Filtered by vendor Google
Subscribe
Total
13189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1426 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1006 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | |||||
| CVE-2025-0999 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1920 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-2135 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-2136 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-2137 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-3068 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-3069 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-3070 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-4766 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-04 | N/A | 4.3 MEDIUM |
| Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | |||||
| CVE-2023-20908 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 | |||||
| CVE-2023-20905 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 | |||||
| CVE-2023-20904 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 | |||||
| CVE-2022-20494 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204 | |||||
| CVE-2022-20493 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 | |||||
| CVE-2022-20492 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 | |||||
| CVE-2025-0246 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-03 | N/A | 6.5 MEDIUM |
| When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. | |||||
| CVE-2018-9377 | 1 Google | 1 Android | 2025-04-03 | N/A | 5.5 MEDIUM |
| In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25992 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||