Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-32313 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-32312 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-31712 2 Google, Unisoc 18 Android, S8000, Sc7731e and 15 more 2026-06-17 N/A 5.1 MEDIUM
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
CVE-2025-31711 2 Google, Unisoc 18 Android, S8000, Sc7731e and 15 more 2026-06-17 N/A 5.1 MEDIUM
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
CVE-2025-31710 2 Google, Unisoc 13 Android, S8000, Sc9863a and 10 more 2026-06-17 N/A 5.9 MEDIUM
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2025-2783 2 Google, Microsoft 2 Chrome, Windows 2026-06-17 N/A 8.3 HIGH
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVE-2025-2713 1 Google 1 Gvisor 2026-06-17 N/A 7.8 HIGH
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
CVE-2025-2509 1 Google 1 Chrome Os 2026-06-17 N/A 7.8 HIGH
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
CVE-2025-2476 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2025-2137 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-2136 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-2135 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-2073 2 Google, Linux 2 Chrome Os, Linux Kernel 2026-06-17 N/A 8.8 HIGH
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
CVE-2025-27701 1 Google 1 Android 2026-06-17 N/A 5.5 MEDIUM
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
CVE-2025-27700 1 Google 1 Android 2026-06-17 N/A 8.4 HIGH
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26464 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26463 1 Google 1 Android 2026-06-17 N/A 5.5 MEDIUM
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26462 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26461 1 Google 1 Android 2026-06-17 N/A 3.3 LOW
In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26458 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.