VYPR

Vendor CVEs

Google

All CVEs

11,369 total · sorted by risk
  • CVE-2026-11696MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11678MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11669MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11246MedJun 5, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11174MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11145MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11098MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11005MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11004MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9985MedMay 28, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…

  • CVE-2026-9124MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8583MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…

  • CVE-2026-8582MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8546MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8543MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…

  • CVE-2026-8541MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8538MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8535MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity:…

  • CVE-2026-8516MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium…

  • CVE-2026-8020MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7960MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7955MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5890MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5886MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-40674MedJan 28, 2025
    risk 0.34cvss 5.3epss 0.00

    In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-9966MedOct 15, 2024
    risk 0.34cvss 5.3epss 0.00

    Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-22013MedSep 16, 2024
    risk 0.34cvss 5.3epss 0.00

    U-Boot environment is read from unauthenticated partition.

  • CVE-2024-22006MedMar 11, 2024
    risk 0.34cvss 5.3epss 0.00

    OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.

  • CVE-2024-0016MedFeb 16, 2024
    risk 0.34cvss 5.3epss 0.00

    In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0333MedJan 10, 2024
    risk 0.34cvss 5.3epss 0.00

    Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-20530MedDec 16, 2022
    risk 0.34cvss 5.3epss 0.00

    In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-22556MedMay 3, 2022
    risk 0.34cvss 5.3epss 0.00

    The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or…

  • CVE-2021-1037MedJan 14, 2022
    risk 0.34cvss 5.3epss 0.00

    The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions:…

  • CVE-2019-9323MedSep 27, 2019
    risk 0.34cvss 5.3epss 0.00

    In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:…

  • CVE-2018-19335MedNov 20, 2018
    risk 0.34cvss 5.3epss 0.00

    Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug…

  • CVE-2018-19334MedNov 20, 2018
    risk 0.34cvss 5.3epss 0.00

    Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.

  • CVE-2018-10099MedNov 20, 2018
    risk 0.34cvss 5.3epss 0.00

    Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

  • CVE-2018-19111MedNov 8, 2018
    risk 0.34cvss 5.3epss 0.00

    The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.

  • CVE-2017-0751MedApr 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.

  • CVE-2017-0748MedApr 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.

  • CVE-2017-0744MedApr 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.

  • CVE-2017-13304MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.

  • CVE-2017-13303MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.

  • CVE-2017-13298MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.

  • CVE-2017-13297MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.

  • CVE-2017-13296MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.

  • CVE-2017-13295MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.

  • CVE-2017-13294MedApr 4, 2018
    risk 0.34cvss 5.3epss 0.00

    A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.

  • CVE-2017-14891MedMar 30, 2018
    risk 0.34cvss 5.3epss 0.00

    In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable.

  • CVE-2017-13165MedDec 6, 2017
    risk 0.34cvss 5.3epss 0.00

    An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.

Page 156 of 228