Vulnerabilidades em Google
5.202 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-8576HIGHUse after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a EPSS 0.3%CVE-2018-9466HIGHIn the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of priviEPSS 0.3%CVE-2023-2314—Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictionsEPSS 0.3%CVE-2026-14022MEDIUMInsufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised EPSS 0.3%CVE-2026-0897HIGHDenial of Service in Keras via Excessive Memory Allocation in HDF5 MetadataEPSS 0.3%CVE-2026-13810MEDIUMInappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensiEPSS 0.3%CVE-2026-13922MEDIUMSide-channel information leakage in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a EPSS 0.3%CVE-2018-9352MEDIUMIn ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote dEPSS 0.3%CVE-2026-13935MEDIUMSide-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.3%CVE-2026-13816MEDIUMInsufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leaEPSS 0.3%CVE-2026-14004MEDIUMInappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafteEPSS 0.3%CVE-2026-13790MEDIUMSide-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via aEPSS 0.3%CVE-2026-13799HIGHUse after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via maliciouEPSS 0.3%CVE-2023-48417—Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity ApplicationEPSS 0.3%CVE-2025-0437MEDIUMOut of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via aEPSS 0.3%CVE-2026-1669HIGHArbitrary File Read in Keras via HDF5 External DatasetsEPSS 0.3%CVE-2026-13900MEDIUMInappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendereEPSS 0.3%CVE-2026-13829HIGHInsufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had EPSS 0.3%CVE-2026-13834HIGHInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised thEPSS 0.3%CVE-2025-0093HIGHIn handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lEPSS 0.3%