Vulnerabilities in Google
5,229 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-48602HIGHIn exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic erroEPSS 0.1%CVE-2025-48567HIGHIn multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrecEPSS 0.1%CVE-2025-48605HIGHIn multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead EPSS 0.1%CVE-2023-48405—there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of EPSS 0.1%CVE-2023-21283—In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead tEPSS 0.1%CVE-2023-48414—In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privEPSS 0.1%CVE-2026-12449HIGHUse after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escaEPSS 0.1%CVE-2026-13844HIGHUse after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalatiEPSS 0.1%CVE-2024-31337HIGHIn PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to localEPSS 0.1%CVE-2026-13827HIGHUse after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a maliEPSS 0.1%CVE-2026-7994HIGHInappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level pEPSS 0.1%CVE-2024-34720HIGHIn com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible EPSS 0.1%CVE-2025-48549HIGHIn multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to loEPSS 0.1%CVE-2024-34721MEDIUMIn ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. EPSS 0.1%CVE-2023-21243—In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due EPSS 0.1%CVE-2024-34731HIGHIn multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to loEPSS 0.1%CVE-2018-9486MEDIUMIn hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local inforEPSS 0.1%CVE-2024-49722MEDIUMIn showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to EPSS 0.1%CVE-2023-21256—In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. ThisEPSS 0.1%CVE-2025-48582HIGHIn multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. ThiEPSS 0.1%