Vulnerabilities in Google
5,229 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-36889MEDIUMIn onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local informatioEPSS 0.1%CVE-2025-22442HIGHIn multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created EPSS 0.1%CVE-2026-0112HIGHIn vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilegEPSS 0.1%CVE-2025-48575HIGHIn multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead toEPSS 0.1%CVE-2026-0158LOWIn Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disEPSS 0.1%CVE-2025-48625HIGHIn multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a raceEPSS 0.1%CVE-2026-0094HIGHIn getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to mislEPSS 0.1%CVE-2026-0121LOWIn VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional EPSS 0.1%CVE-2025-36916HIGHIn PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalatioEPSS 0.1%