Filtered by vendor Google
Subscriptions
Total
13524 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2783 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-10-24 | 8.3 High |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2025-10-24 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2021-37975 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-37976 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 6.5 Medium |
| Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-10-24 | 6.1 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | ||||
| CVE-2024-32896 | 1 Google | 1 Android | 2025-10-24 | 8.1 High |
| there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-29745 | 1 Google | 1 Android | 2025-10-24 | 5.5 Medium |
| there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29748 | 1 Google | 2 Android, Pixel | 2025-10-24 | 7.8 High |
| there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-11645 | 2 Google, Tomofun | 2 Android, Furbo Mobile App | 2025-10-23 | 2.4 Low |
| A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-20963 | 1 Google | 1 Android | 2025-10-23 | 7.8 High |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | ||||
| CVE-2021-39793 | 1 Google | 1 Android | 2025-10-23 | 7.8 High |
| In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A | ||||
| CVE-2021-0920 | 4 Debian, Google, Linux and 1 more | 11 Debian Linux, Android, Linux Kernel and 8 more | 2025-10-23 | 6.4 Medium |
| In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | ||||
| CVE-2021-1048 | 1 Google | 1 Android | 2025-10-23 | 7.8 High |
| In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | ||||
| CVE-2020-0041 | 1 Google | 1 Android | 2025-10-23 | 7.8 High |
| In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel | ||||
| CVE-2020-0069 | 2 Google, Huawei | 57 Android, Berkeley-l09, Berkeley-l09 Firmware and 54 more | 2025-10-23 | 7.8 High |
| In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 | ||||
| CVE-2025-48543 | 1 Google | 1 Android | 2025-10-23 | 8.8 High |
| In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43093 | 1 Google | 1 Android | 2025-10-23 | 7.3 High |
| In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-35674 | 1 Google | 1 Android | 2025-10-23 | 8.8 High |
| In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21237 | 1 Google | 1 Android | 2025-10-23 | 6.2 Medium |
| In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912 | ||||
| CVE-2025-11915 | 2 Google, Google Cloud | 2 Cloud Platform, Vertex Ai | 2025-10-23 | N/A |
| Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action. | ||||