Vulnerabilities in Google
5,202 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-13786HIGHUse after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page.EPSS 0.4%CVE-2026-3537HIGHObject lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap EPSS 0.4%CVE-2024-9957HIGHUse after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI EPSS 0.4%CVE-2026-3915HIGHHeap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via EPSS 0.4%CVE-2024-9961HIGHUse after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in EPSS 0.4%CVE-2024-0015HIGHIn convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. EPSS 0.4%CVE-2024-8194HIGHType Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a craftedEPSS 0.4%CVE-2025-0612HIGHOut of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption EPSS 0.4%CVE-2025-0441MEDIUMInappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitEPSS 0.4%CVE-2025-0716MEDIUMAngularJS improper sanitization in SVG '<image>' elementEPSS 0.4%CVE-2025-4609CRITICALIncorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attackerEPSS 0.4%CVE-2026-10896HIGHUse after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crEPSS 0.4%CVE-2025-22408CRITICALIn rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote EPSS 0.4%CVE-2026-11720CRITICALPath Traversal in googleapis/mcp-toolbox HTTP Tool URL BuilderEPSS 0.4%CVE-2025-22403CRITICALIn sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could leaEPSS 0.4%CVE-2026-10946HIGHHeap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UEPSS 0.4%CVE-2026-10885HIGHUse after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crEPSS 0.4%CVE-2022-4910—Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictionsEPSS 0.4%CVE-2023-21353—In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additEPSS 0.4%CVE-2023-48425CRITICALU-Boot vulnerability resulting in persistent Code Execution EPSS 0.4%