Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-12 CVE-2016-0826 Permissions, Privileges, and Access Controls vulnerability in Google Android
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.
local
low complexity
google CWE-264
7.8
2016-03-12 CVE-2016-0822 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.
local
high complexity
google CWE-264
7.0
2016-03-12 CVE-2016-0820 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1
The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.
local
low complexity
google CWE-264
7.8
2016-03-12 CVE-2016-0819 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.
local
low complexity
google CWE-264
7.8
2016-03-06 CVE-2016-2844 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-20
8.8
2016-03-06 CVE-2016-1641 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1634 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1632 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.
network
low complexity
google CWE-264
8.8
2016-03-06 CVE-2016-1631 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-264
8.8
2016-03-06 CVE-2016-1630 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-264
8.8