Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-4357 | Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4358 | Use After Free vulnerability in multiple products Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4362 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4366 | Use After Free vulnerability in multiple products Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4368 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. | 8.8 |
| 2023-08-15 | CVE-2023-4369 | Unspecified vulnerability in Google Chrome Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. | 8.8 |
| 2023-08-14 | CVE-2023-21229 | Unspecified vulnerability in Google Android 11.0/13.0 In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. | 7.8 |
| 2023-08-14 | CVE-2023-21231 | Unspecified vulnerability in Google Android 13.0 In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. | 7.8 |
| 2023-08-14 | CVE-2023-21233 | Use of Uninitialized Resource vulnerability in Google Android 11.0 In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. | 7.5 |
| 2023-08-14 | CVE-2023-21235 | Unspecified vulnerability in Google Android 11.0/13.0 In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. | 7.8 |