Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-29 CVE-2021-46743 Type Confusion vulnerability in Google Firebase PHP-Jwt
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring.
network
low complexity
google CWE-843
critical
 9.1
9.1
2022-03-16 CVE-2021-39708 Out-of-bounds Write vulnerability in Google Android 12.0
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check.
network
low complexity
google CWE-787
critical
 9.8
9.8
2022-03-16 CVE-2021-39710 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A
network
low complexity
google
critical
 9.8
9.8
2022-03-16 CVE-2021-39720 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A
network
low complexity
google
critical
 9.8
9.8
2022-03-16 CVE-2021-39723 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A
network
low complexity
google
critical
 9.8
9.8
2022-03-16 CVE-2021-39737 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A
network
low complexity
google
critical
 9.8
9.8
2022-03-10 CVE-2022-25818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 12.0
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
network
low complexity
google CWE-119
critical
 9.8
9.8
2022-02-12 CVE-2022-0290 Use After Free vulnerability in Google Chrome
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-416
critical
 9.6
9.6
2022-02-12 CVE-2022-0097 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
network
low complexity
google fedoraproject
critical
 9.6
9.6
2022-02-11 CVE-2021-39616 Unspecified vulnerability in Google Android
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438
network
low complexity
google
critical
 9.8
9.8