Vulnerabilities in Google

5,202 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2024-7246MEDIUMHPACK table poisoning in gRPC C++, Python & RubyEPSS 0.2%CVE-2026-11670HIGHUse after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crEPSS 0.2%CVE-2026-7903HIGHInteger overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruEPSS 0.2%CVE-2026-14399MEDIUMUninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information fromEPSS 0.2%CVE-2026-9115MEDIUMInsufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origiEPSS 0.2%CVE-2023-7282MEDIUMInappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2026-13908MEDIUMInsufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convincedEPSS 0.2%CVE-2024-10604MEDIUMIdentifiable Header Values In Fuchsia Leading To Tracking of The UserEPSS 0.2%CVE-2026-7992HIGHInsufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who coEPSS 0.2%CVE-2023-40129In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proEPSS 0.2%CVE-2026-7995HIGHOut of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox EPSS 0.2%CVE-2026-9877HIGHUse after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potenEPSS 0.2%CVE-2026-2323MEDIUMInappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-7991HIGHUse after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute aEPSS 0.2%CVE-2025-8582MEDIUMInsufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents oEPSS 0.2%CVE-2025-11216MEDIUMInappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing EPSS 0.2%CVE-2026-12467HIGHUse after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to EPSS 0.2%CVE-2026-11647HIGHUse after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer prEPSS 0.2%CVE-2026-9936HIGHUse after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to EPSS 0.2%CVE-2026-7963HIGHInappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendEPSS 0.2%