Google Google Software and search

Do you want an email whenever new security vulnerabilities are reported in any Google product?

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android2106 vulnerabilities
Mobile operating system

Google Chrome1232 vulnerabilities
Web browser

Google Tensorflow243 vulnerabilities
Open source machine learning / AI library

Google Chrome Os23 vulnerabilities

Google Asylo14 vulnerabilities

Google Gvisor3 vulnerabilities

Google Gerrit3 vulnerabilities

Google Monorail3 vulnerabilities

Google Guava2 vulnerabilities

Google Kubernetes Engine2 vulnerabilities

Google Earth2 vulnerabilities

Google Slashify1 vulnerability

Google Skia1 vulnerability

Google Santa1 vulnerability

Google Slo Generator1 vulnerability

Google Protobuf Kotlin1 vulnerability

Google Protobuf Java1 vulnerability

Google Protobuf1 vulnerability

Google Openthread1 vulnerability

Google Snappy1 vulnerability

Google Tink1 vulnerability

Google Titan Security Key1 vulnerability

Google Toolbar1 vulnerability

Google Voice Builder1 vulnerability

Google Android Api1 vulnerability

Google Angle1 vulnerability

Google Api C Client1 vulnerability

Google Bazel1 vulnerability

Google Bindiff1 vulnerability

Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Google Cardboard1 vulnerability

Google Chrome Launcher1 vulnerability

Google Closure Library1 vulnerability

Google Firebaseutil1 vulnerability

Google Fscrypt1 vulnerability

Google Protobuf1 vulnerability

Recent Google Security Advisories

Advisory Title Published
Android Security Bulletin—January 2022 | Android Open Source Project January 14, 2022
Pixel Update Bulletin—January 2022 | Android Open Source Project January 14, 2022
Android Automotive OS Update Bulletin—January 2022 | Android Open Source Project January 14, 2022
Chrome Releases: Stable Channel Update for Desktop December 23, 2021
Chrome Releases: Stable Channel Update for Desktop December 23, 2021
Pixel Update Bulletin—December 2021 | Android Open Source Project December 15, 2021
Pixel Update Bulletin—November 2021 | Android Open Source Project December 15, 2021
Android Automotive OS Update Bulletin—December 2021 | Android Open Source Project December 15, 2021
Android Security Bulletin—November 2021 | Android Open Source Project December 15, 2021
Android Security Bulletin—December 2021 | Android Open Source Project December 15, 2021

@google Tweets

We do, in fact, talk about Bruno: https://t.co/TxqSshefC4 https://t.co/sR80yaDugL
Fri Jan 21 18:14:52 +0000 2022

By the Year

In 2022 there have been 37 vulnerabilities in Google with an average score of 6.6 out of ten. Last year Google had 1123 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.46

Year Vulnerabilities Average Score
2022 37 6.56
2021 1123 7.02
2020 980 7.09
2019 808 7.11
2018 418 7.40

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays

CVE-2021-39630 7.8 - High - January 14, 2022

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292

Improper Privilege Management

In fs/eventpoll.c, there is a possible use after free

CVE-2021-39634 7.8 - High - January 14, 2022

In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel

Dangling pointer

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java

CVE-2021-39659 5.5 - Medium - January 14, 2022

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659

Improper Handling of Exceptional Conditions

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack

CVE-2021-1036 7.8 - High - January 14, 2022

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182812255

Clickjacking

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app

CVE-2021-1037 5.3 - Medium - January 14, 2022

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906

Exposure of Resource to Wrong Sphere

Hacker one bug ID: 1343975Product: AndroidVersions: Android So

CVE-2021-1049 9.8 - Critical - January 14, 2022

Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent

CVE-2021-39621 7.8 - High - January 14, 2022

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319

Improper Privilege Management

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy

CVE-2021-39626 7.8 - High - January 14, 2022

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497

Externally Controlled Reference to a Resource in Another Sphere

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent

CVE-2021-39627 7.8 - High - January 14, 2022

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549

Improper Privilege Management

In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>

CVE-2021-39678 7.8 - High - January 14, 2022

In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A

Improper Privilege Management

In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition

CVE-2021-39679 7 - High - January 14, 2022

In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A

Race Condition

In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39682 7.8 - High - January 14, 2022

In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A

Memory Corruption

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access

CVE-2021-39633 5.5 - Medium - January 14, 2022

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel

Exposure of Resource to Wrong Sphere

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free

CVE-2021-39681 7.8 - High - January 14, 2022

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A

Dangling pointer

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39632 7.8 - High - January 14, 2022

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709

Memory Corruption

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data

CVE-2021-39680 4.4 - Medium - January 14, 2022

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A

Use of Uninitialized Resource

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-39683 6.7 - Medium - January 14, 2022

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A

Memory Corruption

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code

CVE-2021-39684 7.8 - High - January 14, 2022

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A

Improper Privilege Management

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition

CVE-2021-39629 7 - High - January 14, 2022

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344

Race Condition

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code

CVE-2021-0959 7.8 - High - January 14, 2022

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993

Improper Privilege Management

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java

CVE-2021-1035 7.8 - High - January 14, 2022

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284

Externally Controlled Reference to a Resource in Another Sphere

In multiple methods of EuiccNotificationManager.java

CVE-2021-39618 7.8 - High - January 14, 2022

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999

Improper Privilege Management

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2021-39620 7.8 - High - January 14, 2022

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542

Dangling pointer

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check

CVE-2021-39622 7.8 - High - January 14, 2022

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648

Improper Preservation of Permissions

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39623 9.8 - Critical - January 14, 2022

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348

Improper Privilege Management

In showCarrierAppInstallationNotification of EuiccNotificationManager.java

CVE-2021-39625 7.3 - High - January 14, 2022

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347

Improper Privilege Management

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code

CVE-2021-39628 3.3 - Low - January 14, 2022

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031

Exposure of Resource to Wrong Sphere

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1

CVE-2022-22269 3.3 - Low - January 10, 2022

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

Files or Directories Accessible to External Parties

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1

CVE-2022-22271 5.5 - Medium - January 10, 2022

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

Improper Input Validation

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1

CVE-2022-22272 3.3 - Low - January 10, 2022

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

AuthZ

Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1

CVE-2022-22268 6.1 - Medium - January 10, 2022

Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.

Files or Directories Accessible to External Parties

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1

CVE-2022-22263 5.5 - Medium - January 10, 2022

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.

Improper Privilege Management

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1

CVE-2022-22264 7.1 - High - January 10, 2022

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

Improper Input Validation

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1

CVE-2022-22266 3.3 - Low - January 10, 2022

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

Improper Privilege Management

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1

CVE-2022-22267 3.3 - Low - January 10, 2022

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.

Files or Directories Accessible to External Parties

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1

CVE-2022-22270 3.3 - Low - January 10, 2022

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

Files or Directories Accessible to External Parties

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way

CVE-2021-22569 5.5 - Medium - January 10, 2022

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93

CVE-2021-4067 8.8 - High - December 23, 2021

Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93

CVE-2021-4079 8.8 - High - December 23, 2021

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 96.0.4664.93

CVE-2021-4078 8.8 - High - December 23, 2021

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93

CVE-2021-4068 6.5 - Medium - December 23, 2021

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93

CVE-2021-4066 8.8 - High - December 23, 2021

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Integer underflow

Use after free in autofill in Google Chrome prior to 96.0.4664.93

CVE-2021-4065 8.8 - High - December 23, 2021

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93

CVE-2021-4064 8.8 - High - December 23, 2021

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in developer tools in Google Chrome prior to 96.0.4664.93

CVE-2021-4063 8.8 - High - December 23, 2021

Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93

CVE-2021-4062 8.8 - High - December 23, 2021

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 96.0.4664.93

CVE-2021-4061 8.8 - High - December 23, 2021

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93

CVE-2021-4059 6.5 - Medium - December 23, 2021

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93

CVE-2021-4058 8.8 - High - December 23, 2021

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in file API in Google Chrome prior to 96.0.4664.93

CVE-2021-4057 8.8 - High - December 23, 2021

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in loader in Google Chrome prior to 96.0.4664.93

CVE-2021-4056 8.8 - High - December 23, 2021

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93

CVE-2021-4055 8.8 - High - December 23, 2021

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Memory Corruption

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93

CVE-2021-4054 6.5 - Medium - December 23, 2021

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93

CVE-2021-4053 8.8 - High - December 23, 2021

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in web apps in Google Chrome prior to 96.0.4664.93

CVE-2021-4052 8.8 - High - December 23, 2021

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45

CVE-2021-38021 6.5 - Medium - December 23, 2021

Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45

CVE-2021-38019 6.5 - Medium - December 23, 2021

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

AuthZ

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45

CVE-2021-38018 6.5 - Medium - December 23, 2021

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45

CVE-2021-38017 8.8 - High - December 23, 2021

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

AuthZ

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45

CVE-2021-38016 8.8 - High - December 23, 2021

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

AuthZ

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45

CVE-2021-38015 8.8 - High - December 23, 2021

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Improper Input Validation

Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45

CVE-2021-38014 8.8 - High - December 23, 2021

Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45

CVE-2021-38013 8.8 - High - December 23, 2021

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 96.0.4664.45

CVE-2021-38012 8.8 - High - December 23, 2021

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45

CVE-2021-38011 8.8 - High - December 23, 2021

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45

CVE-2021-38010 6.5 - Medium - December 23, 2021

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45

CVE-2021-38009 6.5 - Medium - December 23, 2021

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in media in Google Chrome prior to 96.0.4664.45

CVE-2021-38008 8.8 - High - December 23, 2021

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45

CVE-2021-38022 6.5 - Medium - December 23, 2021

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 96.0.4664.45

CVE-2021-38007 8.8 - High - December 23, 2021

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45

CVE-2021-38006 8.8 - High - December 23, 2021

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in loader in Google Chrome prior to 96.0.4664.45

CVE-2021-38005 8.8 - High - December 23, 2021

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity

CVE-2021-0973 5 - Medium - December 15, 2021

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178

Improper Handling of Case Sensitivity

In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0998 5.5 - Medium - December 15, 2021

In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575

Out-of-bounds Read

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0971 6.5 - Medium - December 15, 2021

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559

Memory Corruption

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch

CVE-2021-0970 7.8 - High - December 15, 2021

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023

Marshaling, Unmarshaling

In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check

CVE-2021-0969 6.5 - Medium - December 15, 2021

In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685

Improper Handling of Exceptional Conditions

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow

CVE-2021-0968 8.8 - High - December 15, 2021

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577

Integer Overflow or Wraparound

In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0967 8.8 - High - December 15, 2021

In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614

Memory Corruption

In code generated by BuildParcelFields of generate_cpp.cpp

CVE-2021-0966 5.5 - Medium - December 15, 2021

In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478

Exposure of Resource to Wrong Sphere

In AndroidManifest.xml of Settings

CVE-2021-0965 8.8 - High - December 15, 2021

In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867

Improper Preservation of Permissions

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java

CVE-2021-0933 8 - High - December 15, 2021

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622

Improper Input Validation

In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent

CVE-2021-0932 7.8 - High - December 15, 2021

In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering

CVE-2021-0931 5.5 - Medium - December 15, 2021

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689

Incorrect Permission Assignment for Critical Resource

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0930 8.8 - High - December 15, 2021

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091

Memory Corruption

In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free

CVE-2021-0929 7.8 - High - December 15, 2021

In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel

Dangling pointer

In createFromParcel of OutputConfiguration.java

CVE-2021-0928 7.8 - High - December 15, 2021

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581

Marshaling, Unmarshaling

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code

CVE-2021-0927 7.8 - High - December 15, 2021

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175

Improper Preservation of Permissions

In onCreate of NfcImportVCardActivity.java

CVE-2021-0926 7.8 - High - December 15, 2021

In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931

AuthZ

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-1029 7.8 - High - December 15, 2021

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677

Memory Corruption

In adjustStreamVolume of AudioService.java

CVE-2021-1018 3.3 - Low - December 15, 2021

In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891

Side Channel Attack

In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog

CVE-2021-1019 7.3 - High - December 15, 2021

In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031401

Improper Privilege Management

In snoozeNotification of NotificationListenerService.java

CVE-2021-1020 7.3 - High - December 15, 2021

In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725

Improper Input Validation

In snoozeNotificationInt of NotificationManagerService.java

CVE-2021-1021 7.3 - High - December 15, 2021

In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703

Improper Input Validation

In startRanging of RttServiceImpl.java

CVE-2021-1026 5.5 - Medium - December 15, 2021

In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194798757

Side Channel Attack

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting

CVE-2021-1027 7.8 - High - December 15, 2021

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243

Improper Privilege Management

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-1028 7.8 - High - December 15, 2021

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683

Memory Corruption

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check

CVE-2021-0923 7.8 - High - December 15, 2021

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390

AuthZ

Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A

CVE-2021-39646 7.5 - High - December 15, 2021

Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A

Exposure of Resource to Wrong Sphere

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A

CVE-2021-39645 9.8 - Critical - December 15, 2021

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.