Vulnerabilities in Google
5,202 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-11152CRITICALObject lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape viaEPSS 0.2%CVE-2026-11041HIGHInsufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had comEPSS 0.2%CVE-2026-11272HIGHInsufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convEPSS 0.2%CVE-2026-11163CRITICALUse after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escEPSS 0.2%CVE-2025-36904CRITICALWLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.EPSS 0.2%CVE-2026-11119CRITICALInappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renEPSS 0.2%CVE-2025-36896CRITICALWLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.EPSS 0.2%CVE-2026-10021HIGHInsufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary coEPSS 0.2%CVE-2026-11114CRITICALUse after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-11202HIGHInappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perfoEPSS 0.2%CVE-2026-11094CRITICALUse after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proceEPSS 0.2%CVE-2026-14093CRITICALUse after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentiEPSS 0.2%CVE-2026-6364MEDIUMOut of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information frEPSS 0.2%CVE-2026-8519HIGHInteger overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory wEPSS 0.2%CVE-2026-8511CRITICALUse after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafteEPSS 0.2%CVE-2026-14095CRITICALInsufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2026-11124HIGHInteger overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafEPSS 0.2%CVE-2026-11172HIGHIncorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing EPSS 0.2%CVE-2026-11131CRITICALUse after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-11175HIGHIncorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a EPSS 0.2%