Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-9526 | Information Exposure vulnerability in Google Android 9.0 In device configuration data, there is an improperly configured setting. | 7.5 |
| 2018-11-14 | CVE-2018-9525 | Unspecified vulnerability in Google Android 9.0 In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. | 7.8 |
| 2018-11-14 | CVE-2018-9524 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. | 7.8 |
| 2018-11-14 | CVE-2018-9523 | Improper Input Validation vulnerability in Google Android In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. | 7.8 |
| 2018-11-14 | CVE-2018-9522 | Out-of-bounds Write vulnerability in Google Android 9.0 In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. | 7.8 |
| 2018-11-14 | CVE-2018-9521 | Out-of-bounds Write vulnerability in Google Android 9.0 In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. | 8.8 |
| 2018-11-14 | CVE-2018-6083 | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | 8.8 |
| 2018-11-14 | CVE-2018-6074 | Improper Input Validation vulnerability in multiple products Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | 8.8 |
| 2018-11-14 | CVE-2018-6073 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2018-11-14 | CVE-2018-6072 | Use After Free vulnerability in multiple products An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |