VYPR

Vendor CVEs

Google

All CVEs

11,489 total · sorted by risk
  • CVE-2026-6297HigApr 15, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2023-4428HigAug 23, 2023
    risk 0.54cvss 8.1epss 0.11

    Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4068HigAug 3, 2023
    risk 0.54cvss 8.1epss 0.15

    Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2021-0920MedKEVDec 15, 2021
    risk 0.54cvss 6.4epss 0.01

    In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-6575HigSep 21, 2020
    risk 0.54cvss 8.3epss 0.01

    Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-2025HigJun 19, 2019
    risk 0.54cvss 7.8epss 0.01

    In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2023HigJun 19, 2019
    risk 0.54cvss 7.8epss 0.00

    In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product:…

  • CVE-2019-2000HigFeb 28, 2019
    risk 0.54cvss 7.8epss 0.01

    In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android…

  • CVE-2019-1999HigFeb 28, 2019
    risk 0.54cvss 7.8epss 0.01

    In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-6084HigJan 9, 2019
    risk 0.54cvss 7.8epss 0.01

    Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

  • CVE-2018-9488HigNov 6, 2018
    risk 0.54cvss 7.8epss 0.00

    In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0…

  • CVE-2018-9515HigOct 2, 2018
    risk 0.54cvss 7.8epss 0.01

    In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2017-13253HigApr 4, 2018
    risk 0.54cvss 7.8epss 0.03

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2017-13236HigFeb 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1.…

  • CVE-2017-13216HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not…

  • CVE-2017-13209HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege…

  • CVE-2016-10277HigMay 12, 2017
    risk 0.54cvss 7.8epss 0.09

    An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2017-0412HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2017-0411HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6772HigJan 12, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-6707HigNov 25, 2016
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be…

  • CVE-2016-2494HigJun 13, 2016
    risk 0.54cvss 7.8epss 0.02

    Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…

  • CVE-2015-6639HigJan 6, 2016
    risk 0.54cvss 7.8epss 0.07

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

  • CVE-2026-12012HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-11693HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11689HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11643HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-11231HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11224HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11185HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-11170HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-11169HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted XML file. (Chromium security severity: Medium)

  • CVE-2026-11111HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11015HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11011HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10930HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10887HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-9964HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2026-8018HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-7981HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7978HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-7347HigApr 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-7346HigApr 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5915HigApr 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5913HigApr 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5907HigApr 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)

  • CVE-2026-5282HigApr 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-40077HigDec 4, 2023
    risk 0.53cvss 8.1epss 0.08

    In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-4761HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4431HigAug 23, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Page 50 of 230