Google Software and search
Products by Google Sorted by Most Security Vulnerabilities since 2018
Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Recent Google Security Advisories
Known Exploited Google Vulnerabilities
The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Google Chrome Skia Integer Overflow Vulnerability | Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 | April 21, 2023 |
Google Chromium V8 Engine Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2023-2033 | April 17, 2023 |
Google Chrome Use-After-Free Vulnerability | Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 | March 30, 2023 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-4262 | December 5, 2022 |
Google Chrome Heap Buffer Overflow Vulnerability | Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 | November 28, 2022 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-3723 | October 28, 2022 |
Google Chromium Insufficient Data Validation Vulnerability | Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. CVE-2022-3075 | September 8, 2022 |
Google Chrome Intents Insufficient Input Validation Vulnerability | Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 | August 18, 2022 |
Google Chromium Security Bypass Vulnerability | Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge. CVE-2021-30533 | June 27, 2022 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 Engine contains a type confusion vulnerability which allows a remote attacker to execute code inside a sandbox. CVE-2017-5070 | June 8, 2022 |
Google Chromium V8 Out-of-Bounds Read Vulnerability | Google Chromium V8 contains an out-of-bounds read vulnerability. CVE-2016-1646 | June 8, 2022 |
Google Chromium V8 Memory Corruption Vulnerability | Google Chromium V8 Engine contains a memory corruption vulnerability which allows a remote attacker to execute code. CVE-2017-5030 | June 8, 2022 |
Google Chromium V8 Out-of-Bounds Memory Vulnerability | Google Chromium V8 Engine contains an out-of-bounds memory vulnerability. CVE-2016-5198 | June 8, 2022 |
Google Chromium V8 Out-of-Bounds Write Vulnerability | Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to potentially exploit heap corruption. CVE-2019-5825 | June 8, 2022 |
Google Chromium V8 Out-of-Bounds Write Vulnerability | Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to execute code inside a sandbox. CVE-2018-17480 | June 8, 2022 |
Google Chromium V8 Integer Overflow Vulnerability | Google Chromium V8 Engine contains an integer overflow vulnerability which allows a remote attacker to potentially exploit heap corruption. CVE-2018-6065 | June 8, 2022 |
Google Chromium V8 Remote Code Execution Vulnerability | Google Chromium V8 contains an unspecified vulnerability which allows for remote code execution. CVE-2018-17463 | June 8, 2022 |
Google Chrome Use-After-Free Vulnerability | Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 | May 23, 2022 |
Google Chrome Use-After-Free Vulnerability | Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 | May 23, 2022 |
Google Chromium V8 Type Confusion Vulnerability | Google Chromium V8 engine contains a type confusion vulnerability. CVE-2022-1364 | April 15, 2022 |
By the Year
In 2023 there have been 371 vulnerabilities in Google with an average score of 7.0 out of ten. Last year Google had 1384 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.10.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 371 | 6.99 |
2022 | 1384 | 6.89 |
2021 | 1123 | 7.02 |
2020 | 987 | 7.10 |
2019 | 808 | 7.11 |
2018 | 419 | 7.41 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90
CVE-2023-2940
6.5 - Medium
- May 30, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90
CVE-2023-2929
8.8 - High
- May 30, 2023
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Extensions in Google Chrome prior to 114.0.5735.90
CVE-2023-2930
8.8 - High
- May 30, 2023
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2931
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2932
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2933
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90
CVE-2023-2934
8.8 - High
- May 30, 2023
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
CVE-2023-2935
8.8 - High
- May 30, 2023
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
CVE-2023-2936
8.8 - High
- May 30, 2023
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90
CVE-2023-2937
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90
CVE-2023-2938
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90
CVE-2023-2941
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
Use after free in Navigation in Google Chrome prior to 113.0.5672.126
CVE-2023-2721
8.8 - High
- May 16, 2023
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use after free in DevTools in Google Chrome prior to 113.0.5672.126
CVE-2023-2723
8.8 - High
- May 16, 2023
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type confusion in V8 in Google Chrome prior to 113.0.5672.126
CVE-2023-2724
8.8 - High
- May 16, 2023
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Guest View in Google Chrome prior to 113.0.5672.126
CVE-2023-2725
8.8 - High
- May 16, 2023
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126
CVE-2023-2726
8.8 - High
- May 16, 2023
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
Product: AndroidVersions: Android So
CVE-2021-0877
9.8 - Critical
- May 15, 2023
Product: AndroidVersions: Android SoCAndroid ID: A-273754094
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java
CVE-2023-20914
5.5 - Medium
- May 15, 2023
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529
Cleartext Storage of Sensitive Information
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion
CVE-2023-20930
5.5 - Medium
- May 15, 2023
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066
Resource Exhaustion
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code
CVE-2023-21102
7.8 - High
- May 15, 2023
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel
In registerPhoneAccount of PhoneAccountRegistrar.java
CVE-2023-21103
5.5 - Medium
- May 15, 2023
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622
In applySyncTransaction of WindowOrganizer.java
CVE-2023-21104
5.5 - Medium
- May 15, 2023
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771
Incorrect Default Permissions
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free
CVE-2023-21106
7.8 - High
- May 15, 2023
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel
Double-free
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check
CVE-2023-21107
7.8 - High
- May 15, 2023
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017
Incorrect Default Permissions
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code
CVE-2023-21109
7.8 - High
- May 15, 2023
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion
CVE-2023-21110
7.8 - High
- May 15, 2023
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365
Resource Exhaustion
In several functions of PhoneAccountRegistrar.java
CVE-2023-21111
5.5 - Medium
- May 15, 2023
In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769
Improper Input Validation
In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-21112
5.5 - Medium
- May 15, 2023
In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983
Out-of-bounds Read
In verifyReplacingVersionCode of InstallPackageHelper.java
CVE-2023-21116
6.7 - Medium
- May 15, 2023
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273
In registerReceiverWithFeature of ActivityManagerService.java
CVE-2023-21117
7.8 - High
- May 15, 2023
In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow
CVE-2023-21118
5.5 - Medium
- May 15, 2023
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
Out-of-bounds Read
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password
CVE-2023-1979
6.5 - Medium
- May 08, 2023
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68
AuthZ
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2459
6.5 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63
CVE-2023-2460
7.1 - High
- May 03, 2023
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2462
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63
CVE-2023-2464
4.3 - Medium
- May 03, 2023
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63
CVE-2023-2465
4.3 - Medium
- May 03, 2023
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2466
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63
CVE-2023-2468
4.3 - Medium
- May 03, 2023
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure
CVE-2023-30845
9.8 - Critical
- April 26, 2023
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.
authentification
In multiple functions of PackageInstallerService.java and related files
CVE-2023-21081
7.8 - High
- April 19, 2023
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-230492955
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services
CVE-2023-21099
7.8 - High
- April 19, 2023
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226
In multiple functions of AccountManagerService.java
CVE-2023-21098
7.8 - High
- April 19, 2023
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867
In OnWakelockReleased of attribution_processor.cc, there is a use after free
CVE-2023-21096
9.8 - Critical
- April 19, 2023
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758
Dangling pointer
In canDisplayLocalUi of AppLocalePickerActivity.java
CVE-2023-21091
5.5 - Medium
- April 19, 2023
In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050
AuthZ
In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion
CVE-2023-21090
5 - Medium
- April 19, 2023
In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609
Resource Exhaustion
In startInstrumentation of ActivityManagerService.java
CVE-2023-21089
7.8 - High
- April 19, 2023
In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679
In deliverOnFlushComplete of LocationProviderManager.java
CVE-2023-21088
7.8 - High
- April 19, 2023
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop
CVE-2023-21087
5.5 - Medium
- April 19, 2023
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC
CVE-2023-21086
7.8 - High
- April 19, 2023
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2023-21085
8.8 - High
- April 19, 2023
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662
Memory Corruption
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20935
5.5 - Medium
- April 19, 2023
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724
Out-of-bounds Read
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check
CVE-2023-20909
5.5 - Medium
- April 19, 2023
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512
In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0873
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711
Integer Overflow or Wraparound
In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0872
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229
Integer Overflow or Wraparound
In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0879
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970
Integer Overflow or Wraparound
In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0878
7.8 - High
- April 19, 2023
In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153
Integer Overflow or Wraparound
In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0876
7.8 - High
- April 19, 2023
In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229
Integer Overflow or Wraparound
In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0875
7.8 - High
- April 19, 2023
In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061
Integer Overflow or Wraparound
In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0874
7.8 - High
- April 19, 2023
In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633
Integer Overflow or Wraparound
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-21080
5.5 - Medium
- April 19, 2023
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076
Out-of-bounds Read
In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check
CVE-2023-20967
7.8 - High
- April 19, 2023
In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503
Memory Corruption
In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions
CVE-2023-20950
7.8 - High
- April 19, 2023
In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028
AuthZ
In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0884
7.8 - High
- April 19, 2023
In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454
Integer Overflow or Wraparound
In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0883
7.8 - High
- April 19, 2023
In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013
Integer Overflow or Wraparound
In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0882
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803
Integer Overflow or Wraparound
In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0881
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350
Integer Overflow or Wraparound
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow
CVE-2023-21100
7.8 - High
- April 19, 2023
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249
Memory Corruption
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy
CVE-2023-21097
7.8 - High
- April 19, 2023
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
Externally Controlled Reference to a Resource in Another Sphere
In sanitize of LayerState.cpp
CVE-2023-21094
7.8 - High
- April 19, 2023
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255
AuthZ
In extractRelativePath of FileUtils.java
CVE-2023-21093
7.8 - High
- April 19, 2023
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832
Directory traversal
In retrieveServiceLocked of ActiveServices.java
CVE-2023-21092
7.8 - High
- April 19, 2023
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055
In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto
CVE-2023-21084
6.7 - Medium
- April 19, 2023
In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300
In onNullBinding of CallScreeningServiceHelper.java
CVE-2023-21083
7.8 - High
- April 19, 2023
In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java
CVE-2023-21082
5.5 - Medium
- April 19, 2023
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check
CVE-2023-20941
6.6 - Medium
- April 19, 2023
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel
Memory Corruption
In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0885
7.8 - High
- April 19, 2023
In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914
Integer Overflow or Wraparound
In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow
CVE-2021-0880
7.8 - High
- April 19, 2023
In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792
Integer Overflow or Wraparound
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137
CVE-2023-2133
8.8 - High
- April 19, 2023
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137
CVE-2023-2134
8.8 - High
- April 19, 2023
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in DevTools in Google Chrome prior to 112.0.5615.137
CVE-2023-2135
7.5 - High
- April 19, 2023
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137
CVE-2023-2136
9.6 - Critical
- April 19, 2023
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Integer Overflow or Wraparound
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137
CVE-2023-2137
8.8 - High
- April 19, 2023
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Type confusion in V8 in Google Chrome prior to 112.0.5615.121
CVE-2023-2033
8.8 - High
- April 14, 2023
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49
CVE-2023-1822
6.5 - Medium
- April 04, 2023
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49
CVE-2023-1823
6.5 - Medium
- April 04, 2023
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49
CVE-2023-1821
6.5 - Medium
- April 04, 2023
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49
CVE-2023-1820
8.8 - High
- April 04, 2023
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49
CVE-2023-1819
6.5 - Medium
- April 04, 2023
Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49
CVE-2023-1818
8.8 - High
- April 04, 2023
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49
CVE-2023-1817
6.5 - Medium
- April 04, 2023
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49
CVE-2023-1816
6.5 - Medium
- April 04, 2023
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49
CVE-2023-1815
8.8 - High
- April 04, 2023
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49
CVE-2023-1812
8.8 - High
- April 04, 2023
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Buffer Overflow
Use after free in Frames in Google Chrome prior to 112.0.5615.49
CVE-2023-1811
8.8 - High
- April 04, 2023
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49
CVE-2023-1810
8.8 - High
- April 04, 2023
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49
CVE-2023-1813
6.5 - Medium
- April 04, 2023
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49
CVE-2023-1814
6.5 - Medium
- April 04, 2023
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
TensorFlow is an Open Source Machine Learning Framework
CVE-2023-25661
6.5 - Medium
- March 27, 2023
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.