Clone this repo:


  1. 81a6531 template_url_parser_fuzzer: Fix type of LLVMFuzzerInitialize. by Oliver Chang · 28 hours ago master
  2. 96af182 [LPM][libFuzzer] Add protoc plugin to allow fuzzing of real proto libraries. by Jonathan Metzman · 6 days ago
  3. c12c193 [LPM] Remove unneeded comment. by Jonathan Metzman · 14 days ago
  4. 4570b8c [LPM] Reduce bound for numbers and disable UBSan on CF. by Jonathan Metzman · 14 days ago
  5. a597170 [LPM] Speculative fix for Mac builds of skia proto fuzzer. by Jonathan Metzman · 2 weeks ago

libFuzzer in Chromium

go/libfuzzer-chromium (Googler only)

This directory contains integration between libFuzzer and Chromium. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chromium is supported with Linux and Mac only.

Integration Status

Fuzzer tests are well-integrated with Chromium build system and distributed ClusterFuzz fuzzing system. Cover bug:


  • Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
  • Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
  • Guide to libprotobuf-mutator walks through the steps necessary to create a fuzzer that libFuzzer gives mutated protobufs to as input (for developers already familiar with libFuzzer).
  • ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
  • Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
  • Reference contains detailed references for different integration parts.


  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts

Project Links