Filtered by vendor Google
Subscriptions
Total
13422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20202 | 2 Google, Web Developer For Chrome | 2 Chrome, Web Developer For Chrome | 2025-10-14 | N/A |
| Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to affiliate programs, and attempted to harvest credentials when users logged in. Injected components enumerate common banner sizes for substitution, replace third-party ad calls, and redirect victim traffic to affiliate landing pages. Potential impacts include user-level code execution in the browser context, large-scale ad fraud and traffic hijacking, credential theft, and exposure to additional payloads delivered by the actor. The compromise was reported on by the maintainer of Web Developer for Chrome on August 2, 2017 and remediated in v0.5.0. | ||||
| CVE-2024-20854 | 2 Google, Samsung | 2 Android, Camera | 2025-10-10 | 5.9 Medium |
| Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data. | ||||
| CVE-2025-5009 | 2 Apple, Google | 2 Ios, Gemini | 2025-10-09 | N/A |
| In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet. | ||||
| CVE-2025-56466 | 2 Google, Masterlifecrm | 2 Android, Dietly | 2025-10-06 | 7.5 High |
| Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information. | ||||
| CVE-2025-1122 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-1292 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | 6.7 Medium |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | ||||
| CVE-2025-55556 | 2 Google, Tensorflow | 2 Tensorflow, Tensorflow | 2025-10-03 | 6.5 Medium |
| TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. | ||||
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2025-10-03 | 7.5 High |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | ||||
| CVE-2025-6044 | 1 Google | 1 Chrome Os | 2025-10-03 | 6.1 Medium |
| An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. | ||||
| CVE-2025-2509 | 1 Google | 1 Chrome Os | 2025-10-03 | 7.8 High |
| Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description. | ||||
| CVE-2025-20926 | 2 Google, Samsung | 2 Android, Myfiles | 2025-10-03 | 5.5 Medium |
| Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. | ||||
| CVE-2025-21024 | 2 Google, Samsung | 2 Android, Smart View | 2025-10-02 | 3.3 Low |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | 4 Medium |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2025-20979 | 1 Google | 1 Android | 2025-10-02 | 8.4 High |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | ||||
| CVE-2023-21482 | 2 Google, Samsung | 4 Android, Camera, Mobile and 1 more | 2025-10-01 | 6.1 Medium |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | ||||
| CVE-2025-57197 | 2 Google, Payeer | 2 Android, Payeer App | 2025-09-30 | 6 Medium |
| In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN. | ||||
| CVE-2021-39810 | 1 Google | 1 Android | 2025-09-30 | 7.8 High |
| In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21342 | 1 Google | 1 Android | 2025-09-30 | 7.8 High |
| In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-29 | 7.8 High |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-29 | 9.8 Critical |
| Elevation of Privilege | ||||