Vulnerabilities in Google

5,202 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2023-6181An oversight in BCB handling of reboot reason that allows for persistent code executionEPSS 0.4%CVE-2023-48425CRITICALU-Boot vulnerability resulting in persistent Code Execution EPSS 0.4%CVE-2026-6303HIGHUse after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via aEPSS 0.4%CVE-2023-4860CRITICALInappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer procEPSS 0.4%CVE-2018-9479CRITICALIn process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds chEPSS 0.4%CVE-2018-9478CRITICALIn process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds chEPSS 0.4%CVE-2026-9884HIGHUse after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted EPSS 0.4%CVE-2024-43767HIGHIn prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could leaEPSS 0.4%CVE-2025-0996MEDIUMInappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contentEPSS 0.4%CVE-2024-27229HIGHIn ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lEPSS 0.4%CVE-2024-3838MEDIUMInappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicEPSS 0.4%CVE-2022-3048MEDIUMInappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypassEPSS 0.4%CVE-2024-23717CRITICALIn access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validatiEPSS 0.4%CVE-2024-7004MEDIUMInsufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced EPSS 0.4%CVE-2026-13779HIGHUse after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malEPSS 0.4%CVE-2026-9114HIGHUse after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via EPSS 0.4%CVE-2026-6307HIGHType Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox viaEPSS 0.4%CVE-2024-6996LOWRace in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to pEPSS 0.4%CVE-2023-21347In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with noEPSS 0.4%CVE-2024-3174HIGHInappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruptiEPSS 0.4%