Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7841 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2853 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-08-03 | 8.8 High |
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2022-2611 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-08-03 | 4.3 Medium |
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-2623 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-08-03 | 8.8 High |
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | ||||
CVE-2022-2479 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. | ||||
CVE-2022-1802 | 3 Google, Mozilla, Redhat | 7 Android, Firefox, Firefox Esr and 4 more | 2024-08-03 | 8.8 High |
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | ||||
CVE-2022-1636 | 1 Google | 2 Android, Chrome | 2024-08-03 | 8.8 High |
Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2022-1634 | 1 Google | 2 Android, Chrome | 2024-08-03 | 8.8 High |
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. | ||||
CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
CVE-2022-1635 | 1 Google | 2 Android, Chrome | 2024-08-03 | 8.8 High |
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | ||||
CVE-2022-1529 | 3 Google, Mozilla, Redhat | 7 Android, Firefox, Firefox Esr and 4 more | 2024-08-03 | 8.8 High |
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | ||||
CVE-2022-1495 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | ||||
CVE-2022-1307 | 1 Google | 2 Android, Chrome | 2024-08-03 | 4.3 Medium |
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-1129 | 1 Google | 2 Android, Chrome | 2024-08-02 | 6.5 Medium |
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-1130 | 1 Google | 2 Android, Chrome | 2024-08-02 | 8.1 High |
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. | ||||
CVE-2022-0971 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-08-02 | 8.8 High |
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2022-0972 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-08-02 | 8.8 High |
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2022-0804 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-08-02 | 6.5 Medium |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-0802 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-08-02 | 6.5 Medium |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-0455 | 1 Google | 2 Android, Chrome | 2024-08-02 | 6.5 Medium |
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-0300 | 1 Google | 2 Android, Chrome | 2024-08-02 | 8.8 High |
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. |