Vulnerabilities in Google
5,229 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-11692HIGHUse after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process EPSS 0.2%CVE-2026-11700HIGHUse after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potEPSS 0.2%CVE-2026-11679HIGHUse after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer procEPSS 0.2%CVE-2026-8001HIGHUse After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2024-32893HIGHIn _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local informatEPSS 0.2%CVE-2026-9997HIGHUse after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potenEPSS 0.2%CVE-2026-0903MEDIUMInappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous fEPSS 0.2%CVE-2025-12434MEDIUMRace in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gEPSS 0.2%CVE-2026-11701MEDIUMInappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%CVE-2023-21286—In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead tEPSS 0.2%CVE-2025-12908MEDIUMInsufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perfEPSS 0.2%CVE-2026-7933MEDIUMOut of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read viEPSS 0.2%CVE-2026-0140MEDIUMIn RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosEPSS 0.2%CVE-2023-6339CRITICALGoogle Nest WiFi Pro root code-execution & user-data compromiseEPSS 0.2%CVE-2025-24959LOWEnvironment Variable Injection for dotenv API in zxEPSS 0.2%CVE-2026-13281HIGHInteger overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to poteEPSS 0.2%CVE-2026-3942MEDIUMIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-11247LOWInsufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-oriEPSS 0.2%CVE-2026-11695MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2025-6557MEDIUMInsufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user tEPSS 0.2%