CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-25831 287 2022-04-11 2022-04-18
1.9
None Local Medium Not required Partial None None
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
2 CVE-2022-20230 20 2022-07-13 2022-07-26
1.9
None Local Medium Not required Partial None None
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869
3 CVE-2022-20217 863 2022-07-13 2022-07-20
0.0
None ??? ??? ??? ??? ??? ???
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
4 CVE-2022-20196 Bypass 2022-06-15 2022-06-24
1.9
None Local Medium Not required Partial None None
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148
5 CVE-2022-20195 502 DoS 2022-06-15 2022-06-24
1.9
None Local Medium Not required None None Partial
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664
6 CVE-2022-2481 416 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
7 CVE-2022-2480 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8 CVE-2022-2478 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9 CVE-2022-2477 416 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
10 CVE-2022-2415 787 Overflow 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11 CVE-2022-2399 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
12 CVE-2022-2295 843 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
13 CVE-2022-2294 787 Overflow 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 CVE-2022-2165 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
15 CVE-2022-2164 Bypass 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
16 CVE-2022-2163 416 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
17 CVE-2022-2161 416 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
18 CVE-2022-2158 843 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19 CVE-2022-2157 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
20 CVE-2022-2156 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
21 CVE-2022-2011 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
22 CVE-2022-2010 125 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
23 CVE-2022-2008 415 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
24 CVE-2022-2007 416 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
25 CVE-2022-1919 416 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
26 CVE-2022-1876 787 Overflow 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2022-1875 668 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
28 CVE-2022-1873 668 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
29 CVE-2022-1872 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
30 CVE-2022-1871 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.
31 CVE-2022-1870 416 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
32 CVE-2022-1869 843 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
33 CVE-2022-1868 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
34 CVE-2022-1867 20 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.
35 CVE-2022-1866 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
36 CVE-2022-1865 416 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
37 CVE-2022-1864 416 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
38 CVE-2022-1863 416 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
39 CVE-2022-1862 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.
40 CVE-2022-1861 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.
41 CVE-2022-1860 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.
42 CVE-2022-1859 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
43 CVE-2022-1858 125 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.
44 CVE-2022-1857 Bypass 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
45 CVE-2022-1856 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
46 CVE-2022-1855 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
47 CVE-2022-1854 416 2022-07-27 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
48 CVE-2022-1853 416 2022-07-27 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
49 CVE-2022-1799 2022-07-29 2022-08-05
0.0
None ??? ??? ??? ??? ??? ???
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.
50 CVE-2022-1640 416 2022-07-26 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Total number of vulnerabilities : 157   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.