Vulnerabilities in Google

5,229 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2025-22433HIGHIn canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work ProfEPSS 0.1%CVE-2026-11297HIGHInsufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypEPSS 0.1%CVE-2023-21299In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel informaEPSS 0.1%CVE-2026-0013HIGHIn setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This couldEPSS 0.1%CVE-2023-40100HIGHIn discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalEPSS 0.1%CVE-2024-34737HIGHIn ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip wEPSS 0.1%CVE-2023-21300In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel informatEPSS 0.1%CVE-2023-40137In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead EPSS 0.1%CVE-2023-21145In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in tEPSS 0.1%CVE-2025-26455HIGHIn multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local EPSS 0.1%CVE-2025-26425MEDIUMIn multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This couEPSS 0.1%CVE-2023-21229In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PenEPSS 0.1%CVE-2025-48639HIGHIn DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. ThiEPSS 0.1%CVE-2025-48630HIGHIn drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. TEPSS 0.1%CVE-2025-48590MEDIUMIn verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limiEPSS 0.1%CVE-2024-27226HIGHIn tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of EPSS 0.1%CVE-2024-32908HIGHIn sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of priviEPSS 0.1%CVE-2024-27236HIGHIn aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilegEPSS 0.1%CVE-2023-21239In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could leEPSS 0.1%CVE-2018-9367HIGHIn FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. TEPSS 0.1%