Vulnerabilities in Google
5,202 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2019-13690CRITICALInappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilegEPSS 0.4%CVE-2026-7336HIGHUse after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via aEPSS 0.4%CVE-2023-1228HIGHInsufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigationEPSS 0.4%CVE-2018-20069—Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attackeEPSS 0.4%CVE-2023-48397—In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote informatEPSS 0.4%CVE-2023-48413—In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote informatiEPSS 0.4%CVE-2024-7976MEDIUMInappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a craftedEPSS 0.4%CVE-2024-9120HIGHUse after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption vEPSS 0.4%CVE-2024-0333MEDIUMInsufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to EPSS 0.4%CVE-2022-3071HIGHUse after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to eEPSS 0.4%CVE-2025-11756HIGHUse after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process EPSS 0.4%CVE-2024-8636HIGHHeap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via aEPSS 0.4%CVE-2023-35646—In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no addEPSS 0.4%CVE-2026-12466HIGHHeap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via aEPSS 0.4%CVE-2022-3863MEDIUMUse after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption vEPSS 0.4%CVE-2023-35662—there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privilEPSS 0.4%CVE-2026-10910HIGHType Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafEPSS 0.4%CVE-2024-9859HIGHType confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTMEPSS 0.4%CVE-2024-8906MEDIUMIncorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in speciEPSS 0.4%CVE-2022-2608—Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engagEPSS 0.4%