Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-28 | CVE-2023-3598 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-07-25 | CVE-2023-2626 | Improper Authentication vulnerability in Google products There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. | 8.8 |
| 2023-07-14 | CVE-2023-35692 | Unspecified vulnerability in Google Android In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. | 7.8 |
| 2023-07-13 | CVE-2023-21145 | Unspecified vulnerability in Google Android In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. | 7.8 |
| 2023-07-13 | CVE-2023-21241 | Integer Overflow or Wraparound vulnerability in Google Android In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. | 7.8 |
| 2023-07-13 | CVE-2023-21245 | Unspecified vulnerability in Google Android In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. | 7.8 |
| 2023-07-13 | CVE-2023-21247 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 |
| 2023-07-13 | CVE-2023-21248 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 |
| 2023-07-13 | CVE-2023-21251 | Improper Input Validation vulnerability in Google Android In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. | 7.3 |
| 2023-07-13 | CVE-2023-21254 | Unspecified vulnerability in Google Android 13.0 In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. | 7.8 |