Vulnerabilidades en Google

5229 resultados
Análisis Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2024-27208HIGHthere is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional eEPSS 0.1%CVE-2026-9989MEDIUMInappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a EPSS 0.1%CVE-2026-0029HIGHIn __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of EPSS 0.1%CVE-2024-27219HIGHIn tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilEPSS 0.1%CVE-2024-27204HIGHIn tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation oEPSS 0.1%CVE-2026-0095HIGHIn l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process duEPSS 0.1%CVE-2024-0025HIGHIn sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to EPSS 0.1%CVE-2024-0020MEDIUMIn onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a EPSS 0.1%CVE-2024-31325HIGHIn multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to localEPSS 0.1%CVE-2025-32327HIGHIn multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local esEPSS 0.1%CVE-2026-11072HIGHUse after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a maliciEPSS 0.1%CVE-2024-56188MEDIUMthere is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execuEPSS 0.1%CVE-2024-23698HIGHIn RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to lEPSS 0.1%CVE-2023-2626HIGHAuthentication Bypass in OpenThread Boarder Router devicesEPSS 0.1%CVE-2018-9389MEDIUMIn ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to locaEPSS 0.1%CVE-2026-10998MEDIUMOut of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of boEPSS 0.1%CVE-2025-26427MEDIUMIn multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privileEPSS 0.1%CVE-2024-31318HIGHIn CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permissioEPSS 0.1%CVE-2024-40658HIGHIn getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to EPSS 0.1%CVE-2023-48421HIGHIn gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possiblEPSS 0.1%