Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-19 CVE-2024-32928 The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
network
high complexity
google haxx
5.9
2024-08-15 CVE-2024-34742 Unspecified vulnerability in Google Android 14.0
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code.
local
low complexity
google
5.5
2024-08-06 CVE-2024-6995 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google
4.7
2024-08-06 CVE-2024-6999 Unspecified vulnerability in Google Chrome
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-08-06 CVE-2024-7001 Unspecified vulnerability in Google Chrome
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-08-06 CVE-2024-7003 Unspecified vulnerability in Google Chrome
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
low complexity
google
4.3
2024-08-06 CVE-2024-7004 Unspecified vulnerability in Google Chrome
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file.
network
low complexity
google
4.3
2024-08-06 CVE-2024-7005 Unspecified vulnerability in Google Chrome
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file.
network
low complexity
google
4.3
2024-07-16 CVE-2020-36765 Unspecified vulnerability in Google Chrome
Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google
6.5
2024-07-16 CVE-2023-7013 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page.
network
low complexity
google CWE-1021
4.7