Filtered by vendor Google
Subscribe
Total
12727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9966 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 5.3 MEDIUM |
| Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-9964 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2024-9963 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-9962 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-9958 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-8907 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 6.1 MEDIUM |
| Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2024-8906 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7975 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2018-20072 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 7.8 HIGH |
| Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) | |||||
| CVE-2024-8033 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-27227 | 1 Google | 1 Android | 2025-03-25 | N/A | 9.8 CRITICAL |
| A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues | |||||
| CVE-2024-27218 | 1 Google | 1 Android | 2025-03-25 | N/A | 5.5 MEDIUM |
| In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21012 | 1 Google | 1 Android | 2025-03-24 | N/A | 4.4 MEDIUM |
| In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029812 | |||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-32901 | 1 Google | 1 Android | 2025-03-24 | N/A | 7.8 HIGH |
| In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-2886 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-22 | N/A | 7.5 HIGH |
| Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-2173 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-21 | N/A | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-20946 | 1 Google | 1 Android | 2025-03-21 | N/A | 9.8 CRITICAL |
| In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | |||||
| CVE-2023-20945 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
| In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | |||||
| CVE-2023-20944 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
| In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | |||||