Filtered by vendor Google
Subscribe
Total
15289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20638 | 2 Google, Mediatek | 44 Android, Mt6739, Mt6761 and 41 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066. | |||||
| CVE-2025-20636 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431. | |||||
| CVE-2025-20635 | 5 Google, Linuxfoundation, Mediatek and 2 more | 23 Android, Yocto, Mt2737 and 20 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434. | |||||
| CVE-2025-1923 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2025-1922 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-1921 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-1920 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1919 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-1918 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2025-1917 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-1916 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-1915 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-17 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2025-1914 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1704 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 6.5 MEDIUM |
| ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | |||||
| CVE-2025-1568 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 8.8 HIGH |
| Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config. | |||||
| CVE-2025-1566 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 7.5 HIGH |
| DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions. | |||||
| CVE-2025-1426 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1292 | 1 Google | 2 Chrome, Chrome Os | 2026-06-17 | N/A | 6.7 MEDIUM |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||||
| CVE-2025-1290 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2026-06-17 | N/A | 8.1 HIGH |
| A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution. | |||||
| CVE-2025-1122 | 1 Google | 2 Chrome, Chrome Os | 2026-06-17 | N/A | 6.7 MEDIUM |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||||
