Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-20213 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. | 5.5 |
| 2023-01-26 | CVE-2022-20214 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. | 4.7 |
| 2023-01-26 | CVE-2022-20215 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. | 5.5 |
| 2023-01-26 | CVE-2022-20235 | Out-of-bounds Write vulnerability in Google Android The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. | 5.5 |
| 2023-01-26 | CVE-2022-20458 | Information Exposure Through Log Files vulnerability in Google Android 12.1 The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. | 5.5 |
| 2023-01-26 | CVE-2022-20494 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. | 5.5 |
| 2023-01-10 | CVE-2023-0130 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2023-01-10 | CVE-2023-0131 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. | 6.5 |
| 2023-01-10 | CVE-2023-0132 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. | 6.5 |
| 2023-01-10 | CVE-2023-0133 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. | 6.5 |