Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12304 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-10229 1 Google 1 Chrome 2024-10-25 N/A 8.1 HIGH
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2024-10231 1 Google 1 Chrome 2024-10-25 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7973 1 Google 1 Chrome 2024-10-24 N/A 8.8 HIGH
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-7535 1 Google 1 Chrome 2024-10-24 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9954 1 Google 1 Chrome 2024-10-22 N/A 8.8 HIGH
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9964 1 Google 1 Chrome 2024-10-17 N/A 4.3 MEDIUM
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-9966 1 Google 1 Chrome 2024-10-17 N/A 5.3 MEDIUM
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-9965 2 Google, Microsoft 2 Chrome, Windows 2024-10-17 N/A 8.8 HIGH
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-9963 1 Google 1 Chrome 2024-10-17 N/A 4.3 MEDIUM
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9962 1 Google 1 Chrome 2024-10-17 N/A 4.3 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9958 1 Google 1 Chrome 2024-10-17 N/A 4.3 MEDIUM
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-39440 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-10-17 N/A 4.4 MEDIUM
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.
CVE-2024-39439 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-10-17 N/A 4.4 MEDIUM
In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2024-39438 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-10-17 N/A 6.7 MEDIUM
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2024-39437 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-10-17 N/A 6.7 MEDIUM
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2024-39436 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-10-17 N/A 6.7 MEDIUM
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2024-8198 1 Google 1 Chrome 2024-10-15 N/A 8.8 HIGH
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7534 1 Google 1 Chrome 2024-10-15 N/A 8.8 HIGH
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-44096 1 Google 1 Android 2024-10-15 N/A 4.4 MEDIUM
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44095 1 Google 1 Android 2024-10-15 N/A 7.8 HIGH
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.