Severity
High
Analysis Summary
CVE-2025-2476 CVSS:8.8
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-56191 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by an integer overflow in dhd_process_full_gscan_result of dhd_pno.c.
CVE-2024-56192 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write due to a missing bounds check in wl_notify_gscan_event of wl_cfgscan.c.
CVE-2024-56187 CVSS:8.2
Google Android could allow a local authenticated attacker to obtain sensitive information, caused by arbitrary read from TEE memory due to a logic error in the code in ppcfw_deny_sec_dram_access of ppcfw.c.
CVE-2024-56188 CVSS:7.5
Google Android is vulnerable to a denial of service, caused by a modem crash due to a missing null check.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2025-2476
CVE-2024-56191
CVE-2024-56192
CVE-2024-56187
CVE-2024-56188
Affected Vendors
Affected Products
- Google Android
- Google Chrome - 134.0
Remediation
Upgrade to the latest version, available from the Google Website.