Vulnerabilities in Google
5,229 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-0083CRITICALIn Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privileEPSS 0.1%CVE-2023-6460MEDIUMInformation leak in nodejs-firestoreEPSS 0.1%CVE-2026-8008MEDIUMInappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicEPSS 0.1%CVE-2026-11157MEDIUMScript injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious exEPSS 0.1%CVE-2023-40098—In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic erroEPSS 0.1%CVE-2026-13927HIGHInsufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privEPSS 0.1%CVE-2021-30605—Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects EPSS 0.1%CVE-2026-8009MEDIUMInappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer procEPSS 0.1%CVE-2024-27223MEDIUMIn EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check.EPSS 0.1%CVE-2026-13863HIGHInsufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perfEPSS 0.1%CVE-2025-32330MEDIUMIn generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecuEPSS 0.1%CVE-2023-45780HIGHIn Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of prEPSS 0.1%CVE-2026-7932MEDIUMInsufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictiEPSS 0.1%CVE-2023-21351HIGHIn multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation EPSS 0.1%CVE-2024-0035HIGHIn onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null checkEPSS 0.1%CVE-2025-5009LOWInformation Disclosure in Gemini iOS AppEPSS 0.1%CVE-2024-40671HIGHIn DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission cheEPSS 0.1%CVE-2024-0053LOWIn getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This coulEPSS 0.1%CVE-2025-48618MEDIUMIn processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. TEPSS 0.1%CVE-2024-0034HIGHIn BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This couldEPSS 0.1%