Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6431 | 2 Google, Mozilla | 2 Android, Firefox | 2025-07-03 | N/A | 6.5 MEDIUM |
|
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.
|
|||||
| CVE-2018-9372 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9409 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9375 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-4358 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-03 | N/A | 8.8 HIGH |
|
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-43077 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43762 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-43764 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
|
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-6177 | 1 Google | 1 Chrome Os | 2025-07-02 | N/A | 7.4 HIGH |
|
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
|
|||||
| CVE-2025-6179 | 1 Google | 1 Chrome Os | 2025-07-02 | N/A | 9.8 CRITICAL |
|
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
|
|||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
|
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
|
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-5063 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 8.8 HIGH |
|
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-01 | N/A | 8.1 HIGH |
|
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-34732 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34733 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34748 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40649 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40651 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40669 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40670 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56184 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
|
In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56185 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
|
In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.
|
|||||
| CVE-2024-56186 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
|
In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56187 | 1 Google | 1 Android | 2025-06-27 | N/A | 6.6 MEDIUM |
|
In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56188 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
|
there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56191 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
|
In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56192 | 1 Google | 1 Android | 2025-06-27 | N/A | 7.8 HIGH |
|
In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2022-29204 | 1 Google | 1 Tensorflow | 2025-06-25 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion ...
Show More |
|||||
| CVE-2010-1233 | 1 Google | 1 Chrome | 2025-06-25 | 10.0 HIGH | N/A |
|
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
|
|||||
| CVE-2023-4761 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-25 | N/A | 8.1 HIGH |
|
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-20013 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-20 | N/A | 6.7 MEDIUM |
|
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.
|
|||||
| CVE-2024-20011 | 2 Google, Mediatek | 18 Android, Mt6985, Mt8127 and 15 more | 2025-06-20 | N/A | 9.8 CRITICAL |
|
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
|
|||||
| CVE-2024-20009 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2025-06-20 | N/A | 8.8 HIGH |
|
In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.
|
|||||
| CVE-2024-0813 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0807 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0806 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
|
|||||
| CVE-2023-48359 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 4.4 MEDIUM |
|
In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed
|
|||||
| CVE-2023-48358 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 4.4 MEDIUM |
|
In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
|
|||||