VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2025-5065MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1704MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

  • CVE-2025-3070MedApr 2, 2025
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1921MedMar 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-40673MedJan 28, 2025
    risk 0.42cvss 6.5epss 0.00

    In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not…

  • CVE-2024-43763MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-0442MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0441MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0440MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0439MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0435MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-54317MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.

  • CVE-2018-9429MedDec 2, 2024
    risk 0.42cvss 6.5epss 0.00

    In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9423MedDec 2, 2024
    risk 0.42cvss 6.5epss 0.00

    In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9354MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9353MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9352MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9351MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9350MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9349MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2017-13320MedNov 27, 2024
    risk 0.42cvss 6.5epss 0.00

    In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9486MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9485MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9483MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9482MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9481MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-9480MedNov 20, 2024
    risk 0.42cvss 6.5epss 0.00

    In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9440MedNov 19, 2024
    risk 0.42cvss 6.5epss 0.00

    In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2018-9371MedNov 19, 2024
    risk 0.42cvss 6.4epss 0.00

    In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with…

  • CVE-2018-9348MedNov 19, 2024
    risk 0.42cvss 6.5epss 0.00

    In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2017-13313MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction…

  • CVE-2024-11110MedNov 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-7254HigSep 19, 2024
    risk 0.42cvss 7.5epss 0.03

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java…

  • CVE-2024-5500MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2884MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-7011MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2020-36765MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6777MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-5843MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

  • CVE-2024-5840MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5839MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5166MedMay 22, 2024
    risk 0.42cvss 6.5epss 0.00

    An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.

  • CVE-2024-4950MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-4949MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.01

    Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-4948MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.01

    Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-23709MedMay 7, 2024
    risk 0.42cvss 6.5epss 0.01

    In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-4559MedMay 7, 2024
    risk 0.42cvss 6.5epss 0.01

    Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4060MedMay 1, 2024
    risk 0.42cvss 6.5epss 0.01

    Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4059MedMay 1, 2024
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3914MedApr 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 123 of 229