Vulnerabilities in Google
5,229 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-3935MEDIUMIncorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craftEPSS 0.2%CVE-2026-15120HIGHUse after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer procesEPSS 0.2%CVE-2026-5906MEDIUMIncorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the OEPSS 0.2%CVE-2026-15113CRITICALUse after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox esEPSS 0.2%CVE-2026-15122HIGHInsufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had cEPSS 0.2%CVE-2026-9903MEDIUMInsufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compEPSS 0.2%CVE-2026-12018HIGHInappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilEPSS 0.2%CVE-2024-47022MEDIUMAndroid before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.EPSS 0.2%CVE-2024-0033HIGHIn multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalationEPSS 0.2%CVE-2026-3930MEDIUMUnsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions vEPSS 0.2%CVE-2025-12446MEDIUMIncorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in speciEPSS 0.2%CVE-2026-8572LOWInsufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromisedEPSS 0.2%CVE-2025-12906MEDIUMInappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%CVE-2024-47020MEDIUMAndroid before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.EPSS 0.2%CVE-2018-9388HIGHIn store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or inEPSS 0.2%CVE-2026-11122MEDIUMInappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTEPSS 0.2%CVE-2026-11150MEDIUMInappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UEPSS 0.2%CVE-2026-8539MEDIUMScript injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts oEPSS 0.2%CVE-2026-8015MEDIUMInappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a craftedEPSS 0.2%CVE-2026-11186MEDIUMInappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UEPSS 0.2%