Gmail vulnerabilities

Showing 1 - 4 of 4 CVEs

  1. CVE-2026-2441 Published Feb 13, 2026

    Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  2. CVE-2025-15464 Published Jan 8, 2026

    Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

  3. CVE-2025-46059 Published Jul 29, 2025

    langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices.

  4. CVE-2025-5098 Published May 23, 2025

    PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.