Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12026 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7965 2 Google, Microsoft 2 Chrome, Edge Chromium 2024-09-18 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8639 1 Google 2 Android, Chrome 2024-09-13 N/A 8.8 HIGH
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8638 1 Google 1 Chrome 2024-09-13 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8637 1 Google 2 Android, Chrome 2024-09-13 N/A 8.8 HIGH
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8636 1 Google 1 Chrome 2024-09-13 N/A 8.8 HIGH
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-34727 1 Google 1 Android 2024-09-11 N/A 7.5 HIGH
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20089 4 Google, Linuxfoundation, Mediatek and 1 more 15 Android, Yocto, Mt6835 and 12 more 2024-09-05 N/A 7.5 HIGH
In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.
CVE-2024-20088 2 Google, Mediatek 29 Android, Mt6765, Mt6768 and 26 more 2024-09-05 N/A 4.4 MEDIUM
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543.
CVE-2024-20087 2 Google, Mediatek 13 Android, Mt6765, Mt6768 and 10 more 2024-09-05 N/A 6.7 MEDIUM
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.
CVE-2024-20086 2 Google, Mediatek 13 Android, Mt6765, Mt6768 and 10 more 2024-09-05 N/A 6.7 MEDIUM
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551.
CVE-2024-45045 2 Collabora, Google 2 Online, Android 2024-09-03 N/A 6.1 MEDIUM
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability.
CVE-2024-8194 1 Google 1 Chrome 2024-08-30 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8193 1 Google 1 Chrome 2024-08-30 N/A 8.8 HIGH
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7969 1 Google 1 Chrome 2024-08-28 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8033 2 Google, Microsoft 2 Chrome, Windows 2024-08-27 N/A 4.3 MEDIUM
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-7968 1 Google 1 Chrome 2024-08-27 N/A 8.8 HIGH
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7967 1 Google 1 Chrome 2024-08-27 N/A 8.8 HIGH
Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7966 1 Google 1 Chrome 2024-08-27 N/A 8.8 HIGH
Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7964 1 Google 2 Android, Chrome 2024-08-27 N/A 8.8 HIGH
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7980 2 Google, Microsoft 2 Chrome, Windows 2024-08-26 N/A 7.8 HIGH
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)