Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-37997 Use After Free vulnerability in Google Chrome
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
network
google CWE-416
6.8
2021-11-23 CVE-2021-37998 Use After Free vulnerability in Google Chrome
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
google CWE-416
6.8
2021-11-23 CVE-2021-37999 Cross-site Scripting vulnerability in Google Chrome
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
network
google CWE-79
4.3
2021-11-23 CVE-2021-38000 Improper Input Validation vulnerability in Google Chrome
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
network
google CWE-20
5.8
2021-11-23 CVE-2021-38001 Type Confusion vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
google CWE-843
6.8
2021-11-23 CVE-2021-38002 Use After Free vulnerability in Google Chrome
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
google CWE-416
6.8
2021-11-23 CVE-2021-38003 Out-of-bounds Write vulnerability in Google Chrome
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
google CWE-787
6.8
2021-11-23 CVE-2021-38004 Exposure of Resource to Wrong Sphere vulnerability in Google Chrome
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
google CWE-668
4.3
2021-11-18 CVE-2021-0655 Improper Privilege Management vulnerability in Google Android 10.0/11.0
In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check.
local
low complexity
google CWE-269
4.6
2021-11-18 CVE-2021-0656 Use After Free vulnerability in Google Android 10.0/11.0
In edma driver, there is a possible memory corruption due to a use after free.
local
low complexity
google CWE-416
4.6