Clone this repo:


  1. 5374cf4 Convert MediaLog from being ref counted to owned by WebMediaPlayer. by dalecurtis · 4 days ago master
  2. c49dd47 Skia color space fuzzer: use a locally defined Hash function by noel · 5 days ago
  3. f4303a4 Only initialize ICU once in the template URL parser fuzzer. by dominicc · 5 days ago
  4. 04cb578 Stop reporting OOM as errors in libpng fuzzers by scroggo · 6 days ago
  5. 7da3efe Adjust component info for ClusterFuzz OWNERS files. by dpranke · 9 days ago

libFuzzer in Chrome


This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only. Check Reference for experimental platform availability.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug:


  • Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
  • Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
  • ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
  • Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
  • Reference contains detailed references for different integration parts.


  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts

Project Links