Google Google Software and search

  1. Vendors
  2. Google
Do you want an email whenever new security vulnerabilities are reported in any Google product?

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android3236 vulnerabilities
Mobile operating system

Google Chrome1633 vulnerabilities
Web browser

Google Tensorflow428 vulnerabilities
Open source machine learning / AI library

Google Chrome Os24 vulnerabilities

Google Asylo14 vulnerabilities

Google Protobuf Java4 vulnerabilities

Google Fuchsia4 vulnerabilities

Google Fscrypt4 vulnerabilities

Google Gvisor3 vulnerabilities

Google Protobuf Javalite3 vulnerabilities

Google Gerrit3 vulnerabilities

Google Guest Oslogin3 vulnerabilities

Google Linux And Chrome Os3 vulnerabilities

Google Monorail3 vulnerabilities

Google Lacros2 vulnerabilities

Google Oauth Client Library For Java2 vulnerabilities

Google Web Toolkit2 vulnerabilities

Google Web Stories2 vulnerabilities

Google Bazel2 vulnerabilities

Google Protobuf Kotlin2 vulnerabilities

Google Play Services Software Development Kit2 vulnerabilities

Google Protobuf2 vulnerabilities

Google Protobuf2 vulnerabilities

Google V82 vulnerabilities

Google Guava2 vulnerabilities

Google Earth2 vulnerabilities

Google Kubernetes Engine2 vulnerabilities

Google Protobuf Cpp1 vulnerability

Google Protobuf Python1 vulnerability

Google Perfetto1 vulnerability

Google Protobuf Kotlin Lite1 vulnerability

Google Gson1 vulnerability

Google Sa360 Webquery To Bigquery Exporter1 vulnerability

Google Santa1 vulnerability

Google Secret Manager Provider Secret Store Csi Driver1 vulnerability

Google Skia1 vulnerability

Google Slashify1 vulnerability

Google Slo Generator1 vulnerability

Google Snappy1 vulnerability

Google Tink1 vulnerability

Google Titan Security Key1 vulnerability

Google Toolbar1 vulnerability

Google Voice Builder1 vulnerability

Google Youtube Android Player Api1 vulnerability

Google Espv21 vulnerability

Google Android Api1 vulnerability

Google Angle1 vulnerability

Google Api C Client1 vulnerability

Google Bindiff1 vulnerability

Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Google Brotli1 vulnerability

Google Cardboard1 vulnerability

Google Chrome Launcher1 vulnerability

Google Closure Library1 vulnerability

Google Cloud Iot Device Sdk Embedded C1 vulnerability

Google Cloud Messaging Notification1 vulnerability

Google Data Transfer Project1 vulnerability

Google Openthread1 vulnerability

Google Exposure Notification Verification Server1 vulnerability

Google Exposure Notifications1 vulnerability

Google Exposure Notifications Verification Server1 vulnerability

Google Extensible Service Proxy1 vulnerability

Google Firebase Php Jwt1 vulnerability

Google Firebaseutil1 vulnerability

Google Go Attestation1 vulnerability

Google Cloud Platform Service Broker1 vulnerability

Google Search1 vulnerability

Googleapple Exposure Notifications1 vulnerability

Google Kctf1 vulnerability

Recent Google Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop May 30, 2023
Android Security Bulletin—May 2023 | Android Open Source Project May 15, 2023
Android Security Bulletin—April 2023 | Android Open Source Project April 19, 2023
Chrome Releases: Stable Channel Update for Desktop April 19, 2023
Chrome Releases: Stable Channel Update for Desktop April 14, 2023
Chrome Releases: Stable Channel Update for Desktop April 4, 2023
Android Security Bulletin—March 2023 | Android Open Source Project March 24, 2023
Pixel Update Bulletin—March 2023 | Android Open Source Project March 24, 2023
Chrome Releases: Stable Channel Update for Desktop March 21, 2023
Android Security Bulletin—February 2023 | Android Open Source Project February 28, 2023

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Chrome Skia Integer Overflow Vulnerability Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 April 21, 2023
Google Chromium V8 Engine Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2023-2033 April 17, 2023
Google Chrome Use-After-Free Vulnerability Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 March 30, 2023
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-4262 December 5, 2022
Google Chrome Heap Buffer Overflow Vulnerability Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 November 28, 2022
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-3723 October 28, 2022
Google Chromium Insufficient Data Validation Vulnerability Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. CVE-2022-3075 September 8, 2022
Google Chrome Intents Insufficient Input Validation Vulnerability Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 August 18, 2022
Google Chromium Security Bypass Vulnerability Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge. CVE-2021-30533 June 27, 2022
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 Engine contains a type confusion vulnerability which allows a remote attacker to execute code inside a sandbox. CVE-2017-5070 June 8, 2022
Google Chromium V8 Out-of-Bounds Read Vulnerability Google Chromium V8 contains an out-of-bounds read vulnerability. CVE-2016-1646 June 8, 2022
Google Chromium V8 Memory Corruption Vulnerability Google Chromium V8 Engine contains a memory corruption vulnerability which allows a remote attacker to execute code. CVE-2017-5030 June 8, 2022
Google Chromium V8 Out-of-Bounds Memory Vulnerability Google Chromium V8 Engine contains an out-of-bounds memory vulnerability. CVE-2016-5198 June 8, 2022
Google Chromium V8 Out-of-Bounds Write Vulnerability Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to potentially exploit heap corruption. CVE-2019-5825 June 8, 2022
Google Chromium V8 Out-of-Bounds Write Vulnerability Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to execute code inside a sandbox. CVE-2018-17480 June 8, 2022
Google Chromium V8 Integer Overflow Vulnerability Google Chromium V8 Engine contains an integer overflow vulnerability which allows a remote attacker to potentially exploit heap corruption. CVE-2018-6065 June 8, 2022
Google Chromium V8 Remote Code Execution Vulnerability Google Chromium V8 contains an unspecified vulnerability which allows for remote code execution. CVE-2018-17463 June 8, 2022
Google Chrome Use-After-Free Vulnerability Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 May 23, 2022
Google Chrome Use-After-Free Vulnerability Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 May 23, 2022
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 engine contains a type confusion vulnerability. CVE-2022-1364 April 15, 2022

By the Year

In 2023 there have been 371 vulnerabilities in Google with an average score of 7.0 out of ten. Last year Google had 1384 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.10.

Year Vulnerabilities Average Score
2023 371 6.99
2022 1384 6.89
2021 1123 7.02
2020 987 7.10
2019 808 7.11
2018 419 7.41

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90

CVE-2023-2940 6.5 - Medium - May 30, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90

CVE-2023-2929 8.8 - High - May 30, 2023

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Extensions in Google Chrome prior to 114.0.5735.90

CVE-2023-2930 8.8 - High - May 30, 2023

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2931 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2932 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2933 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90

CVE-2023-2934 8.8 - High - May 30, 2023

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2935 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2936 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2937 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2938 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90

CVE-2023-2941 4.3 - Medium - May 30, 2023

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Use after free in Navigation in Google Chrome prior to 113.0.5672.126

CVE-2023-2721 8.8 - High - May 16, 2023

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Dangling pointer

Use after free in DevTools in Google Chrome prior to 113.0.5672.126

CVE-2023-2723 8.8 - High - May 16, 2023

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 113.0.5672.126

CVE-2023-2724 8.8 - High - May 16, 2023

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Guest View in Google Chrome prior to 113.0.5672.126

CVE-2023-2725 8.8 - High - May 16, 2023

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126

CVE-2023-2726 8.8 - High - May 16, 2023

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

Product: AndroidVersions: Android So

CVE-2021-0877 9.8 - Critical - May 15, 2023

Product: AndroidVersions: Android SoCAndroid ID: A-273754094

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java

CVE-2023-20914 5.5 - Medium - May 15, 2023

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529

Cleartext Storage of Sensitive Information

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion

CVE-2023-20930 5.5 - Medium - May 15, 2023

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066

Resource Exhaustion

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code

CVE-2023-21102 7.8 - High - May 15, 2023

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel

In registerPhoneAccount of PhoneAccountRegistrar.java

CVE-2023-21103 5.5 - Medium - May 15, 2023

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622

In applySyncTransaction of WindowOrganizer.java

CVE-2023-21104 5.5 - Medium - May 15, 2023

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771

Incorrect Default Permissions

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free

CVE-2023-21106 7.8 - High - May 15, 2023

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel

Double-free

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check

CVE-2023-21107 7.8 - High - May 15, 2023

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017

Incorrect Default Permissions

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code

CVE-2023-21109 7.8 - High - May 15, 2023

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion

CVE-2023-21110 7.8 - High - May 15, 2023

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365

Resource Exhaustion

In several functions of PhoneAccountRegistrar.java

CVE-2023-21111 5.5 - Medium - May 15, 2023

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769

Improper Input Validation

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-21112 5.5 - Medium - May 15, 2023

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983

Out-of-bounds Read

In verifyReplacingVersionCode of InstallPackageHelper.java

CVE-2023-21116 6.7 - Medium - May 15, 2023

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273

In registerReceiverWithFeature of ActivityManagerService.java

CVE-2023-21117 7.8 - High - May 15, 2023

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2023-21118 5.5 - Medium - May 15, 2023

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004

Out-of-bounds Read

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password

CVE-2023-1979 6.5 - Medium - May 08, 2023

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit  ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68

AuthZ

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2459 6.5 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63

CVE-2023-2460 7.1 - High - May 03, 2023

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2462 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2464 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63

CVE-2023-2465 4.3 - Medium - May 03, 2023

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2466 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2468 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure

CVE-2023-30845 9.8 - Critical - April 26, 2023

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.

authentification

In multiple functions of PackageInstallerService.java and related files

CVE-2023-21081 7.8 - High - April 19, 2023

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-230492955

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services

CVE-2023-21099 7.8 - High - April 19, 2023

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226

In multiple functions of AccountManagerService.java

CVE-2023-21098 7.8 - High - April 19, 2023

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867

In OnWakelockReleased of attribution_processor.cc, there is a use after free

CVE-2023-21096 9.8 - Critical - April 19, 2023

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758

Dangling pointer

In canDisplayLocalUi of AppLocalePickerActivity.java

CVE-2023-21091 5.5 - Medium - April 19, 2023

In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050

AuthZ

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion

CVE-2023-21090 5 - Medium - April 19, 2023

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609

Resource Exhaustion

In startInstrumentation of ActivityManagerService.java

CVE-2023-21089 7.8 - High - April 19, 2023

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679

In deliverOnFlushComplete of LocationProviderManager.java

CVE-2023-21088 7.8 - High - April 19, 2023

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop

CVE-2023-21087 5.5 - Medium - April 19, 2023

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC

CVE-2023-21086 7.8 - High - April 19, 2023

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2023-21085 8.8 - High - April 19, 2023

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662

Memory Corruption

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20935 5.5 - Medium - April 19, 2023

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724

Out-of-bounds Read

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check

CVE-2023-20909 5.5 - Medium - April 19, 2023

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512

In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0873 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711

Integer Overflow or Wraparound

In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0872 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229

Integer Overflow or Wraparound

In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0879 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970

Integer Overflow or Wraparound

In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0878 7.8 - High - April 19, 2023

In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153

Integer Overflow or Wraparound

In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0876 7.8 - High - April 19, 2023

In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229

Integer Overflow or Wraparound

In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0875 7.8 - High - April 19, 2023

In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061

Integer Overflow or Wraparound

In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0874 7.8 - High - April 19, 2023

In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633

Integer Overflow or Wraparound

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-21080 5.5 - Medium - April 19, 2023

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076

Out-of-bounds Read

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2023-20967 7.8 - High - April 19, 2023

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503

Memory Corruption

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions

CVE-2023-20950 7.8 - High - April 19, 2023

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028

AuthZ

In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0884 7.8 - High - April 19, 2023

In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454

Integer Overflow or Wraparound

In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0883 7.8 - High - April 19, 2023

In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013

Integer Overflow or Wraparound

In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0882 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803

Integer Overflow or Wraparound

In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0881 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350

Integer Overflow or Wraparound

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow

CVE-2023-21100 7.8 - High - April 19, 2023

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249

Memory Corruption

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy

CVE-2023-21097 7.8 - High - April 19, 2023

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325

Externally Controlled Reference to a Resource in Another Sphere

In sanitize of LayerState.cpp

CVE-2023-21094 7.8 - High - April 19, 2023

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255

AuthZ

In extractRelativePath of FileUtils.java

CVE-2023-21093 7.8 - High - April 19, 2023

In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832

Directory traversal

In retrieveServiceLocked of ActiveServices.java

CVE-2023-21092 7.8 - High - April 19, 2023

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055

In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto

CVE-2023-21084 6.7 - Medium - April 19, 2023

In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300

In onNullBinding of CallScreeningServiceHelper.java

CVE-2023-21083 7.8 - High - April 19, 2023

In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java

CVE-2023-21082 5.5 - Medium - April 19, 2023

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107

In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20941 6.6 - Medium - April 19, 2023

In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel

Memory Corruption

In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0885 7.8 - High - April 19, 2023

In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914

Integer Overflow or Wraparound

In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow

CVE-2021-0880 7.8 - High - April 19, 2023

In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792

Integer Overflow or Wraparound

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137

CVE-2023-2133 8.8 - High - April 19, 2023

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137

CVE-2023-2134 8.8 - High - April 19, 2023

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in DevTools in Google Chrome prior to 112.0.5615.137

CVE-2023-2135 7.5 - High - April 19, 2023

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137

CVE-2023-2136 9.6 - Critical - April 19, 2023

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Integer Overflow or Wraparound

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137

CVE-2023-2137 8.8 - High - April 19, 2023

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 112.0.5615.121

CVE-2023-2033 8.8 - High - April 14, 2023

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49

CVE-2023-1822 6.5 - Medium - April 04, 2023

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49

CVE-2023-1823 6.5 - Medium - April 04, 2023

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49

CVE-2023-1821 6.5 - Medium - April 04, 2023

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49

CVE-2023-1820 8.8 - High - April 04, 2023

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49

CVE-2023-1819 6.5 - Medium - April 04, 2023

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Out-of-bounds Read

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49

CVE-2023-1818 8.8 - High - April 04, 2023

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49

CVE-2023-1817 6.5 - Medium - April 04, 2023

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49

CVE-2023-1816 6.5 - Medium - April 04, 2023

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49

CVE-2023-1815 8.8 - High - April 04, 2023

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49

CVE-2023-1812 8.8 - High - April 04, 2023

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow

Use after free in Frames in Google Chrome prior to 112.0.5615.49

CVE-2023-1811 8.8 - High - April 04, 2023

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49

CVE-2023-1810 8.8 - High - April 04, 2023

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49

CVE-2023-1813 6.5 - Medium - April 04, 2023

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49

CVE-2023-1814 6.5 - Medium - April 04, 2023

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

TensorFlow is an Open Source Machine Learning Framework

CVE-2023-25661 6.5 - Medium - March 27, 2023

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.