VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2026-8525HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8523HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8520HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8515HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8514HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8513HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8512HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8001HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7985HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7975HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7970HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7967HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7963HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7956HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7923HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7922HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7920HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7919HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Aura in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7918HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7917HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7916HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7914HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7911HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Aura in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7905HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7900HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7353HigApr 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7352HigApr 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7350HigApr 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7345HigApr 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6921HigApr 23, 2026
    risk 0.54cvss 8.3epss 0.00

    Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

  • CVE-2026-6361HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-6314HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6311HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6310HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6309HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6304HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6297HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2018-9515HigOct 2, 2018
    risk 0.54cvss 7.8epss 0.01

    In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2017-13253HigApr 4, 2018
    risk 0.54cvss 7.8epss 0.03

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2017-13236HigFeb 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1.…

  • CVE-2017-13216HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not…

  • CVE-2017-13209HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege…

  • CVE-2016-10277HigMay 12, 2017
    risk 0.54cvss 7.8epss 0.09

    An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2017-0412HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2017-0411HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6772HigJan 12, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-6707HigNov 25, 2016
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be…

  • CVE-2016-2494HigJun 13, 2016
    risk 0.54cvss 7.8epss 0.02

    Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…

  • CVE-2015-6639HigJan 6, 2016
    risk 0.54cvss 7.8epss 0.07

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

  • CVE-2026-12012HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Page 23 of 227