Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2021-0455 | Out-of-bounds Write vulnerability in Google Android In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. | 7.2 |
| 2021-03-10 | CVE-2021-0454 | Out-of-bounds Write vulnerability in Google Android In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. | 7.2 |
| 2021-03-10 | CVE-2021-0386 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. | 7.8 |
| 2021-03-10 | CVE-2021-0397 | Double Free vulnerability in Google Android In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. | 7.5 |
| 2021-03-10 | CVE-2021-0396 | Out-of-bounds Write vulnerability in Google Android In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. | 7.5 |
| 2021-03-10 | CVE-2021-0391 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. | 7.8 |
| 2021-03-10 | CVE-2021-0369 | Unspecified vulnerability in Google Android 11.0 In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. | 7.8 |
| 2021-03-09 | CVE-2021-21190 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 8.8 |
| 2021-03-09 | CVE-2021-21188 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21180 | Use After Free vulnerability in multiple products Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |