Google Software and search

Advisory	Title	Published
	Chrome Releases: Stable Channel Update for Desktop	July 16, 2024
2024-07-01	Android Security Bulletin—July 2024	July 1, 2024
	Pixel Update Bulletin—June 2024 \| Android Open Source Project	June 13, 2024
2024-06-01	Android Security Bulletin—June 2024	June 1, 2024
	Chrome Releases: Stable Channel Update for Desktop	May 28, 2024
	Chrome Releases: Stable Channel Update for Desktop	May 15, 2024
2024-05-15	Android Security Bulletin—May 2024	May 15, 2024
	Chrome Releases: Stable Channel Update for Desktop	May 14, 2024
	Chrome Releases: Stable Channel Update for Desktop	May 14, 2024
	Chrome Releases: Stable Channel Update for Desktop	May 1, 2024

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-5274	May 28, 2024
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2024-4947	May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability	Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4761	May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability	Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4671	May 13, 2024
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2023-4762	February 6, 2024
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability	Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time. CVE-2024-0519	January 17, 2024
Google Skia Integer Overflow Vulnerability	Google Skia contains an integer overflow vulnerability affecting Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2023-6345	November 30, 2023
Google Chrome libvpx Heap Buffer Overflow Vulnerability	Google Chrome libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-5217	October 2, 2023
Google Chromium Heap-Based Buffer Overflow Vulnerability	Google Chromium contains a heap-based buffer overflow vulnerability in WebP that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. CVE-2023-4863	September 13, 2023
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2023-3079	June 7, 2023
Google Chrome Skia Integer Overflow Vulnerability	Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136	April 21, 2023
Google Chromium V8 Engine Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2023-2033	April 17, 2023
Google Chrome Use-After-Free Vulnerability	Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038	March 30, 2023
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-4262	December 5, 2022
Google Chrome Heap Buffer Overflow Vulnerability	Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135	November 28, 2022
Google Chromium V8 Type Confusion Vulnerability	Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. CVE-2022-3723	October 28, 2022
Google Chromium Insufficient Data Validation Vulnerability	Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. CVE-2022-3075	September 8, 2022
Google Chrome Intents Insufficient Input Validation Vulnerability	Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856	August 18, 2022
Google Chromium Security Bypass Vulnerability	Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge. CVE-2021-30533	June 27, 2022
Google Chromium V8 Out-of-Bounds Memory Vulnerability	Google Chromium V8 Engine contains an out-of-bounds memory vulnerability. CVE-2016-5198	June 8, 2022

By the Year

In 2024 there have been 340 vulnerabilities in Google with an average score of 7.7 out of ten. Last year Google had 958 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.72.

Year	Vulnerabilities	Average Score
2024	340	7.69
2023	958	6.96
2022	1385	6.89
2021	1123	7.02
2020	987	7.10
2019	809	7.11
2018	419	7.41

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139

CVE-2024-2884 6.5 - Medium - July 16, 2024

Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Out-of-bounds Read

Use after free in DevTools in Google Chrome prior to 122.0.6261.57

CVE-2024-3168 8.8 - High - July 16, 2024

Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in V8 in Google Chrome prior to 121.0.6167.139

CVE-2024-3169 8.8 - High - July 16, 2024

Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 121.0.6167.85

CVE-2024-3170 8.8 - High - July 16, 2024

Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57

CVE-2024-3171 8.8 - High - July 16, 2024

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85

CVE-2024-3172 8.8 - High - July 16, 2024

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62

CVE-2024-3173 8.8 - High - July 16, 2024

Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Insufficient Verification of Data Authenticity

Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105

CVE-2024-3174 8.8 - High - July 16, 2024

Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62

CVE-2024-3175 6.3 - Medium - July 16, 2024

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62

CVE-2024-3176 8.8 - High - July 16, 2024

Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351

CVE-2024-5500 6.5 - Medium - July 16, 2024

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-34726 - July 09, 2024

In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition

CVE-2024-34725 - July 09, 2024

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition

CVE-2024-34724 - July 09, 2024

In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-31335 - July 09, 2024

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-31334 - July 09, 2024

In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation

CVE-2024-34721 - July 09, 2024

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In smp_proc_rand of smp_act.cc

CVE-2024-34722 - July 09, 2024

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free

CVE-2024-31339 - July 09, 2024

In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check

CVE-2024-31332 - July 09, 2024

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onTransact of ParcelableListBinder.java , there is a possible way to steal m

CVE-2024-34723 - July 09, 2024

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp

CVE-2024-34720 - July 09, 2024

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code

CVE-2024-31331 - July 09, 2024

In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In setSkipPrompt of AssociationRequest.java

CVE-2024-31320 - July 09, 2024

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code

CVE-2024-23711 - July 09, 2024

In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check

CVE-2024-23698 - July 09, 2024

In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2024-23697 - July 09, 2024

In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free

CVE-2024-23696 - July 09, 2024

In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-23695 - July 09, 2024

In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition

CVE-2024-31327 - July 09, 2024

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking

CVE-2024-31323 - July 09, 2024

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of ManagedServices.java

CVE-2024-31315 - July 09, 2024

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-31313 - July 09, 2024

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-31311 - July 09, 2024

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2023-21114 - July 09, 2024

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible permission bypass due to a confused deputy

CVE-2023-21113 - July 09, 2024

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion

CVE-2024-31314 - July 09, 2024

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible information leak due to a missing permission check

CVE-2024-31312 - July 09, 2024

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code

CVE-2024-31326 - July 09, 2024

In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code

CVE-2024-31325 - July 09, 2024

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In hide of WindowState.java

CVE-2024-31324 - July 09, 2024

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden

CVE-2024-31322 - July 09, 2024

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In updateNotificationChannel

CVE-2024-31319 - July 09, 2024

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In CompanionDeviceManagerService.java

CVE-2024-31318 - July 09, 2024

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app

CVE-2024-31317 - July 09, 2024

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

In onResult of AccountManagerService.java

CVE-2024-31316 - July 09, 2024

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In newServiceInfoLocked of AutofillManagerServiceImpl.java

CVE-2024-31310 - July 09, 2024

In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Memory corruption while handling user packets during VBO bind operation.

CVE-2024-23380 7.8 - High - July 01, 2024

Memory corruption while handling user packets during VBO bind operation.

Dangling pointer

Memory corruption when IOMMU unmap operation fails

CVE-2024-23373 7.8 - High - July 01, 2024

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Dangling pointer

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

CVE-2024-23372 7.8 - High - July 01, 2024

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

Integer Overflow or Wraparound

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-23368 7.8 - High - July 01, 2024

Memory corruption when allocating and accessing an entry in an SMEM partition.

Classic Buffer Overflow

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21461 7.8 - High - July 01, 2024

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Double-free

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVE-2024-21460 6.5 - Medium - July 01, 2024

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

Use of Insufficiently Random Values

Transient DOS while loading the TA ELF file.

CVE-2024-21462 5.5 - Medium - July 01, 2024

Transient DOS while loading the TA ELF file.

Out-of-bounds Read

Memory corruption while processing key blob passed by the user.

CVE-2024-21465 7.8 - High - July 01, 2024

Memory corruption while processing key blob passed by the user.

Out-of-bounds Read

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-21469 7.8 - High - July 01, 2024

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory Corruption

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware

CVE-2024-0153 - July 01, 2024

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.

In Modem, there is a possible system crash due to incorrect error handling

CVE-2024-20077 - July 01, 2024

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.

In Modem, there is a possible system crash due to incorrect error handling

CVE-2024-20076 - July 01, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.114

CVE-2024-6103 8.8 - High - June 20, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114

CVE-2024-6102 8.8 - High - June 20, 2024

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114

CVE-2024-6101 8.8 - High - June 20, 2024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page

CVE-2024-6100 8.8 - High - June 20, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32894 7.5 - High - June 13, 2024

In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-32895 7.8 - High - June 13, 2024

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp

CVE-2024-32897 5.9 - Medium - June 13, 2024

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32898 4.7 - Medium - June 13, 2024

In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Out-of-bounds Read

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting

CVE-2024-32893 5.5 - Medium - June 13, 2024

In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion

CVE-2024-32892 7.8 - High - June 13, 2024

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Object Type Confusion

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition

CVE-2024-32891 7 - High - June 13, 2024

In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition

CVE-2024-32899 7 - High - June 13, 2024

In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking

CVE-2024-32900 7.8 - High - June 13, 2024

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-32901 7.8 - High - June 13, 2024

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation

CVE-2024-32903 7.8 - High - June 13, 2024

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2024-32904 4.7 - Medium - June 13, 2024

In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

Out-of-bounds Read

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2024-32905 9.8 - Critical - June 13, 2024

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data

CVE-2024-32906 7.8 - High - June 13, 2024

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation

CVE-2024-32907 7.8 - High - June 13, 2024

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Classic Buffer Overflow

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition

CVE-2024-32908 7.8 - High - June 13, 2024

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Race Condition

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2024-32909 7.8 - High - June 13, 2024

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c

CVE-2024-29780 5.5 - Medium - June 13, 2024

In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp

CVE-2024-29778 4.7 - Medium - June 13, 2024

In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

Out-of-bounds Read

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-32913 9.8 - Critical - June 13, 2024

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

there is a possible persistent Denial of Service due to test/debugging code left in a production build

CVE-2024-32912 5.5 - Medium - June 13, 2024

there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.

There is a possible escalation of privilege due to improperly used crypto

CVE-2024-32911 9.8 - Critical - June 13, 2024

There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of a Broken or Risky Cryptographic Algorithm

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data

CVE-2024-32910 5.5 - Medium - June 13, 2024

In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

Remote prevention of access to cellular service with no user interaction (for example

CVE-2024-32902 7.5 - High - June 13, 2024

Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free

CVE-2024-29787 7.8 - High - June 13, 2024

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Dangling pointer

there is a possible way to bypass due to a logic error in the code

CVE-2024-32896 7.8 - High - June 13, 2024

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check

CVE-2024-29786 9.8 - Critical - June 13, 2024

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Memory Corruption

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data

CVE-2024-29785 5.5 - Medium - June 13, 2024

In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Use of Uninitialized Resource

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow

CVE-2024-29784 7.8 - High - June 13, 2024

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Integer Overflow or Wraparound

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation

CVE-2024-29781 7.5 - High - June 13, 2024

In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Out-of-bounds Read

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54

CVE-2024-5834 8.8 - High - June 11, 2024

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54

CVE-2024-5838 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54

CVE-2024-5837 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54

CVE-2024-5836 8.8 - High - June 11, 2024

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54

CVE-2024-5835 8.8 - High - June 11, 2024

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Dawn in Google Chrome prior to 126.0.6478.54

CVE-2024-5831 8.8 - High - June 11, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54

CVE-2024-5830 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Google Software and search

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android3946 vulnerabilitiesMobile operating system

Google Chrome1862 vulnerabilitiesWeb browser

Google Tensorflow428 vulnerabilitiesOpen source machine learning / AI library

Google Chrome Os25 vulnerabilities

Google Asylo14 vulnerabilities

Google Fuchsia4 vulnerabilities

Google Fscrypt4 vulnerabilities

Google Protobuf Java4 vulnerabilities

Google Gvisor3 vulnerabilities

Google Gerrit3 vulnerabilities

Google Protobuf Javalite3 vulnerabilities

Google Guava3 vulnerabilities

Google Guest Oslogin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Linux And Chrome Os3 vulnerabilities

Google Monorail3 vulnerabilities

Google Protobuf2 vulnerabilities

Google Oauth Client Library For Java2 vulnerabilities

Google Web Stories2 vulnerabilities

Google Bazel2 vulnerabilities

Google Protobuf Kotlin2 vulnerabilities

Google Play Services Software Development Kit2 vulnerabilities

Google Kubernetes Engine2 vulnerabilities

Google Protobuf2 vulnerabilities

Google Earth2 vulnerabilities

Google V82 vulnerabilities

Google Lacros2 vulnerabilities

Google Protobuf Cpp1 vulnerability

Google Perfetto1 vulnerability

Google Puppeteer1 vulnerability

Google Openthread1 vulnerability

Google Protobuf Kotlin Lite1 vulnerability

Google Protobuf Python1 vulnerability

Google Gson1 vulnerability

Google Sa360 Webquery To Bigquery Exporter1 vulnerability

Google Santa1 vulnerability

Google Secret Manager Provider Secret Store Csi Driver1 vulnerability

Google Site Kit1 vulnerability

Google Skia1 vulnerability

Google Slashify1 vulnerability

Google Slo Generator1 vulnerability

Google Snappy1 vulnerability

Google Tink1 vulnerability

Google Titan Security Key1 vulnerability

Google Toolbar1 vulnerability

Google Voice Builder1 vulnerability

Google Youtube Android Player Api1 vulnerability

Google Custom Search Engine1 vulnerability

Google Android Api1 vulnerability

Google Angle1 vulnerability

Google Api C Client1 vulnerability

Google Bindiff1 vulnerability

Google BoringSSL1 vulnerabilityBoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Google Brotli1 vulnerability

Google Cardboard1 vulnerability

Google Chrome Launcher1 vulnerability

Google Closure Library1 vulnerability

Google Cloud Firestore1 vulnerability

Google Cloud Iot Device Sdk Embedded C1 vulnerability

Google Cloud Messaging Notification1 vulnerability

Google Critters1 vulnerability

Google Kctf1 vulnerability

Google Data Transfer Project1 vulnerability

Google Espv21 vulnerability

Google Exposure Notification Verification Server1 vulnerability

Google Exposure Notifications1 vulnerability

Google Exposure Notifications Verification Server1 vulnerability

Google Extensible Service Proxy1 vulnerability

Google Firebase Php Jwt1 vulnerability

Google Firebaseutil1 vulnerability

Google Go Attestation1 vulnerability

Google Cloud Platform Service Broker1 vulnerability

Google Search1 vulnerability

Googleapple Exposure Notifications1 vulnerability

Google Android3946 vulnerabilities
Mobile operating system

Google Chrome1862 vulnerabilities
Web browser

Google Tensorflow428 vulnerabilities
Open source machine learning / AI library

Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.