Filtered by vendor Google
Subscriptions
Total
12562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2025-03-20 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-32912 | 1 Google | 1 Android | 2025-03-20 | 5.5 Medium |
| there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21014 | 1 Google | 1 Android | 2025-03-19 | 5.1 Medium |
| In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326 | ||||
| CVE-2025-20636 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2025-03-19 | 6.7 Medium |
| In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431. | ||||
| CVE-2024-31315 | 1 Google | 1 Android | 2025-03-19 | 5.3 Medium |
| In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | 7.8 High |
| In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20949 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A | ||||
| CVE-2023-20927 | 1 Google | 1 Android | 2025-03-19 | 7.8 High |
| In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503 | ||||
| CVE-2018-9412 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2025-03-19 | 8.8 High |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2024-7001 | 1 Google | 1 Chrome | 2025-03-19 | 4.3 Medium |
| Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-34727 | 1 Google | 1 Android | 2025-03-19 | 7.5 High |
| In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-2884 | 1 Google | 1 Chrome | 2025-03-19 | 6.3 Medium |
| Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-40110 | 1 Google | 1 Android | 2025-03-19 | 6.2 Medium |
| In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||