VYPR

Vendor CVEs

Google

All CVEs

11,509 total · sorted by risk
  • CVE-2025-12910Nov 7, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)

  • CVE-2025-12909Nov 7, 2025
    risk 0.00cvss epss 0.00

    Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)

  • CVE-2025-12908Nov 7, 2025
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-12907Nov 7, 2025
    risk 0.00cvss epss 0.00

    Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)

  • CVE-2025-12906Nov 7, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-12905Nov 7, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-11460Nov 6, 2025
    risk 0.00cvss epss 0.00

    Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)

  • CVE-2025-11458Nov 6, 2025
    risk 0.00cvss epss 0.00

    Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-11756Nov 6, 2025
    risk 0.00cvss epss 0.00

    Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-12036Nov 6, 2025
    risk 0.00cvss epss 0.04

    Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-11219Nov 6, 2025
    risk 0.00cvss epss 0.00

    Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-11216Nov 6, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

  • CVE-2025-11215Nov 6, 2025
    risk 0.00cvss epss 0.00

    Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11213Nov 6, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11212Nov 6, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11211Nov 6, 2025
    risk 0.00cvss epss 0.00

    Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11210Nov 6, 2025
    risk 0.00cvss epss 0.00

    Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11209Nov 6, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11208Nov 6, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11207Nov 6, 2025
    risk 0.00cvss epss 0.00

    Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11206Nov 6, 2025
    risk 0.00cvss epss 0.00

    Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-11205Nov 6, 2025
    risk 0.00cvss epss 0.00

    Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-21077Nov 5, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.

  • CVE-2025-10892Sep 24, 2025
    risk 0.00cvss epss 0.00

    Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10891Sep 24, 2025
    risk 0.00cvss epss 0.07

    Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10890Sep 24, 2025
    risk 0.00cvss epss 0.00

    Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10502Sep 24, 2025
    risk 0.00cvss epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

  • CVE-2025-10501Sep 24, 2025
    risk 0.00cvss epss 0.00

    Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10500Sep 24, 2025
    risk 0.00cvss epss 0.00

    Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10201Sep 10, 2025
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-10200Sep 10, 2025
    risk 0.00cvss epss 0.01

    Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2025-32320Sep 5, 2025
    risk 0.00cvss epss 0.00

    In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-32318Sep 5, 2025
    risk 0.00cvss epss 0.00

    In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-32317Sep 5, 2025
    risk 0.00cvss epss 0.00

    In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-32316Sep 5, 2025
    risk 0.00cvss epss 0.00

    In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-26461Sep 5, 2025
    risk 0.00cvss epss 0.00

    In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2025-26434Sep 5, 2025
    risk 0.00cvss epss 0.00

    In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0028Sep 5, 2025
    risk 0.00cvss epss 0.00

    In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-32322Sep 4, 2025
    risk 0.00cvss epss 0.00

    In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2025-26439Sep 4, 2025
    risk 0.00cvss epss 0.00

    In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

  • CVE-2025-26431Sep 4, 2025
    risk 0.00cvss epss 0.00

    In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2025-26419Sep 4, 2025
    risk 0.00cvss epss 0.00

    In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-40664Sep 4, 2025
    risk 0.00cvss epss 0.00

    In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2025-22415Sep 4, 2025
    risk 0.00cvss epss 0.00

    In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-22414Sep 4, 2025
    risk 0.00cvss epss 0.00

    In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-49731Sep 4, 2025
    risk 0.00cvss epss 0.00

    In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2025-48563Sep 4, 2025
    risk 0.00cvss epss 0.00

    In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48562Sep 4, 2025
    risk 0.00cvss epss 0.00

    In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2025-48561Sep 4, 2025
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48560Sep 4, 2025
    risk 0.00cvss epss 0.00

    In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 182 of 231