Vulnerabilities in Google
5,202 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-9999HIGHInappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inEPSS 0.2%CVE-2026-12012HIGHUse after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploEPSS 0.2%CVE-2026-11658MEDIUMInsufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromiEPSS 0.2%CVE-2026-2318MEDIUMInappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to eEPSS 0.2%CVE-2026-2316MEDIUMInsufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-7969MEDIUMInteger overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to byEPSS 0.2%CVE-2026-12020HIGHUse after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption EPSS 0.2%CVE-2026-13882CRITICALRace in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perforEPSS 0.2%CVE-2026-1504MEDIUMInappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-originEPSS 0.2%CVE-2026-11306HIGHUse after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a EPSS 0.2%CVE-2026-10008MEDIUMUninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive inforEPSS 0.2%CVE-2026-14402MEDIUMUninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive infoEPSS 0.2%CVE-2026-14408MEDIUMUninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information fromEPSS 0.2%CVE-2026-7908CRITICALUse after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via aEPSS 0.2%CVE-2025-12438HIGHUse after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit objecEPSS 0.2%CVE-2025-14372MEDIUMUse after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escapEPSS 0.2%CVE-2026-12027CRITICALInappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendererEPSS 0.2%CVE-2018-9349MEDIUMIn mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no aEPSS 0.2%CVE-2026-7973HIGHInteger overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escapEPSS 0.2%CVE-2026-9958HIGHUse after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.2%