Total
9115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12908 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-12729 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 4.2 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2026-06-17 | N/A | 4.2 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-12725 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2026-06-17 | N/A | 8.8 HIGH |
| Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-12447 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 4.2 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-12435 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-11720 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 8.1 HIGH |
| The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144. | |||||
| CVE-2025-11718 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144. | |||||
| CVE-2025-11717 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 9.1 CRITICAL |
| When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144. | |||||
| CVE-2025-11716 | 2 Google, Mozilla | 3 Android, Firefox, Thunderbird | 2026-06-17 | N/A | 6.5 MEDIUM |
| Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144. | |||||
| CVE-2025-11213 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-11209 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 8.2 HIGH |
| Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-11133 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-11132 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-11131 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-10201 | 2 Google, Linux | 4 Android, Chrome, Chrome Os and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2026-06-17 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-0246 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134. | |||||
| CVE-2025-0093 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.5 HIGH |
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-0092 | 1 Google | 1 Android | 2026-06-17 | N/A | 6.5 MEDIUM |
| In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||