Vulnerabilities in Google

5,229 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2026-9979MEDIUMInsufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised tEPSS 0.1%CVE-2023-40079In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could leEPSS 0.1%CVE-2024-0048HIGHIn Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of nuEPSS 0.1%CVE-2023-40095In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. TEPSS 0.1%CVE-2023-40097In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead toEPSS 0.1%CVE-2024-0050HIGHIn getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could leadEPSS 0.1%CVE-2023-40091In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation EPSS 0.1%CVE-2023-21133MEDIUMIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission checkEPSS 0.1%CVE-2026-28575CRITICALIn PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a poEPSS 0.1%CVE-2023-21134MEDIUMIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission checkEPSS 0.1%CVE-2026-15108MEDIUMInteger overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious EPSS 0.1%CVE-2023-21140MEDIUMIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission checkEPSS 0.1%CVE-2026-8004MEDIUMInsufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a maEPSS 0.1%CVE-2024-25993HIGHIn tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalatioEPSS 0.1%CVE-2025-48621HIGHIn DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local EPSS 0.1%CVE-2026-10010MEDIUMInappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the EPSS 0.1%CVE-2023-21132MEDIUMIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission checkEPSS 0.1%CVE-2023-45773In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escEPSS 0.1%CVE-2025-0086MEDIUMIn onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could leaEPSS 0.1%CVE-2023-45775In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local eEPSS 0.1%