Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15355 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-71251 2 Google, Unisoc 17 Android, Sc7731e, Sc9832e and 14 more 2026-06-17 N/A 7.5 HIGH
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-6558 5 Apple, Debian, Google and 2 more 10 Ipados, Iphone Os, Macos and 7 more 2026-06-17 N/A 8.8 HIGH
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6557 2 Google, Microsoft 2 Chrome, Windows 2026-06-17 N/A 5.4 MEDIUM
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-6556 1 Google 1 Chrome 2026-06-17 N/A 5.4 MEDIUM
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-6555 1 Google 1 Chrome 2026-06-17 N/A 5.4 MEDIUM
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-6554 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-17 N/A 8.1 HIGH
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6431 2 Google, Mozilla 2 Android, Firefox 2026-06-17 N/A 6.5 MEDIUM
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.
CVE-2025-6428 2 Google, Mozilla 2 Android, Firefox 2026-06-17 N/A 4.3 MEDIUM
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.
CVE-2025-6192 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6191 1 Google 1 Chrome 2026-06-17 N/A 8.8 HIGH
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6179 1 Google 1 Chrome Os 2026-06-17 N/A 9.8 CRITICAL
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
CVE-2025-6177 1 Google 1 Chrome Os 2026-06-17 N/A 7.4 HIGH
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
CVE-2025-6044 1 Google 1 Chrome Os 2026-06-17 N/A 6.1 MEDIUM
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
CVE-2025-69279 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-69278 2 Google, Unisoc 6 Android, T7300, T8100 and 3 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-65835 2 Eddyverbruggen, Google 2 Cordova Social Sharing, Android 2026-06-17 N/A 6.2 MEDIUM
The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin.
CVE-2025-61619 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61618 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61617 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61616 2 Google, Unisoc 5 Android, T8100, T8200 and 2 more 2026-06-17 N/A 7.5 HIGH
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.