Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-7692 Incorrect Authorization vulnerability in Google Oauth Client Library for Java
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps.
network
low complexity
google CWE-863
critical
 9.1
9.1
2020-06-10 CVE-2020-0117 Integer Overflow or Wraparound vulnerability in Google Android
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow.
network
low complexity
google CWE-190
critical
 10.0
10
2020-06-05 CVE-2020-13841 Improper Privilege Management vulnerability in Google Android 10.0/9.0
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets).
network
low complexity
google CWE-269
critical
 10.0
10
2020-06-05 CVE-2020-13839 Classic Buffer Overflow vulnerability in Google Android
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets).
network
low complexity
google CWE-120
critical
 10.0
10
2020-06-03 CVE-2020-6493 Use After Free vulnerability in multiple products
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6466 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6465 Use After Free vulnerability in multiple products
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6462 Use After Free vulnerability in multiple products
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-416
critical
 9.6
9.6