Vulnerabilities in google

5,229 results
CVE-2025-6044MEDIUMAn Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices aEPSS 0.1%CVE-2024-31328HIGHIn broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on thEPSS 0.1%CVE-2023-40075In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. EPSS 0.1%CVE-2024-34723MEDIUMIn onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logiEPSS 0.1%CVE-2024-0036HIGHIn startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities fEPSS 0.1%CVE-2025-48580HIGHIn connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a lEPSS 0.1%CVE-2024-0037LOWIn applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission cEPSS 0.1%CVE-2026-28587CRITICALIn MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This EPSS 0.1%CVE-2025-48650HIGHIn multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege witEPSS 0.1%CVE-2026-0059HIGHIn multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead EPSS 0.1%CVE-2024-34719HIGHIn multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege EPSS 0.1%CVE-2024-40660HIGHIn setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the codEPSS 0.1%CVE-2024-34747HIGHIn DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local eEPSS 0.1%CVE-2026-13914MEDIUMInappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensEPSS 0.1%CVE-2023-21266HIGHIn multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. EPSS 0.1%CVE-2026-0011HIGHIn enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the codeEPSS 0.1%CVE-2021-39810HIGHIn verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app withEPSS 0.1%CVE-2024-43087HIGHIn getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in tEPSS 0.1%CVE-2026-7990HIGHInsufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to performEPSS 0.1%CVE-2024-31310HIGHIn newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill EPSS 0.1%