VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2022-1497MedJul 26, 2022
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

  • CVE-2022-1482MedJul 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-1146MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-1139MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-1138MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2022-1137MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

  • CVE-2022-1129MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2022-1128MedJul 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

  • CVE-2022-20228MedJul 13, 2022
    risk 0.42cvss 6.5epss 0.00

    In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20221MedJul 13, 2022
    risk 0.42cvss 6.5epss 0.00

    In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2022-20217MedJul 13, 2022
    risk 0.42cvss 6.5epss 0.00

    There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378

  • CVE-2022-20202MedJun 15, 2022
    risk 0.42cvss 6.5epss 0.01

    In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20154MedJun 15, 2022
    risk 0.42cvss 6.4epss 0.00

    In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid…

  • CVE-2022-20148MedJun 15, 2022
    risk 0.42cvss 6.4epss 0.00

    In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2022-20010MedMay 10, 2022
    risk 0.42cvss 6.5epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39805MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.00

    In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39804MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.00

    In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-39803MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.01

    In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2022-0807MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2022-0806MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.

  • CVE-2022-0804MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2022-0803MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2022-0802MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2022-0792MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-0462MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-0461MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.

  • CVE-2022-0455MedApr 5, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-39735MedMar 16, 2022
    risk 0.42cvss 6.4epss 0.00

    In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39712MedMar 16, 2022
    risk 0.42cvss 6.4epss 0.00

    In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2022-0309MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2022-0305MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2022-0294MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2022-0292MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2022-0291MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2022-0120MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.

  • CVE-2022-0117MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-0113MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-0111MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.

  • CVE-2022-0109MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

  • CVE-2022-0108MedFeb 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-39671MedFeb 11, 2022
    risk 0.42cvss 6.5epss 0.00

    In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39665MedFeb 11, 2022
    risk 0.42cvss 6.5epss 0.01

    In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-4068MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-4059MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-4054MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2021-38022MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-38021MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-38019MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-38018MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2021-38010MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Page 126 of 229