Google Google Software and search

  1. Vendors
  2. Google
Do you want an email whenever new security vulnerabilities are reported in any Google product?

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android4125 vulnerabilities
Mobile operating system

Google Chrome1991 vulnerabilities
Web browser

Google Tensorflow429 vulnerabilities
Open source machine learning / AI library

Google Chrome Os25 vulnerabilities

Google Asylo14 vulnerabilities

Google Protobuf Java4 vulnerabilities

Google Fuchsia4 vulnerabilities

Google Fscrypt4 vulnerabilities

Google Gvisor3 vulnerabilities

Google Gerrit3 vulnerabilities

Google Protobuf Javalite3 vulnerabilities

Google Guava3 vulnerabilities

Google Guest Oslogin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Linux And Chrome Os3 vulnerabilities

Google Monorail3 vulnerabilities

Google Protobuf2 vulnerabilities

Google Oauth Client Library For Java2 vulnerabilities

Google Web Stories2 vulnerabilities

Google Bazel2 vulnerabilities

Google Nearby2 vulnerabilities

Google Protobuf Kotlin2 vulnerabilities

Google Play Services Software Development Kit2 vulnerabilities

Google Protobuf2 vulnerabilities

Google Lacros2 vulnerabilities

Google Earth2 vulnerabilities

Google V82 vulnerabilities

Google Kubernetes Engine2 vulnerabilities

Google Protobuf Cpp1 vulnerability

Google Perfetto1 vulnerability

Google Protobuf Python1 vulnerability

Google Openthread1 vulnerability

Google Protobuf Kotlin Lite1 vulnerability

Google Gson1 vulnerability

Google Puppeteer1 vulnerability

Google Sa360 Webquery To Bigquery Exporter1 vulnerability

Google Santa1 vulnerability

Google Secret Manager Provider Secret Store Csi Driver1 vulnerability

Google Site Kit1 vulnerability

Google Skia1 vulnerability

Google Slashify1 vulnerability

Google Slo Generator1 vulnerability

Google Snappy1 vulnerability

Google Tink1 vulnerability

Google Titan Security Key1 vulnerability

Google Toolbar1 vulnerability

Google Voice Builder1 vulnerability

Google Youtube Android Player Api1 vulnerability

Google Custom Search Engine1 vulnerability

Google Android Api1 vulnerability

Google Angle1 vulnerability

Google Api C Client1 vulnerability

Google Bindiff1 vulnerability

Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Google Brotli1 vulnerability

Google Cardboard1 vulnerability

Google Chrome Launcher1 vulnerability

Google Closure Library1 vulnerability

Google Cloud Firestore1 vulnerability

Google Cloud Iot Device Sdk Embedded C1 vulnerability

Google Cloud Messaging Notification1 vulnerability

Google Critters1 vulnerability

Google Kctf1 vulnerability

Google Data Transfer Project1 vulnerability

Google Espv21 vulnerability

Google Exposure Notification Verification Server1 vulnerability

Google Exposure Notifications1 vulnerability

Google Exposure Notifications Verification Server1 vulnerability

Google Extensible Service Proxy1 vulnerability

Google Firebase Php Jwt1 vulnerability

Google Firebaseutil1 vulnerability

Google Go Attestation1 vulnerability

Google Cloud Platform Service Broker1 vulnerability

Google Search1 vulnerability

Googleapple Exposure Notifications1 vulnerability

Recent Google Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop October 15, 2024
2024-10-01 Android Security Bulletin October 2024 October 1, 2024
Pixel Update Bulletin—September 2024 | Android Open Source Project September 13, 2024
2024-09-01 Android Security Bulletin—September 2024 September 1, 2024
Chrome Releases: Stable Channel Update for Desktop August 21, 2024
Pixel Update Bulletin—August 2024 | Android Open Source Project August 19, 2024
Android Security Bulletin—August 2024 | Android Open Source Project August 15, 2024
Chrome Releases: Stable Channel Update for Desktop August 1, 2024
2024-08-01 Android Security Bulletin—August 2024 August 1, 2024
Chrome Releases: Stable Channel Update for Desktop July 16, 2024

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Chromium V8 Inappropriate Implementation Vulnerability Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7965 August 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7971 August 26, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-5274 May 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2024-4947 May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4761 May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4671 May 13, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2023-4762 February 6, 2024
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time. CVE-2024-0519 January 17, 2024
Google Skia Integer Overflow Vulnerability Google Skia contains an integer overflow vulnerability affecting Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2023-6345 November 30, 2023
Google Chrome libvpx Heap Buffer Overflow Vulnerability Google Chrome libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-5217 October 2, 2023
Google Chromium Heap-Based Buffer Overflow Vulnerability Google Chromium contains a heap-based buffer overflow vulnerability in WebP that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. CVE-2023-4863 September 13, 2023
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-3079 June 7, 2023
Google Chrome Skia Integer Overflow Vulnerability Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 April 21, 2023
Google Chromium V8 Engine Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2023-2033 April 17, 2023
Google Chrome Use-After-Free Vulnerability Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 March 30, 2023
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-4262 December 5, 2022
Google Chrome Heap Buffer Overflow Vulnerability Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 November 28, 2022
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-3723 October 28, 2022
Google Chromium Insufficient Data Validation Vulnerability Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. CVE-2022-3075 September 8, 2022
Google Chrome Intents Insufficient Input Validation Vulnerability Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 August 18, 2022

By the Year

In 2024 there have been 578 vulnerabilities in Google with an average score of 7.4 out of ten. Last year Google had 1000 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.41.

Year Vulnerabilities Average Score
2024 578 7.38
2023 1000 6.97
2022 1386 6.89
2021 1124 7.02
2020 987 7.10
2019 809 7.11
2018 419 7.41

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

Use after free in AI in Google Chrome prior to 130.0.6723.58

CVE-2024-9954 8.8 - High - October 15, 2024

Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58

CVE-2024-9955 - October 15, 2024

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58

CVE-2024-9956 - October 15, 2024

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58

CVE-2024-9957 - October 15, 2024

Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58

CVE-2024-9958 4.3 - Medium - October 15, 2024

Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Use after free in DevTools in Google Chrome prior to 130.0.6723.58

CVE-2024-9959 - October 15, 2024

Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58

CVE-2024-9966 5.3 - Medium - October 15, 2024

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58

CVE-2024-9965 8.8 - High - October 15, 2024

Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Use after free in Dawn in Google Chrome prior to 130.0.6723.58

CVE-2024-9960 - October 15, 2024

Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58

CVE-2024-9961 - October 15, 2024

Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58

CVE-2024-9964 4.3 - Medium - October 15, 2024

Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58

CVE-2024-9963 4.3 - Medium - October 15, 2024

Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58

CVE-2024-9962 4.3 - Medium - October 15, 2024

Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126

CVE-2024-9859 - October 11, 2024

Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

In linkturbonative service, there is a possible command injection due to improper input validation

CVE-2024-39436 6.7 - Medium - October 09, 2024

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Command Injection

In linkturbonative service, there is a possible command injection due to improper input validation

CVE-2024-39437 6.7 - Medium - October 09, 2024

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Command Injection

In linkturbonative service, there is a possible command injection due to improper input validation

CVE-2024-39438 6.7 - Medium - October 09, 2024

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Command Injection

In DRM service, there is a possible out of bounds write due to a missing bounds check

CVE-2024-39439 4.4 - Medium - October 09, 2024

In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Memory Corruption

In DRM service, there is a possible system crash due to null pointer dereference

CVE-2024-39440 4.4 - Medium - October 09, 2024

In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.

NULL Pointer Dereference

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100

CVE-2024-9603 - October 08, 2024

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100

CVE-2024-9602 - October 08, 2024

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

CVE-2024-33049 7.5 - High - October 07, 2024

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Out-of-bounds Read

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

CVE-2024-33069 7.5 - High - October 07, 2024

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

Dangling pointer

Memory corruption while processing user packets to generate page faults.

CVE-2024-38399 7.8 - High - October 07, 2024

Memory corruption while processing user packets to generate page faults.

Dangling pointer

Memory corruption when invalid length is provided

CVE-2024-23369 7.8 - High - October 07, 2024

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Buffer Overflow

In Modem, there is a possible system crash due to a missing bounds check

CVE-2024-20094 - October 07, 2024

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.

In vdec, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20093 4.4 - Medium - October 07, 2024

In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699.

Out-of-bounds Read

In vdec, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20091 4.4 - Medium - October 07, 2024

In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701.

Out-of-bounds Read

In vdec, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20092 - October 07, 2024

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.

In vdec, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20090 - October 07, 2024

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.

In wlan firmware, there is a possible out of bounds write due to improper input validation

CVE-2024-20103 - October 07, 2024

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

In wlan driver, there is a possible out of bounds write due to improper input validation

CVE-2024-20101 - October 07, 2024

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

In wlan driver, there is a possible out of bounds write due to improper input validation

CVE-2024-20100 - October 07, 2024

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

In wlan driver, there is a possible out of bounds read due to improper input validation

CVE-2024-20102 4.9 - Medium - October 07, 2024

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.

Out-of-bounds Read

In vdec, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20097 4.4 - Medium - October 07, 2024

In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.

Out-of-bounds Read

In m4u, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20096 4.4 - Medium - October 07, 2024

In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.

Out-of-bounds Read

In m4u, there is a possible out of bounds read due to a missing bounds check

CVE-2024-20095 4.4 - Medium - October 07, 2024

In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.

Out-of-bounds Read

In drm service, there is a possible out of bounds write due to a missing bounds check

CVE-2024-39433 4.4 - Medium - September 27, 2024

In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Memory Corruption

In drm service, there is a possible out of bounds read due to a missing bounds check

CVE-2024-39434 4.4 - Medium - September 27, 2024

In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Out-of-bounds Read

In Logmanager service, there is a possible missing verification incorrect input

CVE-2024-39435 7.8 - High - September 27, 2024

In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check

CVE-2024-39431 4.5 - Medium - September 27, 2024

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

Memory Corruption

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check

CVE-2024-39432 4.5 - Medium - September 27, 2024

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

Memory Corruption

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70

CVE-2024-9120 - September 25, 2024

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70

CVE-2024-9121 - September 25, 2024

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 129.0.6668.70

CVE-2024-9122 - September 25, 2024

Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70

CVE-2024-9123 - September 25, 2024

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54

CVE-2024-7024 - September 23, 2024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0

CVE-2024-7023 - September 23, 2024

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105

CVE-2023-7281 - September 23, 2024

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Extensions in Google Chrome prior to 92.0.4515.107

CVE-2021-38023 - September 23, 2024

Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75

CVE-2018-20072 7.8 - High - September 23, 2024

Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63

CVE-2023-7282 - September 23, 2024

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78

CVE-2024-7018 - September 23, 2024

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60

CVE-2024-7019 - September 23, 2024

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60

CVE-2024-7020 - September 23, 2024

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58

CVE-2024-7022 - September 23, 2024

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58

CVE-2024-8909 4.3 - Medium - September 17, 2024

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58

CVE-2024-8908 4.3 - Medium - September 17, 2024

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58

CVE-2024-8907 6.1 - Medium - September 17, 2024

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

XSS

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58

CVE-2024-8906 4.3 - Medium - September 17, 2024

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58

CVE-2024-8905 - September 17, 2024

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58

CVE-2024-8904 - September 17, 2024

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

there is a possible escalation of privilege due to an unusual root cause

CVE-2024-29779 7.8 - High - September 13, 2024

there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build

CVE-2024-44092 7.8 - High - September 13, 2024

In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

there is a possible arbitrary read due to an insecure default value

CVE-2024-44096 4.4 - Medium - September 13, 2024

there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Insecure Default Initialization of Resource

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code

CVE-2024-44095 7.8 - High - September 13, 2024

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation

CVE-2024-44094 7.8 - High - September 13, 2024

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code

CVE-2024-44093 7.8 - High - September 13, 2024

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137

CVE-2024-8639 8.8 - High - September 11, 2024

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137

CVE-2024-8638 8.8 - High - September 11, 2024

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137

CVE-2024-8637 8.8 - High - September 11, 2024

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137

CVE-2024-8636 8.8 - High - September 11, 2024

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

In bindAndGetCallIdentification of CallScreeningServiceHelper.java

CVE-2024-40655 - September 11, 2024

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-40658 - September 11, 2024

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation

CVE-2024-40662 - September 11, 2024

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state

CVE-2024-40650 - September 11, 2024

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onCreate of SettingsHomepageActivity.java

CVE-2024-40652 - September 11, 2024

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In addPreferencesForType of AccountTypePreferenceLoader.java

CVE-2024-40657 - September 11, 2024

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In handleCreateConferenceComplete of ConnectionServiceWrapper.java

CVE-2024-40656 - September 11, 2024

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

In getRegistration of RemoteProvisioningService.java

CVE-2024-40659 - September 11, 2024

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition

CVE-2024-23716 - September 11, 2024

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation

CVE-2024-31336 - September 11, 2024

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2024-40654 - September 11, 2024

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119

CVE-2024-7970 - September 03, 2024

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in WebAudio in Google Chrome prior to 128.0.6613.119

CVE-2024-8362 - September 03, 2024

Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

CVE-2024-3655 - September 03, 2024

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2024-33043 5.5 - Medium - September 02, 2024

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption while releasing shared resources in MinkSocket listener thread.

CVE-2024-23365 8.4 - High - September 02, 2024

Memory corruption while releasing shared resources in MinkSocket listener thread.

memory corruption when an invalid firehose patch command is invoked.

CVE-2024-33016 6.8 - Medium - September 02, 2024

memory corruption when an invalid firehose patch command is invoked.

Transient DOS while processing TIM IE

CVE-2024-33051 7.5 - High - September 02, 2024

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Out-of-bounds Read

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame

CVE-2024-23364 7.5 - High - September 02, 2024

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

Cryptographic issue while parsing RSA keys in COBR format.

CVE-2024-23362 7.1 - High - September 02, 2024

Cryptographic issue while parsing RSA keys in COBR format.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received

CVE-2024-23359 8.2 - High - September 02, 2024

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

CVE-2024-23358 7.5 - High - September 02, 2024

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Memory corruption when two threads try to map and unmap a single node simultaneously.

CVE-2024-33060 7.8 - High - September 02, 2024

Memory corruption when two threads try to map and unmap a single node simultaneously.

Dangling pointer

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-33057 7.5 - High - September 02, 2024

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

Out-of-bounds Read

Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-33052 7.8 - High - September 02, 2024

Memory corruption when user provides data for FM HCI command control operations.

Memory Corruption

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

CVE-2024-33035 8.4 - High - September 02, 2024

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-33050 7.5 - High - September 02, 2024

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Out-of-bounds Read

Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-33042 7.8 - High - September 02, 2024

Memory corruption when Alternative Frequency offset value is set to 255.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.