Filtered by vendor Google
Subscribe
Total
15355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-71251 | 2 Google, Unisoc | 17 Android, Sc7731e, Sc9832e and 14 more | 2026-06-17 | N/A | 7.5 HIGH |
| In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||||
| CVE-2025-6558 | 5 Apple, Debian, Google and 2 more | 10 Ipados, Iphone Os, Macos and 7 more | 2026-06-17 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-17 | N/A | 5.4 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-6554 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-17 | N/A | 8.1 HIGH |
| Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6431 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140. | |||||
| CVE-2025-6428 | 2 Google, Mozilla | 2 Android, Firefox | 2026-06-17 | N/A | 4.3 MEDIUM |
| When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140. | |||||
| CVE-2025-6192 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6191 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6179 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 9.8 CRITICAL |
| Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools. | |||||
| CVE-2025-6177 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 7.4 HIGH |
| Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP). | |||||
| CVE-2025-6044 | 1 Google | 1 Chrome Os | 2026-06-17 | N/A | 6.1 MEDIUM |
| An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. | |||||
| CVE-2025-69279 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||||
| CVE-2025-69278 | 2 Google, Unisoc | 6 Android, T7300, T8100 and 3 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||||
| CVE-2025-65835 | 2 Eddyverbruggen, Google | 2 Cordova Social Sharing, Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin. | |||||
| CVE-2025-61619 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-61618 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-61617 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2025-61616 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||||
