Google Nearby vulnerabilities

CVE-2024-10668 [MEDIUM] CWE-434 CVE-2024-10668: There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type t There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes u

CVE-2024-38272 [HIGH] CWE-294 CVE-2024-38272: There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dia There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Shar

CVE-2024-38271 [MEDIUM] CWE-404 CVE-2024-38271: There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay con There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes