Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2016-6764 | Resource Management Errors vulnerability in Google Android A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2017-01-12 | CVE-2016-6763 | Improper Access Control vulnerability in Google Android A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. | 5.5 |
| 2017-01-12 | CVE-2016-6762 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |
| 2016-12-23 | CVE-2016-6910 | Information Exposure vulnerability in Google Android 5.0.2/5.1.1/6.0.1 The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. | 5.5 |
| 2016-12-18 | CVE-2016-5193 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | 4.3 |
| 2016-12-18 | CVE-2016-5192 | Improper Access Control vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | 6.5 |
| 2016-12-18 | CVE-2016-5191 | Cross-site Scripting vulnerability in Google Chrome Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL. | 6.1 |
| 2016-12-18 | CVE-2016-5190 | Use After Free vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | 6.3 |
| 2016-12-18 | CVE-2016-5189 | Improper Access Control vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
| 2016-12-18 | CVE-2016-5188 | Improper Input Validation vulnerability in Google Chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | 4.3 |