Vulnerabilidades en Google

5202 resultados
Análisis Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2020-8923MEDIUMXSS in DartEPSS 0.3%CVE-2026-13817HIGHInsufficient validation of untrusted input in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform EPSS 0.3%CVE-2026-14149HIGHUse after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HEPSS 0.3%CVE-2026-13920CRITICALInsufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had comEPSS 0.3%CVE-2026-13938HIGHInteger overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a cEPSS 0.3%CVE-2026-10930HIGHOut of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory readEPSS 0.3%CVE-2025-26438HIGHIn smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementatioEPSS 0.3%CVE-2025-8292HIGHUse after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption viaEPSS 0.3%CVE-2026-0906CRITICALIncorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (UREPSS 0.3%CVE-2026-13781CRITICALInsufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised theEPSS 0.3%CVE-2026-13783CRITICALUse after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestEPSS 0.3%CVE-2026-11650HIGHUse after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a craEPSS 0.3%CVE-2023-48424CRITICALU-Boot shell vulnerability resulting in Privilege escalation in a production deviceEPSS 0.3%CVE-2026-13780CRITICALInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2025-11460HIGHUse after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video fiEPSS 0.3%CVE-2026-13775CRITICALUse after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentiaEPSS 0.3%CVE-2026-13784CRITICALUse after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestEPSS 0.3%CVE-2026-13785CRITICALUse after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in speciEPSS 0.3%CVE-2026-0908HIGHUse after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a craftEPSS 0.3%CVE-2026-11649HIGHUse after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a craEPSS 0.3%