Filtered by vendor Google
Subscribe
Total
12042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-7975 | 1 Google | 1 Chrome | 2024-08-22 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-7976 | 1 Google | 1 Chrome | 2024-08-22 | N/A | 4.3 MEDIUM |
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-7978 | 1 Google | 1 Chrome | 2024-08-22 | N/A | 4.3 MEDIUM |
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-7981 | 1 Google | 1 Chrome | 2024-08-22 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2024-8034 | 1 Google | 2 Android, Chrome | 2024-08-22 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2024-8035 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-22 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2024-32902 | 1 Google | 1 Android | 2024-08-21 | N/A | 7.5 HIGH |
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) | |||||
CVE-2024-32903 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-32927 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-32928 | 2 Google, Haxx | 3 Nest Mini, Nest Mini Firmware, Libcurl | 2024-08-20 | N/A | 5.9 MEDIUM |
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | |||||
CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-08-19 | N/A | 7.5 HIGH |
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | |||||
CVE-2024-32918 | 1 Google | 1 Android | 2024-08-19 | N/A | 6.1 MEDIUM |
Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps | |||||
CVE-2024-32913 | 1 Google | 1 Android | 2024-08-19 | N/A | 9.8 CRITICAL |
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-32900 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.8 HIGH |
In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-32895 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.8 HIGH |
In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-29781 | 1 Google | 1 Android | 2024-08-19 | N/A | 7.5 HIGH |
In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21351 | 1 Google | 1 Android | 2024-08-16 | N/A | 7.8 HIGH |
In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-7255 | 1 Google | 1 Chrome | 2024-08-16 | N/A | 8.8 HIGH |
Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-6990 | 1 Google | 1 Chrome | 2024-08-16 | N/A | 8.8 HIGH |
Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | |||||
CVE-2023-20971 | 1 Google | 1 Android | 2024-08-15 | N/A | 7.8 HIGH |
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |