Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2023-0471 Use After Free vulnerability in Google Chrome
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-416
8.8
2023-01-30 CVE-2023-0472 Use After Free vulnerability in Google Chrome
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-416
8.8
2023-01-30 CVE-2023-0473 Type Confusion vulnerability in Google Chrome
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
2023-01-30 CVE-2023-0474 Use After Free vulnerability in Google Chrome
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app.
network
low complexity
google CWE-416
8.8
2023-01-26 CVE-2023-20904 Unspecified vulnerability in Google Android 12.1/13.0
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code.
local
low complexity
google
7.8
2023-01-26 CVE-2023-20905 Out-of-bounds Write vulnerability in Google Android 10.0
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google CWE-787
7.8
2023-01-26 CVE-2023-20908 Resource Exhaustion vulnerability in Google Android
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion.
local
low complexity
google CWE-400
5.5
2023-01-26 CVE-2023-20912 Missing Authorization vulnerability in Google Android 13.0
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check.
local
low complexity
google CWE-862
7.8
2023-01-26 CVE-2023-20913 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack.
local
low complexity
google CWE-1021
7.8
2023-01-26 CVE-2023-20915 Always-Incorrect Control Flow Implementation vulnerability in Google Android
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code.
local
low complexity
google CWE-670
7.8