There are numerous XFA PDFs that are not currently viewable in Chrome
/ Chromium's built in PDF viewer. We would like to fix that. To do so
requires a version of PDFium in its XFA-enabled configuration. Thus
the folks who run Chromium's security rewards program decided bugs in
XFA-enabled PDFium are eligible for bug bounties.
Maybe Andrew has more to add on topic.
We've enabled XFA on maybe 1 or 2 Chrome Canary releases, just as an
experiment. You can look at the changelog for
build_overrides/pdfium.gni to see what PDFium flags we flipped in the
past.