Filtered by vendor Google
Subscriptions
Total
12982 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7656 | 1 Google | 1 Chrome | 2025-07-16 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-7657 | 1 Google | 1 Chrome | 2025-07-16 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | 5.4 Medium |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-8907 | 1 Google | 2 Android, Chrome | 2025-07-15 | 6.1 Medium |
| Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2025-3067 | 1 Google | 2 Android, Chrome | 2025-07-15 | 8.8 High |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | ||||
| CVE-2025-3619 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | 8.8 High |
| Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2025-20695 | 3 Google, Mediatek, Openwrt | 14 Android, Mt6639, Mt6653 and 11 more | 2025-07-14 | 6.5 Medium |
| In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317. | ||||
| CVE-2025-20694 | 3 Google, Mediatek, Openwrt | 40 Android, Mt2718, Mt6639 and 37 more | 2025-07-14 | 6.5 Medium |
| In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342. | ||||
| CVE-2020-36846 | 1 Google | 1 Brotli | 2025-07-13 | 9.8 Critical |
| A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. | ||||
| CVE-2024-54317 | 1 Google | 1 Web Stories | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories allows Stored XSS.This issue affects Web Stories: from n/a through 1.37.0. | ||||
| CVE-2025-1704 | 1 Google | 1 Chrome Os | 2025-07-11 | 6.5 Medium |
| ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | ||||
| CVE-2025-2073 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2025-07-11 | 8.8 High |
| Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure | ||||
| CVE-2025-1290 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2025-07-11 | 8.1 High |
| A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution. | ||||
| CVE-2018-9379 | 1 Google | 1 Android | 2025-07-10 | 5.5 Medium |
| In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9382 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9383 | 1 Google | 1 Android | 2025-07-10 | 4.4 Medium |
| In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9384 | 1 Google | 1 Android | 2025-07-10 | 4.4 Medium |
| In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9434 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9447 | 1 Google | 1 Android | 2025-07-10 | 5.5 Medium |
| In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9387 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||