Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-02-07 CVE-2016-0801 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
network
low complexity
apple google CWE-20
critical
9.8
2016-01-25 CVE-2016-2051 Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google redhat
critical
9.8
2016-01-06 CVE-2015-6642 Permissions, Privileges, and Access Controls vulnerability in Google Android 5.1.0/6.0/6.0.1
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.
network
low complexity
google CWE-264
critical
9.8
2016-01-06 CVE-2015-6636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
network
low complexity
google CWE-119
critical
9.8
2015-12-24 CVE-2015-6792 Unspecified vulnerability in Google Chrome
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
network
low complexity
google
critical
9.8
2015-12-06 CVE-2015-6764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-119
critical
9.8
2015-07-23 CVE-2015-1276 Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
network
low complexity
google debian redhat opensuse
critical
9.8
2014-02-05 CVE-2014-0497 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe google redhat suse opensuse CWE-191
critical
9.8
2012-10-11 CVE-2012-5376 Improper Privilege Management vulnerability in Google Chrome
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
network
low complexity
google CWE-269
critical
9.6
2010-11-06 CVE-2010-4205 Unspecified vulnerability in Google Chrome
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8