Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-30556 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-07-02 | CVE-2021-30557 | Use After Free vulnerability in multiple products Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-06-29 | CVE-2021-22545 | Use After Free vulnerability in Google Bindiff An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. | 7.8 |
| 2021-06-22 | CVE-2021-0536 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. | 7.8 |
| 2021-06-22 | CVE-2021-0537 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. | 7.3 |
| 2021-06-22 | CVE-2021-0538 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0 In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. | 7.3 |
| 2021-06-22 | CVE-2021-0539 | Missing Authorization vulnerability in Google Android 11.0 In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. | 7.8 |
| 2021-06-22 | CVE-2021-0547 | Missing Authorization vulnerability in Google Android 11.0 In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. | 7.8 |
| 2021-06-22 | CVE-2021-0548 | Out-of-bounds Write vulnerability in Google Android 11.0 In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 |
| 2021-06-22 | CVE-2021-0550 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 11.0 In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. | 7.8 |