",""
46957,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Severity-High, Type-Bug-Security, reward-500","None",500,"accept","dglazkov@chromium.org","Renderer crash in CounterNode in documentBeingDestroyed call (similar to 45609)","Apr 06, 2013 02:16:40",1365214600,"Jun 19, 2010 06:13:03",1276927983,"Jun 30, 2010 19:31:49",1277926309,"javg0...@gmail.com",""
47056,"Low","Cr-UI, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","tony@chromium.org","Browser crash after AppModalDialogQueue::ShowNextDialog","Mar 21, 2013 20:56:52",1363899412,"Jun 21, 2010 15:28:30",1277134110,"Jun 23, 2010 01:25:47",1277256347,"aohelin",""
47086,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Memory corruption with DOM mutation on onchange event firing for select object","Apr 06, 2013 02:16:32",1365214592,"Jun 21, 2010 20:48:54",1277153334,"Jun 23, 2010 21:38:25",1277329105,"chromium.cdn@gmail.com",""
47105,"High","Cr-Internals, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","tony@chromium.org","Renderer crash for a multipart page","Mar 21, 2013 20:56:52",1363899412,"Jun 21, 2010 22:31:09",1277159469,"Jun 24, 2010 01:07:38",1277341658,"bl...@google.com",""
47866,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","","Memory corruption with crash in RenderObject::containingBlock()","Apr 06, 2013 02:15:45",1365214545,"Jun 29, 2010 16:51:59",1277830319,"Jul 10, 2010 18:06:35",1278785195,"javg0...@gmail.com",""
47915,"High","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1782","Stable",,"","","ZDI-CAN-806: Apple Safari's Webkit Runin Use-after-free Vulnerability","Apr 06, 2013 02:15:42",1365214542,"Jun 29, 2010 21:52:47",1277848367,"Jul 20, 2010 20:38:48",1279658328,"infe...@chromium.org","2010-1782"
48115,"High","Cr-Blink, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-500","None",500,"accept","infe...@chromium.org","REGRESSION: Memory corruption in open source JPEG decoder (r61619)","Apr 06, 2013 02:15:29",1365214529,"Jul 01, 2010 20:38:54",1278016734,"Jul 02, 2010 19:54:57",1278100497,"aohelin",""
48225,"Medium","Cr-UI, Cr-UI-Browser-Autofill, M-7, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","dhollowa@chromium.org","Autofill profile (address, perfsonal info) spam without any need of user interaction","Mar 21, 2013 21:01:12",1363899672,"Jul 03, 2010 04:42:37",1278132157,"Sep 10, 2010 21:49:31",1284155371,"infe...@chromium.org",""
48282,"High","Cr-Blink, M-7, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","abarth@chromium.org","LegacyHTMLTreeBuilder fires DOM mutation events","Apr 06, 2013 02:15:16",1365214516,"Jul 04, 2010 05:31:11",1278221471,"Aug 27, 2010 20:16:16",1282940176,"abarth@chromium.org",""
48283,"Critical","Cr-Internals, OS-Windows, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1337","Stable",1337,"accept","","EXTERNAL-REPORT: Windows kernel crash on invalid font","Mar 21, 2013 21:08:10",1363900090,"Jul 04, 2010 07:24:13",1278228253,"Jul 14, 2010 21:46:15",1279143975,"c...@google.com",""
48284,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1793, reward-500","Stable",500,"accept","","<use> on <font-face> causes crashes, if SVGUseElement gets detached","Apr 06, 2013 02:15:16",1365214516,"Jul 04, 2010 08:11:12",1278231072,"Jul 07, 2010 14:27:11",1278512831,"aohelin","2010-1793"
48437,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins, Cr-Internals-Plugins-PDF, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","g...@chromium.org","chrome pdf viewer crashes when width/height values are large enough","Apr 06, 2013 04:30:00",1365222600,"Jul 07, 2010 09:34:57",1278495297,"Aug 24, 2010 05:46:58",1282628818,"serg.gla...@gmail.com",""
48597,"Low","Cr-UI, Cr-UI-Browser-Omnibox, M-6, OS-Linux, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Incorrect eliding (windows), truncation(linux) for hostname in security information dialog","Mar 21, 2013 20:56:49",1363899409,"Jul 08, 2010 21:43:32",1278625412,"Jul 09, 2010 17:05:50",1278695150,"infe...@chromium.org",""
48733,"Critical","Cr-Internals, OS-Linux, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1337","Stable",1337,"accept","infe...@chromium.org","Crash in third_party xdg_mime library when unable to handle long file paths","Mar 21, 2013 21:08:09",1363900089,"Jul 09, 2010 22:23:13",1278714193,"Jul 12, 2010 21:23:15",1278969795,"lsatc...@gmail.com",""
48857,"High","Cr-UI, Cr-UI-Browser-Autofill, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","dhollowa@chromium.org","Render crash in FormManager::FindCachedFormElement()","Mar 21, 2013 20:56:48",1363899408,"Jul 12, 2010 19:58:17",1278964697,"Sep 29, 2010 23:05:37",1285801537,"shess@chromium.org",""
49215,"Low","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Signed/Unsigned Comparison issue in MemoryAllocator::AllocateRawMemory","Mar 21, 2013 20:56:48",1363899408,"Jul 15, 2010 21:45:00",1279230300,"Jul 21, 2010 18:09:43",1279735783,"pme...@google.com",""
49317,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1780","Stable",,"","","Merge webkit bug https://bugs.webkit.org/show_bug.cgi?id=40407","Apr 06, 2013 02:14:09",1365214449,"Jul 16, 2010 16:06:32",1279296392,"Oct 05, 2011 01:39:16",1317778756,"infe...@chromium.org","2010-1780"
49318,"High","Cr-Blink, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Merge webkit bug https://bugs.webkit.org/show_bug.cgi?id=39143","Apr 06, 2013 02:14:08",1365214448,"Jul 16, 2010 16:14:40",1279296880,"May 15, 2012 21:39:04",1337117944,"infe...@chromium.org",""
49377,"High","CVE-2011-2835, Cr-Internals, Cr-Internals-Network, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rsleevi@chromium.org","X509Certificate::Cache usage pattern may result in use after free","Mar 21, 2013 20:56:47",1363899407,"Jul 16, 2010 22:29:05",1279319345,"Jul 19, 2011 05:46:57",1311054417,"rsleevi@chromium.org","2011-2835"
49596,"High","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","","Security issue in SVGUseElement::buildShadowTree","Apr 06, 2013 02:13:54",1365214434,"Jul 20, 2010 06:35:49",1279607749,"Jul 22, 2010 14:28:09",1279808889,"woo...@gmail.com",""
49628,"High","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, cve-2010-1783, reward-500","Stable",500,"accept","infe...@chromium.org","Memory corruption with invalid text node cast for edit commands","Apr 06, 2013 02:13:53",1365214433,"Jul 20, 2010 15:20:04",1279639204,"Jul 20, 2010 21:14:29",1279660469,"infe...@chromium.org","2010-1783"
49729,"High","Cr-Blink, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","tony@chromium.org","Use after free in scroll bar layout","Apr 06, 2013 02:13:46",1365214426,"Jul 21, 2010 01:22:48",1279675368,"Aug 05, 2010 20:45:01",1281041101,"rohi...@chromium.org",""
49747,"Low","Cr-UI, M-10, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","GTK message dialogs do not properly wrap overly long words or elide many short lines in js modal dialog","Mar 21, 2013 20:56:46",1363899406,"Jul 21, 2010 06:23:40",1279693420,"Dec 22, 2010 22:31:07",1293057067,"Louis.w.Lang@gmail.com",""
49964,"High","Cr-Blink, M-5, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Security: window.history.replaceState fails to enforce domain security","Apr 06, 2013 02:13:34",1365214414,"Jul 22, 2010 19:25:10",1279826710,"Jul 23, 2010 00:31:11",1279845071,"miketa...@gmail.com",""
50250,"High","Cr-Blink, M-6, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","jap...@chromium.org","Use after free in document.close()","Apr 06, 2013 02:13:25",1365214405,"Jul 26, 2010 19:23:06",1280172186,"Aug 19, 2010 20:32:03",1282249923,"infe...@chromium.org",""
50377,"Low","Cr-UI, Mstone-X, OS-All, Pri-3, Restrict-AddIssueComment-Commit, Security, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","User gesture leaks from prompt (was: infinite prompts)","Mar 21, 2013 21:07:44",1363900064,"Jul 27, 2010 15:36:42",1280245002,"Jan 11, 2012 18:58:31",1326308311,"optimalcycling@gmail.com",""
50383,"Low","Cr-Internals, M-5, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Glibc bug in getaddrinfo() may be exposed","Mar 21, 2013 20:56:44",1363899404,"Jul 27, 2010 16:57:00",1280249820,"Aug 07, 2010 01:39:36",1281145176,"chromium.cdn@gmail.com",""
50386,"High","Cr-Blink, Cr-UI-Notifications, M-6, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","john...@chromium.org","Use after free of notification presenter when opening window is closed and notification is cancelled","Apr 06, 2013 02:13:14",1365214394,"Jul 27, 2010 17:01:46",1280250106,"Aug 20, 2010 18:01:44",1282327304,"serg.gla...@gmail.com",""
50428,"Critical","Cr-UI, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","jcive...@chromium.org","Browser crash @ TabContents::ExpireInfoBars","Mar 21, 2013 21:08:09",1363900089,"Jul 27, 2010 22:26:42",1280269602,"Sep 21, 2010 21:17:42",1285103862,"shess@chromium.org",""
50515,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Memory corruption - DOMMimeType","Apr 06, 2013 02:13:05",1365214385,"Jul 28, 2010 13:46:00",1280324760,"Jul 29, 2010 18:42:24",1280428944,"serg.gla...@gmail.com",""
50553,"Critical","M-5, OS-Windows, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, bulkmove, reward-1337","Stable",1337,"accept","john...@chromium.org","Crash when closing chrome - BalloonViewImpl::DelayedClose","Mar 21, 2013 21:08:09",1363900089,"Jul 28, 2010 19:58:05",1280347085,"Aug 05, 2010 16:49:03",1281026943,"dogantun...@gmail.com",""
50712,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Use after free with SVG use referencing svg style element","Apr 06, 2013 02:12:57",1365214377,"Jul 30, 2010 03:03:48",1280459028,"Sep 04, 2010 15:47:33",1283615253,"kuz...@gmail.com",""
50839,"High","Cr-Blink, Cr-Content-Core, Cr-UI-Notifications, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: WebKit 43295 - cross_fuzz notification requestPermission memory corruption","Apr 06, 2013 02:12:48",1365214368,"Jul 31, 2010 10:32:49",1280572369,"Aug 04, 2010 16:44:37",1280940277,"skylined@chromium.org",""
51070,"Critical","Cr-Internals, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1337","Stable",1337,"accept","yusukes@chromium.org","Another Windows kernel bug in the CFF font parser","Mar 21, 2013 21:08:08",1363900088,"Aug 03, 2010 16:43:57",1280853837,"Aug 11, 2010 16:25:29",1281543929,"scarybea...@gmail.com",""
51146,"Medium","Cr-UI, Cr-UI-Browser-Omnibox, M-5, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","pkasting@chromium.org","Plain-text information leak of https://user:password due to autosuggest","Mar 21, 2013 21:01:10",1363899670,"Aug 04, 2010 08:01:59",1280908919,"Aug 09, 2010 23:25:27",1281396327,"scarybea...@gmail.com",""
51252,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","jsc...@chromium.org","Use after free with nested use elements","Apr 06, 2013 02:12:17",1365214337,"Aug 05, 2010 08:46:54",1280998014,"Sep 06, 2010 22:43:37",1283813017,"kuz...@gmail.com",""
51464,"Low","CVE-2011-2836, Cr-Blink, Cr-Internals, Cr-Internals-Plugins, Cr-Internals-Plugins-Flash, M-14, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Chromium use ActiveX Flash (not the NPAPI one) with potential WinINET cookie leak","Apr 06, 2013 04:29:30",1365222570,"Aug 07, 2010 07:55:01",1281167701,"Jun 01, 2011 18:03:40",1306951420,"electron...@gmail.com","2011-2836"
51602,"High","Cr-Blink, Cr-Content-Core, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rn...@chromium.org","Investigate rte_fuzz crashes","Apr 06, 2013 02:11:54",1365214314,"Aug 09, 2010 17:33:34",1281375214,"Oct 27, 2010 01:30:46",1288143046,"bl...@google.com",""
51630,"High","Cr-Blink, Feature-WebSocket, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1337","Stable",1337,"accept","ukai@chromium.org","Memory corruption in WebSocketChannel::skipBuffer() - underflow in buffer size","Apr 06, 2013 02:11:52",1365214312,"Aug 09, 2010 22:04:05",1281391445,"Aug 12, 2010 00:37:08",1281573428,"camp...@iit.edu",""
51653,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","chromium.cdn@gmail.com","Memory corruption in Counter Nodes.","Apr 06, 2013 02:11:51",1365214311,"Aug 10, 2010 04:26:51",1281414411,"Aug 25, 2010 23:16:39",1282778199,"kuz...@gmail.com",""
51654,"High","Cr-Blink, M-5, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Memory corruption with moving ruby text nodes to runs without ruby bases.","Apr 06, 2013 02:11:50",1365214310,"Aug 10, 2010 04:48:38",1281415718,"Aug 10, 2010 20:47:45",1281473265,"kuz...@gmail.com",""
51658,"Low","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Add .xbap to dangerous extensions list","Mar 21, 2013 20:56:39",1363899399,"Aug 10, 2010 05:46:12",1281419172,"Aug 10, 2010 06:25:31",1281421531,"scarybea...@gmail.com",""
51670,"High","Cr-Blink, Cr-Blink-Location, Cr-Content-Core, M-5, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Security: WebKit: WebCore::GeolocationService::positionChanged use after free","Apr 06, 2013 05:02:48",1365224568,"Aug 10, 2010 08:11:02",1281427862,"Aug 13, 2010 17:05:20",1281719120,"kuz...@gmail.com",""
51680,"Medium","Cr-Blink, M-7, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","jcive...@chromium.org","Omnibox url spoofing on pending events in page unload","Apr 06, 2013 02:11:48",1365214308,"Aug 10, 2010 10:21:14",1281435674,"Sep 01, 2010 23:33:55",1283384035,"kuz...@gmail.com",""
51709,"Low","Cr-UI, M-6, OS-All, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","est...@chromium.org","Fatal assertion failure when getting gdk custom cursor on safari books","Mar 21, 2013 20:56:37",1363899397,"Aug 10, 2010 19:10:00",1281467400,"Aug 11, 2010 18:23:49",1281551029,"magnusmo...@gmail.com",""
51727,"Low","Cr-Internals, M-7, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","dhollowa@chromium.org","autocomplete entries submitted by javascript should not be stored in db (similar to autofill bug 48225)","Mar 21, 2013 20:56:37",1363899397,"Aug 10, 2010 22:22:03",1281478923,"Sep 10, 2010 21:55:29",1284155729,"infe...@chromium.org",""
51739,"High","Cr-Blink, Feature-WebSocket, M-6, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Numerous Integer wraps and errant pointers within WebSockets parser","Apr 06, 2013 02:11:45",1365214305,"Aug 10, 2010 23:58:38",1281484718,"Aug 12, 2010 19:28:08",1281641288,"chromium.cdn@gmail.com",""
51835,"High","Cr-Blink, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Use after free in plugin handling","Apr 06, 2013 02:11:40",1365214300,"Aug 11, 2010 21:44:44",1281563084,"Aug 12, 2010 23:51:41",1281657101,"serg.gla...@gmail.com",""
51846,"Low","Cr-Internals, Cr-Internals-Network, M-6, OS-Linux, OS-Mac, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, Verifier-Rohitbm","Stable",,"","chromium.cdn@gmail.com","Null deref when socket stream is closed during hostname resolution","Mar 21, 2013 20:56:36",1363899396,"Aug 11, 2010 23:09:29",1281568169,"Aug 19, 2010 18:41:44",1282243304,"camp...@iit.edu",""
51919,"High","Cr-Internals, Cr-Platform-DevTools, M-6, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","mal@chromium.org","use after free in console.profile calls.","Mar 21, 2013 20:56:35",1363899395,"Aug 12, 2010 15:29:58",1281626998,"Sep 01, 2010 14:13:20",1283350400,"kuz...@gmail.com",""
52204,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org"," in renderblock remove child.","Apr 06, 2013 02:11:24",1365214284,"Aug 15, 2010 05:44:17",1281851057,"Aug 17, 2010 20:56:06",1282078566,"kuz...@gmail.com",""
52443,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","tony@chromium.org","Google Chrome Focus Handling Use-after-free Vulnerability","Apr 06, 2013 02:11:08",1365214268,"Aug 17, 2010 16:46:20",1282063580,"Aug 20, 2010 19:29:02",1282332542,"adamm...@google.com",""
52587,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","cross_fuzz: CSSRule::parentStyleSheet use after free","Apr 06, 2013 02:10:57",1365214257,"Aug 18, 2010 14:10:43",1282140643,"Dec 02, 2010 19:18:40",1291317520,"jsc...@chromium.org",""
52682,"High","Cr-Internals, M-6, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Sandbox IPC out-of-bounds write in CrossCallParamsEx::CreateFromBuffer","Mar 21, 2013 20:56:35",1363899395,"Aug 19, 2010 03:58:31",1282190311,"Aug 21, 2010 02:34:52",1282358092,"cpu@chromium.org",""
53001,"Medium","Cr-Blink, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","Security: ability to read cross domain image data using toDataURL and getImageData via createPattern ","Apr 06, 2013 02:10:24",1365214224,"Aug 22, 2010 08:01:14",1282464074,"Aug 23, 2010 20:24:05",1282595045,"isaac.da...@gmail.com",""
53002,"Low","Cr-Internals, M-7, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","pop blocker bypass","Mar 21, 2013 20:56:34",1363899394,"Aug 22, 2010 08:59:05",1282467545,"Sep 17, 2010 17:08:11",1284743291,"kuz...@gmail.com",""
53116,"Low","Cr-Internals, M-10, Pri-2, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","mmoss@chromium.org","Security: Chrome can't be downloaded securely.","Mar 27, 2013 01:19:42",1364347182,"Aug 23, 2010 19:35:41",1282592141,"Mar 27, 2013 01:19:42",1364347182,"elvey.ma...@gmail.com",""
53142,"Critical","M-6, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","yusukes@chromium.org","EXTERNAL-REPORT: Another Windows kernel CFF font parsing bug","Mar 21, 2013 21:08:08",1363900088,"Aug 23, 2010 23:25:20",1282605920,"Aug 25, 2010 06:35:09",1282718109,"scarybea...@gmail.com",""
53176,"Low","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","BlockedPopupContainer::GetBlockedContents ReadAV@NULL (882a25e76e991e980ffce6adda7cfcc5)","Mar 21, 2013 20:56:33",1363899393,"Aug 24, 2010 07:39:23",1282635563,"Aug 24, 2010 23:59:13",1282694353,"kuz...@gmail.com",""
53230,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","rolandsteiner.chromium@gmail.com","crash on google.at ajax search","Apr 06, 2013 02:10:03",1365214203,"Aug 24, 2010 18:52:56",1282675976,"Aug 31, 2010 16:22:23",1283271743,"geki...@gmail.com",""
53361,"Critical","Cr-Internals, M-6, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","Browser crash in improper destruction of select file dialog (mac)","Mar 21, 2013 21:08:08",1363900088,"Aug 25, 2010 21:15:15",1282770915,"Aug 28, 2010 16:06:46",1283011606,"infe...@chromium.org",""
53394,"High","Cr-Blink, Cr-Blink-Location, M-6, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","j...@chromium.org","Geolocation use after free","Apr 06, 2013 05:02:46",1365224566,"Aug 26, 2010 03:35:52",1282793752,"Sep 07, 2010 15:30:16",1283873416,"infe...@chromium.org",""
53640,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Merge Webkit Bug 41523 to 472","Apr 06, 2013 02:09:39",1365214179,"Aug 27, 2010 21:03:26",1282943006,"Aug 27, 2010 21:30:31",1282944631,"infe...@chromium.org",""
53747,"High","Cr-Blink, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use-after-free of renderer when recalcStyle() is called during layout or painting.","Apr 06, 2013 02:09:26",1365214166,"Aug 29, 2010 05:20:29",1283059229,"Aug 29, 2010 06:53:04",1283064784,"scarybea...@gmail.com",""
53836,"Medium","Cr-Blink, Cr-Blink-WebSockets, Cr-Internals, Cr-Internals-Network-SSL, M-19, MovedFrom-17, MovedFrom18, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","toyoshim@chromium.org","wss:// does not validate SSL certs","Apr 06, 2013 03:42:00",1365219720,"Aug 30, 2010 14:18:24",1283177904,"Dec 20, 2012 15:52:54",1356018774,"m...@meastman.org",""
53930,"High","M-6, OS-Linux, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","a...@chromium.org","Memory corruption on Linux when render Khmer script page","Mar 21, 2013 20:56:30",1363899390,"Aug 31, 2010 08:48:31",1283244511,"Sep 02, 2010 23:13:54",1283469234,"scarybea...@gmail.com",""
53985,"Medium","Cr-Internals, Cr-Internals-Network, Feature-WebSocket, M-7, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","ukai@chromium.org","Crash in chrome_browser_net_websocket_experiment::WebSocketExperimentRunner::DoLoop","Mar 21, 2013 21:01:07",1363899667,"Aug 31, 2010 19:01:56",1283281316,"Sep 16, 2010 02:49:53",1284605393,"eroman@chromium.org",""
54006,"Low","Cr-Internals, Cr-Platform-Extensions, M-6, Pri-1, ReleaseBlock-Dev, Restrict-AddIssueComment-EditIssue, Review-Security, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","erik...@chromium.org","Security: Extension history permission does not generate a warning","Mar 21, 2013 20:56:30",1363899390,"Aug 31, 2010 22:26:46",1283293606,"Sep 01, 2010 23:06:22",1283382382,"adrienne...@gmail.com",""
54132,"Low","Cr-Internals, M-6, OS-Linux, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","mmoss@chromium.org","Security: Insecure library loading in Google Chrome for Linux","Mar 21, 2013 20:56:29",1363899389,"Sep 01, 2010 20:43:06",1283373786,"Sep 13, 2010 18:35:10",1284402910,"adamm...@google.com",""
54262,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","darin@chromium.org","Possible Location Bar & SSL Spoofing","Apr 06, 2013 02:08:59",1365214139,"Sep 02, 2010 17:24:48",1283448288,"Feb 10, 2011 18:02:40",1297360960,"jconsult...@gmail.com",""
54500,"High","Cr-Blink, M-7, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","cev...@chromium.org","Renderer crash on very big animated gif image @ WebCore::RGBA32Buffer::setRGBA(unsigned int *,unsigned int,unsigned int,unsigned int,unsigned int)","Apr 06, 2013 02:08:46",1365214126,"Sep 04, 2010 16:21:50",1283617310,"Sep 28, 2010 01:11:17",1285636277,"simon.sc...@gmail.com",""
54532,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Issue with incorrect attribute, events handling in SVG and polyline","Apr 06, 2013 02:08:43",1365214123,"Sep 05, 2010 05:45:39",1283665539,"Sep 07, 2010 05:30:46",1283837446,"infe...@chromium.org",""
54539,"Medium","Cr-Blink, M-6, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB read in rendering text fragment","Apr 06, 2013 02:08:43",1365214123,"Sep 05, 2010 07:21:56",1283671316,"Sep 07, 2010 21:59:30",1283896770,"infe...@chromium.org",""
54636,"High","Cr-Blink, Cr-Content-Core, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","selectedStylesheetSet memory corruption","Apr 06, 2013 02:08:37",1365214117,"Sep 06, 2010 19:51:54",1283802714,"Sep 06, 2010 21:53:49",1283810029,"skylined@chromium.org",""
54653,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Memory corruption with creating lines on renderblocks.","Apr 06, 2013 02:08:36",1365214116,"Sep 07, 2010 03:31:50",1283830310,"Sep 11, 2010 06:46:26",1284187586,"infe...@chromium.org",""
54691,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","segmentation fault in bundled pdf plugin","Mar 21, 2013 20:47:28",1363898848,"Sep 07, 2010 14:53:51",1283871231,"Sep 15, 2010 19:06:46",1284577606,"aohelin",""
54794,"High","Cr-Internals, M-7, OS-Linux, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","a...@chromium.org","HTML5 Workers run outside of the sandbox","Mar 21, 2013 20:56:27",1363899387,"Sep 08, 2010 08:31:16",1283934676,"Sep 13, 2010 18:20:17",1284402017,"scarybea...@gmail.com",""
55114,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","jsc...@chromium.org","Bad cast with svg:g element","Apr 06, 2013 02:08:05",1365214085,"Sep 10, 2010 16:34:49",1284136489,"Sep 10, 2010 22:09:40",1284156580,"woo...@gmail.com",""
55119,"Critical","Cr-Internals, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, security, spdy","Stable",,"","mbel...@chromium.org","SpdyFramer buffer resizing bug","Mar 21, 2013 21:08:07",1363900087,"Sep 10, 2010 17:04:07",1284138247,"Sep 14, 2010 20:05:40",1284494740,"mbel...@chromium.org",""
55215,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","yuzo@chromium.org","Memory corruption with styled font-face","Apr 06, 2013 02:07:59",1365214079,"Sep 11, 2010 06:46:39",1284187599,"Oct 28, 2010 20:23:59",1288297439,"scarybea...@gmail.com",""
55257,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Memory corruption in accessing floatptr of a textarea","Apr 06, 2013 02:07:56",1365214076,"Sep 11, 2010 15:13:58",1284218038,"Oct 14, 2010 16:17:17",1287073037,"woo...@gmail.com",""
55346,"High","Cr-Blink, M-7, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","jsc...@chromium.org","Load Timer fired on deleted HTMLMediaElement","Apr 06, 2013 02:07:49",1365214069,"Sep 13, 2010 04:09:23",1284350963,"Oct 04, 2010 22:29:59",1286231399,"kuz...@gmail.com",""
55350,"High","Cr-Blink, M-6, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","abarth@chromium.org","Chrome cross window & cross domain object access","Apr 06, 2013 02:07:48",1365214068,"Sep 13, 2010 05:25:31",1284355531,"Sep 14, 2010 23:15:41",1284506141,"stefano....@gmail.com",""
55607,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-Flash, M-7, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","stuartmorgan@chromium.org","Flash intercepts key events when not in focus","Apr 06, 2013 04:10:04",1365221404,"Sep 14, 2010 20:09:24",1284494964,"Sep 21, 2010 16:16:41",1285085801,"jsc...@chromium.org",""
55745,"Medium","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","scherkus@chromium.org","MSVR-10-0105: Cross origin bypass using canvas and video","Apr 06, 2013 02:07:11",1365214031,"Sep 15, 2010 19:49:30",1284580170,"Oct 26, 2010 02:57:47",1288061867,"steve.ma...@gmail.com",""
55831,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","Segmentation fault at WebCore::ImageLoader::updateFromElement due to malformed HTML","Apr 06, 2013 02:07:09",1365214029,"Sep 16, 2010 08:54:44",1284627284,"Dec 10, 2010 21:21:30",1292016090,"aohelin",""
55901,"High","Cr-Blink, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Merge Webkit Bug 45896 :CSS: Fix crash in getTimingFunctionValue()","Apr 06, 2013 02:07:05",1365214025,"Sep 16, 2010 19:34:08",1284665648,"May 15, 2012 21:39:04",1337117944,"infe...@chromium.org",""
56144,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Memory corruption in adding text child to table column","Apr 06, 2013 02:06:42",1365214002,"Sep 18, 2010 20:14:18",1284840858,"Oct 01, 2010 03:26:56",1285903616,"infe...@chromium.org",""
56206,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use after free in CounterNode","Apr 06, 2013 02:06:37",1365213997,"Sep 19, 2010 19:37:22",1284925042,"Sep 30, 2010 20:44:43",1285879483,"infe...@chromium.org",""
56237,"Low","Cr-UI-Browser-Incognito, M-8, Pri-3, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Browser crash in incognito mode with trying to close a large db.","Mar 21, 2013 20:56:23",1363899383,"Sep 20, 2010 05:34:04",1284960844,"Sep 27, 2010 21:13:58",1285622038,"infe...@chromium.org",""
56449,"High","Cr-Internals, Cr-Internals-Network, M-8, OS-Linux, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","rvargas@chromium.org","Crash in Pickle::ReadInt in net::HttpResponseInfo::InitFromPickle","Mar 21, 2013 20:56:23",1363899383,"Sep 21, 2010 22:16:08",1285107368,"Dec 02, 2010 18:36:50",1291315010,"thestig@chromium.org",""
56451,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","cross_fuzz: Deleted elements lingering in Document::m_elementsById","Apr 06, 2013 02:06:18",1365213978,"Sep 21, 2010 22:21:40",1285107700,"Sep 22, 2010 23:22:01",1285197721,"infe...@chromium.org",""
56474,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","User after free in table destroy","Apr 06, 2013 02:06:16",1365213976,"Sep 22, 2010 01:28:14",1285118894,"Sep 22, 2010 19:39:17",1285184357,"infe...@chromium.org",""
56514,"Low","Cr-Privacy, Cr-UI, Pri-3, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Click to Play is vulnerable to UI redressing","Mar 21, 2013 20:56:22",1363899382,"Sep 22, 2010 14:22:56",1285165376,"Oct 14, 2010 10:02:14",1287050534,"jln@chromium.org",""
56616,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast in 3d rendering in RenderObject::getTransformFromContainer","Apr 06, 2013 02:06:07",1365213967,"Sep 23, 2010 05:36:01",1285220161,"Sep 23, 2010 17:22:11",1285262531,"infe...@chromium.org",""
56621,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","use after free in InlineBox::dirtyLineBoxes()","Apr 06, 2013 02:06:07",1365213967,"Sep 23, 2010 07:13:28",1285226008,"Sep 28, 2010 05:15:48",1285650948,"infe...@chromium.org",""
56692,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast from RenderInline to RenderBox in positionListMarker","Apr 06, 2013 02:06:03",1365213963,"Sep 23, 2010 19:08:51",1285268931,"Sep 27, 2010 18:23:04",1285611784,"infe...@chromium.org",""
56760,"High","Cr-Internals, M-8, Pri-0, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","jam@chromium.org","segfault in bundled pdf viewer","Mar 21, 2013 20:47:19",1363898839,"Sep 24, 2010 08:10:23",1285315823,"Oct 14, 2010 01:03:48",1287018228,"aohelin",""
56796,"High","Cr-Blink, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast in casting CSSInitialValue to SVGColor in css","Apr 06, 2013 02:05:58",1365213958,"Sep 24, 2010 16:28:13",1285345693,"Sep 26, 2010 06:16:35",1285481795,"infe...@chromium.org",""
57080,"Low","M-8, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","est...@chromium.org","remove extension renaming code","Mar 21, 2013 20:56:20",1363899380,"Sep 27, 2010 21:05:39",1285621539,"Sep 30, 2010 16:16:29",1285863389,"est...@chromium.org",""
57200,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free from accessing stale renderers in m_floatingObjects in lowestPosition","Apr 06, 2013 02:05:31",1365213931,"Sep 28, 2010 19:21:28",1285701688,"Oct 11, 2010 06:33:38",1286778818,"infe...@chromium.org",""
57347,"High","Cr-Blink, M-7, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","ZDI-CAN-874: Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability","Apr 06, 2013 02:05:21",1365213921,"Sep 29, 2010 23:06:22",1285801582,"Sep 29, 2010 23:07:26",1285801646,"infe...@chromium.org",""
57377,"Medium","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","Cross origin bypass with CSS getMatchedCSSRules()","Apr 06, 2013 02:05:21",1365213921,"Sep 30, 2010 02:38:51",1285814331,"Oct 22, 2010 21:51:05",1287784265,"infe...@chromium.org",""
57501,"High","Cr-Blink, Cr-Internals-Plugins-PDF, Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-500","None",500,"accept","cev...@chromium.org","Crash in PDF plugin when building cross-refs","Apr 06, 2013 03:18:38",1365218318,"Oct 01, 2010 01:02:15",1285894935,"Oct 05, 2011 21:25:05",1317849905,"scarybea...@gmail.com",""
57908,"Low","Build, CVE-2011-2837, M-14, MovedFrom13, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, bulkmove","Stable",,"","cev...@chromium.org","build with -fPIE","Mar 21, 2013 20:56:19",1363899379,"Oct 04, 2010 22:51:33",1286232693,"Jun 24, 2011 05:04:54",1308891894,"wbr...@gmail.com","2011-2837"
58008,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast casting parent class obj InlineFlowBox to child class obj RootInlineBox","Apr 06, 2013 02:04:35",1365213875,"Oct 05, 2010 18:51:46",1286304706,"Oct 07, 2010 22:01:55",1286488915,"infe...@chromium.org",""
58053,"Medium","Cr-UI, Cr-UI-Notifications, M-8, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","john...@chromium.org","Crash in BallonViewImpl::DelayedClose()","Mar 21, 2013 21:01:05",1363899665,"Oct 05, 2010 21:56:05",1286315765,"Dec 10, 2010 23:39:45",1292024385,"eroman@chromium.org",""
58069,"Low","Cr-Internals, Cr-Internals-Core, M-14, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Windows Sandbox allows access to the console.","Mar 21, 2013 20:56:18",1363899378,"Oct 05, 2010 22:45:32",1286318732,"Jul 26, 2011 22:30:09",1311719409,"rvargas@chromium.org",""
58319,"Low","Cr-Blink, M-8, Pri-2, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","Browser crash - creating unlimited number of File Dialogs","Apr 06, 2013 02:04:15",1365213855,"Oct 07, 2010 17:42:36",1286473356,"Oct 16, 2010 16:50:32",1287247832,"cagret@gmail.com",""
58657,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Bad cast on SVG use element due to mismatched shadow and instance pointers","Apr 06, 2013 02:03:55",1365213835,"Oct 10, 2010 00:39:00",1286671140,"Oct 18, 2010 01:25:19",1287365119,"kuz...@gmail.com",""
58731,"High","CVE-2010-4008, Cr-Internals, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Invalid memory access (with possible avenue to corruption) in the xpath handling libxml","Mar 21, 2013 20:56:17",1363899377,"Oct 11, 2010 07:51:11",1286783471,"Oct 16, 2010 01:01:49",1287190909,"min...@bkav.com.vn","2010-4008"
58741,"High","CVE-2011-3243, Cr-Blink, Cr-Content-Core, M-7, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","rn...@chromium.org","Use after free in HTMLTextFormControlElement::selection()","Apr 06, 2013 02:03:51",1365213831,"Oct 11, 2010 11:23:50",1286796230,"Oct 15, 2010 01:54:07",1287107647,"vkouc...@gmail.com","2011-3243"
59036,"High","Cr-Internals, M-8, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1337","None",1337,"accept","cev...@chromium.org","PDF JS engine doesn't work in 64 bit","Mar 21, 2013 20:47:14",1363898834,"Oct 13, 2010 12:36:21",1286973381,"Oct 28, 2010 22:19:07",1288304347,"aohelin",""
59081,"Low","CVE-2011-0166, M-9, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: do not allow on-page drag-and-drop from non-same-origin frames (or require an extra gesture)","Mar 21, 2013 20:56:16",1363899376,"Oct 13, 2010 19:01:49",1286996509,"Nov 12, 2010 18:21:07",1289586067,"lcam...@gmail.com","2011-0166"
59314,"High","Cr-Blink, M-8, OS-All, Pri-2, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","secur...@chromium.org","[Merge] Blob / BlobBuilder can be put into bad state with wild integers and strings, due to integer overflows","Apr 06, 2013 02:03:08",1365213788,"Oct 15, 2010 03:41:50",1287114110,"May 15, 2012 21:36:31",1337117791,"infe...@chromium.org",""
59320,"High","Cr-Blink, M-7, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Segfault in x86_64/memset.S below SkScalerContext::getImage on Linux","Apr 06, 2013 02:03:06",1365213786,"Oct 15, 2010 05:33:51",1287120831,"Oct 19, 2010 02:46:52",1287456412,"aohelin",""
59554,"High","Cr-Blink, Crash-Reproducible, M-7, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","mihaip@chromium.org","Use after free when encountering history.back() call during Page::goToItem execution","Apr 06, 2013 02:02:45",1365213765,"Oct 18, 2010 09:27:35",1287394055,"Nov 05, 2010 00:10:56",1288915856,"geki...@gmail.com",""
59593,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Stale pointer in WebCore::ThreadTimers::sharedTimerFiredInternal","Apr 06, 2013 02:02:42",1365213762,"Oct 18, 2010 17:38:59",1287423539,"Oct 29, 2010 17:51:38",1288374698,"jsc...@chromium.org",""
59817,"Low","Cr-Internals, M-8, OS-Linux, OS-Mac, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, Verifier-Deepakg","Stable",,"","","Security: Add .html and .htm to the dangerous extensions list for OSX and OS_POSIX","Mar 21, 2013 20:56:15",1363899375,"Oct 19, 2010 18:54:01",1287514441,"Oct 20, 2010 01:20:28",1287537628,"b...@google.com",""
60013,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","morrita@google.com","RenderIndicator childs not laid out at all.","Apr 06, 2013 02:01:56",1365213716,"Oct 20, 2010 22:15:47",1287612947,"Nov 05, 2010 02:30:04",1288924204,"chromium.cdn@gmail.com",""
60055,"High","Cr-Internals, Cr-Internals-Media, M-7, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","scherkus@chromium.org","WebM crash in vp8_setup_intra_recon()","Mar 21, 2013 20:56:14",1363899374,"Oct 21, 2010 03:29:23",1287631763,"Oct 23, 2010 07:33:03",1287819183,"scarybea...@gmail.com",""
60238,"High","Cr-Blink, Cr-Stability, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","Use after free of m_frame in FrameLoader::loadWithDocumentLoader","Apr 06, 2013 02:01:33",1365213693,"Oct 22, 2010 02:24:48",1287714288,"Oct 26, 2010 16:10:50",1288109450,"gundl...@gmail.com",""
60327,"High","Cr-Blink, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","chromium.cdn@gmail.com","Bad cast to MouseEvent in Node::defaultEventHandler()","Apr 06, 2013 02:01:26",1365213686,"Oct 22, 2010 17:34:08",1287768848,"Oct 25, 2010 19:39:37",1288035577,"fam....@live.nl",""
60496,"Low","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, Cr-Stability, M-13, MovedFrom-10, MovedFrom-11, MovedFrom-9, MovedFrom12, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Speed tracer + AdBlock = Renderer Crash @ v8::internal::Invoke","Apr 06, 2013 03:27:30",1365218850,"Oct 24, 2010 19:53:56",1287950036,"May 02, 2011 17:57:43",1304359063,"fam....@live.nl",""
60653,"Medium","Cr-Blink, Cr-Blink-CSS, M-14, Merge-Merged-835, Merge-Merged-874, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Valgrind, Type-Bug-Security","Stable",,"","adamk@chromium.org","Memory error inside WTF::String::format","Apr 06, 2013 05:01:56",1365224516,"Oct 26, 2010 00:00:11",1288051211,"Sep 14, 2011 02:17:34",1315966654,"thestig@chromium.org",""
60688,"High","Cr-Blink, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","chrome_55000000!WebCore::FEBlend::apply+0x1a5","Apr 06, 2013 02:01:00",1365213660,"Oct 26, 2010 06:01:23",1288072883,"Oct 28, 2010 00:01:37",1288224097,"woo...@gmail.com",""
60695,"High","Cr-Blink, Cr-Content-Core, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast in RenderView docheight,docwidth calc due to adding non box childs ","Apr 06, 2013 02:00:59",1365213659,"Oct 26, 2010 07:37:19",1288078639,"Oct 27, 2010 19:52:23",1288209143,"skylined@chromium.org",""
60761,"Medium","Cr-Internals, Cr-Platform-Extensions, M-8, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","tessa...@chromium.org","chrome_1c30000!TabContents::RemoveInfoBar(class InfoBarDelegate * delegate = 0x05dfe700)+0x1dfull tab crash","Mar 21, 2013 21:01:04",1363899664,"Oct 26, 2010 17:03:08",1288112588,"Dec 03, 2010 04:18:01",1291349881,"kuz...@gmail.com",""
60769,"High","Cr-Blink, M-7, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","more bad casts in event handling.","Apr 06, 2013 02:00:54",1365213654,"Oct 26, 2010 17:48:59",1288115339,"Oct 26, 2010 22:27:44",1288132064,"infe...@chromium.org",""
61158,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rn...@chromium.org","Use after free in ApplyStyleCommand::removeInlineStyle","Apr 06, 2013 02:00:22",1365213622,"Oct 28, 2010 23:27:52",1288308472,"Nov 10, 2010 01:03:08",1289350988,"infe...@chromium.org",""
61255,"High","Cr-Internals, M-7, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Bad cast in PageClickTracker::handleEvent","Mar 21, 2013 20:56:10",1363899370,"Oct 29, 2010 22:02:20",1288389740,"Oct 29, 2010 23:10:54",1288393854,"infe...@chromium.org",""
61313,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","rn...@chromium.org","Use after free related to ApplyBlockElementCommand::formatSelection","Apr 06, 2013 02:00:03",1365213603,"Oct 30, 2010 14:55:48",1288450548,"Nov 12, 2010 13:46:08",1289569568,"infe...@chromium.org",""
61338,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","pdf viewer segfault after js syntax error","Mar 21, 2013 20:47:07",1363898827,"Oct 30, 2010 21:11:57",1288473117,"Nov 01, 2010 22:32:46",1288650766,"aohelin",""
61502,"High","CVE-2011-1303, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Floats left out of the incremental line break code due to failed image load.","Apr 06, 2013 01:59:54",1365213594,"Nov 01, 2010 22:19:05",1288649945,"Mar 18, 2011 22:37:39",1300487859,"shess@chromium.org","2011-1303"
61653,"Medium","Cr-Internals, Cr-Internals-Media, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","fbarch...@chromium.org","MSVR-10-0108 - Integer Overflow in Chrome's VP8 decoding leads to memory corruption","Mar 21, 2013 21:01:03",1363899663,"Nov 02, 2010 22:36:10",1288737370,"Nov 18, 2010 02:09:21",1290046161,"steve.ma...@gmail.com",""
61701,"Low","Cr-Internals, Cr-Internals-Network, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cbentzel@chromium.org","Security: google chrome crashes when a request passes through a proxy and recieves a 407 HTTP error code from the server","Mar 21, 2013 20:56:09",1363899369,"Nov 03, 2010 08:47:37",1288774057,"Nov 05, 2010 20:28:43",1288988923,"mohammed...@gmail.com",""
62127,"High","M-8, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","faulty webm file causes segfault","Mar 21, 2013 20:56:08",1363899368,"Nov 05, 2010 20:59:42",1288990782,"Nov 08, 2010 05:44:54",1289195094,"miaubiz@gmail.com",""
62168,"Medium","Cr-Blink, Cr-Platform-DevTools, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","ca...@chromium.org","Bad cast in WebDevToolsFrontendImpl::dispatchOnInspectorFrontend","Apr 06, 2013 01:58:57",1365213537,"Nov 06, 2010 07:46:22",1289029582,"Nov 09, 2010 19:40:07",1289331607,"kuz...@gmail.com",""
62261,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","use after free in ContainerNode::willRemove","Apr 06, 2013 01:58:52",1365213532,"Nov 07, 2010 17:36:49",1289151409,"Nov 12, 2010 22:16:03",1289600163,"infe...@chromium.org",""
62276,"Medium","Cr-Internals, M-9, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","cev...@chromium.org","Out of bound memory access in webp decoder","Mar 21, 2013 21:01:01",1363899661,"Nov 07, 2010 22:15:07",1289168107,"Dec 21, 2010 15:23:57",1292945037,"undin...@gmail.com",""
62281,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free due to overhanging floats in LEGEND block","Apr 06, 2013 01:58:50",1365213530,"Nov 07, 2010 23:55:20",1289174120,"Nov 10, 2010 16:52:43",1289407963,"infe...@chromium.org",""
62293,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast in CSSStyleSelector::createTransformOperations","Apr 06, 2013 01:58:49",1365213529,"Nov 08, 2010 02:57:12",1289185032,"Nov 09, 2010 19:46:40",1289332000,"infe...@chromium.org",""
62296,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast from renderinline to renderbox in animations","Apr 06, 2013 01:58:49",1365213529,"Nov 08, 2010 04:12:05",1289189525,"Nov 09, 2010 19:34:21",1289331261,"infe...@chromium.org",""
62354,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Bad cast in SVGImageBufferTools::renderSubtreeToImageBuffer","Apr 06, 2013 01:58:44",1365213524,"Nov 08, 2010 17:43:40",1289238220,"Nov 10, 2010 16:58:08",1289408288,"infe...@chromium.org",""
62358,"High","Cr-Internals, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","wjmacl...@chromium.org","Integer overflow in SVG Parsing","Mar 21, 2013 20:56:06",1363899366,"Nov 08, 2010 18:14:31",1289240071,"Dec 02, 2010 20:08:28",1291320508,"infe...@chromium.org",""
62401,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Crash in WebCore::SMILTimeContainer::begin","Apr 06, 2013 01:58:40",1365213520,"Nov 08, 2010 22:38:47",1289255927,"Nov 10, 2010 00:18:30",1289348310,"slaweck",""
62496,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use after free in WebCore::StyleSheet","Apr 06, 2013 01:58:33",1365213513,"Nov 09, 2010 13:28:23",1289309303,"Dec 02, 2010 19:37:39",1291318659,"serg.gla...@gmail.com",""
62623,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","Crash at NULL IP in PDF when evaluating strange expression","Mar 21, 2013 20:47:02",1363898822,"Nov 10, 2010 02:34:13",1289356453,"Nov 10, 2010 21:28:20",1289424500,"scarybea...@gmail.com",""
62791,"Low","Cr-Internals, Cr-Platform-Extensions, M-9, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Crash loading invalid crx extension file","Mar 21, 2013 20:56:05",1363899365,"Nov 11, 2010 06:46:56",1289458016,"Nov 11, 2010 18:44:35",1289501075,"briankir...@gmail.com",""
62925,"High","Cr-Internals, M-15, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","b...@chromium.org","<Unloaded_S.DLL>+0x42cd17f crash","Mar 21, 2013 20:56:05",1363899365,"Nov 12, 2010 07:17:12",1289546232,"Aug 28, 2011 06:17:42",1314512262,"kuz...@gmail.com",""
62987,"High","Cr-Blink, M-8, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in EventSource","Apr 06, 2013 01:57:54",1365213474,"Nov 12, 2010 17:29:06",1289582946,"Dec 02, 2010 18:30:42",1291314642,"infe...@chromium.org",""
63031,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Stale font accessed in WebCore::GlyphPage::glyphDataForCharacter","Apr 06, 2013 01:57:48",1365213468,"Nov 13, 2010 00:05:54",1289606754,"Nov 16, 2010 23:23:48",1289949828,"infe...@chromium.org",""
63051,"Medium","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","chrome_6dc70000!WebCore::EventHandler::updateSelectionForMouseDrag use after free","Apr 06, 2013 01:57:44",1365213464,"Nov 13, 2010 07:39:47",1289633987,"Nov 15, 2010 20:32:10",1289853130,"kuz...@gmail.com",""
63248,"High","Pri-0, Restrict-AddIssueComment-Commit, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","segfault in bundled PDF viewer (invalid read in strlen)","Mar 21, 2013 20:46:59",1363898819,"Nov 15, 2010 21:04:25",1289855065,"Nov 17, 2010 00:23:46",1289953426,"aohelin",""
63268,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Universal XSS via mutating style objects and read styles cross origins","Apr 06, 2013 01:57:26",1365213446,"Nov 15, 2010 23:29:06",1289863746,"Nov 16, 2010 23:30:38",1289950238,"infe...@chromium.org",""
63389,"Low","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Setting small numeric CSS values using setFloatValues changes that value on all pages until the browser is quit","Apr 06, 2013 01:57:16",1365213436,"Nov 16, 2010 22:16:10",1289945770,"Nov 17, 2010 04:27:27",1289968047,"infe...@chromium.org",""
63444,"High","M-8, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Security: possible memory corruption (double-free) in XPath processing code","Mar 21, 2013 20:56:02",1363899362,"Nov 17, 2010 06:13:40",1289974420,"Nov 18, 2010 02:25:31",1290047131,"yangding...@gmail.com",""
63454,"Medium","Cr-Blink, Cr-Content-Core, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","rn...@chromium.org","Analyze integer wraps in WebCore::Range.","Apr 06, 2013 01:57:12",1365213432,"Nov 17, 2010 09:42:59",1289986979,"Dec 02, 2010 18:19:35",1291313975,"skylined@chromium.org",""
63495,"High","Cr-Blink, OS-Windows, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","jsc...@chromium.org","WebCore::NamedNodeMap::setAttributes() stale iterator","Apr 06, 2013 01:57:10",1365213430,"Nov 17, 2010 17:47:41",1290016061,"Jan 20, 2011 00:17:17",1295482637,"slaweck",""
63529,"Low","Cr-Internals, M-8, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Security: Segfault when dealing with Web Workers and MessageChannels","Mar 21, 2013 20:56:01",1363899361,"Nov 17, 2010 21:31:35",1290029495,"Dec 02, 2010 18:39:56",1291315196,"nweiz@google.com",""
63533,"High","Cr-Internals, Cr-Internals-Media, M-8, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, testcasenotadded","Stable",,"","scherkus@chromium.org","WebM Crash fix merge from M7","Mar 21, 2013 20:56:01",1363899361,"Nov 17, 2010 21:52:23",1290030743,"Nov 18, 2010 02:10:48",1290046248,"kerz@google.com",""
63732,"High","Cr-Internals, Cr-UI-Browser-TabContents, M-9, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","a...@chromium.org","Browser crash @ JavaScriptAppModalDialog::Cleanup()","Mar 21, 2013 20:56:01",1363899361,"Nov 19, 2010 09:13:53",1290158033,"Feb 10, 2011 21:33:35",1297373615,"avrelian...@gmail.com",""
63866,"Medium","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","WebKit CSS Font Face Parsing Type Confusion","Apr 06, 2013 01:56:47",1365213407,"Nov 20, 2010 04:36:22",1290227782,"Dec 02, 2010 18:49:07",1291315747,"chris.ro...@gmail.com",""
63924,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Bad cast from RenderTableCol to RenderBlock in search css","Apr 06, 2013 01:56:41",1365213401,"Nov 20, 2010 21:33:46",1290288826,"Dec 02, 2010 18:25:34",1291314334,"infe...@chromium.org",""
63982,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Memory corruption in RenderObjectChildList::removeChildNode","Apr 06, 2013 01:56:37",1365213397,"Nov 21, 2010 17:48:10",1290361690,"Dec 03, 2010 22:36:55",1291415815,"infe...@chromium.org",""
64046,"High","CVE-2011-1799, Cr-Blink, Cr-Content-Core, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","WebKit 49902 - chrome.dll!WebCore::toWebWidgetClient ReadAV@NULL (08ffd4f21a8c6465bb1e19a2f52e4bd5)","Apr 06, 2013 01:56:30",1365213390,"Nov 22, 2010 12:08:18",1290427698,"May 07, 2011 03:52:03",1304740323,"skylined@chromium.org","2011-1799"
64051,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-9, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Crash after a PDF opens a print dialog @ CFX_DIBitmap::CompositeRect(int,int,int,int,unsigned long)","Apr 06, 2013 03:17:20",1365218240,"Nov 22, 2010 12:49:41",1290430181,"Dec 21, 2010 17:44:15",1292953455,"aohelin",""
64108,"High","Cr-Internals, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, spdy","Stable",,"","mbel...@chromium.org","Verify cross-origin push fails under SPDY","Mar 21, 2013 20:55:59",1363899359,"Nov 22, 2010 20:27:39",1290457659,"Dec 16, 2010 01:47:16",1292464036,"mbel...@chromium.org",""
64331,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","morrita@google.com","Stale node being set as layout root when rendering meter, progress elements.","Apr 06, 2013 01:56:01",1365213361,"Nov 24, 2010 16:09:59",1290614999,"Dec 10, 2010 21:06:37",1292015197,"infe...@chromium.org",""
64456,"Low","Cr-Internals, Cr-Platform-Extensions, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","sker...@chromium.org","Chrome crashes when attempting to install a userscript.","Mar 21, 2013 20:55:58",1363899358,"Nov 26, 2010 00:14:27",1290730467,"Jan 04, 2011 20:14:20",1294172060,"badpazzword",""
64559,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast when selection changes for combo boxes.","Apr 06, 2013 01:55:42",1365213342,"Nov 28, 2010 06:25:46",1290925546,"Dec 02, 2010 18:37:28",1291315048,"infe...@chromium.org",""
64945,"High","Cr-Internals, Cr-Internals-Media, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Crash when webp image is invalid","Mar 21, 2013 20:55:58",1363899358,"Dec 01, 2010 18:43:54",1291229034,"Dec 21, 2010 15:24:20",1292945060,"slaweck",""
64959,"High","Cr-Blink, M-8, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Stale pointer in cursors DOM","Apr 06, 2013 01:55:01",1365213301,"Dec 01, 2010 20:46:53",1291236413,"Dec 08, 2010 02:16:48",1291774608,"serg.gla...@gmail.com",""
65299,"Medium","M-9, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-Medium, Type-Bug-Security, reward-500","None",500,"accept","cev...@chromium.org","Out of bound read when using modified webp file","Mar 21, 2013 21:00:59",1363899659,"Dec 03, 2010 16:34:05",1291394045,"Dec 21, 2010 15:24:36",1292945076,"chamal.d...@gmail.com",""
65577,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","chromium.cdn@gmail.com","Stale pointer - Document::resetFormElementsOwner","Apr 06, 2013 01:54:16",1365213256,"Dec 06, 2010 12:10:52",1291637452,"Jan 13, 2011 07:07:01",1294902421,"serg.gla...@gmail.com",""
65764,"High","Cr-Blink, M-8, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1337","Stable",1337,"accept","infe...@chromium.org","detachNodeIterator called on the wrong document object","Apr 06, 2013 01:54:01",1365213241,"Dec 07, 2010 20:10:29",1291752629,"Dec 10, 2010 21:16:03",1292015763,"serg.gla...@gmail.com",""
65796,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Children of cloned anonymous blocks should set childreninline flag","Apr 06, 2013 01:54:00",1365213240,"Dec 07, 2010 23:03:39",1291763019,"Jan 10, 2011 20:55:52",1294692952,"infe...@chromium.org",""
65942,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","e...@chromium.org","Stale pointer in Range::processContents when modified during mutation event","Apr 06, 2013 01:53:52",1365213232,"Dec 08, 2010 22:10:10",1291846210,"Jan 10, 2011 22:03:47",1294697027,"jsc...@chromium.org",""
66334,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org"," button on PDFs","Apr 06, 2013 03:16:49",1365218209,"Dec 10, 2010 15:15:26",1291994126,"Dec 21, 2010 17:36:40",1292953000,"scarybea...@gmail.com",""
66473,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","e...@chromium.org","Crash in ReplaceSelectionCommand::doApply when modified during mutation event ","Apr 06, 2013 01:53:28",1365213208,"Dec 10, 2010 21:32:15",1292016735,"Jan 10, 2011 21:54:37",1294696477,"e...@chromium.org",""
66560,"High","Cr-Blink, M-8, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Stale pointer in CSSCanvasValue","Apr 06, 2013 01:53:21",1365213201,"Dec 11, 2010 19:49:37",1292096977,"Jan 10, 2011 20:59:42",1294693182,"serg.gla...@gmail.com",""
66718,"Low","Cr-Internals-GPU-VendorSpecific, M-10, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","zmo@chromium.org","webgl page causes X server crash","Mar 21, 2013 20:55:55",1363899355,"Dec 13, 2010 19:04:33",1292267073,"Jan 19, 2011 22:12:20",1295475140,"evan@chromium.org",""
66748,"High","Cr-Blink, Crash-Reproducible, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, SVG, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","jsc...@chromium.org","CSSCursorImageValue not clearing SVGElement back pointer","Apr 06, 2013 01:53:04",1365213184,"Dec 13, 2010 22:20:30",1292278830,"Jan 10, 2011 21:21:37",1294694497,"jan.toso...@gmail.com",""
66760,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","ZDI-CAN-968: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability","Apr 06, 2013 01:53:03",1365213183,"Dec 14, 2010 00:09:30",1292285370,"Jan 10, 2011 21:15:33",1294694133,"jsc...@chromium.org",""
66931,"Low","Cr-Internals, Cr-Internals-Network, M-9, OS-Mac, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, Verifier-Deepakg, bulkmove","Stable",,"","rsleevi@chromium.org","Google Chrome crashes at https://webmail.afmc.af.mil/Exchange","Mar 21, 2013 20:55:54",1363899354,"Dec 15, 2010 03:05:47",1292382347,"Jan 13, 2011 07:20:14",1294903214,"dmorr...@gmail.com",""
66962,"Low","CVE-2011-1186, M-10, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","tsepez@chromium.org","browser crash when reproducing issue #64051","Mar 21, 2013 20:55:54",1363899354,"Dec 15, 2010 08:27:32",1292401652,"Jan 13, 2011 22:22:41",1294957361,"aohelin","2011-1186"
66986,"High","Cr-Blink, Cr-Content-Core, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Reparenting error due to double merge of anonymous blocks in removeChild","Apr 06, 2013 01:52:45",1365213165,"Dec 15, 2010 14:40:20",1292424020,"Jan 10, 2011 21:01:34",1294693294,"skylined@chromium.org",""
67100,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Crash in PDF form event handling when deleting page from underneath self","Apr 06, 2013 03:16:41",1365218201,"Dec 16, 2010 02:00:55",1292464855,"Dec 21, 2010 17:03:36",1292951016,"scarybea...@gmail.com",""
67208,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000, reward-decline","Stable",1000,"decline","cev...@chromium.org","VU#821271 Exception generated by code running in the Stack","Apr 06, 2013 03:16:39",1365218199,"Dec 16, 2010 21:56:34",1292536594,"Dec 22, 2010 02:41:37",1292985697,"jared.al...@gmail.com",""
67234,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Webkit crashes during animation event processing","Apr 06, 2013 01:52:30",1365213150,"Dec 17, 2010 00:50:25",1292547025,"Feb 09, 2011 21:00:12",1297285212,"infe...@chromium.org",""
67303,"High","Cr-Blink, Cr-Internals-Media, M-8, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","renderer crash when playing a corrupt webm video","Apr 06, 2013 01:52:25",1365213145,"Dec 17, 2010 13:35:36",1292592936,"Jan 08, 2011 00:57:07",1294448227,"aohelin",""
67363,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","jsc...@chromium.org","EXTERNAL-REPORT: SVGElementInstance::m_useElement not cleared on corresponding use element destruction","Apr 06, 2013 01:52:20",1365213140,"Dec 17, 2010 21:18:02",1292620682,"Jan 10, 2011 21:56:41",1294696601,"scarybea...@gmail.com",""
67393,"Medium","Cr-Internals, M-8, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Freeing invalid uninitialized pointer to bug_report_ object","Mar 21, 2013 21:00:58",1363899658,"Dec 18, 2010 02:32:49",1292639569,"Jan 11, 2011 20:47:57",1294778877,"kuz...@gmail.com",""
67577,"Low","Cr-Internals, Cr-UI-Browser-Downloads, OS-All, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Switch .jar and .class to always-warn","Mar 21, 2013 20:55:51",1363899351,"Dec 20, 2010 17:27:54",1292866074,"Dec 22, 2010 02:32:41",1292985161,"cjava...@gmail.com",""
67923,"High","CVE-2011-1793, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Stale pointer in SVGImage","Apr 06, 2013 01:51:44",1365213104,"Dec 23, 2010 18:42:51",1293129771,"May 02, 2011 23:26:00",1304378760,"jsc...@chromium.org","2011-1793"
67968,"High","Cr-Blink, M-9, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free due to adjacent floats not cleared properly from parents","Apr 06, 2013 01:51:42",1365213102,"Dec 24, 2010 15:25:58",1293204358,"Feb 02, 2011 02:38:58",1296614338,"infe...@chromium.org",""
68062,"Medium","Cr-Blink, M-9, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jsc...@chromium.org","OOB read crash in SVG length list parsing algorithm","Apr 06, 2013 01:51:36",1365213096,"Dec 27, 2010 06:43:41",1293432221,"Jan 10, 2011 21:09:32",1294693772,"infe...@chromium.org",""
68115,"High","M-8, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000, reward-decline","Stable",1000,"decline","cev...@chromium.org","Memory corruption with bad Vorbis streams (from CERT)","Mar 21, 2013 20:55:50",1363899350,"Dec 27, 2010 20:28:02",1293481682,"Jan 08, 2011 01:06:07",1294448767,"scarybea...@gmail.com",""
68120,"High","Cr-Blink, Cr-Content-Core, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Stale pointer in CSSFontFaceSource::m_svgFontFaceElement","Apr 06, 2013 01:51:31",1365213091,"Dec 27, 2010 22:37:44",1293489464,"Feb 09, 2011 21:02:46",1297285366,"miaubiz@gmail.com",""
68170,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","invalid free() in bundled pdf viewer","Apr 06, 2013 03:16:36",1365218196,"Dec 28, 2010 18:48:11",1293562091,"Dec 28, 2010 22:54:06",1293576846,"aohelin",""
68178,"High","Cr-Blink, M-8, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Bad cast in FrameView::scrollToAnchor","Apr 06, 2013 01:51:23",1365213083,"Dec 28, 2010 20:30:37",1293568237,"Jan 10, 2011 21:19:38",1294694378,"serg.gla...@gmail.com",""
68181,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Bad cast in MediaDocument::defaultEventHandler","Apr 06, 2013 01:51:23",1365213083,"Dec 28, 2010 21:23:55",1293571435,"Jan 10, 2011 21:17:29",1294694249,"serg.gla...@gmail.com",""
68244,"Low","Cr-Internals, Cr-Internals-Media, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, Verifier-Deepakg, bulkmove, testcasenotadded","Stable",,"","infe...@chromium.org","Playing audio with volume set to undefined crashes browser","Mar 21, 2013 20:55:48",1363899348,"Dec 29, 2010 17:42:14",1293644534,"Jan 11, 2011 22:03:05",1294783385,"matthew....@gmail.com",""
68263,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","e...@chromium.org","Use after free in Style Sheets","Apr 06, 2013 01:51:20",1365213080,"Dec 29, 2010 22:38:14",1293662294,"Feb 09, 2011 20:50:19",1297284619,"serg.gla...@gmail.com",""
68342,"High","Cr-Blink, Cr-Content-Core, M-10, Pri-1, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500, reward-inprocess","Stable",500,"inprocess","satish@chromium.org","Aw snap on github.com with voice search extension installed","Apr 06, 2013 01:51:14",1365213074,"Dec 31, 2010 08:20:21",1293783621,"Feb 01, 2011 23:43:40",1296603820,"temp01...@gmail.com",""
68439,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Destroying nextblock in RenderBlock::removeChild can cause oldChild and nextblock's next sibling to be merged.","Apr 06, 2013 01:51:09",1365213069,"Jan 03, 2011 03:32:15",1294025535,"Jan 10, 2011 21:04:04",1294693444,"MartyBar...@gmail.com",""
68558,"High","Cr-Blink, M-8, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointers in CSSOM - CSSRuleList::deleteRule and CSSStyleSheet::deleteRule","Apr 06, 2013 01:50:56",1365213056,"Jan 04, 2011 22:32:07",1294180327,"Jan 10, 2011 21:24:03",1294694643,"serg.gla...@gmail.com",""
68641,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","Stale form associated element pointer in Document object","Apr 06, 2013 01:50:49",1365213049,"Jan 05, 2011 18:05:36",1294250736,"Jan 13, 2011 07:03:40",1294902220,"chromium.cdn@gmail.com",""
68666,"Critical","Cr-Internals, M-8, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-3133","Stable",3133,"accept","satish@chromium.org","Browser crash in HTML5 speech UI","Mar 21, 2013 21:08:05",1363900085,"Jan 05, 2011 20:58:00",1294261080,"Jan 12, 2011 00:29:20",1294792160,"serg.gla...@gmail.com",""
68741,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Stale pointers in CSSOM - 2","Apr 06, 2013 01:50:42",1365213042,"Jan 06, 2011 17:09:25",1294333765,"Feb 09, 2011 20:54:03",1297284843,"infe...@chromium.org",""
68766,"Low","Cr-Internals, Cr-Internals-Network, M-10, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","jam@chromium.org","Chrome: Crash Report - Stack Signature: net::HttpStreamFactory::~HttpStreamFactory()-2A77B8F","Mar 21, 2013 20:55:45",1363899345,"Jan 06, 2011 20:12:40",1294344760,"Jan 28, 2011 02:33:20",1296182000,"willchan@chromium.org",""
69106,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","ZDI-CAN-1009: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability","Apr 06, 2013 01:50:20",1365213020,"Jan 10, 2011 20:00:23",1294689623,"Jan 11, 2011 22:51:08",1294786268,"infe...@chromium.org",""
69187,"Medium","CVE-2011-1187, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1337","Stable",1337,"accept","rossb...@chromium.org","Error prototypes are called on remote scripts","Mar 21, 2013 21:00:57",1363899657,"Jan 11, 2011 04:17:40",1294719460,"Apr 24, 2012 14:06:17",1335276377,"evn@google.com","2011-1187"
69195,"Critical","Cr-Internals-Media, M-9, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, testcaseadded","Stable",,"","cev...@chromium.org","playing Z-Type causes crash","Mar 21, 2013 21:08:05",1363900085,"Jan 11, 2011 05:34:24",1294724064,"Jan 12, 2011 20:38:24",1294864704,"daniel.w...@gmail.com",""
69275,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in scrollbars","Apr 06, 2013 01:50:05",1365213005,"Jan 11, 2011 19:34:40",1294774480,"Jan 11, 2011 22:56:09",1294786569,"infe...@chromium.org",""
69556,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Issue with merging anonymous block in renderblock::removechild (2)","Apr 06, 2013 01:49:46",1365212986,"Jan 13, 2011 17:00:30",1294938030,"Feb 02, 2011 02:40:35",1296614435,"infe...@chromium.org",""
69628,"High","CVE-2011-1188, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","chromium.cdn@gmail.com","Probable memory corruption in WebCore::CounterNode::lastDescendant","Apr 06, 2013 01:49:40",1365212980,"Jan 14, 2011 04:29:02",1294979342,"Feb 28, 2011 23:08:54",1298934534,"MartyBar...@gmail.com","2011-1188"
69640,"Medium","CVE-2011-1287, Cr-Blink, Cr-Content-Core, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","cev...@chromium.org","memcheck: read after free in third_party/icu/source/common/unormimp.h","Apr 06, 2013 01:49:39",1365212979,"Jan 14, 2011 08:18:08",1294993088,"Feb 09, 2011 23:17:43",1297293463,"kcc@chromium.org","2011-1287"
69934,"High","Cr-Blink, M-14, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security","Stable",,"","anan...@chromium.org","Use after free in LayoutPluginTester.SelfDeletePluginInvoke","Apr 06, 2013 01:49:19",1365212959,"Jan 18, 2011 10:47:33",1295347653,"Jul 28, 2011 13:56:23",1311861383,"hb...@chromium.org",""
69970,"Medium","Cr-Blink, Cr-Blink-JavaScript, M-9, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jap...@chromium.org","Invalid read in convertV8ObjectToNPVariant","Apr 06, 2013 03:27:08",1365218828,"Jan 18, 2011 17:54:29",1295373269,"Feb 02, 2011 02:37:00",1296614220,"jsc...@chromium.org",""
70027,"High","ApprovedForMerge, CVE-2011-1189, Cr-Blink, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale text node in linebox due to failure to dirty linebox when that text child is dirtied","Apr 06, 2013 01:49:11",1365212951,"Jan 19, 2011 00:14:53",1295396093,"Feb 28, 2011 21:31:02",1298928662,"MartyBar...@gmail.com","2011-1189"
70070,"Critical","Cr-Internals, Cr-Internals-GPU-WebGL, Cr-Internals-Graphics, M-10, Needs-Feedback, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, bulkmove,","Stable",500,"decline","vangelis@chromium.org","WebGL crashes depending on uniform names","Mar 21, 2013 21:08:04",1363900084,"Jan 19, 2011 06:55:35",1295420135,"Mar 30, 2011 21:49:51",1301521791,"yuri.ko...@gmail.com",""
70078,"High","Cr-Blink, Cr-Stability, M-9, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500, reward-decline","Stable",500,"decline","tkent@chromium.org","Crash by form controls with form attributes under orphan nodes","Apr 06, 2013 01:49:06",1365212946,"Jan 19, 2011 08:18:57",1295425137,"Feb 14, 2011 17:51:17",1297705877,"stefanva...@gmail.com",""
70165,"Critical","Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-Critical, Type-Bug-Security, reward-1337","None",1337,"accept","satish@chromium.org","Use after free in speech API","Apr 06, 2013 01:48:57",1365212937,"Jan 19, 2011 21:31:57",1295472717,"Jan 20, 2011 16:41:44",1295541704,"serg.gla...@gmail.com",""
70244,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","wjmacl...@chromium.org","height of <rect> - integer overflow(?)","Apr 06, 2013 01:48:51",1365212931,"Jan 20, 2011 14:26:37",1295533597,"Feb 28, 2011 23:12:39",1298934759,"slaweck",""
70336,"Medium","CVE-2011-1190, Cr-Blink, M-10, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","levin@chromium.org","Cross-origin Javascript error message leak via Worker importScripts()","Apr 06, 2013 01:48:41",1365212921,"Jan 21, 2011 03:58:42",1295582322,"Feb 14, 2011 17:55:22",1297706122,"scarybea...@gmail.com","2011-1190"
70376,"Medium","Cr-Internals, M-9, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory, Stability-Valgrind, Type-Bug-Security, bulkmove","Stable",,"","euge...@chromium.org","Pickle::FindNext reads payload_size without checking that the header is complete","Apr 01, 2013 15:53:18",1364831598,"Jan 21, 2011 12:19:05",1295612345,"Feb 09, 2011 23:12:51",1297293171,"euge...@chromium.org",""
70442,"High","CVE-2011-1191, Cr-Blink, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, bulkmove, reward-1000","Stable",1000,"accept","jia...@chromium.org","Use after free in WebCore::DOMURL","Apr 06, 2013 01:48:36",1365212916,"Jan 21, 2011 21:08:24",1295644104,"Feb 09, 2011 23:00:25",1297292425,"serg.gla...@gmail.com","2011-1191"
70456,"Medium","Cr-Internals, M-9, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000, reward-decline","Stable",1000,"decline","cev...@chromium.org","OOM handler not always properly terminating process","Mar 21, 2013 21:00:55",1363899655,"Jan 21, 2011 23:53:38",1295654018,"Feb 02, 2011 00:39:33",1296607173,"scarybea...@gmail.com",""
70538,"Low","CVE-2011-1304, M-11, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Open popup in new tab using java applet","Mar 21, 2013 20:55:39",1363899339,"Jan 23, 2011 15:38:00",1295797080,"Feb 03, 2011 07:05:32",1296716732,"chamal.d...@gmail.com","2011-1304"
70589,"Medium","CVE-2011-1305, Cr-Blink, M-11, OS-Linux, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","phajdan.jr@chromium.org","race on a linked list in third_party/WebKit/Source/WebCore/platform/sql/chromium/SQLiteFileSystemChromiumPosix.cpp","Apr 06, 2013 01:48:26",1365212906,"Jan 24, 2011 09:11:40",1295860300,"Mar 18, 2011 00:34:08",1300408448,"kcc@chromium.org","2011-1305"
70718,"Medium","M-9, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","kbr@chromium.org","crashes when opening a page with webgl","Mar 21, 2013 21:00:55",1363899655,"Jan 25, 2011 07:44:03",1295941443,"Jan 29, 2011 01:12:06",1296263526,"aohelin",""
70779,"Medium","CVE-2011-1192, Cr-Blink, Cr-Content-Core, M-10, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","scarybea...@gmail.com","width of boundingClientRect for Range with unicode combining characters is corrupted ","Apr 06, 2013 01:48:11",1365212891,"Jan 25, 2011 17:11:43",1295975503,"Feb 09, 2011 23:24:38",1297293878,"miaubiz@gmail.com","2011-1192"
70877,"High","CVE-2011-1193, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1337","Stable",1337,"accept","a...@chromium.org","Arbitrary cross-origin bypass using SyntaxError and Number prototype overrides","Mar 21, 2013 20:55:38",1363899338,"Jan 26, 2011 05:09:01",1296018541,"Feb 14, 2011 09:23:53",1297675433,"scarybea...@gmail.com","2011-1193"
70885,"Low","CVE-2011-1194, Cr-Blink, Cr-UI-Browser-PopupBlocker, M-9, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","Bypass popup blocker using iframe","Apr 06, 2013 01:48:06",1365212886,"Jan 26, 2011 08:27:02",1296030422,"Feb 10, 2011 17:07:24",1297357644,"chamal.d...@gmail.com","2011-1194"
71027,"Medium","Cr-Internals, Cr-UI-Browser-Downloads, Cr-UI-Browser-Incognito, Pri-1, Restrict-AddIssueComment-Commit, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","battre@chromium.org","REGRESSION: crash after download and close window (only in incognito)","Mar 21, 2013 21:00:54",1363899654,"Jan 27, 2011 09:03:51",1296119031,"Jan 28, 2011 11:04:25",1296212665,"geki...@gmail.com",""
71114,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointer due to table childs incorrect added","Apr 06, 2013 01:47:43",1365212863,"Jan 27, 2011 22:08:26",1296166106,"Feb 09, 2011 21:37:47",1297287467,"MartyBar...@gmail.com",""
71115,"High","Cr-Blink, Cr-Content-Core, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointer in WebCore::RenderTable::firstLineBoxBaseline","Apr 06, 2013 01:47:43",1365212863,"Jan 27, 2011 22:26:51",1296167211,"Feb 09, 2011 20:56:31",1297284991,"MartyBar...@gmail.com",""
71167,"Low","CVE-2011-1194, Cr-Blink, Cr-UI-Browser-PopupBlocker, M-10, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","j...@chromium.org","Bypass popup blocker using custom event (variation of issue 3275)","Apr 06, 2013 01:47:38",1365212858,"Jan 28, 2011 06:45:54",1296197154,"Feb 10, 2011 17:04:52",1297357492,"chamal.d...@gmail.com","2011-1194"
71296,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Stale iterator in SVGDocumentExtensions::startAnimations()","Apr 06, 2013 01:47:24",1365212844,"Jan 29, 2011 23:57:04",1296345424,"Feb 09, 2011 22:18:59",1297289939,"miaubiz@gmail.com",""
71386,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale nodes in Document::recalcStyleSelector","Apr 06, 2013 01:47:19",1365212839,"Jan 31, 2011 08:55:53",1296464153,"Feb 09, 2011 21:19:28",1297286368,"woo...@gmail.com",""
71388,"High","Cr-Blink, Cr-Content-Core, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Security:WebCore::HTMLTextAreaElement::updateValue+0xf","Apr 06, 2013 01:47:18",1365212838,"Jan 31, 2011 08:59:00",1296464340,"Feb 09, 2011 21:15:38",1297286138,"woo...@gmail.com",""
71545,"High","Cr-Blink, Cr-Blink-JavaScript, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","","Chrome_Mac: Crash Report - Stack Signature: WebKit::NotificationPresenterImpl::checkPermission-5428423","Apr 06, 2013 03:26:58",1365218818,"Feb 01, 2011 14:07:05",1296569225,"Feb 28, 2011 21:35:57",1298928957,"kcc@chromium.org",""
71551,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Crash, Stability-Memory-AddressSanitizer, Type-Bug-Security, ","Beta, Stable",,"","micha...@chromium.org","Cross_fuzz and ClusterFuzz crashes in WebCore::DatabaseTracker::removeOpenDatabase","Apr 06, 2013 01:47:07",1365212827,"Feb 01, 2011 15:32:21",1296574341,"Oct 15, 2011 07:31:43",1318663903,"kcc@chromium.org",""
71586,"Medium","CVE-2011-1434, Cr-Blink, Cr-Internals, Cr-Internals-Plugins, M-11, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory, Stability-ThreadSanitizer, Stability-Valgrind,","Stable",500,"accept","tsepez@chromium.org","race in base/third_party/xdg_mime (crasher)","Apr 06, 2013 04:26:35",1365222395,"Feb 01, 2011 20:46:08",1296593168,"Apr 14, 2011 18:50:46",1302807046,"aohelin","2011-1434"
71595,"High","Cr-Blink, Cr-Content-Core, M-9, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","Stale pointer in DeviceOrientationController::didChangeDeviceOrientation()","Apr 06, 2013 01:47:04",1365212824,"Feb 01, 2011 21:22:51",1296595371,"Feb 09, 2011 21:06:04",1297285564,"serg.gla...@gmail.com",""
71601,"Medium","Cr-Internals, Cr-UI-Browser-Autofill, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","isherman@chromium.org","Switch to https by default in autofill toolbar server queries","Mar 21, 2013 21:00:53",1363899653,"Feb 01, 2011 22:07:03",1296598023,"Aug 12, 2011 04:16:23",1313122583,"infe...@chromium.org",""
71717,"Medium","Cr-Internals-GPU-WebGL, M-9, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","webgl causes segfault","Mar 21, 2013 21:00:53",1363899653,"Feb 02, 2011 22:49:03",1296686943,"Feb 11, 2011 23:14:24",1297466064,"miaubiz@gmail.com",""
71734,"High","CVE-2011-1289, Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Security: accessing DataView methods with negative index could cause crash","Apr 06, 2013 01:46:52",1365212812,"Feb 03, 2011 01:09:01",1296695341,"Feb 09, 2011 21:09:42",1297285782,"jia...@chromium.org","2011-1289"
71763,"High","CVE-2011-1195, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","use-after-free when document.close and document.write are called after requesting a non-existing script","Apr 06, 2013 01:46:49",1365212809,"Feb 03, 2011 10:32:12",1296729132,"Feb 28, 2011 21:36:52",1298929012,"miaubiz@gmail.com","2011-1195"
71788,"High","CVE-2011-1196, Cr-Blink, Cr-Content-WebApps, Cr-Internals, Cr-Internals-Media, M-10, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Memory corruption playing back specially crafted .ogg vorbis file.","Apr 06, 2013 01:46:46",1365212806,"Feb 03, 2011 14:56:38",1296744998,"Feb 28, 2011 19:48:22",1298922502,"skylined@chromium.org","2011-1196"
71855,"High","Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","stale pointer in WebCore::RenderBlock::insertFloatingObject","Apr 06, 2013 01:46:40",1365212800,"Feb 03, 2011 22:50:16",1296773416,"Feb 09, 2011 22:14:05",1297289645,"miaubiz@gmail.com",""
71960,"Medium","Cr-Blink, Cr-Internals-GPU-WebGL, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","g...@chromium.org","OOB Read in WebGL due to integer overflows","Apr 06, 2013 01:46:31",1365212791,"Feb 04, 2011 17:50:51",1296841851,"Feb 10, 2011 00:41:40",1297298500,"infe...@chromium.org",""
72028,"High","ApprovedForMerge, CVE-2011-1197, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale continuation flow pointer for ContinuationOutlineTableMap","Apr 06, 2013 01:46:24",1365212784,"Feb 05, 2011 03:29:58",1296876598,"Feb 28, 2011 21:35:14",1298928914,"MartyBar...@gmail.com","2011-1197"
72134,"High","CVE-2011-1288, Cr-Blink, M-9, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Potential buffer overrun in SVGTextRunWalker::walk()","Apr 06, 2013 01:46:20",1365212780,"Feb 06, 2011 21:36:48",1297028208,"Feb 09, 2011 20:47:25",1297284445,"infe...@chromium.org","2011-1288"
72189,"Low","ApprovedForMerge, CVE-2011-1801, Cr-Internals, Cr-UI-Browser-PopupBlocker, M-11, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Bypass popup blocker using custom event and onMouseOver","Mar 21, 2013 20:55:31",1363899331,"Feb 07, 2011 14:34:25",1297089265,"May 19, 2011 18:33:46",1305830026,"chamal.d...@gmail.com","2011-1801"
72340,"High","Cr-Blink, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","use after free in WebCore::RenderCounter::destroyCounterNode","Apr 06, 2013 01:46:05",1365212765,"Feb 08, 2011 20:54:56",1297198496,"Feb 28, 2011 23:32:25",1298935945,"miaubiz@gmail.com",""
72387,"High","Cr-Blink, Cr-Internals-Compositing, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org","Out of bounds read in WebCore::LayerTilerChromium::invalidateRect (dev only)","Apr 06, 2013 01:46:03",1365212763,"Feb 09, 2011 03:22:38",1297221758,"Feb 10, 2011 16:58:27",1297357107,"MartyBar...@gmail.com",""
72437,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins, M-9, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","bauerb@chromium.org","Crash in ContainerNodeAlgorithms.h with outdated ice-tea plugin","Apr 06, 2013 04:26:28",1365222388,"Feb 09, 2011 15:45:43",1297266343,"Feb 10, 2011 15:51:18",1297353078,"chamal.d...@gmail.com",""
72492,"Medium","CVE-2011-2822, Cr-Internals, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Cross application unsafe redirect","Mar 21, 2013 21:00:52",1363899652,"Feb 09, 2011 22:28:28",1297290508,"Aug 06, 2011 06:35:01",1312612501,"d0z...@gmail.com","2011-2822"
72517,"High","ApprovedForMerge, CVE-2011-1291, Cr-Internals, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-500","Stable",500,"accept","brettw@chromium.org","Dev. console null character crash @ history::URLDatabase::GetMostRecentKeywordSearchTerms","Mar 21, 2013 20:55:29",1363899329,"Feb 10, 2011 03:07:13",1297307233,"Mar 18, 2011 02:31:41",1300415501,"alex.tur...@gmail.com","2011-1291"
72523,"Medium","CVE-2011-1435, Cr-Internals, M-11, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","tsepez@chromium.org"," resource","Mar 21, 2013 21:00:52",1363899652,"Feb 10, 2011 05:09:37",1297314577,"Feb 16, 2011 01:14:06",1297818846,"c...@three-fourths-infinity.com","2011-1435"
72832,"High","CVE-2011-2333, Cr-Blink, M-12, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Reliability issues with WebCore::RenderBlock due to use after free in floats","Apr 06, 2013 01:45:25",1365212725,"Feb 12, 2011 19:28:12",1297538892,"May 07, 2011 06:13:53",1304748833,"rsleevi@chromium.org","2011-2333"
72908,"High","CVE-2011-2807, Cr-Blink, M-13, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","dim...@chromium.org","Freed timer heap element used","Apr 06, 2013 01:45:17",1365212717,"Feb 14, 2011 07:44:14",1297669454,"Jun 14, 2011 02:24:08",1308018248,"infe...@chromium.org","2011-2807"
72910,"Low","CVE-2011-1436, Cr-Internals, M-11, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","derat@chromium.org","Browser crash/segfault when selecting very long option in select","Mar 21, 2013 20:55:28",1363899328,"Feb 14, 2011 09:27:54",1297675674,"Feb 23, 2011 00:20:57",1298420457,"miaubiz@gmail.com","2011-1436"
72936,"High","ApprovedForMerge, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Freed scrollbar in ScrollView::updateScrollbars","Apr 06, 2013 01:45:14",1365212714,"Feb 14, 2011 18:28:11",1297708091,"Feb 28, 2011 20:33:37",1298925217,"infe...@chromium.org",""
73026,"High","CVE-2011-1198, Cr-Internals, Cr-Internals-Media, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","cev...@chromium.org","dereference poisoned value in avcodec_52!ff_thread_decode_frame","Mar 21, 2013 20:55:27",1363899327,"Feb 15, 2011 16:26:20",1297787180,"Feb 28, 2011 19:48:32",1298922512,"tav...@gmail.com","2011-1198"
73066,"High","ApprovedForMerge, CVE-2011-1199, Cr-Blink, Cr-Internals-GPU, Cr-Internals-GPU-WebGL, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jia...@chromium.org","DataView constructor can be applied as a regular method","Apr 06, 2013 01:45:06",1365212706,"Feb 15, 2011 22:18:18",1297808298,"Feb 28, 2011 20:51:49",1298926309,"serg.gla...@gmail.com","2011-1199"
73134,"High","ApprovedForMerge, CVE-2011-1200, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Crash due to bad cast to rendertextfragment in updatefirstletter.","Apr 06, 2013 01:44:59",1365212699,"Feb 16, 2011 07:20:43",1297840843,"Feb 28, 2011 21:05:52",1298927152,"miaubiz@gmail.com","2011-1200"
73196,"High","ApprovedForMerge, CVE-2011-1201, Cr-Blink, Cr-Internals-GPU, Cr-Internals-GPU-WebGL, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","","Stale pointer in WebKitLoseContext","Apr 06, 2013 01:44:55",1365212695,"Feb 16, 2011 19:52:34",1297885954,"Feb 28, 2011 21:14:24",1298927664,"serg.gla...@gmail.com","2011-1201"
73216,"High","ApprovedForMerge, CVE-2011-1291, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free of frame loader in DocumentLoader::commitLoad","Apr 06, 2013 01:44:54",1365212694,"Feb 16, 2011 21:43:44",1297892624,"Mar 18, 2011 02:49:49",1300416589,"slaweck","2011-1291"
73235,"High","ApprovedForMerge, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointer in WebCore::RenderBlock::lowestPosition","Apr 06, 2013 01:44:52",1365212692,"Feb 17, 2011 00:32:48",1297902768,"Feb 28, 2011 20:56:54",1298926614,"MartyBar...@gmail.com",""
73478,"Low","CVE-2011-3953, Cr-Blink, M-17, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, WebKit-ID-72056","Beta, Stable",,"","dcheng@chromium.org","Pages can continuously poll the OS clipboard for paste data","Apr 06, 2013 01:44:35",1365212675,"Feb 19, 2011 00:00:26",1298073626,"Nov 28, 2011 18:47:42",1322506062,"dcheng@chromium.org","2011-3953"
73526,"High","CVE-2011-1437, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Floats not cleared to logical height wraps.","Apr 06, 2013 01:44:31",1365212671,"Feb 19, 2011 14:12:52",1298124772,"Mar 19, 2011 01:13:51",1300497231,"miaubiz@gmail.com","2011-1437"
73595,"High","ApprovedForMerge, CVE-2011-1293, Cr-Blink, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","e...@chromium.org","Use after free in HTMLCollection","Apr 06, 2013 01:44:26",1365212666,"Feb 20, 2011 18:55:27",1298228127,"Mar 18, 2011 07:35:54",1300433754,"serg.gla...@gmail.com","2011-1293"
73716,"Low","CVE-2011-1202, M-10, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Leak of address of heap object via xslt generate-id() function","Mar 21, 2013 20:55:24",1363899324,"Feb 22, 2011 07:56:42",1298361402,"Feb 23, 2011 06:08:53",1298441333,"scarybea...@gmail.com","2011-1202"
73746,"High","ApprovedForMerge, CVE-2011-1203, Cr-Blink, M-10, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","jsc...@chromium.org","Stale pointer in SVGCursorElement","Apr 06, 2013 01:44:14",1365212654,"Feb 22, 2011 18:07:17",1298398037,"Feb 28, 2011 21:19:41",1298927981,"serg.gla...@gmail.com","2011-1203"
73932,"High","ApprovedForMerge, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast to text node in CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph","Apr 06, 2013 01:44:01",1365212641,"Feb 23, 2011 23:09:41",1298502581,"Feb 28, 2011 22:53:51",1298933631,"infe...@chromium.org",""
73962,"High","CVE-2011-1808, Cr-Blink, Cr-Content-Core, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, bulkmove, reward-1000","Stable",1000,"accept","","use after free due to floats not cleared (overflow)","Apr 06, 2013 01:43:57",1365212637,"Feb 24, 2011 05:35:29",1298525729,"May 02, 2011 22:24:30",1304375070,"miaubiz@gmail.com","2011-1808"
74030,"High","ApprovedForMerge, CVE-2011-1204, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","DOM tree corruption in Attr::setValue","Apr 06, 2013 01:43:51",1365212631,"Feb 24, 2011 17:55:08",1298570108,"Feb 28, 2011 21:39:46",1298929186,"serg.gla...@gmail.com","2011-1204"
74562,"High","ApprovedForMerge, CVE-2011-1294, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","Stale pointer in WebKitCSSKeyframesRule","Apr 06, 2013 01:43:07",1365212587,"Mar 01, 2011 18:48:22",1299005302,"Mar 18, 2011 03:20:25",1300418425,"serg.gla...@gmail.com","2011-1294"
74649,"Medium","Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security","Stable",,"","rn...@chromium.org","OOB read in SearchBuffer::append","Apr 06, 2013 01:43:00",1365212580,"Mar 02, 2011 06:23:12",1299046992,"Jul 27, 2011 15:40:46",1311781246,"kcc@chromium.org",""
74653,"High","CVE-2011-1438, Cr-Internals, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jia...@chromium.org","bypass SOP with blob:","Mar 21, 2013 20:55:21",1363899321,"Mar 02, 2011 07:21:13",1299050473,"Mar 19, 2011 01:41:29",1300498889,"kuz...@gmail.com","2011-1438"
74660,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1174 - out-of-bounds write in reloc info","Apr 06, 2013 03:26:48",1365218808,"Mar 02, 2011 09:02:24",1299056544,"Mar 02, 2011 10:01:55",1299060115,"skylined@chromium.org",""
74662,"High","CVE-2011-1285, Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1108 potential use-after-free in RegExp code","Apr 06, 2013 03:26:48",1365218808,"Mar 02, 2011 09:19:50",1299057590,"Mar 02, 2011 10:00:48",1299060048,"skylined@chromium.org","2011-1285"
74665,"High","Cr-Blink, Cr-Content-Core, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1109 (out of bounds write)","Apr 06, 2013 01:42:58",1365212578,"Mar 02, 2011 09:40:52",1299058852,"Mar 02, 2011 10:01:07",1299060067,"skylined@chromium.org",""
74666,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing 1122 - stack corruption","Apr 06, 2013 03:26:47",1365218807,"Mar 02, 2011 09:45:43",1299059143,"Mar 02, 2011 10:01:32",1299060092,"skylined@chromium.org",""
74669,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1113 - stack corruption","Apr 06, 2013 03:26:47",1365218807,"Mar 02, 2011 09:54:31",1299059671,"Mar 02, 2011 10:03:30",1299060210,"skylined@chromium.org",""
74670,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-500","None",500,"accept","","v8 fuzzing 1128 - out of bounds write","Apr 06, 2013 03:26:46",1365218806,"Mar 02, 2011 10:05:12",1299060312,"Mar 02, 2011 10:05:12",1299060312,"skylined@chromium.org",""
74671,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1136 - corrupt JIT code","Apr 06, 2013 03:26:46",1365218806,"Mar 02, 2011 10:07:23",1299060443,"Mar 02, 2011 10:07:23",1299060443,"skylined@chromium.org",""
74672,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1138 - use after free","Apr 06, 2013 03:26:46",1365218806,"Mar 02, 2011 10:09:16",1299060556,"Mar 02, 2011 10:09:16",1299060556,"skylined@chromium.org",""
74673,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1166 - exploitable write","Apr 06, 2013 03:26:45",1365218805,"Mar 02, 2011 10:11:52",1299060712,"Mar 02, 2011 10:11:52",1299060712,"skylined@chromium.org",""
74675,"High","CVE-2011-1286, Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1146 - invalid memory access","Apr 06, 2013 03:26:45",1365218805,"Mar 02, 2011 10:22:59",1299061379,"Mar 02, 2011 10:22:59",1299061379,"skylined@chromium.org","2011-1286"
74678,"High","Cr-Blink, Cr-Blink-JavaScript, LangFuzz, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","v8 fuzzing - 1175 - use after free","Apr 06, 2013 03:26:44",1365218804,"Mar 02, 2011 10:33:37",1299062017,"Mar 02, 2011 10:33:37",1299062017,"skylined@chromium.org",""
74720,"Medium","ApprovedForMerge, CVE-2011-1297, Cr-Blink, M-10, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","Read uninitialized value from JavaScript.","Apr 06, 2013 01:42:49",1365212569,"Mar 02, 2011 19:48:51",1299095331,"Mar 18, 2011 03:11:24",1300417884,"jsc...@chromium.org","2011-1297"
74763,"High","CVE-2011-1439, Cr-Internals, M-11, OS-Linux, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: Domui process can be ptraced from a compromised renderer leading to sandbox escape","Mar 21, 2013 20:55:20",1363899320,"Mar 03, 2011 00:54:30",1299113670,"Mar 30, 2011 07:09:30",1301468970,"jln@chromium.org","2011-1439"
74991,"High","ApprovedForMerge, CVE-2011-1295, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","","Node::checkAddChild and Node::checkReplaceChild shouldn't change the owner document of a node","Apr 06, 2013 01:42:22",1365212542,"Mar 05, 2011 00:32:57",1299285177,"Mar 18, 2011 03:28:05",1300418885,"serg.gla...@gmail.com","2011-1295"
75070,"Low","CVE-2011-2838, Cr-Blink, M-14, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","cev...@chromium.org","Security: do not ignore type= on <object>","Apr 06, 2013 01:42:16",1365212536,"Mar 06, 2011 07:20:40",1299396040,"Jul 18, 2011 21:06:23",1311023183,"lcam...@gmail.com","2011-2838"
75155,"High","ApprovedForMerge, CVE-2011-1298, Cr-Blink, M-10, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","thakis@chromium.org","Integer overflow in WebCore::GraphicsContext::fillRect (Mac)","Apr 06, 2013 01:42:13",1365212533,"Mar 07, 2011 18:10:11",1299521411,"Mar 18, 2011 03:07:53",1300417673,"infe...@chromium.org","2011-1298"
75170,"High","ApprovedForMerge, CVE-2011-1296, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","SVGVKernElement and SVGHKernElement should call the parent insertedIntoDocument() method","Apr 06, 2013 01:42:10",1365212530,"Mar 07, 2011 20:28:12",1299529692,"Mar 18, 2011 02:59:18",1300417158,"serg.gla...@gmail.com","2011-1296"
75186,"High","CVE-2011-1440, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","rolandsteiner.chromium@gmail.com","(WebCore::RenderObjectChildList::destroyLeftoverChildren) Use-after-free with nesting ruby tag and css propierties","Apr 06, 2013 01:42:08",1365212528,"Mar 07, 2011 21:37:57",1299533877,"Apr 15, 2011 18:30:20",1302892220,"javg0...@gmail.com","2011-1440"
75311,"High","ApprovedForMerge, CVE-2011-1299, Cr-Blink, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast in HTMLTreeBuilder::processStartTag","Apr 06, 2013 01:41:56",1365212516,"Mar 08, 2011 19:55:11",1299614111,"Mar 18, 2011 03:41:23",1300419683,"infe...@chromium.org","2011-1299"
75347,"High","CVE-2011-1441, Cr-Blink, Cr-Content-Core, Feature-Forms, M-11, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","tkent@chromium.org","Bad cast to RenderBlock with floating select element with required attribute ","Apr 06, 2013 01:41:53",1365212513,"Mar 08, 2011 23:00:49",1299625249,"Mar 19, 2011 01:07:53",1300496873,"mdhgriff...@gmail.com","2011-1441"
75436,"High","CVE-2011-1457, Cr-Blink, Cr-Blink-Location, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jknot...@chromium.org","Detach Geolocation from Frame when Page destroyed.","Apr 06, 2013 05:02:32",1365224552,"Mar 09, 2011 14:38:27",1299681507,"Mar 22, 2011 23:42:37",1300837357,"infe...@chromium.org","2011-1457"
75496,"Medium","CVE-2011-1809, Cr-UI, Cr-UI-Accessibility, M-12, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","chrome.dll!BrowserAccessibility..InternalReleaseReference ExecAV@NULL (cc7203fb809bd98728cf74b908e66edf)","Mar 21, 2013 21:00:50",1363899650,"Mar 09, 2011 20:13:54",1299701634,"Mar 18, 2011 00:55:06",1300409706,"skylined@chromium.org","2011-1809"
75560,"Low","Cr-UI, M-16, MovedFrom-17, MovedFrom18, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","creis@chromium.org","Security: address bar updates not synchronized with document transitions","Mar 21, 2013 21:07:42",1363900062,"Mar 10, 2011 05:12:36",1299733956,"Apr 19, 2012 21:27:27",1334870847,"lcam...@gmail.com",""
75629,"Critical","Cr-Blink, Cr-Internals-GPU-WebGL, M-11, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","g...@chromium.org","Use after free in gpu::gles2::ShaderTranslator","Apr 06, 2013 01:41:27",1365212487,"Mar 10, 2011 16:28:04",1299774484,"Apr 01, 2011 00:14:07",1301616847,"infe...@chromium.org",""
75643,"Low","CVE-2011-1810, Cr-Blink, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","CSS visited history disclosure","Apr 06, 2013 01:41:25",1365212485,"Mar 10, 2011 18:02:26",1299780146,"Apr 08, 2011 22:46:47",1302302807,"jsc...@chromium.org","2011-1810"
75696,"Low","Cr-Blink, M-12, Pri-3, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Security: pushState() should be available only for origin-bearing schemes","Apr 06, 2013 01:41:21",1365212481,"Mar 10, 2011 22:14:25",1299795265,"May 02, 2011 22:31:52",1304375512,"lcam...@gmail.com",""
75712,"High","CVE-2011-1290, Cr-Blink, M-10, Pri-1, ReleaseBlock-Dev, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1337","Stable",1337,"accept","cev...@chromium.org","Integer overflow in style elements","Apr 06, 2013 01:41:20",1365212480,"Mar 11, 2011 00:34:03",1299803643,"Mar 11, 2011 01:23:53",1299806633,"scarybea...@gmail.com","2011-1290"
75801,"High","CVE-2011-1442, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","Current insertedIntoDocument() logic may be compromised","Apr 06, 2013 01:41:14",1365212474,"Mar 11, 2011 19:30:05",1299871805,"Mar 23, 2011 00:27:35",1300840055,"serg.gla...@gmail.com","2011-1442"
75821,"Medium","CVE-2011-2358, Cr-Internals, Cr-Platform-Extensions, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","asargent@chromium.org","Should we reconsider the no-client-UI decision for the web store?","Mar 21, 2013 21:00:50",1363899650,"Mar 11, 2011 21:38:15",1299879495,"Jun 10, 2011 17:28:28",1307726908,"a...@chromium.org","2011-2358"
75835,"High","CVE-2011-1458, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","use of freed pointer in WebCore::RenderCounter::originalText()","Apr 06, 2013 01:41:12",1365212472,"Mar 11, 2011 23:43:35",1299887015,"Mar 30, 2011 00:25:16",1301444716,"infe...@chromium.org","2011-1458"
76001,"High","CVE-2011-1443, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","enne@chromium.org","Stale pointer in WebCore::LayerRendererChromium::drawLayer","Apr 06, 2013 01:41:01",1365212461,"Mar 13, 2011 21:40:23",1300052423,"Apr 01, 2011 19:44:32",1301687072,"MartyBar...@gmail.com","2011-1443"
76034,"Low","CVE-2011-1811, Cr-Internals, Cr-UI-Browser-Autofill, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","isherman@chromium.org","Security:Instant hard-crash with JS code","Mar 21, 2013 20:55:13",1363899313,"Mar 14, 2011 10:49:52",1300099792,"Apr 06, 2011 21:08:09",1302124089,"Dimitris...@gmail.com","2011-1811"
76059,"High","Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","enne@chromium.org","WebCore::LayerTilerChromium::invalidateRect() - crash","Apr 06, 2013 01:40:56",1365212456,"Mar 14, 2011 16:06:11",1300118771,"Mar 18, 2011 22:30:29",1300487429,"slaweck",""
76474,"High","CVE-2011-1459, Cr-Blink, Cr-Internals-Plugins, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","crash in WebKit::WebPluginContainerImpl::handleEvent()","Apr 06, 2013 04:25:55",1365222355,"Mar 17, 2011 03:04:05",1300331045,"Mar 24, 2011 20:15:44",1300997744,"mal@google.com","2011-1459"
76542,"High","CVE-2011-1444, M-11, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","jln@chromium.org","Linux setuid sandbox allows local privilege escalation","Mar 21, 2013 20:55:12",1363899312,"Mar 17, 2011 17:15:54",1300382154,"Apr 06, 2011 21:13:49",1302124429,"dan.j.ro...@gmail.com","2011-1444"
76589,"Critical","Cr-Blink, HTML5, M-11, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, bulkmove","Stable",,"","satish@chromium.org","Crash@ anonymous namespace'::PureCall() when navigate to previous page while speech input API fetching result text","Apr 06, 2013 01:40:15",1365212415,"Mar 17, 2011 21:49:18",1300398558,"Mar 18, 2011 23:08:57",1300489737,"vivi...@chromium.org",""
76646,"Medium","CVE-2011-1445, Cr-Blink, M-11, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","jsc...@chromium.org","OOB read in FEDisplacementMap::apply","Apr 06, 2013 01:40:08",1365212408,"Mar 18, 2011 08:19:47",1300436387,"Mar 23, 2011 00:24:03",1300839843,"woo...@gmail.com","2011-1445"
76666,"High","CVE-2011-1446, Cr-Blink, M-11, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","creis@chromium.org","URL bar spoof","Apr 06, 2013 01:40:07",1365212407,"Mar 18, 2011 12:27:43",1300451263,"Mar 30, 2011 01:10:21",1301447421,"kuz...@gmail.com","2011-1446"
76771,"High","CVE-2011-2830, Cr-Blink, Cr-Blink-JavaScript, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-B","Stable",,"","ant...@chromium.org","use after free in WebCore::ScriptWrappable::wrapper","Apr 06, 2013 03:26:37",1365218797,"Mar 19, 2011 08:04:30",1300521870,"Aug 19, 2011 21:45:47",1313790347,"kcc@chromium.org","2011-2830"
76784,"High","CVE-2011-1460, Cr-Blink, Cr-Content-Core, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast to RenderBlock in accessibility assuming that anonymous blocks are renderblocks. ","Apr 06, 2013 01:40:00",1365212400,"Mar 19, 2011 15:50:18",1300549818,"Mar 23, 2011 04:29:17",1300854557,"infe...@chromium.org","2011-1460"
76966,"High","CVE-2011-1447, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","tkent@chromium.org","RIP goes to zero with select tag, and form validation message with position:relative","Apr 06, 2013 01:39:51",1365212391,"Mar 21, 2011 20:58:55",1300741135,"Mar 24, 2011 19:58:32",1300996712,"miaubiz@gmail.com","2011-1447"
77026,"Medium","CVE-2011-1812, Cr-Internals, Cr-Platform-Extensions, M-12, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1337","Stable",1337,"accept","a...@chromium.org","Bypass extension manifest permission","Mar 21, 2013 21:00:49",1363899649,"Mar 22, 2011 06:48:04",1300776484,"Apr 11, 2011 23:39:25",1302565165,"kuz...@gmail.com","2011-1812"
77130,"High","CVE-2011-1448, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","stale entries in gPercentHeightDescendantsMap","Apr 06, 2013 01:39:39",1365212379,"Mar 23, 2011 05:18:34",1300857514,"Mar 24, 2011 19:31:42",1300995102,"woo...@gmail.com","2011-1448"
77181,"High","CVE-2011-1463, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","OOB function pointer array call FEComponentTransfer::apply","Apr 06, 2013 01:39:36",1365212376,"Mar 23, 2011 18:31:13",1300905073,"Mar 29, 2011 23:54:53",1301442893,"jsc...@chromium.org","2011-1463"
77346,"High","CVE-2011-1449, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","ukai@chromium.org","Use After Free in Websockets - possible remote code execution within sandbox ","Apr 06, 2013 01:39:22",1365212362,"Mar 25, 2011 01:29:28",1301016568,"Mar 29, 2011 23:41:11",1301442071,"maje...@gmail.com","2011-1449"
77349,"Medium","CVE-2011-1450, Cr-Internals, Cr-Platform-Extensions, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","When object destroyed, its select file dialog is not informed to cleared its listener which can call back that destroyed object","Mar 21, 2013 21:00:49",1363899649,"Mar 25, 2011 01:40:53",1301017253,"Mar 29, 2011 23:30:29",1301441429,"kuz...@gmail.com","2011-1450"
77463,"High","CVE-2011-1451, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","","[WebKit] Call updateId() when removing a non-styled element from the document","Apr 06, 2013 01:39:15",1365212355,"Mar 25, 2011 21:43:47",1301089427,"Apr 08, 2011 00:33:48",1302222828,"serg.gla...@gmail.com","2011-1451"
77493,"Medium","CVE-2011-2345, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-Flash, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Stable",1000,"accept","jsc...@chromium.org","OOB read with Flash","Apr 06, 2013 04:07:26",1365221246,"Mar 26, 2011 02:42:24",1301107344,"Jun 14, 2011 02:55:26",1308020126,"philippe...@gmail.com","2011-2345"
77507,"High","CVE-2011-1446, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","creis@chromium.org","URL Bar Spoof","Apr 06, 2013 01:39:12",1365212352,"Mar 26, 2011 09:40:36",1301132436,"Apr 15, 2011 20:16:34",1302898594,"kuz...@gmail.com","2011-1446"
77669,"High","CVE-2011-1790, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Bad cast in WebCore::BreakBlockquoteCommand::doApply","Apr 06, 2013 01:38:58",1365212338,"Mar 28, 2011 18:44:01",1301337841,"Mar 31, 2011 23:27:39",1301614059,"infe...@chromium.org","2011-1790"
77690,"High","CVE-2011-1461, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","tsepez@chromium.org","Use after free in WebCore::ContainerNode::insertedIntoDocument / WebCore::SVGElement::insertedIntoDocument","Apr 06, 2013 01:38:57",1365212337,"Mar 28, 2011 22:08:57",1301350137,"Apr 01, 2011 22:02:55",1301695375,"infe...@chromium.org","2011-1461"
77703,"High","CVE-2011-1462, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use-after-free in WebCore::isDeletableElement","Apr 06, 2013 01:38:55",1365212335,"Mar 28, 2011 23:27:34",1301354854,"Mar 31, 2011 23:36:45",1301614605,"infe...@chromium.org","2011-1462"
77765,"High","CVE-2011-1791, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","12 bad cast in editing code relating to htmlelement conversions, isprimitivevalue problems.","Apr 06, 2013 01:38:50",1365212330,"Mar 29, 2011 16:15:27",1301415327,"Mar 31, 2011 23:51:42",1301615502,"infe...@chromium.org","2011-1791"
77786,"Medium","CVE-2011-1452, Cr-Internals, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","creis@chromium.org","URL Bar Spoofing using redirection and location.reload();","Mar 21, 2013 21:00:47",1363899647,"Mar 29, 2011 18:13:19",1301422399,"Apr 06, 2011 20:57:10",1302123430,"jconsult...@gmail.com","2011-1452"
77940,"High","CVE-2011-1453, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, ZDI-CAN-1021","Stable",,"","infe...@chromium.org","ZDI-CAN-1021: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability","Apr 06, 2013 01:38:30",1365212310,"Mar 30, 2011 18:54:11",1301511251,"Apr 01, 2011 19:51:32",1301687492,"infe...@chromium.org","2011-1453"
78031,"High","CVE-2011-1446, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","creis@chromium.org","Url bar spoof","Mar 21, 2013 20:55:05",1363899305,"Mar 31, 2011 12:03:14",1301572994,"Apr 08, 2011 22:43:07",1302302587,"kuz...@gmail.com","2011-1446"
78038,"Critical","Cr-Internals, Cr-Internals-Network-SSL, M-13, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-ThreadSanitizer, Type-Bug-Security","Stable",,"","gli...@chromium.org","ThreadSanitizer reports a potential use after free in net::X509Certificate::Verify","Apr 01, 2013 15:40:29",1364830829,"Mar 31, 2011 14:13:58",1301580838,"Jul 29, 2011 06:57:57",1311922677,"gli...@chromium.org",""
78053,"High","Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Stale m_fontList in svgFontAndFontFaceElementForFontData","Apr 06, 2013 01:38:21",1365212301,"Mar 31, 2011 16:35:54",1301589354,"May 03, 2011 00:42:30",1304383350,"infe...@chromium.org",""
78071,"High","Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","mikelawt...@chromium.org","css parsing issue in calc","Apr 06, 2013 01:38:19",1365212299,"Mar 31, 2011 18:53:58",1301597638,"Mar 31, 2011 23:33:31",1301614411,"miaubiz@gmail.com",""
78106,"High","Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","ZDI-CAN-1108: WebKit ContentEditable Inline Style Remote Code Execution","Apr 06, 2013 01:38:16",1365212296,"Mar 31, 2011 23:51:26",1301615486,"Apr 08, 2011 23:59:06",1302307146,"c...@google.com",""
78270,"High","Cr-Internals, M-11, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","","[LangFuzz] V8: Crash in HeapObject::map_word on GC","Mar 21, 2013 20:45:54",1363898754,"Apr 03, 2011 11:51:49",1301831509,"Apr 07, 2011 14:01:52",1302184912,"decoder...@googlemail.com",""
78327,"High","CVE-2011-1794, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Integer overflow in FilterEffect::copyImageBytes","Apr 06, 2013 01:38:02",1365212282,"Apr 04, 2011 15:55:43",1301932543,"May 02, 2011 23:38:28",1304379508,"infe...@chromium.org","2011-1794"
78427,"Low","CVE-2011-2840, Cr-Internals, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","sreeram@chromium.org","url spoof through bookmark bar click","Mar 21, 2013 20:55:03",1363899303,"Apr 05, 2011 13:00:25",1302008425,"Jul 15, 2011 22:24:40",1310768680,"kuz...@gmail.com","2011-2840"
78516,"High","CVE-2011-1813, Cr-Internals, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jam@chromium.org","Looks like a stale frame in UserScriptSlave::InjectScripts","Mar 21, 2013 20:55:03",1363899303,"Apr 05, 2011 22:56:55",1302044215,"May 02, 2011 23:42:01",1304379721,"infe...@chromium.org","2011-1813"
78524,"Critical","Cr-Internals, Cr-Internals-GPU-WebGL, M-10, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1000","Stable",1000,"accept","","ANGLE buffer overflow","Mar 21, 2013 21:08:00",1363900080,"Apr 06, 2011 00:22:16",1302049336,"Apr 06, 2011 00:22:16",1302049336,"scarybea...@gmail.com",""
78572,"High","ApprovedForMerge, CVE-2011-1802, Cr-Blink, Cr-Content-Core, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","CounterNode memory corruption","Apr 06, 2013 01:37:44",1365212264,"Apr 06, 2011 08:36:45",1302079005,"May 19, 2011 18:44:26",1305830666,"skylined@chromium.org","2011-1802"
78576,"High","Cr-Blink, Cr-Content-Core, M-10, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","compareDocumentPosition memory corruption","Apr 06, 2013 01:37:43",1365212263,"Apr 06, 2011 09:43:26",1302083006,"Apr 06, 2011 16:39:12",1302107952,"skylined@chromium.org",""
78639,"High","CVE-2011-2841, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-14, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Memory corruption leading to OOB read symptom in PDF initialization","Apr 06, 2013 03:15:30",1365218130,"Apr 06, 2011 19:44:05",1302119045,"Jul 29, 2011 03:13:54",1311909234,"marioso...@gmail.com","2011-2841"
78798,"Low","Cr-Internals, Cr-Platform-DevTools, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","pfeld...@chromium.org","Security: XSS in dev tools HTML inspector","Mar 21, 2013 20:55:01",1363899301,"Apr 08, 2011 08:18:57",1302250737,"May 23, 2011 18:38:35",1306175915,"gazhe...@gmail.com",""
78841,"High","CVE-2011-2359, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","invalid access with bad html","Apr 06, 2013 01:37:31",1365212251,"Apr 08, 2011 19:33:04",1302291184,"Jun 30, 2011 22:28:55",1309472935,"miaubiz@gmail.com","2011-2359"
78948,"High","CVE-2011-1795, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","ba...@chromium.org","Integer underflow in HTMLFormElement::m_associatedElementsAfterIndex","Apr 06, 2013 01:37:22",1365212242,"Apr 10, 2011 08:01:25",1302422485,"May 02, 2011 23:52:10",1304380330,"infe...@chromium.org","2011-1795"
79025,"High","CVE-2011-1792, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free when inline runin precedes details tag","Apr 06, 2013 01:37:15",1365212235,"Apr 11, 2011 12:32:33",1302525153,"Apr 15, 2011 19:49:58",1302896998,"infe...@chromium.org","2011-1792"
79055,"High","CVE-2011-1796, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Freed m_viewportRenderer in FrameView::updateOverflowStatus","Apr 06, 2013 01:37:12",1365212232,"Apr 11, 2011 17:17:00",1302542220,"May 02, 2011 23:58:31",1304380711,"infe...@chromium.org","2011-1796"
79075,"High","CVE-2011-1797, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Stale node set as layout root, due to one caption not laid out in table with two captions","Apr 06, 2013 01:37:12",1365212232,"Apr 11, 2011 19:01:28",1302548488,"May 19, 2011 22:06:57",1305842817,"infe...@chromium.org","2011-1797"
79199,"High","CVE-2011-1454, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","Element::setAttribute should check the namespace of an id attribute","Apr 06, 2013 01:36:59",1365212219,"Apr 12, 2011 19:14:14",1302635654,"Apr 15, 2011 19:44:00",1302896640,"serg.gla...@gmail.com","2011-1454"
79266,"Low","CVE-2011-2360, Cr-Internals, M-13, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","abarth@chromium.org","Bypass unsafe file types dialog","Mar 21, 2013 20:54:59",1363899299,"Apr 13, 2011 02:23:53",1302661433,"Jun 06, 2011 22:22:56",1307398976,"kuz...@gmail.com","2011-2360"
79361,"Medium","CVE-2011-1455, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-11, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security","Stable",,"","cev...@chromium.org","PDF crash on buyandread.com","Apr 06, 2013 03:15:27",1365218127,"Apr 13, 2011 18:18:03",1302718683,"Apr 15, 2011 18:09:19",1302890959,"eroman@chromium.org","2011-1455"
79362,"Medium","CVE-2011-1814, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-12, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Type-Bug-Security","Stable",,"","cev...@chromium.org","Reproducible PDF crash (siryo3.pdf)","Apr 06, 2013 03:15:26",1365218126,"Apr 13, 2011 18:20:54",1302718854,"Apr 15, 2011 06:29:00",1302848940,"eroman@chromium.org","2011-1814"
79364,"High","CVE-2011-1456, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-11, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security","Stable",,"","cev...@chromium.org","Reproducible pdf crash when entering form inputs","Apr 06, 2013 03:15:26",1365218126,"Apr 13, 2011 18:26:04",1302719164,"Apr 15, 2011 17:56:01",1302890161,"eroman@chromium.org","2011-1456"
79426,"Low","CVE-2011-2361, Cr-UI, M-13, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","tsepez@chromium.org","HTTP Basic Auth Realm Spoof","Mar 21, 2013 20:54:58",1363899298,"Apr 14, 2011 04:17:00",1302754620,"May 08, 2011 19:46:07",1304883967,"kuz...@gmail.com","2011-2361"
79566,"Medium","Cr-Platform-Extensions, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","abarth@chromium.org","Bypass extensions permission","Mar 21, 2013 21:00:45",1363899645,"Apr 15, 2011 12:08:45",1302869325,"May 02, 2011 22:46:10",1304376370,"kuz...@gmail.com",""
79595,"High","CVE-2011-1798, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast due to childrenInline assumption in RenderSVGText","Apr 06, 2013 01:36:34",1365212194,"Apr 15, 2011 18:10:51",1302891051,"May 03, 2011 00:17:39",1304381859,"infe...@chromium.org","2011-1798"
79726,"Medium","Cr-Blink, Cr-Internals, Cr-UI-Accessibility, M-12, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","ctg...@chromium.org","BrowserAccessibility browser process memory corruption","Apr 06, 2013 01:36:25",1365212185,"Apr 18, 2011 11:49:50",1303127390,"Apr 23, 2011 03:36:18",1303529778,"skylined@chromium.org",""
79746,"High","CVE-2011-1808, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","","Floats not cleared due to overflow (remaining usecase)","Apr 06, 2013 01:36:22",1365212182,"Apr 18, 2011 15:48:31",1303141711,"May 07, 2011 07:22:24",1304752944,"infe...@chromium.org","2011-1808"
79862,"Low","ApprovedForMerge, Cr-Internals, Cr-Platform-Extensions, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bypass extensions permission app launch web_url should not allow javascript: chrome:","Mar 21, 2013 20:54:57",1363899297,"Apr 19, 2011 13:31:12",1303219872,"May 23, 2011 18:48:04",1306176484,"kuz...@gmail.com",""
80116,"High","Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jsc...@chromium.org","Stale pointer in WebCore::Document::recalcStyleSelector","Apr 06, 2013 01:35:36",1365212136,"Apr 21, 2011 02:20:12",1303352412,"Apr 21, 2011 19:36:02",1303414562,"MartyBar...@gmail.com",""
80358,"Medium","ApprovedForMerge, CVE-2011-1816, Cr-Blink, Cr-Blink-JavaScript, Cr-Platform-DevTools, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","loi...@chromium.org","WebCore::InspectorBackendDispatcher::Runtime_evaluate user after free","Apr 06, 2013 03:26:30",1365218790,"Apr 23, 2011 08:50:52",1303548652,"May 27, 2011 09:39:52",1306489192,"kuz...@gmail.com","2011-1816"
80401,"Medium","Cr-Internals, Pri-1, Restrict-AddIssueComment-Commit, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","creis@chromium.org","Url bar spoof using onbeforeunload when user cancels navigation","Mar 21, 2013 21:00:44",1363899644,"Apr 24, 2011 10:45:28",1303641928,"Apr 29, 2011 19:08:18",1304104098,"kuz...@gmail.com",""
80608,"High","CVE-2011-1800, Cr-Blink, M-11, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","chromium.cdn@gmail.com","Multiple integer overflows in SVG filter effects","Apr 06, 2013 01:34:59",1365212099,"Apr 26, 2011 22:57:35",1303858655,"May 07, 2011 03:45:46",1304739946,"c...@google.com","2011-1800"
80680,"Low","CVE-2011-2842, Cr-Internals, OS-Mac, Pri-2, Restrict-AddIssueComment-Commit, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Security: .keystone_install_lock is insecurely handled in install.py","Mar 21, 2013 20:54:55",1363899295,"Apr 27, 2011 16:11:12",1303920672,"May 12, 2011 21:06:30",1305234390,"googlec...@vtty.com","2011-2842"
81307,"Medium","CVE-2011-2782, Cr-UI, M-13, OS-Linux, Pri-2, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","tony@chromium.org","Security: dropping file:/// URLs into gmail grants access to files","Mar 21, 2013 21:00:44",1363899644,"May 02, 2011 22:05:34",1304373934,"Jun 14, 2011 03:12:53",1308021173,"evan@chromium.org","2011-2782"
81348,"High","CVE-2011-2334, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use after free when removing elements with reflections","Apr 06, 2013 01:34:07",1365212047,"May 03, 2011 06:24:28",1304403868,"May 07, 2011 07:52:35",1304754755,"infe...@chromium.org","2011-2334"
81351,"High","CVE-2011-2335, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","CSSSelector double frees","Apr 06, 2013 01:34:07",1365212047,"May 03, 2011 07:04:32",1304406272,"May 07, 2011 07:54:38",1304754878,"infe...@chromium.org","2011-2335"
81753,"Medium","Cr-Internals, Cr-UI-Internationalization, M-16, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Memory-DrMemory, Stability-Valgrind, Type-Bug-Security, Uniniti","Stable",,"","bradchen@chromium.org","Valgrind reports issues in icu_46::RegexMatcher","Apr 01, 2013 15:52:11",1364831531,"May 06, 2011 00:58:31",1304643511,"Sep 15, 2011 22:18:37",1316125117,"dhollowa@chromium.org",""
81916,"Medium","ApprovedForMerge, CVE-2011-1817, Cr-Internals, M-12, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","csilv@chromium.org","Stale observer in BrowsingDataRemover's observer_list_","Mar 21, 2013 21:00:42",1363899642,"May 07, 2011 16:08:24",1304784504,"Jun 14, 2011 03:57:27",1308023847,"therealh...@gmail.com","2011-1817"
81949,"High","ApprovedForMerge, CVE-2011-1818, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","chromium.cdn@gmail.com","use-after-free in imageloader with fallbackcontent","Apr 06, 2013 01:32:27",1365211947,"May 08, 2011 08:12:17",1304842337,"May 23, 2011 18:52:29",1306176749,"miaubiz@gmail.com","2011-1818"
82096,"High","CVE-2011-2336, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Merge http://trac.webkit.org/changeset/85693","Apr 06, 2013 01:31:30",1365211890,"May 10, 2011 03:19:53",1304997593,"May 10, 2011 03:24:35",1304997875,"infe...@chromium.org","2011-2336"
82152,"High","CVE-2011-2337, M-12, OS-Linux, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","Need to merge WebKit 64-bit issue http://trac.webkit.org/changeset/86106","Mar 21, 2013 20:54:52",1363899292,"May 10, 2011 18:30:14",1305052214,"May 10, 2011 18:32:17",1305052337,"scarybea...@gmail.com","2011-2337"
82154,"Medium","Cr-Blink, M-12, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","out-of-bound access in third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp","Apr 06, 2013 01:31:10",1365211870,"May 10, 2011 18:40:53",1305052853,"May 17, 2011 22:32:50",1305671570,"kcc@chromium.org",""
82438,"Medium","CVE-2011-2843, Cr-Internals, Cr-Internals-Media, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Crash, Stability-Memory, Stability-Memory-AddressSanitizer, Type-Bug-Security,","Stable",,"","cev...@chromium.org","OOB read in media::FFmpegVideoDecodeEngine::Initialize","Apr 01, 2013 15:45:17",1364831117,"May 12, 2011 18:14:01",1305224041,"Jun 08, 2011 17:33:02",1307554382,"kcc@chromium.org","2011-2843"
82444,"Low","Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","rn...@chromium.org","Local file disclosure when pasting stuff from Excel, etc.","Apr 06, 2013 01:30:31",1365211831,"May 12, 2011 18:30:19",1305225019,"Jun 14, 2011 05:09:23",1308028163,"infe...@chromium.org",""
82516,"High","ApprovedForMerge, CVE-2011-1803, Cr-Blink, M-11, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","write-after-free in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h:58","Apr 06, 2013 01:30:18",1365211818,"May 13, 2011 07:44:19",1305272659,"May 19, 2011 18:46:32",1305830792,"kcc@chromium.org","2011-1803"
82546,"High","ApprovedForMerge, CVE-2011-1804, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointer in WebCore::RenderBlock::marginBeforeForChild","Apr 06, 2013 01:30:08",1365211808,"May 13, 2011 15:35:01",1305300901,"May 19, 2011 18:41:30",1305830490,"MartyBar...@gmail.com","2011-1804"
82552,"High","CVE-2011-2823, Cr-Blink, Cr-Content-Core, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","REGRESSION (83075): Use after free in line box culling optimization","Apr 06, 2013 01:30:07",1365211807,"May 13, 2011 16:26:01",1305303961,"Jul 28, 2011 13:56:23",1311861383,"skylined@chromium.org","2011-2823"
82633,"High","ApprovedForMerge, CVE-2011-1805, Cr-Blink, M-11, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast in CSSParser::createFontFaceRule","Apr 06, 2013 01:29:55",1365211795,"May 14, 2011 01:50:49",1305337849,"May 19, 2011 18:36:20",1305830180,"infe...@chromium.org","2011-1805"
82653,"High","CVE-2011-2352, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free due to incorrectly setting document.body to non body elements, elements from other docs.","Apr 06, 2013 01:29:54",1365211794,"May 14, 2011 10:38:32",1305369512,"Jun 14, 2011 16:34:43",1308069283,"infe...@chromium.org","2011-2352"
82873,"Critical","CVE-2011-1806, Cr-Internals, Cr-Internals-GPU-WebGL, M-12, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","g...@chromium.org","Memory corruption in GPU command buffer","Apr 01, 2013 15:39:03",1364830743,"May 17, 2011 03:29:58",1305602998,"May 20, 2011 19:02:09",1305918129,"infe...@chromium.org","2011-1806"
82903,"Critical","ApprovedForMerge, CVE-2011-1807, Cr-Blink, M-11, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB write in BlobURLRequestJob::HeadersCompleted","Apr 06, 2013 01:29:36",1365211776,"May 17, 2011 12:32:23",1305635543,"May 19, 2011 18:25:12",1305829512,"infe...@chromium.org","2011-1807"
83010,"Medium","ApprovedForMerge, CVE-2011-1819, Cr-Platform-Extensions, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Stable",1000,"accept","secur...@chromium.org","An extension can access and modify all chrome:// pages, options, etc.","Mar 21, 2013 21:00:40",1363899640,"May 18, 2011 03:30:08",1305689408,"May 23, 2011 19:03:35",1306177415,"twittermoo","2011-1819"
83012,"High","CVE-2011-2338, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","simonjam@chromium.org","Use after free in XMLDocumentParser","Apr 06, 2013 01:29:29",1365211769,"May 18, 2011 04:25:14",1305692714,"May 23, 2011 22:13:24",1306188804,"infe...@chromium.org","2011-2338"
83031,"Low","CVE-2011-2840, Cr-UI, M-14, MovedFrom-13, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","creis@chromium.org","Chrome spoof on 302 redirect","Mar 21, 2013 20:54:48",1363899288,"May 18, 2011 07:45:18",1305704718,"Jun 14, 2011 01:29:45",1308014985,"kuz...@gmail.com","2011-2840"
83096,"Critical","M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","","Cross-origin access using window.execScript + code execution","Mar 21, 2013 21:07:58",1363900078,"May 18, 2011 19:40:52",1305747652,"Jun 03, 2011 17:03:32",1307120612,"serg.gla...@gmail.com",""
83235,"High","ApprovedForMerge, CVE-2011-2339, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Bad cast in RenderBlock::createLineBoxes due to double attach in htmlformelement","Apr 06, 2013 01:29:07",1365211747,"May 19, 2011 16:22:46",1305822166,"May 23, 2011 18:45:16",1306176316,"infe...@chromium.org","2011-2339"
83270,"High","CVE-2011-2354, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","oob read in WebCore::ImageBufferData::getData","Apr 06, 2013 01:29:05",1365211745,"May 19, 2011 19:17:09",1305832629,"Jun 14, 2011 21:03:47",1308085427,"infe...@chromium.org","2011-2354"
83273,"Medium","ApprovedForMerge, CVE-2011-2783, Cr-Internals, Cr-Platform-Extensions, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","mpcomplete@chromium.org","Browser prompt when installing unpacked npapi extensions","Mar 21, 2013 21:00:39",1363899639,"May 19, 2011 19:58:15",1305835095,"Jun 14, 2011 01:14:57",1308014097,"c...@chromium.org","2011-2783"
83275,"High","CVE-2011-2332, Cr-Internals, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-3133","Stable",3133,"accept","a...@chromium.org","UXSS with window.execScript","Mar 21, 2013 20:54:46",1363899286,"May 19, 2011 20:11:22",1305835882,"May 23, 2011 08:32:16",1306139536,"c...@chromium.org","2011-2332"
83598,"Medium","ApprovedForMerge, CVE-2011-2340, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB read in WebCore::parseColorIntOrPercentage","Apr 06, 2013 01:28:40",1365211720,"May 23, 2011 16:03:16",1306166596,"May 23, 2011 18:43:09",1306176189,"infe...@chromium.org","2011-2340"
83672,"High","CVE-2011-3233, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jchaffraix@chromium.org","Stale layout root set as input element when child of a keygen with autofocus","Apr 06, 2013 01:28:33",1365211713,"May 23, 2011 23:30:03",1306193403,"Jul 12, 2011 21:25:24",1310505924,"infe...@chromium.org","2011-3233"
83743,"High","CVE-2011-3243, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","abarth@chromium.org","Universal XSS using contentWindow.eval","Apr 06, 2013 01:28:27",1365211707,"May 24, 2011 16:16:06",1306253766,"Jun 04, 2011 01:59:17",1307152757,"infe...@chromium.org","2011-3243"
83841,"Low","CVE-2011-2784, Cr-Blink, Cr-Internals-GPU-WebGL, M-13, OS-All, Pri-3, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-782","Stable",,"","vangelis@chromium.org","User information leakage esp local paths, username in webgl getProgramInfoLog","Apr 06, 2013 01:28:18",1365211698,"May 25, 2011 04:10:05",1306296605,"Jun 14, 2011 06:04:06",1308031446,"kuz...@gmail.com","2011-2784"
84002,"Medium","CVE-2011-2809, Cr-Blink, M-13, OS-Linux, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB read in ComplexTextController constructor (ComplexTextControllerLinux.cpp) + OOB read in WidthIterator","Apr 06, 2013 01:28:05",1365211685,"May 26, 2011 05:14:23",1306386863,"Jun 14, 2011 06:12:39",1308031959,"infe...@chromium.org","2011-2809"
84160,"Medium","Cr-Blink, M-14, Merge-Merged-835, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","Use after free in accessibility notifications.","Apr 06, 2013 01:27:55",1365211675,"May 27, 2011 02:48:19",1306464499,"Sep 15, 2011 13:46:31",1316094391,"infe...@chromium.org",""
84234,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-12, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","erik.corry","[LangFuzz] Crash @ MarkCompactCollector::SweepSpaces() or SeqTwoByteString::SeqTwoByteStringReadBlockIntoBuffer() (64 bit)","Apr 06, 2013 03:26:15",1365218775,"May 27, 2011 19:57:17",1306526237,"Jun 04, 2011 02:06:20",1307153180,"decoder...@googlemail.com",""
84333,"High","CVE-2011-2341, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","use after free in WebCore::ContainerNode::firstChild / WebCore::XMLDocumentParser::insertErrorMessageBlock","Apr 06, 2013 01:27:43",1365211663,"May 28, 2011 18:02:04",1306605724,"Jun 14, 2011 04:01:47",1308024107,"infe...@chromium.org","2011-2341"
84355,"High","CVE-2011-2346, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","use-after-free in svg fontfacelement","Apr 06, 2013 01:27:41",1365211661,"May 29, 2011 08:48:17",1306658897,"Jun 14, 2011 03:49:59",1308023399,"miaubiz@gmail.com","2011-2346"
84402,"Low","CVE-2011-2785, Cr-Platform-Extensions, M-13, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","c...@chromium.org","Extensions permission elevevation using javascript: in homepage_url","Mar 21, 2013 20:54:43",1363899283,"May 30, 2011 03:30:42",1306726242,"Jun 14, 2011 16:19:16",1308068356,"kuz...@gmail.com","2011-2785"
84452,"High","CVE-2011-3238, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org","Bad cast in HTMLMediaElement::mediaControls","Apr 06, 2013 01:27:33",1365211653,"May 31, 2011 02:14:49",1306808089,"Jun 03, 2011 17:08:35",1307120915,"MartyBar...@gmail.com","2011-3238"
84600,"Low","CVE-2011-2786, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","allan...@chromium.org","Security: Web page can initiate speech recognition without user knowing about it","Apr 06, 2013 01:27:22",1365211642,"Jun 01, 2011 14:17:32",1306937852,"Jul 12, 2011 22:03:22",1310508202,"olli.pet...@gmail.com","2011-2786"
84805,"Medium","ApprovedForMerge, CVE-2011-2787, Cr-Blink, Cr-Internals, Cr-Internals-GPU, Cr-Internals-Graphics, Cr-Internals-Plugins-Flash, M-13, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium","Stable",,"","zmo@chromium.org","Flash/GPU memory corruption in critical section.","Apr 06, 2013 04:06:30",1365221190,"Jun 03, 2011 01:41:13",1307065273,"Jun 14, 2011 04:29:39",1308025779,"kuz...@gmail.com","2011-2787"
84885,"High","Cr-Blink, M-14, Merge-Merged-835, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","dmazzoni@chromium.org","ASSERT obj->parentObject() == this in accessibility tree","Apr 06, 2013 01:27:02",1365211622,"Jun 03, 2011 18:43:39",1307126619,"Sep 09, 2011 18:07:13",1315591633,"infe...@chromium.org",""
84946,"High","CVE-2011-2353, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","cev...@chromium.org","Merge http://trac.webkit.org/changeset/87959 and http://trac.webkit.org/changeset/87756 for documentloader use after frees","Apr 06, 2013 01:26:59",1365211619,"Jun 04, 2011 16:54:18",1307206458,"Jun 14, 2011 17:47:45",1308073665,"infe...@chromium.org","2011-2353"
84950,"Medium","CVE-2011-2810, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","cev...@chromium.org","Merge http://trac.webkit.org/changeset/87856","Apr 06, 2013 01:26:58",1365211618,"Jun 04, 2011 17:28:49",1307208529,"Jun 05, 2011 04:42:11",1307248931,"infe...@chromium.org","2011-2810"
85003,"High","CVE-2011-2347, Cr-Blink, M-12, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","mikelawt...@chromium.org","Parsing issue with -webkit-calc","Apr 06, 2013 01:26:53",1365211613,"Jun 05, 2011 21:20:51",1307308851,"Jun 14, 2011 02:09:08",1308017348,"miaubiz@gmail.com","2011-2347"
85041,"Medium","CVE-2011-2844, Cr-Internals, Cr-Internals-Core, Cr-Internals-Media, M-14, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, testcasenotadded","Stable",,"","cev...@chromium.org","Memory Corruption in video decoding","Mar 21, 2013 21:00:36",1363899636,"Jun 06, 2011 11:34:20",1307360060,"Jun 08, 2011 22:29:57",1307572197,"skylined@chromium.org","2011-2844"
85102,"High","CVE-2011-2350, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","abarth@chromium.org","Use after free in WebCore::ContainerNode::parserAddChild","Apr 06, 2013 01:26:41",1365211601,"Jun 06, 2011 20:46:54",1307393214,"Jun 14, 2011 18:27:18",1308076038,"miaubiz@gmail.com","2011-2350"
85177,"High","CVE-2011-2348, M-12, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","fschneider@chromium.org","Renderer crash with javascript + setInterval","Mar 21, 2013 20:54:41",1363899281,"Jun 07, 2011 12:59:37",1307451577,"Jun 09, 2011 17:04:58",1307639098,"aohelin","2011-2348"
85211,"High","CVE-2011-2351, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free in SVGUseElement::buildShadowTree","Apr 06, 2013 01:26:36",1365211596,"Jun 07, 2011 18:18:10",1307470690,"Jun 14, 2011 19:40:26",1308080426,"miaubiz@gmail.com","2011-2351"
85256,"Medium","CVE-2011-2809, Cr-Blink, M-13, OS-All, OS-Chrome, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB read in UniscribleController::advance","Apr 06, 2013 01:26:33",1365211593,"Jun 07, 2011 22:48:05",1307486885,"Jun 14, 2011 18:05:41",1308074741,"infe...@chromium.org","2011-2809"
85302,"High","CVE-2011-2811, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Crasher in WebCore::StyleBase::stylesheet","Apr 06, 2013 01:26:26",1365211586,"Jun 08, 2011 05:41:45",1307511705,"Aug 22, 2011 20:58:56",1314046736,"infe...@chromium.org","2011-2811"
85418,"High","CVE-2011-2349, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-DrMemory, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use-after-free in WebCore::RenderTextControl::isSelectableElement","Apr 06, 2013 01:26:21",1365211581,"Jun 08, 2011 19:15:52",1307560552,"Jun 14, 2011 05:48:55",1308030535,"miaubiz@gmail.com","2011-2349"
85559,"Low","CVE-2011-2788, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","infe...@chromium.org","Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.","Apr 06, 2013 01:26:11",1365211571,"Jun 09, 2011 14:51:15",1307631075,"Jun 14, 2011 04:06:30",1308024390,"infe...@chromium.org","2011-2788"
85808,"High","CVE-2011-2789, Cr-Blink, Cr-Internals, Cr-Internals-Plugins, Cr-Internals-Plugins-Pepper, M-13, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","c...@chromium.org","chrome_1c30000!webkit::ppapi::PPB_Widget_Impl::Invalidate crash","Apr 06, 2013 04:39:40",1365223180,"Jun 11, 2011 16:34:41",1307810081,"Jun 22, 2011 18:20:41",1308766841,"kuz...@gmail.com","2011-2789"
85943,"High","CVE-2011-2355, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in Stylesheet due to issue in CLONE nodes ","Apr 06, 2013 01:25:47",1365211547,"Jun 13, 2011 19:26:11",1307993171,"Jun 16, 2011 02:08:16",1308190096,"infe...@chromium.org","2011-2355"
86133,"","M-12, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Type-Bug-Security","Stable",,"","cev...@chromium.org","Add GRP to dangerous file list","Mar 21, 2013 20:54:38",1363899278,"Jun 15, 2011 02:32:28",1308105148,"Jun 15, 2011 02:53:53",1308106433,"scarybea...@gmail.com",""
86191,"Low","Cr-Internals, Cr-Platform-Extensions, Cr-Webstore, M-12, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Security: web-exposed manifest from Chrome extensions diverges from the real manifest in regards to NPAPI","Mar 21, 2013 20:54:38",1363899278,"Jun 15, 2011 16:55:19",1308156919,"Jun 20, 2011 17:10:46",1308589846,"jln@chromium.org",""
86367,"High","CVE-2011-2356, Cr-Blink, M-12, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free of frame in Document::finishedParsing","Apr 06, 2013 01:25:14",1365211514,"Jun 16, 2011 20:24:05",1308255845,"Jun 16, 2011 22:06:16",1308261976,"infe...@chromium.org","2011-2356"
86502,"High","CVE-2011-2790, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free due to floats not cleared from parent's next siblings blocks (on losing ability to intrude floats)","Apr 06, 2013 01:25:03",1365211503,"Jun 17, 2011 14:34:31",1308321271,"Jun 20, 2011 20:28:04",1308601684,"miaubiz@gmail.com","2011-2790"
86609,"High","CVE-2011-2812, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","OOB read in fontfallbacklist due to issue in CSSPrimitiveValues clamping","Apr 06, 2013 01:24:53",1365211493,"Jun 18, 2011 02:40:31",1308364831,"Jun 30, 2011 22:17:25",1309472245,"infe...@chromium.org","2011-2812"
86648,"High","CVE-2011-2813, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","abarth@chromium.org","Use after free in formassociatedelement not removed from m_formElementsWithFormAttribute","Apr 06, 2013 01:24:51",1365211491,"Jun 18, 2011 16:10:46",1308413446,"Jun 28, 2011 07:22:20",1309245740,"infe...@chromium.org","2011-2813"
86705,"High","CVE-2011-2814, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","jknot...@chromium.org","Use after free in Geolocation::fatalErrorOccurred","Apr 06, 2013 01:24:47",1365211487,"Jun 19, 2011 15:09:44",1308496184,"Jul 16, 2011 02:08:46",1310782126,"infe...@chromium.org","2011-2814"
86758,"High","CVE-2011-2845, Cr-Internals, M-15, Merge-Merged, Merge-Merged-874, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","creis@chromium.org","URL Bar Spoofing using History.back() and History.forward","Mar 21, 2013 20:54:36",1363899276,"Jun 20, 2011 09:42:02",1308562922,"Jul 25, 2011 17:16:41",1311614201,"jconsult...@gmail.com","2011-2845"
86900,"High","CVE-2011-2791, Cr-Internals, M-13, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-782, reward-1000","Stable",1000,"accept","jshin@chromium.org","Heap memory corruption in web database support (SQLite/ICU)","Mar 21, 2013 20:54:36",1363899276,"Jun 21, 2011 04:57:23",1308632243,"Jun 29, 2011 20:33:10",1309379590,"yangding...@gmail.com","2011-2791"
87148,"High","CVE-2011-2792, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","use after free due to floats not removed","Mar 21, 2013 20:54:35",1363899275,"Jun 22, 2011 21:00:30",1308776430,"Jun 28, 2011 05:59:17",1309240757,"miaubiz@gmail.com","2011-2792"
87227,"High","CVE-2011-2793, Cr-Blink, M-13, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free due to refcounting issue in MediaQueryMatcher::prepareEvaluator","Apr 06, 2013 01:24:10",1365211450,"Jun 23, 2011 09:48:10",1308822490,"Jun 28, 2011 07:26:06",1309245966,"miaubiz@gmail.com","2011-2793"
87298,"Medium","CVE-2011-2794, Cr-Blink, M-13, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Stability-Memory-DrMemory, Type-Bug-Security, reward-500","Stable",500,"accept","rn...@chromium.org","OOB read due to iterating over wrong textbox in TextIterator::emitText (first-letter + RTL)","Apr 06, 2013 01:24:06",1365211446,"Jun 23, 2011 20:37:04",1308861424,"Jul 12, 2011 22:15:27",1310508927,"miaubiz@gmail.com","2011-2794"
87339,"Medium","CVE-2011-2795, Cr-Blink, M-13, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","abarth@chromium.org","XSS injection via prototype chain","Apr 06, 2013 01:24:01",1365211441,"Jun 24, 2011 01:31:23",1308879083,"Jun 28, 2011 05:22:06",1309238526,"shih.wei...@gmail.com","2011-2795"
87478,"High","M-14, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","a...@chromium.org","[LangFuzz] Crash on heap with invalid read","Mar 21, 2013 20:45:21",1363898721,"Jun 25, 2011 00:52:17",1308963137,"Jun 27, 2011 13:15:52",1309180552,"decoder...@googlemail.com",""
87548,"High","CVE-2011-2796, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","r...@google.com","use after free in skia blitter","Apr 06, 2013 01:23:49",1365211429,"Jun 26, 2011 15:55:36",1309103736,"Jul 19, 2011 16:46:57",1311094017,"infe...@chromium.org","2011-2796"
87728,"High","Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org","Regression(89733): Use after free in fast/forms/text-control-intrinsic-widths.html","Apr 06, 2013 01:23:37",1365211417,"Jun 28, 2011 08:52:25",1309251145,"Jun 28, 2011 19:43:00",1309290180,"miaubiz@gmail.com",""
87729,"High","CVE-2011-2797, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","gavinp@chromium.org","Use after free in third_party/WebKit/LayoutTests/fast/dom/HTMLLinkElement/link-and-subresource-test.html","Apr 06, 2013 01:23:36",1365211416,"Jun 28, 2011 08:56:30",1309251390,"Jul 12, 2011 22:08:13",1310508493,"miaubiz@gmail.com","2011-2797"
87815,"Low","CVE-2011-2798, Cr-Internals, Cr-Platform-DevTools, M-13, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","c...@chromium.org","chrome-devtools:// can be navigated from http","Mar 21, 2013 20:54:33",1363899273,"Jun 28, 2011 20:58:09",1309294689,"Jun 30, 2011 22:01:25",1309471285,"evn@google.com","2011-2798"
87861,"Medium","CVE-2011-2865, Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","Security: OOB read in svg text run","Apr 06, 2013 01:23:29",1365211409,"Jun 29, 2011 03:13:20",1309317200,"Jul 19, 2011 18:26:46",1311100006,"infe...@chromium.org","2011-2865"
87862,"High","CVE-2011-2815, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","jchaffraix@chromium.org","Security: Use after free in svg text","Apr 06, 2013 01:23:28",1365211408,"Jun 29, 2011 03:28:29",1309318109,"Jul 12, 2011 23:04:59",1310511899,"infe...@chromium.org","2011-2815"
87925,"High","CVE-2011-2799, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free in range extract contents","Apr 06, 2013 01:23:22",1365211402,"Jun 29, 2011 18:04:17",1309370657,"Jul 12, 2011 20:57:51",1310504271,"miaubiz@gmail.com","2011-2799"
88093,"High","M-14, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000, reward-decline","None",1000,"decline","kmillikin@chromium.org","Security: out-of-bounds read in v8 with defineProperty and arguments","Mar 21, 2013 20:45:17",1363898717,"Jun 30, 2011 20:22:42",1309465362,"Jun 30, 2011 20:22:42",1309465362,"scarybea...@gmail.com",""
88216,"High","CVE-2011-2824, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","c...@chromium.org","Regression: Use-after-free in CounterNode::insertAfter","Apr 06, 2013 01:23:00",1365211380,"Jul 01, 2011 19:15:58",1309547758,"Aug 08, 2011 23:50:10",1312847410,"miaubiz@gmail.com","2011-2824"
88337,"Medium","CVE-2011-2800, Cr-Blink, M-13, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","abarth@chromium.org","The beforeload event allows tracking URI changes in a frame","Apr 06, 2013 01:22:48",1365211368,"Jul 03, 2011 13:08:23",1309698503,"Jul 16, 2011 02:04:24",1310781864,"juhon...@gmail.com","2011-2800"
88591,"High","CVE-2011-2802, Cr-Blink, Cr-Blink-JavaScript, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","kmillikin@chromium.org","[LangFuzz] CHECK(!value->IsTheHole()) failed // Crash with invalid read in shell","Apr 06, 2013 03:26:07",1365218767,"Jul 06, 2011 20:53:15",1309985595,"Jul 11, 2011 14:18:42",1310393922,"decoder...@googlemail.com","2011-2802"
88670,"High","CVE-2011-2825, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, ZDI-CAN-1283","Stable",,"","cev...@chromium.org","ZDI-CAN-1283: Webkit fontface Invalid Font Family Remote Code Execution Vulnerability","Apr 06, 2013 01:22:22",1365211342,"Jul 07, 2011 16:25:45",1310055945,"Sep 07, 2011 16:15:34",1315412134,"infe...@chromium.org","2011-2825"
88684,"High","CVE-2011-2866, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Stale m_owner in RenderScrollbar (m_owner is deleted body element)","Apr 06, 2013 01:22:21",1365211341,"Jul 07, 2011 18:28:01",1310063281,"Aug 30, 2011 20:44:59",1314737099,"infe...@chromium.org","2011-2866"
88723,"High","CVE-2011-2820, Cr-Blink, Cr-Content-Core, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","REGRESSION (r85964): Use after free in WebCore::RenderObject::localToAbsolute","Apr 06, 2013 01:22:19",1365211339,"Jul 08, 2011 00:57:05",1310086625,"Jul 26, 2011 20:06:54",1311710814,"rtenneti@chromium.org","2011-2820"
88730,"High","CVE-2011-2816, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use after free in SVGUseElement::invalidateShadowTree / SVGElementInstance::invalidateAllInstancesOfElement","Apr 06, 2013 01:22:18",1365211338,"Jul 08, 2011 05:22:09",1310102529,"Jul 16, 2011 19:06:35",1310843195,"infe...@chromium.org","2011-2816"
88827,"Medium","CVE-2011-2803, Cr-Internals, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","r...@google.com","OOB read due to Integer overflow in SkDashPathEffect constructor (len and phase)","Apr 01, 2013 15:38:51",1364830731,"Jul 09, 2011 21:20:27",1310246427,"Jul 19, 2011 17:01:29",1311094889,"infe...@chromium.org","2011-2803"
88846,"High","CVE-2011-2801, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use-after-free in FrameLoader with no form post method","Apr 06, 2013 01:22:12",1365211332,"Jul 10, 2011 07:36:39",1310283399,"Jul 16, 2011 02:11:47",1310782307,"miaubiz@gmail.com","2011-2801"
88850,"High","Cr-Blink, Cr-Internals-Media, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","Use after free with fuzzed ogv file","Apr 06, 2013 01:22:11",1365211331,"Jul 10, 2011 09:18:10",1310289490,"Jul 28, 2011 13:56:23",1311861383,"chamal.d...@gmail.com",""
88858,"High","Cr-Blink, Cr-Blink-JavaScript, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","kmillikin@chromium.org","[LangFuzz] Crash at JSObject::LocalLookupRealNamedProperty with invalid read on gc","Apr 06, 2013 03:26:07",1365218767,"Jul 10, 2011 12:36:27",1310301387,"Jul 11, 2011 06:49:41",1310366981,"decoder...@googlemail.com",""
88889,"High","CVE-2011-2818, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale pointer due to floats not removed (flexible box display)","Apr 06, 2013 01:22:07",1365211327,"Jul 11, 2011 06:28:30",1310365710,"Jul 25, 2011 18:32:49",1311618769,"MartyBar...@gmail.com","2011-2818"
88944,"Critical","Cr-Blink, Cr-Blink-Storage-IndexedDB, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Critical, Type-Bug-Security, reward-3133","None",3133,"accept","dgrogan@chromium.org","Use-after free in leveldb","Apr 06, 2013 03:07:48",1365217668,"Jul 11, 2011 17:53:22",1310406802,"Jul 28, 2011 13:56:23",1311861383,"miaubiz@gmail.com",""
88949,"Medium","CVE-2011-3875, Cr-UI, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-874","Stable",,"","creis@chromium.org","Security: Location Bar Spoofing using very long string on a web address in the location bar","Mar 21, 2013 21:00:33",1363899633,"Jul 11, 2011 18:35:59",1310409359,"Oct 03, 2011 18:23:34",1317666214,"jconsult...@gmail.com","2011-3875"
89142,"High","Area-Internal, CVE-2011-2804, Cr-Blink, Cr-Internals-Plugins-PDF, M-13, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","cev...@chromium.org","PDF viewer crash","Apr 06, 2013 03:14:29",1365218069,"Jul 13, 2011 08:54:05",1310547245,"Jul 13, 2011 18:55:40",1310583340,"aohelin","2011-2804"
89219,"High","CVE-2011-2846, Cr-Blink, M-14, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","jap...@chromium.org","Use after free due to document destruction within unload event","Apr 06, 2013 01:21:42",1365211302,"Jul 13, 2011 19:00:16",1310583616,"Aug 24, 2011 21:26:19",1314221179,"Ax3...@gmail.com","2011-2846"
89330,"High","CVE-2011-2847, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","abarth@chromium.org","DocumentLoader use after free in KURL::strippedForUseAsReferrer","Apr 06, 2013 01:21:34",1365211294,"Jul 14, 2011 17:45:39",1310665539,"Aug 30, 2011 21:31:39",1314739899,"miaubiz@gmail.com","2011-2847"
89402,"High","CVE-2011-2821, M-13, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-DrMemory, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Memory corruption (double free) caused by malformed XPath expression in XSLT","Apr 01, 2013 15:42:50",1364830970,"Jul 15, 2011 09:16:11",1310721371,"Aug 04, 2011 04:55:18",1312433718,"yangding...@gmail.com","2011-2821"
89453,"High","CVE-2011-2826, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","abarth@chromium.org","UXSS with empty SecurityOrigin","Apr 06, 2013 01:21:24",1365211284,"Jul 15, 2011 19:34:51",1310758491,"Jul 28, 2011 23:51:49",1311897109,"serg.gla...@gmail.com","2011-2826"
89493,"High","Cr-Blink, Cr-Blink-Rendering, Cr-Blink-SVG, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Ty","Beta, Stable",,"","ke...@chromium.org","Use after free in SVG foreignobject rendering.","Apr 06, 2013 03:45:13",1365219913,"Jul 16, 2011 07:26:28",1310801188,"Nov 09, 2011 18:09:12",1320862152,"infe...@chromium.org",""
89520,"High","CVE-2011-2805, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","UXSS / frame escape with window.open","Apr 06, 2013 01:21:17",1365211277,"Jul 16, 2011 18:46:21",1310841981,"Jul 17, 2011 05:40:53",1310881253,"serg.gla...@gmail.com","2011-2805"
89522,"High","CVE-2011-2867, Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","SVG animation API crashes on SVGAnimateTransform","Apr 06, 2013 01:21:17",1365211277,"Jul 16, 2011 19:52:18",1310845938,"Jul 19, 2011 18:33:57",1311100437,"infe...@chromium.org","2011-2867"
89552,"High","CVE-2011-2831, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Memory-DrMemory, Type-Bug-Security","Stable",,"","gavinp@chromium.org","Use after free in CSSStyleSheet::checkLoaded","Apr 06, 2013 01:21:13",1365211273,"Jul 17, 2011 16:13:11",1310919191,"Jul 28, 2011 13:56:23",1311861383,"infe...@chromium.org","2011-2831"
89558,"High","Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","None",500,"accept","simonjam@chromium.org","Use after free in SVGUseElement::buildShadowTree","Apr 06, 2013 01:21:13",1365211273,"Jul 17, 2011 18:37:30",1310927850,"Jul 27, 2011 17:23:40",1311787420,"miaubiz@gmail.com",""
89564,"Medium","CVE-2011-2848, Cr-Internals, Cr-UI-Browser-Navigation, M-14, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-835, reward-500","Stable",500,"accept","creis@chromium.org","Possible URL Bar Spoofing when history.forward() is ignored using forward button","Mar 21, 2013 21:00:33",1363899633,"Jul 17, 2011 20:14:38",1310933678,"Aug 31, 2011 20:36:25",1314822985,"jconsult...@gmail.com","2011-2848"
89575,"High","CVE-2011-2832, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","morrita@google.com","Use after free of markers in CompositeEditCommand::replaceTextInNodePreservingMarkers","Apr 06, 2013 01:21:12",1365211272,"Jul 18, 2011 06:49:52",1310971792,"Jul 28, 2011 13:56:23",1311861383,"infe...@chromium.org","2011-2832"
89580,"High","CVE-2011-2868, Cr-Blink, M-14, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free due to continuation splitting issues in -webkit-column-span","Apr 06, 2013 01:21:11",1365211271,"Jul 18, 2011 08:11:48",1310976708,"Sep 06, 2011 01:55:53",1315274153,"infe...@chromium.org","2011-2868"
89599,"High","CVE-2011-3240, Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","","Freed SVGTRefElement used in SVGStyledElement::buildPendingResourcesIfNeeded","Apr 06, 2013 01:21:09",1365211269,"Jul 18, 2011 14:05:54",1310997954,"Jul 28, 2011 13:56:23",1311861383,"infe...@chromium.org","2011-3240"
89678,"High","CVE-2011-2817, Cr-Blink, M-13, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in ReplacementFragment::removeUnrenderedNodes","Apr 06, 2013 01:21:04",1365211264,"Jul 19, 2011 03:15:11",1311045311,"Jul 19, 2011 18:36:31",1311100591,"infe...@chromium.org","2011-2817"
89795,"Low","CVE-2011-2849, Cr-Internals, M-14, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","ukai@chromium.org","Browser crash in net::WebSocketJob::SendPending","Mar 21, 2013 20:54:23",1363899263,"Jul 19, 2011 22:43:06",1311115386,"Jul 25, 2011 06:00:10",1311573610,"Ax3...@gmail.com","2011-2849"
89836,"Critical","CVE-2011-2806, M-13, Merge-Merged, OS-Windows, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, reward-1337","Stable",1337,"accept","vangelis@chromium.org","Tracking bug for ANGLE memory corruption on Windows","Mar 21, 2013 21:07:57",1363900077,"Jul 20, 2011 03:55:16",1311134116,"Aug 04, 2011 01:24:47",1312421087,"scarybea...@gmail.com","2011-2806"
89991,"Medium","CVE-2011-3234, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Stable",500,"accept","infe...@chromium.org","Regression(82144): OOB InlineIterator read in TrailingObjects::updateMidpointsForTrailingBoxes","Apr 06, 2013 01:20:44",1365211244,"Jul 21, 2011 05:04:37",1311224677,"Aug 01, 2011 18:04:31",1312221871,"miaubiz@gmail.com","2011-3234"
90105,"Medium","Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-65147, merge-merged-963","Beta, Stable",,"","ke...@chromium.org","Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak","Apr 06, 2013 01:20:38",1365211238,"Jul 21, 2011 23:19:33",1311290373,"Jan 06, 2012 20:31:47",1325881907,"infe...@chromium.org",""
90134,"Medium","CVE-2011-2850, Cr-Blink, M-14, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","ba...@chromium.org","OOB read in harfbuzz with khmer character","Apr 06, 2013 01:20:36",1365211236,"Jul 22, 2011 04:32:52",1311309172,"Jul 29, 2011 07:21:02",1311924062,"miaubiz@gmail.com","2011-2850"
90173,"Medium","CVE-2011-2851, Cr-Blink, Cr-Internals-Media, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","scherkus@chromium.org","OOB read in media::ScaleYUVToRGB32 due to failure to account for zero source width and accessing negative indices","Apr 06, 2013 01:20:32",1365211232,"Jul 22, 2011 14:02:28",1311343348,"Sep 01, 2011 04:18:46",1314850726,"infe...@chromium.org","2011-2851"
90217,"Low","CVE-2011-3876, Cr-Internals, Cr-UI-Browser-Downloads, M-15, OS-Windows, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","ke...@chromium.org","Prevent silent truncation of trailing characters in downloaded file names","Mar 21, 2013 20:54:21",1363899261,"Jul 22, 2011 18:17:00",1311358620,"Aug 26, 2011 04:57:45",1314334665,"evn@google.com","2011-3876"
90222,"High","CVE-2011-2819, Cr-Blink, M-13, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","UXSS with document.baseURI","Apr 06, 2013 01:20:28",1365211228,"Jul 22, 2011 18:36:24",1311359784,"Jul 25, 2011 18:34:53",1311618893,"serg.gla...@gmail.com","2011-2819"
90357,"Medium","CVE-2011-2869, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","rn...@chromium.org","OOB read in WebCore::previousBoundary","Apr 06, 2013 01:20:20",1365211220,"Jul 25, 2011 04:43:07",1311568987,"Aug 19, 2011 19:53:54",1313783634,"infe...@chromium.org","2011-2869"
90668,"High","CVE-2011-2827, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","rn...@chromium.org","Use after free in WebCore::findPlainText","Apr 06, 2013 01:20:03",1365211203,"Jul 27, 2011 15:19:53",1311779993,"Jul 28, 2011 13:56:23",1311861383,"miaubiz@gmail.com","2011-2827"
90978,"Medium","Cr-Blink, M-15, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData (WEBKIT 65352)","Apr 06, 2013 01:19:26",1365211166,"Jul 29, 2011 13:26:44",1311946004,"Sep 04, 2011 05:06:32",1315112792,"jsc...@chromium.org",""
91008,"High","M-15, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","danno@chromium.org","[LangFuzz] Crash at JSObject::PrepareElementsForSort with invalid read","Mar 21, 2013 20:44:58",1363898698,"Jul 29, 2011 18:03:29",1311962609,"Aug 02, 2011 14:19:11",1312294751,"decoder...@googlemail.com",""
91010,"High","M-15, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","danno@chromium.org","[LangFuzz] Crash at JSObject::SetDictionaryElement with invalid read (32 bit)","Mar 21, 2013 20:44:58",1363898698,"Jul 29, 2011 18:11:41",1311963101,"Aug 02, 2011 09:30:22",1312277422,"decoder...@googlemail.com",""
91013,"High","M-15, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","vegorov@chromium.org","[LangFuzz] Crash at RootMarkingVisitor::VisitPointers (32 bit)","Mar 21, 2013 20:44:58",1363898698,"Jul 29, 2011 18:20:20",1311963620,"Aug 02, 2011 19:39:14",1312313954,"decoder...@googlemail.com",""
91016,"Medium","Cr-Blink, M-14, Merge-Merged, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Type-Bug-Security, reward-500","None",500,"accept","bsalo...@google.com","Security: Canvas toDataURL security error: It is taking page information and not the canvas when making the image","Apr 06, 2013 01:19:25",1365211165,"Jul 29, 2011 18:26:03",1311963963,"Aug 04, 2011 19:36:44",1312486604,"simon.sa...@gmail.com",""
91092,"High","Cr-Blink, M-14, Merge-Merged-835, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","ke...@chromium.org","Use after free in SVGUseElement::buildShadowTree","Apr 06, 2013 01:19:21",1365211161,"Jul 30, 2011 13:59:09",1312034349,"Sep 10, 2011 13:49:24",1315662564,"infe...@chromium.org",""
91093,"High","CVE-2011-2870, Cr-Blink, Cr-Blink-Video, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","tkent@chromium.org","Bad cast in paintMediaPlayButton","Apr 06, 2013 05:03:46",1365224626,"Jul 30, 2011 14:10:18",1312035018,"Aug 04, 2011 04:52:50",1312433570,"infe...@chromium.org","2011-2870"
91120,"High","CVE-2011-2852, M-14, Merge-Merged, Pri-0, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-500","Stable",500,"accept","kmillikin@chromium.org","[LangFuzz] Crash at Runtime_QuoteJSONString with invalid write","Mar 21, 2013 20:54:18",1363899258,"Jul 31, 2011 09:44:18",1312105458,"Aug 03, 2011 09:28:16",1312363696,"decoder...@googlemail.com","2011-2852"
91139,"High","M-13, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","cev...@chromium.org","HTML5 FileSystem API directory traversal","Mar 21, 2013 20:54:18",1363899258,"Jul 31, 2011 20:49:26",1312145366,"Aug 03, 2011 00:10:14",1312330214,"serg.gla...@gmail.com",""
91197,"High","CVE-2011-2853, Cr-Blink, Cr-Internals, Cr-Internals-Core, Cr-Internals-Plugins, Cr-Internals-Plugins-Flash, M-14, Merge-Merged, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stab","Stable",,"","wez@chromium.org","Use after free or bad cast with empty .swf file","Apr 06, 2013 04:23:51",1365222231,"Aug 01, 2011 12:41:48",1312202508,"Aug 31, 2011 22:43:59",1314830639,"skylined@chromium.org","2011-2853"
91218,"Low","CVE-2011-3877, Pri-0, Restrict-AddIssueComment-Commit, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","tsepez@chromium.org","XSS in chrome://appcache-internals","Mar 21, 2013 20:54:17",1363899257,"Aug 01, 2011 17:20:34",1312219234,"Aug 02, 2011 16:55:32",1312304132,"tsepez@chromium.org","2011-3877"
91517,"High","CVE-2011-2828, Cr-Internals, M-13, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","danno@chromium.org","Security: V8 asserts (crashes) when entering simple JS snippit","Mar 21, 2013 20:54:17",1363899257,"Aug 03, 2011 15:13:38",1312384418,"Aug 04, 2011 13:07:49",1312463269,"danno@chromium.org","2011-2828"
91577,"Low","Cr-Internals, M-14, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-835","Stable",,"","jstritar@chromium.org","file:// URL access is defaulting to opt-in","Mar 21, 2013 20:54:16",1363899256,"Aug 03, 2011 20:39:56",1312403996,"Aug 10, 2011 03:30:12",1312947012,"erik...@chromium.org",""
91598,"High","CVE-2011-2829, M-13, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","","Integer overflow in v8 custom bindings for WebGLRenderingContext","Mar 21, 2013 20:54:16",1363899256,"Aug 03, 2011 22:03:15",1312408995,"Aug 04, 2011 21:53:12",1312494792,"serg.gla...@gmail.com","2011-2829"
91665,"High","CVE-2011-2839, M-13, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Crash on bad rip when opening a PDF","Mar 21, 2013 20:54:16",1363899256,"Aug 04, 2011 13:54:00",1312466040,"Aug 04, 2011 19:35:29",1312486529,"aohelin","2011-2839"
91801,"High","CVE-2011-3236, Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free of RootInlineBox","Apr 06, 2013 01:18:40",1365211120,"Aug 05, 2011 14:14:24",1312553664,"Aug 09, 2011 18:20:08",1312914008,"infe...@chromium.org","2011-3236"
91911,"High","CVE-2011-2871, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Memory-DrMemory, Type-Bug-Security","Stable",,"","","Freed m_renderer used in InlineBox::deleteLine","Apr 06, 2013 01:18:32",1365211112,"Aug 06, 2011 07:44:37",1312616677,"Nov 07, 2011 20:51:46",1320699106,"infe...@chromium.org","2011-2871"
91921,"High","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835, merge-merged-874","Stable",,"","infe...@chromium.org","Use after free in RenderRubyBase","Apr 06, 2013 01:18:32",1365211112,"Aug 06, 2011 14:27:29",1312640849,"Sep 25, 2011 21:42:53",1316986973,"infe...@chromium.org",""
91972,"High","CVE-2011-2872, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Regression(85705): Use after free on m_originatingLine in floats","Apr 06, 2013 01:18:29",1365211109,"Aug 07, 2011 15:29:01",1312730941,"Aug 10, 2011 21:49:15",1313012955,"infe...@chromium.org","2011-2872"
92226,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-835, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","c...@chromium.org","Use after free in CounterNode::lastDescendant","Apr 06, 2013 01:18:06",1365211086,"Aug 09, 2011 21:25:33",1312925133,"Sep 13, 2011 22:51:17",1315954277,"infe...@chromium.org",""
92550,"Low","CVE-2011-3954, Cr-Blink, Cr-Blink-Storage-IndexedDB, Cr-Internals, M-17, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","dgrogan@chromium.org","Chrome (main process) crashes when setVersion is called when all (Indexed) database name space is used up","Apr 06, 2013 03:07:41",1365217661,"Aug 11, 2011 21:51:20",1313099480,"Oct 29, 2011 16:02:04",1319904124,"therealh...@gmail.com","2011-3954"
92621,"High","CVE-2011-2833, Cr-Blink, M-13, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in VisibleSelection::selectionFromContentsOfNode","Apr 06, 2013 01:17:39",1365211059,"Aug 12, 2011 07:14:17",1313133257,"Aug 12, 2011 16:30:31",1313166631,"infe...@chromium.org","2011-2833"
92651,"High","CVE-2011-2854, Cr-Blink, M-14, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free due to style not updated for ANONYMOUS boxes (e.g RenderRow), inline-blocks (e.g. RenderRubyRun)","Apr 06, 2013 01:17:39",1365211059,"Aug 12, 2011 14:33:07",1313159587,"Sep 06, 2011 01:54:20",1315274060,"infe...@chromium.org","2011-2854"
92769,"High","CVE-2011-2873, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Use after free in TreeBuilder","Apr 06, 2013 01:17:32",1365211052,"Aug 13, 2011 14:37:00",1313246220,"Aug 14, 2011 23:09:02",1313363342,"infe...@chromium.org","2011-2873"
92959,"High","CVE-2011-2855, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Stale node in StyleSheetCandidateListHashSet","Apr 06, 2013 01:17:13",1365211033,"Aug 15, 2011 22:07:19",1313446039,"Aug 17, 2011 18:30:50",1313605850,"Ax3...@gmail.com","2011-2855"
93106,"High","CVE-2011-3955, Cr-Blink, Cr-Blink-Storage-IndexedDB, M-17, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","jsbell@chromium.org","Failing assertion in IDBTransaction.cpp","Apr 06, 2013 03:07:39",1365217659,"Aug 16, 2011 18:36:40",1313519800,"Nov 23, 2011 16:57:46",1322067466,"dgrogan@chromium.org","2011-3955"
93416,"High","CVE-2011-2856, M-14, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","l...@chromium.org","Security: Arbitrary cross-origin bypass using __defineGetter__ prototype override","Mar 21, 2013 20:54:12",1363899252,"Aug 18, 2011 20:46:37",1313700397,"Aug 22, 2011 17:23:28",1314033808,"divric...@gmail.com","2011-2856"
93420,"High","CVE-2011-2857, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free in FocusController::advanceFocusInDocumentOrder","Apr 06, 2013 01:16:50",1365211010,"Aug 18, 2011 21:04:32",1313701472,"Aug 22, 2011 17:35:07",1314034507,"miaubiz@gmail.com","2011-2857"
93472,"","CVE-2011-2834, M-14, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Type-Bug-Security, reward-1000","Stable",1000,"accept","cev...@chromium.org","Yet another double-free caused by malformed XPath expression in XSLT","Mar 21, 2013 20:54:11",1363899251,"Aug 19, 2011 03:30:38",1313724638,"Aug 26, 2011 00:16:56",1314317816,"yangding...@gmail.com","2011-2834"
93497,"Medium","CVE-2011-2859, Cr-Internals, M-14, Merge-Merged, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-835","Stable",,"","asargent@chromium.org","Security: Accessibility of the chrome.webstorePrivate-API","Mar 21, 2013 21:00:29",1363899629,"Aug 19, 2011 13:13:07",1313759587,"Aug 24, 2011 04:32:30",1314160350,"sinbad.g...@recurity-labs.com","2011-2859"
93587,"High","CVE-2011-2860, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free in WebCore::Text::recalcStyle due to before after content issue in table parts","Apr 06, 2013 01:16:21",1365210981,"Aug 20, 2011 05:13:58",1313817238,"Aug 25, 2011 17:02:32",1314291752,"infe...@chromium.org","2011-2860"
93596,"Medium","CVE-2011-2861, M-14, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","cev...@chromium.org","Bad read in bundled PDF viewer","Mar 21, 2013 21:00:29",1363899629,"Aug 20, 2011 09:42:44",1313833364,"Aug 22, 2011 18:53:30",1314039210,"aohelin","2011-2861"
93759,"High","CVE-2011-2863, Cr-Blink, Cr-Blink-JavaScript, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Stable",2000,"accept","l...@chromium.org","UXSS using Object.getPrototypeOf","Apr 06, 2013 03:25:46",1365218746,"Aug 22, 2011 17:50:05",1314035405,"Aug 26, 2011 15:44:16",1314373456,"serg.gla...@gmail.com","2011-2863"
93788,"High","CVE-2011-2876, Cr-Blink, Cr-Content-Core, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835, reward-1000","Stable",1000,"accept","morr...@chromium.org","Use after free in RenderText lineboxes.","Apr 06, 2013 01:16:06",1365210966,"Aug 22, 2011 20:48:12",1314046092,"Sep 21, 2011 06:03:00",1316584980,"miaubiz@gmail.com","2011-2876"
93906,"High","CVE-2011-2862, M-14, Merge-Merged, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2337","Stable",2337,"accept","l...@chromium.org","V8 builtins object can be accessed using Function.prototype.caller","Mar 21, 2013 20:54:09",1363899249,"Aug 23, 2011 16:30:18",1314117018,"Aug 29, 2011 14:46:43",1314629203,"serg.gla...@gmail.com","2011-2862"
94273,"High","Cr-Blink, M-14, Merge-Merged, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","crog...@google.com","V8 custom bindings for AudioNode must do proper object checking and throw exception in case of error","Apr 06, 2013 01:15:33",1365210933,"Aug 25, 2011 18:29:04",1314296944,"Aug 25, 2011 19:38:41",1314301121,"crog...@google.com",""
94487,"Medium","CVE-2011-3878, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, ","Beta, Stable",,"","jsc...@chromium.org","Security: JSC::Yarr regexp 32/48 to the left of 768 with workers","Apr 06, 2013 01:15:11",1365210911,"Aug 27, 2011 19:11:43",1314472303,"Oct 08, 2011 13:12:26",1318079546,"miaubiz@gmail.com","2011-3878"
94578,"Low","M-19, MovedFrom-16, MovedFrom-17, MovedFrom15, MovedFrom18, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, bulkmove","Beta, Stable",,"","tsepez@chromium.org","Security: Brute forcing Intranet WWW-Auth with script element","Mar 21, 2013 21:07:39",1363900059,"Aug 29, 2011 01:54:36",1314582876,"Feb 10, 2012 23:38:20",1328917100,"philippe...@gmail.com",""
94809,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-Merged-835","Stable",,"","infe...@chromium.org","Use after free in ruby overhang.","Apr 06, 2013 01:14:47",1365210887,"Aug 30, 2011 21:57:36",1314741456,"Sep 19, 2011 20:48:01",1316465281,"infe...@chromium.org",""
94810,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","","Use after free with Floats and Ruby","Apr 06, 2013 01:14:46",1365210886,"Aug 30, 2011 22:08:01",1314742081,"Sep 13, 2011 01:31:02",1315877462,"infe...@chromium.org",""
95072,"High","CVE-2011-2877, Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-","Stable",1000,"accept","infe...@chromium.org","Use after free due to style not updated for svg text runs.","Apr 06, 2013 01:14:31",1365210871,"Sep 01, 2011 17:16:48",1314897408,"Sep 16, 2011 17:23:44",1316193824,"infe...@chromium.org","2011-2877"
95359,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874","Stable",,"","infe...@chromium.org","Use after free in WebCore::SVGTRefElement::updateReferencedText","Apr 06, 2013 01:14:15",1365210855,"Sep 04, 2011 05:00:45",1315112445,"Oct 05, 2011 15:40:20",1317829220,"infe...@chromium.org",""
95360,"High","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835","Stable",,"","infe...@chromium.org","use after free in WebCore::ContainerNode::removeChild via Range.deleteContents()","Apr 06, 2013 01:14:14",1365210854,"Sep 04, 2011 05:04:17",1315112657,"Sep 05, 2011 05:22:55",1315200175,"infe...@chromium.org",""
95374,"Medium","CVE-2011-3879, Cr-Internals, M-15, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-874","Stable",,"","ke...@chromium.org","Redirect to chrome:// URIs via Location: header","Mar 21, 2013 21:00:28",1363899628,"Sep 04, 2011 14:30:24",1315146624,"Oct 04, 2011 18:02:05",1317751325,"masatoki...@gmail.com","2011-3879"
95465,"Low","Cr-Blink, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","cev...@chromium.org","4 OOB reads in XMLDocumentParser::doWrite","Apr 06, 2013 01:14:08",1365210848,"Sep 06, 2011 07:14:27",1315293267,"Sep 13, 2011 22:47:18",1315954038,"infe...@chromium.org",""
95485,"High","Cr-Blink, Cr-Blink-JavaScript, M-15, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","kmillikin@chromium.org","[LangFuzz] Crash at v8::internal::Object::Lookup","Apr 06, 2013 03:25:40",1365218740,"Sep 06, 2011 13:02:39",1315314159,"Sep 07, 2011 09:39:49",1315388389,"decoder...@googlemail.com",""
95499,"High","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","","Use after free due to style not updated and having stale fonts.","Apr 06, 2013 01:14:04",1365210844,"Sep 06, 2011 16:28:34",1315326514,"Sep 06, 2011 16:28:34",1315326514,"infe...@chromium.org",""
95520,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","infe...@chromium.org","Child not placed correctly when :before, :after placed in same table part container causing stale style","Apr 06, 2013 01:14:03",1365210843,"Sep 06, 2011 17:55:06",1315331706,"Sep 21, 2011 22:06:51",1316642811,"infe...@chromium.org",""
95563,"Medium","CVE-2011-2864, Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","ba...@chromium.org","OOB read in tibetan_nextSyllableBoundary","Apr 06, 2013 01:14:00",1365210840,"Sep 06, 2011 21:19:16",1315343956,"Sep 08, 2011 05:22:53",1315459373,"infe...@chromium.org","2011-2864"
95625,"Medium","CVE-2011-2858, Cr-Blink, Cr-Internals-GPU-WebGL, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","g...@chromium.org","OOB read in gpu::gles2::GLES2DecoderImpl::HandleDrawArrays","Apr 06, 2013 01:13:54",1365210834,"Sep 07, 2011 02:50:38",1315363838,"Sep 11, 2011 05:22:37",1315718557,"infe...@chromium.org","2011-2858"
95671,"High","CVE-2011-2878, Cr-Blink, Cr-Blink-JavaScript, M-14, Merge-Merged, Merge-Merged-874, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835, reward-2000","Stable",2000,"accept","abarth@chromium.org","Security: Cross-origin access to window.__proto__","Apr 06, 2013 03:25:39",1365218739,"Sep 07, 2011 16:38:13",1315413493,"Sep 19, 2011 23:11:31",1316473891,"serg.gla...@gmail.com","2011-2878"
95672,"High","Cr-Blink, M-15, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use after free in ListIterms and RunIns rendering (from bug 88680)","Apr 06, 2013 01:13:48",1365210828,"Sep 07, 2011 16:38:52",1315413532,"Sep 09, 2011 16:23:59",1315585439,"infe...@chromium.org",""
95761,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","simonjam@chromium.org","Use after free in ContainerNode::removeChild (looks related to plugin)","Apr 06, 2013 01:13:42",1365210822,"Sep 08, 2011 03:11:44",1315451504,"Sep 15, 2011 18:39:55",1316111995,"infe...@chromium.org",""
95917,"Low","CVE-2011-2874, M-14, OS-Windows, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"",""," SSL cert. changes","Mar 21, 2013 20:54:01",1363899241,"Sep 08, 2011 22:26:26",1315520786,"Sep 15, 2011 21:48:56",1316123336,"chris.ely@gmail.com","2011-2874"
95920,"High","CVE-2011-2875, Cr-Blink, Cr-Blink-JavaScript, M-14, Merge-Merged, Pri-0, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","danno@chromium.org","[LangFuzz] Crash at v8::internal::ElementsAccessorBase with invalid read","Apr 06, 2013 03:25:37",1365218737,"Sep 08, 2011 22:59:24",1315522764,"Sep 12, 2011 12:45:18",1315831518,"decoder...@googlemail.com","2011-2875"
95992,"Low","CVE-2011-3880, Cr-Internals, Cr-Internals-Network-HTTP, M-15, Merge-Merged, Merge-Merged-874, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","eroman@chromium.org","Security: header injection when using embeded \0 in headerline","Mar 21, 2013 20:54:01",1363899241,"Sep 09, 2011 10:42:41",1315564961,"Sep 13, 2011 05:15:40",1315890940,"d0z...@gmail.com","2011-3880"
96047,"High","CVE-2011-3881, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-2337","Beta, Stable",2337,"accept","abarth@chromium.org","UXSS and use-after-free when DOMWindow is accessed after navigation","Apr 06, 2013 01:13:23",1365210803,"Sep 09, 2011 18:54:42",1315594482,"Oct 13, 2011 09:06:37",1318496797,"serg.gla...@gmail.com","2011-3881"
96131,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-15, Merge-Merged, OS-Mac, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Crash, Type-Bug-Security, m","Stable",,"","dim...@chromium.org","Closing parent then child in gmail = sad tab","Apr 06, 2013 03:25:36",1365218736,"Sep 10, 2011 08:07:17",1315642037,"Oct 17, 2011 20:49:35",1318884575,"g...@chromium.org",""
96150,"High","CVE-2011-2879, Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","crog...@google.com","Use after free in OfflineAudioDestinationNode::notifyCompleteDispatch","Apr 06, 2013 01:13:15",1365210795,"Sep 10, 2011 16:49:36",1315673376,"Sep 15, 2011 03:31:56",1316057516,"infe...@chromium.org","2011-2879"
96170,"Medium","Cr-Blink, Cr-Platform-DevTools, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","pfeld...@chromium.org","Use after free in InspectorPageAgent::resourceContent","Apr 06, 2013 01:13:13",1365210793,"Sep 11, 2011 02:12:59",1315707179,"Sep 14, 2011 17:04:21",1316019861,"infe...@chromium.org",""
96292,"High","CVE-2011-3882, Cr-Internals-Media, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874","Stable",,"","fischman@chromium.org","Use after free in media BufferedResourceLoader::Start","Apr 01, 2013 15:38:22",1364830702,"Sep 12, 2011 18:35:43",1315852543,"Sep 27, 2011 21:10:14",1317157814,"infe...@chromium.org","2011-3882"
96382,"Medium","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Stable",,"","","out-of-bounds access in Gradient::sortStopsIfNecessary","Apr 06, 2013 01:13:01",1365210781,"Sep 13, 2011 04:21:12",1315887672,"Sep 13, 2011 04:21:12",1315887672,"infe...@chromium.org",""
96444,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-CodeYellow, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","infe...@chromium.org","Freed scrollbar used in RenderScrollbarPart::imageChanged [not related to previous stale m_owner issues]","Apr 06, 2013 01:12:54",1365210774,"Sep 13, 2011 16:45:12",1315932312,"Sep 14, 2011 04:19:30",1315973970,"infe...@chromium.org",""
96479,"","Cr-Internals, Cr-Internals-Network-Cache, M-16, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Severity-None, Type-Bug-Security, reward-500","None",500,"accept","rvargas@chromium.org","Security: use after free in disk cache","Mar 21, 2013 20:31:40",1363897900,"Sep 13, 2011 20:04:47",1315944287,"Sep 14, 2011 00:44:49",1315961089,"miaubiz@gmail.com",""
96665,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835","Stable",,"","simonjam@chromium.org","Use after free in Element::recalcStyle due to reparenting issues in treebuilder","Apr 06, 2013 01:12:41",1365210761,"Sep 15, 2011 07:51:47",1316073107,"Sep 16, 2011 18:26:49",1316197609,"infe...@chromium.org",""
96885,"High","CVE-2011-3881, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-2337","Stable",2337,"accept","abarth@chromium.org","UXSS via Object::GetRealNamedPropertyInPrototypeChain","Apr 06, 2013 01:12:25",1365210745,"Sep 16, 2011 18:57:56",1316199476,"Sep 29, 2011 17:55:59",1317318959,"serg.gla...@gmail.com","2011-3881"
96902,"High","CVE-2011-3883, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward-1000","Stable",1000,"accept","c...@chromium.org","Use-after-free in findPlaceForCounter","Apr 06, 2013 01:12:24",1365210744,"Sep 16, 2011 20:57:01",1316206621,"Oct 04, 2011 19:51:39",1317757899,"miaubiz@gmail.com","2011-3883"
97006,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874","Beta, Stable",,"","jere...@chromium.org","Use after free due to issues in element detachment when entering fullscreen","Apr 06, 2013 01:12:17",1365210737,"Sep 18, 2011 06:28:30",1316327310,"Oct 10, 2011 21:48:01",1318283281,"infe...@chromium.org",""
97092,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-1000","None",1000,"accept","jamesr@chromium.org","Stale canvas used in WebCore::PlatformContextSkia::save()","Apr 06, 2013 01:12:09",1365210729,"Sep 19, 2011 14:09:13",1316441353,"Sep 20, 2011 05:16:34",1316495794,"slaweck",""
97148,"High","CVE-2011-3884, Cr-Internals, Cr-UI-Browser-SafeBrowsing, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, merge-merged-874","Stable",,"","bryner@chromium.org","Crashes in PhishingDOMFeatureExtractor::ExtractFeaturesWithTimeout","Mar 21, 2013 20:53:56",1363899236,"Sep 19, 2011 22:13:42",1316470422,"Sep 23, 2011 19:11:40",1316805100,"bryner@chromium.org","2011-3884"
97278,"Medium","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-835","Stable",,"","jochen@chromium.org","Security: Tracking bug for CachedResourceLoader::canRequest in a redirect chain","Apr 06, 2013 01:11:57",1365210717,"Sep 20, 2011 18:26:19",1316543179,"Sep 21, 2011 00:13:03",1316563983,"ke...@chromium.org",""
97451,"High","CVE-2011-2880, Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835, reward-1500","Stable",1500,"accept","","Protect the Frame in V8HTMLDocument::openCallback","Apr 06, 2013 01:11:43",1365210703,"Sep 21, 2011 18:58:22",1316631502,"Sep 21, 2011 20:27:34",1316636854,"serg.gla...@gmail.com","2011-2880"
97520,"High","CVE-2011-2880, Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835, reward-1500","Stable",1500,"accept","","Protect message ports from being deleted in V8MessageEvent::portsAccessorGetter","Apr 06, 2013 01:11:37",1365210697,"Sep 21, 2011 23:17:36",1316647056,"Sep 22, 2011 02:02:53",1316656973,"serg.gla...@gmail.com","2011-2880"
97546,"High","Cr-Blink, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835","Stable",,"","infe...@chromium.org","Use after free in ruby text :after, :before content due to stale styles.","Apr 06, 2013 01:11:35",1365210695,"Sep 22, 2011 02:42:26",1316659346,"Sep 23, 2011 21:01:52",1316811712,"infe...@chromium.org",""
97553,"Low","Cr-UI, Cr-UI-Browser-FullScreen, M-21, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1180","Beta, Stable",,"","koz@chromium.org","Clicking a link on a page that has been fullscreened by JS doesn't exit fullscreen","Mar 21, 2013 21:07:36",1363900056,"Sep 22, 2011 03:48:27",1316663307,"Dec 20, 2012 15:52:00",1356018720,"koz@chromium.org",""
97599,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward","Beta, Stable",1000,"accept","infe...@chromium.org","More stale styles in listmarkers","Apr 06, 2013 01:11:32",1365210692,"Sep 22, 2011 15:32:39",1316705559,"Oct 10, 2011 19:47:22",1318276042,"infe...@chromium.org","2011-3885"
97608,"High","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","","Use after free in counters in :before, :after content","Apr 06, 2013 01:11:31",1365210691,"Sep 22, 2011 16:04:15",1316707455,"Oct 20, 2011 20:28:04",1319142484,"infe...@chromium.org",""
97615,"High","CVE-2011-2880, Cr-Blink, Cr-Internals-GPU-WebGL, M-14, Merge-Merged, Merge-Merged-874, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-835, reward-1500","Stable",1500,"accept","","Ref protect shaders in V8WebGLRenderingContext::getAttachedShadersCallback","Apr 06, 2013 01:11:31",1365210691,"Sep 22, 2011 16:39:15",1316709555,"Sep 22, 2011 17:38:08",1316713088,"serg.gla...@gmail.com","2011-2880"
97674,"Medium","Cr-Internals, Cr-Platform-Extensions, M-15, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-874","Stable",,"","mi...@chromium.org","Security: Extension can get at tabs details (url/title) without requesting tabs permission","Mar 21, 2013 21:00:25",1363899625,"Sep 22, 2011 20:45:12",1316724312,"Sep 28, 2011 02:14:40",1317176080,"mihaip@chromium.org",""
97784,"High","CVE-2011-2881, Cr-Blink, Cr-Blink-JavaScript, M-14, Merge-Merged, OS-All, Pri-1, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1500","Stable",1500,"accept","ricow@chromium.org","[v8] Stale pointer in CSSStyleSheet, Invalid cast in V8ListenerList::doFindWrapper","Apr 06, 2013 03:25:31",1365218731,"Sep 23, 2011 18:18:21",1316801901,"Sep 26, 2011 20:51:57",1317070317,"infe...@chromium.org","2011-2881"
97952,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874","Stable",,"","","Stale layout root generic fix from Mitz","Apr 06, 2013 01:11:09",1365210669,"Sep 25, 2011 05:47:30",1316929650,"Sep 26, 2011 00:10:35",1316995835,"infe...@chromium.org",""
97994,"High","Cr-Blink, M-14, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-835, merge-merged-874","Stable",,"","infe...@chromium.org","Use after free due to stale fonts","Apr 06, 2013 01:11:07",1365210667,"Sep 26, 2011 03:14:13",1317006853,"Sep 26, 2011 17:12:59",1317057179,"infe...@chromium.org",""
98053,"High","CVE-2011-3881, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-2500","Beta, Stable",2500,"accept","","UXSS via HTMLObjectElement","Apr 06, 2013 01:11:03",1365210663,"Sep 26, 2011 17:38:11",1317058691,"Oct 06, 2011 17:15:41",1317921341,"serg.gla...@gmail.com","2011-3881"
98064,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward-1000","Stable",1000,"accept","","Use-after-free when font is missing","Apr 06, 2013 01:11:02",1365210662,"Sep 26, 2011 18:36:31",1317062191,"Sep 29, 2011 04:17:50",1317269870,"miaubiz@gmail.com","2011-3885"
98089,"Critical","CVE-2011-3873, Cr-Internals, Cr-Internals-GPU-Internals, M-14, Merge-Merged, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security","Stable",,"","zmo@chromium.org","memory corruption in ANGLE shader translator","Mar 21, 2013 21:07:56",1363900076,"Sep 26, 2011 21:15:55",1317071755,"Sep 28, 2011 00:45:37",1317170737,"zhen...@gmail.com","2011-3873"
98161,"Medium","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-874","Stable",,"","","Bug 68816 - Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption","Apr 06, 2013 01:10:58",1365210658,"Sep 27, 2011 02:27:25",1317090445,"Sep 27, 2011 20:54:21",1317156861,"infe...@chromium.org",""
98407,"Medium","CVE-2011-3887, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-874, reward-1500","Stable",1500,"accept","","Cookie theft via DocumentWriter::begin","Apr 06, 2013 01:10:44",1365210644,"Sep 28, 2011 15:00:21",1317222021,"Sep 28, 2011 21:12:12",1317244332,"serg.gla...@gmail.com","2011-3887"
98556,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward-1000","Stable",1000,"accept","","Use after free with first-letter","Apr 06, 2013 01:10:38",1365210638,"Sep 29, 2011 15:57:05",1317311825,"Oct 02, 2011 02:38:32",1317523112,"miaubiz@gmail.com","2011-3885"
98582,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874","Beta, Stable",,"","ana...@chromium.org","Security: invalid memory reference to window object","Apr 06, 2013 04:22:40",1365222160,"Sep 29, 2011 18:20:31",1317320431,"Oct 08, 2011 13:18:24",1318079904,"brettw@chromium.org",""
98773,"High","CVE-2011-3886, Cr-Internals, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Valgrind, Type-Bug-Security, merge-merged-874, reward-1000","Beta, Stable",1000,"accept","mstarzinger@chromium.org","[LangFuzz] Crash at v8::Object::SlowGetPointerFromInternalField with invalid read","Apr 01, 2013 15:50:52",1364831452,"Oct 01, 2011 13:11:52",1317474712,"Oct 12, 2011 08:01:53",1318406513,"decoder...@googlemail.com","2011-3886"
98809,"Medium","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","cev...@chromium.org","Renderer crash with PDF at isalnum","Apr 06, 2013 03:13:53",1365218033,"Oct 02, 2011 13:31:23",1317562283,"Oct 11, 2011 00:30:43",1318293043,"aohelin",""
99016,"High","Cr-Internals, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","creis@chromium.org","Security: HTTPS Address Bar Spoofing Using View-source And Redirection","Mar 21, 2013 21:07:34",1363900054,"Oct 04, 2011 13:13:26",1317734006,"Oct 13, 2011 20:09:07",1318536547,"mitja.ko...@acrossecurity.com",""
99104,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874","Stable",,"","rn...@chromium.org","WebKit: invalid cast in WebCore::toRenderBlock / WebCore::RenderBlock::blockSelectionGaps","Apr 06, 2013 01:09:59",1365210599,"Oct 04, 2011 22:43:23",1317768203,"Oct 06, 2011 18:39:31",1317926371,"jsc...@chromium.org",""
99138,"High","CVE-2011-3888, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward-1000","Stable",1000,"accept","infe...@chromium.org","Use-after-free with plugin and editing","Apr 06, 2013 01:09:57",1365210597,"Oct 05, 2011 07:22:00",1317799320,"Oct 06, 2011 23:01:39",1317942099,"miaubiz@gmail.com","2011-3888"
99167,"High","CVE-2011-3886, Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-15, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Valgrind, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","kmillikin@chromium.org","[LangFuzz] Crash on Heap involving GC (invalid write)","Apr 06, 2013 03:25:28",1365218728,"Oct 05, 2011 14:51:54",1317826314,"Oct 10, 2011 11:23:19",1318245799,"decoder...@googlemail.com","2011-3886"
99211,"High","CVE-2011-3889, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, mer","Beta, Stable",2000,"accept","crog...@google.com","Heap buffer overflow in Webaudio FFTFrame::doFFT","Apr 06, 2013 01:09:52",1365210592,"Oct 05, 2011 18:19:31",1317838771,"Oct 12, 2011 05:11:20",1318396280,"miaubiz@gmail.com","2011-3889"
99229,"High","CVE-2012-3669, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","WebKit: Use after free in ~Node because ~HTMLLinkElement triggers script execution","Apr 06, 2013 01:09:50",1365210590,"Oct 05, 2011 20:18:42",1317845922,"Oct 06, 2011 16:49:13",1317919753,"infe...@chromium.org","2012-3669"
99294,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward","Beta, Stable",1000,"accept","infe...@chromium.org","Use after free with :after in display table and :first-letter","Apr 06, 2013 01:09:47",1365210587,"Oct 06, 2011 06:56:59",1317884219,"Oct 11, 2011 05:11:59",1318309919,"miaubiz@gmail.com","2011-3885"
99338,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874","Beta, Stable",,"","infe...@chromium.org","Use after free in RenderTableSection::splitColumn","Apr 06, 2013 01:09:45",1365210585,"Oct 06, 2011 16:33:18",1317918798,"Oct 10, 2011 18:59:52",1318273192,"mbarbe...@chromium.org",""
99348,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874","Beta, Stable",,"","","Use after free in tables","Apr 06, 2013 01:09:43",1365210583,"Oct 06, 2011 17:27:10",1317922030,"Oct 11, 2011 00:56:42",1318294602,"infe...@chromium.org",""
99465,"High","Cr-Blink, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Security: AccessibilityImageMapLink holds onto it's parent even after it's been freed","Apr 06, 2013 01:09:34",1365210574,"Oct 07, 2011 15:31:55",1318001515,"Oct 11, 2011 23:28:11",1318375691,"chris.fl...@gmail.com",""
99512,"High","CVE-2011-3881, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-2500","Beta, Stable",2500,"accept","","UXSS: XSLT-generated document should inherit its SecurityOrigin from the source document","Apr 06, 2013 01:09:32",1365210572,"Oct 07, 2011 20:11:24",1318018284,"Oct 08, 2011 13:14:46",1318079686,"serg.gla...@gmail.com","2011-3881"
99553,"High","CVE-2011-3890, Cr-Blink, Cr-Internals-GPU-Video, Cr-Internals-Media, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Secu","Beta, Stable",,"","vrk@chromium.org","repeatedly re-setting video.src crashes in WebCore::VideoLayerChromium::updateCompositorResources","Apr 06, 2013 01:09:31",1365210571,"Oct 07, 2011 23:11:30",1318029090,"Oct 14, 2011 15:21:00",1318605660,"fischman@chromium.org","2011-3890"
99596,"High","Cr-Blink, Cr-Internals-Media, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, SecTest, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merg","Beta, Stable",,"","ddor...@chromium.org","Use after free in media::FFmpegDemuxerStream::Read","Apr 06, 2013 01:09:28",1365210568,"Oct 08, 2011 22:00:27",1318111227,"Oct 17, 2011 16:42:49",1318869769,"infe...@chromium.org",""
99597,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Use after free in tables, float, :after content","Apr 06, 2013 01:09:27",1365210567,"Oct 08, 2011 22:03:00",1318111380,"Oct 28, 2011 21:31:01",1319837461,"infe...@chromium.org",""
99603,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jchaffraix@chromium.org","Use after free due to flexible box not laying some of its children.","Apr 06, 2013 01:09:27",1365210567,"Oct 08, 2011 23:21:12",1318116072,"Oct 20, 2011 22:59:45",1319151585,"infe...@chromium.org",""
99615,"High","CVE-2012-3593, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","","Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled","Apr 06, 2013 01:09:26",1365210566,"Oct 09, 2011 05:32:12",1318138332,"Jan 26, 2012 16:59:30",1327597170,"infe...@chromium.org","2012-3593"
99652,"High","Cr-Blink, Cr-Internals-Media, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, SecTest, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-","Beta",1000,"accept","scherkus@chromium.org","OOB read in vp8_decode_frame","Apr 06, 2013 01:09:23",1365210563,"Oct 10, 2011 04:27:52",1318220872,"Oct 14, 2011 22:51:16",1318632676,"infe...@chromium.org",""
99732,"High","CVE-2012-3633, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jchaffraix@chromium.org","Use after free in table parts.","Apr 06, 2013 01:09:20",1365210560,"Oct 10, 2011 18:59:47",1318273187,"Nov 09, 2011 20:08:49",1320869329,"infe...@chromium.org","2012-3633"
99750,"High","CVE-2011-3881, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-2500","Beta, Stable",2500,"accept","","UXSS: executeIfJavaScriptURL gets confused by synchronous frame loads","Apr 06, 2013 01:09:18",1365210558,"Oct 10, 2011 20:29:32",1318278572,"Oct 10, 2011 21:33:13",1318282393,"serg.gla...@gmail.com","2011-3881"
99880,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Use after free in table :before, :after content.","Apr 06, 2013 01:09:09",1365210549,"Oct 11, 2011 18:22:45",1318357365,"Oct 11, 2011 21:11:32",1318367492,"infe...@chromium.org","2011-3885"
99901,"Low","Cr-Internals, Cr-Internals-Media, M-16, Merge-Merged, OS-Windows, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","scherkus@chromium.org","BinScope reports SafeSEH not supported on video DLLs","Mar 21, 2013 21:07:28",1363900048,"Oct 11, 2011 20:31:07",1318365067,"Nov 14, 2011 20:51:42",1321303902,"jsc...@chromium.org",""
100059,"High","CVE-2011-3885, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-874, reward-1337","Beta, Stable",1337,"accept","infe...@chromium.org","Generic fix: Register custom fonts at creation time, rather than retire time.","Apr 06, 2013 01:08:48",1365210528,"Oct 12, 2011 16:46:36",1318437996,"Oct 13, 2011 21:40:08",1318542008,"miaubiz@gmail.com","2011-3885"
100149,"Medium","Cr-Blink, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","","Use after free in AX Scrollbars","Apr 06, 2013 01:08:41",1365210521,"Oct 13, 2011 09:55:45",1318499745,"Oct 13, 2011 09:55:45",1318499745,"infe...@chromium.org",""
100177,"High","Cr-Blink, M-15, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Use after free in first-letter container destruction handling.","Apr 06, 2013 01:08:37",1365210517,"Oct 13, 2011 16:11:07",1318522267,"Oct 20, 2011 19:35:32",1319139332,"mbarbe...@chromium.org",""
100322,"High","CVE-2011-3891, Cr-Blink, Cr-Blink-JavaScript, M-15, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","kmillikin@chromium.org","Security: Calling arbitrary V8 native functions from JavaScript","Apr 06, 2013 03:25:26",1365218726,"Oct 14, 2011 12:45:14",1318596314,"Oct 18, 2011 07:22:20",1318922540,"keuc...@chromium.org","2011-3891"
100459,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874","Beta, Stable",,"","jchaffraix@chromium.org","Use after free in RenderDeprecatedFlexibleBox::layoutHorizontalBox(bool) [and first-letter]","Apr 06, 2013 01:08:21",1365210501,"Oct 15, 2011 15:11:52",1318691512,"Oct 18, 2011 20:44:51",1318970691,"infe...@chromium.org",""
100464,"High","Cr-Internals, Cr-Internals-Media, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-874, reward-1000","Beta",1000,"accept","rbul...@google.com","Use-after-free in WebM at decode_mb_mode","Apr 01, 2013 15:38:07",1364830687,"Oct 15, 2011 18:16:38",1318702598,"Oct 18, 2011 03:22:41",1318908161,"aohelin",""
100465,"High","CVE-2011-3892, M-15, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","rbul...@google.com","OOB read in OGV at unpack_vlcs","Apr 01, 2013 15:38:06",1364830686,"Oct 15, 2011 18:25:53",1318703153,"Oct 28, 2011 00:24:17",1319761457,"aohelin","2011-3892"
100492,"Medium","CVE-2011-3893, M-15, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Use after free in WebM/matroska at matroska_execute_seekhead()","Apr 01, 2013 15:38:06",1364830686,"Oct 16, 2011 07:27:10",1318750030,"Oct 20, 2011 22:02:22",1319148142,"aohelin","2011-3893"
100526,"High","Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Use after free in floats and first-letter ","Apr 06, 2013 01:08:17",1365210497,"Oct 17, 2011 01:09:27",1318813767,"Oct 27, 2011 13:28:53",1319722133,"infe...@chromium.org",""
100543,"Medium","CVE-2011-3893, M-15, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500, reward-decline","Beta, Stable",500,"decline","cev...@chromium.org","OOB read in WebM/vorbis at render_line()","Mar 21, 2013 21:07:24",1363900044,"Oct 17, 2011 09:24:01",1318843441,"Oct 20, 2011 23:22:42",1319152962,"aohelin","2011-3893"
100863,"Low","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jsc...@chromium.org","OOB read in SVG at WebCore::parseArcFlag","Apr 06, 2013 01:07:53",1365210473,"Oct 19, 2011 11:38:54",1319024334,"Oct 25, 2011 14:52:51",1319554371,"aohelin",""
100958,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free WebCore::RenderBlock::layoutPositionedObjects","Apr 06, 2013 01:07:45",1365210465,"Oct 19, 2011 23:53:34",1319068414,"Nov 18, 2011 01:45:28",1321580728,"infe...@chromium.org",""
101010,"Medium","Cr-Blink, M-16, Merge-Merged, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Security: css/CSSParser.cpp memory corruption bug","Apr 06, 2013 01:07:40",1365210460,"Oct 20, 2011 11:56:39",1319111799,"Oct 25, 2011 19:45:16",1319571916,"hashcoll...@gmail.com",""
101018,"High","Cr-Blink, Cr-UI-Browser-FullScreen, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jere...@chromium.org","Use after free in fullscreen unwraprenderer","Apr 06, 2013 01:07:39",1365210459,"Oct 20, 2011 15:41:34",1319125294,"Nov 01, 2011 04:41:49",1320122509,"infe...@chromium.org",""
101065,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Use after free with counters and inline-table and :before content","Apr 06, 2013 01:07:35",1365210455,"Oct 20, 2011 20:31:31",1319142691,"Nov 17, 2011 17:37:12",1321551432,"infe...@chromium.org",""
101172,"High","CVE-2011-3894, Cr-Blink, Cr-Internals-Media, M-15, Merge-Merged, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","rbul...@google.com","Seeking on webm 1080p video causes crash","Apr 06, 2013 01:07:28",1365210448,"Oct 21, 2011 17:57:10",1319219830,"Oct 28, 2011 00:23:00",1319761380,"ldobb...@chromium.org","2011-3894"
101235,"High","Cr-Blink, Cr-UI-Browser-History, M-16, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WebKit-ID-65895","Beta, Stable",,"","jsc...@chromium.org","Security: Location bar spoofing when using replaceState in unload event handler","Apr 06, 2013 01:07:22",1365210442,"Oct 22, 2011 01:43:50",1319247830,"Nov 08, 2011 17:48:43",1320774523,"mihaip@chromium.org",""
101458,"High","CVE-2011-3895, M-15, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","cev...@chromium.org","OOB read in WebM/vorbis vorbis_decode_frame()","Apr 01, 2013 15:50:35",1364831435,"Oct 25, 2011 07:27:25",1319527645,"Oct 28, 2011 00:14:51",1319760891,"aohelin","2011-3895"
101580,"High","CVE-2012-3634, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-70848","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderObject::enclosingLayer","Apr 06, 2013 01:06:55",1365210415,"Oct 25, 2011 20:50:33",1319575833,"Jan 05, 2012 19:29:48",1325791788,"mbarbe...@chromium.org","2012-3634"
101624,"High","CVE-2011-3896, Cr-Internals, Cr-Internals-GPU-Internals, Cr-Internals-Graphics, M-15, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","kbr@chromium.org","Security: buffer overrun leading to heap corruption in ANGLE shader translator","Mar 21, 2013 21:07:20",1363900040,"Oct 26, 2011 01:31:21",1319592681,"Oct 26, 2011 19:25:12",1319657112,"kbr@chromium.org","2011-3896"
101779,"Medium","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-16, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Valgrind, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read with corrupt PDF; possible stability issue too","Apr 06, 2013 03:13:41",1365218021,"Oct 26, 2011 18:40:40",1319654440,"Oct 26, 2011 21:25:21",1319664321,"scarybea...@gmail.com",""
102037,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, WebKit-ID-71860","Beta, Stable",,"","cev...@chromium.org","Security: Use after free in CSSStyleDeclarationInternal::parentRuleAttrGetter","Apr 06, 2013 01:06:30",1365210390,"Oct 28, 2011 05:46:17",1319780777,"Nov 09, 2011 04:28:28",1320812908,"infe...@chromium.org",""
102242,"High","CVE-2011-3897, Cr-Blink, M-15, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WebKit-ID-71145","Beta, Stable",,"","rn...@chromium.org","ZDI-CAN-1416: WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability","Apr 06, 2013 01:06:15",1365210375,"Oct 29, 2011 07:58:02",1319875082,"Oct 29, 2011 07:58:02",1319875082,"infe...@chromium.org","2011-3897"
102359,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-71741, reward-1000","Beta, Stable",1000,"accept","jsc...@chromium.org","Use-after-free in SVG renderer","Apr 06, 2013 01:06:11",1365210371,"Oct 31, 2011 13:42:24",1320068544,"Nov 16, 2011 22:09:40",1321481380,"Ax3...@gmail.com",""
102461,"Low","CVE-2011-3898, M-15, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-874, merge-merged-912","Beta, Stable",,"","cev...@chromium.org","Failure to infobar JRE7","Mar 21, 2013 21:07:18",1363900038,"Nov 01, 2011 03:06:08",1320116768,"Nov 01, 2011 19:07:31",1320174451,"scarybea...@gmail.com","2011-3898"
102628,"High","M-17, Pri-0, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-71514, reward-1000","None",1000,"accept","","Security: Adobe regions use-after-free with multiple region css thingies","Apr 01, 2013 15:38:00",1364830680,"Nov 02, 2011 07:31:53",1320219113,"Nov 04, 2011 21:55:18",1320443718,"miaubiz@gmail.com",""
102810,"High","Cr-Blink, M-16, Merge-Merged, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, reward-1000","Beta",1000,"accept","gavinp@chromium.org","Security: buffer overflow in link prefetching","Apr 06, 2013 01:05:38",1365210338,"Nov 03, 2011 09:39:13",1320313153,"Nov 08, 2011 16:14:11",1320768851,"miaubiz@gmail.com",""
103058,"High","M-17, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, reward-1000","None",1000,"accept","gavinp@chromium.org","Security: missing xslt import causes crash w/preloading","Apr 01, 2013 15:50:29",1364831429,"Nov 04, 2011 19:58:28",1320436708,"Nov 12, 2011 02:42:30",1321065750,"miaubiz@gmail.com",""
103126,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, WebKit-ID-72759, me","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderTextFragment::styleDidChange","Apr 06, 2013 01:05:14",1365210314,"Nov 05, 2011 15:35:22",1320507322,"Dec 12, 2011 22:54:07",1323730447,"jsc...@chromium.org",""
103239,"High","Cr-Internals, Cr-Internals-Skia, M-17, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Valgrind, Type-Bug-Security, reward-1000","None",1000,"accept","r...@google.com","Security: INVALID_POINTER_READ/WRITE_EXPLOITABLE_chrome!SkRgnBuilder::blitH","Apr 01, 2013 15:50:27",1364831427,"Nov 07, 2011 15:17:43",1320679063,"Nov 10, 2011 02:54:28",1320893668,"attek...@gmail.com",""
103244,"Low","Cr-Internals, M-16, Merge-Merged, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","a...@chromium.org","Pinning checks aren't enforced in the case of a minor error.","Mar 21, 2013 21:07:17",1363900037,"Nov 07, 2011 17:19:48",1320686388,"Nov 07, 2011 23:28:01",1320708481,"a...@chromium.org",""
103259,"High","CVE-2011-3900, Cr-Blink, Cr-Blink-JavaScript, M-15, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","yangguo@chromium.org","[LangFuzz] Crash at v8::internal::WriteQuoteJsonString with invalid write","Apr 06, 2013 03:25:16",1365218716,"Nov 07, 2011 20:14:44",1320696884,"Nov 08, 2011 15:33:30",1320766410,"decoder...@googlemail.com","2011-3900"
103630,"Low","CVE-2011-3956, Cr-Internals, Cr-Platform-Extensions, M-17, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, extensions-cleanup","Beta, Stable",,"","abarth@chromium.org","Security: iFrame SandBox Unique Origin not enforced in extensions","Mar 21, 2013 21:07:16",1363900036,"Nov 09, 2011 21:51:11",1320875471,"Dec 08, 2011 07:21:39",1323328899,"dev.akh...@gmail.com","2011-3956"
103867,"Low","Cr-Internals, Cr-Platform-Extensions, OS-All, Pri-3, Restrict-AddIssueComment-Commit, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","yoz@chromium.org","Security: chrome.test.resetQuota extension API exposed to all extensions","Mar 21, 2013 21:07:16",1363900036,"Nov 11, 2011 02:42:27",1320979347,"Jan 09, 2012 23:19:48",1326151188,"a...@chromium.org",""
103921,"High","Cr-Blink, Cr-Blink-DOM, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-72757, reward-1","Beta, Stable",1000,"accept","cev...@chromium.org","Use-after-free in DOM Range ","Apr 06, 2013 03:40:38",1365219638,"Nov 11, 2011 17:47:46",1321033666,"Nov 19, 2011 01:58:24",1321667904,"Ax3...@gmail.com",""
104011,"High","Cr-Blink, Cr-Blink-JavaScript, M-16, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-912, reward-1000","Beta, Stable",1000,"accept","c...@chromium.org","v8_i18n::BCP47ToICUFormat() - crash","Apr 06, 2013 03:25:15",1365218715,"Nov 12, 2011 13:11:45",1321103505,"Nov 15, 2011 22:56:59",1321397819,"slaweck",""
104056,"High","CVE-2011-3957, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-17, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","cev...@chromium.org","Crash with PDF at bad IP","Apr 06, 2013 03:13:36",1365218016,"Nov 13, 2011 14:09:27",1321193367,"Nov 16, 2011 20:32:35",1321475555,"aohelin","2011-3957"
104151,"High","Cr-Blink, M-16, Merge-merged-912, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","Bad cast in WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton","Apr 06, 2013 01:04:07",1365210247,"Nov 14, 2011 17:34:00",1321292040,"Nov 16, 2011 07:05:20",1321427120,"ke...@chromium.org",""
104223,"Medium","Cr-Internals, M-16, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","jcive...@chromium.org","Security: MHTML can be used to steal cookies","Mar 21, 2013 21:07:14",1363900034,"Nov 14, 2011 23:29:41",1321313381,"Nov 17, 2011 05:27:08",1321507628,"jcive...@chromium.org",""
104266,"Medium","CVE-2012-3637, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","","Heap-use-after-free in WebCore::nextBreakablePosition","Apr 06, 2013 01:03:57",1365210237,"Nov 15, 2011 07:39:34",1321342774,"Feb 14, 2012 22:07:45",1329257265,"infe...@chromium.org","2012-3637"
104317,"High","CVE-2012-3636, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Stale RenderObject in RenderBlock::addChildIgnoringAnonymousColumnBlocks()","Apr 06, 2013 01:03:52",1365210232,"Nov 15, 2011 16:02:37",1321372957,"Feb 04, 2012 23:41:42",1328398902,"infe...@chromium.org","2012-3636"
104325,"High","CVE-2012-3635, ClusterFuzz, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merge","Beta, Stable",,"","","Heap-use-after-free in WebCore::RenderBlock::determineStartPosition","Apr 06, 2013 01:03:51",1365210231,"Nov 15, 2011 17:12:19",1321377139,"Jan 03, 2012 06:32:17",1325572337,"infe...@chromium.org","2012-3635"
104461,"Medium","Cr-Internals, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","yurys@chromium.org","Security: chrome://workers/ crash","Mar 21, 2013 21:07:12",1363900032,"Nov 16, 2011 15:18:51",1321456731,"Aug 16, 2012 16:15:55",1345133755,"kuz...@gmail.com",""
104529,"High","Cr-Blink, Cr-Internals-Plugins-PDF, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Beta, Stable",2000,"accept","cev...@chromium.org","PDF-reader tab-crash with editable crash address.","Apr 06, 2013 03:13:34",1365218014,"Nov 16, 2011 22:18:44",1321481924,"Nov 17, 2011 00:17:07",1321489027,"attek...@gmail.com",""
104859,"High","Cr-Blink, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-912, reward-1000","Beta, Stable",1000,"accept","ke...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::computeOverAnnotationAdjustment","Apr 06, 2013 01:03:20",1365210200,"Nov 19, 2011 11:48:45",1321703325,"Nov 28, 2011 20:10:41",1322511041,"slaweck",""
104863,"High","CVE-2012-3594, Cr-Blink, M-17, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","","Heap-use-after-free in WebCore::SubresourceLoader::didFail","Apr 06, 2013 01:03:20",1365210200,"Nov 19, 2011 14:08:17",1321711697,"Nov 30, 2011 21:31:09",1322688669,"miaubiz@gmail.com","2012-3594"
104935,"Low","Cr-Internals, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","pal...@chromium.org"," do not obey expected policy.","Mar 21, 2013 21:07:11",1363900031,"Nov 21, 2011 04:11:06",1321848666,"May 07, 2012 20:17:30",1336421850,"e...@elie.im",""
104959,"Medium","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","cev...@chromium.org","Nasty looking crash on internal pdf-reader","Apr 06, 2013 03:13:31",1365218011,"Nov 21, 2011 11:31:57",1321875117,"Nov 21, 2011 22:30:52",1321914652,"attek...@gmail.com",""
105143,"Low","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","","Cross-origin drag-and-drop prevention ineffective","Apr 06, 2013 01:02:56",1365210176,"Nov 22, 2011 19:26:49",1321990009,"Nov 23, 2011 03:29:19",1322018959,"infe...@chromium.org",""
105157,"High","CVE-2012-3638, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merge","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::removeChild","Apr 06, 2013 01:02:55",1365210175,"Nov 22, 2011 20:27:25",1321993645,"Jan 24, 2012 19:10:24",1327432224,"infe...@chromium.org","2012-3638"
105162,"Medium","ClusterFuzz, Cr-Internals, M-16, Merge-Merged, OS-All, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security-Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","mnissler@chromium.org","Stack-buffer-overflow in base::files::(anonymous namespace)::InotifyReaderTask::Run","Apr 01, 2013 15:37:50",1364830670,"Nov 22, 2011 20:47:33",1321994853,"Nov 23, 2011 18:36:47",1322073407,"infe...@chromium.org",""
105459,"High","CVE-2011-3958, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward","Beta, Stable",2000,"accept","infe...@chromium.org","Use-after frees and bad casts with -webkit-column-span","Apr 06, 2013 01:02:36",1365210156,"Nov 26, 2011 07:47:49",1322293669,"Jan 24, 2012 20:05:22",1327435522,"miaubiz@gmail.com","2011-3958"
105482,"Low","Cr-Blink, Cr-Blink-Workers, Pri-2, Restrict-AddIssueComment-Commit, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Security: CSP connect-src and script-src not enforced on workers","Apr 06, 2013 04:54:19",1365224059,"Nov 27, 2011 00:29:14",1322353754,"Jan 24, 2012 20:17:13",1327436233,"dev.akh...@gmail.com",""
105714,"Medium","Cr-Internals, M-16, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","cev...@chromium.org","Nasty looking INVALID_POINTER_READ in internal PDF-reader","Mar 21, 2013 21:06:45",1363900005,"Nov 29, 2011 15:59:23",1322582363,"Nov 30, 2011 05:15:18",1322630118,"attek...@gmail.com",""
105803,"High","CVE-2011-3015, Cr-Blink, Cr-Internals-Plugins-PDF, M-17, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF missing integer validation for Flate / LZW / Fax prediction codes and other parameters","Apr 06, 2013 03:13:29",1365218009,"Nov 30, 2011 00:20:08",1322612408,"Feb 03, 2012 00:39:33",1328229573,"scarybea...@gmail.com","2011-3015"
105867,"High","CVE-2011-3031, Cr-Blink, Cr-Blink-JavaScript, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, rew","Beta, Stable",1000,"accept","adamk@chromium.org","Use after free in V8HTMLElementWrapperFactory.cpp","Apr 06, 2013 03:25:11",1365218711,"Nov 30, 2011 13:02:14",1322658134,"Feb 18, 2012 06:56:04",1329548164,"chamal.d...@gmail.com","2011-3031"
106200,"High","CVE-2012-3641, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-74311, merge-merged-963, ","None",500,"accept","ke...@chromium.org","Heap-use-after-free in WebCore::InlineBox::deleteLine","Apr 06, 2013 01:01:33",1365210093,"Dec 02, 2011 18:53:44",1322852024,"Dec 15, 2011 04:29:41",1323923381,"infe...@chromium.org","2012-3641"
106309,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","","Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine (regions issue)","Apr 06, 2013 01:01:27",1365210087,"Dec 04, 2011 03:40:35",1322970035,"Jan 06, 2012 21:16:22",1325884582,"infe...@chromium.org",""
106336,"Medium","CVE-2011-3016, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","c...@chromium.org","Heap-use-after-free in WebCore::CounterNode::insertAfter","Apr 06, 2013 01:01:26",1365210086,"Dec 04, 2011 19:54:51",1323028491,"Feb 06, 2012 22:46:13",1328568373,"miaubiz@gmail.com","2011-3016"
106413,"High","CVE-2011-3078, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine","Apr 06, 2013 01:01:20",1365210080,"Dec 05, 2011 17:51:45",1323107505,"Apr 02, 2012 20:59:48",1333400388,"infe...@chromium.org","2011-3078"
106441,"High","CVE-2011-3959, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward","Beta, Stable",1000,"accept","falken@chromium.org","Stack-buffer-overflow in _canonicalize","Apr 06, 2013 01:01:19",1365210079,"Dec 05, 2011 20:22:39",1323116559,"Dec 08, 2011 03:43:10",1323315790,"aohelin","2011-3959"
106484,"High","CVE-2011-3924, Cr-Blink, Cr-Blink-DOM, Cr-Blink-SVG, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Securi","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderObject::childAt","Apr 06, 2013 03:44:56",1365219896,"Dec 05, 2011 23:46:10",1323128770,"Jan 06, 2012 20:17:11",1325881031,"Ax3...@gmail.com","2011-3924"
106577,"Medium","CVE-2011-3066, Cr-Internals, Cr-Internals-Graphics, Cr-Internals-Skia, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSaniti","Beta, Stable",500,"accept","epo...@chromium.org","Heap-buffer-overflow in SkAAClipBlitter::blitAntiH","Apr 01, 2013 15:37:41",1364830661,"Dec 06, 2011 19:12:46",1323198766,"Mar 23, 2012 23:36:52",1332545812,"miaubiz@gmail.com","2011-3066"
106671,"Medium","CVE-2012-3599, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-mer","Beta, Stable",,"","aboxh...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::deleteLine","Apr 06, 2013 01:00:57",1365210057,"Dec 07, 2011 06:57:59",1323241079,"Dec 31, 2011 08:20:37",1325319637,"infe...@chromium.org","2012-3599"
106672,"High","CVE-2011-3921, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-912, merge-merged-963, reward-1000","Beta, Stable",1000,"accept","jamesr@chromium.org","Security: Crash in requestAnimationFrame when removing a frame","Apr 06, 2013 01:00:57",1365210057,"Dec 07, 2011 07:07:26",1323241646,"Dec 09, 2011 18:35:11",1323455711,"jamesr@chromium.org","2011-3921"
107128,"High","CVE-2011-3919, Cr-Internals, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-912, merge-merged-963, reward-4000","Stable",4000,"accept","cev...@chromium.org","Heap-buffer-overflow in xmlStringLenDecodeEntities","Mar 21, 2013 20:53:18",1363899198,"Dec 11, 2011 05:55:47",1323582947,"Jan 03, 2012 22:03:36",1325628216,"a...@ut.ee","2011-3919"
107182,"Critical","CVE-2011-3925, Cr-UI, Cr-UI-Browser-Navigation, Cr-UI-Browser-SafeBrowsing, M-16, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Critical, Type-Bug-Security, merg","Beta, Stable",3133,"accept","creis@chromium.org","Heap use after free with malware blocking page","Mar 21, 2013 21:07:55",1363900075,"Dec 12, 2011 07:08:53",1323673733,"Dec 21, 2011 00:14:57",1324426497,"chamal.d...@gmail.com","2011-3925"
107244,"High","Cr-Blink, M-18, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","levin@chromium.org","Heap-use-after-free in DatabaseObserver","Apr 06, 2013 01:00:11",1365210011,"Dec 12, 2011 19:45:58",1323719158,"Dec 15, 2011 18:58:43",1323975523,"miaubiz@gmail.com",""
107258,"High","CVE-2011-3904, Cr-Blink, M-16, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WEBKIT-ID-66015","Beta, Stable",,"","","Freed m_renderer used in InlineBox::deleteLine","Apr 06, 2013 01:00:11",1365210011,"Dec 12, 2011 21:05:25",1323723925,"Dec 12, 2011 21:05:25",1323723925,"jsc...@chromium.org","2011-3904"
107277,"High","CVE-2012-3639, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Security, WebK","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderTextFragment::willBeDestroyed","Apr 06, 2013 01:00:08",1365210008,"Dec 12, 2011 22:52:46",1323730366,"Jan 05, 2012 13:41:37",1325770897,"ke...@chromium.org","2012-3639"
107565,"Low","Cr-UI, M-19, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Security: dragging a file URL between two http-spawned windows goes remote->local","Mar 21, 2013 21:06:35",1363899995,"Dec 14, 2011 17:43:30",1323884610,"Feb 03, 2012 19:44:43",1328298283,"googlec...@vtty.com",""
107616,"High","Cr-Blink, M-16, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-912, merge-merged-963","Beta, Stable",,"","yzs...@chromium.org","UXSS in v8 bindings npCreateV8ScriptObject()","Apr 06, 2013 00:59:42",1365209982,"Dec 14, 2011 22:35:57",1323902157,"Jan 03, 2012 23:43:42",1325634222,"tsepez@chromium.org",""
107758,"High","CVE-2012-3642, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward-1000","Beta",1000,"accept","","Heap-use-after-free in WebCore::RenderRegion::offsetFromLogicalTopOfFirstPage","Apr 06, 2013 00:59:27",1365209967,"Dec 15, 2011 20:30:27",1323981027,"Jan 05, 2012 16:53:57",1325782437,"miaubiz@gmail.com","2012-3642"
107873,"High","Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-912, merge-merged-963","Beta, Stable",,"","dslomov@chromium.org","Heap-use-after-free in WebCore::DatabaseTracker::interruptAllDatabasesForContext","Apr 06, 2013 00:59:22",1365209962,"Dec 16, 2011 17:20:17",1324056017,"Dec 21, 2011 21:13:32",1324502012,"infe...@chromium.org",""
107939,"High","ClusterFuzz, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-912, merge-me","Beta, Stable",,"","","Heap-buffer-overflow in WebCore::RenderBlock::layoutRunsAndFloatsInRange","Apr 06, 2013 00:59:19",1365209959,"Dec 17, 2011 03:16:00",1324091760,"Dec 19, 2011 03:35:04",1324265704,"infe...@chromium.org",""
108006,"High","CVE-2011-3922, ClusterFuzz, Cr-Internals, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-m","Beta, Stable",,"","ba...@chromium.org","Stack-buffer-overflow in HB_MyanmarShape","Apr 01, 2013 15:37:36",1364830656,"Dec 19, 2011 00:24:52",1324254292,"Dec 28, 2011 02:14:05",1325038445,"infe...@chromium.org","2011-3922"
108037,"High","CVE-2011-3032, Cr-Blink, Cr-Blink-SVG, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WEBKIT-ID-","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-buffer-overflow in WebCore::SVGLength::valueAsString","Apr 06, 2013 03:44:54",1365219894,"Dec 19, 2011 09:43:32",1324287812,"Feb 20, 2012 15:39:43",1329752383,"Ax3...@gmail.com","2011-3032"
108071,"Critical","Cr-Blink, Cr-Blink-Storage-IndexedDB, Cr-Internals, M-17, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-Critical, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-75596-N","Beta",3133,"accept","dgrogan@chromium.org","Browser process heap-use-after-free with indexeddb cursors","Apr 06, 2013 03:07:10",1365217630,"Dec 19, 2011 17:10:16",1324314616,"Jan 06, 2012 02:00:37",1325815237,"aohelin",""
108207,"High","CVE-2012-3644, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward-1000","Beta",1000,"accept","jchaffraix@chromium.org","Heap-use-after-free in WebCore::RenderTable::borderBefore","Apr 06, 2013 00:58:46",1365209926,"Dec 20, 2011 19:49:55",1324410595,"Jan 20, 2012 22:18:10",1327097890,"miaubiz@gmail.com","2012-3644"
108267,"High","ClusterFuzz, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-912, merge-me","Beta, Stable",,"","","Heap-use-after-free in WebCore::RenderBlock::selectionGaps","Apr 06, 2013 00:58:41",1365209921,"Dec 21, 2011 08:34:02",1324456442,"Jan 17, 2012 02:50:32",1326768632,"infe...@chromium.org",""
108416,"Medium","CVE-2011-3960, Cr-Internals, Cr-Internals-Media, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",500,"accept","scherkus@chromium.org","Global-buffer-overflow in render_line","Apr 01, 2013 15:37:33",1364830653,"Dec 22, 2011 11:44:03",1324554243,"Jan 23, 2012 20:00:40",1327348840,"aohelin","2011-3960"
108461,"High","CVE-2011-3928, ClusterFuzz, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-","Beta, Stable",,"","tkent@chromium.org","Heap-use-after-free in WebCore::HTMLInputElement::copyNonAttributeProperties","Apr 06, 2013 00:58:18",1365209898,"Dec 22, 2011 19:38:27",1324582707,"Jan 06, 2012 16:52:44",1325868764,"infe...@chromium.org","2011-3928"
108476,"Medium","Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward-500","Beta",500,"accept","tony@chromium.org","Heap-buffer-overflow in WebCore::Font::codePath","Apr 06, 2013 00:58:17",1365209897,"Dec 22, 2011 21:10:31",1324588231,"Jan 11, 2012 18:43:29",1326307409,"miaubiz@gmail.com",""
108544,"High","Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward-1000","Beta",1000,"accept","jap...@chromium.org","Heap-use-after-free in SubresourceLoader::didFinishLoading","Apr 06, 2013 00:58:13",1365209893,"Dec 23, 2011 13:58:36",1324648716,"Jan 19, 2012 02:02:49",1326938569,"chamal.d...@gmail.com",""
108605,"High","CVE-2011-3927, Cr-Internals, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Valgrind, Type-Bug-Security, merge-merged-912, merge-merged-963,","Beta, Stable",1000,"accept","r...@chromium.org","Use of uninitialized value in SkAlphaRuns::Break","Apr 01, 2013 15:49:56",1364831396,"Dec 25, 2011 20:43:34",1324845814,"Jan 10, 2012 21:14:12",1326230052,"miaubiz@gmail.com","2011-3927"
108648,"Low","CVE-2011-3049, Cr-Internals, Cr-Platform-Extensions, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","battre@chromium.org","Security: Malicious extension could avoid being blacklisted via extension blacklist","Mar 21, 2013 21:06:29",1363899989,"Dec 26, 2011 18:25:47",1324923947,"Mar 06, 2012 04:25:48",1331007948,"adblockforchrome","2011-3049"
108695,"High","CVE-2011-3017, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","scarybea...@gmail.com","Heap-use-after-free in WebKit::WebFrameImpl::viewImpl","Apr 06, 2013 00:57:57",1365209877,"Dec 27, 2011 19:17:03",1325013423,"Feb 09, 2012 05:05:00",1328763900,"miaubiz@gmail.com","2011-3017"
108871,"Critical","CVE-2011-3961, Cr-Blink, Cr-Blink-Storage-IndexedDB, M-17, Merge-Merged, OS-All, Pri-0, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug","Beta, Stable",1000,"accept","dgrogan@chromium.org","IndexedDB with autoincrement fails on object put and crashes chrome","Apr 06, 2013 03:07:08",1365217628,"Dec 30, 2011 19:05:37",1325271937,"Jan 27, 2012 02:31:48",1327631508,"sgoert...@gmail.com","2011-3961"
108901,"Medium","CVE-2011-3962, Cr-Internals, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, ","Beta, Stable",500,"accept","r...@chromium.org","Heap-buffer-overflow in compute_pos_tan","Apr 01, 2013 15:37:29",1364830649,"Jan 01, 2012 11:28:20",1325417300,"Jan 17, 2012 18:05:46",1326823546,"aohelin","2011-3962"
108958,"High","CVE-2012-3645, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::determineStartPosition","Apr 06, 2013 00:57:32",1365209852,"Jan 03, 2012 06:04:20",1325570660,"Apr 26, 2012 20:07:18",1335470838,"infe...@chromium.org","2012-3645"
109094,"Medium","CVE-2011-3963, Cr-Internals, M-17, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","cev...@chromium.org","Possible wild read in internal PDF-reader","Mar 21, 2013 21:06:28",1363899988,"Jan 04, 2012 05:59:48",1325656788,"Jan 09, 2012 03:24:49",1326079489,"attek...@gmail.com","2011-3963"
109245,"Low","CVE-2011-3964, Cr-UI, M-17, Merge-Merged, OS-Mac, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","c...@chromium.org","Security: Chrome Drag Spoofing","Mar 21, 2013 21:06:27",1363899987,"Jan 05, 2012 08:29:28",1325752168,"Jan 06, 2012 18:35:14",1325874914,"vulnh...@gmail.com","2011-3964"
109556,"High","CVE-2011-3926, Cr-Blink, M-16, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-912, merge-","Beta, Stable",1000,"accept","abarth@chromium.org","Heap-buffer-overflow in WebCore::HTMLTreeBuilder::HTMLTreeBuilder","Apr 06, 2013 00:56:38",1365209798,"Jan 08, 2012 18:17:51",1326046671,"Jan 09, 2012 09:32:30",1326101550,"Ax3...@gmail.com","2011-3926"
109574,"Medium","CVE-2011-3058, Cr-Blink, M-18, OS-All, Pri-2, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1025, reward-500","Beta, Stable",500,"accept","jshin@chromium.org","Potential XSS attack with [0x8E][0xE3] in EUC-JP page","Apr 06, 2013 00:56:37",1365209797,"Jan 09, 2012 03:44:08",1326080648,"Feb 03, 2012 17:11:53",1328289113,"masatoki...@gmail.com","2011-3058"
109664,"Low","CVE-2011-3965, Cr-Internals, Cr-UI-Browser-SafeBrowsing, M-17, Merge-Merged, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","c...@chromium.org","safe_browsing::SignatureUtil::CheckSignature() - crash","Mar 21, 2013 21:06:26",1363899986,"Jan 09, 2012 21:09:01",1326143341,"Jan 10, 2012 19:43:30",1326224610,"slaweck","2011-3965"
109716,"High","CVE-2011-3966, Cr-Blink, M-17, Merge-merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in xsltParseGlobalVariable","Apr 06, 2013 00:56:26",1365209786,"Jan 10, 2012 07:15:37",1326179737,"Jan 20, 2012 18:18:41",1327083521,"aohelin","2011-3966"
109717,"Low","CVE-2011-3967, Cr-Internals, M-17, Merge-Merged, OS-Linux, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-963","Beta, Stable",,"","c...@chromium.org","Security: crash when viewing a certificate without issuer signature","Mar 21, 2013 21:06:25",1363899985,"Jan 10, 2012 09:43:11",1326188591,"Jan 11, 2012 19:14:52",1326309292,"bennomadic","2011-3967"
109743,"High","CVE-2011-3968, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward","Beta, Stable",1000,"accept","","Heap-use-after-free in WebCore::CSSStyleSelector::matchRulesForList","Apr 06, 2013 00:56:24",1365209784,"Jan 10, 2012 16:06:57",1326211617,"Jan 16, 2012 03:25:03",1326684303,"Ax3...@gmail.com","2011-3968"
109912,"Low","Cr-Internals, Cr-Platform-NaCl, M-18, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","kschi...@chromium.org","Security: read sandbox escape: NaCl validator for x86-64 allow REP string instructions to have out-of-bound source addresses","Mar 21, 2013 21:06:24",1363899984,"Jan 11, 2012 20:39:58",1326314398,"Feb 22, 2012 00:13:31",1329869611,"b...@chromium.org",""
110112,"High","CVE-2011-3969, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, reward","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::FrameView::forceLayoutParentViewIfNeeded","Apr 06, 2013 00:55:45",1365209745,"Jan 13, 2012 00:52:54",1326415974,"Jan 18, 2012 15:23:55",1326900235,"Ax3...@gmail.com","2011-3969"
110172,"High","CVE-2011-3018, Cr-Internals, Cr-Internals-Skia, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, r","Beta, Stable",1000,"accept","r...@chromium.org","Heap-buffer-overflow in SkAlphaRuns::add","Apr 01, 2013 15:37:21",1364830641,"Jan 13, 2012 16:53:02",1326473582,"Jan 30, 2012 18:43:42",1327949022,"aohelin","2011-3018"
110277,"Medium","CVE-2011-3970, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-963, rewa","Beta, Stable",500,"decline","infe...@chromium.org","Heap-buffer-overflow in xsltCompilePatternInternal","Apr 06, 2013 00:55:30",1365209730,"Jan 14, 2012 09:14:47",1326532487,"Jan 23, 2012 05:14:00",1327295640,"aohelin","2011-3970"
110374,"High","CVE-2011-3971, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-963, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::EventHandler::mouseMoved","Apr 06, 2013 00:55:23",1365209723,"Jan 16, 2012 14:23:57",1326723837,"Jan 18, 2012 00:45:47",1326847547,"Ax3...@gmail.com","2011-3971"
110545,"Low","Cr-Blink, M-18, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","bbudge@chromium.org","Security: AssociatedURLLoader exposes non-whitelisted response headers when loading with access control (CORS)","Apr 06, 2013 00:55:09",1365209709,"Jan 18, 2012 01:57:18",1326851838,"Jan 18, 2012 02:10:44",1326852644,"bbu...@gmail.com",""
110559,"Medium","CVE-2011-3972, ClusterFuzz, Cr-Blink, Cr-Internals-GPU-WebGL, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type","Beta, Stable",,"","zmo@chromium.org","Heap-buffer-overflow in GPU ShaderTranslator","Apr 06, 2013 00:55:07",1365209707,"Jan 18, 2012 06:04:08",1326866648,"Jan 26, 2012 02:05:16",1327543516,"infe...@chromium.org","2011-3972"
110764,"High","Cr-Blink, M-18, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::DocumentLoader::detachFromFrame","Apr 06, 2013 00:54:52",1365209692,"Jan 19, 2012 20:15:57",1327004157,"Jan 27, 2012 18:44:25",1327689865,"miaubiz@gmail.com",""
110849,"High","CVE-2011-3019, ClusterFuzz, Cr-Internals, Cr-Internals-Media-FFmpeg, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer,","Beta, Stable",,"","cev...@chromium.org","Heap-buffer-overflow in matroska_parse_block","Apr 01, 2013 15:37:18",1364830638,"Jan 20, 2012 06:09:21",1327039761,"Feb 02, 2012 21:04:32",1328216672,"infe...@chromium.org","2011-3019"
111088,"High","CVE-2012-3595, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","pal...@chromium.org","Heap-use-after-free in WebCore::FrameLoader::checkTimerFired","Apr 06, 2013 00:54:25",1365209665,"Jan 23, 2012 20:30:16",1327350616,"Feb 08, 2012 02:53:46",1328669626,"infe...@chromium.org","2012-3595"
111467,"High","Cr-Blink, M-18, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","infe...@chromium.org","Heap-buffer-overflow in WebCore::SVGSVGElement::currentViewBoxRect","Apr 06, 2013 00:53:43",1365209623,"Jan 26, 2012 10:25:13",1327573513,"Jan 26, 2012 21:36:59",1327613819,"attek...@gmail.com",""
111575,"Medium","CVE-2011-3020, Cr-Internals, Cr-Platform-NaCl, M-17, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","ncb...@google.com","Security: NaCl dynamic code modification allows direct calls inside existing super instructions.","Mar 21, 2013 21:06:21",1363899981,"Jan 27, 2012 01:36:48",1327628208,"Feb 06, 2012 20:20:46",1328559646,"ncb...@google.com","2011-3020"
111656,"Medium","CVE-2012-3663, Cr-Blink, Cr-Content-Core, Cr-UI-Accessibility, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Security: Accessibility bad cast","Apr 06, 2013 00:53:24",1365209604,"Jan 27, 2012 18:22:15",1327688535,"Dec 20, 2012 15:52:54",1356018774,"skylined@chromium.org","2012-3663"
111748,"High","CVE-2011-3034, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","rn...@chromium.org","Heap-use-after-free in WebCore::SVGElement::removedFromDocument","Apr 06, 2013 00:53:18",1365209598,"Jan 28, 2012 02:24:57",1327717497,"Feb 15, 2012 00:50:31",1329267031,"Ax3...@gmail.com","2011-3034"
111779,"High","CVE-2011-3021, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::SubframeLoader::loadSubframe","Apr 06, 2013 00:53:16",1365209596,"Jan 28, 2012 16:34:56",1327768496,"Feb 06, 2012 18:27:47",1328552867,"Ax3...@gmail.com","2011-3021"
112093,"High","CVE-2012-3608, CVE-2012-3620, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Securi","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::Node::dispatchSubtreeModifiedEvent","Apr 06, 2013 00:52:59",1365209579,"Jan 31, 2012 15:33:31",1328024011,"Feb 07, 2012 20:06:39",1328645199,"infe...@chromium.org","2012-3608, 2012-3620"
112151,"High","Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","","Heap-use-after-free in WebCore::RenderRegion::setRegionBoxesRegionStyle","Apr 06, 2013 00:52:55",1365209575,"Jan 31, 2012 20:32:16",1328041936,"Feb 04, 2012 02:31:24",1328322684,"miaubiz@gmail.com",""
112212,"High","CVE-2011-3035, Cr-Blink, Cr-Blink-SVG, Cr-Content-Core, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Sec","Beta, Stable",2000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::ContainerNode::appendChild","Apr 06, 2013 03:44:45",1365219885,"Feb 01, 2012 00:03:34",1328054614,"Mar 02, 2012 02:06:12",1330653972,"Ax3...@gmail.com","2011-3035"
112236,"Medium","CVE-2011-3022, Cr-UI, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1025, merge-merged-963","Beta, Stable",,"","pal...@chromium.org","Security: Chrome translation script downloaded over HTTP","Mar 21, 2013 21:06:18",1363899978,"Feb 01, 2012 02:28:14",1328063294,"Feb 07, 2012 23:30:59",1328657459,"jorg...@chromium.org","2011-3022"
112259,"Medium","CVE-2011-3023, Cr-Blink, Cr-Content-Core, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, rewar","Beta, Stable",500,"decline","rn...@chromium.org","Heap-use-after-free in WebCore::EventTarget::dispatchEvent","Apr 06, 2013 00:52:45",1365209565,"Feb 01, 2012 09:18:05",1328087885,"Feb 01, 2012 21:44:00",1328132640,"paw...@gmail.com","2011-3023"
112317,"Medium","CVE-2011-3059, Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-B","Beta, Stable",500,"accept","pdr@chromium.org","Heap-buffer-overflow in WebCore::Font::codePath","Apr 06, 2013 03:44:44",1365219884,"Feb 01, 2012 18:42:26",1328121746,"Mar 13, 2012 20:09:03",1331669343,"Ax3...@gmail.com","2011-3059"
112339,"Low","Cr-Internals, Cr-Internals-GPU, Cr-Internals-GPU-WebGL, Cr-Internals-Graphics, M-25, OS-Windows, Pri-2, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","kbr@chromium.org","Security: chrome allows TDR looping leading to win7 OS crash through page refresh html tag + WebGL","Mar 21, 2013 20:53:00",1363899180,"Feb 01, 2012 20:02:26",1328126546,"Dec 11, 2012 23:44:15",1355269455,"n8bix...@gmail.com",""
112411,"High","Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::SVGUseElement::expandSymbolElementsInShadowTree","Apr 06, 2013 03:44:43",1365219883,"Feb 02, 2012 05:43:06",1328161386,"Feb 17, 2012 19:31:34",1329507094,"aohelin",""
112443,"Low","Cr-Internals, Cr-Internals-Network-SSL, M-17, M-18, Merge-Merged-1025, Merge-Merged-963, OS-Mac, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","mark@chromium.org","[Mac] Regular SSL certificate incorrectly displayed with EV color badge","Mar 21, 2013 21:06:15",1363899975,"Feb 02, 2012 11:16:13",1328181373,"Feb 06, 2012 23:04:47",1328569487,"jro...@gmail.com",""
112451,"Low","CVE-2011-3024, Cr-Internals, Cr-Internals-Network-SSL, M-17, Merge-Merged, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, merge-merged-1025, me","Beta, Stable",,"","rsleevi@chromium.org","X509UserCertResourceHandler::OnResponseCompleted crash","Mar 21, 2013 21:06:15",1363899975,"Feb 02, 2012 13:26:09",1328189169,"Feb 09, 2012 02:04:58",1328753098,"chrome...@gmail.com","2011-3024"
112542,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Heap-use-after-free in WebCore::TextIterator::rangeFromLocationAndLength","Apr 06, 2013 00:52:11",1365209531,"Feb 02, 2012 23:47:53",1328226473,"Feb 17, 2012 02:32:57",1329445977,"infe...@chromium.org",""
112670,"Medium","CVE-2011-3025, M-17, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","cev...@chromium.org","avcodec_53!ff_h264_get_profile - crash","Mar 21, 2013 21:06:14",1363899974,"Feb 04, 2012 00:23:38",1328315018,"Feb 07, 2012 01:16:54",1328577414,"slaweck","2011-3025"
112694,"High","CVE-2012-3596, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::Node::normalize","Apr 06, 2013 00:51:56",1365209516,"Feb 04, 2012 09:21:22",1328347282,"Feb 08, 2012 20:56:18",1328734578,"infe...@chromium.org","2012-3596"
112735,"High","CVE-2012-3603, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Bad cast in FormSubmission::create","Apr 06, 2013 00:51:51",1365209511,"Feb 05, 2012 03:17:42",1328411862,"Feb 06, 2012 03:58:22",1328500702,"infe...@chromium.org","2012-3603"
112738,"Low","Cr-Internals, M-26, MovedFrom18, OS-All, Pri-2, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","koz@chromium.org","Security: User Interface - infobar confusion, spamming, and spoofing","Apr 03, 2013 16:57:22",1365008242,"Feb 05, 2012 04:14:23",1328415263,"",0,"ch...@lookout.net",""
112764,"Medium","ClusterFuzz, Cr-Blink, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Heap-use-after-free in RendererAccessibility::SendPendingAccessibilityNotifications","Apr 06, 2013 00:51:48",1365209508,"Feb 05, 2012 19:45:43",1328471143,"Dec 20, 2012 15:52:27",1356018747,"infe...@chromium.org",""
112775,"High","CVE-2012-3609, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Heap-use-after-free in WebCore::Node::traverseNextNode","Apr 06, 2013 00:51:46",1365209506,"Feb 06, 2012 05:27:59",1328506079,"Feb 15, 2012 01:26:09",1329269169,"infe...@chromium.org","2012-3609"
112814,"Low","Cr-Internals, Cr-UI-Browser-SafeBrowsing, M-19, MovedFrom18, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","mattm@chromium.org","Safe Browsing client doesn't always check for MAC field in response","Mar 21, 2013 21:06:12",1363899972,"Feb 06, 2012 15:39:27",1328542767,"Dec 20, 2012 15:52:00",1356018720,"ke...@chromium.org",""
112822,"High","CVE-2011-3026, M-17, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1025, merge-merged-963, reward-1337","Beta, Stable",1337,"accept","cev...@chromium.org","Security: Heap-buffer-overflow in png_decompress_chunk","Mar 21, 2013 21:06:12",1363899972,"Feb 06, 2012 16:55:41",1328547341,"Feb 09, 2012 21:11:54",1328821914,"a...@ut.ee","2011-3026"
112833,"High","Cr-Internals, Cr-Internals-Media, M-18, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-1025,","Beta",1000,"accept","scherkus@chromium.org","Heap-use-after-free in webkit_media::BufferedResourceLoader::Start","Apr 01, 2013 15:36:57",1364830617,"Feb 06, 2012 18:05:58",1328551558,"Feb 09, 2012 20:18:12",1328818692,"miaubiz@gmail.com",""
112847,"High","CVE-2011-3027, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Bad cast in addChildToAnonymousColumnBlocks","Apr 06, 2013 00:51:40",1365209500,"Feb 06, 2012 19:14:39",1328555679,"Feb 07, 2012 19:38:54",1328643534,"miaubiz@gmail.com","2011-3027"
112961,"Low","Cr-Blink, Cr-Internals, Cr-Internals-Plugins, Cr-Internals-Plugins-Pepper, Iteration-49, M-17, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug","Beta, Stable",,"","dpolukhin@chromium.org","TCP and UDP IPCs should not be exposed to arbitrary renderers","Apr 06, 2013 04:37:51",1365223071,"Feb 07, 2012 02:02:12",1328580132,"Mar 02, 2012 03:40:32",1330659632,"jsc...@chromium.org",""
113119,"Low","Cr-UI, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","pal...@chromium.org","Security: Report bad translation link uses http://","Mar 21, 2013 21:06:10",1363899970,"Feb 07, 2012 23:30:09",1328657409,"May 23, 2012 23:42:19",1337816539,"pal...@chromium.org",""
113258,"High","CVE-2011-3036, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Bad cast in WebCore::RenderBlock::createLineBoxes","Apr 06, 2013 00:51:04",1365209464,"Feb 08, 2012 20:29:52",1328732992,"Feb 13, 2012 22:29:02",1329172142,"miaubiz@gmail.com","2011-3036"
113415,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::deleteLine","Apr 06, 2013 00:50:51",1365209451,"Feb 09, 2012 17:44:31",1328809471,"Feb 22, 2012 21:58:25",1329947905,"aa...@google.com",""
113439,"High","CVE-2011-3037, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Bad casts due to issues in splitAnonymousBlocksAroundChild","Apr 06, 2013 00:50:47",1365209447,"Feb 09, 2012 18:58:23",1328813903,"Feb 23, 2012 05:38:31",1329975511,"miaubiz@gmail.com","2011-3037"
113496,"Low","CVE-2011-3084, Cr-Internals-Core, Cr-UI, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","creis@chromium.org","Links in settings page (like learn more, google dashboard) are opened in the webui renderer process","Mar 21, 2013 21:06:08",1363899968,"Feb 09, 2012 20:06:49",1328818009,"Mar 15, 2012 20:46:36",1331844396,"atwilson@chromium.org","2011-3084"
113497,"High","CVE-2011-3038, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::computeUnderAnnotationAdjustment","Apr 06, 2013 00:50:19",1365209419,"Feb 09, 2012 20:07:53",1328818073,"Feb 22, 2012 21:10:44",1329945044,"miaubiz@gmail.com","2011-3038"
113562,"High","CVE-2012-3597, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::NavigationScheduler::schedule","Apr 06, 2013 00:50:13",1365209413,"Feb 10, 2012 00:43:53",1328834633,"Feb 14, 2012 21:05:18",1329253518,"infe...@chromium.org","2012-3597"
113690,"High","CVE-2012-1520, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderButton::removeChild","Apr 06, 2013 00:50:00",1365209400,"Feb 10, 2012 19:37:02",1328902622,"Feb 14, 2012 01:49:15",1329184155,"infe...@chromium.org","2012-1520"
113707,"High","CVE-2011-3039, Cr-Blink, M-17, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderQuote::placeQuote","Apr 06, 2013 00:49:58",1365209398,"Feb 10, 2012 20:36:40",1328906200,"Feb 17, 2012 20:52:59",1329511979,"miaubiz@gmail.com","2011-3039"
113755,"High","CVE-2012-3610, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren","Apr 06, 2013 00:49:51",1365209391,"Feb 11, 2012 00:01:44",1328918504,"Mar 01, 2012 18:24:37",1330626277,"infe...@chromium.org","2012-3610"
113799,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderTable::layout","Apr 06, 2013 00:49:48",1365209388,"Feb 11, 2012 08:40:31",1328949631,"Feb 16, 2012 23:36:41",1329435401,"infe...@chromium.org",""
113800,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::computeOverflow","Apr 06, 2013 00:49:48",1365209388,"Feb 11, 2012 08:42:24",1328949744,"Feb 25, 2012 02:59:41",1330138781,"infe...@chromium.org",""
113801,"High","CVE-2012-3653, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::outlineStyleForRepaint","Apr 06, 2013 00:49:48",1365209388,"Feb 11, 2012 08:43:52",1328949832,"Feb 28, 2012 21:03:10",1330462990,"infe...@chromium.org","2012-3653"
113837,"High","Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::Document::unregisterForPageCacheSuspensionCallbacks","Apr 06, 2013 00:49:45",1365209385,"Feb 11, 2012 17:35:41",1328981741,"Feb 13, 2012 02:40:09",1329100809,"Ax3...@gmail.com",""
113902,"High","CVE-2011-3050, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::InlineBox::root","Apr 06, 2013 00:49:38",1365209378,"Feb 12, 2012 19:32:47",1329075167,"Mar 09, 2012 21:13:45",1331327625,"miaubiz@gmail.com","2011-3050"
113924,"High","Cr-Internals, M-19, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","danno@chromium.org","[LangFuzz] Crash at v8::internal::HashTable<...>::FindEntry with invalid read","Mar 21, 2013 20:43:14",1363898594,"Feb 13, 2012 02:16:12",1329099372,"Feb 14, 2012 15:25:40",1329233140,"decoder...@googlemail.com",""
114054,"Medium","CVE-2011-3040, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","rn...@chromium.org","Heap-buffer-overflow in void WTF::Vector<unsigned short, 0ul>::append<unsigned short>","Apr 06, 2013 00:49:26",1365209366,"Feb 13, 2012 20:02:31",1329163351,"Feb 22, 2012 00:47:48",1329871668,"miaubiz@gmail.com","2011-3040"
114056,"Medium","CVE-2011-3060, Cr-Blink, M-18, Merge-Merged, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","ke...@chromium.org","Heap-buffer-overflow in WebCore::previousBoundary","Apr 06, 2013 00:49:26",1365209366,"Feb 13, 2012 20:06:30",1329163590,"Mar 09, 2012 22:39:49",1331332789,"miaubiz@gmail.com","2011-3060"
114068,"High","CVE-2011-3041, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::HTMLElement::isPresentationAttribute","Apr 06, 2013 00:49:25",1365209365,"Feb 13, 2012 20:57:50",1329166670,"Feb 14, 2012 20:47:13",1329252433,"miaubiz@gmail.com","2011-3041"
114144,"High","Cr-Blink, M-17, Merge-Merged, Needs-Reduction, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Crash by clicking the time field of maps.google.com","Apr 06, 2013 00:49:19",1365209359,"Feb 14, 2012 05:56:56",1329199016,"Feb 27, 2012 19:50:20",1330372220,"tkent@chromium.org",""
114219,"High","CVE-2011-3042, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderTableSection::nodeAtPoint","Apr 06, 2013 00:49:12",1365209352,"Feb 14, 2012 19:41:51",1329248511,"Feb 21, 2012 20:53:52",1329857632,"miaubiz@gmail.com","2011-3042"
114342,"High","Cr-Internals, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-1025, reward-1000","Beta",1000,"accept","jshin@chromium.org","Stack-buffer-overflow at strcpy","Apr 01, 2013 15:36:45",1364830605,"Feb 15, 2012 09:12:10",1329297130,"Feb 16, 2012 22:12:18",1329430338,"aohelin",""
114911,"High","CVE-2012-3611, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","abarth@chromium.org","Heap-buffer-overflow in WebCore::Element::setAttribute","Apr 06, 2013 00:47:56",1365209276,"Feb 19, 2012 01:28:44",1329614924,"Feb 21, 2012 07:59:21",1329811161,"cev...@google.com","2012-3611"
114924,"High","CVE-2011-3037, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Bad cast in splitAnonymousBlocksAroundChild","Apr 06, 2013 00:47:54",1365209274,"Feb 19, 2012 08:39:48",1329640788,"Feb 19, 2012 20:29:10",1329683350,"miaubiz@gmail.com","2011-3037"
114960,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::SVGTextLayoutAttributesBuilder::fillCharacterDataMap","Apr 06, 2013 03:44:37",1365219877,"Feb 20, 2012 00:16:44",1329697004,"Mar 09, 2012 19:15:03",1331320503,"infe...@chromium.org",""
115028,"High","CVE-2011-3037, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Bad cast in splitAnonymousBlocksAroundChild (part 3)","Apr 06, 2013 00:47:47",1365209267,"Feb 20, 2012 19:55:47",1329767747,"Feb 28, 2012 20:56:38",1330462598,"miaubiz@gmail.com","2011-3037"
115159,"High","Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","adamk@chromium.org","Security: Setting innerText allows DOMSubtreeModified listeners to cause crashes","Apr 06, 2013 00:47:35",1365209255,"Feb 21, 2012 21:08:43",1329858523,"Feb 22, 2012 01:56:40",1329875800,"adamk@chromium.org",""
115299,"Medium","Cr-Internals, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","None",500,"accept","tommi@chromium.org","Use-after-free in AudioDeviceThread::Callback::InitializeOnAudioThread","Apr 01, 2013 15:36:42",1364830602,"Feb 22, 2012 18:49:34",1329936574,"Mar 01, 2012 07:31:15",1330587075,"miaubiz@gmail.com",""
115471,"High","CVE-2011-3033, Cr-Internals, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","r...@chromium.org","Heap-buffer-overflow in SkAlphaRuns::add","Apr 01, 2013 15:36:42",1364830602,"Feb 23, 2012 15:29:23",1330010963,"Feb 23, 2012 23:43:59",1330040639,"aohelin","2011-3033"
115681,"High","CVE-2011-3043, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBox::enclosingFloatPaintingLayer","Apr 06, 2013 00:46:54",1365209214,"Feb 24, 2012 19:22:19",1330111339,"Feb 24, 2012 22:42:07",1330123327,"miaubiz@gmail.com","2011-3043"
115695,"High","Cr-Blink, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000, reward-decline","None",1000,"decline","infe...@chromium.org","Heap-buffer-overflow in WebCore::StaticNodeList::itemWithName","Apr 06, 2013 00:46:52",1365209212,"Feb 24, 2012 20:53:38",1330116818,"Feb 25, 2012 02:58:12",1330138692,"aohelin",""
115754,"High","Cr-Blink, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","alokp@chromium.org","Heap-use-after-free in WebCore::RenderLayer::addChild","Apr 06, 2013 00:46:46",1365209206,"Feb 25, 2012 07:06:52",1330153612,"Feb 28, 2012 19:16:18",1330456578,"aohelin",""
116027,"High","ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine","Apr 06, 2013 00:46:17",1365209177,"Feb 28, 2012 06:01:42",1330408902,"Feb 28, 2012 19:13:49",1330456429,"infe...@chromium.org",""
116069,"Medium","Cr-Blink, Cr-Blink-Audio, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Type-Bug-Security, reward-500","None",500,"accept","tommyw@chromium.org","WebCore::MediaStreamListInternal::itemCallback","Apr 06, 2013 05:07:45",1365224865,"Feb 28, 2012 16:50:22",1330447822,"Feb 29, 2012 22:15:24",1330553724,"slaweck",""
116093,"High","CVE-2011-3044, Cr-Blink, Cr-Blink-SVG, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-100","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-buffer-overflow in WebCore::SVGDocumentExtensions::removeAnimationElementFromTarget","Apr 06, 2013 03:44:34",1365219874,"Feb 28, 2012 18:00:24",1330452024,"Mar 01, 2012 15:26:16",1330615576,"Ax3...@gmail.com","2011-3044"
116162,"High","CVE-2011-3045, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1025, merge-merged-963","Beta, Stable",,"","cev...@chromium.org","Heap-buffer-overflow in wk_png_inflate","Apr 06, 2013 00:46:04",1365209164,"Feb 28, 2012 22:32:16",1330468336,"Mar 07, 2012 03:19:05",1331090345,"glen...@gmail.com","2011-3045"
116224,"High","CVE-2012-3668, ClusterFuzz, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Heap-use-after-free in WebCore::FrameLoader::urlSelected","Apr 06, 2013 00:45:55",1365209155,"Feb 29, 2012 08:30:41",1330504241,"Mar 01, 2012 18:58:08",1330628288,"infe...@chromium.org","2012-3668"
116398,"High","CVE-2011-3061, Cr-Internals, Cr-Internals-Network-Proxy, Cr-Internals-Network-SPDY, Cr-Internals-Network-SSL, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity","Beta, Stable",,"","a...@chromium.org","Security: SSL proxy seems to not care about the cert","Mar 21, 2013 21:05:57",1363899957,"Mar 01, 2012 16:42:13",1330620133,"Mar 06, 2012 03:33:23",1331004803,"kthan...@google.com","2011-3061"
116405,"High","Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Mitigate stale layout root bugs","Apr 06, 2013 00:45:36",1365209136,"Mar 01, 2012 18:12:35",1330625555,"Mar 01, 2012 21:28:27",1330637307,"infe...@chromium.org",""
116461,"High","CVE-2011-3051, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","tsepez@chromium.org","Heap-use-after-free in WebCore::CSSCrossfadeValue::~CSSCrossfadeValue","Apr 06, 2013 00:45:29",1365209129,"Mar 01, 2012 23:27:08",1330644428,"Mar 09, 2012 21:37:14",1331329034,"Ax3...@gmail.com","2011-3051"
116524,"High","CVE-2011-3062, Cr-Internals, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1025","Beta, Stable",,"","ba...@chromium.org","Security: Off-by-one in OTS resulting in arbitrary code execution","Mar 21, 2013 21:05:56",1363899956,"Mar 02, 2012 12:02:15",1330689735,"Mar 03, 2012 13:02:14",1330779734,"mjurc...@google.com","2011-3062"
116637,"High","CVE-2011-3052, Cr-Blink, Cr-Internals-GPU-WebGL, M-17, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-9","Beta, Stable",,"","kbr@chromium.org","Renderer process crash when doing WebGL canvas to 2D canvas drawImage()","Apr 06, 2013 00:45:18",1365209118,"Mar 03, 2012 00:20:08",1330734008,"Mar 07, 2012 02:53:42",1331088822,"benvanik@google.com","2011-3052"
116661,"","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, SecSeverity-OMGOMGOMG, Type-Bug-Security, reward-10000","None",10000,"accept","cev...@chromium.org","miaubiz is a Rockstar","Mar 10, 2013 00:32:32",1362875552,"Mar 03, 2012 06:00:02",1330754402,"Mar 05, 2012 03:24:53",1330917893,"scarybea...@gmail.com",""
116662,"","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, SecSeverity-OMGOMGOMG, Type-Bug-Security, reward-10000","None",10000,"accept","cev...@chromium.org","Aki Helin is a Legend","Mar 10, 2013 00:32:31",1362875551,"Mar 03, 2012 06:01:10",1330754470,"Mar 05, 2012 03:26:08",1330917968,"scarybea...@gmail.com",""
116663,"","Cr-Internals, Pri-2, Restrict-AddIssueComment-Commit, SecSeverity-OMGOMGOMG, Type-Bug-Security, reward-10000","None",10000,"accept","cev...@chromium.org","Arthur Gerkis is a Superhero","Mar 10, 2013 00:32:31",1362875551,"Mar 03, 2012 06:01:47",1330754507,"Mar 05, 2012 03:27:33",1330918053,"scarybea...@gmail.com",""
116746,"High","CVE-2011-3053, Cr-Blink, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::splitBlocks","Apr 06, 2013 00:45:02",1365209102,"Mar 04, 2012 19:19:23",1330888763,"Mar 09, 2012 21:16:24",1331327784,"miaubiz@gmail.com","2011-3053"
116806,"High","CVE-2012-3655, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderInline::continuationBefore","Apr 06, 2013 00:44:56",1365209096,"Mar 05, 2012 16:57:36",1330966656,"Mar 22, 2012 18:04:05",1332439445,"skylined@chromium.org","2012-3655"
116927,"High","Cr-Internals, M-19, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","dalecur...@chromium.org","Heap-buffer-overflow in av_freep","Apr 01, 2013 15:36:33",1364830593,"Mar 06, 2012 05:24:38",1331011478,"Mar 10, 2012 01:37:35",1331343455,"chamal.d...@gmail.com",""
117110,"High","CVE-2012-1521, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderObjectChildList::destroyLeftoverChildren","Apr 06, 2013 00:44:32",1365209072,"Mar 07, 2012 04:13:57",1331093637,"Apr 10, 2012 03:55:44",1334030144,"infe...@chromium.org","2012-1521"
117150,"High","Cr-Blink, M-19, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","rn...@chromium.org","REGRESSION(wk109285): Heap-use-after-free in WebCore::Document::nodeChildrenWillBeRemoved","Apr 06, 2013 00:44:27",1365209067,"Mar 07, 2012 14:27:47",1331130467,"Mar 12, 2012 18:43:10",1331577790,"aohelin",""
117230,"High","Cr-Internals, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1025, pwnium","Beta, Stable",,"","creis@chromium.org","Part 2 of Pwnium Bug","Mar 21, 2013 21:05:53",1363899953,"Mar 07, 2012 20:34:26",1331152466,"Mar 08, 2012 01:18:44",1331169524,"infe...@chromium.org",""
117335,"Medium","Cr-Internals, Cr-Internals-Media, M-19, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500, reward-decline, te","None",500,"decline","tommi@chromium.org","Occasional heap-use-after-free in non-virtual thunk to AudioDevice::OnStateChanged","Apr 01, 2013 15:36:29",1364830589,"Mar 08, 2012 07:29:36",1331191776,"Mar 12, 2012 16:37:09",1331570229,"aohelin",""
117341,"High","Cr-Internals, Cr-Internals-Media, Cr-Internals-Media-Video, M-19, Merge-Merged, OS-Linux, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, merge-merged-1084, reward","Beta",1000,"accept","fischman@chromium.org","Heap-use-after-free in MessageLoop::AddToIncomingQueue","Mar 21, 2013 21:05:53",1363899953,"Mar 08, 2012 08:36:55",1331195815,"Apr 09, 2012 22:32:32",1334010752,"chamal.d...@gmail.com",""
117400,"High","Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, pwnium","Beta, Stable",,"","infe...@chromium.org","Uptake fixes on weak node iteration patterns","Apr 06, 2013 00:44:08",1365209048,"Mar 08, 2012 17:00:09",1331226009,"Mar 22, 2012 00:07:44",1332374864,"infe...@chromium.org",""
117409,"High","CVE-2011-3103, Cr-Blink, Cr-Blink-JavaScript, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","danno@chromium.org","Chrome: Crash Report - Stack Signature: v8::internal::MarkCompactCollector::RecordS... ","Apr 06, 2013 03:24:29",1365218669,"Mar 08, 2012 18:09:00",1331230140,"Dec 20, 2012 15:53:22",1356018802,"brettw@chromium.org","2011-3103"
117413,"High","CVE-2012-3651, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderScrollbar::getScrollbarPseudoStyle","Apr 06, 2013 00:44:07",1365209047,"Mar 08, 2012 18:26:33",1331231193,"Dec 20, 2012 15:53:22",1356018802,"aa...@google.com","2012-3651"
117417,"Low","CVE-2011-3063, Cr-Internals, Cr-UI-Browser-Navigation, M-18, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1025, merge-merged-963, pwnium","Beta, Stable",,"","creis@chromium.org","Security: Don't let a normal web renderer navigate to a privileged URL","Mar 21, 2013 21:05:51",1363899951,"Mar 08, 2012 18:40:19",1331232019,"Mar 15, 2012 21:28:47",1331846927,"creis@chromium.org","2011-3063"
117418,"Low","CVE-2011-3054, Cr-Internals, Cr-Internals-Core, M-17, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1025, merge-merged-963, ","Beta, Stable",,"","creis@chromium.org","Security: Don't grant WebUI bindings to a process shared with normal views","Mar 21, 2013 21:05:51",1363899951,"Mar 08, 2012 18:40:40",1331232040,"Mar 10, 2012 00:15:08",1331338508,"creis@chromium.org","2011-3054"
117446,"Low","Cr-Internals, Cr-Platform-Extensions, Cr-Webstore, OS-All, Pri-2, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, pwnium","Beta, Stable",,"","tsepez@chromium.org","App popup user gesture exemption should be based on process type, not just extent","Mar 21, 2013 21:05:51",1363899951,"Mar 08, 2012 21:11:31",1331241091,"Dec 20, 2012 15:52:00",1356018720,"tsepez@chromium.org",""
117471,"High","CVE-2011-3064, Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-100","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled","Apr 06, 2013 03:44:31",1365219871,"Mar 08, 2012 23:44:06",1331250246,"Mar 13, 2012 16:51:45",1331657505,"attek...@gmail.com","2011-3064"
117550,"High","CVE-2011-3056, Cr-Blink, M-17, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, pwnium, reward-2000","Beta, Stable",2000,"accept","abarth@chromium.org","Pwnium UXSS variation","Apr 06, 2013 00:43:56",1365209036,"Mar 09, 2012 17:55:46",1331315746,"Mar 19, 2012 23:11:58",1332198718,"serg.gla...@gmail.com","2011-3056"
117583,"Medium","CVE-2011-3067, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, pwnium","Stable",,"","","Iframe hijacking from Pwnium","Apr 06, 2013 00:43:54",1365209034,"Mar 09, 2012 20:26:21",1331324781,"Mar 27, 2012 01:13:17",1332810797,"tsepez@chromium.org","2011-3067"
117588,"High","CVE-2011-3065, Cr-Internals, Cr-Internals-Skia, M-18, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Stable",1000,"accept","epoger@google.com","Security: Memory Corruption in MaskSuperBlitter","Mar 21, 2013 20:52:35",1363899155,"Mar 09, 2012 20:55:30",1331326530,"Mar 12, 2012 19:09:34",1331579374,"w3bd3...@gmail.com","2011-3065"
117627,"Medium","CVE-2011-3079, Cr-Internals, M-18, Merge-Merged, OS-Windows, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1025, merge-merged-1077, merge-merged-1084, pwnium","Beta, Stable",,"","jsc...@chromium.org","Security: IPC Channel does not validate the listener.","Mar 21, 2013 21:05:49",1363899949,"Mar 10, 2012 00:41:10",1331340070,"Mar 22, 2012 05:02:43",1332392563,"nsylv...@chromium.org","2011-3079"
117656,"High","M-17, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, pwnium","Beta, Stable",,"","apatr...@chromium.org","Pwnium bug: GPU memory corruption","Mar 21, 2013 21:05:49",1363899949,"Mar 10, 2012 07:06:34",1331363194,"Mar 10, 2012 07:06:34",1331363194,"scarybea...@gmail.com",""
117672,"Low","Cr-Internals, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","vangelis@chromium.org","Uptake angle security fix","Mar 21, 2013 21:05:48",1363899948,"Mar 10, 2012 16:19:16",1331396356,"Dec 20, 2012 15:52:00",1356018720,"infe...@chromium.org",""
117698,"High","CVE-2011-3068, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderLayer::addChild","Apr 06, 2013 00:43:49",1365209029,"Mar 11, 2012 09:21:04",1331457664,"Mar 19, 2012 22:55:19",1332197719,"miaubiz@gmail.com","2011-3068"
117715,"Low","Cr-Internals, Cr-Platform-Extensions, Cr-UI-Settings, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","jhawk...@chromium.org","LoadExtension binding in chrome://extensions/ is too permissive","Mar 21, 2013 21:05:48",1363899948,"Mar 11, 2012 14:56:35",1331477795,"Mar 26, 2012 01:47:08",1332726428,"a...@chromium.org",""
117724,"High","CVE-2012-3680, ClusterFuzz, Cr-Blink, Cr-Blink-Editing, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Sec","Beta, Stable",,"","infe...@chromium.org","Event handlers firing during Text::splitText trigger use-after-free.","Apr 06, 2013 03:30:12",1365219012,"Mar 11, 2012 17:43:36",1331487816,"Mar 12, 2012 22:21:34",1331590894,"infe...@chromium.org","2012-3680"
117728,"High","CVE-2011-3069, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::InlineBox::root","Apr 06, 2013 00:43:46",1365209026,"Mar 11, 2012 18:42:12",1331491332,"Mar 23, 2012 20:56:56",1332536216,"miaubiz@gmail.com","2011-3069"
117736,"Medium","CVE-2011-3055, Cr-Internals, Cr-Platform-Extensions, M-17, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-963, pwnium","Beta, Stable",,"","yoz@chromium.org","No permission prompt when loading unpacked extension with NPAPI plugin","Mar 21, 2013 21:05:47",1363899947,"Mar 11, 2012 20:18:19",1331497099,"Mar 19, 2012 18:15:03",1332180903,"erik...@chromium.org","2011-3055"
117794,"Medium","CVE-2011-3057, Cr-Internals, M-18, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","danno@chromium.org","[LangFuzz] Crash on heap with invalid read through GetPropertyWithCallback","Mar 21, 2013 21:05:47",1363899947,"Mar 12, 2012 14:34:31",1331562871,"Mar 13, 2012 13:11:59",1331644319,"decoder...@googlemail.com","2011-3057"
117889,"Low","Cr-Internals, Cr-UI-Browser-Downloads, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","asanka@chromium.org","Dangerous download warnings are suppressed for a larger class of downloads than are handled by SafeBrowsing","Mar 21, 2013 21:05:46",1363899946,"Mar 12, 2012 22:00:20",1331589620,"Dec 20, 2012 15:52:01",1356018721,"asanka@chromium.org",""
117890,"Medium","Cr-Internals, M-20, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","c...@chromium.org","Use-after-free in CrashGenerationServer","Mar 21, 2013 21:05:46",1363899946,"Mar 12, 2012 22:06:10",1331589970,"Dec 20, 2012 15:52:54",1356018774,"c...@chromium.org",""
118009,"Medium","CVE-2012-3615, Cr-Blink, Cr-Blink-Editing, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","schen...@chromium.org","Heap-buffer-overflow in void WTF::Vector<unsigned short, 0ul>::append<unsigned short>","Apr 06, 2013 03:30:07",1365219007,"Mar 13, 2012 16:59:11",1331657951,"Mar 21, 2012 20:51:51",1332363111,"infe...@chromium.org","2012-3615"
118185,"High","CVE-2011-3070, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","adamk@chromium.org","Heap-use-after-free in WebCore::V8HTMLBodyElement::wrapSlow","Apr 06, 2013 00:43:09",1365208989,"Mar 14, 2012 16:12:49",1331741569,"Mar 23, 2012 04:41:12",1332477672,"aa...@google.com","2011-3070"
118227,"Low","Cr-Blink, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","abarth@chromium.org","Security: cross-origin iframes can be resized from within in M18","Apr 06, 2013 00:43:04",1365208984,"Mar 14, 2012 19:44:49",1331754289,"Dec 20, 2012 15:52:01",1356018721,"komoro...@chromium.org",""
118273,"High","CVE-2011-3071, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","ZDI-CAN-1528: Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability","Apr 06, 2013 00:43:01",1365208981,"Mar 14, 2012 22:26:58",1331764018,"Mar 23, 2012 20:28:20",1332534500,"infe...@chromium.org","2011-3071"
118317,"Low","Cr-Internals, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1229","Beta, Stable",,"","tsepez@chromium.org","Popup blocker bypass triggering mouse event on tag with rel=noreferrer","Mar 21, 2013 21:05:44",1363899944,"Mar 15, 2012 01:49:11",1331776151,"Dec 20, 2012 15:52:01",1356018721,"shevi...@gmail.com",""
118374,"Medium","CVE-2011-3085, Cr-Blink, Cr-UI, Cr-UI-Browser-Autofill, M-19, Merge-Merged, OS-All, Pri-3, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","apav...@chromium.org","Long autofilled value causes render issue","Apr 06, 2013 00:42:55",1365208975,"Mar 15, 2012 10:54:52",1331808892,"Apr 06, 2012 14:42:29",1333723349,"psald...@gmail.com","2011-3085"
118414,"Critical","Cr-Internals, Cr-Internals-WebRTC, M-19, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Critical, Type-Bug-Security, reward-1000","None",1000,"accept","mflodman@chromium.org","Heap use after free on chrome_content_browser_client.cc with webrtc","Mar 21, 2013 21:07:52",1363900072,"Mar 15, 2012 16:17:51",1331828271,"Mar 17, 2012 01:53:15",1331949195,"chamal.d...@gmail.com",""
118467,"Low","CVE-2011-3072, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, pwnium","Beta, Stable",,"","tsepez@chromium.org","open.call(other_window) circumvents check in other_window.open()","Apr 06, 2013 00:42:48",1365208968,"Mar 15, 2012 20:19:47",1331842787,"Mar 19, 2012 18:22:40",1332181360,"tsepez@chromium.org","2011-3072"
118490,"High","Cr-Blink, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","","Heap-use-after-free in WebCore::RenderObject::containingBlock","Apr 06, 2013 00:42:46",1365208966,"Mar 15, 2012 21:31:49",1331847109,"Mar 20, 2012 21:33:03",1332279183,"miaubiz@gmail.com",""
118593,"High","CVE-2011-3073, Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-100","Beta, Stable",1000,"accept","pdr@chromium.org","Heap-use-after-free in WebCore::SVGStyledElement::buildPendingResourcesIfNeeded","Apr 06, 2013 03:44:28",1365219868,"Mar 16, 2012 13:26:33",1331904393,"Mar 21, 2012 16:56:58",1332349018,"Ax3...@gmail.com","2011-3073"
118633,"Low","CVE-2012-2815, M-20, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Security: Frame sniffing is not fixed","Mar 21, 2013 21:05:42",1363899942,"Mar 16, 2012 17:56:33",1331920593,"Dec 20, 2012 15:52:01",1356018721,"el...@google.com","2012-2815"
118642,"High","CVE-2011-3086, Cr-Blink, Cr-Blink-JavaScript, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, Web","Beta, Stable",1000,"accept","arv@chromium.org","Heap-use-after-free in v8::internal::JSObject::GetElementWithInterceptor","Apr 06, 2013 03:24:22",1365218662,"Mar 16, 2012 18:30:28",1331922628,"Apr 11, 2012 19:38:35",1334173115,"Ax3...@gmail.com","2011-3086"
118662,"Medium","Cr-Blink, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","None",500,"accept","o...@chromium.org","Regression(r109014): Heap-use-after-free in WebCore::InlineTextBox::isLineBreak","Apr 06, 2013 00:42:32",1365208952,"Mar 16, 2012 20:34:02",1331930042,"Mar 19, 2012 20:44:16",1332189856,"miaubiz@gmail.com",""
118664,"Low","CVE-2011-3087, Cr-Internals, Cr-Internals-Core, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","creis@chromium.org","Security: Swapped out URL must be a unique origin","Mar 21, 2013 21:05:42",1363899942,"Mar 16, 2012 20:36:35",1331930195,"Dec 20, 2012 15:52:01",1356018721,"creis@chromium.org","2011-3087"
118721,"Low","Cr-Internals, Cr-Platform-Extensions, Cr-Privacy, M-19, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","mpcomplete@chromium.org","Extensions resources can be fetched across incognito","Mar 21, 2013 21:05:41",1363899941,"Mar 17, 2012 00:53:37",1331945617,"Dec 20, 2012 15:52:01",1356018721,"a...@chromium.org",""
118784,"Medium","ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::insert<unsigned short>","Apr 06, 2013 00:42:25",1365208945,"Mar 17, 2012 22:42:20",1332024140,"Mar 27, 2012 03:33:29",1332819209,"aa...@google.com",""
118803,"High","Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Stable",,"","schen...@chromium.org","Heap-use-after-free in WebCore::SVGTextLayoutAttributesBuilder::fillCharacterDataMap","Apr 06, 2013 03:44:26",1365219866,"Mar 18, 2012 07:10:35",1332054635,"Mar 26, 2012 17:26:04",1332782764,"infe...@chromium.org",""
118853,"High","ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::deleteLine","Apr 06, 2013 00:42:18",1365208938,"Mar 19, 2012 02:53:16",1332125596,"Mar 29, 2012 23:04:59",1333062299,"aa...@google.com",""
118970,"High","CVE-2011-3101, Cr-Internals, Cr-Internals-GPU-VendorSpecific, M-19, Merge-Merged, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Severity-High, Type-Bug-Security, merge-merged-1084, reward-500, reward-decline","None",500,"decline","g...@chromium.org","GPU process crash below DoDrawArrays (Nvidia)","Mar 21, 2013 20:42:18",1363898538,"Mar 19, 2012 19:40:45",1332186045,"Apr 19, 2012 19:33:44",1334864024,"aohelin","2011-3101"
119150,"Medium","CVE-2012-2816, Cr-Internals, Cr-Security, M-20, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1077","Beta, Stable",,"","jsc...@chromium.org","Sandboxed processes should not be able to open other sandboxed processes","Mar 21, 2013 21:05:40",1363899940,"Mar 20, 2012 20:54:12",1332276852,"Apr 19, 2012 19:40:36",1334864436,"jsc...@chromium.org","2012-2816"
119230,"High","CVE-2012-3656, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::splitBlocks","Apr 06, 2013 00:41:57",1365208917,"Mar 21, 2012 01:41:25",1332294085,"Mar 23, 2012 22:06:40",1332540400,"infe...@chromium.org","2012-3656"
119250,"High","CVE-2012-2816, Cr-Internals, Cr-Internals-GPU, M-20, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","jsc...@chromium.org","GPU, Plugin, and NaCl processes have PROCESS_DUP_HANDLE permission on renderer processes","Mar 21, 2013 21:05:39",1363899939,"Mar 21, 2012 06:31:41",1332311501,"Apr 19, 2012 05:07:34",1334812054,"jsc...@chromium.org","2012-2816"
119281,"High","CVE-2011-3074, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::GenericEventQueue::~GenericEventQueue","Apr 06, 2013 00:41:54",1365208914,"Mar 21, 2012 13:28:10",1332336490,"Mar 30, 2012 01:35:47",1333071347,"slaweck","2011-3074"
119305,"High","Cr-Blink, M-20, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","morr...@chromium.org","Heap-use-after-free in WebCore::Node::~Node","Apr 06, 2013 00:41:53",1365208913,"Mar 21, 2012 17:11:00",1332349860,"Dec 20, 2012 15:53:22",1356018802,"Ax3...@gmail.com",""
119429,"Medium","Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500, reward-decline","Beta, Stable",500,"decline","danno@chromium.org","UNKNOWN in v8::Message::GetScriptResourceName","Apr 06, 2013 00:41:42",1365208902,"Mar 22, 2012 05:16:24",1332393384,"Apr 03, 2012 15:37:23",1333467443,"aohelin",""
119501,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-19, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","pdr@chromium.org","Heap-use-after-free in WebCore::SVGStyledElement::buildPendingResourcesIfNeeded","Apr 06, 2013 03:44:24",1365219864,"Mar 22, 2012 17:30:09",1332437409,"Mar 25, 2012 18:20:41",1332699641,"ke...@chromium.org",""
119525,"High","CVE-2011-3075, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange","Apr 06, 2013 00:41:34",1365208894,"Mar 22, 2012 18:34:15",1332441255,"Mar 24, 2012 20:18:08",1332620288,"miaubiz@gmail.com","2011-3075"
119926,"High","Cr-Internals, M-19, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","danno@chromium.org","Use after free in v8::internal::IncrementalMarking::Step","Mar 21, 2013 20:42:15",1363898535,"Mar 24, 2012 12:15:27",1332591327,"Mar 26, 2012 12:14:40",1332764080,"decoder...@googlemail.com",""
120006,"High","ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::finishDelayUpdateScrollInfo","Apr 06, 2013 00:40:57",1365208857,"Mar 25, 2012 06:59:26",1332658766,"Dec 20, 2012 15:53:22",1356018802,"infe...@chromium.org",""
120007,"High","ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dslomov@chromium.org","Heap-use-after-free in WebCore::WorkerEventQueue::close","Apr 06, 2013 00:40:57",1365208857,"Mar 25, 2012 07:00:08",1332658808,"Apr 04, 2012 21:02:37",1333573357,"infe...@chromium.org",""
120037,"High","CVE-2011-3076, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::ContainerNode::resumePostAttachCallbacks","Apr 06, 2013 00:40:53",1365208853,"Mar 25, 2012 19:12:53",1332702773,"Mar 26, 2012 06:13:07",1332742387,"miaubiz@gmail.com","2011-3076"
120189,"High","CVE-2011-3077, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","adamk@chromium.org","Heap-use-after-free in WebCore::V8RecursionScope::didLeaveScriptContext","Apr 06, 2013 00:40:43",1365208843,"Mar 26, 2012 17:11:09",1332781869,"Mar 26, 2012 22:54:37",1332802477,"infe...@chromium.org","2011-3077"
120205,"Medium","Cr-Blink, Cr-Blink-SVG, M-19, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","schen...@chromium.org","Security: <svg:use> elements in the parser can create elements not marked as created by the parser","Apr 06, 2013 03:44:21",1365219861,"Mar 26, 2012 18:05:25",1332785125,"Dec 20, 2012 15:52:54",1356018774,"schen...@chromium.org",""
120222,"High","CVE-2012-2817, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderTableSection::paintCell","Apr 06, 2013 00:40:40",1365208840,"Mar 26, 2012 18:54:07",1332788047,"Dec 20, 2012 15:53:22",1356018802,"miaubiz@gmail.com","2012-2817"
120318,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-Flash, M-18, Merge-Merged, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cpu@chromium.org","Flash Broker Bypass 0x2D (CVE-2012-0725)","Apr 06, 2013 04:02:11",1365220931,"Mar 27, 2012 00:44:00",1332809040,"Mar 28, 2012 23:21:00",1332976860,"jsc...@chromium.org",""
120320,"High","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-Flash, M-18, Merge-Merged, OS-Windows, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cpu@chromium.org","Flash Broker Bypass 0x2B (CVE-2012-0724)","Apr 06, 2013 04:02:11",1365220931,"Mar 27, 2012 00:46:15",1332809175,"Mar 28, 2012 23:21:22",1332976882,"jsc...@chromium.org",""
120404,"Medium","ClusterFuzz, Cr-Blink, M-20, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::Font::codePath","Apr 06, 2013 00:40:27",1365208827,"Mar 27, 2012 14:35:47",1332858947,"Dec 20, 2012 15:52:27",1356018747,"aa...@google.com",""
120457,"Medium","Cr-Blink, M-18, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","","Global-buffer-overflow in WebCore::InlineTextBox::isLineBreak","Apr 06, 2013 00:40:21",1365208821,"Mar 27, 2012 18:05:31",1332871531,"May 03, 2012 19:12:38",1336072358,"miaubiz@gmail.com",""
120648,"Medium","CVE-2011-3088, Cr-Internals, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500, reward","Beta, Stable",500,"decline","scarybea...@gmail.com","UNKNOWN in SkARGB32_Blitter::blitV","Apr 01, 2013 15:36:10",1364830570,"Mar 28, 2012 14:24:49",1332944689,"Apr 02, 2012 19:50:20",1333396220,"aohelin","2011-3088"
120711,"High","CVE-2011-3089, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::Element::recalcStyle","Apr 06, 2013 00:40:08",1365208808,"Mar 28, 2012 18:36:47",1332959807,"Apr 09, 2012 16:08:07",1333987687,"miaubiz@gmail.com","2011-3089"
120912,"High","CVE-2011-3105, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","ke...@chromium.org","Heap-use-after-free in WebCore::RenderText::removeTextBox","Apr 06, 2013 00:39:49",1365208789,"Mar 29, 2012 18:05:15",1333044315,"Dec 20, 2012 15:53:22",1356018802,"miaubiz@gmail.com","2011-3105"
120944,"High","CVE-2012-2818, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","ke...@chromium.org","Use-after-free due to issues in counter layout.","Apr 06, 2013 00:39:45",1365208785,"Mar 29, 2012 19:34:36",1333049676,"Dec 20, 2012 15:53:22",1356018802,"miaubiz@gmail.com","2012-2818"
120977,"High","CVE-2012-2819, Cr-Internals, Cr-Internals-GPU-WebGL, Cr-Internals-Graphics, M-20, Merge-Merged-1132, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WebKit-ID-8","Beta, Stable",,"","kbr@chromium.org","Crash in texSubImage2D on Mozilla's WebGL performance regression tests","Mar 21, 2013 21:05:29",1363899929,"Mar 29, 2012 21:46:46",1333057606,"Dec 20, 2012 15:53:47",1356018827,"kbr@chromium.org","2012-2819"
121128,"Medium","CVE-2012-3711, ClusterFuzz, Cr-Blink, Cr-Blink-Editing, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","fmal...@chromium.org","Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::append<unsigned short>","Apr 06, 2013 03:44:20",1365219860,"Mar 30, 2012 16:22:57",1333124577,"Dec 20, 2012 15:52:27",1356018747,"skylined@chromium.org","2012-3711"
121206,"High","CVE-2012-3604, ClusterFuzz, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::HTMLSelectElement::setRecalcListItems","Apr 06, 2013 00:39:26",1365208766,"Mar 30, 2012 21:50:10",1333144210,"Apr 03, 2012 02:14:07",1333419247,"skylined@chromium.org","2012-3604"
121223,"Medium","CVE-2011-3090, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","yutak@chromium.org","Heap-use-after-free in WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadCreateWebSocketChannel","Apr 06, 2013 00:39:25",1365208765,"Mar 30, 2012 23:26:03",1333149963,"Apr 04, 2012 05:09:00",1333516140,"Ax3...@gmail.com","2011-3090"
121259,"Low","Cr-UI, Cr-UI-Browser-Downloads, OS-All, Pri-3, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","rdsmith@chromium.org","Security: downloads initiated by third parties are confusing","Apr 05, 2013 23:29:32",1365204572,"Mar 31, 2012 06:57:43",1333177063,"",0,"lcam...@google.com",""
121347,"Medium","CVE-2012-2865, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, r","Beta, Stable",500,"accept","dstockw...@chromium.org","Heap-buffer-overflow in WebCore::RenderBlock::LineBreaker::nextLineBreak","Apr 06, 2013 00:39:11",1365208751,"Apr 01, 2012 16:22:41",1333297361,"Dec 20, 2012 15:52:27",1356018747,"miaubiz@gmail.com","2012-2865"
121407,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","danno@chromium.org","[LangFuzz] Invalid write in v8::internal::ElementsAccessorBase<...>::CopyElements","Apr 06, 2013 03:24:13",1365218653,"Apr 02, 2012 10:59:20",1333364360,"Apr 03, 2012 15:40:26",1333467626,"decoder...@googlemail.com",""
121524,"High","Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","Use after free with reflections and composited layers","Apr 06, 2013 00:38:55",1365208735,"Apr 02, 2012 21:09:23",1333400963,"Apr 02, 2012 21:12:05",1333401125,"infe...@chromium.org",""
121645,"High","CVE-2012-3674, ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Securit","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::removeFloatingObject","Apr 06, 2013 03:44:19",1365219859,"Apr 03, 2012 12:29:37",1333456177,"Apr 09, 2012 18:22:50",1333995770,"skylined@chromium.org","2012-3674"
121692,"High","CVE-2012-3625, ClusterFuzz, Cr-Blink, Cr-Blink-CSS, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Securit","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::SelectorChecker::checkOneSelector","Apr 06, 2013 05:00:02",1365224402,"Apr 03, 2012 16:39:17",1333471157,"Apr 03, 2012 22:52:34",1333493554,"skylined@chromium.org","2012-3625"
121703,"Low","Cr-UI-Browser-Omnibox, M-20, OS-Mac, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security","Beta, Stable",,"","mrossetti@chromium.org","Crash in NSMutableRLEArray replaceObjectsInRange:withObject:length with long URL","Mar 21, 2013 21:05:26",1363899926,"Apr 03, 2012 17:24:03",1333473843,"Jun 12, 2012 18:07:52",1339524472,"Aaron.Tr...@gmail.com",""
121726,"Medium","CVE-2011-3080, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-Flash, Cr-Security, M-18, Merge-Merged, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cpu@chromium.org","Sandbox IPC length checking race","Apr 06, 2013 04:01:57",1365220917,"Apr 03, 2012 18:29:21",1333477761,"Apr 04, 2012 04:49:17",1333514957,"jsc...@chromium.org","2011-3080"
121734,"High","CVE-2011-3091, ClusterFuzz, Cr-Blink, Cr-Blink-Storage-IndexedDB, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Ty","Beta, Stable",,"","dgrogan@chromium.org","Heap-use-after-free in WebCore::V8AbstractEventListener::~V8AbstractEventListener","Apr 06, 2013 03:06:39",1365217599,"Apr 03, 2012 19:03:50",1333479830,"Apr 11, 2012 04:37:06",1334119026,"infe...@chromium.org","2011-3091"
121899,"High","CVE-2011-3081, Cr-Blink, M-18, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Security: use-after-free in WebCore::RenderBoxModelObject::hasSelfPaintingLayer()","Apr 06, 2013 00:38:19",1365208699,"Apr 04, 2012 14:58:19",1333551499,"Apr 11, 2012 04:53:04",1334119984,"miaubiz@gmail.com","2011-3081"
121926,"Medium","CVE-2012-2820, Cr-Blink, Cr-Blink-SVG, M-20, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","schen...@chromium.org","Heap-buffer-overflow in WebCore::FEConvolveMatrix::platformApplySoftware","Apr 06, 2013 03:44:17",1365219857,"Apr 04, 2012 16:36:54",1333557414,"Dec 20, 2012 15:52:27",1356018747,"attek...@gmail.com","2012-2820"
122014,"High","CVE-2012-3670, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dslomov@chromium.org","Heap-use-after-free in WorkerEventQueue::close","Apr 06, 2013 00:38:11",1365208691,"Apr 04, 2012 21:01:44",1333573304,"Apr 05, 2012 05:17:06",1333603026,"infe...@chromium.org","2012-3670"
122029,"High","CVE-2012-3654, ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::InlineFlowBox::addToLine","Apr 06, 2013 03:44:17",1365219857,"Apr 04, 2012 21:34:58",1333575298,"Dec 20, 2012 15:53:22",1356018802,"infe...@chromium.org","2012-3654"
122208,"High","Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","adamk@chromium.org","GCing a node observed by a WebKitMutationObserver can cause an invalid HashSet iterator ","Apr 06, 2013 00:37:52",1365208672,"Apr 05, 2012 19:31:57",1333654317,"Apr 05, 2012 21:12:56",1333660376,"adamk@chromium.org",""
122337,"High","CVE-2011-3092, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, reward-1000","Beta",1000,"accept","erikcorry@google.com","[LangFuzz] Crash on heap with invalid write (32 bit only).","Apr 06, 2013 00:37:39",1365208659,"Apr 06, 2012 11:28:22",1333711702,"Apr 12, 2012 16:03:16",1334246596,"decoder...@googlemail.com","2011-3092"
122562,"High","Cr-Blink, M-19, Merge-Merged, OS-Linux, OS-Windows, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, merge-merged-1084, reward-1000","None",1000,"accept","koz@chromium.org","Heap-use-after-free in ModuleSystem::LazyFieldGetter","Apr 06, 2013 00:37:20",1365208640,"Apr 08, 2012 12:50:43",1333889443,"Apr 13, 2012 19:24:05",1334345045,"Ax3...@gmail.com",""
122573,"High","ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jap...@chromium.org","Heap-use-after-free in WebCore::CachedRawResource::didAddClient","Apr 06, 2013 00:37:19",1365208639,"Apr 08, 2012 15:23:35",1333898615,"Apr 25, 2012 19:31:41",1335382301,"infe...@chromium.org",""
122585,"Medium","CVE-2011-3093, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","ba...@chromium.org","Security: stack-buffer-overflow in WebCore::GlyphPage::fill with surrogate characters","Apr 06, 2013 00:37:18",1365208638,"Apr 08, 2012 19:53:55",1333914835,"Apr 12, 2012 18:59:32",1334257172,"miaubiz@gmail.com","2011-3093"
122586,"Medium","CVE-2011-3094, Cr-Internals, M-19, Merge-Merged, OS-Linux, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","ba...@chromium.org","Global-buffer-overflow in HB_TibetanShape","Mar 21, 2013 21:05:21",1363899921,"Apr 08, 2012 20:10:49",1333915849,"Apr 11, 2012 02:40:41",1334112041,"miaubiz@gmail.com","2011-3094"
122654,"Critical","CVE-2011-3106, Cr-Internals, M-19, Merge-Merged, MovedFrom-20, MovedFrom-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, merge-","Beta, Stable",,"","toyoshim@chromium.org","Chrome: Crash Report: SocketStreamDispatcherHost::CancelSSLRequest","Mar 21, 2013 21:07:52",1363900072,"Apr 09, 2012 18:12:58",1333995178,"Dec 20, 2012 15:53:47",1356018827,"dhar...@google.com","2011-3106"
122681,"Medium","Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Type-Bug-Security, reward-500","None",500,"accept","vegorov@chromium.org","[LangFuzz] CHECK(fixed_size + height_in_bytes == input_frame_size) failed or crash with invalid read","Apr 06, 2013 00:37:03",1365208623,"Apr 09, 2012 21:12:54",1334005974,"Apr 10, 2012 13:53:09",1334065989,"decoder...@googlemail.com",""
122925,"Medium","CVE-2012-2821, Cr-UI, Cr-UI-Browser-Autofill, M-20, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","isherman@chromium.org","Security: Autofill info can be captured by innocuous social engineering","Mar 21, 2013 21:05:20",1363899920,"Apr 11, 2012 02:30:58",1334111458,"Dec 20, 2012 15:52:54",1356018774,"simonbro...@gmail.com","2012-2821"
123029,"High","Cr-Internals, Cr-Internals-Skia, M-19, Merge-Merged, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","epoger@google.com","OOB write in SkARGB32_Black_Blitter::blitAntiH -> sk_memset32_SSE2","Apr 01, 2013 15:35:59",1364830559,"Apr 11, 2012 20:16:06",1334175366,"Apr 17, 2012 20:56:16",1334696176,"aohelin",""
123481,"High","CVE-2011-3095, Cr-Internals, Cr-Internals-Media, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, ","Beta, Stable",1000,"accept","dalecur...@chromium.org","Security: ERROR: AddressSanitizer heap-buffer-overflow on address 0x7fde15ff9890 at pc 0x7fde364c5034","Apr 01, 2013 15:35:59",1364830559,"Apr 14, 2012 17:55:55",1334426155,"Apr 18, 2012 18:25:00",1334773500,"heikkine...@gmail.com","2011-3095"
123530,"Low","CVE-2011-3096, Cr-UI, Cr-UI-Browser-Omnibox, M-19, Merge-Merged, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1084","Beta, Stable",,"","erg@chromium.org","Heap-use-after-free in AutocompleteMatch::AutocompleteMatch","Mar 21, 2013 21:05:18",1363899918,"Apr 15, 2012 17:29:25",1334510965,"Apr 17, 2012 01:07:50",1334624870,"Ax3...@gmail.com","2011-3096"
123631,"High","CVE-2012-3703, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","schen...@chromium.org","Heap-use-after-free in WebCore::GraphicsContext::paintingDisabled","Apr 06, 2013 03:44:12",1365219852,"Apr 16, 2012 16:56:57",1334595417,"Dec 20, 2012 15:53:22",1356018802,"jsc...@chromium.org","2012-3703"
123656,"Low","M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","","Apr 01, 2013 15:35:57",1364830557,"Apr 16, 2012 18:56:36",1334602596,"Dec 20, 2012 15:52:01",1356018721,"scarybea...@gmail.com",""
123709,"High","Cr-Internals, M-18, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","c...@chromium.org","Breakpad ClientInfo::PopulateCustomInfo() integer wrap leads to heap overflow","Mar 21, 2013 21:05:17",1363899917,"Apr 16, 2012 23:18:43",1334618323,"Apr 17, 2012 18:21:29",1334686889,"c...@chromium.org",""
123733,"Medium","CVE-2011-3097, M-19, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," function","Mar 21, 2013 21:05:17",1363899917,"Apr 17, 2012 02:34:46",1334630086,"Apr 17, 2012 21:07:16",1334696836,"scarybea...@gmail.com","2011-3097"
123735,"Medium","M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB reads in PDF AES support due to buffer mismanagement","Mar 21, 2013 21:05:16",1363899916,"Apr 17, 2012 03:07:53",1334632073,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
123929,"","M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," key and revision 3 crypto","Mar 21, 2013 21:05:16",1363899916,"Apr 17, 2012 23:18:59",1334704739,"Dec 20, 2012 15:52:01",1356018721,"scarybea...@gmail.com",""
124179,"Low","M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF crash under ASAN with character maps","Mar 21, 2013 21:05:15",1363899915,"Apr 19, 2012 08:49:16",1334825356,"Dec 20, 2012 15:52:01",1356018721,"scarybea...@gmail.com",""
124182,"High","CVE-2011-3097, Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Out of bounds write in PDF with sample function with lots of inputs","Apr 06, 2013 03:12:44",1365217964,"Apr 19, 2012 09:49:47",1334828987,"Apr 20, 2012 19:46:07",1334951167,"scarybea...@gmail.com","2011-3097"
124183,"Medium","M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF fax codec","Mar 21, 2013 21:05:15",1363899915,"Apr 19, 2012 10:17:06",1334830626,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
124184,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read with 1bpp image and ICC profile","Apr 06, 2013 03:12:43",1365217963,"Apr 19, 2012 10:30:55",1334831455,"Dec 20, 2012 15:52:01",1356018721,"scarybea...@gmail.com",""
124190,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read, off-by-one in PDF predictor code with specific decode parameters","Apr 06, 2013 03:12:43",1365217963,"Apr 19, 2012 12:47:19",1334839639,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
124191,"Medium","Cr-Blink, Cr-Internals, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF when parsing / processing text","Apr 06, 2013 03:12:43",1365217963,"Apr 19, 2012 12:55:06",1334840106,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
124216,"Low","CVE-2011-3098, Cr-Blink, Cr-Internals, Cr-Internals-Plugins, M-19, Merge-Merged, OS-Windows, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1084","Beta, Stable",,"","jsc...@chromium.org","Security: MSVR:159 - Google Chrome NPAPI Plugin Insecure Loading Elevation of Privilege Vulnerability","Apr 06, 2013 04:19:07",1365221947,"Apr 19, 2012 15:25:22",1334849122,"Apr 20, 2012 00:34:06",1334882046,"MSVulner...@gmail.com","2011-3098"
124263,"","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-None, Security_Impact-Stable, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read with PDF in cell sorting","Apr 06, 2013 03:12:42",1365217962,"Apr 19, 2012 18:27:09",1334860029,"Apr 24, 2012 00:50:35",1335228635,"scarybea...@gmail.com",""
124356,"High","CVE-2012-2823, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-100","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::GraphicsContext::restore","Apr 06, 2013 03:44:11",1365219851,"Apr 20, 2012 05:25:14",1334899514,"Dec 20, 2012 15:53:22",1356018802,"miaubiz@gmail.com","2012-2823"
124479,"","CVE-2011-3099, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Use after free in PDF with corrupt CID font encoding name","Apr 06, 2013 03:12:40",1365217960,"Apr 20, 2012 21:38:55",1334957935,"Apr 20, 2012 22:10:48",1334959848,"scarybea...@gmail.com","2011-3099"
124530,"High","CVE-2012-3652, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects","Apr 06, 2013 00:33:54",1365208434,"Apr 21, 2012 07:12:20",1334992340,"Dec 20, 2012 15:53:22",1356018802,"aa...@google.com","2012-3652"
124594,"Medium","Cr-Blink, Cr-Blink-JavaScript, M-20, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Medium, Type-Bug-Security, reward-500","None",500,"accept","mstarzinger@chromium.org","UNKNOWN in v8::internal::MarkCompactCollector::PrepareThreadForCodeFlushing","Apr 06, 2013 03:23:58",1365218638,"Apr 22, 2012 20:46:08",1335127568,"Apr 25, 2012 14:44:38",1335365078,"decoder...@googlemail.com",""
124617,"High","ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::RenderBlock::createLineBoxes","Apr 06, 2013 00:33:44",1365208424,"Apr 23, 2012 11:44:16",1335181456,"Dec 20, 2012 15:53:22",1356018802,"skylined@chromium.org",""
124625,"High","CVE-2011-3107, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security","Beta, Stable",,"","jap...@chromium.org","Chrome: Crash Report - Stack Signature: WebCore::npObjectNamedGetter<WebCore::V8HTM... ","Apr 06, 2013 00:33:42",1365208422,"Apr 23, 2012 13:26:09",1335187569,"Dec 20, 2012 15:52:54",1356018774,"dhar...@chromium.org","2011-3107"
124669,"High","Cr-Blink, Cr-Blink-SVG, M-20, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","schen...@chromium.org","Heap-use-after-free in WebCore::SVGLength::value","Apr 06, 2013 03:44:09",1365219849,"Apr 23, 2012 17:41:46",1335202906,"Dec 20, 2012 15:53:22",1356018802,"miaubiz@gmail.com",""
124870,"High","CVE-2012-3624, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::InsertParagraphSeparatorCommand::doApply","Apr 06, 2013 00:33:16",1365208396,"Apr 24, 2012 19:33:30",1335296010,"Dec 20, 2012 15:53:22",1356018802,"aa...@google.com","2012-3624"
124893,"High","CVE-2012-3626, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","Heap-buffer-overflow in WebCore::HTMLOptionElement::selected","Apr 06, 2013 00:33:13",1365208393,"Apr 24, 2012 21:30:34",1335303034,"Apr 27, 2012 02:45:23",1335494723,"infe...@chromium.org","2012-3626"
124895,"High","Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jsc...@chromium.org","Heap-use-after-free in WebCore::ScriptController::executeIfJavaScriptURL","Apr 06, 2013 00:33:13",1365208393,"Apr 24, 2012 21:33:49",1335303229,"Apr 30, 2012 17:01:54",1335805314,"infe...@chromium.org",""
124919,"High","ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::addOverflowFromFloats","Apr 06, 2013 00:33:12",1365208392,"Apr 24, 2012 23:10:22",1335309022,"Apr 30, 2012 21:31:54",1335821514,"aa...@google.com",""
124924,"High","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Heap-buffer-overflow in WebCore::XPath::sortBlock","Apr 06, 2013 00:33:11",1365208391,"Apr 24, 2012 23:18:15",1335309495,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org",""
125159,"Critical","CVE-2011-3108, Cr-Internals, Cr-Internals-Network-Cache, M-19, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, merge-","Beta, Stable",1337,"accept","rvargas@chromium.org","Chrome chrashes when pressing back button on a page that is still downloading a big gif image","Mar 21, 2013 21:07:52",1363900072,"Apr 26, 2012 09:49:23",1335433763,"Dec 20, 2012 15:53:48",1356018828,"efbiaiin...@gmail.com","2011-3108"
125225,"Medium","CVE-2012-2846, Cr-Internals, M-21, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1132","Beta, Stable",,"","jln@chromium.org","Domui process can be ptraced from a compromised renderer leading to sandbox escape, take 2","Mar 21, 2013 21:05:05",1363899905,"Apr 26, 2012 19:42:48",1335469368,"Dec 20, 2012 15:52:54",1356018774,"jln@chromium.org","2012-2846"
125374,"High","CVE-2012-2824, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::RenderSVGContainer::paint","Apr 06, 2013 03:44:08",1365219848,"Apr 27, 2012 18:48:53",1335552533,"Dec 20, 2012 15:53:23",1356018803,"miaubiz@gmail.com","2012-2824"
125462,"High","CVE-2011-3102, Cr-Internals, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1084, reward-1500","Beta, Stable",1500,"accept","cev...@chromium.org","Security: libxml2 1-byte heap-buffer-overflow in xmlXPtrEvalXPtrPart","Mar 21, 2013 21:05:04",1363899904,"Apr 28, 2012 12:56:45",1335617805,"May 03, 2012 17:49:26",1336067366,"a...@ut.ee","2011-3102"
125494,"High","CVE-2012-3627, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","simonjam@chromium.org","Heap-buffer-overflow in WebCore::HTMLTreeBuilder::processEndTag","Apr 06, 2013 00:32:23",1365208343,"Apr 29, 2012 01:34:54",1335663294,"May 02, 2012 00:29:00",1335918540,"infe...@chromium.org","2012-3627"
125515,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-19, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, reward-1000","Beta",1000,"accept","danno@chromium.org","[LangFuzz] Crash on heap with invalid write to random address","Apr 06, 2013 03:23:54",1365218634,"Apr 29, 2012 18:16:14",1335723374,"May 03, 2012 15:27:43",1336058863,"decoder...@googlemail.com",""
125555,"High","ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","mikelawt...@chromium.org","Heap-use-after-free in WTF::HashMap<int, WTF::RefPtr<WebCore::CalculationValue>, WTF::IntHash<unsigned int>, WTF::HashTrait","Apr 06, 2013 00:32:15",1365208335,"Apr 30, 2012 14:43:07",1335796987,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org",""
125563,"High","CVE-2012-3671, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::determineStartPosition","Apr 06, 2013 00:32:13",1365208333,"Apr 30, 2012 16:19:11",1335802751,"Dec 20, 2012 15:53:23",1356018803,"aa...@google.com","2012-3671"
125730,"High","ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::Document::nodeChildrenWillBeRemoved","Apr 06, 2013 00:31:59",1365208319,"May 01, 2012 14:38:40",1335883120,"Dec 20, 2012 15:53:23",1356018803,"ke...@chromium.org",""
125821,"Low","Cr-Internals, M-20, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","jln@chromium.org","The Linux setuid sandbox has becomre (even more) insanely complex","Mar 21, 2013 21:05:03",1363899903,"May 01, 2012 21:48:03",1335908883,"May 23, 2012 16:02:26",1337788946,"jln@chromium.org",""
125919,"Medium","Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta",500,"accept","","Heap-buffer-overflow in WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue","Apr 06, 2013 03:44:05",1365219845,"May 02, 2012 12:20:58",1335961258,"Dec 20, 2012 15:52:27",1356018747,"attek...@gmail.com",""
125921,"Medium","CVE-2012-3660, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::FontCache::releaseFontData","Apr 06, 2013 00:31:41",1365208301,"May 02, 2012 12:53:58",1335963238,"Dec 20, 2012 15:52:27",1356018747,"aa...@google.com","2012-3660"
126040,"High","CVE-2012-3628, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::ContainerNode::insertBefore","Apr 06, 2013 00:31:31",1365208291,"May 03, 2012 00:35:32",1336005332,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3628"
126048,"High","Cr-Internals, M-20, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","primi...@chromium.org","Heap-use-after-free in SpeechRecognitionManagerImpl::DispatchEvent","Mar 21, 2013 20:41:49",1363898509,"May 03, 2012 02:20:56",1336011656,"May 04, 2012 16:30:07",1336149007,"chamal.d...@gmail.com",""
126296,"High","CVE-2011-3109, Cr-UI, M-19, Merge-Merged, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1084, merge-merged-1132, reward-1000","Beta, Stable",1000,"accept","derat@chromium.org",").initMouseEvent in background tab","Mar 21, 2013 21:05:01",1363899901,"May 04, 2012 20:49:01",1336164541,"Dec 20, 2012 15:53:48",1356018828,"michabar...@gmail.com","2011-3109"
126337,"High","CVE-2011-3110, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Stack buffer overflow in character range parsing","Mar 21, 2013 21:05:01",1363899901,"May 05, 2012 00:21:18",1336177278,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3110"
126343,"High","CVE-2011-3110, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB write in PDF character code mapping","Mar 21, 2013 21:05:00",1363899900,"May 05, 2012 01:23:22",1336181002,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3110"
126378,"High","CVE-2011-3110, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Heap buffer overflow in JBIG2 huffman symbol decoding","Apr 06, 2013 03:12:36",1365217956,"May 05, 2012 16:19:22",1336234762,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3110"
126405,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF with mismatched key length vs. encryption type","Apr 06, 2013 03:12:36",1365217956,"May 06, 2012 06:35:36",1336286136,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
126406,"High","CVE-2012-3672, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks","Apr 06, 2013 00:30:59",1365208259,"May 06, 2012 06:47:01",1336286821,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3672"
126414,"Medium","CVE-2011-3111, Cr-Internals, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","jkummerow@chromium.org","[LangFuzz] Crash on heap with invalid read from random address (32 bit)","Mar 21, 2013 21:04:59",1363899899,"May 06, 2012 14:22:57",1336314177,"Dec 20, 2012 15:52:27",1356018747,"decoder...@googlemail.com","2011-3111"
126475,"High","CVE-2012-3673, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::InlineBox::root","Apr 06, 2013 00:30:54",1365208254,"May 07, 2012 15:50:36",1336405836,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3673"
126723,"High","CVE-2012-3601, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::checkFloatsInCleanLine","Apr 06, 2013 00:30:32",1365208232,"May 08, 2012 13:52:02",1336485122,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3601"
127331,"High","CVE-2011-3112, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Use-after-free in PDF with bad cross-refs and encryption","Apr 06, 2013 03:12:34",1365217954,"May 08, 2012 22:22:34",1336515754,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3112"
127349,"High","CVE-2011-3110, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," function","Apr 06, 2013 03:12:34",1365217954,"May 08, 2012 23:53:42",1336521222,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3110"
127363,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read of line at offset -1 in JBIG2 decoder","Apr 06, 2013 03:12:33",1365217953,"May 09, 2012 03:45:12",1336535112,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
127366,"High","CVE-2012-3617, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::ReplaceSelectionCommand::performTrivialReplace","Apr 06, 2013 00:30:07",1365208207,"May 09, 2012 05:33:21",1336541601,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3617"
127367,"High","CVE-2012-3598, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WebKit-ID-85939","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::ApplyStyleCommand::joinChildTextNodes","Apr 06, 2013 00:30:06",1365208206,"May 09, 2012 05:34:47",1336541687,"Dec 20, 2012 15:53:23",1356018803,"infe...@chromium.org","2012-3598"
127417,"","CVE-2012-2825, Cr-Internals, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Type-Bug-Security, merge-merged-1132, reward-500","Beta, Stable",500,"accept","cev...@chromium.org","Security: Arbitrary memory read in libxslt","Mar 21, 2013 21:04:56",1363899896,"May 09, 2012 16:51:20",1336582280,"Dec 20, 2012 15:52:02",1356018722,"nicolas....@agarri.fr","2012-2825"
127418,"High","Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","None",1000,"accept","fmal...@chromium.org","Heap-use-after-free in WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath","Apr 06, 2013 03:44:03",1365219843,"May 09, 2012 17:09:36",1336583376,"Dec 20, 2012 15:52:55",1356018775,"Ax3...@gmail.com",""
127424,"High","Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","tkent@chromium.org","Heap-use-after-free in WebKit::WebPagePopupImpl::closePopup","Apr 06, 2013 00:30:03",1365208203,"May 09, 2012 17:56:42",1336586202,"Dec 20, 2012 15:53:23",1356018803,"miaubiz@gmail.com",""
127522,"Low","CVE-2012-2847, Cr-Internals, Cr-UI-Browser-Downloads, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","rdsmith@chromium.org"," from File Download","Mar 21, 2013 21:04:55",1363899895,"May 10, 2012 07:24:30",1336634670,"Dec 20, 2012 15:52:02",1356018722,"m...@m-austin.com","2012-2847"
127525,"Medium","CVE-2012-2848, Cr-Internals, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Dragging a file into a web renderer exposes the file: scheme","Mar 21, 2013 21:04:55",1363899895,"May 10, 2012 07:44:31",1336635871,"Dec 20, 2012 15:52:55",1356018775,"m...@m-austin.com","2012-2848"
127624,"Low","Cr-Internals, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","tsepez@chromium.org","Security: pepper plugins - protect plugin's data files from other plugins and the renderer itself.","Mar 21, 2013 20:51:47",1363899107,"May 10, 2012 18:51:49",1336675909,"Dec 20, 2012 15:52:27",1356018747,"tsepez@chromium.org",""
127819,"High","CVE-2011-3110, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Memory corruption in memset() with corrupt JBig2 image","Apr 06, 2013 03:12:31",1365217951,"May 11, 2012 18:59:48",1336762788,"Dec 20, 2012 15:53:23",1356018803,"scarybea...@gmail.com","2011-3110"
127868,"High","CVE-2011-3110, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," that returns more than 1 output value","Apr 06, 2013 03:12:31",1365217951,"May 11, 2012 22:19:08",1336774748,"Dec 20, 2012 15:53:24",1356018804,"scarybea...@gmail.com","2011-3110"
127883,"High","CVE-2011-3113, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," colorspace array","Apr 06, 2013 03:12:31",1365217951,"May 11, 2012 23:33:02",1336779182,"Dec 20, 2012 15:53:24",1356018804,"scarybea...@gmail.com","2011-3113"
127897,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF due to negative index with malformed JBIG2 file","Apr 06, 2013 03:12:30",1365217950,"May 12, 2012 03:24:38",1336793078,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
127901,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB reads parsing inline PDF streams","Apr 06, 2013 03:12:29",1365217949,"May 12, 2012 05:27:31",1336800451,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
127986,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF with mismatched key length","Apr 06, 2013 03:12:29",1365217949,"May 14, 2012 01:19:19",1336958359,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
128003,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF with stitched functions","Apr 06, 2013 03:12:28",1365217948,"May 14, 2012 07:40:07",1336981207,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
128014,"High","CVE-2011-3114, Cr-Blink, Cr-Internals-Plugins-PDF, M-19, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","Probable buffer overflows in PDF with mismatched function outputs","Apr 06, 2013 03:12:28",1365217948,"May 14, 2012 10:19:51",1336990791,"Dec 20, 2012 15:53:24",1356018804,"scarybea...@gmail.com","2011-3114"
128018,"High","CVE-2011-3115, Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","danno@chromium.org","[LangFuzz] Crash in v8::internal::ShortCircuitConsString with invalid read","Apr 06, 2013 03:23:47",1365218627,"May 14, 2012 11:06:41",1336993601,"May 21, 2012 12:34:29",1337603669,"decoder...@googlemail.com","2011-3115"
128151,"High","Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","kinuko@chromium.org","Heap-use-after-free in WebKit::MainThreadFileSystemCallbacks::didSucceed","Apr 06, 2013 00:29:03",1365208143,"May 15, 2012 10:57:11",1337079431,"Dec 20, 2012 15:53:24",1356018804,"Ax3...@gmail.com",""
128159,"High","ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","mikelawt...@chromium.org","Heap-use-after-free in WTF::HashMap<int, WTF::RefPtr<WebCore::CalculationValue>, WTF::IntHash<unsigned int>, WTF::HashTrait","Apr 06, 2013 00:29:01",1365208141,"May 15, 2012 13:26:16",1337088376,"Dec 20, 2012 15:53:24",1356018804,"infe...@chromium.org",""
128163,"Low","CVE-2012-2849, Cr-Blink, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","pkasting@chromium.org","Heap-buffer-overflow in GIFImageReader::read","Apr 06, 2013 00:29:00",1365208140,"May 15, 2012 14:06:49",1337090809,"Dec 20, 2012 15:52:27",1356018747,"attek...@gmail.com","2012-2849"
128178,"Critical","Cr-Blink, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-Critical, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-3133","None",3133,"accept","kinuko@chromium.org","Heap-use-after-free in fileapi::FileSystemOperation::DidGetUsageAndQuotaAndRunTask","Apr 06, 2013 00:28:57",1365208137,"May 15, 2012 16:06:56",1337098016,"May 17, 2012 16:09:03",1337270943,"Ax3...@gmail.com",""
128336,"High","CVE-2012-3657, ClusterFuzz, Cr-Blink, M-19, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-buffer-overflow in WebCore::SubframeLoader::createJavaAppletWidget","Apr 06, 2013 00:28:44",1365208124,"May 16, 2012 12:33:16",1337171596,"Dec 20, 2012 15:53:24",1356018804,"infe...@chromium.org","2012-3657"
128497,"High","CVE-2012-3710, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","jamesr@chromium.org","CachedImage does not clear the ImageObserver pointer when dropping its Image ref","Apr 06, 2013 00:28:29",1365208109,"May 17, 2012 05:25:57",1337232357,"Dec 20, 2012 15:53:24",1356018804,"infe...@chromium.org","2012-3710"
128498,"Medium","CVE-2012-3614, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","","Heap-buffer-overflow in WebCore::CSSSelector::specificityForOneSelector","Apr 06, 2013 00:28:28",1365208108,"May 17, 2012 05:38:08",1337233088,"Dec 20, 2012 15:52:27",1356018747,"infe...@chromium.org","2012-3614"
128597,"Low","Cr-Internals, M-22, OS-All, Pri-2, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","c...@chromium.org","RenderViewImpl's shared_popup_counter_ isn't incremented properly","Mar 21, 2013 21:04:49",1363899889,"May 17, 2012 19:47:44",1337284064,"Nov 28, 2012 22:58:08",1354143488,"c...@chromium.org",""
128688,"Medium","CVE-2012-2826, ClusterFuzz, Cr-Blink, M-20, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-86877-RESOLVE","Beta, Stable",,"","kbr@chromium.org","Heap-buffer-overflow in gpu::gles2::GLES2Implementation::TexSubImage2DImpl","Apr 06, 2013 00:28:16",1365208096,"May 18, 2012 05:51:18",1337320278,"Dec 20, 2012 15:52:55",1356018775,"infe...@chromium.org","2012-2826"
128704,"Low","Cr-UI, M-19, Merge-Merged, OS-All, OS-Chrome, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, VerifyIn-26, VerifyIn-27, merge-merged-1084, merge-merged-1132","Beta, Stable",,"","hashimoto@chromium.org","Crash when opening and closing chrome://chrome","Apr 02, 2013 17:58:02",1364925482,"May 18, 2012 10:05:13",1337335513,"Dec 20, 2012 15:52:02",1356018722,"hashimoto@chromium.org",""
129158,"Medium","ClusterFuzz, Cr-Blink, Cr-UI-Accessibility, M-23, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-98073","Beta, Stable",,"","dmazzoni@chromium.org","Heap-use-after-free in WebCore::AccessibilityObject::getAttribute","Apr 06, 2013 00:27:31",1365208051,"May 22, 2012 12:54:50",1337691290,"Dec 20, 2012 15:52:27",1356018747,"aa...@google.com",""
129301,"Medium","ClusterFuzz, Cr-Blink, Cr-UI-Accessibility, M-23, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Heap-use-after-free in WebCore::AXObjectCache::postPlatformNotification","Apr 06, 2013 00:27:19",1365208039,"May 23, 2012 04:32:34",1337747554,"Dec 20, 2012 15:52:27",1356018747,"infe...@chromium.org",""
129826,"Low","CVE-2012-2827, Cr-UI, Cr-UI-Browser-Downloads, M-20, Merge-Merged, OS-Mac, Pri-2, Restrict-AddIssueComment-EditIssue, Review-Security, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, merg","Beta, Stable",,"","rsesek@chromium.org","Chrome_Mac: Zombie <DownloadItemController: 0x1f1e6fd0> received -handleReveal: (via -performSelector:withObject:)","Mar 21, 2013 21:04:45",1363899885,"May 25, 2012 22:46:26",1337985986,"Dec 20, 2012 15:52:27",1356018747,"dhar...@google.com","2012-2827"
129857,"High","CVE-2012-2828, Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF image resize code","Apr 06, 2013 03:12:25",1365217945,"May 26, 2012 04:52:37",1338007957,"Dec 20, 2012 15:53:24",1356018804,"scarybea...@gmail.com","2012-2828"
129898,"High","CVE-2012-2842, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","c...@chromium.org","Heap-use-after-free in WebCore::CounterNode::lastDescendant","Apr 06, 2013 00:26:23",1365207983,"May 26, 2012 19:18:26",1338059906,"Dec 20, 2012 15:53:24",1356018804,"miaubiz@gmail.com","2012-2842"
129930,"High","CVE-2012-2807, Cr-Internals, M-20, Merge-Merged, OS-Linux, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1132, reward-3000","Beta, Stable",3000,"accept","cev...@chromium.org","Security: libxml2 growBuffer integer overflow on 64-bit machines","Mar 21, 2013 21:04:43",1363899883,"May 27, 2012 10:15:06",1338113706,"Dec 20, 2012 15:53:48",1356018828,"a...@ut.ee","2012-2807"
129936,"High","CVE-2012-3692, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::InlineTextBox::nodeAtPoint","Apr 06, 2013 00:26:20",1365207980,"May 27, 2012 13:20:43",1338124843,"Dec 20, 2012 15:53:24",1356018804,"infe...@chromium.org","2012-3692"
129942,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-21, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, merge-merged-1180, reward-1000","Beta",1000,"accept","c...@chromium.org","UNKNOWN in v8_i18n::IntlNumberFormat::JSInternalFormat","Apr 06, 2013 03:23:38",1365218618,"May 27, 2012 15:58:06",1338134286,"Dec 20, 2012 15:52:55",1356018775,"slaweck",""
129947,"High","CVE-2012-2829, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderObject::setStyle","Apr 06, 2013 00:26:18",1365207978,"May 27, 2012 17:39:50",1338140390,"Dec 20, 2012 15:53:24",1356018804,"miaubiz@gmail.com","2012-2829"
129951,"High","CVE-2012-2830, Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, Cr-Internals-GPU-WebGL, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, ","Beta, Stable",1000,"accept","ulan@chromium.org","UNKNOWN in v8::Function::Call","Apr 06, 2013 03:23:37",1365218617,"May 27, 2012 19:19:18",1338146358,"Dec 20, 2012 15:53:48",1356018828,"miaubiz@gmail.com","2012-2830"
130235,"High","CVE-2012-3648, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::HTMLElement::adjustDirectionalityIfNeededAfterChildrenChanged","Apr 06, 2013 00:25:53",1365207953,"May 30, 2012 04:06:51",1338350811,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3648"
130240,"High","CVE-2012-2806, M-21, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","cev...@chromium.org","Heap-buffer-overflow WRITE in read_markers third_party/libjpeg_turbo/jdmarker","Mar 21, 2013 20:41:29",1363898489,"May 30, 2012 05:41:35",1338356495,"May 30, 2012 22:38:48",1338417528,"attek...@gmail.com","2012-2806"
130251,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF image resizing","Apr 06, 2013 03:12:23",1365217943,"May 30, 2012 07:44:37",1338363877,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com","2012-2850"
130317,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF with JBIG2 image and bad bits per component","Apr 06, 2013 03:12:22",1365217942,"May 30, 2012 17:27:06",1338398826,"Dec 20, 2012 15:52:27",1356018747,"scarybea...@gmail.com",""
130356,"High","CVE-2012-2831, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug","Beta, Stable",1000,"accept","pdr@chromium.org","Heap-use-after-free in WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget","Apr 06, 2013 03:43:54",1365219834,"May 30, 2012 19:39:49",1338406789,"Dec 20, 2012 15:52:55",1356018775,"miaubiz@gmail.com","2012-2831"
130369,"High","ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects","Apr 06, 2013 00:25:36",1365207936,"May 30, 2012 20:38:55",1338410335,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
130592,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF with colorspace too small for RGB","Apr 06, 2013 03:12:21",1365217941,"May 31, 2012 18:18:49",1338488329,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
130595,"High","CVE-2012-2843, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::layoutBlockChildren","Apr 06, 2013 00:25:15",1365207915,"May 31, 2012 18:29:10",1338488950,"Dec 20, 2012 15:53:48",1356018828,"miaubiz@gmail.com","2012-2843"
130603,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF PS copy function when stack is too small","Apr 06, 2013 03:12:21",1365217941,"May 31, 2012 18:43:40",1338489820,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
130611,"Low","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","OOB read in PDF trying to loading inline stream images","Apr 06, 2013 03:12:21",1365217941,"May 31, 2012 19:17:07",1338491827,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com","2012-2850"
130722,"High","CVE-2012-3621, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Heap-use-after-free in WebCore::InsertParagraphSeparatorCommand::doApply","Apr 06, 2013 00:24:56",1365207896,"Jun 01, 2012 06:59:22",1338533962,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3621"
130723,"High","CVE-2012-3677, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","Use after free after setting -webkit-line-clamp to none","Apr 06, 2013 00:24:55",1365207895,"Jun 01, 2012 07:07:22",1338534442,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3677"
130927,"High","CVE-2012-3623, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Heap-use-after-free in WebCore::CompositeEditCommand::breakOutOfEmptyListItem","Apr 06, 2013 00:24:36",1365207876,"Jun 03, 2012 15:59:24",1338739164,"Dec 20, 2012 15:53:48",1356018828,"aa...@google.com","2012-3623"
131068,"Low","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: off-by-one read in PNG predictor handling","Apr 06, 2013 03:12:18",1365217938,"Jun 04, 2012 20:41:31",1338842491,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com","2012-2850"
131087,"High","CVE-2012-3708, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","UAF due to Document::removePendingSheet re-entering JavaScript during Document cleanup","Apr 06, 2013 00:24:19",1365207859,"Jun 04, 2012 22:13:25",1338848005,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3708"
131135,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: wild dereference with huge mask rectangle","Apr 06, 2013 03:12:17",1365217937,"Jun 05, 2012 03:56:15",1338868575,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
131237,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB reads in JBIG2 reference section handling","Apr 06, 2013 03:12:16",1365217936,"Jun 05, 2012 19:11:53",1338923513,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
131252,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org"," string","Apr 06, 2013 03:12:15",1365217935,"Jun 05, 2012 20:20:54",1338927654,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
131553,"High","CVE-2012-2832, Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: uninitialized pointer deleted in JBIG2 codec","Apr 06, 2013 03:12:14",1365217934,"Jun 07, 2012 07:35:03",1339054503,"Dec 20, 2012 15:53:24",1356018804,"scarybea...@gmail.com","2012-2832"
131557,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: wild read in image stretching","Apr 06, 2013 03:12:14",1365217934,"Jun 07, 2012 08:27:49",1339057669,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
131621,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read in font handling code for type 3 fonts","Apr 06, 2013 03:12:13",1365217933,"Jun 07, 2012 17:58:45",1339091925,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
131662,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: failure to validate pointer index in pattern array","Apr 06, 2013 03:12:13",1365217933,"Jun 07, 2012 20:26:07",1339100767,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
131690,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read with inline RLE encoding","Apr 06, 2013 03:12:12",1365217932,"Jun 07, 2012 21:45:56",1339105556,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
131968,"Medium","ClusterFuzz, Cr-Blink, M-23, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Heap-use-after-free in WebCore::AccessibilityTable::isDataTable","Apr 06, 2013 00:23:14",1365207794,"Jun 09, 2012 19:22:39",1339269759,"Dec 03, 2012 18:52:59",1354560779,"infe...@chromium.org",""
132019,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::InlineFlowBox::deleteLine","Apr 06, 2013 00:23:08",1365207788,"Jun 10, 2012 22:10:50",1339366250,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
132156,"High","CVE-2012-2833, Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: stack-based buffer overflow printing a float","Apr 06, 2013 03:12:09",1365217929,"Jun 11, 2012 21:23:24",1339449804,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2833"
132241,"High","CVE-2012-3702, CVE-2012-3712, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","jap...@chromium.org","Heap-use-after-free in WebCore::DocumentThreadableLoader::cancel","Apr 06, 2013 00:22:55",1365207775,"Jun 12, 2012 10:58:20",1339498700,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3702, 2012-3712"
132585,"High","CVE-2012-2851, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: integer overflow in rasterizing","Apr 06, 2013 03:12:08",1365217928,"Jun 13, 2012 19:37:17",1339616237,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2851"
132690,"High","CVE-2012-3707, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-89059","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderSVGModelObject::checkIntersection","Apr 06, 2013 00:22:22",1365207742,"Jun 14, 2012 01:28:55",1339637335,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3707"
132694,"High","CVE-2012-2851, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: integer overflows in jp2 decoder","Apr 06, 2013 03:12:07",1365217927,"Jun 14, 2012 02:15:36",1339640136,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2851"
132779,"High","CVE-2012-2834, Cr-Internals, Cr-Internals-Media-FFmpeg, M-20, Merge-Merged, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1132, merge-merged-ffmp","Beta, Stable",1000,"accept","dalecur...@chromium.org","Security: WebM heap-buffer-overflow in matroskadec.c:matroska_parse_block()","Mar 21, 2013 21:04:29",1363899869,"Jun 14, 2012 17:09:20",1339693760,"Dec 20, 2012 15:53:25",1356018805,"a...@ut.ee","2012-2834"
132806,"Low","Cr-Internals, M-20, Merge-Merged, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1132","Stable",,"","dpolukhin@chromium.org","ChromeContentBrowserClient::AllowSocketAPI using allowed_socket_origins_ without scheme check","Mar 21, 2013 20:51:22",1363899082,"Jun 14, 2012 18:02:11",1339696931,"Jun 19, 2012 12:35:43",1340109343,"tsepez@chromium.org",""
132860,"Medium","CVE-2012-2850, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB reads in image stretching","Apr 06, 2013 03:12:07",1365217927,"Jun 14, 2012 21:02:56",1339707776,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2850"
132861,"Medium","CVE-2012-2851, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: more OOB reads with wild clip rects","Apr 06, 2013 03:12:06",1365217926,"Jun 14, 2012 21:04:55",1339707895,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com","2012-2851"
132890,"High","Cr-Blink, Cr-Internals-Media, M-21, M21-bugbash, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Crash, Type-Bug-Security, merge-merged-1180","Beta, Stable",,"","r...@google.com","Crash when using Web Audio + media element with no audio or when user navigates","Apr 06, 2013 00:22:06",1365207726,"Jun 14, 2012 22:47:33",1339714053,"Dec 20, 2012 15:53:48",1356018828,"alek...@chromium.org",""
133214,"High","Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, WebKit-ID-89496, merge-merged-1180, reward-1000","Beta",1000,"accept","jchaffraix@chromium.org","UNKNOWN in WebCore::RenderTableSection::addCell","Apr 06, 2013 00:21:34",1365207694,"Jun 17, 2012 12:30:05",1339936205,"Dec 20, 2012 15:52:56",1356018776,"attek...@gmail.com",""
133418,"High","ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects","Apr 06, 2013 00:21:19",1365207679,"Jun 19, 2012 00:28:33",1340065713,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
133450,"High","CVE-2012-2844, Cr-Blink, Cr-Internals-Plugins-PDF, M-20, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: invalid vtable used in JS engine","Apr 06, 2013 03:12:04",1365217924,"Jun 19, 2012 02:29:09",1340072949,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2844"
133571,"Medium","Cr-Internals, Cr-Internals-Skia, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","epo...@chromium.org","Heap-use-after-free in SkARGB32_Black_Blitter::blitAntiH","Mar 21, 2013 21:04:25",1363899865,"Jun 19, 2012 21:37:04",1340141824,"Dec 20, 2012 15:52:56",1356018776,"attek...@gmail.com",""
133892,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dstockw...@chromium.org","Heap-use-after-free in WebCore::RenderListItem::updateMarkerLocation","Apr 06, 2013 00:20:33",1365207633,"Jun 21, 2012 04:36:02",1340253362,"Dec 20, 2012 15:52:56",1356018776,"infe...@chromium.org",""
134028,"High","CVE-2012-2852, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free with badly linked form field tree","Apr 06, 2013 03:12:03",1365217923,"Jun 21, 2012 22:03:29",1340316209,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2852"
134088,"High","Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Use-after-free: LabelsNodeList isn't updated properly after its owner node is adopted into a new document","Apr 06, 2013 00:20:16",1365207616,"Jun 22, 2012 03:00:36",1340334036,"Dec 20, 2012 15:53:48",1356018828,"rn...@chromium.org",""
134101,"Medium","CVE-2012-2853, Cr-Internals, Cr-Platform-Extensions, Cr-Webstore, M-21, Merge-Merged, OS-All, Pri-2, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Secur","Beta, Stable",,"","battre@chromium.org","Security: webRequest API allows extensions to XSS chrome.google.com and gain access to webstorePrivate API","Mar 21, 2013 21:04:24",1363899864,"Jun 22, 2012 07:35:28",1340350528,"Dec 20, 2012 15:52:28",1356018748,"t...@adblockplus.org","2012-2853"
134123,"High","CVE-2012-3622, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::VisibleSelection::rootEditableElement","Apr 06, 2013 00:20:14",1365207614,"Jun 22, 2012 14:36:39",1340375799,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3622"
134305,"High","CVE-2012-3688, ClusterFuzz, Cr-Blink, M-20, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-89911","Beta, Stable",,"","dcheng@chromium.org","Heap-use-after-free in WebCore::RenderObject::absoluteBoundingBoxRect","Apr 06, 2013 00:19:59",1365207599,"Jun 23, 2012 20:42:10",1340484130,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3688"
134324,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","leviw@chromium.org","Heap-use-after-free in WebCore::RenderBlock::layoutPositionedObjects","Apr 06, 2013 00:19:56",1365207596,"Jun 24, 2012 01:57:43",1340503063,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
134325,"High","Cr-Blink, Cr-IO-MouseLock, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000, webkit-id-90391","None",1000,"accept","scheib@chromium.org","Security: Use after free with mouse lock and window.open","Apr 06, 2013 00:19:56",1365207596,"Jun 24, 2012 02:08:16",1340503696,"Jul 05, 2012 16:29:07",1341505747,"chamal.d...@gmail.com",""
134428,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-20, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-90","Beta, Stable",,"","pdr@chromium.org","Heap-buffer-overflow in WebCore::SVGDocumentExtensions::removeAnimationElementFromTarget","Apr 06, 2013 03:43:49",1365219829,"Jun 25, 2012 15:47:14",1340639234,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
134519,"Low","CVE-2012-2854, Cr-Internals, M-21, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1180","Beta, Stable",,"","xiyuan@chromium.org","Security: memory address disclosure through JavaScript in WebUI's cookies page","Mar 21, 2013 21:04:22",1363899862,"Jun 25, 2012 20:58:12",1340657892,"Dec 20, 2012 15:52:28",1356018748,"nasko@chromium.org","2012-2854"
134888,"High","CVE-2012-2855, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","","Apr 06, 2013 03:12:00",1365217920,"Jun 27, 2012 19:24:29",1340825069,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2855"
134897,"High","CVE-2012-2866, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, rew","Beta, Stable",1000,"accept","tkent@chromium.org","Bad cast with run-ins and <input>","Apr 06, 2013 00:19:15",1365207555,"Jun 27, 2012 20:01:56",1340827316,"Dec 20, 2012 15:53:48",1356018828,"miaubiz@gmail.com","2012-2866"
134954,"High","CVE-2012-2856, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: buffer overflow with exponential interpolation PDF function","Apr 06, 2013 03:12:00",1365217920,"Jun 28, 2012 00:38:39",1340843919,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2856"
134955,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: read-after-free loading font glyphs","Apr 06, 2013 03:11:59",1365217919,"Jun 28, 2012 00:44:11",1340844251,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
135043,"Critical","Cr-Internals, Cr-Internals-WebRTC, M-21, Merge-Merged, OS-All, Pri-0, ReleaseBlock-Beta, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Severity-Critical, Type-Bug-Security, merge-merged-1180, reward-3133","Beta",3133,"accept","xians@chromium.org","Heap-use-after-free in media_stream::","Mar 21, 2013 21:07:51",1363900071,"Jun 28, 2012 19:19:49",1340911189,"Jul 03, 2012 11:39:19",1341315559,"infe...@chromium.org",""
135071,"High","CVE-2012-3616, ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","shinyak@chromium.org","Heap-buffer-overflow in void WTF::Vector<unsigned short, 1024ul>::append<unsigned short>","Apr 06, 2013 00:18:55",1365207535,"Jun 28, 2012 21:36:31",1340919391,"Dec 20, 2012 15:52:56",1356018776,"infe...@chromium.org","2012-3616"
135173,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKi","Beta, Stable",,"","espr...@chromium.org","Heap-use-after-free in WebCore::RenderQuote::rendererRemovedFromTree","Apr 06, 2013 00:18:48",1365207528,"Jun 29, 2012 14:45:28",1340981128,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
135264,"High","CVE-2012-2856, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: out-of-bounds writes in image decoding","Apr 06, 2013 03:11:57",1365217917,"Jun 29, 2012 22:14:30",1341008070,"Dec 20, 2012 15:53:25",1356018805,"scarybea...@gmail.com","2012-2856"
135432,"High","Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","tomhud...@chromium.org","Heap-buffer-overflow in skia::BGRAConvolve2D","Mar 21, 2013 21:04:17",1363899857,"Jul 02, 2012 14:35:23",1341239723,"Dec 20, 2012 15:53:48",1356018828,"attek...@gmail.com",""
135485,"Low","CVE-2012-2867, Cr-Internals, Cr-Internals-Network-SPDY, M-21, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1180","Beta, Stable",,"","rtenneti@chromium.org","SPDY - Pushed stream - crash accessing https://jetty.intalio.com:10111/spdy","Mar 21, 2013 21:04:16",1363899856,"Jul 02, 2012 19:37:34",1341257854,"Aug 14, 2012 16:28:03",1344961683,"rtenneti@chromium.org","2012-2867"
135488,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read with mismatched function / colorspace","Apr 06, 2013 03:11:56",1365217916,"Jul 02, 2012 19:43:34",1341258214,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
135697,"High","ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps","Apr 06, 2013 00:17:55",1365207475,"Jul 04, 2012 03:06:16",1341371176,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
135698,"High","CVE-2012-3607, ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-90774","Beta, Stable",,"","tkent@chromium.org","Heap-use-after-free in WebCore::HTMLInputElement::isPresentationAttribute","Apr 06, 2013 00:17:54",1365207474,"Jul 04, 2012 03:07:16",1341371236,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2012-3607"
136116,"High","CVE-2013-0948, ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderLayer::enclosingFilterLayer","Apr 06, 2013 00:15:30",1365207330,"Jul 05, 2012 19:40:04",1341517204,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org","2013-0948"
136182,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, webki","Beta, Stable",,"","tsepez@chromium.org","Heap-use-after-free in WebCore::ImageLoader::updateRenderer","Apr 06, 2013 00:15:24",1365207324,"Jul 06, 2012 17:26:36",1341595596,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
136235,"High","CVE-2012-2857, Cr-Blink, M-21, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-1180, reward-1000","Beta, Stable",1000,"accept","dstockw...@chromium.org","Heap-use-after-free in WebCore::StyleResolver::collectMatchingRulesForList","Apr 06, 2013 00:15:21",1365207321,"Jul 07, 2012 17:16:49",1341681409,"Dec 20, 2012 15:53:48",1356018828,"Ax3...@gmail.com","2012-2857"
136296,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-90","Beta, Stable",,"","pdr@chromium.org","Heap-use-after-free in WebCore::SVGSMILElement::resetTargetElement","Apr 06, 2013 03:43:45",1365219825,"Jul 09, 2012 02:09:12",1341799752,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
136344,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, webkit-id-90805","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::FrameLoader::stopAllLoaders","Apr 06, 2013 00:15:10",1365207310,"Jul 09, 2012 13:41:08",1341841268,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
136497,"Low","Cr-Blink, M-23, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","","Security: XSS via Copy&Paste protection bypass using @formaction / General Iframe Sandbox Considerations regarding copy&paste / drag&drop","Apr 06, 2013 00:14:47",1365207287,"Jul 10, 2012 09:48:46",1341913726,"Aug 09, 2012 20:37:02",1344544622,"Mario.He...@googlemail.com",""
136643,"High","CVE-2012-2862, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free in stream image handling","Apr 06, 2013 03:11:54",1365217914,"Jul 11, 2012 01:44:45",1341971085,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com","2012-2862"
136881,"Medium","CVE-2012-2868, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, r","Beta, Stable",500,"accept","micha...@chromium.org","Security: race condition with workers and sync xmlhttprequests","Apr 06, 2013 00:14:20",1365207260,"Jul 11, 2012 19:44:43",1342035883,"Dec 20, 2012 15:52:57",1356018777,"miaubiz@gmail.com","2012-2868"
136894,"High","CVE-2012-2858, Cr-Internals, Cr-Internals-Media-Video, M-21, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, merge-merged-1180, reward-1000","Beta, Stable",1000,"accept","","Heap-buffer-overflow in UpsampleBgraLinePairSSE2","Mar 21, 2013 21:04:10",1363899850,"Jul 11, 2012 21:07:21",1342040841,"Dec 20, 2012 15:53:48",1356018828,"a...@ut.ee","2012-2858"
136968,"High","CVE-2012-2863, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: wild write with malformed regex","Apr 06, 2013 03:11:54",1365217914,"Jul 12, 2012 06:37:13",1342075033,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com","2012-2863"
137052,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, webki","Beta, Stable",,"","o...@chromium.org","Heap-use-after-free in WebCore::EllipsisBox::paint","Apr 06, 2013 00:14:05",1365207245,"Jul 12, 2012 16:16:07",1342109767,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
137106,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read in color profile parsing / handling","Apr 06, 2013 03:11:53",1365217913,"Jul 12, 2012 20:01:17",1342123277,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
137125,"High","Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","dstockw...@chromium.org","UNKNOWN in WebCore::StylePropertySet::addParsedProperties","Apr 06, 2013 00:14:00",1365207240,"Jul 12, 2012 21:18:25",1342127905,"Jul 18, 2012 15:39:09",1342625949,"slaweck",""
137147,"High","ClusterFuzz, Cr-Blink, Cr-Blink-Rendering, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type","Beta, Stable",,"","jchaffraix@chromium.org","UNKNOWN in WebCore::RenderTable::cellBefore","Apr 06, 2013 03:35:37",1365219337,"Jul 12, 2012 22:36:23",1342132583,"Dec 20, 2012 15:53:48",1356018828,"infe...@chromium.org",""
137280,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: off-by-one in unicode text decoding","Apr 06, 2013 03:11:52",1365217912,"Jul 13, 2012 20:09:37",1342210177,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
137288,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: wild read in JBIG2 decoder","Apr 06, 2013 03:11:52",1365217912,"Jul 13, 2012 20:34:24",1342211664,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
137302,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB stack reads with colorspaces with lots of components","Apr 06, 2013 03:11:51",1365217911,"Jul 13, 2012 21:40:18",1342215618,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
137303,"Medium","Cr-Internals, Cr-Internals-GPU, M-23, OS-Mac, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1271, merge-merged-1312","Beta, Stable",,"","zmo@chromium.org","Corrupted rendering with many MapsGL tabs open","Mar 21, 2013 21:04:07",1363899847,"Jul 13, 2012 21:47:11",1342216031,"Dec 20, 2012 15:52:28",1356018748,"kbr@chromium.org",""
137361,"High","CVE-2012-2863, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: buffer overflow with mismatched TIFF predictor vs. image parameters","Apr 06, 2013 03:11:51",1365217911,"Jul 14, 2012 03:13:00",1342235580,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com","2012-2863"
137407,"Low","Cr-UI, OS-iOS, Pri-2, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Stable",,"","","Security: Chrome for iOS security bug","Mar 21, 2013 20:51:01",1363899061,"Jul 15, 2012 01:05:15",1342314315,"Sep 21, 2012 02:13:19",1348193599,"weilou.h...@gmail.com",""
137409,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKi","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::RenderObject::container","Apr 06, 2013 00:13:34",1365207214,"Jul 15, 2012 01:34:55",1342316095,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
137413,"Medium","ClusterFuzz, Cr-Blink, Cr-Blink-Rendering, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Ty","Beta, Stable",,"","jchaffraix@chromium.org","Heap-buffer-overflow in WebCore::RenderTableSection::setCellLogicalWidths","Apr 06, 2013 03:35:36",1365219336,"Jul 15, 2012 05:11:05",1342329065,"Dec 20, 2012 15:52:57",1356018777,"infe...@chromium.org",""
137532,"Medium","Cr-UI, Cr-UI-Accessibility, M-18, OS-Android, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","dtrainor@chromium.org","Security: Android APIs exposed to JavaScript","Mar 21, 2013 21:04:05",1363899845,"Jul 16, 2012 17:58:26",1342461506,"Aug 01, 2012 04:15:30",1343794530,"pal...@google.com",""
137541,"Critical","CVE-2012-2859, Cr-Internals, Cr-UI-Browser-TabContents, M-21, OS-Linux, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Critical, Stability-Crash, Type-Bug-Security, merge-merged-1180","Stable",,"","c...@chromium.org","Reproduceable crash. Changing tabs while a specific text field has focus.","Mar 21, 2013 21:07:50",1363900070,"Jul 16, 2012 19:02:35",1342465355,"Dec 20, 2012 15:53:49",1356018829,"jwrobe...@google.com","2012-2859"
137547,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read in JS parsing with malformed string escapes","Apr 06, 2013 03:11:51",1365217911,"Jul 16, 2012 19:43:23",1342467803,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
137556,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read rendering scrollbar","Apr 06, 2013 03:11:50",1365217910,"Jul 16, 2012 20:32:45",1342470765,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
137606,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read with corrupt large xref table","Apr 06, 2013 03:11:50",1365217910,"Jul 16, 2012 23:40:08",1342482008,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
137623,"Medium","ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, mer","Beta, Stable",,"","piman@chromium.org","Heap-buffer-overflow in WebPluginDelegateProxy::BackgroundChanged","Apr 06, 2013 00:13:14",1365207194,"Jul 17, 2012 04:10:14",1342498214,"Dec 20, 2012 15:52:57",1356018777,"infe...@chromium.org",""
137635,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: wild reads with corrupt character mapping","Apr 06, 2013 03:11:50",1365217910,"Jul 17, 2012 05:48:16",1342504096,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
137671,"Medium","CVE-2012-2860, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, W","Beta, Stable",,"","tkent@chromium.org","Security: Bad cast in WebCore::CalendarPickerElement::hostInput()","Apr 06, 2013 00:13:10",1365207190,"Jul 17, 2012 14:27:43",1342535263,"Dec 20, 2012 15:52:28",1356018748,"chamal.d...@gmail.com","2012-2860"
137707,"Medium","Cr-Platform-Extensions, Cr-UI, M-22, Merge-Merged, OS-All, Pri-0, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1229, reward-500","Beta, Stable",500,"accept","mpcomplete@chromium.org","Security: Chrome extensions bug cause crash in all Chrome processes","Mar 21, 2013 21:04:03",1363899843,"Jul 17, 2012 19:13:43",1342552423,"Dec 20, 2012 15:52:28",1356018748,"nmo...@nds.com",""
137721,"High","CVE-2012-2862, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free with unusual form naming setup","Apr 06, 2013 03:11:49",1365217909,"Jul 17, 2012 21:05:58",1342559158,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com","2012-2862"
137852,"High","ClusterFuzz, Cr-Blink, Cr-Internals-Plugins, Cr-Internals-Plugins-Flash, Cr-Internals-Plugins-Pepper, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Secu","Beta, Stable",,"","tsepez@chromium.org","Heap-use-after-free in WebKit::WebElement::document","Apr 06, 2013 04:35:58",1365222958,"Jul 18, 2012 14:50:55",1342623055,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
137880,"Low","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB read in FreeType","Apr 06, 2013 03:11:48",1365217908,"Jul 18, 2012 17:52:02",1342633922,"Dec 20, 2012 15:52:02",1356018722,"scarybea...@gmail.com",""
137891,"Low","Cr-Internals, Cr-Internals-Network, Cr-Internals-Network-Proxy, Cr-Internals-Network-SPDY, M-22, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","ttuttle@chromium.org","Security: HTTPS proxy can run JavaScript on requested HTTPS sites","Mar 21, 2013 21:04:01",1363899841,"Jul 18, 2012 19:04:17",1342638257,"Dec 20, 2012 15:52:28",1356018748,"ttuttle@chromium.org",""
137928,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB reads in the JPX decoder","Apr 06, 2013 03:11:47",1365217907,"Jul 18, 2012 21:17:51",1342646271,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
137957,"High","CVE-2012-2862, Cr-Blink, Cr-Internals-Plugins-PDF, M-21, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free in event handling due to bad GC interaction","Apr 06, 2013 03:11:47",1365217907,"Jul 18, 2012 23:27:19",1342654039,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com","2012-2862"
138035,"Medium","Cr-Internals, M-18, OS-Android, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","shashish...@chromium.org","Security: Google Chrome for Android: Current-tab cross-application scripting (UXSS)","Mar 21, 2013 21:04:00",1363899840,"Jul 19, 2012 08:47:18",1342687638,"Dec 20, 2012 15:52:57",1356018777,"chaykin....@gmail.com",""
138208,"High","CVE-2012-2900, Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, ReleaseBlock-Stable, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Secur","Beta, Stable",1000,"accept","r...@google.com","Crash in SkGlyphCache::findImage","Apr 01, 2013 15:34:42",1364830482,"Jul 20, 2012 07:22:14",1342768934,"Dec 20, 2012 15:52:57",1356018777,"attek...@gmail.com","2012-2900"
138210,"Medium","Cr-Internals, M-18, OS-Android, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","shashish...@chromium.org","Information and credential disclosure by file:// URLs (Android)","Mar 21, 2013 21:03:59",1363899839,"Jul 20, 2012 07:41:17",1342770077,"Aug 04, 2012 00:46:40",1344041200,"chaykin....@gmail.com",""
138302,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","wez@chromium.org","Stack-buffer-overflow in NPObjectProxy::NPInvokePrivate","Apr 06, 2013 00:12:09",1365207129,"Jul 20, 2012 19:58:04",1342814284,"Aug 06, 2012 20:35:02",1344285302,"infe...@chromium.org",""
138422,"High","ClusterFuzz, Cr-Blink, M-24, OS-All, Pri-1, Security-CodeYellow, Security_Impact-None, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKit-ID-93640","Stable",,"","schen...@chromium.org","Heap-use-after-free in WebCore::Font::glyphDataAndPageForCharacter","Apr 06, 2013 00:11:37",1365207097,"Jul 21, 2012 23:20:34",1342912834,"Oct 03, 2012 23:08:04",1349305684,"infe...@chromium.org",""
138672,"Low","CVE-2012-2870, Cr-Internals, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Stability-Memory-AddressSanitizer, Stability-Valgrind,","Beta, Stable",,"","cev...@chromium.org","Heap-double-free in xsltCompileStepPattern","Apr 01, 2013 15:48:43",1364831323,"Jul 24, 2012 03:00:41",1343098841,"Dec 20, 2012 15:52:02",1356018722,"nicolas....@agarri.fr","2012-2870"
138673,"High","CVE-2012-2871, Cr-Internals, M-21, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Stability-Valgrind, Type-Bug-Sec","Beta, Stable",1000,"accept","cev...@chromium.org","Heap-buffer-overflow in xsltApplyTemplates","Apr 01, 2013 15:48:43",1364831323,"Jul 24, 2012 03:55:29",1343102129,"Dec 20, 2012 15:53:49",1356018829,"nicolas....@agarri.fr","2012-2871"
138915,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Heap-use-after-free in WebCore::ContainerNode::cloneChildNodes","Apr 06, 2013 00:11:04",1365207064,"Jul 25, 2012 07:07:20",1343200040,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
138990,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKi","Beta, Stable",,"","schen...@chromium.org","Heap-use-after-free in WebCore::SVGStyledElement::clearHasPendingResourcesIfPossible","Apr 06, 2013 03:43:39",1365219819,"Jul 25, 2012 18:11:27",1343239887,"Dec 20, 2012 15:53:49",1356018829,"aa...@google.com",""
139168,"Low","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-2, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","","Security: Creating a loop in the DOM tree (99% a DoS)","Apr 06, 2013 00:10:46",1365207046,"Jul 26, 2012 18:36:46",1343327806,"Dec 20, 2012 15:52:28",1356018748,"paw...@gmail.com",""
139240,"High","ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ann...@chromium.org","Heap-buffer-overflow in WebCore::TextTrackCueList::add","Apr 06, 2013 00:10:40",1365207040,"Jul 26, 2012 23:48:55",1343346535,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139402,"High","ClusterFuzz, Cr-Blink, Cr-Internals-Skia, M-21, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","r...@chromium.org","Heap-use-after-free in D_Clear_BitmapXferProc","Apr 06, 2013 00:10:28",1365207028,"Jul 27, 2012 21:24:53",1343424293,"Aug 01, 2012 22:07:03",1343858823,"infe...@chromium.org",""
139462,"Medium","ClusterFuzz, Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer,","Beta, Stable",,"","jam@chromium.org","Heap-use-after-free in SkCanvas::updateDeviceCMCache","Apr 01, 2013 15:34:34",1364830474,"Jul 28, 2012 02:08:39",1343441319,"Dec 20, 2012 15:52:57",1356018777,"infe...@chromium.org",""
139464,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, webkit-ID-92604","Beta, Stable",,"","pdr@chromium.org","Heap-use-after-free in WebCore::RenderSVGShape::calculateStrokeBoundingBox","Apr 06, 2013 00:10:21",1365207021,"Jul 28, 2012 03:12:29",1343445149,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139475,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKi","Beta, Stable",,"","fmal...@chromium.org","Heap-use-after-free in WebCore::TargetListener::handleEvent [Stale event listener]","Apr 06, 2013 03:43:37",1365219817,"Jul 28, 2012 05:29:09",1343453349,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139530,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","morr...@chromium.org","Heap-use-after-free in WebCore::Node::~Node","Apr 06, 2013 00:10:02",1365207002,"Jul 29, 2012 13:28:43",1343568523,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139592,"Low","Cr-Internals, Cr-Platform-Extensions, M-26, OS-All, Pri-2, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","mkwst@chromium.org","Extension resources should only be loadable in contexts the extension has permission to access.","Apr 03, 2013 16:57:22",1365008242,"Jul 30, 2012 12:23:40",1343651020,"",0,"mkwst@chromium.org",""
139646,"High","ClusterFuzz, Cr-Blink, M-21, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","rn...@chromium.org","Heap-use-after-free in WebCore::DynamicNodeList::itemWithName","Apr 06, 2013 00:09:44",1365206984,"Jul 30, 2012 18:15:33",1343672133,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139679,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","infe...@chromium.org","Bad cast in RenderFrameSet::computeEdgeInfo","Apr 06, 2013 00:09:40",1365206980,"Jul 30, 2012 20:00:52",1343678452,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139685,"Medium","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","pdr@chromium.org","OOB read atleast in WebCore::SVGListProperty<WebCore::SVGTransformList>::getItemValuesAndWrappers","Apr 06, 2013 03:43:33",1365219813,"Jul 30, 2012 20:14:18",1343679258,"Dec 20, 2012 15:52:57",1356018777,"infe...@chromium.org",""
139690,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","shinyak@chromium.org","Heap-use-after-free in WebCore::GenericEventQueue::timerFired","Apr 06, 2013 00:09:38",1365206978,"Jul 30, 2012 20:28:54",1343680134,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
139744,"Medium","Cr-Internals, Cr-Internals-Network-SSL, M-21, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1180, merge-merged-122","Beta, Stable",,"","a...@chromium.org","Security: SSL compression infoleak","Mar 21, 2013 21:03:50",1363899830,"Jul 31, 2012 02:05:19",1343700319,"Dec 20, 2012 15:52:57",1356018777,"tha...@gmail.com",""
139814,"High","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-2000","Beta, Stable",2000,"accept","tsepez@chromium.org","UAF in DOMContentLoaded ","Apr 06, 2013 00:09:30",1365206970,"Jul 31, 2012 16:24:27",1343751867,"Dec 20, 2012 15:53:49",1356018829,"chamal.d...@gmail.com",""
139961,"High","ClusterFuzz, Cr-Blink, Cr-Blink-SVG, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WebKi","Beta, Stable",,"","fmal...@chromium.org","Heap-use-after-free in WebCore::TargetListener::handleEvent [Stale target]","Apr 06, 2013 03:43:32",1365219812,"Aug 01, 2012 05:38:20",1343799500,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
140083,"High","M-22, Pri-0, Security_Impact-Beta, Security_Severity-High, Type-Bug-Security, reward-1000","Beta",1000,"accept","svenpanne@chromium.org","[LangFuzz] Crash on heap trying to execute address 0x0000000200000000.","Mar 21, 2013 21:03:49",1363899829,"Aug 01, 2012 19:50:12",1343850612,"Aug 03, 2012 11:38:48",1343993928,"decoder...@googlemail.com",""
140368,"Low","CVE-2012-2870, M-21, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1180","Beta, Stable",,"","cev...@chromium.org","Security: heap-use-after-free in xsltGenerateIdFunction","Mar 21, 2013 21:03:48",1363899828,"Aug 02, 2012 22:34:54",1343946894,"Dec 20, 2012 15:52:02",1356018722,"nicolas....@agarri.fr","2012-2870"
140484,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","ke...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::determineStartPosition","Apr 06, 2013 00:08:13",1365206893,"Aug 03, 2012 15:28:03",1344007683,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
140544,"Low","Cr-Blink, OS-All, Pri-2, Restrict-AddIssueComment-Commit, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security","Beta, Stable",,"","tsepez@chromium.org","Security: CSP doesn't turn off eval, etc. in Web Workers","Apr 06, 2013 00:08:05",1365206885,"Aug 03, 2012 20:07:05",1344024425,"Aug 31, 2012 23:37:03",1346456223,"mazu...@cs.wisc.edu",""
140647,"High","ClusterFuzz, Cr-Blink, M-22, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dalecur...@chromium.org","UNKNOWN in ogg_calc_pts","Apr 06, 2013 00:07:54",1365206874,"Aug 04, 2012 15:18:33",1344093513,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
140656,"High","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta",1000,"accept","jap...@chromium.org","Heap-use-after-free in WebCore::CachedResource::didAddClient","Apr 06, 2013 00:07:53",1365206873,"Aug 04, 2012 19:06:26",1344107186,"Dec 20, 2012 15:53:49",1356018829,"Ax3...@gmail.com",""
140803,"High","Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","r...@chromium.org","Heap-buffer-overflow in SkA8_Blitter::blitH","Apr 01, 2013 15:34:18",1364830458,"Aug 06, 2012 16:23:53",1344270233,"Dec 20, 2012 15:53:49",1356018829,"attek...@gmail.com",""
141395,"High","Cr-Internals, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-None, Security_Severity-High, Type-Bug-Security, reward-1000","None",1000,"accept","mma...@chromium.org","UNKNOWN in v8::internal::SemiSpaceIterator::Next","Mar 21, 2013 20:40:37",1363898437,"Aug 08, 2012 17:01:47",1344445307,"Dec 20, 2012 15:53:49",1356018829,"decoder...@googlemail.com",""
141651,"Medium","Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","epo...@chromium.org","Heap-buffer-overflow in SkA8_Blitter::blitAntiH","Apr 01, 2013 15:34:16",1364830456,"Aug 09, 2012 16:23:19",1344529399,"Dec 20, 2012 15:52:57",1356018777,"attek...@gmail.com",""
141889,"Medium","Cr-Internals, M-18, OS-Android, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","nileshagrawal@chromium.org","Security: Cookie theft from Chrome by malicious Android app","Mar 21, 2013 21:03:45",1363899825,"Aug 10, 2012 17:24:13",1344619453,"Dec 20, 2012 15:52:57",1356018777,"pal...@google.com",""
142746,"High","Cr-Internals, Cr-Internals-Skia, M-21, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","","Security: Potential use after destruction in ui/gfx/image","Mar 21, 2013 21:03:43",1363899823,"Aug 14, 2012 22:14:31",1344982471,"Dec 20, 2012 15:53:49",1356018829,"jyasskin@chromium.org",""
142956,"Medium","CVE-2012-2872, Cr-UI, M-21, Merge-Merged, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, merge-merged-1180, merge-merged-1229, r","Beta, Stable",500,"inprocess","pal...@chromium.org","Security: XSS in SSL Certificate error page","Mar 21, 2013 21:03:43",1363899823,"Aug 15, 2012 21:13:32",1345065212,"Dec 20, 2012 15:52:58",1356018778,"e3amn2l","2012-2872"
143176,"Medium","ClusterFuzz, Cr-Blink, M-23, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","dmazzoni@chromium.org","Heap-use-after-free in WebCore::AccessibilityNodeObject::document","Apr 06, 2013 00:04:19",1365206659,"Aug 16, 2012 16:33:08",1345134788,"Dec 03, 2012 18:48:47",1354560527,"infe...@chromium.org",""
143437,"High","Cr-Blink, Cr-Blink-JavaScript, Cr-Internals, M-22, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-4500","Beta, Stable",4500,"accept","erikcorry@google.com","v8 builtins object exposed to user causing UXSS","Apr 06, 2013 03:22:57",1365218577,"Aug 17, 2012 18:04:30",1345226670,"Dec 20, 2012 15:53:49",1356018829,"serg.gla...@gmail.com",""
143439,"High","Cr-Internals, M-22, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-10000","Beta, Stable",10000,"accept","abarth@chromium.org","Security: Universal XSS in frame elements handling","Mar 21, 2013 21:03:41",1363899821,"Aug 17, 2012 18:13:27",1345227207,"Dec 20, 2012 15:53:49",1356018829,"serg.gla...@gmail.com",""
143551,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","morr...@chromium.org","Heap-use-after-free in WebCore::TreeScopeAdopter::moveTreeToNewScope","Apr 06, 2013 00:03:55",1365206635,"Aug 18, 2012 07:20:40",1345274440,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
143604,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security","Beta, Stable",,"","fmal...@chromium.org","Heap-use-after-free in WebCore::RenderBlock::LineBreaker::nextLineBreak [SVG text]","Apr 06, 2013 00:03:40",1365206620,"Aug 19, 2012 05:09:11",1345352951,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
143609,"High","Cr-Blink, Cr-Blink-JavaScript, M-22, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","ant...@chromium.org","Heap-use-after-free in WebCore::ElementV8Internal::onclickAttrGetter","Apr 06, 2013 03:22:56",1365218576,"Aug 19, 2012 07:33:38",1345361618,"Dec 20, 2012 15:53:49",1356018829,"attek...@gmail.com",""
143648,"High","ClusterFuzz, Cr-Blink, M-23, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-1271","Beta, Stable",,"","pdr@chromium.org","Heap-buffer-overflow in WebCore::StyleResolver::applyProperty","Apr 06, 2013 00:03:35",1365206615,"Aug 20, 2012 00:40:34",1345423234,"Dec 20, 2012 15:52:58",1356018778,"infe...@chromium.org",""
143656,"High","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, WEBKIT-ID-94487, reward-1000","Beta, Stable",1000,"accept","fmal...@chromium.org","Heap-use-after-free in WebCore::SVGTRefElement::updateReferencedText","Apr 06, 2013 00:03:29",1365206609,"Aug 20, 2012 08:04:10",1345449850,"Dec 20, 2012 15:53:49",1356018829,"miaubiz@gmail.com",""
143761,"High","Cr-Blink, Cr-Blink-SVG, M-23, Merge-Merged, OS-All, Pri-1, Security-CodeYellow, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, reward-1000","Beta, Stable",1000,"accept","schen...@chromium.org","Heap-use-after-free in WebCore::GraphicsContext::restore","Apr 06, 2013 03:43:25",1365219805,"Aug 20, 2012 19:26:48",1345490808,"Dec 20, 2012 15:52:58",1356018778,"miaubiz@gmail.com",""
143798,"High","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free with duplicate dictionary keys","Apr 06, 2013 03:11:37",1365217897,"Aug 20, 2012 21:17:58",1345497478,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com",""
143859,"Low","CVE-2013-0838, Cr-Internals, M-24, OS-Chrome, OS-Linux, Pri-1, Release-0, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, VerifyIn-26, VerifyIn-27","Beta, Stable",,"","pal...@chromium.org","Security: World-writable shared memory segments for X/Linux UI","Apr 02, 2013 16:56:13",1364921773,"Aug 21, 2012 02:03:33",1345514613,"Dec 20, 2012 15:52:03",1356018723,"pal...@google.com","2013-0838"
144051,"Low","Cr-Internals, Cr-Internals-Printing, M-22, OS-All, Pri-2, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Low, Type-Bug-Security, merge-merged-1229","Beta, Stable",,"","thestig@chromium.org","Security: Memory address disclosure through JavaScript in Print Preview WebUI","Mar 21, 2013 21:03:38",1363899818,"Aug 21, 2012 23:25:43",1345591543,"Dec 20, 2012 15:52:28",1356018748,"thestig@chromium.org",""
144072,"High","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: use-after-free in image cache","Apr 06, 2013 03:11:36",1365217896,"Aug 22, 2012 01:13:20",1345598000,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com",""
144466,"Low","Cr-Internals, Cr-Internals-Network-SSL, M-22, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Low, Stability-Crash, Type-Bug-Security, merge-merged-1229","Stable",,"","a...@chromium.org","Crash when verifying ECDSA certificate on XP","Mar 21, 2013 20:50:30",1363899030,"Aug 23, 2012 19:46:03",1345751163,"Aug 27, 2012 16:16:52",1346084212,"a...@chromium.org",""
144579,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: OOB reads in indexed and patter color spaces","Apr 06, 2013 03:11:34",1365217894,"Aug 24, 2012 04:27:08",1345782428,"Dec 20, 2012 15:52:28",1356018748,"scarybea...@gmail.com",""
144671,"High","Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","jia...@chromium.org","Heap-use-after-free in WebCore::GCPrologueVisitor<void, WebCore::SpecialCasePrologueObjectHandler>::visitDOMWrapper","Apr 06, 2013 00:02:16",1365206536,"Aug 24, 2012 17:34:25",1345829665,"Dec 20, 2012 15:53:49",1356018829,"infe...@chromium.org",""
144704,"","Cr-Blink, Cr-UI, Cr-UI-Browser-PopupBlocker, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Type-Bug-Security, merge-merged-1229","Beta, Stable",,"","c...@chromium.org","Tracking bug for fixing rel=noreferrer aslr bypass","Apr 06, 2013 00:02:12",1365206532,"Aug 24, 2012 19:18:29",1345835909,"Dec 20, 2012 15:52:03",1356018723,"c...@chromium.org",""
144799,"High","ClusterFuzz, Cr-Blink, M-22, Merge-Merged, OS-All, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Stability-Memory-AddressSanitizer, Type-Bug-Security, merge-merged-1229","Beta, Stable",,"","cev...@chromium.org","Heap-double-free in xmlFreeNodeList","Apr 06, 2013 00:02:06",1365206526,"Aug 25, 2012 06:38:29",1345876709,"Dec 20, 2012 15:53:49",1356018829,"aa...@google.com",""
144813,"Medium","Cr-Internals, M-18, OS-Android, Pri-1, ReleaseBlock-Stable, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Beta, Stable",500,"accept","nileshagrawal@chromium.org","Security: UXSS via com.android.browser.application_id Intent extra","Mar 21, 2013 21:03:36",1363899816,"Aug 25, 2012 14:44:57",1345905897,"Sep 06, 2012 17:01:06",1346950866,"websec02...@gmail.com",""
144820,"","Pri-0, Restrict-AddIssueComment-Commit, Type-Bug-Security, reward-500","None",500,"accept","pal...@chromium.org","Security: Chrome for Android Download Function Information Disclosure","Mar 21, 2013 19:19:58",1363893598,"Aug 25, 2012 15:58:15",1345910295,"Aug 27, 2012 16:14:46",1346084086,"websec02...@gmail.com",""
144866,"Medium","Cr-Internals, M-18, OS-Android, Pri-1, Restrict-AddIssueComment-EditIssue, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security, reward-500","Stable",500,"accept","pal...@chromium.org","Security: Chrome for Android Bypassing SOP for Local Files By Symlinks","Mar 21, 2013 20:59:15",1363899555,"Aug 26, 2012 05:22:39",1345958559,"Dec 20, 2012 15:52:58",1356018778,"websec02...@gmail.com",""
144886,"","Cr-Internals, Cr-Internals-GPU-WebGL, Gfx, M-23, Pri-0, Type-Bug-Security, merge-merged-1271, reward-3133","None",3133,"accept","kbr@chromium.org","Security: webgl crash on mesa","Mar 21, 2013 19:14:23",1363893263,"Aug 26, 2012 18:19:56",1346005196,"Dec 20, 2012 15:52:03",1356018723,"miaubiz@gmail.com",""
144899,"High","Cr-Internals, Cr-Internals-Skia, M-22, Merge-Merged, OS-All, Pri-1, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security, WebKit-ID-95240-NEW, reward-1000, webkit-id-95152","Beta, Stable",1000,"accept","danakj@chromium.org","SkPaint::SkPaint - crash","Mar 21, 2013 21:03:35",1363899815,"Aug 26, 2012 23:22:57",1346023377,"Dec 20, 2012 15:53:49",1356018829,"slaweck",""
145029,"High","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-High, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: integer / buffer overflow in old stream parsing","Apr 06, 2013 03:11:30",1365217890,"Aug 27, 2012 19:27:34",1346095654,"Dec 20, 2012 15:53:26",1356018806,"scarybea...@gmail.com",""
145079,"Medium","Cr-Blink, Cr-Internals-Plugins-PDF, M-22, Merge-Merged, OS-All, Pri-0, Restrict-AddIssueComment-EditIssue, Security_Impact-Beta, Security_Impact-Stable, Security_Severity-Medium, Type-Bug-Security","Beta, Stable",,"","cev...@chromium.org","PDF: read-after-free in font code","Apr 06, 2013 03:11:29&qu