Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-14 CVE-2023-20965 Insufficiently Protected Credentials vulnerability in Google Android 13.0
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code.
network
low complexity
google CWE-522
critical
9.8
2023-08-14 CVE-2023-21242 Unspecified vulnerability in Google Android 13.0
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code.
network
low complexity
google
critical
9.8
2023-07-29 CVE-2022-4920 Out-of-bounds Write vulnerability in Google Chrome
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-787
critical
9.6
2023-07-29 CVE-2022-4924 Use After Free vulnerability in Google Chrome
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-416
critical
9.6
2023-07-13 CVE-2023-20918 Unspecified vulnerability in Google Android
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed.
network
low complexity
google
critical
9.8
2023-07-13 CVE-2023-21250 Out-of-bounds Write vulnerability in Google Android
In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
9.8
2023-06-28 CVE-2023-21066 Out-of-bounds Write vulnerability in Google Android
In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow.
network
low complexity
google CWE-787
critical
9.8
2023-06-15 CVE-2021-0701 Unspecified vulnerability in Google Android
In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access.
network
low complexity
google
critical
9.8
2023-06-15 CVE-2021-0945 Unspecified vulnerability in Google Android
In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR.
network
low complexity
google
critical
9.8
2023-06-15 CVE-2023-21130 Out-of-bounds Read vulnerability in Google Android 13.0
In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow.
network
low complexity
google CWE-125
critical
9.8