Filtered by vendor Google
Subscribe
Total
12912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43764 | 1 Google | 1 Android | 2025-07-03 | N/A | 7.8 HIGH |
| In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-6177 | 1 Google | 1 Chrome Os | 2025-07-02 | N/A | 7.4 HIGH |
| Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP). | |||||
| CVE-2025-6179 | 1 Google | 1 Chrome Os | 2025-07-02 | N/A | 9.8 CRITICAL |
| Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools. | |||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-5063 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 8.8 HIGH |
| Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-01 | N/A | 8.1 HIGH |
| Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-34732 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34733 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34748 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40649 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40651 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40669 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40670 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56184 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
| In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56185 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
| In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | |||||
| CVE-2024-56186 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
| In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56187 | 1 Google | 1 Android | 2025-06-27 | N/A | 6.6 MEDIUM |
| In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56188 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
| there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56191 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||