Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2024-1670 Use After Free vulnerability in multiple products
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1673 Use After Free vulnerability in multiple products
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2024-02-21 CVE-2024-1674 Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8
2024-02-21 CVE-2024-1675 Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google fedoraproject
8.8
8.8
2024-02-16 CVE-2024-0018 Out-of-bounds Write vulnerability in Google Android
In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow.
local
low complexity
google CWE-787
7.8
7.8
2024-02-16 CVE-2024-0021 Unspecified vulnerability in Google Android 13.0/14.0
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code.
local
low complexity
google
7.8
7.8
2024-02-16 CVE-2024-0023 Out-of-bounds Write vulnerability in Google Android
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check.
local
low complexity
google CWE-787
7.8
7.8
2024-02-16 CVE-2023-21165 Use After Free vulnerability in Google Android
In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free.
local
low complexity
google CWE-416
7.8
7.8
2024-02-16 CVE-2024-0015 Unspecified vulnerability in Google Android
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection.
local
low complexity
google
7.8
7.8
2024-02-16 CVE-2024-0014 Unspecified vulnerability in Google Android
In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error.
local
low complexity
google
7.8
7.8