Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32649 | 2 Google, Mediatek | 3 Android, Mt6895, Mt6983 | 2023-01-10 | N/A | 6.7 MEDIUM |
| In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840. | |||||
| CVE-2022-32644 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6833 and 16 more | 2023-01-10 | N/A | 6.4 MEDIUM |
| In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494473; Issue ID: ALPS07494473. | |||||
| CVE-2022-32638 | 2 Google, Mediatek | 30 Android, Mt6781, Mt6833 and 27 more | 2023-01-10 | N/A | 6.4 MEDIUM |
| In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449. | |||||
| CVE-2022-32623 | 2 Google, Mediatek | 9 Android, Mt6789, Mt6855 and 6 more | 2023-01-09 | N/A | 6.7 MEDIUM |
| In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114. | |||||
| CVE-2019-13768 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 7.4 HIGH |
| Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2021-21200 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 5.4 MEDIUM |
| Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) | |||||
| CVE-2021-30558 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2022-0337 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-09 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2022-0801 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 6.1 MEDIUM |
| Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2022-2743 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2023-01-09 | N/A | 8.8 HIGH |
| Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) | |||||
| CVE-2022-3842 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 7.5 HIGH |
| Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3863 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 6.1 MEDIUM |
| Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2020-6616 | 3 Apple, Google, Samsung | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2023-01-09 | 3.3 LOW | 6.5 MEDIUM |
| Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | |||||
| CVE-2022-45412 | 4 Apple, Google, Linux and 1 more | 6 Macos, Android, Linux Kernel and 3 more | 2023-01-05 | N/A | 8.8 HIGH |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-34469 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-04 | N/A | 8.1 HIGH |
| When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-40961 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-04 | N/A | 6.5 MEDIUM |
| During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. | |||||
| CVE-2022-36317 | 2 Google, Mozilla | 2 Android, Firefox | 2023-01-04 | N/A | 6.5 MEDIUM |
| When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
| When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | |||||
| CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 4.3 MEDIUM |
| Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||