Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 11875 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40653 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-02-15 N/A 6.7 MEDIUM
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
CVE-2023-6512 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 6.5 MEDIUM
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-6511 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 4.3 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-6510 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVE-2023-6509 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
CVE-2023-6508 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-40082 1 Google 1 Android 2024-02-15 N/A 9.8 CRITICAL
In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40083 1 Google 1 Android 2024-02-15 N/A 5.5 MEDIUM
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-47131 4 Google, Microsoft, Mozilla and 1 more 4 Chrome, Edge, Firefox and 1 more 2024-02-15 N/A 7.5 HIGH
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVE-2022-2856 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2024-02-15 N/A 6.5 MEDIUM
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVE-2022-3038 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21206 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0609 1 Google 1 Chrome 2024-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38000 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2024-02-15 5.8 MEDIUM 6.1 MEDIUM
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
CVE-2022-4135 2 Google, Microsoft 3 Chrome, Edge, Edge Chromium 2024-02-15 N/A 9.6 CRITICAL
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3075 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 N/A 9.6 CRITICAL
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-30533 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVE-2021-37973 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2023-5217 7 Apple, Debian, Fedoraproject and 4 more 12 Ipad Os, Iphone Os, Debian Linux and 9 more 2024-02-15 N/A 8.8 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2021-30554 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.