Vulnerabilities in Google

5,202 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2019-5872Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a craftedEPSS 0.7%CVE-2019-13674IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via aEPSS 0.7%CVE-2023-1214HIGHType confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted EPSS 0.7%CVE-2023-0930HIGHHeap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via EPSS 0.7%CVE-2024-5494HIGHUse after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a craftEPSS 0.7%CVE-2022-4181Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a craftEPSS 0.7%CVE-2023-4785HIGHDenial of Service in gRPC CoreEPSS 0.7%CVE-2022-3885HIGHUse after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a craftedEPSS 0.7%CVE-2023-3598Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruptiEPSS 0.7%CVE-2023-4368Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to instalEPSS 0.7%CVE-2022-0798Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extensiEPSS 0.7%CVE-2023-4902Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HEPSS 0.7%CVE-2022-1860Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engaEPSS 0.7%CVE-2023-4907Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UEPSS 0.7%CVE-2023-4903Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof secEPSS 0.7%CVE-2023-4900Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permEPSS 0.7%CVE-2022-1861Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in spEPSS 0.7%CVE-2022-4193Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system rEPSS 0.7%CVE-2022-4190Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictioEPSS 0.7%CVE-2022-3055HIGHUse after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI EPSS 0.7%