VYPR

Vendor CVEs

Google

All CVEs

11,449 total · sorted by risk
  • CVE-2026-5907HigApr 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)

  • CVE-2026-5282HigApr 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-40077HigDec 4, 2023
    risk 0.53cvss 8.1epss 0.08

    In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-4761HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-4431HigAug 23, 2023
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4070HigAug 3, 2023
    risk 0.53cvss 8.1epss 0.01

    Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-1130HigJul 23, 2022
    risk 0.53cvss 8.1epss 0.01

    Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

  • CVE-2022-0114HigFeb 12, 2022
    risk 0.53cvss 8.1epss 0.01

    Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.

  • CVE-2021-0870HigOct 22, 2021
    risk 0.53cvss 8.1epss 0.07

    In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2021-30593HigAug 26, 2021
    risk 0.53cvss 8.1epss 0.02

    Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-0514HigJul 14, 2021
    risk 0.53cvss 8.1epss 0.01

    In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-30536HigJun 7, 2021
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

  • CVE-2021-30511HigJun 4, 2021
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-21205HigApr 26, 2021
    risk 0.53cvss 8.1epss 0.01

    Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-21172HigMar 9, 2021
    risk 0.53cvss 8.1epss 0.02

    Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2021-21125HigFeb 9, 2021
    risk 0.53cvss 8.1epss 0.08

    Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2020-16041HigJan 8, 2021
    risk 0.53cvss 8.1epss 0.02

    Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-16040MedJan 8, 2021
    risk 0.53cvss 6.5epss 1.00

    Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2014-7914HigFeb 21, 2020
    risk 0.53cvss 8.1epss 0.00

    btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.

  • CVE-2019-5881HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-5849HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2018-6138HigJun 27, 2019
    risk 0.53cvss 8.1epss 0.01

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2019-5755HigFeb 19, 2019
    risk 0.53cvss 8.1epss 0.02

    Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

  • CVE-2018-6034HigSep 25, 2018
    risk 0.53cvss 8.1epss 0.02

    Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-10439HigApr 18, 2018
    risk 0.53cvss 8.1epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer…

  • CVE-2016-10432HigApr 18, 2018
    risk 0.53cvss 8.1epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to…

  • CVE-2016-10409HigApr 18, 2018
    risk 0.53cvss 8.1epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled…

  • CVE-2017-9685HigAug 18, 2017
    risk 0.53cvss 8.1epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.

  • CVE-2016-10383HigAug 18, 2017
    risk 0.53cvss 8.1epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.

  • CVE-2017-5035HigApr 24, 2017
    risk 0.53cvss 8.1epss 0.01

    Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

  • CVE-2016-3851HigAug 5, 2016
    risk 0.53cvss 8.1epss 0.01

    The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.

  • CVE-2016-1671HigMay 14, 2016
    risk 0.53cvss 8.1epss 0.02

    Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.

  • CVE-2016-1651HigApr 18, 2016
    risk 0.53cvss 8.1epss 0.01

    fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service…

  • CVE-2016-2409HigApr 18, 2016
    risk 0.53cvss 8.1epss 0.01

    A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.

  • CVE-2026-11241HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-0097HigJun 1, 2026
    risk 0.52cvss 8.0epss 0.00

    In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2026-0095HigJun 1, 2026
    risk 0.52cvss 8.0epss 0.00

    In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2026-0059HigJun 1, 2026
    risk 0.52cvss 8.0epss 0.00

    In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-5797HigSep 29, 2022
    risk 0.52cvss 7.5epss 0.03

    Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-0933HigDec 15, 2021
    risk 0.52cvss 8.0epss 0.00

    In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a…

  • CVE-2021-38000MedKEVNov 23, 2021
    risk 0.52cvss 6.1epss 0.04

    Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

  • CVE-2021-0594HigJul 14, 2021
    risk 0.52cvss 8.0epss 0.01

    In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no…

  • CVE-2021-0433HigApr 13, 2021
    risk 0.52cvss 8.0epss 0.01

    In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges…

  • CVE-2019-5796HigMay 23, 2019
    risk 0.52cvss 7.5epss 0.05

    Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2015-9222HigApr 18, 2018
    risk 0.52cvss 7.5epss 0.04

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,…

  • CVE-2017-13261HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.07

    In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2017-13260HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.08

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13258HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.07

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-5074HigOct 27, 2017
    risk 0.52cvss 8.0epss 0.01

    A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth.

  • CVE-2014-0997HigSep 26, 2017
    risk 0.52cvss 7.5epss 0.06

    WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not…

Page 51 of 229