Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-3307 | Race Condition vulnerability in Google Chrome Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-11-01 | CVE-2022-3308 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 7.4 |
| 2022-11-01 | CVE-2022-3315 | Type Confusion vulnerability in Google Chrome Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-11-01 | CVE-2022-3304 | Unspecified vulnerability in Google Chrome Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-11-01 | CVE-2022-3370 | Use After Free vulnerability in Google Chrome Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-11-01 | CVE-2022-3373 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2022-10-28 | CVE-2022-3708 | Server-Side Request Forgery (SSRF) vulnerability in Google web Stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. | 8.1 |
| 2022-10-17 | CVE-2022-3421 | Improper Privilege Management vulnerability in Google Drive An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. | 7.3 |
| 2022-10-14 | CVE-2022-2985 | Missing Authorization vulnerability in Google Android 10.0/11.0 In music service, there is a missing permission check. | 7.8 |
| 2022-10-14 | CVE-2022-38669 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In soundrecorder service, there is a missing permission check. | 7.8 |