Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0310 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632. | |||||
| CVE-2021-0309 | 1 Google | 1 Android | 2021-01-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. | |||||
| CVE-2021-0307 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771. | |||||
| CVE-2021-0303 | 1 Google | 1 Android | 2021-01-13 | 6.9 MEDIUM | 7.0 HIGH |
| In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229. | |||||
| CVE-2021-0306 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240. | |||||
| CVE-2020-16021 | 1 Google | 2 Chrome, Chrome Os | 2021-01-12 | 5.1 MEDIUM | 7.5 HIGH |
| Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. | |||||
| CVE-2020-16012 | 2 Google, Mozilla | 2 Chrome, Firefox | 2021-01-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-16029 | 1 Google | 1 Chrome | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. | |||||
| CVE-2020-16027 | 1 Google | 1 Chrome | 2021-01-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. | |||||
| CVE-2020-16020 | 1 Google | 2 Chrome, Chrome Os | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file. | |||||
| CVE-2020-16019 | 1 Google | 2 Chrome, Chrome Os | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. | |||||
| CVE-2020-16036 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page. | |||||
| CVE-2020-16034 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page. | |||||
| CVE-2020-16033 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-16031 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-16032 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-16035 | 1 Google | 2 Chrome, Chrome Os | 2021-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. | |||||
| CVE-2020-16030 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2020-16028 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16018 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||