CVE-2025-0996

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

CVE-2025-0996

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

CVE-2025-21253

CVE-2025-21253 affects Microsoft Edge for iOS and Android. A spoofing vulnerability is described, arising from UI handling errors that could mislead users. The CVE has a MEDIUM base score (CVSSv3.1: 5.3; Network attack vector, no user interaction required, low attack complexity) per the provided ...

CVE-2025-20899

Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information...

CVE-2025-20897

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder...

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 CVSS score: 7.8, which has been described as a case of privilege escalation in a kernel...

CVE-2024-36437

The vulnerability CVE-2024-36437 affects TextNow: Call + Text Unlimited for Android (version 24.17.0.2). A crafted Intent sent to the DialerActivity component (com.enflick.android.TextNow.activities.DialerActivity) can be issued by any installed app with no permissions, allowing a call to be plac...

Android Security Bulletin-February 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is due to a logic error in the code. An attacker can exploit the vulnerability to elevate privileges...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a logic error in multiple locations. An attacker can exploit the vulnerability to cause a local privilege escalation...

Google Android wbrc_bt_dev_write function out-of-bounds write vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of bounds checking in the wbrcbtdevwrite function of the wbregoncoordinator.c file, which can be exploited by an attacker to cause an...

CVE-2025-0435

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2025-0435

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

Google Android resizeToAtLeast elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from an integer overflow in the resizeToAtLeast function of the SkRegion.cpp file, which may be subject to out-of-bounds writes. A local attacker can exploit th...

CVE-2024-53931

The CVE-2024-53931 issue affects the Android app com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) up to version 1.1. The vulnerability arises from a crafted Intent targeting com.glitter.caller.screen.DialerActivity that allows any application (no permissions required) to place phone...

CVE-2024-53933

CVE-2024-53933 affects the Android app com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) up to version 1.0.7. The flaw allows any application (no permissions required) to initiate phone calls without user interaction by sending a crafted intent to the DialerActivit...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that stems from a possible biometric bypass. No details of the vulnerability are provided at this time...

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at...

CVE-2024-49057

CVE-2024-49057 affects Microsoft Defender for Endpoint on Android. The issue is due to insufficient input validation in the Defender Android component, enabling remote spoofing by an attacker. CVSS v3.1 base score 8.1 (HIGH); impacts: confidentiality and integrity HIGH, availability NONE. No fix ...

Pixel Update Bulletin—December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-12-05 or later address all issues in this bulletin and all issues in the December 2024 Android...