Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-7975 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-7976 | Unspecified vulnerability in Google Chrome Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-7978 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-7981 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-8033 | Unspecified vulnerability in Google Chrome Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-8034 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-21 | CVE-2024-8035 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-08-19 | CVE-2024-32928 | The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | 5.9 |
| 2024-08-06 | CVE-2024-6995 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.7 |
| 2024-08-06 | CVE-2024-6999 | Unspecified vulnerability in Google Chrome Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 4.3 |