Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2021-0376 | Incorrect Authorization vulnerability in Google Android 11.0 In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. | 7.8 |
| 2021-03-10 | CVE-2021-0372 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0 In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. | 7.8 |
| 2021-03-10 | CVE-2021-0369 | Unspecified vulnerability in Google Android 11.0 In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. | 7.8 |
| 2021-03-10 | CVE-2020-0025 | Unspecified vulnerability in Google Android 11.0 In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. | 7.8 |
| 2021-03-09 | CVE-2021-21190 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 8.8 |
| 2021-03-09 | CVE-2021-21188 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21180 | Use After Free vulnerability in multiple products Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21179 | Use After Free vulnerability in multiple products Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21174 | Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21172 | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 8.1 |