Filtered by vendor Google
Subscribe
Total
15355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5063 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-59489 | 5 Apple, Google, Linux and 2 more | 5 Macos, Android, Linux Kernel and 2 more | 2026-06-17 | N/A | 7.4 HIGH |
| Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications. | |||||
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | |||||
| CVE-2025-55556 | 1 Google | 1 Tensorflow | 2026-06-17 | N/A | 6.5 MEDIUM |
| TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. | |||||
| CVE-2025-4664 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-4613 | 2 Google, Microsoft | 2 Web Designer, Windows | 2026-06-17 | N/A | 8.8 HIGH |
| Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | |||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-17 | N/A | 9.6 CRITICAL |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
| CVE-2025-4600 | 1 Google | 1 Application Load Balancer | 2026-06-17 | N/A | 7.5 HIGH |
| A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. | |||||
| CVE-2025-4565 | 1 Google | 1 Protobuf-python | 2026-06-17 | N/A | 5.3 MEDIUM |
| Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901 | |||||
| CVE-2025-4372 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-4096 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-4052 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 9.8 CRITICAL |
| Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-4051 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 6.3 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-4050 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-48654 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48653 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48652 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48651 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48650 | 1 Google | 1 Android | 2026-06-17 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48649 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
