Vulnerabilities > Google > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-03-12 | CVE-2016-0826 | Permissions, Privileges, and Access Controls vulnerability in Google Android libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. | 7.8 |
2016-03-12 | CVE-2016-0822 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1 The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | 7.0 |
2016-03-12 | CVE-2016-0820 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1 The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | 7.8 |
2016-03-12 | CVE-2016-0819 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | 7.8 |
2016-03-06 | CVE-2016-2844 | Improper Input Validation vulnerability in Google Chrome WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | 8.8 |
2016-03-06 | CVE-2016-1641 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download. | 8.8 |
2016-03-06 | CVE-2016-1634 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. | 8.8 |
2016-03-06 | CVE-2016-1632 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h. | 8.8 |
2016-03-06 | CVE-2016-1631 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 8.8 |
2016-03-06 | CVE-2016-1630 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. | 8.8 |