Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0698 | 1 Google | 1 Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0933 | 1 Google | 1 Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2023-2930 | 1 Google | 1 Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3214 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-2722 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-2939 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-05-05 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2023-2723 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-21266 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40116 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40125 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40120 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2025-05-05 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
| CVE-2022-3708 | 1 Google | 1 Web Stories | 2025-05-05 | N/A | 8.1 HIGH |
| The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2022-32607 | 2 Google, Mediatek | 49 Android, Mt6580, Mt6739 and 46 more | 2025-05-02 | N/A | 6.7 MEDIUM |
| In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. | |||||
| CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | N/A | 9.6 CRITICAL |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | |||||
| CVE-2019-13689 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | N/A | 7.8 HIGH |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | |||||
| CVE-2022-32608 | 2 Google, Mediatek | 3 Android, Mt6893, Mt6895 | 2025-05-02 | N/A | 6.4 MEDIUM |
| In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. | |||||
| CVE-2022-32609 | 2 Google, Mediatek | 32 Android, Mt6762, Mt6768 and 29 more | 2025-05-02 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | |||||
| CVE-2022-32605 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-05-02 | N/A | 6.7 MEDIUM |
| In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. | |||||